Analysis Overview
SHA256
00bf1371b9708243ecf2c205ea970197c2d54ad95a6dc7672bd23133c5d158a4
Threat Level: Known bad
The file file_v9.zip was found to be: Known bad.
Malicious Activity Summary
Amadey
RedLine payload
SmokeLoader
RisePro
Djvu Ransomware
Detected Djvu ransomware
Stealc
Detect ZGRat V1
ZGRat
RedLine
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Modifies Windows Firewall
Stops running service(s)
Creates new service(s)
Downloads MZ/PE file
Themida packer
Modifies file permissions
Reads user/profile data of web browsers
Unexpected DNS network traffic destination
Checks BIOS information in registry
Checks computer location settings
Looks up external IP address via web service
Checks whether UAC is enabled
Legitimate hosting services abused for malware hosting/C2
Drops file in System32 directory
Suspicious use of NtSetInformationThreadHideFromDebugger
Launches sc.exe
Program crash
Unsigned PE
Modifies system certificate store
Suspicious use of WriteProcessMemory
Delays execution with timeout.exe
Suspicious behavior: EnumeratesProcesses
Creates scheduled task(s)
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-01-23 12:13
Signatures
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-01-23 12:11
Reported
2024-01-23 12:18
Platform
win10v2004-20231215-en
Max time kernel
154s
Max time network
177s
Command Line
Signatures
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1808 wrote to memory of 1876 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1808 wrote to memory of 1876 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1808 wrote to memory of 1876 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\prom\1.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\prom\1.dll,#1
Network
| Country | Destination | Domain | Proto |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.181.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.166.122.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.16.208.104.in-addr.arpa | udp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-01-23 12:11
Reported
2024-01-23 12:18
Platform
win10v2004-20231215-en
Max time kernel
122s
Max time network
162s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\prom\123.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 138.91.171.81:80 | tcp | |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.223.142.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.178.89.13.in-addr.arpa | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-01-23 12:11
Reported
2024-01-23 12:18
Platform
win7-20231215-en
Max time kernel
121s
Max time network
130s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\prom\ResIL.dll,#1
Network
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-01-23 12:11
Reported
2024-01-23 12:18
Platform
win10v2004-20231222-en
Max time kernel
143s
Max time network
146s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\prom\lgc_api.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.181.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.166.122.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.193.132.51.in-addr.arpa | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-01-23 12:11
Reported
2024-01-23 12:18
Platform
win7-20231215-en
Max time kernel
118s
Max time network
129s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\prom\123.dll,#1
Network
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-01-23 12:11
Reported
2024-01-23 12:18
Platform
win10v2004-20231222-en
Max time kernel
18s
Max time network
156s
Command Line
Signatures
Amadey
Detect ZGRat V1
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detected Djvu ransomware
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Djvu Ransomware
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
SmokeLoader
Stealc
ZGRat
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
Creates new service(s)
Downloads MZ/PE file
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\System32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\System32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\System32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Stops running service(s)
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Reads user/profile data of web browsers
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Unexpected DNS network traffic destination
| Description | Indicator | Process | Target |
| Destination IP | 141.98.234.31 | N/A | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.myip.com | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | api.myip.com | N/A | N/A |
| N/A | api.myip.com | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\GroupPolicy\GPT.INI | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy\gpt.ini | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| File created | C:\Windows\System32\GroupPolicy\Machine\Registry.pol | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
Program crash
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\setup.exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
C:\Users\Admin\Documents\GuardFox\raHvPX_M18PnQ4JVL8Ke7B9I.exe
"C:\Users\Admin\Documents\GuardFox\raHvPX_M18PnQ4JVL8Ke7B9I.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 772 -ip 772
C:\Users\Admin\AppData\Local\Temp\is-JOONE.tmp\LisIvn9B0eWX39XfGBxbdtul.tmp
"C:\Users\Admin\AppData\Local\Temp\is-JOONE.tmp\LisIvn9B0eWX39XfGBxbdtul.tmp" /SL5="$60222,4079855,54272,C:\Users\Admin\Documents\GuardFox\LisIvn9B0eWX39XfGBxbdtul.exe"
C:\Users\Admin\Documents\GuardFox\MHSgYdsltabeUcSs5kmRsv0T.exe
"C:\Users\Admin\Documents\GuardFox\MHSgYdsltabeUcSs5kmRsv0T.exe"
C:\Users\Admin\Documents\GuardFox\LIFxed9heHkZ445Vw5ffhUOd.exe
"C:\Users\Admin\Documents\GuardFox\LIFxed9heHkZ445Vw5ffhUOd.exe"
C:\Users\Admin\Documents\GuardFox\B9ZfLXHjLJO8ElGDIFov6Qgl.exe
"C:\Users\Admin\Documents\GuardFox\B9ZfLXHjLJO8ElGDIFov6Qgl.exe"
C:\Users\Admin\Documents\GuardFox\46_sXXY7I21SlDL7QjacEu88.exe
"C:\Users\Admin\Documents\GuardFox\46_sXXY7I21SlDL7QjacEu88.exe"
C:\Users\Admin\Documents\GuardFox\0JDbJzWFF1BzKfWUVTIKTIwM.exe
"C:\Users\Admin\Documents\GuardFox\0JDbJzWFF1BzKfWUVTIKTIwM.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 340
C:\Users\Admin\Documents\GuardFox\nPvDO4HoS_AqQU2l3rVMl0pH.exe
"C:\Users\Admin\Documents\GuardFox\nPvDO4HoS_AqQU2l3rVMl0pH.exe"
C:\Users\Admin\Documents\GuardFox\tzQDaFN9XwE9nJsYRLnotvlR.exe
"C:\Users\Admin\Documents\GuardFox\tzQDaFN9XwE9nJsYRLnotvlR.exe"
C:\Users\Admin\Documents\GuardFox\ckcSON1nq9KzLkUObHcFavDh.exe
"C:\Users\Admin\Documents\GuardFox\ckcSON1nq9KzLkUObHcFavDh.exe"
C:\Users\Admin\Documents\GuardFox\KK0Vvbx4i9pQ519SIuE5Ax9M.exe
"C:\Users\Admin\Documents\GuardFox\KK0Vvbx4i9pQ519SIuE5Ax9M.exe"
C:\Users\Admin\Documents\GuardFox\46_sXXY7I21SlDL7QjacEu88.exe
"C:\Users\Admin\Documents\GuardFox\46_sXXY7I21SlDL7QjacEu88.exe"
C:\Users\Admin\Documents\GuardFox\vUZBOtp6mXHWVIfMH4c0FtLr.exe
"C:\Users\Admin\Documents\GuardFox\vUZBOtp6mXHWVIfMH4c0FtLr.exe"
C:\Users\Admin\AppData\Local\Web Resource Viewer\webresourceviewer.exe
"C:\Users\Admin\AppData\Local\Web Resource Viewer\webresourceviewer.exe" -s
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\WinTrackerSP\WinTrackerSP.exe" /tn "WinTrackerSP HR" /sc HOURLY /rl HIGHEST
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\Y8wSG2.CPL",
C:\Windows\SysWOW64\dialer.exe
"C:\Windows\system32\dialer.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 5016 -ip 5016
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\WinTrackerSP\WinTrackerSP.exe" /tn "WinTrackerSP LG" /sc ONLOGON /rl HIGHEST
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 520
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Users\Admin\AppData\Local\55680516-f187-40aa-8738-24923637814b" /deny *S-1-1-0:(OI)(CI)(DE,DC)
C:\Users\Admin\Documents\GuardFox\jxXiOgogI8vV1byOdAIl_gx5.exe
"C:\Users\Admin\Documents\GuardFox\jxXiOgogI8vV1byOdAIl_gx5.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN jxXiOgogI8vV1byOdAIl_gx5.exe /TR "C:\Users\Admin\Documents\GuardFox\jxXiOgogI8vV1byOdAIl_gx5.exe" /F
C:\Users\Admin\Documents\GuardFox\qemu-ga.exe
"C:\Users\Admin\Documents\GuardFox\qemu-ga.exe"
C:\Windows\System32\netsh.exe
"C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="SvcHostX" dir=in action=allow program="C:\Windows\System\svchost.exe" enable=yes
C:\Windows\SysWOW64\control.exe
"C:\Windows\System32\control.exe" "C:\Users\Admin\AppData\Local\Temp\Y8wSG2.CPL",
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath c:\windows\
C:\Windows\System32\netsh.exe
"C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="SvcHostX" dir=out action=allow program="C:\Windows\System\svchost.exe" enable=yes
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath \\?\C:\Windows \
C:\Users\Admin\AppData\Local\Web Resource Viewer\webresourceviewer.exe
"C:\Users\Admin\AppData\Local\Web Resource Viewer\webresourceviewer.exe" -i
C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe
"C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe"
C:\Users\Admin\Documents\GuardFox\R08uTl2rhKjiEbQkYXCuC1Dj.exe
"C:\Users\Admin\Documents\GuardFox\R08uTl2rhKjiEbQkYXCuC1Dj.exe"
C:\Users\Admin\Documents\GuardFox\XR0YIbtqmyEEIPi760UciSol.exe
"C:\Users\Admin\Documents\GuardFox\XR0YIbtqmyEEIPi760UciSol.exe"
C:\Users\Admin\Documents\GuardFox\4trEFsYYFs6Jme3QwUfvUobC.exe
"C:\Users\Admin\Documents\GuardFox\4trEFsYYFs6Jme3QwUfvUobC.exe"
C:\Users\Admin\Documents\GuardFox\OeqTok3crnjqes83Oeiqup5y.exe
"C:\Users\Admin\Documents\GuardFox\OeqTok3crnjqes83Oeiqup5y.exe"
C:\Users\Admin\Documents\GuardFox\LisIvn9B0eWX39XfGBxbdtul.exe
"C:\Users\Admin\Documents\GuardFox\LisIvn9B0eWX39XfGBxbdtul.exe"
C:\Users\Admin\Documents\GuardFox\Am8DGNpJ8zKJ3vxaxMrNPrK2.exe
"C:\Users\Admin\Documents\GuardFox\Am8DGNpJ8zKJ3vxaxMrNPrK2.exe"
C:\Users\Admin\Documents\GuardFox\QCBuhoR0_O5gO9EbQFahIqBy.exe
"C:\Users\Admin\Documents\GuardFox\QCBuhoR0_O5gO9EbQFahIqBy.exe"
C:\Users\Admin\Documents\GuardFox\3860sw0VMSmL9vdt9w4gL0z7.exe
"C:\Users\Admin\Documents\GuardFox\3860sw0VMSmL9vdt9w4gL0z7.exe"
C:\Users\Admin\Documents\GuardFox\qV9mEjhKIBcQ7TuES_j_hidT.exe
"C:\Users\Admin\Documents\GuardFox\qV9mEjhKIBcQ7TuES_j_hidT.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 5300 -ip 5300
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 372
C:\Users\Admin\AppData\Local\Temp\1000114001\InstallSetup8.exe
"C:\Users\Admin\AppData\Local\Temp\1000114001\InstallSetup8.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 5300 -ip 5300
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 376
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 5300 -ip 5300
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff85d979758,0x7ff85d979768,0x7ff85d979778
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 392
C:\Users\Admin\AppData\Local\Temp\1000115001\toolspub1.exe
"C:\Users\Admin\AppData\Local\Temp\1000115001\toolspub1.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 4704 -ip 4704
C:\Windows\System\dc.exe
"C:\Windows\System\dc.exe" /D
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4704 -s 236
C:\Users\Admin\AppData\Local\Temp\nsaF8BA.tmp
C:\Users\Admin\AppData\Local\Temp\nsaF8BA.tmp
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 5300 -ip 5300
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 680
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 5300 -ip 5300
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 692
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 5300 -ip 5300
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 692
C:\Users\Admin\AppData\Local\Temp\1000117001\rty27.exe
"C:\Users\Admin\AppData\Local\Temp\1000117001\rty27.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2076 --field-trial-handle=1872,i,3357587987629725365,1777621007141337373,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=1872,i,3357587987629725365,1777621007141337373,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=1872,i,3357587987629725365,1777621007141337373,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3076 --field-trial-handle=1872,i,3357587987629725365,1777621007141337373,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3068 --field-trial-handle=1872,i,3357587987629725365,1777621007141337373,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 5300 -ip 5300
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 752
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 5300 -ip 5300
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 740
C:\Windows\SysWOW64\chcp.com
chcp 1251
C:\Users\Admin\AppData\Local\Temp\1000119001\FirstZ.exe
"C:\Users\Admin\AppData\Local\Temp\1000119001\FirstZ.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4828 --field-trial-handle=1872,i,3357587987629725365,1777621007141337373,131072 /prefetch:8
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\Admin\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 5300 -ip 5300
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 752
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 5300 -ip 5300
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 624
C:\Windows\SYSTEM32\schtasks.exe
schtasks /delete /TN "Timer"
C:\Windows\SYSTEM32\schtasks.exe
schtasks /create /sc minute /ED "11/02/2024" /mo 7 /tn "Timer" /tr c:\windows\system\svchost.exe /ru SYSTEM
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 5300 -ip 5300
C:\Windows\System\svchost.exe
"C:\Windows\System\svchost.exe" formal
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 796
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Users\Admin\Documents\GuardFox\46_sXXY7I21SlDL7QjacEu88.exe
"C:\Users\Admin\Documents\GuardFox\46_sXXY7I21SlDL7QjacEu88.exe" --Admin IsNotAutoStart IsNotTask
C:\Users\Admin\Documents\GuardFox\46_sXXY7I21SlDL7QjacEu88.exe
"C:\Users\Admin\Documents\GuardFox\46_sXXY7I21SlDL7QjacEu88.exe" --Admin IsNotAutoStart IsNotTask
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 5300 -ip 5300
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 2904 -ip 2904
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 804
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 568
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 5300 -ip 5300
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 892
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\Admin\Documents\GuardFox\OeqTok3crnjqes83Oeiqup5y.exe" & del "C:\ProgramData\*.dll"" & exit
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 2164 -ip 2164
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 2372
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 5300 -ip 5300
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 876
C:\Windows\SysWOW64\timeout.exe
timeout /t 5
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 5300 -ip 5300
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 932
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 5300 -ip 5300
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 924
C:\Windows\System32\netsh.exe
"C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="SvcHostX" dir=in action=allow program="C:\Windows\System\svchost.exe" enable=yes
C:\Windows\System32\netsh.exe
"C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="SvcHostX" dir=out action=allow program="C:\Windows\System\svchost.exe" enable=yes
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath c:\windows\
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath \\?\C:\Windows \
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 5300 -ip 5300
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 644
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 5300 -ip 5300
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 936
C:\Windows\System\dc.exe
"C:\Windows\System\dc.exe" /D
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 5300 -ip 5300
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 956
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Users\Admin\Documents\GuardFox\jxXiOgogI8vV1byOdAIl_gx5.exe
C:\Users\Admin\Documents\GuardFox\jxXiOgogI8vV1byOdAIl_gx5.exe
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\Y8wSG2.CPL",
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\Y8wSG2.CPL",
C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe
"C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 4856 -ip 4856
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 336
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 352
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 356
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 644
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4856 -ip 4856
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 4856 -ip 4856
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4856 -ip 4856
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 4856 -ip 4856
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 656
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 4856 -ip 4856
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 4856 -ip 4856
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 732
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 740
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 748
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 4856 -ip 4856
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4856 -ip 4856
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 656
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 1324 -ip 1324
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\Admin\AppData\Local\Temp\nsaF8BA.tmp" & del "C:\ProgramData\*.dll"" & exit
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 2388
C:\Windows\SysWOW64\timeout.exe
timeout /t 5
C:\Users\Admin\AppData\Local\Temp\A718.exe
C:\Users\Admin\AppData\Local\Temp\A718.exe
C:\Users\Admin\AppData\Local\Temp\AE9B.exe
C:\Users\Admin\AppData\Local\Temp\AE9B.exe
C:\Users\Admin\AppData\Local\Temp\AE9B.exe
C:\Users\Admin\AppData\Local\Temp\AE9B.exe
C:\Users\Admin\AppData\Local\Temp\B708.exe
C:\Users\Admin\AppData\Local\Temp\B708.exe
C:\Windows\system32\cmd.exe
C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
C:\Users\Admin\AppData\Local\Temp\BDD0.exe
C:\Users\Admin\AppData\Local\Temp\BDD0.exe
C:\Windows\system32\netsh.exe
netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
C:\Users\Admin\AppData\Local\Temp\is-QR2UD.tmp\BDD0.tmp
"C:\Users\Admin\AppData\Local\Temp\is-QR2UD.tmp\BDD0.tmp" /SL5="$A01D6,3501695,54272,C:\Users\Admin\AppData\Local\Temp\BDD0.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SysWOW64\cmd.exe
cmd /k cmd < Dot & exit
C:\Users\Admin\AppData\Local\Temp\D466.exe
C:\Users\Admin\AppData\Local\Temp\D466.exe
C:\Windows\SysWOW64\cmd.exe
cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop UsoSvc
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe
"C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop WaaSMedicSvc
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop wuauserv
C:\Users\Admin\AppData\Local\Temp\E271.exe
C:\Users\Admin\AppData\Local\Temp\E271.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 2860 -ip 2860
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 348
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop bits
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop dosvc
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe delete "WSNKISKT"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\EC55.dll
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\EC55.dll
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe create "WSNKISKT" binpath= "C:\ProgramData\wikombernizc\reakuqnanrkn.exe" start= "auto"
C:\Users\Admin\AppData\Local\Temp\EFB1.exe
C:\Users\Admin\AppData\Local\Temp\EFB1.exe
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe start "WSNKISKT"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop eventlog
C:\ProgramData\wikombernizc\reakuqnanrkn.exe
C:\ProgramData\wikombernizc\reakuqnanrkn.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Users\Admin\AppData\Local\Temp\C9.exe
C:\Users\Admin\AppData\Local\Temp\C9.exe
C:\Users\Admin\Documents\GuardFox\jxXiOgogI8vV1byOdAIl_gx5.exe
C:\Users\Admin\Documents\GuardFox\jxXiOgogI8vV1byOdAIl_gx5.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| DE | 77.105.147.130:80 | 77.105.147.130 | tcp |
| US | 8.8.8.8:53 | api.myip.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 104.26.8.59:443 | api.myip.com | tcp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | 59.8.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.147.105.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.186.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vk.com | udp |
| US | 8.8.8.8:53 | 294self-limited.sbs | udp |
| US | 8.8.8.8:53 | medfioytrkdkcodlskeej.net | udp |
| NL | 77.246.104.70:80 | 77.246.104.70 | tcp |
| RU | 193.233.132.117:80 | tcp | |
| FI | 109.107.182.40:80 | 109.107.182.40 | tcp |
| US | 8.8.8.8:53 | cczhk.com | udp |
| US | 8.8.8.8:53 | joxy.ayazprak.com | udp |
| US | 8.8.8.8:53 | ji.alie3ksggg.com | udp |
| AT | 5.42.64.33:80 | 5.42.64.33 | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| US | 104.21.80.24:80 | joxy.ayazprak.com | tcp |
| RU | 91.215.85.209:80 | medfioytrkdkcodlskeej.net | tcp |
| US | 188.114.97.2:80 | 294self-limited.sbs | tcp |
| US | 188.114.97.2:80 | 294self-limited.sbs | tcp |
| HK | 154.92.15.189:80 | ji.alie3ksggg.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| US | 188.114.97.2:80 | 294self-limited.sbs | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 91.215.85.209:80 | medfioytrkdkcodlskeej.net | tcp |
| US | 188.114.97.2:443 | 294self-limited.sbs | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 91.215.85.209:80 | medfioytrkdkcodlskeej.net | tcp |
| UZ | 195.158.3.162:80 | cczhk.com | tcp |
| RU | 91.215.85.209:443 | medfioytrkdkcodlskeej.net | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| US | 8.8.8.8:53 | 70.104.246.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.64.42.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.182.107.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.80.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.97.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.13.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.15.92.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.225.186.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.85.215.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.3.158.195.in-addr.arpa | udp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| US | 8.8.8.8:53 | udp | |
| GB | 184.31.225.194:80 | x2.c.lencr.org | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| UZ | 195.158.3.162:80 | cczhk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:443 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:443 | vk.com | tcp |
| RU | 93.186.225.194:443 | vk.com | tcp |
| US | 8.8.8.8:53 | sun6-20.userapi.com | udp |
| RU | 93.186.225.194:443 | vk.com | tcp |
| US | 8.8.8.8:53 | sun6-21.userapi.com | udp |
| NL | 95.142.206.0:443 | sun6-20.userapi.com | tcp |
| NL | 95.142.206.1:443 | sun6-21.userapi.com | tcp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.206.142.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.206.142.95.in-addr.arpa | udp |
| RU | 93.186.225.194:443 | vk.com | tcp |
| US | 8.8.8.8:53 | sun6-23.userapi.com | udp |
| RU | 93.186.225.194:443 | vk.com | tcp |
| NL | 95.142.206.1:443 | sun6-21.userapi.com | tcp |
| NL | 95.142.206.3:443 | sun6-23.userapi.com | tcp |
| NL | 95.142.206.2:443 | tcp | |
| NL | 95.142.206.3:443 | sun6-23.userapi.com | tcp |
| RU | 93.186.225.194:443 | vk.com | tcp |
| RU | 93.186.225.194:443 | vk.com | tcp |
| NL | 95.142.206.2:443 | tcp | |
| RU | 93.186.225.194:443 | vk.com | tcp |
| RU | 93.186.225.194:443 | vk.com | tcp |
| RU | 93.186.225.194:443 | vk.com | tcp |
| US | 8.8.8.8:53 | i.alie3ksgaa.com | udp |
| HK | 154.92.15.189:443 | i.alie3ksgaa.com | tcp |
| DE | 77.105.147.130:80 | 77.105.147.130 | tcp |
| RU | 193.233.132.117:80 | 193.233.132.117 | tcp |
| US | 8.8.8.8:53 | iplis.ru | udp |
| US | 172.67.147.32:443 | iplis.ru | tcp |
| US | 8.8.8.8:53 | iplogger.org | udp |
| US | 172.67.132.113:443 | iplogger.org | tcp |
| DE | 185.172.128.24:80 | 185.172.128.24 | tcp |
| US | 8.8.8.8:53 | 32.147.67.172.in-addr.arpa | udp |
| FR | 194.33.191.60:44675 | tcp | |
| US | 8.8.8.8:53 | 113.132.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.128.172.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.191.33.194.in-addr.arpa | udp |
| US | 172.67.137.14:443 | tcp | |
| NL | 45.15.156.229:80 | tcp | |
| US | 8.8.8.8:53 | qualifiedbehaviorrykej.site | udp |
| US | 8.8.8.8:53 | 60.156.15.45.in-addr.arpa | udp |
| US | 172.67.175.187:443 | qualifiedbehaviorrykej.site | tcp |
| DE | 185.172.128.19:80 | 185.172.128.19 | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 193.233.132.117:80 | 193.233.132.117 | tcp |
| US | 20.12.23.50:443 | tcp | |
| US | 104.26.8.59:443 | api.myip.com | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| RU | 93.186.225.194:443 | vk.com | tcp |
| DE | 77.105.147.130:80 | 77.105.147.130 | tcp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| NL | 45.15.156.60:12050 | tcp | |
| US | 104.26.8.59:443 | api.myip.com | tcp |
| US | 8.8.8.8:53 | api.ip.sb | udp |
| DE | 185.172.128.19:80 | 185.172.128.19 | tcp |
| US | 104.26.12.31:443 | api.ip.sb | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | shitshitshitshit.net | udp |
| US | 188.114.96.2:443 | shitshitshitshit.net | tcp |
| US | 8.8.8.8:53 | 31.12.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | blackvlastelin.com | udp |
| NL | 91.92.245.15:80 | tcp | |
| US | 104.21.16.228:443 | blackvlastelin.com | tcp |
| US | 20.12.23.50:443 | tcp | |
| NL | 195.20.16.45:80 | tcp | |
| HK | 154.92.15.189:80 | i.alie3ksgaa.com | tcp |
| US | 20.12.23.50:443 | tcp | |
| US | 8.8.8.8:53 | galandskiyher5.com | udp |
| US | 8.8.8.8:53 | udp | |
| HK | 154.92.15.189:80 | i.alie3ksgaa.com | tcp |
| US | 8.8.8.8:53 | 10.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| HK | 154.92.15.189:443 | i.alie3ksgaa.com | tcp |
| AT | 5.42.64.33:80 | tcp | |
| GB | 216.58.213.10:443 | tcp | |
| GB | 142.250.179.238:443 | tcp | |
| GB | 142.250.187.195:443 | tcp | |
| HK | 154.92.15.189:80 | i.alie3ksgaa.com | tcp |
| US | 188.114.97.0:443 | tcp | |
| US | 8.8.8.8:53 | weedpairfolkloredheryw.site | udp |
| US | 188.114.96.0:443 | weedpairfolkloredheryw.site | tcp |
| US | 8.8.8.8:53 | 0.97.114.188.in-addr.arpa | udp |
| RU | 5.42.65.31:48396 | tcp | |
| DE | 185.172.128.79:80 | 185.172.128.79 | tcp |
| RU | 193.233.132.117:80 | tcp | |
| US | 8.8.8.8:53 | 176.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.128.172.185.in-addr.arpa | udp |
| RU | 193.233.132.117:80 | 193.233.132.117 | tcp |
| US | 104.21.40.14:443 | tcp | |
| US | 8.8.8.8:53 | expenditureddisumilarwo.site | udp |
| US | 188.114.96.0:443 | expenditureddisumilarwo.site | tcp |
| US | 8.8.8.8:53 | selebration17io.io | udp |
| RU | 91.215.85.120:80 | selebration17io.io | tcp |
| DE | 185.172.128.90:80 | tcp | |
| US | 8.8.8.8:53 | 120.85.215.91.in-addr.arpa | udp |
| US | 188.114.96.0:443 | expenditureddisumilarwo.site | tcp |
| RU | 193.233.132.117:80 | 193.233.132.117 | tcp |
| US | 8.8.8.8:53 | paperambiguonusphoterew.site | udp |
| US | 104.21.83.138:443 | paperambiguonusphoterew.site | tcp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.83.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tiny.ayazprak.com | udp |
| US | 172.67.173.86:80 | tiny.ayazprak.com | tcp |
| FR | 62.210.123.24:443 | tcp | |
| US | 8.8.8.8:53 | 86.173.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.123.210.62.in-addr.arpa | udp |
| RU | 93.186.225.194:80 | tcp | |
| RU | 93.186.225.194:80 | tcp | |
| RU | 93.186.225.194:80 | tcp | |
| N/A | 20.49.150.241:443 | tcp | |
| RU | 93.186.225.194:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 20.49.150.241:443 | tcp | |
| N/A | 20.49.150.241:443 | tcp | |
| IT | 2.233.91.176:19001 | tcp | |
| FR | 146.59.232.218:1337 | tcp | |
| GR | 83.212.117.37:443 | tcp | |
| US | 8.8.8.8:53 | 218.232.59.146.in-addr.arpa | udp |
| DE | 185.172.128.19:80 | 185.172.128.19 | tcp |
| US | 8.8.8.8:53 | 37.117.212.83.in-addr.arpa | udp |
| RU | 93.186.225.194:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| RU | 93.186.225.194:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| RU | 93.186.225.194:443 | tcp | |
| US | 104.21.83.138:443 | paperambiguonusphoterew.site | tcp |
| US | 8.8.8.8:53 | trmpc.com | udp |
| MX | 189.232.10.46:80 | trmpc.com | tcp |
| US | 8.8.8.8:53 | 46.10.232.189.in-addr.arpa | udp |
| FR | 146.59.232.218:1337 | tcp | |
| GR | 83.212.117.37:443 | tcp | |
| US | 8.8.8.8:53 | csgo500tr.com | udp |
| US | 8.8.8.8:53 | csgo500tr.com | udp |
| US | 8.8.8.8:53 | itechitalia.eu | udp |
| US | 8.8.8.8:53 | itechitalia.eu | udp |
| US | 8.8.8.8:53 | joinhiving.com | udp |
| US | 188.114.97.2:22 | csgo500tr.com | tcp |
| US | 8.8.8.8:53 | joinhiving.com | udp |
| US | 8.8.8.8:53 | centrodellamusica.it | udp |
| US | 188.114.97.2:21 | csgo500tr.com | tcp |
| US | 8.8.8.8:53 | centrodellamusica.it | udp |
| US | 8.8.8.8:53 | rubikscubetimer.com | udp |
| US | 188.114.97.2:443 | csgo500tr.com | tcp |
| US | 8.8.8.8:53 | rubikscubetimer.com | udp |
| US | 8.8.8.8:53 | auth.services.adobe.com | udp |
| US | 8.8.8.8:53 | itechitalia-eu.mail.protection.outlook.com | udp |
| NL | 51.158.154.206:22 | joinhiving.com | tcp |
| NL | 51.158.154.206:21 | joinhiving.com | tcp |
| NL | 51.158.154.206:443 | joinhiving.com | tcp |
| US | 8.8.8.8:53 | auth.services.adobe.com | udp |
| US | 8.8.8.8:53 | udpaccess.com | udp |
| US | 188.114.97.2:143 | csgo500tr.com | tcp |
| US | 8.8.8.8:53 | udpaccess.com | udp |
| US | 8.8.8.8:53 | accounts.spotify.com | udp |
| US | 188.114.97.2:80 | csgo500tr.com | tcp |
| US | 188.114.97.2:465 | csgo500tr.com | tcp |
| US | 8.8.8.8:53 | 206.154.158.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.spotify.com | udp |
| US | 8.8.8.8:53 | moncvparfait.fr | udp |
| NL | 51.158.154.206:143 | joinhiving.com | tcp |
| US | 52.101.40.4:465 | itechitalia-eu.mail.protection.outlook.com | tcp |
| US | 52.101.40.4:143 | itechitalia-eu.mail.protection.outlook.com | tcp |
| US | 162.243.252.129:21 | rubikscubetimer.com | tcp |
| US | 162.243.252.129:22 | rubikscubetimer.com | tcp |
| US | 188.114.97.2:80 | csgo500tr.com | tcp |
| US | 188.114.97.2:995 | csgo500tr.com | tcp |
| US | 8.8.8.8:53 | moncvparfait.fr | udp |
| US | 8.8.8.8:53 | surveyhead.com | udp |
| US | 8.8.8.8:53 | centrodellamusica-it.mail.protection.outlook.com | udp |
| IT | 92.245.188.55:22 | centrodellamusica.it | tcp |
| IT | 92.245.188.55:21 | centrodellamusica.it | tcp |
| IT | 92.245.188.55:443 | centrodellamusica.it | tcp |
| US | 104.18.32.77:22 | auth.services.adobe.com | tcp |
| US | 104.18.32.77:21 | auth.services.adobe.com | tcp |
| US | 162.243.252.129:443 | rubikscubetimer.com | tcp |
| NL | 51.158.154.206:465 | joinhiving.com | tcp |
| US | 52.101.40.4:995 | itechitalia-eu.mail.protection.outlook.com | tcp |
| NL | 51.158.154.206:80 | joinhiving.com | tcp |
| US | 104.18.32.77:443 | auth.services.adobe.com | tcp |
| US | 199.59.243.225:21 | udpaccess.com | tcp |
| US | 199.59.243.225:22 | udpaccess.com | tcp |
| US | 35.186.224.25:22 | accounts.spotify.com | tcp |
| US | 188.114.96.2:22 | csgo500tr.com | tcp |
| US | 8.8.8.8:53 | surveyhead.com | udp |
| US | 8.8.8.8:53 | magix-online.com | udp |
| US | 188.114.96.2:21 | csgo500tr.com | tcp |
| NL | 51.158.154.206:995 | joinhiving.com | tcp |
| US | 35.186.224.25:21 | accounts.spotify.com | tcp |
| US | 199.59.243.225:443 | udpaccess.com | tcp |
| US | 8.8.8.8:53 | itechitalia.eu | udp |
| NL | 51.158.154.206:80 | joinhiving.com | tcp |
| US | 8.8.8.8:53 | magix-online.com | udp |
| US | 8.8.8.8:53 | us04web.zoom.us | udp |
| IE | 104.47.17.74:143 | centrodellamusica-it.mail.protection.outlook.com | tcp |
| US | 162.243.252.129:143 | rubikscubetimer.com | tcp |
| US | 8.8.8.8:53 | 129.252.243.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.188.245.92.in-addr.arpa | udp |
| US | 35.186.224.25:443 | accounts.spotify.com | tcp |
| US | 8.8.8.8:53 | www.centrodellamusica.net | udp |
| FR | 96.16.248.171:21 | moncvparfait.fr | tcp |
| FR | 96.16.248.171:22 | moncvparfait.fr | tcp |
| US | 188.114.96.2:143 | csgo500tr.com | tcp |
| IE | 104.47.17.74:465 | centrodellamusica-it.mail.protection.outlook.com | tcp |
| US | 162.243.252.129:465 | rubikscubetimer.com | tcp |
| US | 104.18.32.77:143 | auth.services.adobe.com | tcp |
| IT | 92.245.188.55:80 | www.centrodellamusica.net | tcp |
| US | 162.243.252.129:80 | rubikscubetimer.com | tcp |
| US | 172.64.155.179:22 | auth.services.adobe.com | tcp |
| US | 8.8.8.8:53 | us04web.zoom.us | udp |
| US | 8.8.8.8:53 | account.nokia.com | udp |
| US | 199.59.243.225:143 | udpaccess.com | tcp |
| US | 188.114.97.2:443 | csgo500tr.com | tcp |
| US | 8.8.8.8:53 | 77.32.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.243.59.199.in-addr.arpa | udp |
| US | 188.114.97.2:443 | csgo500tr.com | tcp |
| US | 188.114.96.2:465 | csgo500tr.com | tcp |
| US | 74.206.97.188:22 | surveyhead.com | tcp |
| US | 52.101.9.11:143 | itechitalia-eu.mail.protection.outlook.com | tcp |
| FR | 96.16.248.171:443 | moncvparfait.fr | tcp |
| US | 8.8.8.8:53 | account.nokia.com | udp |
| US | 8.8.8.8:53 | goflac.com | udp |
| US | 52.101.9.11:465 | itechitalia-eu.mail.protection.outlook.com | tcp |
| US | 188.114.96.2:995 | csgo500tr.com | tcp |
| IE | 104.47.17.74:995 | centrodellamusica-it.mail.protection.outlook.com | tcp |
| US | 162.243.252.129:995 | rubikscubetimer.com | tcp |
| DE | 195.214.216.136:22 | magix-online.com | tcp |
| US | 104.18.32.77:80 | auth.services.adobe.com | tcp |
| US | 104.18.32.77:465 | auth.services.adobe.com | tcp |
| US | 35.186.224.25:143 | accounts.spotify.com | tcp |
| NL | 51.158.154.206:22 | joinhiving.com | tcp |
| IT | 92.245.188.55:21 | www.centrodellamusica.net | tcp |
| US | 199.59.243.225:465 | udpaccess.com | tcp |
| US | 172.64.155.179:21 | auth.services.adobe.com | tcp |
| US | 199.59.243.225:80 | udpaccess.com | tcp |
| NL | 51.158.154.206:443 | joinhiving.com | tcp |
| US | 74.206.97.188:21 | surveyhead.com | tcp |
| US | 8.8.8.8:53 | aspmx2.googlemail.com | udp |
| US | 8.8.8.8:53 | inbound01.researchnow.com | udp |
| US | 8.8.8.8:53 | 25.224.186.35.in-addr.arpa | udp |
| US | 74.206.97.188:443 | surveyhead.com | tcp |
| DE | 195.214.216.136:21 | magix-online.com | tcp |
| US | 8.8.8.8:53 | goflac.com | udp |
| US | 52.101.9.11:995 | itechitalia-eu.mail.protection.outlook.com | tcp |
| US | 104.18.32.77:995 | auth.services.adobe.com | tcp |
| US | 35.186.224.25:465 | accounts.spotify.com | tcp |
| US | 104.18.32.77:80 | auth.services.adobe.com | tcp |
| US | 170.114.52.4:22 | us04web.zoom.us | tcp |
| US | 199.59.243.225:995 | udpaccess.com | tcp |
| US | 162.243.252.129:80 | rubikscubetimer.com | tcp |
| US | 8.8.8.8:53 | moncvparfait.fr | udp |
| US | 8.8.8.8:53 | magixonline-com01c.mail.protection.outlook.com | udp |
| DE | 195.214.216.136:443 | magix-online.com | tcp |
| IT | 92.245.188.55:443 | www.centrodellamusica.net | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 52.101.11.9:143 | itechitalia-eu.mail.protection.outlook.com | tcp |
| FR | 96.16.248.159:21 | moncvparfait.fr | tcp |
| FR | 96.16.248.159:22 | moncvparfait.fr | tcp |
| US | 52.101.11.9:465 | itechitalia-eu.mail.protection.outlook.com | tcp |
| NL | 104.47.18.74:143 | centrodellamusica-it.mail.protection.outlook.com | tcp |
| NL | 104.47.18.74:465 | centrodellamusica-it.mail.protection.outlook.com | tcp |
| US | 170.114.52.4:21 | us04web.zoom.us | tcp |
| US | 8.8.8.8:53 | login.norton.com | udp |
| US | 8.8.8.8:53 | www.moncvparfait.fr | udp |
| US | 104.21.83.138:443 | paperambiguonusphoterew.site | tcp |
| US | 172.64.155.179:143 | auth.services.adobe.com | tcp |
| US | 8.8.8.8:53 | 171.248.16.96.in-addr.arpa | udp |
| NL | 51.158.154.206:443 | joinhiving.com | tcp |
| US | 35.186.224.25:80 | accounts.spotify.com | tcp |
| NL | 142.250.27.26:143 | aspmx2.googlemail.com | tcp |
| US | 52.101.11.9:995 | itechitalia-eu.mail.protection.outlook.com | tcp |
| US | 188.114.97.2:22 | csgo500tr.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | login.norton.com | udp |
| NL | 104.47.18.74:995 | centrodellamusica-it.mail.protection.outlook.com | tcp |
| US | 172.64.155.179:465 | auth.services.adobe.com | tcp |
| US | 162.243.252.129:21 | rubikscubetimer.com | tcp |
| US | 170.114.52.4:443 | us04web.zoom.us | tcp |
| US | 8.8.8.8:53 | exitlag.com | udp |
| US | 35.186.224.25:80 | accounts.spotify.com | tcp |
| US | 199.59.243.225:80 | udpaccess.com | tcp |
| US | 208.53.56.17:143 | inbound01.researchnow.com | tcp |
| US | 8.8.8.8:53 | 4.52.114.170.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.216.214.195.in-addr.arpa | udp |
| US | 35.186.224.25:995 | accounts.spotify.com | tcp |
| NL | 142.250.27.26:465 | aspmx2.googlemail.com | tcp |
| US | 74.206.97.188:80 | surveyhead.com | tcp |
| US | 188.114.97.2:21 | csgo500tr.com | tcp |
| FR | 96.16.248.171:80 | moncvparfait.fr | tcp |
| IT | 92.245.188.55:443 | www.centrodellamusica.net | tcp |
| US | 208.53.56.17:465 | inbound01.researchnow.com | tcp |
| IT | 92.245.188.55:22 | www.centrodellamusica.net | tcp |
| US | 172.64.155.179:995 | auth.services.adobe.com | tcp |
| US | 188.114.97.2:80 | csgo500tr.com | tcp |
| US | 104.21.35.143:443 | qualifiedbehaviorrykej.site | tcp |
| US | 8.8.8.8:53 | www.magix-online.com | udp |
| US | 8.8.8.8:53 | exitlag.com | udp |
| US | 188.114.97.2:80 | csgo500tr.com | tcp |
| NL | 142.250.27.26:995 | aspmx2.googlemail.com | tcp |
| US | 208.53.56.17:995 | inbound01.researchnow.com | tcp |
| DE | 195.214.216.136:80 | www.magix-online.com | tcp |
| GB | 92.122.54.116:443 | www.moncvparfait.fr | tcp |
| US | 162.243.252.129:22 | rubikscubetimer.com | tcp |
| US | 104.18.32.77:443 | auth.services.adobe.com | tcp |
| IT | 92.245.188.55:990 | www.centrodellamusica.net | tcp |
| NL | 52.101.73.16:143 | magixonline-com01c.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | careers-brampton.icims.com | udp |
| NL | 52.101.73.16:465 | magixonline-com01c.mail.protection.outlook.com | tcp |
| US | 188.114.97.2:143 | csgo500tr.com | tcp |
| US | 8.8.8.8:53 | account.nokia.com | udp |
| US | 8.8.8.8:53 | goflac.com | udp |
| IE | 209.85.203.84:22 | accounts.google.com | tcp |
| US | 199.59.243.225:80 | udpaccess.com | tcp |
| US | 8.8.8.8:53 | itechitalia-eu.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | careers-brampton.icims.com | udp |
| US | 162.243.252.129:443 | rubikscubetimer.com | tcp |
| NL | 52.101.73.16:995 | magixonline-com01c.mail.protection.outlook.com | tcp |
| US | 104.18.32.77:22 | auth.services.adobe.com | tcp |
| US | 162.243.252.129:143 | rubikscubetimer.com | tcp |
| NL | 51.158.154.206:80 | joinhiving.com | tcp |
| US | 188.114.96.2:22 | csgo500tr.com | tcp |
| US | 170.114.52.4:22 | us04web.zoom.us | tcp |
| US | 8.8.8.8:53 | accounts.snapchat.com | udp |
| NL | 52.101.73.6:143 | magixonline-com01c.mail.protection.outlook.com | tcp |
| NL | 51.158.154.206:21 | joinhiving.com | tcp |
| IE | 209.85.203.84:21 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | centrodellamusica-it.mail.protection.outlook.com | udp |
| US | 13.107.246.64:22 | login.norton.com | tcp |
| NL | 51.158.154.206:80 | joinhiving.com | tcp |
| US | 13.107.246.64:21 | login.norton.com | tcp |
| US | 13.107.246.64:443 | login.norton.com | tcp |
| US | 8.8.8.8:53 | accounts.snapchat.com | udp |
| US | 188.114.96.2:21 | csgo500tr.com | tcp |
| US | 170.114.52.4:143 | us04web.zoom.us | tcp |
| US | 104.22.79.205:22 | exitlag.com | tcp |
| US | 8.8.8.8:53 | proticketing.com | udp |
| US | 8.8.8.8:53 | alt2.gmr-smtp-in.l.google.com | udp |
| US | 8.8.8.8:53 | itechitalia.eu | udp |
| US | 8.8.8.8:53 | ftp.itechitalia.eu | udp |
| US | 8.8.8.8:53 | 116.54.122.92.in-addr.arpa | udp |
| US | 170.114.52.4:465 | us04web.zoom.us | tcp |
| US | 170.114.52.4:80 | us04web.zoom.us | tcp |
| US | 188.114.97.2:995 | csgo500tr.com | tcp |
| US | 170.114.52.4:21 | us04web.zoom.us | tcp |
| IT | 92.245.188.55:80 | www.centrodellamusica.net | tcp |
| NL | 51.158.154.206:143 | joinhiving.com | tcp |
| US | 188.114.97.2:465 | csgo500tr.com | tcp |
| US | 104.18.32.77:21 | auth.services.adobe.com | tcp |
| US | 35.186.224.25:443 | accounts.spotify.com | tcp |
| NL | 52.101.73.6:465 | magixonline-com01c.mail.protection.outlook.com | tcp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| US | 104.22.79.205:21 | exitlag.com | tcp |
| IT | 92.245.188.55:443 | www.centrodellamusica.net | tcp |
| US | 52.101.41.3:143 | itechitalia-eu.mail.protection.outlook.com | tcp |
| US | 13.107.213.64:22 | login.norton.com | tcp |
| US | 13.107.213.64:21 | login.norton.com | tcp |
| US | 188.114.96.2:143 | csgo500tr.com | tcp |
| NL | 51.158.154.206:465 | joinhiving.com | tcp |
| US | 8.8.8.8:53 | proticketing.com | udp |
| IT | 92.245.188.55:80 | www.centrodellamusica.net | tcp |
| IT | 92.245.188.55:443 | www.centrodellamusica.net | tcp |
| US | 170.114.52.4:995 | us04web.zoom.us | tcp |
| US | 52.101.41.3:465 | itechitalia-eu.mail.protection.outlook.com | tcp |
| NL | 51.158.154.206:22 | joinhiving.com | tcp |
| NL | 52.101.73.6:995 | magixonline-com01c.mail.protection.outlook.com | tcp |
| US | 199.59.243.225:22 | udpaccess.com | tcp |
| US | 199.59.243.225:21 | udpaccess.com | tcp |
| US | 35.186.224.25:22 | accounts.spotify.com | tcp |
| US | 162.243.252.129:465 | rubikscubetimer.com | tcp |
| US | 172.64.155.179:22 | auth.services.adobe.com | tcp |
| US | 172.67.29.58:22 | exitlag.com | tcp |
| FR | 96.16.248.171:22 | moncvparfait.fr | tcp |
| US | 8.8.8.8:53 | account.asus.com | udp |
| US | 8.8.8.8:53 | account.nokia.com | udp |
| US | 8.8.8.8:53 | exitlag-com.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 188.114.96.2:995 | csgo500tr.com | tcp |
| GB | 92.122.54.116:443 | www.moncvparfait.fr | tcp |
| US | 52.101.41.3:995 | itechitalia-eu.mail.protection.outlook.com | tcp |
| FR | 96.16.248.171:21 | moncvparfait.fr | tcp |
| NL | 51.158.154.206:995 | joinhiving.com | tcp |
| US | 172.64.155.179:21 | auth.services.adobe.com | tcp |
| US | 172.67.29.58:21 | exitlag.com | tcp |
| GB | 18.239.236.36:22 | careers-brampton.icims.com | tcp |
| US | 104.22.79.205:443 | exitlag.com | tcp |
| US | 52.101.40.1:143 | itechitalia-eu.mail.protection.outlook.com | tcp |
| GB | 18.239.236.36:21 | careers-brampton.icims.com | tcp |
| US | 8.8.8.8:53 | copyrightspareddcitwew.site | udp |
| US | 8.8.8.8:53 | account.asus.com | udp |
| US | 52.101.40.1:465 | itechitalia-eu.mail.protection.outlook.com | tcp |
| US | 162.243.252.129:995 | rubikscubetimer.com | tcp |
| DE | 195.214.216.136:22 | www.magix-online.com | tcp |
| US | 104.18.32.77:143 | auth.services.adobe.com | tcp |
| US | 188.114.97.2:443 | csgo500tr.com | tcp |
| US | 35.186.224.25:21 | accounts.spotify.com | tcp |
| US | 13.107.246.64:143 | login.norton.com | tcp |
| DE | 195.214.216.136:80 | www.magix-online.com | tcp |
| NL | 142.250.153.14:143 | alt2.gmr-smtp-in.l.google.com | tcp |
| US | 199.59.243.225:143 | udpaccess.com | tcp |
| US | 74.206.97.188:22 | surveyhead.com | tcp |
| FR | 96.16.248.159:22 | moncvparfait.fr | tcp |
| US | 8.8.8.8:53 | login.aruba.it | udp |
| US | 104.18.32.77:465 | auth.services.adobe.com | tcp |
| US | 8.8.8.8:53 | 84.203.85.209.in-addr.arpa | udp |
| US | 199.59.243.225:80 | udpaccess.com | tcp |
| US | 52.101.40.1:995 | itechitalia-eu.mail.protection.outlook.com | tcp |
| FR | 96.16.248.159:21 | moncvparfait.fr | tcp |
| GB | 18.239.236.36:443 | careers-brampton.icims.com | tcp |
| US | 34.149.46.130:22 | accounts.snapchat.com | tcp |
| US | 34.149.46.130:21 | accounts.snapchat.com | tcp |
| US | 8.8.8.8:53 | magixonline-com01c.mail.protection.outlook.com | udp |
| US | 104.21.55.202:443 | copyrightspareddcitwew.site | tcp |
| US | 8.8.8.8:53 | login.aruba.it | udp |
| GB | 18.239.236.4:21 | careers-brampton.icims.com | tcp |
| US | 172.64.155.179:143 | auth.services.adobe.com | tcp |
| US | 13.107.213.64:143 | login.norton.com | tcp |
| IE | 209.85.203.84:80 | accounts.google.com | tcp |
| NL | 142.250.153.14:465 | alt2.gmr-smtp-in.l.google.com | tcp |
| US | 74.206.97.188:80 | surveyhead.com | tcp |
| US | 13.107.246.64:80 | login.norton.com | tcp |
| US | 13.107.246.64:465 | login.norton.com | tcp |
| US | 35.186.224.25:465 | accounts.spotify.com | tcp |
| FR | 96.16.248.171:80 | moncvparfait.fr | tcp |
| US | 104.18.32.77:80 | auth.services.adobe.com | tcp |
| US | 104.18.32.77:995 | auth.services.adobe.com | tcp |
| DE | 195.214.216.136:21 | www.magix-online.com | tcp |
| NL | 51.158.154.206:443 | joinhiving.com | tcp |
| US | 52.101.8.42:143 | exitlag-com.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | digitalvoice.nielsen.com | udp |
| US | 8.8.8.8:53 | goflac.com | udp |
| US | 8.8.8.8:53 | 205.79.22.104.in-addr.arpa | udp |
| US | 170.114.52.4:80 | us04web.zoom.us | tcp |
| US | 74.206.97.188:21 | surveyhead.com | tcp |
| IE | 104.47.17.74:995 | centrodellamusica-it.mail.protection.outlook.com | tcp |
| US | 104.18.32.77:80 | auth.services.adobe.com | tcp |
| US | 172.64.155.179:465 | auth.services.adobe.com | tcp |
| US | 34.149.46.130:443 | accounts.snapchat.com | tcp |
| US | 188.114.97.2:80 | csgo500tr.com | tcp |
| US | 35.186.224.25:80 | accounts.spotify.com | tcp |
| US | 199.59.243.225:80 | udpaccess.com | tcp |
| US | 104.22.13.248:21 | proticketing.com | tcp |
| US | 104.22.13.248:22 | proticketing.com | tcp |
| US | 8.8.8.8:53 | account.nokia.com | udp |
| US | 172.64.155.179:995 | auth.services.adobe.com | tcp |
| US | 104.22.12.248:21 | proticketing.com | tcp |
| IT | 152.199.16.78:22 | account.asus.com | tcp |
| IT | 92.245.188.55:22 | www.centrodellamusica.net | tcp |
| NL | 142.250.153.14:995 | alt2.gmr-smtp-in.l.google.com | tcp |
| US | 13.107.246.64:80 | login.norton.com | tcp |
| US | 208.53.56.17:143 | inbound01.researchnow.com | tcp |
| US | 13.107.246.64:995 | login.norton.com | tcp |
| US | 52.101.8.42:465 | exitlag-com.mail.protection.outlook.com | tcp |
| US | 170.114.52.4:222 | us04web.zoom.us | tcp |
| US | 170.114.52.4:143 | us04web.zoom.us | tcp |
| US | 162.243.252.129:80 | rubikscubetimer.com | tcp |
| NL | 142.250.27.26:143 | aspmx2.googlemail.com | tcp |
| GB | 18.239.236.36:143 | careers-brampton.icims.com | tcp |
| US | 8.8.8.8:53 | digitalvoice.nielsen.com | udp |
| US | 8.8.8.8:53 | members.bitcomet.com | udp |
| US | 172.67.30.9:21 | proticketing.com | tcp |
| US | 8.8.8.8:53 | www.exitlag.com | udp |
| US | 8.8.8.8:53 | smtp-02.servidoresdns.net | udp |
| US | 8.8.8.8:53 | itechitalia.eu | udp |
| US | 8.8.8.8:53 | ftp.itechitalia.eu | udp |
| US | 170.114.52.4:990 | us04web.zoom.us | tcp |
| US | 170.114.52.4:465 | us04web.zoom.us | tcp |
| US | 162.243.252.129:80 | rubikscubetimer.com | tcp |
| US | 188.114.97.2:222 | csgo500tr.com | tcp |
| NL | 142.250.27.26:995 | aspmx2.googlemail.com | tcp |
| DE | 195.214.216.136:80 | www.magix-online.com | tcp |
| IT | 152.199.16.78:21 | account.asus.com | tcp |
| US | 104.22.13.248:443 | proticketing.com | tcp |
| NL | 52.101.73.12:143 | magixonline-com01c.mail.protection.outlook.com | tcp |
| US | 8.8.8.8:53 | members.bitcomet.com | udp |
| US | 162.243.252.129:990 | rubikscubetimer.com | tcp |
| IT | 217.61.8.49:22 | login.aruba.it | tcp |
| US | 188.114.97.2:990 | csgo500tr.com | tcp |
| NL | 142.250.27.26:465 | aspmx2.googlemail.com | tcp |
| US | 34.149.46.130:143 | accounts.snapchat.com | tcp |
| US | 104.22.79.205:80 | www.exitlag.com | tcp |
| US | 35.186.224.25:995 | accounts.spotify.com | tcp |
| US | 170.114.52.4:995 | us04web.zoom.us | tcp |
| US | 208.53.56.17:465 | inbound01.researchnow.com | tcp |
| IE | 209.85.203.84:22 | accounts.google.com | tcp |
| GB | 18.239.236.36:465 | careers-brampton.icims.com | tcp |
| GB | 18.239.236.36:80 | careers-brampton.icims.com | tcp |
| US | 162.243.252.129:22 | rubikscubetimer.com | tcp |
| US | 8.8.8.8:53 | joinhoney.com | udp |
| US | 8.8.8.8:53 | itechitalia-eu.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | 36.236.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.55.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.46.149.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | goflac.com | udp |
| US | 170.114.52.4:443 | us04web.zoom.us | tcp |
| US | 35.186.224.25:80 | accounts.spotify.com | tcp |
| US | 188.114.97.2:587 | csgo500tr.com | tcp |
| US | 162.243.252.129:993 | rubikscubetimer.com | tcp |
| US | 208.53.56.17:995 | inbound01.researchnow.com | tcp |
| IT | 92.245.188.55:990 | www.centrodellamusica.net | tcp |
| IT | 92.245.188.55:80 | www.centrodellamusica.net | tcp |
| IT | 152.199.16.78:443 | account.asus.com | tcp |
| US | 8.8.8.8:53 | login.norton.com | udp |
| US | 188.114.97.0:443 | expenditureddisumilarwo.site | tcp |
| US | 8.8.8.8:53 | centrodellamusica-it.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | moncvparfait.fr | udp |
| US | 8.8.8.8:53 | auth.services.adobe.com | udp |
| GB | 96.17.179.193:80 | tcp | |
| US | 52.101.8.42:995 | itechitalia-eu.mail.protection.outlook.com | tcp |
| US | 34.149.46.130:80 | accounts.snapchat.com | tcp |
| US | 34.149.46.130:465 | accounts.snapchat.com | tcp |
| NL | 52.101.73.12:995 | magixonline-com01c.mail.protection.outlook.com | tcp |
| NL | 51.158.154.206:990 | joinhiving.com | tcp |
| NL | 51.158.154.206:22 | joinhiving.com | tcp |
| IE | 209.85.203.84:21 | accounts.google.com | tcp |
| US | 13.107.246.64:21 | login.norton.com | tcp |
| US | 104.18.32.77:222 | auth.services.adobe.com | tcp |
| ES | 217.76.128.139:143 | smtp-02.servidoresdns.net | tcp |
| FR | 96.16.248.171:80 | moncvparfait.fr | tcp |
| DE | 195.214.216.136:443 | www.magix-online.com | tcp |
| US | 104.22.79.205:22 | www.exitlag.com | tcp |
| US | 188.114.97.2:80 | csgo500tr.com | tcp |
| US | 8.8.8.8:53 | dt666.xyz | udp |
| US | 8.8.8.8:53 | joinhoney.com | udp |
| GB | 18.239.236.36:995 | careers-brampton.icims.com | tcp |
| US | 8.8.8.8:53 | exitlag-com.mail.protection.outlook.com | udp |
| US | 188.114.97.2:110 | csgo500tr.com | tcp |
| US | 8.8.8.8:53 | 248.13.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | account.nokia.com | udp |
| GB | 18.239.236.36:22 | careers-brampton.icims.com | tcp |
| IE | 52.49.244.108:443 | digitalvoice.nielsen.com | tcp |
| US | 8.8.8.8:53 | dt666.xyz | udp |
| US | 8.8.8.8:53 | passport.neea.edu.cn | udp |
| US | 8.8.8.8:53 | login.norton.com | udp |
| US | 104.22.13.248:80 | proticketing.com | tcp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| NL | 51.158.154.206:80 | joinhiving.com | tcp |
| US | 8.8.8.8:53 | goflac.com | udp |
| US | 8.8.8.8:53 | 78.16.199.152.in-addr.arpa | udp |
| US | 13.107.246.64:443 | login.norton.com | tcp |
| US | 172.64.155.179:443 | auth.services.adobe.com | tcp |
| US | 35.186.224.25:443 | accounts.spotify.com | tcp |
| US | 34.149.46.130:21 | accounts.snapchat.com | tcp |
| US | 8.8.8.8:53 | passport.neea.edu.cn | udp |
| US | 8.8.8.8:53 | visa.vfsglobal.com | udp |
| IT | 152.199.16.78:80 | account.asus.com | tcp |
| RU | 158.160.118.17:80 | galandskiyher5.com | tcp |
| US | 8.8.8.8:53 | ftp.itechitalia.eu | udp |
| US | 8.8.8.8:53 | www.moncvparfait.fr | udp |
| US | 8.8.8.8:53 | itechitalia.eu | udp |
| US | 8.8.8.8:53 | ssh.itechitalia.eu | udp |
| US | 8.8.8.8:53 | 108.244.49.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ftp.centrodellamusica.it | udp |
| RU | 193.233.132.67:50505 | tcp | |
| US | 199.59.243.225:80 | udpaccess.com | tcp |
| US | 8.8.8.8:53 | visa.vfsglobal.com | udp |
| US | 8.8.8.8:53 | grabcad.com | udp |
| US | 74.206.97.188:80 | surveyhead.com | tcp |
| IT | 217.61.8.49:80 | login.aruba.it | tcp |
| US | 162.243.252.129:443 | rubikscubetimer.com | tcp |
| GB | 18.239.236.36:443 | careers-brampton.icims.com | tcp |
| US | 8.8.8.8:53 | computermobilepanel.nielsen.com | udp |
| US | 8.8.8.8:53 | magixonline-com01c.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | alt2.aspmx.l.google.com | udp |
| US | 8.8.8.8:53 | goflac.com | udp |
| US | 8.8.8.8:53 | account.nokia.com | udp |
| US | 8.8.8.8:53 | 179.155.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | itechitalia-eu.mail.protection.outlook.com | udp |
| HK | 141.98.234.31:53 | bhltykd.com | udp |
| US | 8.8.8.8:53 | moncvparfait.fr | udp |
| US | 8.8.8.8:53 | centrodellamusica-it.mail.protection.outlook.com | udp |
| US | 8.8.8.8:53 | idmsa.apple.com | udp |
Files
memory/3408-0-0x00007FF611E20000-0x00007FF612811000-memory.dmp
memory/3408-1-0x00007FF611E20000-0x00007FF612811000-memory.dmp
memory/3408-6-0x00007FF87C320000-0x00007FF87C5E9000-memory.dmp
memory/3408-9-0x00007FF611E20000-0x00007FF612811000-memory.dmp
memory/3408-8-0x00007FF800030000-0x00007FF800031000-memory.dmp
memory/3408-10-0x00007FF87C820000-0x00007FF87C8DE000-memory.dmp
memory/3408-12-0x00007FF611E20000-0x00007FF612811000-memory.dmp
memory/3408-7-0x00007FF800000000-0x00007FF800002000-memory.dmp
memory/3408-11-0x00007FF87C320000-0x00007FF87C5E9000-memory.dmp
memory/3408-14-0x00007FF611E20000-0x00007FF612811000-memory.dmp
memory/3408-13-0x00007FF611E20000-0x00007FF612811000-memory.dmp
memory/3408-15-0x00007FF611E20000-0x00007FF612811000-memory.dmp
memory/3408-16-0x00007FF611E20000-0x00007FF612811000-memory.dmp
memory/3408-17-0x00007FF611E20000-0x00007FF612811000-memory.dmp
memory/3408-18-0x00007FF611E20000-0x00007FF612811000-memory.dmp
memory/3408-19-0x00007FF611E20000-0x00007FF612811000-memory.dmp
memory/3408-20-0x00007FF87E7D0000-0x00007FF87E9C5000-memory.dmp
C:\Users\Admin\Documents\GuardFox\OeqTok3crnjqes83Oeiqup5y.exe
| MD5 | 0fcac0e9875fc09d0d65594bd56b715e |
| SHA1 | dda53d0d5a440d55f772c77bd6f0e8077f3422a9 |
| SHA256 | c130fe4bbec021e2df9637c5946eb484008fc25675f1a7f72860bc171a0600e6 |
| SHA512 | e82505f91288f70cdbd86a4fe90276118155529cc654eba3b984ec8223f7d51cbbf818b452850bec7cecf6b7ed8497a0b305c9545fd32fdd20fe6c6a732b605d |
C:\Users\Admin\Documents\GuardFox\LisIvn9B0eWX39XfGBxbdtul.exe
| MD5 | 6bfd54f72b847eb6e1adf1e77e42c8fd |
| SHA1 | a2abaaeadeceede5f6bda791c7e2c2c49965e9d1 |
| SHA256 | 65cb57a690db8fbc5ac285c2bb4a1011c6a2caaf092f8686d997b6baecf3371f |
| SHA512 | 1777fca108dfb1fa7907276132fa05f40d0228ebfd4922bb0556339035e638f07e09b4e6222f2b780be128d150bd93f2e9175625a4ae9c4c5596a111e29b0307 |
C:\Users\Admin\Documents\GuardFox\XR0YIbtqmyEEIPi760UciSol.exe
| MD5 | 4083c3bca21212a0ca5cc3277ee41bfc |
| SHA1 | 7f4722cda9fe919744de378809cca8ac29446519 |
| SHA256 | ccd2836870acf5dc5df5cc256f9e93bc64571332f8b18a331a110597896503f5 |
| SHA512 | 15d4a142d650376b87865044d626f386228538c67da6c7b0a9093f21761a3a1d005ab3b841d921028e28161b75221635aaf7436e86806b4fd7dc6a1347076e74 |
C:\Users\Admin\Documents\GuardFox\qV9mEjhKIBcQ7TuES_j_hidT.exe
| MD5 | ce6fca7d50c4276d4b05c34aeb76275f |
| SHA1 | a231f1418a519bbe0adce787640e19af4c6851d3 |
| SHA256 | ab6a09671aeeca06971bf4318636770b59cd886d7a16e42a256996a42e84d4d4 |
| SHA512 | 58042e8cb5d48c8cf7898c2f24154301d5232363a1076dd4cb97023a8c782b3a9b5b1fa4d83bc0595ef7dd5eaa2ffe4c325969d829539bcc3e53cab8e893eb1d |
C:\Users\Admin\Documents\GuardFox\raHvPX_M18PnQ4JVL8Ke7B9I.exe
| MD5 | 5de7ceda539e979fedee5868708eff04 |
| SHA1 | f891acd70eb953b4a6918f4d0c539a1bd0e2c81d |
| SHA256 | bb4f3286524d0d5d0072f2d231553629e8e1d5e6c89fdcf35684ef2d71544505 |
| SHA512 | a579cd72f52fbd1a4b628b3f99b83267326484a6d26cb5d911716e313cfda9edf23942fca764162278c72f4316b7f9b2ef80686489e2a96316d10507ebdbf8d9 |
C:\Users\Admin\Documents\GuardFox\Am8DGNpJ8zKJ3vxaxMrNPrK2.exe
| MD5 | b204dc62b6924475292ba74e6c96a9cc |
| SHA1 | 4987093c62ddb61405ff000d75eb7a1f27a528a7 |
| SHA256 | d8e5a7d83852597fe04624f8117b9618e651d5456721232812b84c0eb77a7a14 |
| SHA512 | a11ca259ce7548059246f49520becf1782a9513fed7862292fe07569c1607382d1afe73d6af4cfe12ed8a6bce923acbbdd015c71941bc45e5a4ee8200d94a8c5 |
C:\Users\Admin\Documents\GuardFox\3860sw0VMSmL9vdt9w4gL0z7.exe
| MD5 | a1d31aa79328b3fb5e9e301c3fd2aa14 |
| SHA1 | e5def667509393420826c14a0541bbe9ed411f05 |
| SHA256 | a2b7b7a33939ac721d34984cc0849d8e438a8f3d1d4ce3ee53eb0a48f9792da8 |
| SHA512 | f262c845827f7d8858f46e16c34dff4c1dc9503cef45e086343a156bf91f6648cd7ec01b3a8b6713c92f2429c4178ab722faa02309c978b74b588482d69509b8 |
C:\Users\Admin\Documents\GuardFox\QCBuhoR0_O5gO9EbQFahIqBy.exe
| MD5 | 64413707f9258d1b2c4ccb3057189ac1 |
| SHA1 | f3a515b42923a108b3157853e2de4e9e17634847 |
| SHA256 | c94fa8a0a4d7b3d5ba9dbaf5de083f99d3a605fa58db2b001de392af3a160db7 |
| SHA512 | b8c1969f5f1c6a7fbd404eac29e90654f4a2da3f6e79ff58c3d62a8babd4f8634fa8b54700eead79ee9db5efc91969f980b268e56cc7b620e63bb5ebaee96ba4 |
C:\Users\Admin\Documents\GuardFox\4trEFsYYFs6Jme3QwUfvUobC.exe
| MD5 | 0ce5990ab626fa51bdd4c377a5d1f092 |
| SHA1 | 23f639b72b5acb507e47b2ab80bb617e8ec7508d |
| SHA256 | 43504071da5e939999ff89fa9de07fb3af5c95522d585142ec10a6cb1ddcd050 |
| SHA512 | 6518e2ea3a7ba85b592e0d02660d3194d57d62835873a20e59c0c0241d23094160af9eab9991faf5185e538ecdf41db154eb4f25ffbe335e97c559693d61f1a4 |
memory/3408-91-0x00007FF611E20000-0x00007FF612811000-memory.dmp
C:\Users\Admin\Documents\GuardFox\vUZBOtp6mXHWVIfMH4c0FtLr.exe
| MD5 | 0276ffbb1c23c7f07035eac315dff1f8 |
| SHA1 | 4afed717669665c86c0a7f2a101701057c6b0c31 |
| SHA256 | d0ae32eaff68ba479fc362b32ec78530b74918e7859928ba0a6edfc3a519422d |
| SHA512 | 91d765c0fb7169d3a590e6f3e106c5aecbbf6a47647d20340a504933a1f79c08071bfe7a0d3bbf428f9391e55dd9039cdfd05b32beee9bb1e4a86a804897ad9f |
C:\Users\Admin\Documents\GuardFox\tzQDaFN9XwE9nJsYRLnotvlR.exe
| MD5 | ed0042abfee0086e98241b60106cf2c4 |
| SHA1 | 57c6c404e86f9fe2214ec8dfd82d7686e9ce7370 |
| SHA256 | 7820d08c75346bbbc8aba4dc411e90f09b6e30719dcfd1c8a9a7cc9bc4d67fcc |
| SHA512 | 14bd75a7ca5410a360f3633e8358797943522190fb9e2aaaa5888960a7b1b9a5fbf4af1844e3842cf6eee97483c2b41599e730bb8914a559132f0c168fca9b2d |
C:\Users\Admin\Documents\GuardFox\rQNYyM1Qi3JqdaD0HEnyZkZw.exe
| MD5 | 1007b94653a171a99a80e675f7809f43 |
| SHA1 | 4b76f659b924a01e73e48f1b1640c7aade0476d7 |
| SHA256 | 37165ed8d8ae85339115b8183c61c15a4ea977e6851bac19b7c9dd1622c306dd |
| SHA512 | 4d42638645ba1dc91fbcf1cbfc3a2154f46ae520e37fcb8edce8452752e5f0df59dda7cb7f993c00024211fa51a5186f1423ae053915d5b5183fd3b048a0bf43 |
C:\Users\Admin\Documents\GuardFox\B9ZfLXHjLJO8ElGDIFov6Qgl.exe
| MD5 | 868795839aa02b7b31f28c7c941fbb4e |
| SHA1 | f410bf63b204b4f8aa2692b614880a143d7168b1 |
| SHA256 | b9332c2c4ebe004e4bb8029d7bf8712bc086bd1a5ea74d8a6de2537f146d8f50 |
| SHA512 | 72f68e88049a0e9e620b0fd2e84f427ce7b902081c690e82165b3e0fea00cab41a1688ab5a7a5bdd1d7600a5a3f3e677c25e024b81ae51ce11083775caa4a1f9 |
C:\Users\Admin\Documents\GuardFox\0JDbJzWFF1BzKfWUVTIKTIwM.exe
| MD5 | b85f9f9b167c3606e65f16091791a616 |
| SHA1 | 2329681680cef7d978c5033c44ce3f7e48ad7971 |
| SHA256 | d58f3625f1cd3852633bd130d842f3c36dd564676fc7c547570fe4556cec35dc |
| SHA512 | df40a06782a2a071eb0effae650513140aa5a701f86043fc1a2ac20f76b62f20662055fd7021b969ac2c1930c189d3950af3afdbb5ec69d9fc734d0b9e99f310 |
C:\Users\Admin\Documents\GuardFox\KK0Vvbx4i9pQ519SIuE5Ax9M.exe
| MD5 | 160dd96448b39cab86a8286553e25e13 |
| SHA1 | bf364ce57552d52a31224a8c2d2fad618d09b861 |
| SHA256 | e7f7b49426729f6e666a3a9b66a4bd3f2b84cc8e476d33d674aedc8d7bf6753d |
| SHA512 | 71a2f651df6b9a41821002582a0110dd1669b7163510339d942fdd9ea54def17b28ab19f161c3544cb2323569fea09140aa73f761222ea6a2111586069a8dfca |
C:\Users\Admin\Documents\GuardFox\ckcSON1nq9KzLkUObHcFavDh.exe
| MD5 | d39f4a46b0668b64a68a50710583c4db |
| SHA1 | 143218b9f115749caa5fc0d321cfeb097241ba47 |
| SHA256 | 557a48d2a06a54dc099fd299d171df2616fca1d3622cb60bc679cbd3ec36dfe9 |
| SHA512 | 1e8f8533234e256d39162837a49a1a82eb7d77ff65dc202e5ff2b21c7273d83a42d7690065dd0b91f73e4d540dd69c64aed96b2c2bef14a61b424fa13c47ae05 |
C:\Users\Admin\Documents\GuardFox\MHSgYdsltabeUcSs5kmRsv0T.exe
| MD5 | 6105832d34bec2bfbf8d8bde3bd13742 |
| SHA1 | 20c059875c2dff51cd65bc0557178feeab5d3a7f |
| SHA256 | 8905a052864f828ea495d81faea50d8ed32b0d661f92d42e193f59cfcd177acf |
| SHA512 | 5fa01879a48e0ec6f9a3541cc88a83e61eacb074457a3c50cc2344e7b742922a384f592f7920853cec5ebd473e2fd45de4d7a06ef1238a14c4740edd0e158240 |
C:\Users\Admin\Documents\GuardFox\LIFxed9heHkZ445Vw5ffhUOd.exe
| MD5 | ca43c1320591b94eb10579c9082be36f |
| SHA1 | a4c34273278f812de0f9829ae62dcaef732ff4f6 |
| SHA256 | 2f3d7b230621676e1bb38f7cdd48a8682389b6674c80a7fac5090468b320c3d0 |
| SHA512 | d6bce0dddff991231dbc38f832ed4710ecd82aa45bb20163e3b9f5002d69994445c6119ce9a85e8b960356c7d7351aaf45dae953f219f5858cdb3f715952128f |
C:\Users\Admin\Documents\GuardFox\46_sXXY7I21SlDL7QjacEu88.exe
| MD5 | a92b40673022e3af2faf70250151260d |
| SHA1 | 4237907911dbb42151807302edf1c57094ea29ec |
| SHA256 | 6b5ea284f39998b5f221d8cc55987586b35e89e3c9125f4b700ebcfcd839ce76 |
| SHA512 | 5e9947d58319c5cb7eb1f515a69e672490db34fbc0c15d3ee53b564095341baeaa07542209baea7090c5e0ad596980010135b15ec67c57f9fb350d280f766881 |
C:\Users\Admin\Documents\GuardFox\R08uTl2rhKjiEbQkYXCuC1Dj.exe
| MD5 | 0d54d4df1f0cbf098a4e8a359ee8b827 |
| SHA1 | 8af586e80899f39ef8dd1438efe09516521673ab |
| SHA256 | 401d3b3f4d7d7c709a697af38b80d8ddc07eabf8fd2566c38ab32f5336a113ec |
| SHA512 | 878a5fd5815b05b07b08e634e203356b629b2e51869e5a4e869e92e370935bb8e8a7d33df217135daa3ba70bc71d1599aaa671508d03c0f01752966f7f645844 |
C:\Users\Admin\Documents\GuardFox\k5pmcp_6X8Bmzyw6jGCAMv8o.exe
| MD5 | a6ce4fd74cd06e0a9868150c0bf8994f |
| SHA1 | ccb743c9663790352c0ac047471487b31c354b0b |
| SHA256 | 2c3b85a0a0611c2814d77ef9b56260445c0fd179890301d8e2448256b2a0d6e1 |
| SHA512 | 4b6db2b393b0b27c12ffcbe71a3d68f716a2c8e7f1a3709a7a969b14f2a2eea41d0399436d80e1d68b9344512eb23df01bc8387fb920683e1a143445d7d1eb97 |
C:\Users\Admin\Documents\GuardFox\nPvDO4HoS_AqQU2l3rVMl0pH.exe
| MD5 | 3e692dad602bd61d72b11ff0db80903c |
| SHA1 | ca3f95216a1fd7ba0bccdb59a952c4b5d5316a5a |
| SHA256 | 5330b96e7741b404988f6d2f261f648eebd709f40bf7bb2b59e50deb6e5c8ab5 |
| SHA512 | e3780db4be948044b2771d787e8ef12cb97d39876857c1d103239af356ace63990fd20895c08dd9fe308bc2cee79f51ea63eeead7fffd7c8e7927d6aa6e5a2b4 |
C:\Users\Admin\Documents\GuardFox\3rydp6Gl_RR1ITv9iCtZdFHR.exe
| MD5 | cb511fc87963d64fbaac9c735981df35 |
| SHA1 | 03a5711cc52ae3ba938b73ab0e80ec098103a71a |
| SHA256 | fb6686d2ff029b4e9c6e12b9b8b6ed74dc0eb3eef6610665fb2cf1c2226c43f6 |
| SHA512 | ea10449f886e161b11ffa7446f59d42b2075a2966878f64f052edf2d903ce6be20ba5f8ff3bfceabcc3167fc9c6ffeebea3448f52f26ce98207e7ede095fc886 |
C:\Users\Admin\Documents\GuardFox\nPvDO4HoS_AqQU2l3rVMl0pH.exe
| MD5 | e8bc119afb600b2652e1745866d05794 |
| SHA1 | 081def6ddb4ad3aef147f370cf644ff2b49ee8d0 |
| SHA256 | 8b99067d134bf00b3a59729e1d112ce7720360c1d5a15f930726386f9698313c |
| SHA512 | 21ea23c251e20e157a48cd0eba6c06bfb6ba7f0dae9e78cd4734a3ccf0381b8b419ce15a74cef631d148f2cc31800dbb9cf773ecf3bb9307503f35d46d9b7d11 |
C:\Users\Admin\Documents\GuardFox\raHvPX_M18PnQ4JVL8Ke7B9I.exe
| MD5 | 6d63757085bf8c178ee4680ce824a43e |
| SHA1 | 887858b180dbd9b9f8f8561744e708b6cd0391bf |
| SHA256 | 28a15ff4beb3f46001bfbfad352149e004f6dfd1877edd15fbe14dbe2f5a6862 |
| SHA512 | 9307a4d487e01cfe3a728ffdac96d645f473847c1fac07cd41d5d973a3c92a46fa748015919faba53ed57ff789f1fb6337d885322e296ab412c86ed84262ce41 |
C:\Users\Admin\Documents\GuardFox\3860sw0VMSmL9vdt9w4gL0z7.exe
| MD5 | 016d3084f23ce3ae781de7d2f96064ff |
| SHA1 | a32225c96103bac8a28253934e32738f1983e07e |
| SHA256 | 6139618e929461fae8767b868f641c1ba8ece15f8c0be38fa77ed7300207ce4a |
| SHA512 | 5e61586124650b2b22fbc09af9b154de06156eed54a02ef239e2f4296237ff2f08d9f425ad13e18c17a094dbbe2cd62f3222047a6f07b5b9dfd53dd0b7238bf9 |
memory/3408-736-0x00007FF800010000-0x00007FF800011000-memory.dmp
C:\Users\Admin\Documents\GuardFox\OeqTok3crnjqes83Oeiqup5y.exe
| MD5 | 80add3828abe52aef744dc79efd26fbd |
| SHA1 | c4fda03f5bab92a0e3eba5dfb1fed293189747bc |
| SHA256 | 7157385caef08dd14e3f591621efca34ca97d1720af4b5563004ef304f56c31d |
| SHA512 | 4814f3f565858e1a37fb88f80662a2ac3ef1c2b779d7c226d0235c312ca0935a0896d59d10147c3375e2a0ddef9697bdfb708eed436ca9bf2793df9eca020f63 |
memory/6000-743-0x0000000000400000-0x0000000000414000-memory.dmp
memory/5080-742-0x00000000009F0000-0x0000000000ED3000-memory.dmp
memory/5984-746-0x0000000000590000-0x000000000059B000-memory.dmp
memory/5984-747-0x0000000000400000-0x000000000043C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-JOONE.tmp\LisIvn9B0eWX39XfGBxbdtul.tmp
| MD5 | 42cec0ee77b7982ce1e2763bb789bc7f |
| SHA1 | fbe41d2e147e4587c934eb82f2ef8e014cd8972e |
| SHA256 | f26eb875c4ccac333c0a1c79c0aefc832d496098721a25090f6290f04dd8a4e4 |
| SHA512 | c56709139342a1ca8963cd86ba11bd14b2a4ba99bd89b03ab9f539851fb15bf02fcdfc9beae8fbe995cbe579f19b762eca14d8bb0c1ffe1e3d6ca27353a5fd3c |
memory/2164-753-0x0000000000780000-0x000000000079C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-JOONE.tmp\LisIvn9B0eWX39XfGBxbdtul.tmp
| MD5 | e4164ca826064e2533867da0847991f0 |
| SHA1 | 3e36cf6296738d35387ac00dcbdb9b10a98b6f0d |
| SHA256 | 993d53bccc04ce65913fab13783deee5b748ba904e69d69b0779c5ab54584994 |
| SHA512 | c9b4617e3d798e80ab80ec089f4af3860243afc815295362dafb55bd69e4e377b10735bf424f276300aa0694a9a732c24e3ff98ef09958b9ac9e5e72dea742cd |
memory/2164-750-0x00000000009A0000-0x0000000000AA0000-memory.dmp
C:\Users\Admin\Documents\GuardFox\raHvPX_M18PnQ4JVL8Ke7B9I.exe
| MD5 | d3724d637795527a55f56b92d68c91bd |
| SHA1 | bf563b36493e84b6ef5927ba6423c5f455e5b7b7 |
| SHA256 | cba8029a40c15296824087e1937330029e0562b02d44123e5221a90ff6673cd9 |
| SHA512 | ab1c482dfa6fa23f53d6be5bd4434b088f67639cf332e67e39c08566ec28bea9cb170a36dcfa36a710dc4a981515915fa22f2275101904be5403c7bf1d666b79 |
C:\Users\Admin\Documents\GuardFox\XR0YIbtqmyEEIPi760UciSol.exe
| MD5 | 0ecb28c8708ba6029d9ca14b445ac7ff |
| SHA1 | 25d6c1455ed467369a03be5f22b4fbe1c8e374c1 |
| SHA256 | 15fe303c5357e9f9b5d98c45041c3cab3cc15445ec41e774f2d4329cdea21ced |
| SHA512 | 3b4871a3e86a99ed8de2126f8a044a185f0f6bba024e896bba971f7bcc4a750e836275e4dfb91d12f91b040decb1b268de53423fedd03c1a2ef967e30e34f69c |
C:\Users\Admin\Documents\GuardFox\4trEFsYYFs6Jme3QwUfvUobC.exe
| MD5 | 19f7e7642c71d09a9b4eddc0bb3308ee |
| SHA1 | 43cffaaddd889ea29f532d56a158c551362b803b |
| SHA256 | ccd87b1214789543b03615802acd8c5d22b31c122e3dd61f306784fe047c1490 |
| SHA512 | a9780552a4d7c4ffe99a3f3124f70350d3ef36c0abd0b3ad198983504960f2ec6d6baa6c14e2acd8e04f97ee75cced46f6affee526534652130a972f22f23617 |
C:\Users\Admin\Documents\GuardFox\OeqTok3crnjqes83Oeiqup5y.exe
| MD5 | 471d4d3135fdf30e6965b2053f3a4736 |
| SHA1 | 4884aa04d6922434fbfa58aab940f8cc3b48f475 |
| SHA256 | 8b8708beab060cb3811107593022f4baaf124f7337db9ecadaee9d8ac92a044e |
| SHA512 | a095ff32b8e946a441eeaeeebdc47babefccfedc1e777f87de9fa3e9002e09c847875752a913c6045b18597df8d0615718c13d6fc7bf51d449a88ec132318259 |
C:\Users\Admin\Documents\GuardFox\vUZBOtp6mXHWVIfMH4c0FtLr.exe
| MD5 | c4349e2b7b51db1549c227e36fceb7eb |
| SHA1 | 069adaf25a880663e9d307f19f16de03dedccb18 |
| SHA256 | b10bef2b2ff053e1f2bff7ed1a7afbb0bacc991959ff4b18ae30710a13c5b413 |
| SHA512 | 11c3ade9581fa9cada008219b918435a67705ef35bc030fdf81baa57602a0df09a19c580ea15e3afff9bcb565b98093ee0930bc185a0a81e6caff2a0170dc681 |
memory/3408-681-0x00007FF611E20000-0x00007FF612811000-memory.dmp
memory/6000-680-0x0000000000400000-0x0000000000414000-memory.dmp
memory/5788-799-0x0000000140000000-0x0000000140218400-memory.dmp
C:\Users\Admin\Documents\GuardFox\B9ZfLXHjLJO8ElGDIFov6Qgl.exe
| MD5 | 85028fe30acbe750aaa5b4acea2d5dfc |
| SHA1 | 973f119bf03f6449b454c2122657476b1430a872 |
| SHA256 | 3b54f3c3b39aca4f4c3620840dbf347623a162dab3d6b101645c99618230fd22 |
| SHA512 | d334127c601c1c223d69633a64f7165b62d9b2ed2df1fb73ab9d221f66f7ad26523cd7f74cf8a740ffd45b310bd7fa2d9be9942c8c3c34f787b5a99a1357ffc4 |
C:\Users\Admin\Documents\GuardFox\0JDbJzWFF1BzKfWUVTIKTIwM.exe
| MD5 | 1be2d416a8d02c9482669d93eb3122e3 |
| SHA1 | 09b7088957fa290ae31f53d75c95eff57736e7ae |
| SHA256 | 239a7452178372fe148dd33b58009eeef4bbe7f50e666fd6905614250401504b |
| SHA512 | ca229e1ad1a91f9d996657704639519b7e32a545c71b1485797868aeec83b974d14f92033bd00b3b1fb23c28a36b95c1583bf14878b2a20bfad9a4edce72cba4 |
C:\Users\Admin\Documents\GuardFox\46_sXXY7I21SlDL7QjacEu88.exe
| MD5 | c3b05916a5f0bd52407920341ea0ce66 |
| SHA1 | 72f74ee3f8c31628070dfd5d22d909b36ed1641d |
| SHA256 | f51660b12dba53aaea28971568d4bf5ac3f514958198055e033d5f9721fac344 |
| SHA512 | 05861a8f3e2d204669e818c577fe8b2e3fd9a6f88885ff1264d3f1969e17203e40951edc1225a202f7effac106989d1f46930221dd7a5f7bedc9cbc4af41e897 |
C:\Users\Admin\Documents\GuardFox\46_sXXY7I21SlDL7QjacEu88.exe
| MD5 | 8f61811b2edddd7ca9ae51d0476adff6 |
| SHA1 | 0fed4b6193acc228e87712b8c2a54b322010ec93 |
| SHA256 | eb61b5fbef4910bad805532f363367ebda1210734468c1d545d6b14adcc04c46 |
| SHA512 | 8a467f3b888f9b7d15eaffd747622eb7c89ed393d98d197c3bec64d3bd9a7f5eb607257e938534dd15822d569f01fa09c31063a53d796ffe7f9daad27f7583ec |
memory/772-813-0x00000000004C0000-0x00000000004CB000-memory.dmp
memory/772-838-0x0000000000400000-0x000000000043C000-memory.dmp
memory/3372-858-0x0000000000F10000-0x0000000000F68000-memory.dmp
C:\Users\Admin\Documents\GuardFox\ckcSON1nq9KzLkUObHcFavDh.exe
| MD5 | 052479899701ff6f80f624c23bcc721b |
| SHA1 | da3e5ef60b2a64ff31199a53375e05b0dd161742 |
| SHA256 | c5c5a7efb00877062803fd7faa6ce87350f2f073fc8f791cae2fce8d5e2001fd |
| SHA512 | bc9893c0d3d1a152b7aef7a226f0551f05f277e59297c9c23b58ab355267c63412e4683c628857602e3912fa0c1e7ffe9760cdf3debad44f0a610bb3bf43eec4 |
C:\Users\Admin\Documents\GuardFox\tzQDaFN9XwE9nJsYRLnotvlR.exe
| MD5 | a7e011d8a9b8b05ebbb7b4712bb204ae |
| SHA1 | f3776c357378bb1ef1ad33ad05871004f0a4c6e1 |
| SHA256 | 61f3fdc798d19e864c041aa10567a7bb8f450f3591e2e1d8da3f18935a9b3a93 |
| SHA512 | a3ae1cfa75d75c35a20a9d0ccab47c692da42c027cd9ed0d5ea3c09205ba0de112f472f8b87a68a80ddb60423aa8cb37f98f862af2071f7cea4bd55866f0463f |
C:\Users\Admin\Documents\GuardFox\tzQDaFN9XwE9nJsYRLnotvlR.exe
| MD5 | 1e2638300782b90e693006e81b5816b2 |
| SHA1 | 824ad5d7c9ee9f8471d45f47f6dbbe1e928a857c |
| SHA256 | d42b3085e27b55b027e38c5dd8ce41ef21dab36b27cf7cd3e637561a453af152 |
| SHA512 | 7a37bcf46b87ba36e1dfb65016624b724c30c806d52edb0a5351fa16c85bb4300752444419492ab4fd9fc3d49c1ac772f6d2ca4fa8283681a283beabbd65be4e |
C:\Users\Admin\Documents\GuardFox\nPvDO4HoS_AqQU2l3rVMl0pH.exe
| MD5 | ce4ff6b20e2f96c997b2b5e1a0ae1d98 |
| SHA1 | 9630842437743879ca59443ed659e1ebb0e84af5 |
| SHA256 | 947ec5627f6bf6f5f599fd82dfa27866f16bee691dd16aa31fab2a63a090184d |
| SHA512 | 8b7fba696e7ed175331aab033c66643dcd198ac9ba721907c239ff9cac4e8a36eae63c6ca254c58312747b6395eaa1124daa4777e5337eab8c64acc67f2a6293 |
C:\Users\Admin\Documents\GuardFox\ckcSON1nq9KzLkUObHcFavDh.exe
| MD5 | b1c8d83222e716cf73aa6e48183ea487 |
| SHA1 | a979488da237bc1350b425137e0b4428e7bd733b |
| SHA256 | b873be82b1996f377d41f80af6b669fb27d3620103aeb2d06c009eb21a2df342 |
| SHA512 | 3cceacf9f30a8d095788e4ea6ad628ef4beb5e0e5854232b55a48aabf910017a4437d6fae21c00bbeb50da94ee17dfeb26bdc4ee8b8ac6e450aa6deff147a6e9 |
C:\Users\Admin\Documents\GuardFox\KK0Vvbx4i9pQ519SIuE5Ax9M.exe
| MD5 | 3bda5dc6bce71be629008c6d446bdc14 |
| SHA1 | 389a2727c9c20822914de88ed42c875f631e75c0 |
| SHA256 | 82f3596142b6cc092a427ba833c5c36918092df1c9feafae9d648caed25bc287 |
| SHA512 | 124f90b570ef5d0788baa9aa45cedbd00bd4a9ebcc237faa305086f4536ac650ec7a9b8a47c90cdaad4fcc9ea3b552dfabe8d62c510e63362d00eefce6e5f35c |
C:\Users\Admin\Documents\GuardFox\KK0Vvbx4i9pQ519SIuE5Ax9M.exe
| MD5 | cb1fcf9f8dd8233c5dfee5d6857ccda2 |
| SHA1 | 807536edeacf2b58eff575bb498131d9aa04b852 |
| SHA256 | 28d576e295b44f93b44462c66258299d8235ee36304b0959442aa248d2518579 |
| SHA512 | a10c1bd7b515a1e1ba385b0a08e4a9f165b180a7e5110d398b674c0f379191c04d708f0330d103d5b136d1cd59f942e0c87b98a8d0e07705e09b72733e61a2e1 |
C:\Users\Admin\Documents\GuardFox\LIFxed9heHkZ445Vw5ffhUOd.exe
| MD5 | 4b2cae6eafad4a4841ff8e843aa6d117 |
| SHA1 | 2c4ed129768d5cda2259096ff7a41151b0f8a275 |
| SHA256 | 48db33365170b27f6711d07811c8e76b483a2c5b083a18eac2b70688b79f33a3 |
| SHA512 | 99355cf97981d0a4fe23555b404ac8b6a0f2ee71552f9f8e33df60279117495faa823cdc40661b3f8edb94bd1b406f5f172d2879e99704f0d286765ea82cc334 |
C:\Users\Admin\AppData\Local\Temp\is-UAAQ9.tmp\_isetup\_iscrypt.dll
| MD5 | a69559718ab506675e907fe49deb71e9 |
| SHA1 | bc8f404ffdb1960b50c12ff9413c893b56f2e36f |
| SHA256 | 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc |
| SHA512 | e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63 |
C:\Users\Admin\Documents\GuardFox\R08uTl2rhKjiEbQkYXCuC1Dj.exe
| MD5 | 238d095881f6344ad3651bf8bb8b2701 |
| SHA1 | f741b9cfe03196a3eaf1e1b1d631c936538ca738 |
| SHA256 | 461aa35026cf17f75e2e9e7f3c8241600bf5e246abc21e23bbcbdea74ddf2038 |
| SHA512 | 2d0e445a566342a293b6f5b1e3a413ce85e7fbd12b39b6bc6b283525885ea0aa12ee5c4043de0d5a5e16867d6c5418def8a917c124ca9eecc6a4c2dae277b109 |
C:\Users\Admin\Documents\GuardFox\R08uTl2rhKjiEbQkYXCuC1Dj.exe
| MD5 | d7767041989ba5fafac31316e8c4c0aa |
| SHA1 | 889bf716bdd96391c02e5a21d963a3f71fdf5b1b |
| SHA256 | fbba47504cbe38b4b39f2aa53491e09fcaaa49b06f4298779681ce631153e57b |
| SHA512 | c4704bf00a2d7927c4936558e6f0cb8958658e595dee4087e1b7d98a66c8c33aa9377c8278e499f0b4e4da65bcb048bda0a5cdd7c406b8ceb79fe2935c961441 |
C:\Users\Admin\Documents\GuardFox\LIFxed9heHkZ445Vw5ffhUOd.exe
| MD5 | 97584c4b40184a66673b9a81697ae70e |
| SHA1 | 92ad032bdaf8eb872eece0a3f3eb795cf0a09111 |
| SHA256 | 5251293ef8e6dfdaa4888a3e1b93bab3bdd1f814c551d008c88d6333a2b85afe |
| SHA512 | c8ab4ab2629aa61c2c8ca594b276f53eb2f57bb0bd6387bad7fda196d13a15516256fea3a28590bbd13f009d867900ffc8fffc7ddab987bca182992dbba4f6ef |
C:\Users\Admin\Documents\GuardFox\MHSgYdsltabeUcSs5kmRsv0T.exe
| MD5 | f34cc581ef71772fc55b4f018e55ad8d |
| SHA1 | ca35e1bdb0301587ec289bbe0a4c5ac52b70a0ad |
| SHA256 | bfafb934e683b5c96157616894fc0f888c1f5e39511b6935b4a4815a13121a48 |
| SHA512 | 5ba0d48a1ed2c2abaa778a792d864d5c5f18f1c3876a7f7cb137ad8d8fbb5034d8b03f529f9559ac960e2f23e85a02bdbbd380fc26ee33c64aa41d64ecdbd2da |
C:\Users\Admin\Documents\GuardFox\MHSgYdsltabeUcSs5kmRsv0T.exe
| MD5 | 9d682d057eca5e85dae9e2ca7e138c0d |
| SHA1 | 649de1b0383df63875d7e7fedf04a2fc382e3de8 |
| SHA256 | a8ddb0ec97aa14ea5e40885ff2b1a55df34a36251827776ab382bea76655bd28 |
| SHA512 | 431c85ff4bd5378ed5f2c13f0afdee9d96d2b83745f8999a88745385c09492170a1a3b545050abb526b22c342d661aed7b2b80d5e0a9c727c8b54a65466d7fe8 |
memory/2164-797-0x0000000000400000-0x000000000062E000-memory.dmp
memory/5016-991-0x0000000002000000-0x000000000208B000-memory.dmp
memory/3816-960-0x0000000000A10000-0x00000000010B4000-memory.dmp
memory/3816-1003-0x0000000005A10000-0x0000000005AAC000-memory.dmp
memory/3304-1018-0x0000000000400000-0x00000000008BB000-memory.dmp
memory/3372-1033-0x0000000005860000-0x000000000589C000-memory.dmp
C:\ProgramData\TVTunerClassic66\TVTunerClassic66.exe
| MD5 | 80e86efb7ea642b5794b19f381e48daa |
| SHA1 | d61b28eba1f6e97b9536eb29d4030cbc4c0d708b |
| SHA256 | 772b71a2260b1ff55b504df1522240b9118f981d04849d1ad7cf365a46dfb3a0 |
| SHA512 | ae41e367e885e35f2ffe9c745f79758876a62cdfb0ed800eedba2514ae130411ac256b960f3b905998520d99b4231dc2bc46656cf6aae0b2669b649af9ec0e18 |
memory/2272-1034-0x0000000000960000-0x000000000165F000-memory.dmp
memory/5236-1041-0x0000000002560000-0x000000000267B000-memory.dmp
memory/3372-1042-0x00000000058C0000-0x000000000590C000-memory.dmp
memory/5344-1055-0x0000000002FC0000-0x0000000002FC1000-memory.dmp
memory/5228-1054-0x0000000000B50000-0x0000000001464000-memory.dmp
memory/5344-1063-0x0000000000460000-0x0000000000DA7000-memory.dmp
memory/5228-1053-0x00000000767D0000-0x00000000768C0000-memory.dmp
memory/3816-1067-0x0000000072E50000-0x0000000073600000-memory.dmp
memory/3408-1084-0x00007FF611E20000-0x00007FF612811000-memory.dmp
memory/5228-1083-0x00000000767D0000-0x00000000768C0000-memory.dmp
memory/3408-1098-0x00007FF87C320000-0x00007FF87C5E9000-memory.dmp
memory/5228-1094-0x0000000005E20000-0x0000000005E2A000-memory.dmp
memory/3408-1101-0x00007FF87E7D0000-0x00007FF87E9C5000-memory.dmp
memory/5916-1102-0x0000000072E50000-0x0000000073600000-memory.dmp
memory/5916-1105-0x0000000002D10000-0x0000000002D20000-memory.dmp
memory/5916-1111-0x0000000072E50000-0x0000000073600000-memory.dmp
memory/1680-1112-0x0000000140000000-0x0000000140876000-memory.dmp
memory/772-1110-0x00000000005E3000-0x00000000005F1000-memory.dmp
memory/5228-1100-0x00000000775D4000-0x00000000775D6000-memory.dmp
memory/2272-1126-0x00000000767D0000-0x00000000768C0000-memory.dmp
memory/2272-1128-0x00000000767D0000-0x00000000768C0000-memory.dmp
memory/2272-1135-0x00000000767D0000-0x00000000768C0000-memory.dmp
C:\Users\Admin\Documents\GuardFox\0JDbJzWFF1BzKfWUVTIKTIwM.exe
| MD5 | d6478539fcf0e2c04cc680c4cf8a3761 |
| SHA1 | 36e2822251a96ffa5f4cdde8f926ec26516ceceb |
| SHA256 | 62828171a6abc83df9e687c060394427e7f7c0cb31d21108ca7c3d2e0d137258 |
| SHA512 | 5ab9dc9b0981a810154bd31dd586af16320463b6ab7ff81c425e1fe19ce91ac7a2fdfece4e4d631fb911cd2021f9de48199ec69e477f9e4c38adc3a94351865c |
memory/5244-1122-0x0000000000D60000-0x0000000000D61000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Y8wSg2.cpl
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Temp\Y8wSG2.CPL
| MD5 | 7aae2dc9dfa685d97d4a8670d2b13c34 |
| SHA1 | 5e7c50aab53c0ebd3757f82bbb433a2300bce1ef |
| SHA256 | 0c4081104590f108517ce61c5dbd9241ad33956105f929d46e6b38a5896c0282 |
| SHA512 | 36e470957020db1710eef9462e3be93dc0eb9365503b8fc7bf6f6e6695d491cd28f2818e8eaf32f5a518756116f091465a7d6fcf043a10f6f914e68f9c149a44 |
memory/3372-1144-0x00000000066C0000-0x0000000006736000-memory.dmp
memory/5200-1143-0x00000000057B0000-0x00000000057C0000-memory.dmp
memory/260-1123-0x00007FF62D1E0000-0x00007FF62D232000-memory.dmp
memory/3408-1092-0x00007FF87C820000-0x00007FF87C8DE000-memory.dmp
C:\Users\Admin\Documents\GuardFox\jxXiOgogI8vV1byOdAIl_gx5.exe
| MD5 | 696e45840de3dbd2c6b00fe85651dbc6 |
| SHA1 | 03ebfeb1f77b77eb43d7fc021308c261c0da10c4 |
| SHA256 | a0809d763a1b27e81c0acd8fe084ef2b888f55477dedb9ce0a48dd04c39e6855 |
| SHA512 | 798b1155f08ab0989011c0ffcf63a44b5af1791e454140b13f1d01487579c3034b3f1a349abf7f7eb9fcfb6741fd1913ec3e1f9dd799a5e440fbee07189ae2c6 |
memory/5228-1097-0x00000000767D0000-0x00000000768C0000-memory.dmp
memory/3372-1091-0x0000000005770000-0x0000000005780000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A65DBECD82A40019E873CE4ED0A79570
| MD5 | e7cf9e6dd39c2a2bc1e9bfddf194f120 |
| SHA1 | b9f66ea1b54fada9bdf6f7528ccbb40dd16af1ee |
| SHA256 | 309c47c73d3577d09e93be307e0b0bd7f8615adcce283a5a493e6ed24df537ee |
| SHA512 | fef8f1734b6b6fa936bad0a1ec669caca9d41b708fb685b1f58e2acd9e10c0baff1db3cd60037b2d286ab962bfb27ed78075db35a30cc8eee0ac6548b9af2ab1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A65DBECD82A40019E873CE4ED0A79570
| MD5 | 116b4703ec33f2796c58c79155b2ff93 |
| SHA1 | 42f55fd7cb06bb054b85e676aeb673187e261ac9 |
| SHA256 | afea62aa40641fa7ef00f6023ec004a8de6b933897d20459331853664d5a8b22 |
| SHA512 | e6ffe7e701a5f810839d2e0206e3a37772b7375524a901e474c9c27584ad84ab1cccf1dd622fa39a4b95402c37fd3159c74b7a86da63d487a2167a9178913e41 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C
| MD5 | 13b292cce3409cfea88abc65c5fbda62 |
| SHA1 | a759a13e792847ece5e217958dfa56a1cb534b31 |
| SHA256 | 2f9f9f22cf95eefbdf3fa2058aca5b02e8efd9fd17a8569d805acd8c7e26de05 |
| SHA512 | 6abfc61211b7068e869da8eecafd6fdf28563df9399100bc647bc75d79015d44cf683481a5b80eaacb711e21188694ee3a173cc5cde9f71c3adcdf0e06578286 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C
| MD5 | 400811b05eb942a1a19f36e842e9c783 |
| SHA1 | 19bdb897247294cc0f38420b8e8a653df4486f66 |
| SHA256 | f6786a03f7da751691a2ae05fc34cdedc941e05b61c924a794079aed828643ba |
| SHA512 | ed48a6bea22a79c520dafb9b86a43e53e24be31e5e3b589abf4eb4587024025c2d386b60f58b80f44a1b37207bb6e373ebe2b02fad8162543fc3cdaa2071205e |
memory/5200-1096-0x0000000000400000-0x0000000000454000-memory.dmp
memory/5228-1086-0x0000000005EA0000-0x0000000005F32000-memory.dmp
C:\Windows\System32\GroupPolicy\Machine\Registry.pol
| MD5 | cdfd60e717a44c2349b553e011958b85 |
| SHA1 | 431136102a6fb52a00e416964d4c27089155f73b |
| SHA256 | 0ee08da4da3e4133e1809099fc646468e7156644c9a772f704b80e338015211f |
| SHA512 | dfea0d0b3779059e64088ea9a13cd6b076d76c64db99fa82e6612386cae5cda94a790318207470045ef51f0a410b400726ba28cb6ecb6972f081c532e558d6a8 |
C:\Windows\System32\GroupPolicy\gpt.ini
| MD5 | 7cc972a3480ca0a4792dc3379a763572 |
| SHA1 | f72eb4124d24f06678052706c542340422307317 |
| SHA256 | 02ad5d151250848f2cc4b650a351505aa58ac13c50da207cc06295c123ddf5e5 |
| SHA512 | ff5f320356e59eaf8f2b7c5a2668541252221be2d9701006fcc64ce802e66eeaf6ecf316d925258eb12ee5b8b7df4f8da075e9524badc0024b55fae639d075b7 |
C:\Users\Admin\Documents\GuardFox\3WrAbCyIaBJPtDN1TKzKuNZP.exe
| MD5 | f741ca8d807125c58d645b96cc83d785 |
| SHA1 | 8845cf33c6f86ede9e72212336e84ca8146447fd |
| SHA256 | 52f56007cff1660f366f65a877559228738dc674a3b1e17757bb6b5f6e6e40d7 |
| SHA512 | a4a1c2441081cd902ed3c9b34edc989dc25ae89715a5272cd69da49c60c3b01e82c15072e948bfba229005e2b40040ab15cd1f3b0956a8078e5e2a641c354b7a |
memory/3372-1090-0x0000000005C30000-0x0000000005C96000-memory.dmp
memory/5228-1074-0x00000000063B0000-0x0000000006954000-memory.dmp
memory/5984-1071-0x00000000007C3000-0x00000000007D1000-memory.dmp
C:\Users\Admin\Documents\GuardFox\jxXiOgogI8vV1byOdAIl_gx5.exe
| MD5 | 99f328d2b85466a3cb61e07fb0dacaf0 |
| SHA1 | 14de39cd8b07ab2bec81891b1b3a19b933ddbc2b |
| SHA256 | fdaa93e87e12e38fc0c96f6736a26420c8c6a7855bbef12654ab7ef35cabac47 |
| SHA512 | 835bdd1626cd67e5d62343fc1a443db5bd9d2042ff16efbe01fdb66915ca4ab838862f24eec87c7622f6b2e694739d4175648b48d7edc4a78fdcfabbcba214dc |
C:\Users\Admin\AppData\Local\Web Resource Viewer\webresourceviewer.exe
| MD5 | e99fa563f6176491cc9b2dcfc7b347ad |
| SHA1 | e7c105903dd2f58d1f5cf31fa98c9fce0bfda46d |
| SHA256 | f52af01736b2b4f367673071feaf88a1bfd464030d66f27f38a9806640c35edb |
| SHA512 | 2eaee8f19f6f64d609a7af69c313b18deac6dde786cc6ee2a8aaa112c5be766ca76069465f9ab1247c4dd1b73e6b2410eb23037908ce4d50c5f32a81d3522bec |
memory/5228-1059-0x00000000767D0000-0x00000000768C0000-memory.dmp
C:\Users\Admin\Documents\GuardFox\jxXiOgogI8vV1byOdAIl_gx5.exe
| MD5 | 773f0fe5c9f89d9914c61721885cc9b3 |
| SHA1 | 2bfc6a9e8995c99da68a98718b2ddde9aa262048 |
| SHA256 | 460f361e5c82bf12d1042ac08cc941d4e24967df53fef2d43980abf3e00823dc |
| SHA512 | 2046f77438c05c39edc1e7634bac3f1842b62a3291043b182979aba0244dad6df9695da1ea6d6d6bb3760e37c04b00da0a79ebc898f7b8446ba4698e208ca517 |
memory/5984-1066-0x0000000000400000-0x000000000043C000-memory.dmp
memory/5244-1056-0x0000000000400000-0x0000000000D40000-memory.dmp
memory/3496-1051-0x00000000009C0000-0x00000000009D6000-memory.dmp
memory/5244-1048-0x0000000000D50000-0x0000000000D51000-memory.dmp
C:\Windows\System32\GroupPolicy\GPT.INI
| MD5 | 93b3886bce89b59632cb37c0590af8a6 |
| SHA1 | 04d3201fe6f36dc29947c0ca13cd3d8d2d6f5137 |
| SHA256 | 851dd2bb0f555afaef368f1f761154da17360aeea4c01b72e43bf83264762c9f |
| SHA512 | fc7baef346b827c3a1338819baa01af63d2d4c31f3f7e17b6f6b72adab70de81872a67e8f3c1a28453abb595dbac01819a9bcff0710e9651a45deaf2f89e65fb |
memory/5164-1036-0x00000000005F0000-0x00000000015A3000-memory.dmp
C:\Users\Admin\Documents\GuardFox\qemu-ga.exe
| MD5 | a5ce3aba68bdb438e98b1d0c70a3d95c |
| SHA1 | 013f5aa9057bf0b3c0c24824de9d075434501354 |
| SHA256 | 9b860be98a046ea97a7f67b006e0b1bc9ab7731dd2a0f3a9fd3d710f6c43278a |
| SHA512 | 7446f1256873b51a59b9d2d3498cef5a41dbce55864c2a5fb8cb7d25f7d6e6d8ea249d551a45b75d99b1ad0d6fb4b5e4544e5ca77bcd627717d6598b5f566a79 |
memory/5228-1045-0x00000000767D0000-0x00000000768C0000-memory.dmp
memory/5228-1040-0x00000000767D0000-0x00000000768C0000-memory.dmp
memory/1680-1028-0x0000000140000000-0x0000000140876000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
| MD5 | 60fe01df86be2e5331b0cdbe86165686 |
| SHA1 | 2a79f9713c3f192862ff80508062e64e8e0b29bd |
| SHA256 | c08ccbc876cd5a7cdfa9670f9637da57f6a1282198a9bc71fc7d7247a6e5b7a8 |
| SHA512 | ef9f9a4dedcbfe339f4f3d07fb614645596c6f2b15608bdccdad492578b735f7cb075bdaa07178c764582ee345857ec4665f90342694e6a60786bb3d9b3a3d23 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
| MD5 | 8ee28fdd4656ec5cb0299622e2be3fec |
| SHA1 | 999a6c4245e3d33f1c6893d771608e814ec36591 |
| SHA256 | e35cdbe186ef574487f465aa5c03702d3599b5029f35a230f444b759df085815 |
| SHA512 | bef95f48a36e727db803a16996ff8a3b8c989514d107f796c373a0634987a44114addf41272e93e550a7af1a8fc561279df62a5bac33be9fffeace313d40ba9a |
memory/3304-1032-0x0000000000400000-0x00000000008BB000-memory.dmp
memory/5928-1031-0x0000000000400000-0x0000000000537000-memory.dmp
C:\Users\Admin\Documents\GuardFox\46_sXXY7I21SlDL7QjacEu88.exe
| MD5 | 6f0e5ad311936054a33eb7287c594521 |
| SHA1 | c973d47705660081bcbce5a99832c5f035168776 |
| SHA256 | 54ee98582d3733d200040666a41685a51467de8ed0f6e06bd076fb94ee7ec1a9 |
| SHA512 | a00a696feee34b30eaa3dc88878d649ea824d82abf67fbcfd058a2942d52a0092f750e3a41abc303b8b04a33b05a34b528be4e9827a272a40067e66ba8fa367d |
memory/5236-1030-0x0000000000C1F000-0x0000000000CB1000-memory.dmp
memory/5228-1029-0x00000000767D0000-0x00000000768C0000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 9c28fadd569657f9f7f0f72eb8108cf4 |
| SHA1 | 23c407b2b06c803bd76f366eb7fd167e29355be5 |
| SHA256 | 94f1c750a7264a8eec2d9c624f91a4f6734668c1d573d082773e4f0f8dfb841b |
| SHA512 | ef4f5429dee4d410e8a85c66a9f9b2d38f4967ca3252a04c0bcef33c907da72d3854886439aa5287fd35dd5efa436cf78137060e9fcbeb626eac0fe8e78012aa |
memory/3372-1025-0x0000000005930000-0x0000000005A3A000-memory.dmp
memory/5928-1024-0x0000000000400000-0x0000000000537000-memory.dmp
memory/5788-1022-0x0000000140000000-0x0000000140218400-memory.dmp
memory/1680-1021-0x00007FF87E9D0000-0x00007FF87E9D2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Y8wSg2.cpl
| MD5 | eb29575246840c8af35ea1c34d07ef85 |
| SHA1 | 6e6e85305efafc9bcd5ab328a1881062a0ff6c86 |
| SHA256 | ce18bc401bc8d3f47ab89316a57194ed4bf53de3b5f384c4dd60271d453e736a |
| SHA512 | c793c6512ee7d03bece854556d52998e961f63316d04d9897fd1c2936ebe7618347c99232d100c3fd714e787ad876566b1a1c0aaa74dd956a58ebbb7e9bfac31 |
memory/3372-1017-0x0000000005800000-0x0000000005812000-memory.dmp
C:\Users\Admin\AppData\Local\Web Resource Viewer\webresourceviewer.exe
| MD5 | b701b84a478eca25a6477044185a81cb |
| SHA1 | fbf69d0711f3258f70d0727fbd02ba833a24dfe2 |
| SHA256 | 389dbb9bf62f734445c8ae5d6e753943dfc7a20d53c190c5a0b8b91cd9d58a25 |
| SHA512 | 6ccba5dbd6102a8a0aca7c14dc22312405b1ea297c9dd6bcb6beddeb261037217f56f1b09e48708091ecba1e99a43e71ba112b2a8349efce9421da860f81d6b7 |
C:\Users\Admin\AppData\Local\Web Resource Viewer\webresourceviewer.exe
| MD5 | f5b169d718f01a57cf589951b68a9238 |
| SHA1 | 97aef25a71d56e710b942eae2d6c56ee4ca93706 |
| SHA256 | d36473fc25e32748e9192eb33e5bfcd121f1721d1599be8c4ca3986bba919feb |
| SHA512 | b36c45bd4bf3c51a78ff6a3fea5fe0fc4631a8e4e7dda6a2db2289cfc3be0aca6ef61716a307f1b73eeefdded077e10d070c2c97022b7e950516c9fc7d4246a7 |
memory/3372-999-0x0000000005DA0000-0x00000000063B8000-memory.dmp
memory/4872-1014-0x0000000000540000-0x0000000000541000-memory.dmp
memory/5928-1013-0x0000000000400000-0x0000000000537000-memory.dmp
memory/5916-997-0x0000000000980000-0x00000000009E4000-memory.dmp
memory/3408-998-0x00007FF611E20000-0x00007FF612811000-memory.dmp
C:\Users\Admin\Documents\GuardFox\XR0YIbtqmyEEIPi760UciSol.exe
| MD5 | ebd6f7a6cb7aa2c1f16389618828dd18 |
| SHA1 | 6f0ab3eae5a5c4ed3383ac48a4ac067294c87728 |
| SHA256 | 80b7f795cac71ff494d915f171bca9feca53cf6d9c6d5b87b2c773ea8266403e |
| SHA512 | b0ab45f303c0c7051da0248713d0b672d262bafde69112e3fe021426bfce869089329b324e3355a94cea76cec4feb6a024ab74499e1f025f82eebc3da11521be |
C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe
| MD5 | 600cec81dc99a512b90cdc4022d0ac97 |
| SHA1 | 67ebdc154c62233e9a524434a28d593b1bb6b30c |
| SHA256 | 911c0dc87caec871240258622fd0810b1cd9c04cea68f19f151e31f0e648c502 |
| SHA512 | f2b1ae5883f75df307266d7053def83ed733e754fa53a87d49cd5714186103387efdd336e0b8e7714bdf8f9a36786d21a747890d082055db95e8506d9f4352e9 |
C:\Users\Admin\Documents\GuardFox\B9ZfLXHjLJO8ElGDIFov6Qgl.exe
| MD5 | 6488a8f662d69cfe625ffaa141353744 |
| SHA1 | 03a1ac8316cc7f516a3df30f4770a5cc3b67ec77 |
| SHA256 | 6befda2e6455913396c29dd19b72b0831a893afa294b4e3b45b422e27a625c1f |
| SHA512 | 1dc1900047ff25b681559fd2f27ed5f5f284fbe610afd258406fdd00945e80dd5776ddb25c8e1cbed8830a3b514a41e4098bc204ac373ffbe19e4c2febf892ee |
memory/1028-961-0x0000000000E70000-0x00000000013DC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_kb5amd3u.z3i.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/5164-958-0x00000000005F0000-0x00000000015A3000-memory.dmp
C:\Users\Admin\Documents\GuardFox\LisIvn9B0eWX39XfGBxbdtul.exe
| MD5 | 3bf41b6bc6f6dc656f0abda1dcd27e79 |
| SHA1 | 0b22b556ee415d030c917f9be612a69d7f30884e |
| SHA256 | 9c6e8efc02febe5756320341610a25746eec5b1f962a71615ca20bb2c7894209 |
| SHA512 | 4f814e22ecb9aca2b43113f8e433b6ee9aa0a39dfceda4b0516324f61a05b3e2426084496fb94320b22f1f5c830f2c724c8a6633e8a853502369c2c3879687e2 |
C:\Users\Admin\Documents\GuardFox\LisIvn9B0eWX39XfGBxbdtul.exe
| MD5 | 5d2a0ef45593da25922e83a78ab3e7ef |
| SHA1 | eaf0bed236b405d6822de41850639c17ddf618b1 |
| SHA256 | 99997e6fcc339a7f5732f03c582b4a2be776032df232013799b7bee50258b14c |
| SHA512 | 85a71099353183005c64778a4941e87706eaaf59c01d6ac7fffa53dee56ad5a2740480a69b98214ef8ca7a1f92524fde4bf0c97f8fef6198d735ad3caec6f22f |
C:\Users\Admin\Documents\GuardFox\MHSgYdsltabeUcSs5kmRsv0T.exe
| MD5 | 638fb4e059c2b4f520140ff980acda0e |
| SHA1 | d2c6325ba8a7cb1b1e9ccf5fe2caf2bc6307dadb |
| SHA256 | 02beae1992a5a39c7fb8a7e92e821a2b37fed61e45c05688dc71a5035163ac42 |
| SHA512 | 374d4d29fe1c36ac2f41dcab96117a1b127ca1498af3a10cc46736828fd5fe98252db8e3f8884583a959c9e5c9ab29689ec3953325230b109a707f4313c8f183 |
C:\Users\Admin\Documents\GuardFox\QCBuhoR0_O5gO9EbQFahIqBy.exe
| MD5 | 072932d63a4fdc222735e6f713a514ae |
| SHA1 | cdb200e4c759600e4a83e450fbd67a7682526ea9 |
| SHA256 | eb27d4fc56e8a66e9fb47d0b73b752f963855ac169130d55a488709caa466bba |
| SHA512 | c7512594cb7ee7d9d3b3f71ff8931441932473d25561d946f55aface0c704b01a4f7bbbc8fc53b30e1cf1be10030c91186988f0ba6183485037924bb83db8702 |
C:\Users\Admin\Documents\GuardFox\qV9mEjhKIBcQ7TuES_j_hidT.exe
| MD5 | 480e0f4949b8a263d7cfa7053dc1cd75 |
| SHA1 | 368a4ef1942d423d5a7c47b994b0ecb7113dc29b |
| SHA256 | 094c50d7d6bdf0ced2a67949dadd9361b259696d6721e71fb4fa69b2905525a7 |
| SHA512 | 23583ccdaf5894b3bfa4130de4ea37a53478ecc64802fbb9ae37ccf80c6c39f8c797dac0e49ec6da7311c76f82d7c9e98bded5017f99dc4663df91c9eadb8002 |
C:\Users\Admin\Documents\GuardFox\3860sw0VMSmL9vdt9w4gL0z7.exe
| MD5 | c5431ed88227d6f2e201da982db63f38 |
| SHA1 | 9dcf0e8327f61df9641050fa30fa8a75642a2161 |
| SHA256 | dcd703912d6ff2ccc9739b82f12fb2c861812f53bb2ca9432a99850dd172fa94 |
| SHA512 | 381ec81b6822d09903c3edbdee47c2364f797a9d1f047c896cd85f2fe87ddea10839f67b0ef9d148e9cc756322e14e3f1e57dbded0a0bf53416d8006a59284be |
memory/5788-638-0x0000000140000000-0x0000000140218400-memory.dmp
C:\Users\Admin\Documents\GuardFox\LIFxed9heHkZ445Vw5ffhUOd.exe
| MD5 | c34eeedf7da3f9878112689f4b0774f9 |
| SHA1 | 18e7edacb98fbab4cb52e3b4cb31eadd1c1a8462 |
| SHA256 | ac79db8456746e785c5b02e017f7124293d571e535e56f32a2325e79a8568588 |
| SHA512 | 24a2ae5cd593e2a693b277fb7c37e07342e00c44a7afdfbae8ae1c8f6ef429a1b0436d94b640e0473dc1358a4a2a5f9f5ff0b139f6008c858de6b586344ccd4c |
C:\Users\Admin\Documents\GuardFox\0JDbJzWFF1BzKfWUVTIKTIwM.exe
| MD5 | b718734ab53f89d11581fb0046d146ec |
| SHA1 | f8e214195fa93faa1cf4d599ec42793b5a1be038 |
| SHA256 | 59a747bf1aff1136ef62e67aae711d092b36e2a81a430054bcdcc31b1f43bcd0 |
| SHA512 | b4e6c2b2b8d334a1fdcce718ddb3f8f42a6aaa5fd31afb666e50c630ed69e84a9a3473ef74da988b453d373ec64d4d2d4ac4cf41aa5b24fdac9e05c200d4d3ae |
C:\Users\Admin\Documents\GuardFox\tzQDaFN9XwE9nJsYRLnotvlR.exe
| MD5 | c36248b86a1d970b12aac42b10563471 |
| SHA1 | fd76a48d759efe38c3273b7c6b974b0b09a94b46 |
| SHA256 | bba0942a32968ebb352ef457eface10e4c6123cddf790f4eb7e4a82e574e62cc |
| SHA512 | 920170c0c6eb859cde8855d2366794c3e3a6429ffc8d7555a65637644c34a28e865089495d65586c145f94e4e464ced1f2ea3cf8729c209a6af815b0270bfbfc |
C:\Users\Admin\Documents\GuardFox\B9ZfLXHjLJO8ElGDIFov6Qgl.exe
| MD5 | 702dbd36d711bc3c944615fc7b0c73fb |
| SHA1 | 1e91343c6864f11a9e07337076156f3842ea35d9 |
| SHA256 | 7deb716daf9901835fbbb945742b7abac991582b555e48a5c8b7f73f8706e52c |
| SHA512 | 08ae8c51889f75cb3b8308106015f5f9a44b4a6414ee61948ff181357b0330bd4977fd7a078ec7c29cf0eaeddbb50937301d8566d407d2e7eb69150337fa86c3 |
C:\Users\Admin\Documents\GuardFox\KK0Vvbx4i9pQ519SIuE5Ax9M.exe
| MD5 | b889a30641c886d2be227ceca59d2617 |
| SHA1 | a7dab6c3405ba588692b71a84738bec5a513303f |
| SHA256 | 2f2b75b6b9c272bd6f198ed753585af51c500aee269286bc936e84d0c2be520f |
| SHA512 | 09c58146d116c92448a7b417b5db4ee0b13290c8fbaa256cc5574bffa0dc86700756d66a87a4669035d36f4fcfd1a03859f9e311f7b6ce262d1df77350667abb |
C:\Users\Admin\Documents\GuardFox\ckcSON1nq9KzLkUObHcFavDh.exe
| MD5 | 61156a6fa4b5d720a8a63648b3248939 |
| SHA1 | 69d71e100a561ca453eed6e8055d61f219ed1241 |
| SHA256 | f57d0af1a2de98eb2e3f82b2fdd7fce7e5ca7cd9bf04176756f618c29f166d46 |
| SHA512 | 71553308732b9f3828fc59f4691de6b06e228a02e705323651256379b812c5f2483b525e3b83c6bff914dc112e1c078024e387db1c92950b05a493c8d3807161 |
C:\Users\Admin\Documents\GuardFox\R08uTl2rhKjiEbQkYXCuC1Dj.exe
| MD5 | 9bbb781c6b4c01e244ec053bd8d37037 |
| SHA1 | 73f1a1effe15421da76306e21fbf1420764a1808 |
| SHA256 | afd27b275c1caecfd656e6a141d51e460a30b1560a48cf371d2f52e407caf8e9 |
| SHA512 | 516450c9e30a24c008e56b73fe4708ef5309eead6b8018ca6eddf6e5403afdd6fa0d1f6ccb52994b8195ace1441737ca917b4ee22be004087cdcdc4209622afe |
C:\Users\Admin\AppData\Local\Temp\1000114001\InstallSetup8.exe
| MD5 | fa193a54ab90b852ec2db7e03e91934f |
| SHA1 | 48b38dfd0e3f04b395fa690600a8dd98c7319f31 |
| SHA256 | bb5759a9c70a7276c07f010d0e58854e62724d08eee6b9b8b90da507521cc671 |
| SHA512 | cf425a5a9b36c6375c0e5489018d43be79ba7bb54f05807a9b6dd36a81721e5169de6ff9368c697336491c12a759bee828dd15e2987a6eacb9d278c8ab13866e |
C:\Users\Admin\AppData\Local\Temp\nsnF398.tmp\INetC.dll
| MD5 | 40d7eca32b2f4d29db98715dd45bfac5 |
| SHA1 | 124df3f617f562e46095776454e1c0c7bb791cc7 |
| SHA256 | 85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9 |
| SHA512 | 5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d |
C:\Users\Admin\AppData\Local\Temp\1000115001\toolspub1.exe
| MD5 | 440b65f6d8d2605472a027cfb14eec77 |
| SHA1 | 92add272018823651443c21a925eea6d23713a7f |
| SHA256 | 09e8fc90f20ae119566ded74bf8de501f732eb5ee39e5a66bce7535494089c73 |
| SHA512 | c38f54469232ccd565bf03962ef63a6c69e76389d762917b0df5cd4ca11fb26fd8ea66bd2c36f1b24ca705f37066c41f9b9645f357925adb1fd88ede8fefd5b2 |
C:\Windows\System\dc.exe
| MD5 | 49dcc4c5a00e308b4f29f280a0c413ce |
| SHA1 | 339d0f892e8b9232c08c65c7f277c382ac4eb8bb |
| SHA256 | 2b78f99ea01ecb6a5419e38113fad84e45a25b1dc5475e0be75104fe854fcd89 |
| SHA512 | 765360760b53542906f0377195a5473cae3801c886774819fa5e66ae63cf8d2dd354ce862bf53710e49018a036cb80f40774615d24903e4a3551279bb2d673c7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ceoajhiemdnnjfbilpkblfjghmmbhbda\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Temp\1000119001\FirstZ.exe
| MD5 | 11f3773b7f7d8716dc9dcab9c9b33bd4 |
| SHA1 | e124c60c5850709d028550fb5e8e77cdaefc9902 |
| SHA256 | fccf88d70d18229bb448d4e124f1b749157bfe98ac36e07834722d03016fe9e1 |
| SHA512 | 5c86dcc1723bbfea92ca8df37c31331fbda95bbeb0a62da6bbe01ddfd37f7dd5204659a8170175980cd6876717b621ab3b9fddcf5a918a119e40c87d608aa52c |
C:\ProgramData\mozglue.dll
| MD5 | 4bf8abb608c2bac061415ac99d36899e |
| SHA1 | 9d4d7b680b6fcfb00c5bda6026d7ded41cf69f69 |
| SHA256 | 34a7aad1f04ce9f10df8e7ecdc1cae87fb093166647803944433fb0a8ee94ea1 |
| SHA512 | 629cef6e8529eb8cb9c6ea32d375262421053c13c3fda0193f5ef06f144dbbeaf17ed4f1a17693e76dbfb6961ea4d277d981e860774787e1eaebece22983c914 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ceoajhiemdnnjfbilpkblfjghmmbhbda\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7e29139bfa626f96857f6afa0397744f |
| SHA1 | 2cb5c8335f15450dfa8d38b6a033d72a4f1fc824 |
| SHA256 | cc684925b7c61d219a05071b3b5cff8c7f71650bb2196e55b3bfeb1a128cf40f |
| SHA512 | 1583c7e55f23e0648fe0e4fcec72be85b1c5b5f9315bd866d66dc6ed20dc3398f1676dc33e9b067f860e3b38cc4050ec50035eb91c56446d3fa159c219e6aed3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c95aeeb87b5fa01e22e239ca6d87d8e4 |
| SHA1 | 3723dd08b281610511989968c2e3930e0f8d1c34 |
| SHA256 | a5342641a775d58f2c3e123a9541a1788c2e615f416b720cb7850ee5dd9871fa |
| SHA512 | eebc0a77dd3e46b58bb59523662ff1bcf73d01192d39cc7b3290a30f3664deac3fb85011bc63b39b99aa972361b20c54021ec694f807d7e789628c6a6dbecb5b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | de7225061903ebfb2c8c53c265922071 |
| SHA1 | 8c54d7a39a16039f5b1eb1eeec0f614b71db8b68 |
| SHA256 | 8170c70b7505211374ff61d581bbf038618fd6092c6c5927c113e7a0866c74ef |
| SHA512 | 36a95f3b1a251a6c06eff737066b5aad8f3df3363b672497b1db3cb53031262ede0f04276f1bf9618d66a0a1a55a459a35c1c7182bcfe518eaaf2bae6dc4fb22 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5819dc.TMP
| MD5 | 4f323e1f1ce51bea4e94fb6b07e53caf |
| SHA1 | 10877407bc82120eac36cb2061148852fb0f4bd4 |
| SHA256 | 342c7ea7f3ba2c65443b5bb0570396081f2fb3dc7f34931511606a05263523e7 |
| SHA512 | 6c44b7f26fad160d01cabeea9e4c8e71cf2dc56f251cd655a755301b88ddab5b38c77b602565dbff44b5f97a36193eb1a47c9e4fdf0a0478a5b92dad365bc9b1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\53f9d803-763c-44e8-a742-6c1d2cc8f7a8.tmp
| MD5 | 61ddad320efc7e18dd25821a48d2e0a1 |
| SHA1 | 376e1b99edab6e5a3c64a1ed25a269d55c3637e6 |
| SHA256 | d6e1a39327c37b1a2bdf44840b313875e14191f821841c337a981d0cc515760b |
| SHA512 | 91ff62e343edbe019d4e0d2a9d0088955e1a9e2dc0aa7285749fb356ad22b903608dad4bf897f56159b570f4ff2e3570be22e34961fc2f9b7f593ae6ee48902a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\42cf04426a7b4839528056aa9af2b559
| MD5 | c9ff7748d8fcef4cf84a5501e996a641 |
| SHA1 | 02867e5010f62f97ebb0cfb32cb3ede9449fe0c9 |
| SHA256 | 4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988 |
| SHA512 | d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 24d36522614dea5c313872d9542836dc |
| SHA1 | 2c5b51abfb5dbf058d622247acbd3fe46ee3c8f2 |
| SHA256 | 0bebd9325ce670c355490adad0c6c144b6488a8fc18a7dfa2d943a82a004b21f |
| SHA512 | 1e60af7f4ff55e2f2f6e998cba2bcdcd188bb529e960e67d4ab4c9fe8a1fdf293a528d055442f109b6bae4381a6a3e49b49b834f53087ee0a159b727f7db6003 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\ProgramData\Are.docx
| MD5 | a33e5b189842c5867f46566bdbf7a095 |
| SHA1 | e1c06359f6a76da90d19e8fd95e79c832edb3196 |
| SHA256 | 5abf8e3d1f78de7b09d7f6fb87f9e80e60caacf13ef3c1289665653dacd7c454 |
| SHA512 | f2ad3812ec9b915e9618539b0f103f2e9acaad25fbbacd84941c954ce070af231324e83a4621e951c1dbae8d40d50410954e40dd52bbd46e34c54b0d1957407b |
C:\ProgramData\FCFHJKJJ
| MD5 | 92be7d444b8f6922a7ab205f66109c15 |
| SHA1 | 25ea6a81f508348a61b7f4f668186069b00ccb8d |
| SHA256 | 89121f65705e315dd36be848aac783b0cfc307a6848392af9346f1f288e474e9 |
| SHA512 | c8c10adcc6f1dbe3d5c9022d303f2c6cc68c458949a8997f3bfcf5ca9a3620d1e7400b46ec36727b9c6d760d108ea889aa97a0ae9d505768822b6a112793bbd1 |
C:\ProgramData\HIIIDAKK
| MD5 | f70aa3fa04f0536280f872ad17973c3d |
| SHA1 | 50a7b889329a92de1b272d0ecf5fce87395d3123 |
| SHA256 | 8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8 |
| SHA512 | 30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84 |
C:\ProgramData\nss3.dll
| MD5 | 0f365e457bfbe700535c7139339a1ad8 |
| SHA1 | 57d1755226146991aa84693cdc439d86df1a8cff |
| SHA256 | 65bcac4e1e19998a4b433a8336396a5cbf650d08661e785d1a3f7eb70c08add9 |
| SHA512 | c6c63465ae0d6711c028f360a2d124b56b6a4c82d661d65043dda676f001a5c94ef62f467f511a80bda7ad69326901675d7eadf044a8175f0af99e66de32adaf |
C:\Users\Admin\AppData\Local\Temp\hfcuggj
| MD5 | cf29453ce2eb7cf339810b155c269f5c |
| SHA1 | 87238b3106b2c32161bd3a28c342d8cb9b90879f |
| SHA256 | 1c075feda9f0271cf2b9bfca8822bdf5d221e45cd504cf327f308f09187f4a7a |
| SHA512 | 9a43b6307e917bac966db46defe4b33c2a6719456b7797e439718d58a0d32030e689ed5dce1984ceda593db7d9f4a3aa9c85c85f9aec6a7e943d7f2ac6ea5707 |
C:\ProgramData\PublishClear.txt
| MD5 | d105be27bfa6037d301571a87412a6a0 |
| SHA1 | 0cc417d6f3341b48775504751a9fed09ca330bad |
| SHA256 | 75ee5bef3ed8c3e2d2e416f2c968347001e343e6edb4fa9238729e240e49490a |
| SHA512 | dbb138b48278f45bbc185d60f9688bcc815b40f72fdbb0d086d39b4b5d4dda27c71af5ab77e108445af44eb58420c733b6273a3a8a578d138c5a66946f054c79 |
C:\ProgramData\ResumePush.xlsx
| MD5 | de48b524009e808be0c21ba5d2150a50 |
| SHA1 | 6b403b3fedc998509456a27a23b23b3365dfe9ed |
| SHA256 | 1c34de0893fceafe08e79a0f344c9a0fceb38082aab6b4b7052f7593ee3a533e |
| SHA512 | 80cf3f90c529086d327d1e082ff40f341dbb762e941317cad6e2af9b5c37890bdc4d1aa518b9e3de8fae276fa50b6920c7f67737c2eb0805316680ea02977167 |
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp
| MD5 | 4e7d0866c2d710c0ec9d5256ecad34c5 |
| SHA1 | eac8395adbb999294708d63a56892b9b69c16eb7 |
| SHA256 | 9c19f5e91aed4277bc4bb3e529e43e59af8b512e041acdbdf46754ab68b2056b |
| SHA512 | 795e36b9acc43543da0ec9e208545355fab81a6f7367567bf67a27ed93a52fbfdec205d9276b95a9eeed30d9d4c81a99904fd948ce4a5edaf5d92e497e9ddcc4 |
C:\Users\Admin\AppData\Local\Web Resource Viewer\lang\is-0IMVR.tmp
| MD5 | 54ffd881611a92540e4c85e2759278c9 |
| SHA1 | ef0c1ec4f6efe6abdf9a23f1adcd88c4ec5b4348 |
| SHA256 | d075cbfb1b43dadcdac8cf572c18689134e59319fbe425e82c7bb7c4e7d5948c |
| SHA512 | d9f77cacb264d080e12e765cba3e1cc69a19c186526bbcb25d093e0a83b4b4b8beef37a4acf2e803a08eb76c77d4a97a21fea74475d6d9d16a63f2137ab6253b |
C:\Users\Admin\AppData\Local\Web Resource Viewer\lang\is-BV9MP.tmp
| MD5 | 8f920115a9ac5904787bc4578f161a52 |
| SHA1 | 941332d718cf5161881ca903b2fb125124cac68b |
| SHA256 | f8b63fa29af4c7cff131bf14fbdaac8e6b6945444e0f13e57417fea4a3de1a6b |
| SHA512 | b8521748d276de667e2013c697005adc45e405fee9a9970b80427cb47ba829e2f9e31fdae2bafc54cca5aeaa4c371f4d25e1ea34989eea19e732fd129abfa1c2 |
C:\Users\Admin\AppData\Local\Web Resource Viewer\lang\is-FT5C1.tmp
| MD5 | 613ccb3ab7bc5304da08120a11bb34f2 |
| SHA1 | 9e1231dc2ddc6deb2a66d494c45f0dfcf04b1d97 |
| SHA256 | 565efa1b0407d221b1e6bc44811f529f98fe4d9ffb6e756b56b9525acb87ce28 |
| SHA512 | d27efae6748105c343abcdc8777d2c5065bc342569af2fd3bee92544a01ad4caefe359adf69fa56bae1fbc87f86575b797c20d821a42869d0b34ab1004b0138a |
C:\Users\Admin\AppData\Local\Temp\is-3ARGJ.tmp\_isetup\_shfoldr.dll
| MD5 | 92dc6ef532fbb4a5c3201469a5b5eb63 |
| SHA1 | 3e89ff837147c16b4e41c30d6c796374e0b8e62c |
| SHA256 | 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87 |
| SHA512 | 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3 |
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new
| MD5 | 99751b3ace34fc2737b7ce2c5faaf646 |
| SHA1 | de01a4e7b38f0b4e6c29355cf7fff06c25d82f28 |
| SHA256 | 5f68782baa6080150092baaf1b1d6115e8a6e9bf3daee7e80052aa1f2499fa46 |
| SHA512 | 14ade9efca96d8ef96d27f3058fbb444d872a996b25251a45f9212d9f260410de2acb264ed87c5288f0a4c125a4eef46264aa8c42eec0bb3b3ccb01be8554229 |
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | 06facd038383a22edb26be7a4ce5eb01 |
| SHA1 | 6c92b66542de2fb21557266eb025761111676513 |
| SHA256 | 5fbd80ac31902bc7bb7a373977860471d725b83acb02b58f2e2f53d324b627af |
| SHA512 | 1ebc70b0529aa23397542075a10995b60869825a58b371c1f40310dbe711c82b7dfe09ef782fab97fe5d592866d135e4ff5e945078bb783c5f317d7dfcb43fb8 |
C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe
| MD5 | 2bb3ab943e6a3e95588a254d341b1c18 |
| SHA1 | 8d5d0696ac98b9c168b901bb3416c9c739639c30 |
| SHA256 | ab5992ac2692fb77d820ed666e46c07c089322ec71dfa6dc88c8d724ef999300 |
| SHA512 | cccabc7bcfcac26eb1e637d764e5e88f74227aa8e8b51484635b87fda8bbe698858fb05f50001ef91cffb6f12a87253f921101d22e82868d6595cba342c3b778 |
Analysis: behavioral6
Detonation Overview
Submitted
2024-01-23 12:11
Reported
2024-01-23 12:18
Platform
win10v2004-20231222-en
Max time kernel
134s
Max time network
154s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\prom\ResIL.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.166.122.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.181.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-01-23 12:11
Reported
2024-01-23 12:18
Platform
win10v2004-20231215-en
Max time kernel
142s
Max time network
179s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\prom\chrome_elf.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.53.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.80.50.20.in-addr.arpa | udp |
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-01-23 12:11
Reported
2024-01-23 12:18
Platform
win10v2004-20231215-en
Max time kernel
147s
Max time network
158s
Command Line
Signatures
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3132 wrote to memory of 1632 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3132 wrote to memory of 1632 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 3132 wrote to memory of 1632 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\prom\dbghelp.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\prom\dbghelp.dll,#1
Network
| Country | Destination | Domain | Proto |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.179.89.13.in-addr.arpa | udp |
Files
Analysis: behavioral13
Detonation Overview
Submitted
2024-01-23 12:11
Reported
2024-01-23 12:18
Platform
win7-20231129-en
Max time kernel
26s
Max time network
149s
Command Line
Signatures
Detect ZGRat V1
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detected Djvu ransomware
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Djvu Ransomware
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
RisePro
SmokeLoader
Stealc
ZGRat
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
Downloads MZ/PE file
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
Reads user/profile data of web browsers
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | api.myip.com | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | api.myip.com | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | api.myip.com | N/A | N/A |
| N/A | api.myip.com | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | api.myip.com | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\GroupPolicy | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy\gpt.ini | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| File created | C:\Windows\System32\GroupPolicy\Machine\Registry.pol | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy\GPT.INI | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\DE6D.exe |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 190000000100000010000000a823b4a20180beb460cab955c24d7e210f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030806082b06010505070309060a2b0601040182370a030406082b0601050507030606082b0601050507030706082b060105050802025300000001000000230000003021301f06092b06010401a032010130123010060a2b0601040182373c0101030200c00b000000010000001600000047006c006f00620061006c005300690067006e000000140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b999236030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47409000000010000000c000000300a06082b060105050703011d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c00b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f00740000000f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f0b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c09000000010000000c000000300a06082b06010505070301030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030806082b06010505070309060a2b0601040182370a030406082b0601050507030606082b0601050507030706082b060105050802025300000001000000230000003021301f06092b06010401a032010130123010060a2b0601040182373c0101030200c00b000000010000001600000047006c006f00620061006c005300690067006e000000140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b999236030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c1d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b0b000000010000001600000047006c006f00620061006c005300690067006e0000005300000001000000230000003021301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030806082b06010505070309060a2b0601040182370a030406082b0601050507030606082b0601050507030706082b060105050802020f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\setup.exe"
C:\Users\Admin\Documents\GuardFox\fA4fWqni3Fk1dH2hcuGg5kVv.exe
"C:\Users\Admin\Documents\GuardFox\fA4fWqni3Fk1dH2hcuGg5kVv.exe"
C:\Users\Admin\Documents\GuardFox\geXdBtePYVTWVZxokBtY2RTV.exe
"C:\Users\Admin\Documents\GuardFox\geXdBtePYVTWVZxokBtY2RTV.exe"
C:\Windows\SysWOW64\control.exe
"C:\Windows\System32\control.exe" "C:\Users\Admin\AppData\Local\Temp\Y8wSG2.CPL",
C:\Users\Admin\Documents\GuardFox\zHyWT4B7ksNcb40vwcW_8jt5.exe
"C:\Users\Admin\Documents\GuardFox\zHyWT4B7ksNcb40vwcW_8jt5.exe"
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\WinTrackerSP\WinTrackerSP.exe" /tn "WinTrackerSP HR" /sc HOURLY /rl HIGHEST
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\Y8wSG2.CPL",
C:\Windows\SysWOW64\dialer.exe
"C:\Windows\system32\dialer.exe"
C:\Users\Admin\Documents\GuardFox\NWKCi97yRPmDKNWuxjUrqCGt.exe
"C:\Users\Admin\Documents\GuardFox\NWKCi97yRPmDKNWuxjUrqCGt.exe"
C:\Users\Admin\Documents\GuardFox\iQCf_ssarPkOvbb8Rolj8DWS.exe
"C:\Users\Admin\Documents\GuardFox\iQCf_ssarPkOvbb8Rolj8DWS.exe"
C:\Users\Admin\Documents\GuardFox\zHyWT4B7ksNcb40vwcW_8jt5.exe
"C:\Users\Admin\Documents\GuardFox\zHyWT4B7ksNcb40vwcW_8jt5.exe"
C:\Users\Admin\Documents\GuardFox\_E4NP1BHy4Nn_koqPTx1r11x.exe
"C:\Users\Admin\Documents\GuardFox\_E4NP1BHy4Nn_koqPTx1r11x.exe"
C:\Users\Admin\Documents\GuardFox\PY0N8L8t5tIFZG93NkDisPnC.exe
"C:\Users\Admin\Documents\GuardFox\PY0N8L8t5tIFZG93NkDisPnC.exe"
C:\Users\Admin\Documents\GuardFox\MM1LQ88qGHPZpfYJCxA7SbKJ.exe
"C:\Users\Admin\Documents\GuardFox\MM1LQ88qGHPZpfYJCxA7SbKJ.exe"
C:\Users\Admin\Documents\GuardFox\HQjrm8fTPVDKwzoqs9viubak.exe
"C:\Users\Admin\Documents\GuardFox\HQjrm8fTPVDKwzoqs9viubak.exe"
C:\Users\Admin\Documents\GuardFox\zx0aWQ_xz45fidj5kGmRSAlJ.exe
"C:\Users\Admin\Documents\GuardFox\zx0aWQ_xz45fidj5kGmRSAlJ.exe"
C:\Users\Admin\Documents\GuardFox\4EC9IqjKczl0bbmOaciB5eaC.exe
"C:\Users\Admin\Documents\GuardFox\4EC9IqjKczl0bbmOaciB5eaC.exe"
C:\Users\Admin\Documents\GuardFox\NjWsxPZVyYqpDbbfJ8fvgfVA.exe
"C:\Users\Admin\Documents\GuardFox\NjWsxPZVyYqpDbbfJ8fvgfVA.exe"
C:\Users\Admin\Documents\GuardFox\iEkV5AkWBmFGq5fXIdHbqzU4.exe
"C:\Users\Admin\Documents\GuardFox\iEkV5AkWBmFGq5fXIdHbqzU4.exe"
C:\Users\Admin\Documents\GuardFox\CEbkUTW8hyrrDT6Rf1t8zVr1.exe
"C:\Users\Admin\Documents\GuardFox\CEbkUTW8hyrrDT6Rf1t8zVr1.exe"
C:\Users\Admin\Documents\GuardFox\uJ96kzoVFq4ADEaCTcabRPLJ.exe
"C:\Users\Admin\Documents\GuardFox\uJ96kzoVFq4ADEaCTcabRPLJ.exe"
C:\Users\Admin\Documents\GuardFox\Dlt1iZAcoIqBH7K_dVKde64Q.exe
"C:\Users\Admin\Documents\GuardFox\Dlt1iZAcoIqBH7K_dVKde64Q.exe"
C:\Users\Admin\Documents\GuardFox\vK0PPAPmUAE0hE8jS7enXAKZ.exe
"C:\Users\Admin\Documents\GuardFox\vK0PPAPmUAE0hE8jS7enXAKZ.exe"
C:\Users\Admin\Documents\GuardFox\8H60W6oRZV_8Y7HtUXjpfc1c.exe
"C:\Users\Admin\Documents\GuardFox\8H60W6oRZV_8Y7HtUXjpfc1c.exe"
C:\Users\Admin\Documents\GuardFox\MiiGeJSIQRhtCha_s6H3_4T5.exe
"C:\Users\Admin\Documents\GuardFox\MiiGeJSIQRhtCha_s6H3_4T5.exe"
C:\Users\Admin\Documents\GuardFox\rP3VVvbHIAJXsDRWtvhHL16n.exe
"C:\Users\Admin\Documents\GuardFox\rP3VVvbHIAJXsDRWtvhHL16n.exe"
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\WinTrackerSP\WinTrackerSP.exe" /tn "WinTrackerSP LG" /sc ONLOGON /rl HIGHEST
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Users\Admin\AppData\Local\Temp\DE6D.exe
C:\Users\Admin\AppData\Local\Temp\DE6D.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 92
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 120
C:\Users\Admin\AppData\Local\Temp\916.exe
C:\Users\Admin\AppData\Local\Temp\916.exe
C:\Users\Admin\AppData\Local\Temp\916.exe
C:\Users\Admin\AppData\Local\Temp\916.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef71d9758,0x7fef71d9768,0x7fef71d9778
C:\Users\Admin\Documents\GuardFox\gqGHRUK4EKmIkZQQtGKxKg0h.exe
"C:\Users\Admin\Documents\GuardFox\gqGHRUK4EKmIkZQQtGKxKg0h.exe"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN gqGHRUK4EKmIkZQQtGKxKg0h.exe /TR "C:\Users\Admin\Documents\GuardFox\gqGHRUK4EKmIkZQQtGKxKg0h.exe" /F
C:\Users\Admin\AppData\Local\Temp\36AC.exe
C:\Users\Admin\AppData\Local\Temp\36AC.exe
Network
| Country | Destination | Domain | Proto |
| DE | 77.105.147.130:80 | 77.105.147.130 | tcp |
| US | 8.8.8.8:53 | api.myip.com | udp |
| US | 172.67.75.163:443 | api.myip.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | cczhk.com | udp |
| US | 8.8.8.8:53 | vk.com | udp |
| US | 8.8.8.8:53 | joxy.ayazprak.com | udp |
| US | 8.8.8.8:53 | ji.alie3ksggg.com | udp |
| US | 8.8.8.8:53 | 294self-limited.sbs | udp |
| US | 8.8.8.8:53 | medfioytrkdkcodlskeej.net | udp |
| NL | 77.246.104.70:80 | 77.246.104.70 | tcp |
| RU | 193.233.132.117:80 | 193.233.132.117 | tcp |
| AT | 5.42.64.33:80 | 5.42.64.33 | tcp |
| FI | 109.107.182.40:80 | 109.107.182.40 | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 91.215.85.209:80 | medfioytrkdkcodlskeej.net | tcp |
| US | 104.21.80.24:80 | joxy.ayazprak.com | tcp |
| US | 188.114.96.2:80 | 294self-limited.sbs | tcp |
| HK | 154.92.15.189:80 | ji.alie3ksggg.com | tcp |
| SA | 178.86.104.54:80 | cczhk.com | tcp |
| RU | 91.215.85.209:80 | medfioytrkdkcodlskeej.net | tcp |
| US | 188.114.96.2:80 | 294self-limited.sbs | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| SA | 178.86.104.54:80 | cczhk.com | tcp |
| US | 188.114.96.2:80 | 294self-limited.sbs | tcp |
| US | 188.114.96.2:80 | 294self-limited.sbs | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 91.215.85.209:80 | medfioytrkdkcodlskeej.net | tcp |
| US | 188.114.96.2:443 | 294self-limited.sbs | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| GB | 96.17.179.184:80 | tcp | |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| GB | 173.222.13.40:80 | x2.c.lencr.org | tcp |
| RU | 91.215.85.209:443 | medfioytrkdkcodlskeej.net | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| US | 8.8.8.8:53 | udp | |
| GB | 173.222.13.40:80 | x2.c.lencr.org | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:443 | vk.com | tcp |
| RU | 93.186.225.194:443 | vk.com | tcp |
| US | 8.8.8.8:53 | sun6-21.userapi.com | udp |
| NL | 95.142.206.1:443 | sun6-21.userapi.com | tcp |
| RU | 93.186.225.194:443 | vk.com | tcp |
| RU | 93.186.225.194:443 | vk.com | tcp |
| US | 8.8.8.8:53 | sun6-22.userapi.com | udp |
| NL | 95.142.206.2:443 | sun6-22.userapi.com | tcp |
| RU | 93.186.225.194:443 | vk.com | tcp |
| US | 8.8.8.8:53 | sun6-23.userapi.com | udp |
| NL | 95.142.206.3:443 | sun6-23.userapi.com | tcp |
| RU | 93.186.225.194:443 | vk.com | tcp |
| RU | 93.186.225.194:443 | vk.com | tcp |
| RU | 93.186.225.194:443 | vk.com | tcp |
| RU | 93.186.225.194:443 | vk.com | tcp |
| NL | 95.142.206.3:443 | sun6-23.userapi.com | tcp |
| RU | 93.186.225.194:443 | vk.com | tcp |
| RU | 93.186.225.194:443 | vk.com | tcp |
| RU | 93.186.225.194:443 | vk.com | tcp |
| RU | 93.186.225.194:443 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| US | 8.8.8.8:53 | sun6-20.userapi.com | udp |
| NL | 95.142.206.0:443 | sun6-20.userapi.com | tcp |
| RU | 93.186.225.194:443 | vk.com | tcp |
| NL | 95.142.206.0:443 | sun6-20.userapi.com | tcp |
| RU | 193.233.132.67:50505 | tcp | |
| NL | 45.15.156.229:80 | 45.15.156.229 | tcp |
| DE | 77.105.147.130:80 | 77.105.147.130 | tcp |
| US | 8.8.8.8:53 | api.myip.com | udp |
| US | 172.67.75.163:443 | api.myip.com | tcp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 8.8.8.8:53 | i.alie3ksgaa.com | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| NL | 195.20.16.45:80 | 195.20.16.45 | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| RU | 193.233.132.117:80 | tcp | |
| US | 104.26.8.59:443 | api.myip.com | tcp |
| NL | 91.92.245.15:80 | tcp | |
| FR | 194.33.191.60:44675 | tcp | |
| US | 172.67.147.32:443 | tcp | |
| US | 8.8.8.8:53 | iplogger.org | udp |
| US | 172.67.132.113:443 | iplogger.org | tcp |
| HK | 154.92.15.189:443 | i.alie3ksgaa.com | tcp |
| DE | 185.172.128.24:80 | 185.172.128.24 | tcp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | api.ip.sb | udp |
| US | 104.26.13.31:443 | api.ip.sb | tcp |
| US | 8.8.8.8:53 | selebration17io.io | udp |
| RU | 91.215.85.120:80 | selebration17io.io | tcp |
| NL | 195.20.16.45:80 | 195.20.16.45 | tcp |
| NL | 45.15.156.229:80 | 45.15.156.229 | tcp |
| HK | 154.92.15.189:443 | i.alie3ksgaa.com | tcp |
| RU | 193.233.132.117:80 | 193.233.132.117 | tcp |
| HK | 154.92.15.189:443 | i.alie3ksgaa.com | tcp |
| NL | 195.20.16.45:80 | 195.20.16.45 | tcp |
| RU | 5.42.65.31:48396 | tcp | |
| NL | 195.20.16.45:80 | 195.20.16.45 | tcp |
| DE | 185.172.128.19:80 | 185.172.128.19 | tcp |
| US | 8.8.8.8:53 | vk.com | udp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| US | 8.8.8.8:53 | iplis.ru | udp |
| US | 104.21.63.150:443 | iplis.ru | tcp |
| US | 8.8.8.8:53 | iplogger.org | udp |
| US | 104.21.4.208:443 | iplogger.org | tcp |
| RU | 193.233.132.117:80 | 193.233.132.117 | tcp |
| NL | 185.142.239.49:4444 | tcp | |
| NL | 45.15.156.229:80 | 45.15.156.229 | tcp |
| DE | 193.23.244.244:443 | tcp | |
| RU | 193.233.132.117:80 | tcp |
Files
memory/2352-0-0x000000013F7C0000-0x00000001401B1000-memory.dmp
memory/2352-1-0x000000013F7C0000-0x00000001401B1000-memory.dmp
memory/2352-6-0x000007FEFDCD0000-0x000007FEFDD3C000-memory.dmp
memory/2352-7-0x000007FEFDCD0000-0x000007FEFDD3C000-memory.dmp
memory/2352-8-0x000007FEFDCD0000-0x000007FEFDD3C000-memory.dmp
memory/2352-10-0x000000013F7C0000-0x00000001401B1000-memory.dmp
memory/2352-12-0x000000013F7C0000-0x00000001401B1000-memory.dmp
memory/2352-14-0x0000000000070000-0x0000000000071000-memory.dmp
memory/2352-15-0x000000013F7C0000-0x00000001401B1000-memory.dmp
memory/2352-13-0x000000013F7C0000-0x00000001401B1000-memory.dmp
memory/2352-11-0x000007FE80010000-0x000007FE80011000-memory.dmp
memory/2352-9-0x0000000077C20000-0x0000000077DC9000-memory.dmp
memory/2352-16-0x000000013F7C0000-0x00000001401B1000-memory.dmp
memory/2352-17-0x000000013F7C0000-0x00000001401B1000-memory.dmp
memory/2352-18-0x000000013F7C0000-0x00000001401B1000-memory.dmp
memory/2352-19-0x000000013F7C0000-0x00000001401B1000-memory.dmp
memory/2352-20-0x000000013F7C0000-0x00000001401B1000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar2CEF.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\Documents\GuardFox\Dlt1iZAcoIqBH7K_dVKde64Q.exe
| MD5 | 471d4d3135fdf30e6965b2053f3a4736 |
| SHA1 | 4884aa04d6922434fbfa58aab940f8cc3b48f475 |
| SHA256 | 8b8708beab060cb3811107593022f4baaf124f7337db9ecadaee9d8ac92a044e |
| SHA512 | a095ff32b8e946a441eeaeeebdc47babefccfedc1e777f87de9fa3e9002e09c847875752a913c6045b18597df8d0615718c13d6fc7bf51d449a88ec132318259 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8edbe7230efbe5d102c77491219c7157 |
| SHA1 | 50b19a5441d7977311f4cfb915cedf2b56e2720b |
| SHA256 | cd29a0f2736d092099ad219b3f0bf25912436145f76bb6e5ca4c6c210b6d1a82 |
| SHA512 | 78faa311b19e9aa437de7393d60bf41fcfc4bd0f233e6fe8bd207df9c1a18dcd56db1525f03202989a86895930baa4e89de322c82773972d48310535bc728084 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a0e67c2766afea1b859438342fd3f141 |
| SHA1 | 96d44e4ec71877bc0167bb259b8a1818b83fdc4b |
| SHA256 | be70bc1a6262ffa236486cc0ef0d1f1c99e007df2a3c58b761ab88ee1bbb4ec4 |
| SHA512 | 34d168ddad6169e71d59ad127d3a111c90835a6c5ed9e44e59c623af65cde83520068466329a1567da41f83fcf42a3aca08029b70ea738677ad63c932fb4fa1f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8c532cff186870217573cf91a40d4df9 |
| SHA1 | bf8f3c2ccd3bf4fcff5eebd037eba1a7efbc8799 |
| SHA256 | 4acbde3d5103d103e9aa53e00f5f518f4558cb4b9436c79337f868100235cb5b |
| SHA512 | 99a5220a3b1ea5e18b3afb58a4042bddbba82f2f42bc205a3972164b653c276ec8a54561043b8df72f024564e602e8d5a2f40adbb4ee34cf6c2598ec1a8b1939 |
C:\Users\Admin\Documents\GuardFox\CEbkUTW8hyrrDT6Rf1t8zVr1.exe
| MD5 | f2ccc652745a2e84a4d7c4d8be67e18e |
| SHA1 | 8ccdac3b2510653b997ab9bd75ba10fe0cd29f43 |
| SHA256 | 133f982d29df172974ecbe604431022f982b7e3de0470f298583e22aa0aabb92 |
| SHA512 | b551b3fc28d51312abed28242fc1c6ecea493f010689a7ed876e90f170eafe95a2d3b0aba589fb7e6b106dba02f9b1bd24e521f15766888a74ad11661fc10c66 |
C:\Users\Admin\Documents\GuardFox\fA4fWqni3Fk1dH2hcuGg5kVv.exe
| MD5 | ebd6f7a6cb7aa2c1f16389618828dd18 |
| SHA1 | 6f0ab3eae5a5c4ed3383ac48a4ac067294c87728 |
| SHA256 | 80b7f795cac71ff494d915f171bca9feca53cf6d9c6d5b87b2c773ea8266403e |
| SHA512 | b0ab45f303c0c7051da0248713d0b672d262bafde69112e3fe021426bfce869089329b324e3355a94cea76cec4feb6a024ab74499e1f025f82eebc3da11521be |
C:\Users\Admin\Documents\GuardFox\rP3VVvbHIAJXsDRWtvhHL16n.exe
| MD5 | 94a6fd6302973d54f756944690160558 |
| SHA1 | 0a343afe01024a318baefff31b46da0674ef0c76 |
| SHA256 | 6478b937acfadb2cf4ae042cb375287cc38e43683325834124f75db746239343 |
| SHA512 | 0496085a219ca9904980b329e9e9f461d3913d7b1ea1389c31ac0adf63674ad18aee31b816f49ca8b4555b1d83cf7385583f4c3cf8464cb289d226f58c8c4e76 |
C:\Users\Admin\Documents\GuardFox\NjWsxPZVyYqpDbbfJ8fvgfVA.exe
| MD5 | 40c8bb2d2562e5812be3498ce5879232 |
| SHA1 | b6a6ca6ebfaf12f2b006a22c2a6114b33fdebc7e |
| SHA256 | be5c4d682a132a55db8913117fc8af5cf8fcba7de7fce282b71254d38fb17261 |
| SHA512 | 50d27f49625877979087fd24110554b865cf23e51ee9ef5f9ec6540ff96fc7b5a054181d5cca4ebef256daac1d45d8af8dbf6499821fa553eef9471e192bd01b |
C:\Users\Admin\Documents\GuardFox\uJ96kzoVFq4ADEaCTcabRPLJ.exe
| MD5 | c5431ed88227d6f2e201da982db63f38 |
| SHA1 | 9dcf0e8327f61df9641050fa30fa8a75642a2161 |
| SHA256 | dcd703912d6ff2ccc9739b82f12fb2c861812f53bb2ca9432a99850dd172fa94 |
| SHA512 | 381ec81b6822d09903c3edbdee47c2364f797a9d1f047c896cd85f2fe87ddea10839f67b0ef9d148e9cc756322e14e3f1e57dbded0a0bf53416d8006a59284be |
C:\Users\Admin\Documents\GuardFox\8H60W6oRZV_8Y7HtUXjpfc1c.exe
| MD5 | 19f7e7642c71d09a9b4eddc0bb3308ee |
| SHA1 | 43cffaaddd889ea29f532d56a158c551362b803b |
| SHA256 | ccd87b1214789543b03615802acd8c5d22b31c122e3dd61f306784fe047c1490 |
| SHA512 | a9780552a4d7c4ffe99a3f3124f70350d3ef36c0abd0b3ad198983504960f2ec6d6baa6c14e2acd8e04f97ee75cced46f6affee526534652130a972f22f23617 |
C:\Users\Admin\Documents\GuardFox\4EC9IqjKczl0bbmOaciB5eaC.exe
| MD5 | 072932d63a4fdc222735e6f713a514ae |
| SHA1 | cdb200e4c759600e4a83e450fbd67a7682526ea9 |
| SHA256 | eb27d4fc56e8a66e9fb47d0b73b752f963855ac169130d55a488709caa466bba |
| SHA512 | c7512594cb7ee7d9d3b3f71ff8931441932473d25561d946f55aface0c704b01a4f7bbbc8fc53b30e1cf1be10030c91186988f0ba6183485037924bb83db8702 |
memory/2352-243-0x000000013F7C0000-0x00000001401B1000-memory.dmp
C:\Users\Admin\Documents\GuardFox\MiiGeJSIQRhtCha_s6H3_4T5.exe
| MD5 | b204dc62b6924475292ba74e6c96a9cc |
| SHA1 | 4987093c62ddb61405ff000d75eb7a1f27a528a7 |
| SHA256 | d8e5a7d83852597fe04624f8117b9618e651d5456721232812b84c0eb77a7a14 |
| SHA512 | a11ca259ce7548059246f49520becf1782a9513fed7862292fe07569c1607382d1afe73d6af4cfe12ed8a6bce923acbbdd015c71941bc45e5a4ee8200d94a8c5 |
memory/2352-250-0x000000013F7C0000-0x00000001401B1000-memory.dmp
C:\Users\Admin\Documents\GuardFox\WkS88mGqjeLIRosqYicguQUu.exe
| MD5 | ca07b75277283f377270bc46c360e2ea |
| SHA1 | 4c38388c98efa5e5a482d1a4c6b4a30e60c0aa66 |
| SHA256 | 15c19a7a6e5fe8a6ef4e1babdc767945a2886dd7273d59887bb0d609247b50e4 |
| SHA512 | 4e87cb89eea6ce3f025f615e4aeec3bbc0869e69c499f972a38b772fcced7411ad5728734bdf243c73eb8f11a07bb0e53452d6a7908d314b50fe1c420e6a5901 |
C:\Users\Admin\Documents\GuardFox\PY0N8L8t5tIFZG93NkDisPnC.exe
| MD5 | fdaf18ad50873b8af3b9a3d64ebc4725 |
| SHA1 | 1dcc524f89330c0f63e4aa73c7b46d3517f3254e |
| SHA256 | 89c525dc1bcaa15dd25e947b853a553dffb2d585b3b514cdbc698b5ddd6542e9 |
| SHA512 | 96b28769f98c4b8578d2532bbb2a552e76df69e0adeaa56534250f508d3e1cbe740aa9f60ea76b78e535fa62f65909e6d443241eff2103a9638c3c3f0cdf5ec8 |
memory/2352-302-0x000000013F7C0000-0x00000001401B1000-memory.dmp
memory/2352-303-0x000007FEFDCD0000-0x000007FEFDD3C000-memory.dmp
C:\Users\Admin\Documents\GuardFox\iEkV5AkWBmFGq5fXIdHbqzU4.exe
| MD5 | 390bbf84ba2296ee074c5ad57ce047fd |
| SHA1 | 487e9e793d440a0b94dbbce9a3b08acb3c7253fd |
| SHA256 | 47f0b7106ac30cfe9b3f59b8c4e25d6bebcfb8a6510753d632e66d419e896d62 |
| SHA512 | 2cf6120ee3f6d42185dbb44926b7d39447ae3710ceff49328ab6941dff11296ad17d96cc48d4bdc159687e5a452dfbfefec0f40e82fb551488f3ed12ad6ebe4d |
C:\Users\Admin\Documents\GuardFox\HQjrm8fTPVDKwzoqs9viubak.exe
| MD5 | 5fa878455587d484dba37e41a46b9343 |
| SHA1 | 82f4dd3a18554bda4425a897433b31f2d783587a |
| SHA256 | e63841c08999245e9c424161cca81afbecb2c9e20b53aa2eb988a923cddbe6a4 |
| SHA512 | 60e23805e4a72ed423a65d2a3b19c2f6f4c16587f74499f78478180e0964dc9a80a584fb3a607c7a61ddf8085cd3ae23a5bf6a0d25aff78b96b808007d7e1654 |
C:\Users\Admin\Documents\GuardFox\vK0PPAPmUAE0hE8jS7enXAKZ.exe
| MD5 | 8c02f1916a3b64e4ecdd78cf79481f3a |
| SHA1 | 95da0e0e4d40cf62bea86007ed3f1c6280893a74 |
| SHA256 | da991b7f2d1f57616b9920f4993c2621624216939521e480f0a114a08b8d189d |
| SHA512 | 048eabafe9cef7aed029ca4c03a312f9d9464e88f892c565dcf9972646b3ce56a656e5a97f9bed90e698e80569a857ac8e0b9f6511e0b6575ad128930f7eeeaf |
memory/2352-333-0x000007FEFDCD0000-0x000007FEFDD3C000-memory.dmp
C:\Users\Admin\Documents\GuardFox\zx0aWQ_xz45fidj5kGmRSAlJ.exe
| MD5 | ec29442cc879d4a86c49c91bb941da3a |
| SHA1 | e5f13e0fe3fa421ecd0bbd3b5e0b5a12507c1b1e |
| SHA256 | 929d0e5de764e3182854e19c5f8d5fa0a7efc1c48f16eef9d3c2a4fc95235aa3 |
| SHA512 | d4a48c41379c24cb876061817201b802ca35acee71b06cba5afd750cbce4275932b4b44de2127c9a10a25337a4174d1d118bf0358783179d71a539bd0a3755e4 |
C:\Users\Admin\Documents\GuardFox\iQCf_ssarPkOvbb8Rolj8DWS.exe
| MD5 | 77c6776c9a4ace2ed42074e36a213a5f |
| SHA1 | 4d06ffcbf65610980446729acd595e90d0c9c142 |
| SHA256 | d8bde0015001a1843724b8690aa1c44bdeb2160a481bbaf6cd084ad316b75d72 |
| SHA512 | b1094e8f7bbcef954925ff90ebb6be07aef552ac7de486b7effef4278a63d57e9874db1270346b3dbdfc8c1f5011249265aa546d044178b6fa7b244e8bbd5e7d |
C:\Users\Admin\Documents\GuardFox\MM1LQ88qGHPZpfYJCxA7SbKJ.exe
| MD5 | afd6c7b2c8ce4194802315f8eb45e2f9 |
| SHA1 | 1fb7fe91b14d2876a38b9b90647e5a96a6262faa |
| SHA256 | e9a75e1f50cebf3aef100e090cf2c90b4eca714196ea28647739ae857d7a9755 |
| SHA512 | 29415c59c8a2d1236c8e853ddfd5d345ce08d72e2102717ba3c1c1cdeaf08d3de7710794de73e3f7d608192307b2ebc7832fc00fbfdd8c24e8d8c494496c4d50 |
C:\Users\Admin\Documents\GuardFox\NWKCi97yRPmDKNWuxjUrqCGt.exe
| MD5 | cf1e376b88640c0bc6fe1fd4ccbc2ada |
| SHA1 | b7f3a390a5b192da371cc2e600e355d7afc19d4d |
| SHA256 | 34dd8098fe4e16aa6f9e8ae276c6033a925c080825621632988dc97ef6cc449b |
| SHA512 | ceb391bf0f5d9e97f03ac29d68205b02599fdf4d8fd3f3aeafcdcfae47acae8507a4478a4d5f1e141ccb88f7c4262e7a5f961ecddc6af8745256ffea3dd90f3c |
C:\Users\Admin\Documents\GuardFox\ChG3xrcXGlbanim48QvyJDKr.exe
| MD5 | 45c3d9289d4f3fc915adf7efd379e00d |
| SHA1 | 0fce3561336238b5e1a2ec2531edaad95e5b937b |
| SHA256 | 73ac0b454fb69dd46815d3ba38230c59779650f29cd0bfc45756dad96c9c8cc1 |
| SHA512 | 4b1a5b7061abba2bb94388e7b62983b120538ad5428a5d72eb75d1f0936f122d0b5cace92f8bd83c0426baee3c87687f9a17aad98e4ce976bcdf89757fd372e8 |
C:\Users\Admin\Documents\GuardFox\geXdBtePYVTWVZxokBtY2RTV.exe
| MD5 | a26c00350d62e5c05d9e17151290dd53 |
| SHA1 | 6d49f07421e99476c7f5345fc172127475328041 |
| SHA256 | c91b18f4000825841740903c5b3a7205422b394d89cd36b787886587cab551cd |
| SHA512 | 9925d4d482fa2a72b1e2e94570440a26819b9d6971fbd1420845220c3df364534d2e6f249905a5a383706c62241f47c6a2b811897f7b294ce3ec5e2b91d2e2c9 |
C:\Users\Admin\Documents\GuardFox\hZZvgTGnq8NMGceiw3wFX6tE.exe
| MD5 | ef83b4bf99fd9e510923fd27f8788e55 |
| SHA1 | fd0eb91fccb0bc9719f464897833156b7d32a133 |
| SHA256 | b27d9c26f17e6a2ecd1d1fef684ee7dad99ec7160d4b5de11425679e16cc5620 |
| SHA512 | 5239ac94411b2529c2f969b1be71347f07b56a60245a38648a568c65f43b79e85b7440da8e77f181004eb73fd6824d8725eaf1d462dc69c36e5aaca392d32bdf |
memory/2352-397-0x0000000077C20000-0x0000000077DC9000-memory.dmp
C:\Users\Admin\Documents\GuardFox\_E4NP1BHy4Nn_koqPTx1r11x.exe
| MD5 | c4349e2b7b51db1549c227e36fceb7eb |
| SHA1 | 069adaf25a880663e9d307f19f16de03dedccb18 |
| SHA256 | b10bef2b2ff053e1f2bff7ed1a7afbb0bacc991959ff4b18ae30710a13c5b413 |
| SHA512 | 11c3ade9581fa9cada008219b918435a67705ef35bc030fdf81baa57602a0df09a19c580ea15e3afff9bcb565b98093ee0930bc185a0a81e6caff2a0170dc681 |
C:\Users\Admin\Documents\GuardFox\zHyWT4B7ksNcb40vwcW_8jt5.exe
| MD5 | 18c5e9d9c29043e29cc05f115d2b99df |
| SHA1 | 4cc72541404c6ad1c9973645a0722c93ec26edcf |
| SHA256 | a37ea3b6fea1c37a84ce7717f5f9e4f222032515b3d03b60b5649ee4324cf492 |
| SHA512 | 91708be80f05ece83a7e5ed6afe30dcc63e299c281eb76100e01cee28377e1ea41d224b7bb9059f9972d36ea80cc59336eef462d027f878e1f1ef3bbc4e27999 |
C:\Users\Admin\Documents\GuardFox\4EC9IqjKczl0bbmOaciB5eaC.exe
| MD5 | cc59feb080187df0bdcb4e142fae16eb |
| SHA1 | e03fed5d07fa9005e6e921bf6e848d1bd625630b |
| SHA256 | 0a0f644eb17650f93e0b0ece9e596132c77c294175c26f60fad08facd33ec039 |
| SHA512 | 0a5a16b742edc322b0b318040ab83716d879f92ad48e0c27fd920ad0240f6064f67a9c6a894d6721905a5bd3be1ef8ccf2ae865bf597c2d6de4de2de5afaf584 |
C:\Users\Admin\Documents\GuardFox\NjWsxPZVyYqpDbbfJ8fvgfVA.exe
| MD5 | 68570d0f53e871f4124cc3a4efad2eec |
| SHA1 | 27e089a0245be1f617a107e4c476e9754c0d586b |
| SHA256 | 65c8e27909e41cdbcdec340125e9a708393b31666b78da6c2a16c7974380d39a |
| SHA512 | c2eb1f04a5636184ce969f8c59091b29a0d41f93e1098982709e99593ec01cc97d75b4cfded790d19404ef053210f4fe86cb8aea5f44e9895b276836e891118e |
C:\Users\Admin\Documents\GuardFox\HQjrm8fTPVDKwzoqs9viubak.exe
| MD5 | b516a36e64f78e7c5bc2fadf807cbbff |
| SHA1 | 6b8d27288e24d93d8fba280ca3251d0b54066122 |
| SHA256 | 28e81485bbcaa2b55215efd34bafc183cdd2464a4ff2b33b93acb5f79157be3e |
| SHA512 | 68933eefd10dafab407c7d68f5c4000808c9aebaef809e403d572aefd6423f491e4e048f674f14679369737e80805647741a0088458d45413a42e27644acf083 |
C:\Users\Admin\Documents\GuardFox\geXdBtePYVTWVZxokBtY2RTV.exe
| MD5 | ae6e516adaf2f1e00fb70254de26a547 |
| SHA1 | 6d3ff141c2ffab04e2cb153586c80d7760f8e442 |
| SHA256 | 53fdd6d8f0d5c099db112b21e643d12fdbe2347759986796193f286fb058fb7c |
| SHA512 | 23c711808c0086dbd573eb7287e96c9706aebf0afb016bd053ef3469bb0d32226fb60ca8d696a078551dd24f3f52798aa63c2a1185f3ded6586fa44cf877e64b |
C:\Users\Admin\Documents\GuardFox\_E4NP1BHy4Nn_koqPTx1r11x.exe
| MD5 | 75dce86ca80f65901108fe3b0c0709a2 |
| SHA1 | 4f2614ae8e07d43da4bd22e4a82ca3aa499c3d74 |
| SHA256 | a3bdeb4b37b3ee8d6e855090604514b6f7a21fd9699d82722bd2c7916e3e2a2a |
| SHA512 | 0f8e6f6d064c9f0b8c965bb4413983d3d3e69dfc172e724362d853492fc19b00dbb1874a9f3bbc90d59b6b93db1bdd42a30d256ab5dcf78db35a6b6ce6fbcc98 |
memory/2236-524-0x00000000003F0000-0x00000000010EF000-memory.dmp
C:\Users\Admin\Documents\GuardFox\zHyWT4B7ksNcb40vwcW_8jt5.exe
| MD5 | 83d515fdc662f7632b7710ec25efc588 |
| SHA1 | adb1e55d936a4f9c4138d6c88c64bccd00fb9044 |
| SHA256 | 0960506c34e548618660b76800c4dec5084541636533dfa76ed63fc6c9e7dd0e |
| SHA512 | 5790cfc71fcf76ffbdbb687ba80c684dc5c4b1e8bc5faa74ca2826113ef5d41ab2f2cedcb36517bd7d1cdfa212108f7c0ea208cd317bbf64bbf01b4158fde2c8 |
C:\Users\Admin\Documents\GuardFox\iQCf_ssarPkOvbb8Rolj8DWS.exe
| MD5 | dc3a4946e3fc77cafd9cd6bde74343dd |
| SHA1 | b9337bdd6b0b3b8ab7df3cac6716727436229029 |
| SHA256 | 6bd5aa1b616e83799296e5a5f7b1cb81e1ddcae7e755ade4611602be9ae26749 |
| SHA512 | f8b99ff5f8386e97e6b64fd99eca69bc6dd54cde63d659daaa57c609166fd381bf71f6913d713d6ce692c89e225a7a6d14f9bf43c7ce66c460719de106bf8cf5 |
memory/2056-533-0x00000000009D0000-0x00000000009D1000-memory.dmp
C:\Users\Admin\Documents\GuardFox\geXdBtePYVTWVZxokBtY2RTV.exe
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/2056-540-0x00000000009D0000-0x00000000009D1000-memory.dmp
memory/2280-542-0x0000000000220000-0x000000000023C000-memory.dmp
memory/2056-539-0x0000000000060000-0x00000000009A7000-memory.dmp
memory/2056-545-0x00000000009D0000-0x00000000009D1000-memory.dmp
C:\Users\Admin\Documents\GuardFox\geXdBtePYVTWVZxokBtY2RTV.exe
| MD5 | 3e84ae40801cddc38677e6177d67ce67 |
| SHA1 | 7728f1a57836e372c5dade3b55f7efce9b51dcf0 |
| SHA256 | ab898bc728e2465e78dc31f0ddd60af9a63fcd76575aed7e09fe141dbbb0681f |
| SHA512 | 182dbf53807b54e77feb970e2eaec85655de03d8972eae66f8c848bdab72ef8e18cd19e6aa5cbc8a7ecaa23676b433354a52bcfb28aab8975f62acac32a9c458 |
memory/1624-549-0x0000000077DD0000-0x0000000077DD2000-memory.dmp
memory/1648-558-0x0000000000400000-0x000000000043C000-memory.dmp
C:\Users\Admin\Documents\GuardFox\zHyWT4B7ksNcb40vwcW_8jt5.exe
| MD5 | 0da1e9050a150c5765b2ae6973d86db4 |
| SHA1 | 6f8d9f491c1a0e3c117cb258c09dd92f10f1e56d |
| SHA256 | 4d497fe82c6469fb83a8e6dab52b1cb4c39afcf73aeb89eec730cd3e7238b95f |
| SHA512 | 8382aaf3da0c663fed8ac2c755a82a25c4bc4efb4c3e7777a7f52101ea89b6a1f93b44cd7ab1acf2de30d52081f6957b6466d0690bc91f60a14b109f05bba10f |
memory/1624-564-0x0000000077DD0000-0x0000000077DD2000-memory.dmp
memory/1624-566-0x0000000140000000-0x0000000140876000-memory.dmp
memory/2652-567-0x0000000000400000-0x0000000000537000-memory.dmp
C:\Users\Admin\Documents\GuardFox\zHyWT4B7ksNcb40vwcW_8jt5.exe
| MD5 | 013daae3a59a6db035e98f3b4cc64515 |
| SHA1 | e22b2a54dd429c79641753c72f1d5a83965563f2 |
| SHA256 | 867867195d2404c1ec8985606c40b0dfc0e8244fbe8cc00c242e7d5851704968 |
| SHA512 | aeff0f7ffc9584d22d041125e1ed38d050b7937b13ab3cb737a65b5a7d4d7b7e9624dd37252f07bf5ab1cf7511e7061de502efc069501a1b3c49ab197bc595f9 |
memory/2652-562-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
memory/2004-576-0x0000000003000000-0x0000000003400000-memory.dmp
\Users\Admin\AppData\Local\Temp\PowerExpertNT\PowerExpertNT.exe
| MD5 | 595718b19aeb84a8ef0e29e1dcb9cfa8 |
| SHA1 | 06da6604cdc10118a295d9eb9549d7a3504a32c6 |
| SHA256 | 66d4ca3eea7cf095f3807db3684602bde5d4184fa827357a1c955a2c287f0391 |
| SHA512 | bdcbf2ab6e0407b53c684ffe302b261a2ced22fee971619aadeaa7c6159b09fcec7eae3361aee3e09c6d7600245e84b7ec7706e75912d0ad2f55bedcd22b4908 |
C:\Windows\System32\GroupPolicy\gpt.ini
| MD5 | 7cc972a3480ca0a4792dc3379a763572 |
| SHA1 | f72eb4124d24f06678052706c542340422307317 |
| SHA256 | 02ad5d151250848f2cc4b650a351505aa58ac13c50da207cc06295c123ddf5e5 |
| SHA512 | ff5f320356e59eaf8f2b7c5a2668541252221be2d9701006fcc64ce802e66eeaf6ecf316d925258eb12ee5b8b7df4f8da075e9524badc0024b55fae639d075b7 |
C:\Windows\System32\GroupPolicy\Machine\Registry.pol
| MD5 | cdfd60e717a44c2349b553e011958b85 |
| SHA1 | 431136102a6fb52a00e416964d4c27089155f73b |
| SHA256 | 0ee08da4da3e4133e1809099fc646468e7156644c9a772f704b80e338015211f |
| SHA512 | dfea0d0b3779059e64088ea9a13cd6b076d76c64db99fa82e6612386cae5cda94a790318207470045ef51f0a410b400726ba28cb6ecb6972f081c532e558d6a8 |
memory/2004-578-0x0000000077C20000-0x0000000077DC9000-memory.dmp
memory/3032-577-0x0000000000200000-0x0000000000B14000-memory.dmp
memory/812-593-0x0000000000A40000-0x00000000019F3000-memory.dmp
memory/2004-575-0x0000000003000000-0x0000000003400000-memory.dmp
memory/1624-555-0x0000000077DD0000-0x0000000077DD2000-memory.dmp
memory/2756-548-0x00000000002C0000-0x0000000000352000-memory.dmp
memory/812-534-0x0000000000A40000-0x00000000019F3000-memory.dmp
memory/1060-538-0x0000000000900000-0x0000000000958000-memory.dmp
memory/1732-596-0x0000000000220000-0x0000000000221000-memory.dmp
memory/812-595-0x0000000000A40000-0x00000000019F3000-memory.dmp
memory/1592-535-0x00000000002F0000-0x00000000003F0000-memory.dmp
memory/812-598-0x0000000000A40000-0x00000000019F3000-memory.dmp
memory/1476-532-0x0000000140000000-0x0000000140218400-memory.dmp
C:\Users\Admin\Documents\GuardFox\NWKCi97yRPmDKNWuxjUrqCGt.exe
| MD5 | 271a170d132fd26f59117652244b9bde |
| SHA1 | 4a525966a741b5bf8486bf3ba227f01d5a737b51 |
| SHA256 | 954c0bf525cc7099301a0dd63bc7ff594a31a63d9c6941bc41c430f790f5ae1f |
| SHA512 | 76a0eab7b5771f8591183307498976b2e44132eb83cb4f9ff83bc674239987c87be4da5f4550ba40d20e4b3c8bd3898ae9b38936f6c528973eb1f075e1cc21ee |
memory/3032-607-0x0000000077640000-0x0000000077750000-memory.dmp
C:\Users\Admin\Documents\GuardFox\NWKCi97yRPmDKNWuxjUrqCGt.exe
| MD5 | b6497470a3bfe60a2e55cd8c44fe312f |
| SHA1 | 9803569365c8300fc9b13e4f001cd81f22834cae |
| SHA256 | 9e0d2cbc6a3b2933f919f374dcb7086ba66e270c58f6470d1151a27d9b1e9f60 |
| SHA512 | 1e164de848900e3c0fad5324ccb465ff0477582951987477044f05ca37abb1b741a6c869916a92fe1233dd1d6d53cf9074cd2fc79e5cf581126c30c64907d8c2 |
C:\Users\Admin\Documents\GuardFox\iQCf_ssarPkOvbb8Rolj8DWS.exe
| MD5 | 74f242925227f8be2902ebc146b35ebb |
| SHA1 | 7efb019a44ab567d47e7f23d8ee4f6c0b9c0ab32 |
| SHA256 | b8e8e054c6a1ba1a284acde3126cc65121366b567071f49e6cff2d2e5d3e18f8 |
| SHA512 | 6776a32e8a7ee30edafafdb90d0e40d3f2ded2ba1b43b016fda76ab62925a7914905b809400730e2d50d252121af4d9e5d5b78fe882991ef786d4c3dead5489a |
memory/3032-614-0x0000000077640000-0x0000000077750000-memory.dmp
memory/3032-616-0x0000000077640000-0x0000000077750000-memory.dmp
memory/3032-618-0x0000000077640000-0x0000000077750000-memory.dmp
memory/3032-620-0x0000000077640000-0x0000000077750000-memory.dmp
C:\Users\Admin\Documents\GuardFox\_E4NP1BHy4Nn_koqPTx1r11x.exe
| MD5 | 25fa641589f7ceeda1251369dc6b2ed2 |
| SHA1 | f245e45bc6ee30f78b6de8fd75f4e0b304e9aa69 |
| SHA256 | 7707e796e58f63ac42e33142f832a8940b9890a9579c8e68a2b215d3a2a61b47 |
| SHA512 | fa2a5e1077081f8be9c7107446dfb7fffbe4cf18ecc15cbe2b08ccab926882f7bdd81e2d583d8c4c90d544ec40bda81da256efdf5942dbd3cbddee2750a356fe |
memory/1592-625-0x00000000001B0000-0x00000000001BB000-memory.dmp
memory/3032-626-0x0000000077640000-0x0000000077750000-memory.dmp
memory/3032-628-0x0000000077640000-0x0000000077750000-memory.dmp
memory/3032-631-0x0000000077640000-0x0000000077750000-memory.dmp
C:\Windows\System32\GroupPolicy\GPT.INI
| MD5 | 93b3886bce89b59632cb37c0590af8a6 |
| SHA1 | 04d3201fe6f36dc29947c0ca13cd3d8d2d6f5137 |
| SHA256 | 851dd2bb0f555afaef368f1f761154da17360aeea4c01b72e43bf83264762c9f |
| SHA512 | fc7baef346b827c3a1338819baa01af63d2d4c31f3f7e17b6f6b72adab70de81872a67e8f3c1a28453abb595dbac01819a9bcff0710e9651a45deaf2f89e65fb |
memory/3032-630-0x0000000077640000-0x0000000077750000-memory.dmp
memory/3032-640-0x00000000769A0000-0x00000000769E7000-memory.dmp
memory/3032-643-0x0000000077640000-0x0000000077750000-memory.dmp
memory/3032-645-0x00000000769A0000-0x00000000769E7000-memory.dmp
memory/3032-646-0x0000000077640000-0x0000000077750000-memory.dmp
memory/3032-650-0x00000000769A0000-0x00000000769E7000-memory.dmp
memory/3032-652-0x0000000077640000-0x0000000077750000-memory.dmp
memory/3032-654-0x0000000077640000-0x0000000077750000-memory.dmp
memory/3032-653-0x0000000077640000-0x0000000077750000-memory.dmp
memory/3032-655-0x0000000077640000-0x0000000077750000-memory.dmp
memory/3032-657-0x0000000077640000-0x0000000077750000-memory.dmp
memory/2756-659-0x00000000002C0000-0x0000000000352000-memory.dmp
memory/3032-658-0x0000000077640000-0x0000000077750000-memory.dmp
C:\Users\Admin\Documents\GuardFox\NWKCi97yRPmDKNWuxjUrqCGt.exe
| MD5 | 205b637e6b17f2c8bacf9f71bd94689f |
| SHA1 | 254458a8b3b15aa689728f89b471dae43b27b3bb |
| SHA256 | e5e4d4b9ed7d70ef04c3a5e73cb3c09820b50e2798dbaca828c7bdaaf7efdc39 |
| SHA512 | c745b807be8b0b184188ff9138d793e99b6cc790372cb7a28013d66a12e14613fad033c94575a3dfdac632358b9e9c216445b10fe6102e11c0b4c001d08261d6 |
memory/960-624-0x0000000001080000-0x00000000010E4000-memory.dmp
memory/3032-622-0x0000000077640000-0x0000000077750000-memory.dmp
memory/1256-619-0x0000000000A00000-0x0000000000F6C000-memory.dmp
memory/1648-666-0x0000000000530000-0x000000000053E000-memory.dmp
memory/1648-668-0x0000000000220000-0x000000000022B000-memory.dmp
memory/1028-665-0x0000000000EE0000-0x0000000001584000-memory.dmp
memory/2756-664-0x0000000000A70000-0x0000000000B8B000-memory.dmp
memory/3032-662-0x0000000077640000-0x0000000077750000-memory.dmp
memory/3032-610-0x0000000077640000-0x0000000077750000-memory.dmp
C:\Users\Admin\Documents\GuardFox\iQCf_ssarPkOvbb8Rolj8DWS.exe
| MD5 | 96d44d6210432166687654c0b0593257 |
| SHA1 | a6e28553d7eb5b691f76cf665b88e101a2ecaad2 |
| SHA256 | ebc4e1065332fc30c080e4564d1f2a448eee0b14402f7d254a2f18f608df0b5f |
| SHA512 | 184ea25c73a5f24077f361232a8c650fe6b20b70480b0e343ae4bd5b373e819984c6b97548a29f849239bb7cc8e415760579f0c9a1c6ae39ee0c16efb0006eea |
C:\Users\Admin\Documents\GuardFox\zHyWT4B7ksNcb40vwcW_8jt5.exe
| MD5 | 6f0e5ad311936054a33eb7287c594521 |
| SHA1 | c973d47705660081bcbce5a99832c5f035168776 |
| SHA256 | 54ee98582d3733d200040666a41685a51467de8ed0f6e06bd076fb94ee7ec1a9 |
| SHA512 | a00a696feee34b30eaa3dc88878d649ea824d82abf67fbcfd058a2942d52a0092f750e3a41abc303b8b04a33b05a34b528be4e9827a272a40067e66ba8fa367d |
\Users\Admin\Documents\GuardFox\PY0N8L8t5tIFZG93NkDisPnC.exe
| MD5 | a1872c530ca0237690ccc3acff92490d |
| SHA1 | 5817701ac507f8e32b655f9df6042a02e5297445 |
| SHA256 | 32ac4415139d5be9a50f547917cbc58fffa48773909a99018435ae8519cec9f8 |
| SHA512 | f059d2a8123c52e025f2cf5a7e64c5ffb3da7b7523f8135d5473884d572ffd69b43570420067c1fc764ea6025197dfe1ed7c5f202d261e9ee2445c850569defb |
C:\Users\Admin\Documents\GuardFox\PY0N8L8t5tIFZG93NkDisPnC.exe
| MD5 | 2383c297d48a62360c40b0dbb80c9d27 |
| SHA1 | 691c79368f3d3a7aa069930ec7269eb6b12fc0f0 |
| SHA256 | 6572241c494bf0489ce8783d86464059934bdac8a5b9b6cfe2b2681b58ff0f2c |
| SHA512 | 3a758873428faac6b237288dfc509652dbeff846378040e843d52ef7357e953a5f5c6bffaadec711494c74793e4dc4fbcd57b669e9c3294f0d141840a52e4763 |
C:\Users\Admin\Documents\GuardFox\PY0N8L8t5tIFZG93NkDisPnC.exe
| MD5 | 2ae70aebe249251e4cb44d8571556348 |
| SHA1 | 30fdcfdd06c13239e6473d0bd7db06f4b3d6a123 |
| SHA256 | 91a98ab018c472bf5be706a3156660448bba140a2e002274b772e5370c7e419b |
| SHA512 | ef510d9c2ec347766d718582388521e9f182d4ff03987e1005e9512d23fdec07bbc1b856798c08d37136ca5c8297509e85f221583bacd16b55a06bc0057610d9 |
memory/2280-501-0x00000000006F0000-0x00000000007F0000-memory.dmp
memory/1476-500-0x0000000140000000-0x0000000140218400-memory.dmp
C:\Users\Admin\Documents\GuardFox\MM1LQ88qGHPZpfYJCxA7SbKJ.exe
| MD5 | 9b536edff4fdaaf279f8fe28f8702f75 |
| SHA1 | 4fe0efe99f7e74067a0616449edce08a06ff9f7d |
| SHA256 | 14bedee6d52a54b4a09eea373df71291fab8ac111b6f3939a1b1807f3145bfae |
| SHA512 | 7aff9eb78075f73cecb74123a7712825fa4b3c074e5c16173d71d0f996aaf3a36d1d25955e614b83583fd4854aa34f300f47dce6c7590460b193e8aa5212c828 |
C:\Users\Admin\Documents\GuardFox\MM1LQ88qGHPZpfYJCxA7SbKJ.exe
| MD5 | 0114a3bde2b4dd8e3ca4f4ceb5a9c701 |
| SHA1 | 0cab697271ec413947a658dcbbb1f1fb81818005 |
| SHA256 | 542ba1eedf7b5d223e05ace41b24b934eae71ca05f8e57afcce6a7c300a2e943 |
| SHA512 | de6e1bdf75d9d6507fef6f8ceeaa4a0a49f5a6724998b21438faf498f4e9aa0884785fe04faa991e584dcc7d0fb669d081e0c9fdc51322e0dc904c4928cad050 |
memory/812-491-0x0000000000A40000-0x00000000019F3000-memory.dmp
memory/2004-490-0x0000000000320000-0x00000000003AB000-memory.dmp
C:\Users\Admin\Documents\GuardFox\zx0aWQ_xz45fidj5kGmRSAlJ.exe
| MD5 | 70e7175ca85838725c4cb6b5cfd97fd4 |
| SHA1 | 63f3d956f5f23bea28315974d57692502eee7c2a |
| SHA256 | 816883e81febb183f0d0e1e22d883a75b7469c6f5f877ebac636fc09279a0d47 |
| SHA512 | 81eef7ad15a0844d03d9b4d2c4ac71e72c354eea45e86bed49c08d58ca086a0625b2cd5c249fdd44f1970f233553b8fe2ad98cf34662edf317337436dc23503b |
C:\Users\Admin\Documents\GuardFox\zx0aWQ_xz45fidj5kGmRSAlJ.exe
| MD5 | b293bca1faac67a48e05b3dd3953bf40 |
| SHA1 | a25a52969bd93031a23a36698c3a01c3b90b686f |
| SHA256 | 30b479729189903253e8f216439b8b21131d2d18477937fdd3b7310910fb6a42 |
| SHA512 | a7f3e65fd8da13c6e6dd3d7488c170a41b846ec8f27b765606ff3bdbbd3140e27a8b61ffae1c08a2d6b3b0c2ca8292ab9c02914a40ad06fa395d7bb448e33772 |
C:\Users\Admin\Documents\GuardFox\iEkV5AkWBmFGq5fXIdHbqzU4.exe
| MD5 | 823e2596249193c66e3e906a0a09b3c5 |
| SHA1 | 94ed013d8897de05f61a06e475c5f3d9214a4431 |
| SHA256 | b2ae68cbbb3476554506a2bc4fa81301faf64f28b32b722401c670a66a24b549 |
| SHA512 | 549bfbd3c105ecac254a0c5099bdb0922da4689cd52e096b692dbab18339e331f7e530d52ce18c1483d8e8c48b2bf551d23dc64bfddce0fb1b3d9d453d3054b9 |
C:\Users\Admin\Documents\GuardFox\NjWsxPZVyYqpDbbfJ8fvgfVA.exe
| MD5 | 229e9ae78b03e94dea9e50c1849f6aa2 |
| SHA1 | c28be214a8f6e100c04d8998a78f9079f62b706c |
| SHA256 | 5474782ca31234fd571bb60243c7e5c1300276a279e38f39d64b9f530960c761 |
| SHA512 | 9b0ab6eabf9380cfacd270ec9344ced6c9bcfaa66a3e5702aeb94fc8fea176e44a40bc58327547ec651777ca02141d294cb9d8ce9a3f166e0dfa70ea477fccda |
memory/1632-470-0x0000000001230000-0x0000000001713000-memory.dmp
C:\Users\Admin\Documents\GuardFox\vK0PPAPmUAE0hE8jS7enXAKZ.exe
| MD5 | 6ef9dd6bf5754d705a1354e585562083 |
| SHA1 | 8c00f491cd4501dff68a3ad8ce130f3a86d62f70 |
| SHA256 | 054401eaaa275001109a614dd93d1e3a5fb265ddf0d14f5c2f479eba902ccb99 |
| SHA512 | 0254170bb8a680daff80e8ec7309f200167100f9601b014f28d5ba6125c2200c45c03d5158a343e2d9055e657d5ea5cc2f5d0d5f65b85c1a4cbef93c357988f9 |
C:\Users\Admin\Documents\GuardFox\iEkV5AkWBmFGq5fXIdHbqzU4.exe
| MD5 | e818911f2f4c5dcec996bd45d112abdc |
| SHA1 | 6488de55e9a4dc0878301f8d7884d569c4cf29be |
| SHA256 | 8f7ec80f776b4d15e960ec94960d922ecc42c5a3f67ca9a0c869a4fdbfd9af1c |
| SHA512 | a3bcb2f4798a8ef4ca6d3c43d59df63ec259d883d4c9ebc98f82ac7efe852879ea170dff076972b746916ec19cfc653b52c57f97382f1d62d66fb6e77e66cbd5 |
memory/1964-466-0x0000000000400000-0x0000000000414000-memory.dmp
C:\Users\Admin\Documents\GuardFox\CEbkUTW8hyrrDT6Rf1t8zVr1.exe
| MD5 | 4efbd7dc1a916f5b4b8d333b678084f2 |
| SHA1 | eb6baf3de9171a72eca2056c567ce3677f422b07 |
| SHA256 | 0413126f8560c07a9aa2653512baea4284f5879cc2592e80b08d6ba4fd21ea45 |
| SHA512 | 7bfdaa3d505144030f555c847b25d45ea9a424d12cf76a2d6354d5b537816591e0c8381406520eda10accfeaaf9a92c4f7060912da819d5d5e66bdff688c7306 |
C:\Users\Admin\Documents\GuardFox\vK0PPAPmUAE0hE8jS7enXAKZ.exe
| MD5 | 660fd6c484537af5c24819b081f8c29e |
| SHA1 | 9bd6a5446af7d9070770c2660279935ddbf7a991 |
| SHA256 | be6e7d067a54d216f42a2bca2245ba24e5441e4c258eefb0b1dd3f9315a2da2e |
| SHA512 | c81f014aaf611b02c684c03f3ccc9c2d12705f03dbb4f8359fa69724ff8b48c4549a2682796a8c1f453ac430586ab7d4cf8fe8037fb2dc4a1c590c5f0e831a48 |
memory/2352-448-0x0000000000080000-0x0000000000081000-memory.dmp
C:\Users\Admin\Documents\GuardFox\rP3VVvbHIAJXsDRWtvhHL16n.exe
| MD5 | 480e0f4949b8a263d7cfa7053dc1cd75 |
| SHA1 | 368a4ef1942d423d5a7c47b994b0ecb7113dc29b |
| SHA256 | 094c50d7d6bdf0ced2a67949dadd9361b259696d6721e71fb4fa69b2905525a7 |
| SHA512 | 23583ccdaf5894b3bfa4130de4ea37a53478ecc64802fbb9ae37ccf80c6c39f8c797dac0e49ec6da7311c76f82d7c9e98bded5017f99dc4663df91c9eadb8002 |
C:\Users\Admin\Documents\GuardFox\vK0PPAPmUAE0hE8jS7enXAKZ.exe
| MD5 | b7090b42b049bebd4263be2ef8146743 |
| SHA1 | 971900cd0fc32f991874bcaf30fe2356db4feb44 |
| SHA256 | 69979b126b7eee985d461ad190f8bcc3ff94b106641b4a75dc6211bca58a4402 |
| SHA512 | 0e5db583afee9fc1230017a62aa9c9c025e8de45ed0b4aa41ced48f185a37696fbb5c709b9314f54db078f1444dc4b20d0db085f3e51b645dce0c8e090c1246e |
memory/1732-698-0x0000000000400000-0x0000000000D40000-memory.dmp
memory/3032-701-0x00000000769A0000-0x00000000769E7000-memory.dmp
memory/1592-671-0x0000000000400000-0x000000000043C000-memory.dmp
C:\Users\Admin\Documents\GuardFox\MM1LQ88qGHPZpfYJCxA7SbKJ.exe
| MD5 | f45d3baaa2791787d60e01674d51b6f6 |
| SHA1 | 45198af0f45668acbaa6c725f18560bc5466ae63 |
| SHA256 | b74a1106ccba8c3da76e0e4a4a65f8ce52913b2e8eab9e8b98558db3700d537d |
| SHA512 | 7682710885e59f26891aeee1a4795e01eeaf75a74cedd63821d3262514a3ee1fa9f6dd82f08c21a3dc276b6d93067ada14fb73d02f0bb54995008e68b9b6174a |
C:\Users\Admin\Documents\GuardFox\zx0aWQ_xz45fidj5kGmRSAlJ.exe
| MD5 | 1c54648e1004a95b99710010006cc041 |
| SHA1 | c7de6c2670628713b72dc6ecb830958131dde8b2 |
| SHA256 | 34eabb5bb6d2763bcf0dfe4a82c3ab38100f729886bb5a8bcc2b7153962cd960 |
| SHA512 | 8664bf20eceb9e465518ebc1920bc0152953f635f440b1f906ec192bb6754d259407a8898138334c744f137508a85ac6795015654ebd109c77f6066b6e5a8c2e |
C:\Users\Admin\Documents\GuardFox\iEkV5AkWBmFGq5fXIdHbqzU4.exe
| MD5 | 61130501ff2a40cd8856945b04f39c26 |
| SHA1 | 67c1d30cdbed6f0a973ae300288450abc3e56508 |
| SHA256 | 82471e8691af3e8bee563e70705c8336752df749fd86ab847ad7d19e43321c71 |
| SHA512 | 75dd513e86eb1606af2b90622215c62f21014d950188f1c668943093193b7bfdb2b9b318761dc58e66c509b75abd75e8bd20f2f3f2cba3236d2cba3eaf340636 |
C:\Users\Admin\Documents\GuardFox\fA4fWqni3Fk1dH2hcuGg5kVv.exe
| MD5 | accfb15c204558f43321664dc978e9de |
| SHA1 | 1865f689d93d52da28bceac7c91892cd5a5ad47d |
| SHA256 | da397cdb9ad4e487a5caa93a644213784049175283cc5af98846d8c9588b0a27 |
| SHA512 | 6a0744d364d721d883b812ed0b3d0ddaa7f4bd46b3f79b6d5a64fbc4782af35641ae0c6ed024ae820b79300a84d53108f774d4e798109e09b029d349f68bbdbf |
C:\Users\Admin\Documents\GuardFox\CEbkUTW8hyrrDT6Rf1t8zVr1.exe
| MD5 | 5a55ca850a83e85f0c353e43cc559d09 |
| SHA1 | 7c14c5e63813cb81a36754059c9946870730ff32 |
| SHA256 | f6265ca55f4bb2ca73265b3be8ef741393775ed3f3d4f54f3a1127c5899ce59e |
| SHA512 | 737a60aed77e65271a6a99419fcc6ee3724c9ad6a75219240d17b49a14825a12d9222931d7f635a58a7232e818a95594732f88fffa6fe248350d580c2c6ba4ec |
C:\Users\Admin\Documents\GuardFox\uJ96kzoVFq4ADEaCTcabRPLJ.exe
| MD5 | 1067a2133245c0825cdb291c8b66ff5f |
| SHA1 | ef9d22b8890723e3e58cc71125fb06199597723c |
| SHA256 | c8f9a85b42dbf953f8a438c85ce0f821ce7f09757ae5db0bd7cd18cbe1f94dd9 |
| SHA512 | 458f0f88a4ebd168471540303b3c0fd5d3dd7096b3bb22616dce2a66e1287ab12db781f1e2cc2d962dcf273a0c2cd23aa64513d9a30697ad6de0d31a09f3ffc5 |
C:\Users\Admin\Documents\GuardFox\Dlt1iZAcoIqBH7K_dVKde64Q.exe
| MD5 | a98439ba177d1d3f371663743b6afcf5 |
| SHA1 | f3eb6b31134fe62530f3e472e96570c4d214004d |
| SHA256 | 48f150a7f567fbc1bd4745f21a995f5c208c3467a89ce4a04731035cfb8b21a9 |
| SHA512 | e86765d47f63cb3ed2b2b2b3c383dda3a2da4d0e9035c9ef41da224e4a18e90f859596022e348eb26cca418f7a5c7f65da88efc9afc6e6321748dc406a9fbfe6 |
C:\Users\Admin\Documents\GuardFox\rP3VVvbHIAJXsDRWtvhHL16n.exe
| MD5 | 8d1af7fd74ef8f48d5451aa5e0f1aeb2 |
| SHA1 | f863b2416a0fc3d0be2aa63ebcdad36d505464ee |
| SHA256 | 7222e7d6b67b876008ed763e77905fb1edb6cbd24e65617b777a5e7f70520cf0 |
| SHA512 | 830d63a3354eb184bd4ac9e2f93c77613a0a1875525f782c2936870658d4958bd564305f22411f65ec344f544a19f8257fdf841b364809d94b6d18710b48c9aa |
C:\Users\Admin\Documents\GuardFox\4EC9IqjKczl0bbmOaciB5eaC.exe
| MD5 | fd542770caa785b5ac67cc5515b7e98a |
| SHA1 | 64d9fb05ec4bbbb8f8fc22f378a4cd9c5fcc0b63 |
| SHA256 | 7f9f5ce9757b6d7dbd1b853dafd7066ac9497a93fe5aa047e95f196d4eff8768 |
| SHA512 | e6a06a17d7b5dbb771bbed1a2500f8ff0c7625d16b1e13b0805146869141f0ddd34baf1fcdaff4cd71e2d327dd788c3bed4f7bb4cbb4805822eacc4436864975 |
C:\Users\Admin\AppData\Local\Temp\Y8wSG2.CPL
| MD5 | 3c06ce67cae8baa081c8b55ff9b9905e |
| SHA1 | 9cabf1250bb795fbe7a595febe6bb38ec25e511f |
| SHA256 | 1b72e08391178e7b6daa2a298bb940d2ddba5d11c0ba14487fd8fa63980f9752 |
| SHA512 | 58c6b1207b5cf506a0b95533a34e8076cea22485b2be959e416f6cdec319af258a1e564a6f80ea4a82c8729a8c257efe60162bcb1ef449fbc128cf198a5d72b4 |
\Users\Admin\AppData\Local\Temp\Y8wSg2.cpl
| MD5 | 5b18147e15cc2e65a95e965fef1d1fc8 |
| SHA1 | c704ace88ba674f31c302b405a7f66132ffd4ec2 |
| SHA256 | 513c2336d643129a32c699e34f075586237f39d98f3b09c627bc336fb5fc0dc8 |
| SHA512 | 5074ee967e222d4ba7b6a1a7c5b18575d23236e6c8daa793bf6b597139f3cb28b26c6512866cf3746cb54af73f129b1a40cb8396c4fbc37aa155f6613e4ce07a |
\Users\Admin\AppData\Local\Temp\Y8wSg2.cpl
| MD5 | aa43b4141349558ef1024343c73c33af |
| SHA1 | fcc50975889515f12415d2ebb46bbdc017597e2e |
| SHA256 | 6aa19ddbb6628d1ef61d7691478413b0b51bcaf6685a6794d22acb7ff2e5132b |
| SHA512 | bfbc81513f2d5eac566da2607c99e875f9e8c31f4e58b2af8ac69290dc48def994151f255de1d4478b90630e5801c9c918b4fe822559f8e6f2e763b6be494bfb |
\Users\Admin\AppData\Local\Temp\Y8wSg2.cpl
| MD5 | 712990cad9aada58c2f8ac76805984ee |
| SHA1 | d136f75ada0cd285e2fc072788cc0980c2d5770a |
| SHA256 | 2b7b5cff5b465748e0a8b69246cb40a90e561db7a54cb5dde4220b983b41fbfe |
| SHA512 | 4818e1f022c98c075a8b288f64c843582e026ddf3a3002ef580952a4f9da7cc10d9870290b701c04dc80854b7a7ea3c42d7f790fccca8b3600d0af7e533affe8 |
\Users\Admin\AppData\Local\Temp\Y8wSg2.cpl
| MD5 | 8b4a0ca04935272552f3ed07be1cc56a |
| SHA1 | 63efa9aaaa7da14452237d639402369898e8ecd5 |
| SHA256 | 38410d267c741c6aea1a5a1e1695d2e5870eb1bf4234dee9d944d1c8c45b7280 |
| SHA512 | 2b13b8015161584858e0bc4ab9192d0896052367b93d5db17abf336499f03867a999de2b4b9a3af8511cffce8b27b076feb138be350e5fd4f74e33cf51e7b240 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c17c8a8335b7a92858b6ed5e04980a22 |
| SHA1 | 7a0b17b558b2c5a3a23fecd3ddcefc4b1b4ac514 |
| SHA256 | 4bc9b677ce7154d0ba6c654962bfe9037f61ed77d84bcb214be9be5151cd69da |
| SHA512 | 5033a96221cc8b6d09de87dc542e1276e0f05f541b2936097f4c1fec9fd6aebcaf6b2ed9e33cd1556d347f2f61966fd8daf3960124c3ab1421a23ffebe38f66b |
memory/2004-733-0x0000000003000000-0x000000000300F000-memory.dmp
memory/2352-745-0x000007FEFDCD0000-0x000007FEFDD3C000-memory.dmp
memory/1028-748-0x0000000005950000-0x0000000005B6C000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
| MD5 | 55fa6d692b0c1faed5ed05739a5bb278 |
| SHA1 | c93d060a09615f31554035c369e2a0c6c841f3a9 |
| SHA256 | c9d9860f3b766b4445db3647bee2e792c578d76e1447f12abee6c100ebcc1e5c |
| SHA512 | bd51d894d59027f9698144bd0566eabe96b760297ab187537a64f7e05c591d481c0625fe3457d8f1c09c194fe3ebecb785556ab457f27e1161ef6048bada9d69 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
| MD5 | 60fe01df86be2e5331b0cdbe86165686 |
| SHA1 | 2a79f9713c3f192862ff80508062e64e8e0b29bd |
| SHA256 | c08ccbc876cd5a7cdfa9670f9637da57f6a1282198a9bc71fc7d7247a6e5b7a8 |
| SHA512 | ef9f9a4dedcbfe339f4f3d07fb614645596c6f2b15608bdccdad492578b735f7cb075bdaa07178c764582ee345857ec4665f90342694e6a60786bb3d9b3a3d23 |
memory/2352-751-0x000000013F7C0000-0x00000001401B1000-memory.dmp
memory/1028-755-0x0000000006CA0000-0x0000000006E32000-memory.dmp
memory/1256-753-0x0000000005810000-0x0000000005A18000-memory.dmp
memory/2352-756-0x0000000077C20000-0x0000000077DC9000-memory.dmp
memory/1028-761-0x0000000000400000-0x0000000000410000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\DE6D.exe
| MD5 | ae4f5ce1ad9e5c3ab6d68dd71454a6e0 |
| SHA1 | fd286c24292d9b0b16daad5434d805ea8da07454 |
| SHA256 | 49a5f5ba13441e7ec1c7da639aa7c01da4054a46eb408d0f0aa85128b22e470f |
| SHA512 | 285848061e8901eec19ce2b21bbbfc41f8a646779ec517476730cb96159b68f09ddf9a72bd13e19b91f491cf0ac3dbfa5608dea2cf8062c5d953854b4962c18d |
\Users\Admin\AppData\Local\Temp\Protect544cd51a.dll
| MD5 | 544cd51a596619b78e9b54b70088307d |
| SHA1 | 4769ddd2dbc1dc44b758964ed0bd231b85880b65 |
| SHA256 | dfce2d4d06de6452998b3c5b2dc33eaa6db2bd37810d04e3d02dc931887cfddd |
| SHA512 | f56d8b81022bb132d40aa78596da39b5c212d13b84b5c7d2c576bbf403924f1d22e750de3b09d1be30aea359f1b72c5043b19685fc9bf06d8040bfee16b17719 |
C:\Users\Admin\AppData\Local\Temp\916.exe
| MD5 | b27c3d053e7c1fd220ee8cb46467b19b |
| SHA1 | 65c17b4976651991a6449b7d3efccff8fe27c38a |
| SHA256 | f081e07c6ca98bf4eceefe5168e3e3fedbf92631faa7d138a87f663571e9e128 |
| SHA512 | db9becbaf9c6d7f267071fc77369096f8fa6fc61558418ae04e13feb06e8284d844f816620c8c50f39452c8079ab6dcddd9a8c6877d4ad692ffc1fc8b53dc80d |
C:\Users\Admin\Documents\GuardFox\gqGHRUK4EKmIkZQQtGKxKg0h.exe
| MD5 | b13aee5c46f8d950374cd79e13017840 |
| SHA1 | 3c5044dfcd0d60a4ed432d8807760b595812f16a |
| SHA256 | eff45717fe8b9dda514c52e34af5a3f155fd38006d64573f2fe9712f10db1f7a |
| SHA512 | 11acb0379e5102df0ce19ce90f43f78b78882e6a2e53a5d3c224f4f2f444acad9c1127bcfa43b3e77e12e9fa9ae18018a7e0bb19bd6ff3b7f186827b1b370ead |
C:\Users\Admin\Documents\GuardFox\RUyFRVJRB6VNLF8TthnG27Vv.exe
| MD5 | 1f195b584b23d49494a6cfde05d07a6b |
| SHA1 | fa6b46d8940634e05418f63e264ae4b64875121e |
| SHA256 | 3b122da6dac3218165926190fe6880ca3a4965d734a5b464b4672f649c5f1b53 |
| SHA512 | 30a1e7c1bf9c4e41204a8f8a870f57f076f99d92c676747972f1467a4fc0d6ab97f78b56b5d1cda197ba98baca6e9bafa8c26879f30edbd9e927c9711f4d813a |
Analysis: behavioral1
Detonation Overview
Submitted
2024-01-23 12:11
Reported
2024-01-23 12:18
Platform
win7-20231129-en
Max time kernel
121s
Max time network
124s
Command Line
Signatures
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2988 wrote to memory of 2908 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2988 wrote to memory of 2908 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2988 wrote to memory of 2908 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2988 wrote to memory of 2908 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2988 wrote to memory of 2908 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2988 wrote to memory of 2908 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2988 wrote to memory of 2908 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\prom\1.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\prom\1.dll,#1
Network
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-01-23 12:11
Reported
2024-01-23 12:18
Platform
win7-20231215-en
Max time kernel
121s
Max time network
130s
Command Line
Signatures
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1972 wrote to memory of 1880 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
| PID 1972 wrote to memory of 1880 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
| PID 1972 wrote to memory of 1880 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\prom\chrome_elf.dll,#1
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1972 -s 84
Network
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-01-23 12:11
Reported
2024-01-23 12:18
Platform
win7-20231215-en
Max time kernel
121s
Max time network
130s
Command Line
Signatures
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2648 wrote to memory of 2872 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2648 wrote to memory of 2872 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2648 wrote to memory of 2872 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2648 wrote to memory of 2872 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2648 wrote to memory of 2872 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2648 wrote to memory of 2872 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2648 wrote to memory of 2872 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\prom\dbghelp.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\prom\dbghelp.dll,#1
Network
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-01-23 12:11
Reported
2024-01-23 12:18
Platform
win7-20231215-en
Max time kernel
117s
Max time network
120s
Command Line
Signatures
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1192 wrote to memory of 2228 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
| PID 1192 wrote to memory of 2228 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
| PID 1192 wrote to memory of 2228 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\prom\lgc_api.dll,#1
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1192 -s 152