Analysis Overview
SHA256
07fc70e17fc81a62cce3afd89755eb174e090bb3c0f170ea23a55ac7cdda1820
Threat Level: Known bad
The file SecuriteInfo.com.Win64.Evo-gen.16085.20859 was found to be: Known bad.
Malicious Activity Summary
SmokeLoader
Stealc
Djvu Ransomware
Amadey
RedLine payload
Detect ZGRat V1
Detected Djvu ransomware
RedLine
ZGRat
RisePro
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Creates new service(s)
Downloads MZ/PE file
Stops running service(s)
Modifies Windows Firewall
Modifies file permissions
Reads user/profile data of web browsers
Checks BIOS information in registry
.NET Reactor proctector
Themida packer
Executes dropped EXE
Checks computer location settings
Loads dropped DLL
Checks whether UAC is enabled
Looks up external IP address via web service
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
Suspicious use of SetThreadContext
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in System32 directory
Launches sc.exe
Program crash
Enumerates physical storage devices
Unsigned PE
Suspicious behavior: MapViewOfSection
Suspicious use of FindShellTrayWindow
Modifies registry class
Suspicious use of SetWindowsHookEx
Delays execution with timeout.exe
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Enumerates processes with tasklist
Creates scheduled task(s)
Checks SCSI registry key(s)
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-01-23 16:31
Signatures
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-01-23 16:31
Reported
2024-01-23 16:33
Platform
win7-20231129-en
Max time kernel
2s
Max time network
150s
Command Line
Signatures
Detect ZGRat V1
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
RisePro
SmokeLoader
ZGRat
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Evo-gen.16085.exe | N/A |
Downloads MZ/PE file
.NET Reactor proctector
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Evo-gen.16085.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Evo-gen.16085.exe | N/A |
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Evo-gen.16085.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.myip.com | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | api.myip.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\GroupPolicy | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Evo-gen.16085.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy\gpt.ini | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Evo-gen.16085.exe | N/A |
| File created | C:\Windows\System32\GroupPolicy\Machine\Registry.pol | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Evo-gen.16085.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy\GPT.INI | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Evo-gen.16085.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Evo-gen.16085.exe | N/A |
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Documents\GuardFox\uHwhDsNFs_uGIMs6F59vqpG0.exe |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Evo-gen.16085.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Evo-gen.16085.exe"
C:\Users\Admin\Documents\GuardFox\5MlvVudCqNrrtq9_lBlRWeAM.exe
"C:\Users\Admin\Documents\GuardFox\5MlvVudCqNrrtq9_lBlRWeAM.exe"
C:\Users\Admin\Documents\GuardFox\Mc9tVzF6IkkHASMBailK8TBz.exe
"C:\Users\Admin\Documents\GuardFox\Mc9tVzF6IkkHASMBailK8TBz.exe"
C:\Users\Admin\Documents\GuardFox\gRfOp2VODxVQ1Ra8buliycgB.exe
"C:\Users\Admin\Documents\GuardFox\gRfOp2VODxVQ1Ra8buliycgB.exe"
C:\Users\Admin\Documents\GuardFox\Ry560CQesuA0VRPoNaLZeuUf.exe
"C:\Users\Admin\Documents\GuardFox\Ry560CQesuA0VRPoNaLZeuUf.exe"
C:\Users\Admin\Documents\GuardFox\SGuv35g7kNHTsHxPR5QGrGHQ.exe
"C:\Users\Admin\Documents\GuardFox\SGuv35g7kNHTsHxPR5QGrGHQ.exe"
C:\Users\Admin\Documents\GuardFox\dLst4LLS3y0KPsF_Zrqew6hL.exe
"C:\Users\Admin\Documents\GuardFox\dLst4LLS3y0KPsF_Zrqew6hL.exe"
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7eDL.CPL",
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\WinTrackerSP\WinTrackerSP.exe" /tn "WinTrackerSP HR" /sc HOURLY /rl HIGHEST
C:\Users\Admin\AppData\Local\Temp\is-V9L5D.tmp\QT6kRHTOlSZnVIstIr7gKrvg.tmp
"C:\Users\Admin\AppData\Local\Temp\is-V9L5D.tmp\QT6kRHTOlSZnVIstIr7gKrvg.tmp" /SL5="$90142,3515248,54272,C:\Users\Admin\Documents\GuardFox\QT6kRHTOlSZnVIstIr7gKrvg.exe"
C:\Users\Admin\AppData\Local\Web Resource Viewer\webresourceviewer.exe
"C:\Users\Admin\AppData\Local\Web Resource Viewer\webresourceviewer.exe" -i
C:\Windows\SysWOW64\control.exe
"C:\Windows\System32\control.exe" "C:\Users\Admin\AppData\Local\Temp\7eDL.CPL",
C:\Users\Admin\Documents\GuardFox\k1kI5wggSG37w69OU4wZuaJX.exe
"C:\Users\Admin\Documents\GuardFox\k1kI5wggSG37w69OU4wZuaJX.exe"
C:\Users\Admin\Documents\GuardFox\uHwhDsNFs_uGIMs6F59vqpG0.exe
"C:\Users\Admin\Documents\GuardFox\uHwhDsNFs_uGIMs6F59vqpG0.exe"
C:\Users\Admin\Documents\GuardFox\e5Bd6wsLjXnztjdrdizZDslm.exe
"C:\Users\Admin\Documents\GuardFox\e5Bd6wsLjXnztjdrdizZDslm.exe"
C:\Users\Admin\Documents\GuardFox\k1kI5wggSG37w69OU4wZuaJX.exe
"C:\Users\Admin\Documents\GuardFox\k1kI5wggSG37w69OU4wZuaJX.exe"
C:\Users\Admin\Documents\GuardFox\THZlFKHWyHhQ3PnSm1WV6COo.exe
"C:\Users\Admin\Documents\GuardFox\THZlFKHWyHhQ3PnSm1WV6COo.exe"
C:\Users\Admin\Documents\GuardFox\K09rhbtbGrLuLpGU5YfvkldM.exe
"C:\Users\Admin\Documents\GuardFox\K09rhbtbGrLuLpGU5YfvkldM.exe"
C:\Users\Admin\Documents\GuardFox\nv2rwNUJBhCnCdF2vk8KOPS5.exe
"C:\Users\Admin\Documents\GuardFox\nv2rwNUJBhCnCdF2vk8KOPS5.exe"
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\WinTrackerSP\WinTrackerSP.exe" /tn "WinTrackerSP LG" /sc ONLOGON /rl HIGHEST
C:\Users\Admin\Documents\GuardFox\yPjaS7wR7iTJKevxHiHrOPVV.exe
"C:\Users\Admin\Documents\GuardFox\yPjaS7wR7iTJKevxHiHrOPVV.exe"
C:\Users\Admin\Documents\GuardFox\aPnwp2xAhAjL8RYsu5HT29v8.exe
"C:\Users\Admin\Documents\GuardFox\aPnwp2xAhAjL8RYsu5HT29v8.exe"
C:\Users\Admin\Documents\GuardFox\BVFd1OtMFGKept1621C47Y4b.exe
"C:\Users\Admin\Documents\GuardFox\BVFd1OtMFGKept1621C47Y4b.exe"
C:\Users\Admin\Documents\GuardFox\zGSMKJ3gVV1X6YpG4gBi2Dx_.exe
"C:\Users\Admin\Documents\GuardFox\zGSMKJ3gVV1X6YpG4gBi2Dx_.exe"
C:\Users\Admin\Documents\GuardFox\QT6kRHTOlSZnVIstIr7gKrvg.exe
"C:\Users\Admin\Documents\GuardFox\QT6kRHTOlSZnVIstIr7gKrvg.exe"
C:\Users\Admin\Documents\GuardFox\lrBYQ9ApVOtdrHYt0x5LB2Ew.exe
"C:\Users\Admin\Documents\GuardFox\lrBYQ9ApVOtdrHYt0x5LB2Ew.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 592
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6b79758,0x7fef6b79768,0x7fef6b79778
C:\Users\Admin\AppData\Local\Temp\533E.exe
C:\Users\Admin\AppData\Local\Temp\533E.exe
C:\Users\Admin\AppData\Local\Temp\76C6.exe
C:\Users\Admin\AppData\Local\Temp\76C6.exe
C:\Users\Admin\Documents\GuardFox\Hp9viQc7L56anzcJX9MtnffW.exe
"C:\Users\Admin\Documents\GuardFox\Hp9viQc7L56anzcJX9MtnffW.exe"
C:\Users\Admin\AppData\Local\Temp\84CB.exe
C:\Users\Admin\AppData\Local\Temp\84CB.exe
C:\Users\Admin\AppData\Local\Temp\is-DI7MS.tmp\84CB.tmp
"C:\Users\Admin\AppData\Local\Temp\is-DI7MS.tmp\84CB.tmp" /SL5="$701F6,3501695,54272,C:\Users\Admin\AppData\Local\Temp\84CB.exe"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN Hp9viQc7L56anzcJX9MtnffW.exe /TR "C:\Users\Admin\Documents\GuardFox\Hp9viQc7L56anzcJX9MtnffW.exe" /F
C:\Users\Admin\AppData\Local\Temp\BA4D.exe
C:\Users\Admin\AppData\Local\Temp\BA4D.exe
C:\Users\Admin\AppData\Local\Temp\CD32.exe
C:\Users\Admin\AppData\Local\Temp\CD32.exe
C:\Windows\SysWOW64\cmd.exe
cmd /k cmd < Dot & exit
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\E323.dll
C:\Users\Admin\AppData\Local\Temp\EBCC.exe
C:\Users\Admin\AppData\Local\Temp\EBCC.exe
C:\Users\Admin\AppData\Local\Temp\FBA5.exe
C:\Users\Admin\AppData\Local\Temp\FBA5.exe
C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\E323.dll
C:\Windows\SysWOW64\cmd.exe
cmd
C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe
"C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe"
C:\Users\Admin\AppData\Local\Temp\23DE.exe
C:\Users\Admin\AppData\Local\Temp\23DE.exe
C:\Windows\SysWOW64\findstr.exe
findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist
Network
| Country | Destination | Domain | Proto |
| DE | 77.105.147.130:80 | 77.105.147.130 | tcp |
| US | 8.8.8.8:53 | api.myip.com | udp |
| US | 104.26.8.59:443 | api.myip.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | ji.alie3ksggg.com | udp |
| US | 8.8.8.8:53 | vk.com | udp |
| US | 8.8.8.8:53 | medfioytrkdkcodlskeej.net | udp |
| US | 8.8.8.8:53 | joxy.ayazprak.com | udp |
| US | 8.8.8.8:53 | cczhk.com | udp |
| US | 8.8.8.8:53 | 294self-limited.sbs | udp |
| NL | 77.246.104.70:80 | 77.246.104.70 | tcp |
| AT | 5.42.64.33:80 | 5.42.64.33 | tcp |
| FI | 109.107.182.40:80 | 109.107.182.40 | tcp |
| HK | 154.92.15.189:80 | ji.alie3ksggg.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| US | 172.67.173.86:80 | joxy.ayazprak.com | tcp |
| RU | 91.215.85.209:80 | medfioytrkdkcodlskeej.net | tcp |
| US | 172.67.189.229:80 | 294self-limited.sbs | tcp |
| KR | 175.119.10.231:80 | cczhk.com | tcp |
| KR | 175.119.10.231:80 | cczhk.com | tcp |
| US | 172.67.189.229:80 | 294self-limited.sbs | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 91.215.85.209:80 | medfioytrkdkcodlskeej.net | tcp |
| US | 172.67.189.229:80 | 294self-limited.sbs | tcp |
| US | 172.67.189.229:80 | 294self-limited.sbs | tcp |
| US | 172.67.189.229:443 | 294self-limited.sbs | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 91.215.85.209:80 | medfioytrkdkcodlskeej.net | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 173.222.13.40:80 | tcp | |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| GB | 173.222.13.40:80 | tcp | |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 91.215.85.209:443 | medfioytrkdkcodlskeej.net | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:443 | vk.com | tcp |
| RU | 87.240.137.164:443 | vk.com | tcp |
| RU | 87.240.137.164:443 | vk.com | tcp |
| NL | 95.142.206.0:443 | tcp | |
| NL | 95.142.206.1:443 | tcp | |
| RU | 87.240.137.164:443 | vk.com | tcp |
| NL | 95.142.206.1:443 | tcp | |
| NL | 95.142.206.3:443 | tcp | |
| RU | 87.240.137.164:443 | vk.com | tcp |
| NL | 95.142.206.3:443 | tcp | |
| RU | 87.240.137.164:443 | vk.com | tcp |
| RU | 87.240.137.164:443 | vk.com | tcp |
| RU | 87.240.137.164:443 | vk.com | tcp |
| RU | 87.240.137.164:443 | vk.com | tcp |
| US | 8.8.8.8:53 | sun6-22.userapi.com | udp |
| NL | 95.142.206.2:443 | sun6-22.userapi.com | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| NL | 45.15.156.229:80 | 45.15.156.229 | tcp |
| DE | 185.172.128.24:80 | 185.172.128.24 | tcp |
| NL | 195.20.16.45:80 | tcp | |
| NL | 195.20.16.45:80 | tcp | |
| NL | 91.92.245.15:80 | tcp | |
| US | 8.8.8.8:53 | vk.com | udp |
| DE | 185.172.128.19:80 | 185.172.128.19 | tcp |
| RU | 87.240.129.133:80 | vk.com | tcp |
| RU | 87.240.129.133:80 | vk.com | tcp |
| RU | 87.240.129.133:80 | vk.com | tcp |
| US | 172.67.132.113:443 | tcp | |
| US | 8.8.8.8:53 | selebration17io.io | udp |
| RU | 91.215.85.120:80 | selebration17io.io | tcp |
| HK | 154.92.15.189:443 | ji.alie3ksggg.com | tcp |
| RU | 87.240.129.133:443 | vk.com | tcp |
| US | 104.26.8.59:443 | api.myip.com | tcp |
| NL | 195.20.16.45:80 | tcp | |
| US | 104.21.63.150:443 | tcp | |
| US | 8.8.8.8:53 | tiny.ayazprak.com | udp |
| US | 104.26.12.31:443 | tcp | |
| US | 104.21.80.24:80 | tiny.ayazprak.com | tcp |
| DE | 185.172.128.19:80 | 185.172.128.19 | tcp |
| US | 8.8.8.8:53 | app.alie3ksgaa.com | udp |
| HK | 154.92.15.189:80 | app.alie3ksgaa.com | tcp |
| NL | 45.15.156.229:80 | tcp | |
| US | 8.8.8.8:53 | trmpc.com | udp |
| KR | 211.40.39.251:80 | trmpc.com | tcp |
| US | 104.26.8.59:443 | api.myip.com | tcp |
| DE | 185.172.128.19:80 | 185.172.128.19 | tcp |
| RU | 193.233.132.67:50505 | tcp |
Files
memory/1872-0-0x000000013FB50000-0x0000000140594000-memory.dmp
memory/1872-1-0x000000013FB50000-0x0000000140594000-memory.dmp
memory/1872-6-0x000007FEFDA70000-0x000007FEFDADC000-memory.dmp
memory/1872-7-0x000007FEFDA70000-0x000007FEFDADC000-memory.dmp
memory/1872-9-0x000000013FB50000-0x0000000140594000-memory.dmp
memory/1872-11-0x000000013FB50000-0x0000000140594000-memory.dmp
memory/1872-12-0x000000013FB50000-0x0000000140594000-memory.dmp
memory/1872-13-0x00000000002F0000-0x00000000002F1000-memory.dmp
memory/1872-10-0x000007FE80010000-0x000007FE80011000-memory.dmp
memory/1872-14-0x000000013FB50000-0x0000000140594000-memory.dmp
memory/1872-8-0x0000000077970000-0x0000000077B19000-memory.dmp
memory/1872-15-0x000000013FB50000-0x0000000140594000-memory.dmp
memory/1872-16-0x000000013FB50000-0x0000000140594000-memory.dmp
memory/1872-18-0x000000013FB50000-0x0000000140594000-memory.dmp
memory/1872-19-0x000000013FB50000-0x0000000140594000-memory.dmp
memory/1872-17-0x000000013FB50000-0x0000000140594000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\TarF61.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\Documents\GuardFox\zGSMKJ3gVV1X6YpG4gBi2Dx_.exe
| MD5 | 76536960f5a580eed758d395e41f3f7a |
| SHA1 | 54f57e4a3c4380206374f9e848094637122e8a8f |
| SHA256 | 9305ed7a91452a8e4d7302640a24262917988d1d5b94696a06b9ea929a8ade8a |
| SHA512 | b9733370b241273a604d52ac83b99ad147873f30a071add87240661c17aa7586f3b9ac7addeef82a71dccdfd2b3b62819cc1f526a44d80fa950e50fe4e761144 |
C:\Users\Admin\Documents\GuardFox\Mc9tVzF6IkkHASMBailK8TBz.exe
| MD5 | 976d8e116833a3378620eb6dc6191766 |
| SHA1 | 6fc3c456ae59cdee80ff4d7fd1877fc83e984c1f |
| SHA256 | b6ed3874da4408da9449d63696c7f9f5c276ed3c80a137ad75f6d5e8fdc8b8ed |
| SHA512 | 40833677a52269133ec3b648302b4d92ed9401324b07315df08e1438eecd5bff550897a9d1677d58248de09daf30aabb66a1f7da540f937968cb90effc1f1a52 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d44e723293704bc9ac5719cc135ac4c2 |
| SHA1 | 01b8a1cf58ad40ffff4b20a5aca6c94f61a22691 |
| SHA256 | b9ed95e4f0b4752ae7eb7630de096b01d49bd609df5a77d5d040f28ee215f261 |
| SHA512 | 2ba09de74c37c1d7666acdfee70b24de766906c94ebe09a240fb55fcb0f6873d9a1e8d3f7e43a1279ed018a5f1f49dd2fa2d598280bf38c4e9bb3cf99c2c77ab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | f6cbcb1bb92e2933343b5db249cf8f23 |
| SHA1 | 468797cb70efa8ce09f671dcfea601325eda1fda |
| SHA256 | 6a15fe81a4dae9cdb03d7d16dad5a402b113120a716825efe5192c677b9bbcd9 |
| SHA512 | 17b61dbe1361eb3964a955085e1c7611bf7295dc8c309d452bff8d5481dcf18b9ebabf9e6b2891df6489db1ce074a889f207c8787dc3698f67788f825d3afef4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6ef5826153e69fc197e31cc0b936b4bc |
| SHA1 | 7b6ea1fd8816d3c1a5cecc67aa726be2ca75d683 |
| SHA256 | 402e4475666b63ae2c6673a0afdb25587fa9275fc419150738cbe7611f95789c |
| SHA512 | 7895bfe2cf454d83b722b324ec3dd39753331e0d45103e1390777ce543a934a8d1fecd84293b87ddf653e1d8c366c0fd50cc276f1700b298182c185d7e9cc568 |
C:\Users\Admin\Documents\GuardFox\QT6kRHTOlSZnVIstIr7gKrvg.exe
| MD5 | e83185e896bb98af1f06752b366f86c9 |
| SHA1 | 54e32d539513a8d0adf158a59415409e71f39ce4 |
| SHA256 | b7204e07564c32e4bb3c764a01039183bf97485885b97fd21b3887b10281c498 |
| SHA512 | 05086d74a31d5cb7fffb3094b07ae4f799c86af087a0d5f31e135e356825f2ad003e49f345023ba819683d7ba914f2d37b98f535aa801195aa049ee349916f4c |
C:\Users\Admin\Documents\GuardFox\Ry560CQesuA0VRPoNaLZeuUf.exe
| MD5 | 5e3082f7bfd0ccebbb408436e224d2f0 |
| SHA1 | 0ef10f3b6be643d5f70b9d58cdb939bd012a8a27 |
| SHA256 | 8f3ce634a515c95c69be639e4ded14bb7ec8810db33f81ef64eb706b59d52311 |
| SHA512 | 22f0bb24ed942d146a6502912f695d1ef95147019fd96afb901919597b7e9ce0c9724df498caf9dce23d866ab4d40afd4664f535731566b7d29265535bd18be3 |
C:\Users\Admin\Documents\GuardFox\gRfOp2VODxVQ1Ra8buliycgB.exe
| MD5 | ba7aea4c0b1817d3f74310600ca8ef2f |
| SHA1 | 18c377a0a82186427f0411e90b325b125ad4a33d |
| SHA256 | b40810b8d93ce3fdb40cd1bc11690a3ec2bdaf69795e68a282a923634bcafe35 |
| SHA512 | 2a24cdd9c6b44fa158f30922cf80ed1515ce0344aeff2d5ba607d1f05ff316b77f2a28df336539589c8be2a955a7ae710733e5e46f956354078dbf9d11fe1958 |
C:\Users\Admin\Documents\GuardFox\aPnwp2xAhAjL8RYsu5HT29v8.exe
| MD5 | 42a421e3c2ac04fcbbb47f62a4ced01d |
| SHA1 | 6e15d7aa6f7e9a802b1355f64de1fb31da1e69b6 |
| SHA256 | 79be2ae251ec24a9cb2528e438958dc60eb7de958b03111c026c0c4083117b47 |
| SHA512 | ebf07b6f30eaee76355e20fc9530eebb1fd302074cb7bcabc34801e389c2d50909bb823563a0c94a2a543c9ab928c66aa9efeaad9d4383254589b418845daa4e |
memory/1872-222-0x000000013FB50000-0x0000000140594000-memory.dmp
C:\Users\Admin\Documents\GuardFox\5MlvVudCqNrrtq9_lBlRWeAM.exe
| MD5 | 026b54bd791198d7aa545eb5092fb0c4 |
| SHA1 | 2e9a7a83409cb60f33d52a61d4c2f3d99309f8ec |
| SHA256 | 2ff793e576e492b7222f63ba277a60378f532e6ce89e05d9183856e3374210e2 |
| SHA512 | 731388658450966999931219f0ea5b3b2740696b2059faa4ded7a17460cf7a0f98b8409abd471f5886fe5437ee3ec4a378f481b64e33054bbed75cbdac4832c7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e6823f08d3496de8636341d9d3e2b265 |
| SHA1 | bed7ded9e8037b49dcf7851ea64d552526c790f0 |
| SHA256 | 51f110c809d2b75cd1a7e6f97aa0b05ebd844ff86cb90eca862e62e80b9acd85 |
| SHA512 | 3687c5f9c016ea4fe03d9759f529102e99168c1c768b2f6530a48964051528246c9385d799e5b6aed8a112d01bc5ca777f5de7d067c657328808f2e438080f0b |
C:\Users\Admin\Documents\GuardFox\k1kI5wggSG37w69OU4wZuaJX.exe
| MD5 | 7f90654f05490b63d4660f5a02331e2f |
| SHA1 | 82879d7d9e4010bf6e27742a88a5daf0430cfc09 |
| SHA256 | 93cd41f13b802da5d3d06eba69c27b4d065809890b81025a6679277492ddf417 |
| SHA512 | f19991dabf6bc5710f2bf36e20f704d0cf67c6aa09585e6aaea4d98f4c55cd248d2a2e4bf46b2c160bffc7fd87458c401c1ba1e6b43d7a8209e4333238d9371b |
C:\Users\Admin\Documents\GuardFox\uHwhDsNFs_uGIMs6F59vqpG0.exe
| MD5 | d2d32e1bd9fb0c80785caf523a4208a8 |
| SHA1 | f642d6f7fea0cc766dc46df42093fdc552ee3776 |
| SHA256 | c8788e5c2b8d333ad69f1f4a6db59edf430ea7827d70cf16f1530c71decc555f |
| SHA512 | 86cb9b271396d5d22b12b41fa63bcf4aa243c8ff0b02ae9d5076e1c1409aad2a82fdb9d8d720628c229bff63e98ab6b0e98e6817192e4685ce5140fbc950e767 |
C:\Users\Admin\Documents\GuardFox\c4ici3bsNgIIKKfG3tAO6NKJ.exe
| MD5 | 35e24eea9a7079816fc2d02be011456f |
| SHA1 | 5bf869bc25d79a6318bfd3b9df7bd39f10381fc9 |
| SHA256 | 32abb10c78bbc85556fcb5114a3ebd5ede37fa7a2ca267b582ff48c661f7c86a |
| SHA512 | 9af249925647917767dcfd8adb1c46bd3c513d49399462ecc491a9ec68ab50cd8ea1a2813496bb04e2c644a5af81b9784b863a8fcbe469cbf7c39906452634aa |
C:\Users\Admin\Documents\GuardFox\BVFd1OtMFGKept1621C47Y4b.exe
| MD5 | 9a19d296dcae5af72bcdcd0287b52dea |
| SHA1 | c50e8f2205b1b87403d52f3d94613b4c56ca5407 |
| SHA256 | 4d7946c16ab2396f76dd730628dfb66469defcc19bd65502d2785c474832a97a |
| SHA512 | 6292f24f055da98bea37e9b0cf265c6086f2717b4e82b3d7eee383751ce691376323ffec2eb1e12009c7874fe0e8482675946fe44eb696d6181c364a9a221dbe |
C:\Users\Admin\Documents\GuardFox\yPjaS7wR7iTJKevxHiHrOPVV.exe
| MD5 | c1a9891d5e97b9cc5bde08862c94c18c |
| SHA1 | 2706d02e789d2700b7a9d488f947fbffd1e35b53 |
| SHA256 | 12f485676d36fe2de2f5b40f02c452672376e850151b60e812e221b97f631020 |
| SHA512 | b4f98e2e1489791889f40a04bcb2e87deaca1e4569396141ca660d7cc04c8414241e97c6e525d1849aed84181da2c9f3acc050fbabed193f8c1d758427ad4680 |
C:\Users\Admin\Documents\GuardFox\SGuv35g7kNHTsHxPR5QGrGHQ.exe
| MD5 | b54ff385df7de4b4e3fda62e20a23241 |
| SHA1 | afdc1cd3636d17b71fa145df44413c56cf70b01a |
| SHA256 | 989783c2a91c9c8a24b1b1705fa21e7f8112f2162488e30250d09136726f73dc |
| SHA512 | b81834f7078d7ebc2e24f198a2b1a52bf529510db2107c05b0c78f22e59d705f7544461a45d171ad7399619419d2edf0a2e8e50454302d59832ab7684e83756f |
C:\Users\Admin\Documents\GuardFox\dLst4LLS3y0KPsF_Zrqew6hL.exe
| MD5 | 4255014417777fa008db5661696188fa |
| SHA1 | 962d35498cde4e5f1fd44294c1ba61e302b61604 |
| SHA256 | ea2d1c60010358d48d8d4f64cd42e01e7ddb94c91de785961ad46492fda21b2c |
| SHA512 | 8cb6bc24e848be18896f3a3955052f323930f0dd7ae6b9fda332c0e2c9d0787ab19d1308b0777f8d2b29848c67eebc30a836fe408652363013cbededb1a02ab3 |
C:\Users\Admin\Documents\GuardFox\e5Bd6wsLjXnztjdrdizZDslm.exe
| MD5 | 72504f6fc7f6f493c6fc96e0fe86cb58 |
| SHA1 | 671c4b8f2f04900c071baf00882b92cd885034de |
| SHA256 | bd46838fc60faa15f3578a972106d251be913619e76da18e135458bc764a7872 |
| SHA512 | 701fcdcdcaa6eb7036d209920a39408a5a58c6d9d4cf19b3c6012f45a7d0e4f834b1ff4ae4122ac77c03832840792f2d3b7e0bf321abcfe227006a3f7c1740fa |
C:\Users\Admin\Documents\GuardFox\K09rhbtbGrLuLpGU5YfvkldM.exe
| MD5 | 582feccd13ccc4b729f8604a5307fd76 |
| SHA1 | e646921a2dcf2bb7b69b688ab64a991e72c45df3 |
| SHA256 | c8a2b5e0b95026f992fac7299b8161fac1766eb398947aae87adf1ef4563e4c1 |
| SHA512 | 098d40d88e426b96583cecc2dc1c3e696d6a0c2b24da27563c31fbe102a63c37c9be1f93337469eb165c79c70c21d2fb7240ba0bd184bfd382bb00e623cfb457 |
C:\Users\Admin\Documents\GuardFox\nv2rwNUJBhCnCdF2vk8KOPS5.exe
| MD5 | f112d0d135fa1570bf7a34e384e0743b |
| SHA1 | 2052a72ac52b98e76b4e76d5290434d517dfd03e |
| SHA256 | 2742cd38e1e1c40dc900d993f92ae8cff0b6cb0a781855816428e83d26e976c6 |
| SHA512 | c34b5f04b286d564b8327edb284b41041248e1183cac81bd9d43d1b1036b0e88211c14c945d898282ca44e7a9a8ba93d25a8ffdccbb6af3e424fd3d2a1e2326f |
C:\Users\Admin\Documents\GuardFox\FQXNnh5JAH5lWw_yK891ynAb.exe
| MD5 | 6d0288805145773e1acb980eb3211f76 |
| SHA1 | e562336c90c2e8385db8a0e736337e1c3f8ce10e |
| SHA256 | 4e311523ced1537da8eb6c66366be8632cc82c2429413974a86c8dfd43d8f9b8 |
| SHA512 | d336faf93a4ba2b6e1dc76c61c262254595130f167b406c78f6eda504e0f773c19143a2d7097bf80c051ddcbe745750ebf138b4c63073cdd201cb21565c29b02 |
C:\Users\Admin\Documents\GuardFox\lrBYQ9ApVOtdrHYt0x5LB2Ew.exe
| MD5 | 8bd45d098c4b0fe155ab178a1e35f4fe |
| SHA1 | 551af806c33ea580c66f7c07b10e122290966941 |
| SHA256 | b9573e267323caf7ec30b92d51c1a0cbbef263a69d50dbfbf0942d2d5a9f9d6d |
| SHA512 | 1d952b691eab6a9e4fb3bd2947a42e5b56e8e97db145cdf3314c5401a940908b40689bbe8d7c4fa8b3acf366951d0e8344be7e024946b7f77c56fc0745029d4d |
C:\Users\Admin\Documents\GuardFox\THZlFKHWyHhQ3PnSm1WV6COo.exe
| MD5 | 7e4d05cb0157c1658b71ac6f29bf479c |
| SHA1 | 20933c24e962e91c87a0e8480a48d6f137818296 |
| SHA256 | 544f218f1a6875b97a18726d263eba5b71fcbab11791cebfea4b4a7da1fd194d |
| SHA512 | 9ef407da44e7d1807d9426bd5f021dd1bd5c3a6fc84cb072f13b28f9bb2b274c99778b410b99a4b10d524ca80809c42bbad9f1d7b75ad599b422f1a60acdd8ec |
C:\Users\Admin\Documents\GuardFox\5MlvVudCqNrrtq9_lBlRWeAM.exe
| MD5 | 5373721eba16b7c52d1f53b02ca95302 |
| SHA1 | 8b945293d135a1afd888babf4738971dbd607475 |
| SHA256 | 8dcc8b0423941480f2dc4fcaca1811ea61164b8f8f213396b18ad32a20833b88 |
| SHA512 | c5d0c13f0d6036a54de22eb2996333bd7d908664879509699fa03a234b4b4e9fa62c8396b07cda534edf2102f3df5fa633b1e70265d536d9dfcefa28256ea4e4 |
C:\Users\Admin\Documents\GuardFox\yPjaS7wR7iTJKevxHiHrOPVV.exe
| MD5 | e7963ab29bb42794b0fa03e3f1ff95fe |
| SHA1 | 21c73d1a55a791b54f057df9b46bda2b1d9d502e |
| SHA256 | 20ce88d868cd3defed20a12ad18e4779a31fd9a3141f36fe074c9e8b69f1a9c8 |
| SHA512 | ddd77982d48373816b20adfeccb594be1bb247300e8bba677db14a312d3d69097446f47d36702e2ee315002a71d9a0c6fbefb08dec16a8a7066cdda204ee88b1 |
C:\Users\Admin\Documents\GuardFox\nv2rwNUJBhCnCdF2vk8KOPS5.exe
| MD5 | 0b6bea10fda71291b8896cbddf4f845f |
| SHA1 | 4c69b2d240952e1fcb7cdf76753b279e5fb76dad |
| SHA256 | 6fc2c127db0d65242758efdc38213d2cf558e3c57ec1dbefa5ce33db6df55d0d |
| SHA512 | f4713c736ea677174b1edb202346ec20c7d3fe2a45de96e339fc8365cb88059441d8d9157be1f85b405f010caa497fb9679663f3018d356aec27357bda20fee0 |
C:\Users\Admin\Documents\GuardFox\Ry560CQesuA0VRPoNaLZeuUf.exe
| MD5 | 3707e1a56cb1fe0b8620a75dd2576709 |
| SHA1 | b452b04425cdc06144f1c3bf4c99849491ba3fd0 |
| SHA256 | 01ce45349d7e234e212bf13dbb16d608592634dd12ed15f214434ffec18d76bb |
| SHA512 | 1168a1265b9bc010049a95e2420176eba971845c8f95d7a63d50b386cb9c5116c87739a46b9f621796ffa8f8ee992f61aecad24d64aa076fbbc483ffc37344dc |
C:\Users\Admin\Documents\GuardFox\SGuv35g7kNHTsHxPR5QGrGHQ.exe
| MD5 | 02b91da694cb7e36bd54f250687b1680 |
| SHA1 | fcae643793caf318f864e03bf7c533b6686c6c48 |
| SHA256 | 78f6f3f8e79e52d8d7bc1049c7e5e88f7081b722f7ae0890a142cab6e242a939 |
| SHA512 | f492fe96c39487949dff63187306e99fd3b7e25afd17afac9ea7faf5c37ce51c05da112fc9becb9e9a43be20c2bf1acf455a035f061625344db593af81b16e2b |
memory/1872-501-0x000007FEFBA60000-0x000007FEFBA95000-memory.dmp
C:\Users\Admin\Documents\GuardFox\SGuv35g7kNHTsHxPR5QGrGHQ.exe
| MD5 | 419545759145221eaa9fceb28e67fa3c |
| SHA1 | 09bf72aef9b610d32ba9af4a5da14379b67e8feb |
| SHA256 | e5a79aeeee826bd611474a5a0fefc640393fb984ebd3a295d2a4b08496907591 |
| SHA512 | 7b3437b03178359df2bc459e9e6fe2b09e93ac307bbf5f51d4315d123de3fa7f61ecd73b5af1159b605eed8b10e64e599c83b124f78db339ac6705cfe3038095 |
C:\Users\Admin\Documents\GuardFox\QT6kRHTOlSZnVIstIr7gKrvg.exe
| MD5 | 260601331d9fc53c49bc5c39ced14988 |
| SHA1 | ee868a07c3609731fe96767e8064ddabdf102f49 |
| SHA256 | a581d7a33239792c0e5815f7adff34a1115329bed44efe80236e007ed5eb2e37 |
| SHA512 | d43750d974a3b6fd5d7b6afedcfc65f765bfcaa3bbb0d51da52a13a5b5569b42d214db974026428a10bb522f1d5c004ae797b58520fd9caf52240a9b682ca7e4 |
C:\Users\Admin\Documents\GuardFox\nv2rwNUJBhCnCdF2vk8KOPS5.exe
| MD5 | 94e79a5f75724d0f7ff2e78a6c0f9a29 |
| SHA1 | 4fb26d895b43aca7dd94f92bc3fff7e110391743 |
| SHA256 | d6e9c537d80c7e4f485368797f3ac42ad19736965eaaec5bd7e5be94e5409a3f |
| SHA512 | bab69e4a94320cd45cb61a0d95e3b1e65f86cf697308bd61fe95c9fe57f071c881e0980512e397778dc4c3329e0797605a8c23f35fff1cb8b9a71d601d19484c |
C:\Users\Admin\Documents\GuardFox\Ry560CQesuA0VRPoNaLZeuUf.exe
| MD5 | bb308afc478c723c3eb71cf2fc5e6445 |
| SHA1 | ecdf8e9c0693f0e011df3a2c835f82ba822ccc75 |
| SHA256 | 77dd8ef8f218d9d6043785bb85b6f378d930c631c55979f26872368bf1ebfc37 |
| SHA512 | 92c606e6a3e898c0706f49a2d9fd3396396cdd65f39b4e0fb6c843a35a29dfbdaa73404e964f048a6cb8d7b323060dc7abb279fb1083fd0bcac90dda109c3243 |
C:\Users\Admin\Documents\GuardFox\nv2rwNUJBhCnCdF2vk8KOPS5.exe
| MD5 | 9e2345d46af917853eb2722b116ebd1d |
| SHA1 | f4707e1626427229e1be53ae062985512442ab2f |
| SHA256 | 35476e9aea1ee178e2d33781918a82a0b6163886f566747b268c0df20db7ec3c |
| SHA512 | ed7b8bfbc12de43c3b1abecc724881c27bcd3a9e94a92ec390c5bf7a58430db6b25bf6417d086b4cf0889f3ddc9c1fc3a53ce2deb4e26b4f3980d4489c7eb468 |
memory/1304-507-0x0000000077B20000-0x0000000077B22000-memory.dmp
C:\Users\Admin\Documents\GuardFox\k1kI5wggSG37w69OU4wZuaJX.exe
| MD5 | fc5c91ac3698dd7591cd3b19278830cf |
| SHA1 | 72dbeb647c54e16f7432782d39bd1360c957de41 |
| SHA256 | ec865cee2525fe556d6d2ed1c96599a069ccb28a2cc05a7195cce9593e7e813c |
| SHA512 | 734b29f0d0cde789556473dba1e50b802838d574e8930814d618f3f500c341b07333f7566ca7de976e70b34b381e2a08771a16795d95b57814d544bf0764e6c3 |
C:\Users\Admin\Documents\GuardFox\dLst4LLS3y0KPsF_Zrqew6hL.exe
| MD5 | 310f953b85f34f62d31465a552b8ef6f |
| SHA1 | 372c3a234c2f89b762003d2b3217763ac3d8b652 |
| SHA256 | f673ba91650bdecebcb80a42307447c05c59bae51f19e60a43173e4d230426a1 |
| SHA512 | e49b043607e738c1a1d67f541a93c700de7cb3b3036c382d8592091252a4cc438804ed8dbfbce8de5e4b5ed31f3413946bee386cc6ddc8abfc8037da5eceddc7 |
C:\Users\Admin\Documents\GuardFox\dLst4LLS3y0KPsF_Zrqew6hL.exe
| MD5 | c4b2aaf81d161c3cf06f79faa4ee3c88 |
| SHA1 | 8b3e22d1bd1c4cc24d5b5133760183558bbb65df |
| SHA256 | fe9a978a32efb873079816909aad97f8a1662d023093a4c6c986afed6c50ba6b |
| SHA512 | 2e1d1ab370ce4992852fd27cc123351b5f9a7d5bd3ac9dc56dc5193219a328263a7f8d3a04d11498d5e8a94e22182ff9640464be588196ab38b0750ab5d4aeb0 |
memory/1072-545-0x0000000000220000-0x00000000002B2000-memory.dmp
memory/2244-551-0x0000000000050000-0x00000000005BC000-memory.dmp
memory/2352-560-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-V9L5D.tmp\QT6kRHTOlSZnVIstIr7gKrvg.tmp
| MD5 | 082c089b0e376db7691ef83d76ea36d9 |
| SHA1 | 44b511858514747fb77c18265c2505ec23db1aaf |
| SHA256 | 7c47990aa00b7203196a46d1d95ab43d26a9fc8a7f7fbdf57add211c888d1553 |
| SHA512 | 4700310f8bfe0ed1e89a83fb3f1ad30daee19a97d780fa542f4b4c42802ac197601eff7cfdb66d426a20c29dba4239e77754f1ff7ba65d9c54041bd6ef20097f |
memory/604-563-0x0000000000330000-0x00000000003BB000-memory.dmp
\Users\Admin\AppData\Local\Temp\is-DOK9E.tmp\_isetup\_iscrypt.dll
| MD5 | a69559718ab506675e907fe49deb71e9 |
| SHA1 | bc8f404ffdb1960b50c12ff9413c893b56f2e36f |
| SHA256 | 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc |
| SHA512 | e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63 |
memory/1452-586-0x0000000000400000-0x000000000043C000-memory.dmp
memory/1452-596-0x0000000000640000-0x000000000064E000-memory.dmp
memory/1452-597-0x0000000000220000-0x000000000022B000-memory.dmp
memory/2620-598-0x0000000000240000-0x0000000000B54000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-V9L5D.tmp\QT6kRHTOlSZnVIstIr7gKrvg.tmp
| MD5 | dc00ef336750d2c7bdab03a98b11a838 |
| SHA1 | c65b1ab33589a61170ea65fb5c826c6c2a8cea88 |
| SHA256 | 9c8ced213ee42497b9d8cd33104dcae19c029aaa1a25c1a27e63f5dac80c6a14 |
| SHA512 | 4b8e0267d88c6b14a334b609fe8c2173811eac0a01bd4533b27d99941bea1463e15a3f9e207512aa714b0afa86c94743bf1f1dd8ab9efdd6f415655c7db83705 |
memory/1036-601-0x0000000000130000-0x0000000000131000-memory.dmp
memory/1036-604-0x0000000000FA0000-0x00000000018E7000-memory.dmp
\Users\Admin\AppData\Local\Temp\7eDl.cpl
| MD5 | aa44ade483d1d6df61271fdb70af868f |
| SHA1 | 1ed7f151a55b399c197512d0a91d408d5a79fed2 |
| SHA256 | b5096550f2dabc2a89b0db8098841a89d9c059e1799455a65ff6896bc73d6876 |
| SHA512 | d319ade8ad0d7233e62e200ee9d95d2811e0202f4b9bfa039d673df0475126f5632db42710ba7c8a564f207870feed23b6ae6e3731019dfefedc2cb2ad5ff511 |
memory/1448-642-0x0000000001120000-0x0000000001E1F000-memory.dmp
\Users\Admin\AppData\Local\Temp\7eDl.cpl
| MD5 | 4651f5aac63d7d9096115afd4b39c78c |
| SHA1 | 14fe7fa0d0e761842e7b2dd21a89a85dfcc9bf33 |
| SHA256 | c04a95ab4b9e9fed16a1ef6aa319a5e24ac23ced660e669f594d6e3f9b64f5ee |
| SHA512 | bf636c0bf6aff4d3625fca523fdbceb93d420db002b7185e1e32d2e3a68c46d08d64ec7b11011ee9bdc90d6e0e0576d5c3789f92baf02018b244367fa269477f |
memory/2400-665-0x0000000000220000-0x0000000000221000-memory.dmp
C:\Windows\System32\GroupPolicy\gpt.ini
| MD5 | 7cc972a3480ca0a4792dc3379a763572 |
| SHA1 | f72eb4124d24f06678052706c542340422307317 |
| SHA256 | 02ad5d151250848f2cc4b650a351505aa58ac13c50da207cc06295c123ddf5e5 |
| SHA512 | ff5f320356e59eaf8f2b7c5a2668541252221be2d9701006fcc64ce802e66eeaf6ecf316d925258eb12ee5b8b7df4f8da075e9524badc0024b55fae639d075b7 |
C:\Windows\System32\GroupPolicy\Machine\Registry.pol
| MD5 | cdfd60e717a44c2349b553e011958b85 |
| SHA1 | 431136102a6fb52a00e416964d4c27089155f73b |
| SHA256 | 0ee08da4da3e4133e1809099fc646468e7156644c9a772f704b80e338015211f |
| SHA512 | dfea0d0b3779059e64088ea9a13cd6b076d76c64db99fa82e6612386cae5cda94a790318207470045ef51f0a410b400726ba28cb6ecb6972f081c532e558d6a8 |
memory/2912-702-0x0000000010000000-0x0000000010242000-memory.dmp
memory/2400-703-0x0000000000220000-0x0000000000221000-memory.dmp
memory/2376-683-0x0000000000AF0000-0x0000000001AA3000-memory.dmp
memory/2400-736-0x0000000000400000-0x0000000000D40000-memory.dmp
memory/2400-743-0x0000000000400000-0x0000000000D40000-memory.dmp
\Users\Admin\AppData\Local\Temp\7eDl.cpl
| MD5 | 1ab43459e2375ad2a5ab3a3bbbe3a2b8 |
| SHA1 | 608bf4b4a1a3c6d7a47f1ec1e2be06995c02cebf |
| SHA256 | dafd71f61fcc5cf84adac195232255bbed7c9b4cb05899bc7f10a47ea318abcd |
| SHA512 | b33136d9bc9e56502c9b98aa96ba4f5880eddc865a227462dade589b66ba136ff99c9ecc2b22b39e666fb8430ab915fda300e8dfe9949f64e7693c7f47bc1002 |
\Users\Admin\AppData\Local\Temp\7eDl.cpl
| MD5 | 0e254386817ed3b10fbab1a0b146952c |
| SHA1 | 3bd871d81bd7e0be22f4f0d5db8ce4c54314956b |
| SHA256 | 458c723594cbecca0dec8f958688044353a69d1adc7a6cfe71eed198034fe563 |
| SHA512 | c71f0209f92d11cab26b499f362b6d8a31247e659d1bee1e76ff31eb8c109574cac354134763989f2ce7f5016a59d6d58330ce95f2e929c82b98aeca742890fc |
C:\Users\Admin\AppData\Local\Temp\7eDL.CPL
| MD5 | f186a83c75d11800e6411ee4779f2bb6 |
| SHA1 | 99024f480caab933d5b491aa4d061d75a60acb9d |
| SHA256 | 459b2f7e074688a0209c5268b1c0c9bc87758efc205afa234f29d75619b04a67 |
| SHA512 | 62c7a584fd73e6ae5bc0ae8fe515ea22c4cce1d83f8cf41d3711e18f16641e6bf64fd97e86dbb6d3fb0c3fc401e19c3782095b861023123d150639ccddc5f8a4 |
\Users\Admin\AppData\Local\Temp\is-DOK9E.tmp\_isetup\_shfoldr.dll
| MD5 | 92dc6ef532fbb4a5c3201469a5b5eb63 |
| SHA1 | 3e89ff837147c16b4e41c30d6c796374e0b8e62c |
| SHA256 | 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87 |
| SHA512 | 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3 |
memory/1036-569-0x0000000000130000-0x0000000000131000-memory.dmp
memory/1036-555-0x0000000000130000-0x0000000000131000-memory.dmp
\Users\Admin\AppData\Local\Temp\is-V9L5D.tmp\QT6kRHTOlSZnVIstIr7gKrvg.tmp
| MD5 | 9e04607a47e4ba20b4a378e4613c5433 |
| SHA1 | 48ab5d640e8ebe5b1943aedb3c64d31382fdd03e |
| SHA256 | 23d8ffe080ecb5f9d5675753a24cd4a4153b6c9ff46526a551573fbc2cad5499 |
| SHA512 | 2a339e508d899cbdb6a4fb19ae263ec4863d730ec8e3b93e2d010922f3bad7bd26821cc7efc95a8e5810815e5c41a4830cf7d84057458a091f700ed7af40753e |
memory/2200-554-0x0000000002070000-0x00000000020D4000-memory.dmp
memory/1304-553-0x0000000140000000-0x0000000140876000-memory.dmp
C:\Users\Admin\Documents\GuardFox\k1kI5wggSG37w69OU4wZuaJX.exe
| MD5 | 113a928ae3f60140850ce7684e195f10 |
| SHA1 | ec473ab396aba28e7adefbda6f7aad6b5c9ecd47 |
| SHA256 | 19c8cbfe0080352927396c8b1877542824e6ae54bef79911bcaca31f7e92424d |
| SHA512 | 6fb31a311cbb20d00697c5023789d74d73fa4fc795e57595707161250c70d1fed75f22c6c1903c59707b4e81a6e6e4a3e412b7e260e476904e629ec7d49aa195 |
\Users\Admin\AppData\Local\Temp\PowerExpertNT\PowerExpertNT.exe
| MD5 | d8d3c854edcc0fd25fbb5ff5ac766912 |
| SHA1 | f9a54db883ac292d1972da3175ab21d1a5fb8f51 |
| SHA256 | 87ca94d4a773c540bc60b0fae48115e4baf78127543d1e30282d547f9d62ee42 |
| SHA512 | 560704a5c70f1c5223badd86e5f3e4fac322a332439d1c708c181b46d7ca9e33aec6e17416b95a33bbcda9b11e2da8b9b159303d091c6c8cdfb9763c1beb10a6 |
memory/1304-550-0x0000000077B20000-0x0000000077B22000-memory.dmp
C:\Users\Admin\AppData\Local\Web Resource Viewer\webresourceviewer.exe
| MD5 | 81dd8e86fe0cf52bfaf39ae45f3877eb |
| SHA1 | f18efe4f6855ad43893f923cecde0e2ead2cc96e |
| SHA256 | 3fbcfc6b631892274d9d1665c62835fa9e2a1bc642b83566eadcad65008ef4eb |
| SHA512 | b2f5927e9dcbab075c644240b29c603dcd0cbbf4a55787b09181b9bb50f0a61994a409d954d0d1db327a50622aa7f3fc9ac28b76827d3dae8e71ab351e30b81c |
C:\Users\Admin\AppData\Local\Web Resource Viewer\webresourceviewer.exe
| MD5 | c15184b6ab944092f8a6259dba4ae797 |
| SHA1 | bc5b0892762d170543a8782bb9691e7395d7d47c |
| SHA256 | 3d915a89e01fbdaf32b1fc9d740715b850e04ea875a9e7a699d847abd93cb40a |
| SHA512 | ba6e2fa1bf120eb92925a790f19cd27c279bd893a4ca1a57bed5a35002392743e768ffe53acf7d242e9b6fc25449eeada78e525a4ffbdf6f9617af440a02c20b |
\Users\Admin\AppData\Local\Web Resource Viewer\webresourceviewer.exe
| MD5 | ffb2a440d94960ebd085823ce9160c5a |
| SHA1 | d5961b9e9444a3be812fbfeb130c5b6ad4f12aa9 |
| SHA256 | 2df1b98b13864b340924cd94c9b397c2db9cbbc1c549c589a99d85f4f880f1c4 |
| SHA512 | 961b871e18ce0bd4ea32032896c3372034eaf6ec0b1716302779a4d666fba758914f82add996e093b97ccbad420fe8e8e9b54d1266a8dacee23655013d98a387 |
C:\Users\Admin\Documents\GuardFox\K09rhbtbGrLuLpGU5YfvkldM.exe
| MD5 | 959217bee9872cd0a4b81355e474bc83 |
| SHA1 | 580e93a519b24463ff23d5294387b8b3138493dd |
| SHA256 | e6f6a390ccdb070e742ed83d1abd4572f62b5bf36be845b9b6a8b24ecfaab4d9 |
| SHA512 | edf8f0a5cd3ab1454cb73a8b995d8634903c0c5a049831358d3487918bb696e81f6ee88b9b1d4962cea57d4c59637ff00c8d00f7cab027d67f461a46e16a50ed |
memory/2680-769-0x0000000000530000-0x000000000053E000-memory.dmp
C:\Users\Admin\Documents\GuardFox\dLst4LLS3y0KPsF_Zrqew6hL.exe
| MD5 | 1b1c1f229b0c53e361c1561044ad6de1 |
| SHA1 | d0ece1e1d45ed0a0430c94b24a116b874f8a0dba |
| SHA256 | 39c81ec1ec0679c1e81c62138c68ba51aeba5049791f35f19c7902dab31b3e1f |
| SHA512 | 1c03811e4be888bc1025c984eead1b6b18834e9b6e4a05199e2a94f96e748e27e8f66bfa106dcbf7385a6e493e4d602f1714e2fa92c05acc28abacacf8105ea2 |
memory/2680-772-0x0000000000220000-0x000000000022B000-memory.dmp
memory/2680-775-0x0000000000400000-0x000000000043D000-memory.dmp
C:\Users\Admin\Documents\GuardFox\e5Bd6wsLjXnztjdrdizZDslm.exe
| MD5 | e02f67f2ae2f25816b37a6aed1b382b4 |
| SHA1 | 2026bfc843f5c6cc8a6d822455053472b8a83971 |
| SHA256 | 99e272abbcebc929642212509283dcaf8768a28452cf641af4b58bb03183c850 |
| SHA512 | 588932b70bb3c57adb0d29cde81e4b97675dbb09dd66bf90be715229b2cfb42daf6d2c2e1f797a8b7e21d69f66c8b7024af0a1503c6f7bde69ad45f17d28fcea |
C:\Users\Admin\Documents\GuardFox\uHwhDsNFs_uGIMs6F59vqpG0.exe
| MD5 | f69b9c43fa8798fb09ccf9800901f845 |
| SHA1 | d01f37fdd0d34c34060091fdd20635baf3f79918 |
| SHA256 | da0bc5457f495c50efa1a5523ca3fd77061ca7d8571c7c177d52cb0368764483 |
| SHA512 | 22bb6be4c0f6626fbcb0ff39d5b0ec7cbf2aede4faf64c5e9ce71f8d9b1e393c5f98e0aae701f7c575cff2a5b1e29feacef80187a51566d6ea1813dbda39e3f4 |
C:\Users\Admin\Documents\GuardFox\k1kI5wggSG37w69OU4wZuaJX.exe
| MD5 | 89adadf0793070e75068a86d5fbf08a0 |
| SHA1 | eb18574b7da1bb5b5d4d4640c1a6b51b82a62549 |
| SHA256 | 9e7f1ae2a0118fb5875c7596c51adb637f2f11d7616d3005beda28c18d7b5a9e |
| SHA512 | 5fdc83fe557ebba8c6ced1173ea0f5154643ebf076cb6275b97fbf5e816f951e4b837408b0d4bad3dbef4d86dca034bfe87db77eb5f049b412e304478ad66899 |
C:\Users\Admin\Documents\GuardFox\K09rhbtbGrLuLpGU5YfvkldM.exe
| MD5 | 33b6176088aa8676e7dd04fddbb4f832 |
| SHA1 | 9f67feb9dd42f51aee33ea9bb047cc62b8d135b1 |
| SHA256 | d910285b11347ab6c6c27feed3226e3c8a3d0e3036185f622cb5f0bea4ec44e5 |
| SHA512 | c569ffb96cd5583afbc7e07ac706939cf29dfbb5419b7eb54dcec7e5954b43312e01db79a03c07a9afd965cd47164c721d14494b46501e753bf3ce1b82093069 |
C:\Users\Admin\Documents\GuardFox\THZlFKHWyHhQ3PnSm1WV6COo.exe
| MD5 | f3e4804ab0ba308bb4325ba3a34d6f65 |
| SHA1 | c323f5516f0c88393057510b2c7c2b5957d6751d |
| SHA256 | ace17058a1706aea6d6d2036fb6bd5b01025a7c9cbb28c4c47e9ffbefe276f1d |
| SHA512 | 81475f52bf23b985106cfd47752c408b2a2ab875517668320a0d38a5193ec6fb3216e12e4ed237cbb623aa38d99ebdbee3f69aebe159a2da7e5de3ff864b6b30 |
memory/1304-531-0x0000000077B20000-0x0000000077B22000-memory.dmp
C:\Users\Admin\Documents\GuardFox\uHwhDsNFs_uGIMs6F59vqpG0.exe
| MD5 | 78816926d26a0a3aec43cdc3c4956ab8 |
| SHA1 | 809e335d6002b6f32b162a00a51fd2332e8f8a79 |
| SHA256 | accf49b74c6162e418771f5820d677a54d4e9a3ba46d2c39c1053193afb6c035 |
| SHA512 | b0a57ffbf8316fadbdfb8569fcea3e0992cc96463cfe1d59419c65677c2920835da18beef8427e7a31b0350266978de80a2b880a3cfb458ce8ac2fec23b2b22f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8c8f2577bd7b73df1c3c804c896c8f56 |
| SHA1 | fe384d1b7f9d4ab48afbf2210851c3d72936400e |
| SHA256 | 8c7a6eeb096d601747efb5b37d20800fff19ccbb53361581b8e237b071533dae |
| SHA512 | 017ff552836d227df32926f54235a9c352e1e2d0af3670821383d4e28ffd2801af25398acd41c7dbc1fba10ddbb628435f23ec18759265f1a5f95a8bc28812b0 |
C:\Users\Admin\Documents\GuardFox\e5Bd6wsLjXnztjdrdizZDslm.exe
| MD5 | 8953614f4470b5cfe549e69f30b2c896 |
| SHA1 | fd27cf492ea218646eb2242f29a008e2ddc556ec |
| SHA256 | 04b7cd51fb43a366c13b47c22823cc4bf66e34aba8cd9e4e64553200b8a17c92 |
| SHA512 | 109d69bdb9389c696ba9eec9c837023fd3ef8876346caa8b7d5431d7d2357859f34943fbc4b210c639e632562f100c49ab70e2c6f27186f9ee42df481ca6fd18 |
C:\Users\Admin\Documents\GuardFox\THZlFKHWyHhQ3PnSm1WV6COo.exe
| MD5 | 31fca95f00faa6d8906c08fcedcd3157 |
| SHA1 | 4b135b768a6ad5360bdc89f70eb6e63564cb0019 |
| SHA256 | 62befb6fca9d7a3ee18d5f78b3a7c631c0ec9c809a796b8d30c333d917715ab7 |
| SHA512 | 222a5ccb631be40362ce28dbf0bdbe7b30151c6962dcc0aed3ba58da50e842cb5b9658073daf9d77b4eb95ee27ba33bb23c6622af64f559774cdd7016d54ac4f |
memory/2200-791-0x0000000002130000-0x0000000002194000-memory.dmp
C:\Windows\System32\GroupPolicy\GPT.INI
| MD5 | 93b3886bce89b59632cb37c0590af8a6 |
| SHA1 | 04d3201fe6f36dc29947c0ca13cd3d8d2d6f5137 |
| SHA256 | 851dd2bb0f555afaef368f1f761154da17360aeea4c01b72e43bf83264762c9f |
| SHA512 | fc7baef346b827c3a1338819baa01af63d2d4c31f3f7e17b6f6b72adab70de81872a67e8f3c1a28453abb595dbac01819a9bcff0710e9651a45deaf2f89e65fb |
C:\Users\Admin\Documents\GuardFox\K09rhbtbGrLuLpGU5YfvkldM.exe
| MD5 | 9b5f6b947895e56f6d89d8dfef9184fd |
| SHA1 | 7be614db9d2de8c9fee67be8b5cbd3626aa1cca2 |
| SHA256 | 22a6b64de8636eaf707d15bb607e26dc5d5c4c1a9a96c8b3ee38bf09eb6d56dd |
| SHA512 | e02ce935abfcdc92e993c6c93909d451361bc84d0298a7cb307280ba5af3c6dab6be7a4d1c2e07a64796e72ca91c1c134961667918f6bf168beff3e768c5ca1e |
C:\Users\Admin\Documents\GuardFox\uHwhDsNFs_uGIMs6F59vqpG0.exe
| MD5 | 2d76f991f7bcb1e4f2e990673db4be07 |
| SHA1 | 67bffff35e3be98501c2d5c6766670bcbcc4afc7 |
| SHA256 | 0a5ee78e708f8435f77528f0f6e806f1cb0b5c618617c6039b3e40b5c6763f40 |
| SHA512 | 76cfb92e2172bbeab8344f18ba6988ff38f6ecef90e88d9768c0d3878fbf2b42fa2e43c4ae5d62f82f2569c4b62564bf4dfae28b12dfe8d5d8f70966e2a5aa61 |
C:\Users\Admin\Documents\GuardFox\e5Bd6wsLjXnztjdrdizZDslm.exe
| MD5 | 5e2144c5c83c1fee76aa38ff002a66f4 |
| SHA1 | 0a8bc2588fd0250b4dd7d24bfb310a5fe42009a2 |
| SHA256 | 3d2f19ccdd21f307c10b37208f940a8804632ed7c4aad5e5e9b1b2d875decdf7 |
| SHA512 | 4093abd39a27771aef89a645499d49a60a43683a71b5e6eb1cd12e718adbf789317689ee4007c69dcfe87674a47c2b41a9fa288b02d61c629d4e8f4cf09f49c8 |
C:\Users\Admin\Documents\GuardFox\THZlFKHWyHhQ3PnSm1WV6COo.exe
| MD5 | e46cccaf3a4d5392e968ab989a1844d0 |
| SHA1 | 14b07397170e569ee79fc9064655b5ff8c59bbd3 |
| SHA256 | 7abec92af879b98f1fb9999857b9a14a9769f6f188df3f478cc7632a6736b423 |
| SHA512 | c7b883adf05ed2a739762e48e8c13fdac7628b080b6d70b2429977ba509750466fab15a0a6e7380adebe305da73164b2c906cf09dc466d8b03e6f64a54824e09 |
C:\Users\Admin\Documents\GuardFox\SGuv35g7kNHTsHxPR5QGrGHQ.exe
| MD5 | 4cb8ce39787f0f2c5bde032d9e12c783 |
| SHA1 | 3345368b48f39195fd8ff227b053022ea042aecd |
| SHA256 | 565a0ac9a1b19bd285e112a3805f8e4802ddc24221e4df16ee8ecafae08a8799 |
| SHA512 | e3d85867cf057bbd30f98e92a600b97ad1bc3911f8dd9c902b58f6efee4e986cb2f75696a2608da2dc90d53bf8be3157800a78138fbee9f15d1bafa94f4cdd26 |
C:\Users\Admin\Documents\GuardFox\aPnwp2xAhAjL8RYsu5HT29v8.exe
| MD5 | 01ab980285a04949fc80c7d1cb3a539e |
| SHA1 | 679eae3d0c8e75cff3e62e423263b0fc9a992a4b |
| SHA256 | e87ec7fff8033d85fee373f8dc74f7d5f35e0a967ec25f5c9c6d51efba3841c0 |
| SHA512 | 4c34b2c042538e6f4af9efebd0861640dd696d69ccaa1a4e9d006b306e3b463250ca50b92e72d6b387ac25edaed3a22095bc2a73dec236c4a8e984aeb8ea38b3 |
C:\Users\Admin\Documents\GuardFox\Mc9tVzF6IkkHASMBailK8TBz.exe
| MD5 | 5df9cb8728f384fe52743cca46cdf898 |
| SHA1 | f9066df504346a39a2c27137aa977cde506dcbd6 |
| SHA256 | 7b7c716c50042f12072f56b82570fe820baf615e08d001f1d8b183d2617857a3 |
| SHA512 | 220f8bca4e0e391d02ffcd7f528c529c1e88dcecbc7b90cb760681191cce7708c9dcd34a8f2eb205b97e2a44c786ef49ee43b8d10ae8c14b03c06dce36170e07 |
C:\Users\Admin\Documents\GuardFox\gRfOp2VODxVQ1Ra8buliycgB.exe
| MD5 | b246d07fce22a734de8cb21b3df21ad3 |
| SHA1 | ec0a8d012aee9e19be8f67eac9bdef8ea639e6de |
| SHA256 | c68ea274a8d834b48dc8800964a86b431c0c1295e75f17be0fd78b7afd122898 |
| SHA512 | 7e3d8fa0f884da1d2a366f6cd597bec196de20458d00c0546901a22de4f4ed73d0f2c33aeafe04f7538384caf1dc90b9eab9da9a1d9e82c77ef251ec430b6d50 |
C:\Users\Admin\Documents\GuardFox\zGSMKJ3gVV1X6YpG4gBi2Dx_.exe
| MD5 | 6fe0b735a03d35402ef73e0a570e92e1 |
| SHA1 | d8061d01e359b0c6a02f430a4c6b31e78a65992d |
| SHA256 | 379db0893887974455ccbefcd42a8b3574401a5ded156680da41045828d447bb |
| SHA512 | ea90e854fde0802445b1c3e7cc44f1353b7b51d9f22bfbdd4f43d0969d7dcf793b69100731d41dc3df49abb3f2b6aa63e01c1232453422067be9d9bd66d130e6 |
C:\Users\Admin\AppData\Local\Web Resource Viewer\webresourceviewer.exe
| MD5 | b8f44e5a55d7d24dffa78bd73e03232e |
| SHA1 | e57145e90f2ebd9cd302a00a046af312c965748e |
| SHA256 | db2da7faf7028280956ac3fdd34e21c7df935d44d4af502979e0ec55c9c97825 |
| SHA512 | 1d62baec661bb528d35c9072e969d86feef2e1a0d181afd96cc121242bc37b26440292cb4c7232647cea998a848babbb20dfbee09b615f9948f2c0202346da46 |
C:\Users\Admin\Documents\GuardFox\yPjaS7wR7iTJKevxHiHrOPVV.exe
| MD5 | e8e8e4a6d20a567d7850865b8435b10f |
| SHA1 | 946a6c3062975e2afccc95f6739b0c554297691a |
| SHA256 | b5a537d949d4ab67b0147a63030d26aaea631e78dfb7fea72ff29bf571b27b53 |
| SHA512 | 8ad2a20857736b1655b41fa17cdd153e8e4360ef0958ffa04945d3c9634e9dbc3d97cb3c32513bf33fdbde854eb9d2fb6b4bc96d7f1844e082e1cd8295b840f1 |
C:\Users\Admin\Documents\GuardFox\aPnwp2xAhAjL8RYsu5HT29v8.exe
| MD5 | d87d79c83eb85e22cfa829b8e095b516 |
| SHA1 | 62788dca02f2115392de04794edd1cc034c448c3 |
| SHA256 | dce45932eff3ca3a3aa3f871531abae09b098033fa692884c7abf089c5a5c97d |
| SHA512 | 63d7ea9593ce282e9fbbe81110cf600d7ce7cb03afeef43c1a1828507437785db7b784ccf0719eeee945ed7ee3deac264cf2cdb80fea6be9d3030465d3529bbe |
C:\Users\Admin\Documents\GuardFox\Mc9tVzF6IkkHASMBailK8TBz.exe
| MD5 | ebd6f7a6cb7aa2c1f16389618828dd18 |
| SHA1 | 6f0ab3eae5a5c4ed3383ac48a4ac067294c87728 |
| SHA256 | 80b7f795cac71ff494d915f171bca9feca53cf6d9c6d5b87b2c773ea8266403e |
| SHA512 | b0ab45f303c0c7051da0248713d0b672d262bafde69112e3fe021426bfce869089329b324e3355a94cea76cec4feb6a024ab74499e1f025f82eebc3da11521be |
C:\Users\Admin\Documents\GuardFox\zGSMKJ3gVV1X6YpG4gBi2Dx_.exe
| MD5 | abdd44ee49644dd47d86cf9ee321d2d1 |
| SHA1 | 6414ddfab7d91d4be56e654219e56fb66cd1bf4f |
| SHA256 | 38cb8c23fa6a0aa7d2d8c3b58285b075adef643640838cb0e406f86a238eb607 |
| SHA512 | 8f25c9285ecfbb3d54f0ce21161eabf34dae40ff82bdea80773c7702b9f9b25b5852c6e6b5ffc5e5ed71e1808f872f34894f39a783689d1feadee6c796f216ff |
\Users\Admin\Documents\GuardFox\yPjaS7wR7iTJKevxHiHrOPVV.exe
| MD5 | aa4d9dec958548bb7045f82e30e1487e |
| SHA1 | adbcb71a8b8a4b1af5b77298cbf2ecbcd1276935 |
| SHA256 | fa48c84668675167c64f5e1f3d58c589bdb2a497ffe440b0b5a550615b341cd8 |
| SHA512 | 064dcfd0feae39213db675e1a8a8336b680bd369d4db653816e11071b0a305e505411825a0c48b30a8dac41a4d35e95dbb92d0347bf37fa059fd9040053ba0e2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 08e3f5d4edd74c03f03fd120e7bb4565 |
| SHA1 | cc2ce926449c8e759adc3e05e9f5e39c49ee2707 |
| SHA256 | b8c9062de08bc7f364fc080922ba210bac65308b59588223144b1ffb7a9fb742 |
| SHA512 | defdc595d83ccf5a2a90240f01a0a1b0e10dffcc29203bf20e46bcfe521b1646d25461dd2fb513928f45376839ea34a0d0e9782d023e5c7abf3f2926e2cbdfcd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4f3f3a5613a8bd24f558018752316070 |
| SHA1 | 7962c473e97157f4fe5421435394cefeb9fc943b |
| SHA256 | a1d69f0ce2e5ad3198c6f3a23ee0975fe5654a21bbcf11cf34f76014b3f24ffe |
| SHA512 | 735b6a0bc556f4c128524ce54a74feff4fbe37a538284a841e63c6134e81cea597ab630655fc6714ba953182b6faad718150d9daaf5b9ae92ec6e5a4edf03bc5 |
memory/2080-468-0x0000000001240000-0x0000000001298000-memory.dmp
memory/2304-467-0x0000000000400000-0x0000000000414000-memory.dmp
C:\Users\Admin\Documents\GuardFox\gRfOp2VODxVQ1Ra8buliycgB.exe
| MD5 | f740608b4fc3a10a4526f0c2db5fc67d |
| SHA1 | 91a6a17d5a90be772997021532d6d0615d550fed |
| SHA256 | 35e87fae499edf23f25bfc5be34be901c0dcef34851db88b7d96eeeb6733860d |
| SHA512 | 2d45013aa54d29977eb173ef873ee2464081ee650c3df04fd381f9e8aaaca4bbc58de61228cbf365439ad05a81de4bed8cdafbf4a3762eb489da23d65010fe3c |
C:\Users\Admin\Documents\GuardFox\QT6kRHTOlSZnVIstIr7gKrvg.exe
| MD5 | ffb0383d564e75cd8eecf8fafc513e49 |
| SHA1 | c7da6de4130cab9bdca1eaf0213bd9e3ce1206e9 |
| SHA256 | f825baede5ee31b7c858ffa84097574f07025c5ce002aa96d8cb2fc61e51eae3 |
| SHA512 | 160b7da61a017237a15d8ef73c75582f1265c3e0e4f23295aedde04b1bb96c691fdad05cb850717f9f89c30133a414239da008b58fa81c6ad97db254c30a239e |
C:\Users\Admin\Documents\GuardFox\lrBYQ9ApVOtdrHYt0x5LB2Ew.exe
| MD5 | 5fa878455587d484dba37e41a46b9343 |
| SHA1 | 82f4dd3a18554bda4425a897433b31f2d783587a |
| SHA256 | e63841c08999245e9c424161cca81afbecb2c9e20b53aa2eb988a923cddbe6a4 |
| SHA512 | 60e23805e4a72ed423a65d2a3b19c2f6f4c16587f74499f78478180e0964dc9a80a584fb3a607c7a61ddf8085cd3ae23a5bf6a0d25aff78b96b808007d7e1654 |
memory/1872-446-0x000000013FB50000-0x0000000140594000-memory.dmp
\Users\Admin\Documents\GuardFox\uHwhDsNFs_uGIMs6F59vqpG0.exe
| MD5 | 2730df5b5242ebc512d8170073c7e671 |
| SHA1 | 65a7118e3b3c5053d1480f06392766cfe19e7f9b |
| SHA256 | b3d176f2d510f745006d884835ac8aef6e5eb9b41dcaab08cf2cb0f3bfc40422 |
| SHA512 | b9e947994fd81a99a6a87b9933c9eef15eb71ea2a2c22483ec86c0a8ce29feacd690dfa948276c40f3b1bd542b4d58710b2d768df3cc005681ad7b83ae5b00b9 |
\Users\Admin\Documents\GuardFox\uHwhDsNFs_uGIMs6F59vqpG0.exe
| MD5 | 8218f42931e88b87e2dfa0cf0f454bff |
| SHA1 | 35e9f98445f3d8ce4a355528a51571965e06c224 |
| SHA256 | 8211ce1354e9206290ecf846581f2f8ea49ce5bde2589dad581f0919636b0e35 |
| SHA512 | b5387e3e25f4179d71a5b975680d4fe7fc975bcf8415393aaf690a65068682605401a2c5c9f6ea9361e75e53ab2ac3977f74af90a50f3cdb75d3c8836f6d3f35 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c64238596725ca86caa236d21969eb0 |
| SHA1 | ede0a36a101cd34629691a754e292a0810de8bca |
| SHA256 | 2b7ddb30646c350592f27c1cd45c009b98032ad8c04a0777594dc4eab80cfd42 |
| SHA512 | 23735d9f67258cc52375f964e4d89aa0201f7d7eadc694b888131e937cf3b947ead44fb0853faa9b945300502946cc4ae0c5ac3f239802ca16059b16e140aead |
\Users\Admin\Documents\GuardFox\uHwhDsNFs_uGIMs6F59vqpG0.exe
| MD5 | e05993043849abdb0e45df515a5ea46d |
| SHA1 | e5445faf830a754e632629e2a08e5b8883bec8dd |
| SHA256 | da8af6a23dbe3c47f7bbcd3deb6578dafdcdf3fc318f0f33e71b470e52e08566 |
| SHA512 | 7175890714e9aff7f764549efc90a80c6f0529318ef5f278ed7dc640591ab41f354a98eca0e4a988294b001fc69a3b17c87ba087aa5b8a0be91a4122d5dfc350 |
\Users\Admin\Documents\GuardFox\uHwhDsNFs_uGIMs6F59vqpG0.exe
| MD5 | dc9ea24a91eba3cc1b5c31a6f988bb15 |
| SHA1 | fbd764f8106448c2eabbf14423178722e8e52713 |
| SHA256 | 4042b569ab3afa84569cf3726f2f3c88144178132bfc92a792c081a89891671e |
| SHA512 | bf50cc6c2168ddf2f29eb9db1da22c9fc8eb24435b357060ec396828985fc7d849a4dc1af665359c487cb6a51620c79e50e64f4d1e60d6c92d0236f1ab4c821e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CQVX0JB0\buildcosta[1].exe
| MD5 | f6db09a010c187dcf9e462d85de5dce3 |
| SHA1 | 846856c8264da881633ee8d1a48c965fabcd1c7c |
| SHA256 | fda84d697f560685ffc8fd22392477c0b91e3f2e440264cdb4db92f6d82ce50c |
| SHA512 | 1adca5a6813ee537558a83163d64b831bb90b5c228ee0f17dbb84fcaf46698d53c914cdf1d19c21752f8594eef4e7686da83cc1b875980c34cfab27398027b0f |
C:\Users\Admin\AppData\Local\Temp\533E.exe
| MD5 | b6a5467c7c805cfa277ce46f5ee33357 |
| SHA1 | 4a22b6597904b888e3c9b99eeadce2880e0f0039 |
| SHA256 | 659df3449b0810e0193c1548767cf28b5380c30c8cfc93ea00f5b7737981d733 |
| SHA512 | 19a5906ace0d515717a1c49604b6a7b34e6e7b27588239c8fe5f997501ff5cf80606d896e7de4c6310a6fc17efda9122b6d7c4b2ed875fba92505e28ae7ae049 |
memory/2244-940-0x0000000005810000-0x0000000005A18000-memory.dmp
memory/2376-941-0x0000000000AF0000-0x0000000001AA3000-memory.dmp
memory/2376-955-0x0000000077640000-0x0000000077750000-memory.dmp
memory/2376-957-0x00000000770F0000-0x0000000077137000-memory.dmp
C:\Users\Admin\Documents\GuardFox\v72b8H4q_hHKWVVIwqLtukiw.exe
| MD5 | 3ef3679b8cd4a62d1ea38f193f66cf0f |
| SHA1 | c3755f2ec8940e9948bf6c181547d3a0fbeb2cea |
| SHA256 | c1b13a43cef22432c5325e81ebd4a0e9f7b681107f5cf788312fff6d7e38c4d6 |
| SHA512 | 5e80032fd4674131700ee4cc9079ca3cce46bea2a9ff7b63cefb43c17cd964ece92ead001696e6d86ee7bcfe4fe169a36158fe66ab2fa309897e185c98d3520a |
memory/1304-979-0x0000000140000000-0x0000000140876000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-DI7MS.tmp\84CB.tmp
| MD5 | f7a1e7ca916b5665f68f9d8559aabacf |
| SHA1 | d35baf1d886e338beac6ec1cd77d2b1e9386cedf |
| SHA256 | 4860cc12e693259f41fc361dade9c473e3af6f2a3665b8e150b30fbc4db155d7 |
| SHA512 | 341ad526bf17d6ce141cf97cf8af0342c2a8646086cb767efe806ba2ef571c6768162270e65830582399fbcaf8619f74a66fb823b5a0a224270cb7f36239bab8 |
memory/2420-1001-0x0000000000A30000-0x0000000001018000-memory.dmp
memory/1304-997-0x0000000077970000-0x0000000077B19000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | af57f187d1a74b0053d5e779cb9c1a2a |
| SHA1 | 76933223b7f6b12c0bd7ca223cd1dabfbaf52b56 |
| SHA256 | ba501609e0676034d65dd4275665fc3899018e111046b950770db1b952b8eb8a |
| SHA512 | 88cc9e78c247959eed5b0e4741f65ebd01a523ac2982e7eb45f1d68dcefc5939294dc757c134d3e65dd629cb805393243b49e293baf705f06d50785228791bad |
C:\Users\Admin\AppData\Local\Temp\CD32.exe
| MD5 | 22e9c6cadd6ebccec93480dc06edbf6d |
| SHA1 | 3eae76e366fddc50d1106dafae1680e9d2eebb93 |
| SHA256 | ca817b0a262c566609c3425d5ecbcd15fd87899db730894076e3468bcd5190cb |
| SHA512 | 47ab8a4d9799eab27e24931e7e905de9ec6cd3cebbc4e1b1dbb2b134edf280a54e81c2d6d1d2ae5269835d24f270b5fbe33e7c43990a2fd3c19147d9416c21fa |
memory/2716-1033-0x00000000001B0000-0x0000000000704000-memory.dmp
memory/2996-1044-0x00000000012C0000-0x00000000017F4000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-01-23 16:31
Reported
2024-01-23 16:33
Platform
win10v2004-20231215-en
Max time kernel
20s
Max time network
151s
Command Line
Signatures
Amadey
Detect ZGRat V1
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detected Djvu ransomware
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Djvu Ransomware
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
SmokeLoader
Stealc
ZGRat
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Evo-gen.16085.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\Documents\GuardFox\bd8oqd2X_KNvUIchBGw_sNLU.exe | N/A |
Creates new service(s)
Downloads MZ/PE file
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Stops running service(s)
.NET Reactor proctector
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Evo-gen.16085.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Evo-gen.16085.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Documents\GuardFox\bd8oqd2X_KNvUIchBGw_sNLU.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Documents\GuardFox\bd8oqd2X_KNvUIchBGw_sNLU.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Evo-gen.16085.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Documents\GuardFox\nhi1SK0Vvbcyim7lPa1I5Q8w.exe | N/A |
Executes dropped EXE
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-4FE62.tmp\ZxEIsayTB1ELKzR7mAA_z6yQ.tmp | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Reads user/profile data of web browsers
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks installed software on the system
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Evo-gen.16085.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Documents\GuardFox\bd8oqd2X_KNvUIchBGw_sNLU.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.myip.com | N/A | N/A |
| N/A | api.myip.com | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\GroupPolicy\gpt.ini | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Evo-gen.16085.exe | N/A |
| File created | C:\Windows\System32\GroupPolicy\Machine\Registry.pol | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Evo-gen.16085.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy\GPT.INI | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Evo-gen.16085.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy | C:\Users\Admin\Documents\GuardFox\Rr3Jv0BhakXDhheSTJsxXuTs.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy\gpt.ini | C:\Users\Admin\Documents\GuardFox\Rr3Jv0BhakXDhheSTJsxXuTs.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy\Machine\Registry.pol | C:\Users\Admin\Documents\GuardFox\Rr3Jv0BhakXDhheSTJsxXuTs.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy\GPT.INI | C:\Users\Admin\Documents\GuardFox\Rr3Jv0BhakXDhheSTJsxXuTs.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Evo-gen.16085.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Evo-gen.16085.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\GuardFox\bd8oqd2X_KNvUIchBGw_sNLU.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 4668 set thread context of 5436 | N/A | C:\Windows\SysWOW64\rundll32.exe | C:\Users\Admin\Documents\GuardFox\hwvf9I3YuZpp59caz_02tkYa.exe |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
Enumerates physical storage devices
Program crash
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\Documents\GuardFox\871sk2dTwl9pwQmcSy9_xceI.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\Documents\GuardFox\871sk2dTwl9pwQmcSy9_xceI.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\Documents\GuardFox\871sk2dTwl9pwQmcSy9_xceI.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Evo-gen.16085.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Documents\GuardFox\871sk2dTwl9pwQmcSy9_xceI.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-4FE62.tmp\ZxEIsayTB1ELKzR7mAA_z6yQ.tmp | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Documents\GuardFox\ZVsDYq3Ch4_MMg9aTQKTVxSw.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Evo-gen.16085.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Evo-gen.16085.exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 5464 -ip 5464
C:\Users\Admin\Documents\GuardFox\Rr3Jv0BhakXDhheSTJsxXuTs.exe
"C:\Users\Admin\Documents\GuardFox\Rr3Jv0BhakXDhheSTJsxXuTs.exe"
C:\Users\Admin\Documents\GuardFox\bd8oqd2X_KNvUIchBGw_sNLU.exe
"C:\Users\Admin\Documents\GuardFox\bd8oqd2X_KNvUIchBGw_sNLU.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5464 -s 340
C:\Windows\SysWOW64\control.exe
"C:\Windows\System32\control.exe" "C:\Users\Admin\AppData\Local\Temp\7eDL.CPL",
C:\Users\Admin\Documents\GuardFox\_q2vD9rmquvw9BRa8wd995tb.exe
"C:\Users\Admin\Documents\GuardFox\_q2vD9rmquvw9BRa8wd995tb.exe"
C:\Users\Admin\AppData\Local\Web Resource Viewer\webresourceviewer.exe
"C:\Users\Admin\AppData\Local\Web Resource Viewer\webresourceviewer.exe" -i
C:\Users\Admin\Documents\GuardFox\C3x1e4ZsTyHsRoZe2nRoREFS.exe
"C:\Users\Admin\Documents\GuardFox\C3x1e4ZsTyHsRoZe2nRoREFS.exe"
C:\Users\Admin\Documents\GuardFox\gXZVCk1BZlo0mniV8eftEhbm.exe
"C:\Users\Admin\Documents\GuardFox\gXZVCk1BZlo0mniV8eftEhbm.exe"
C:\Users\Admin\Documents\GuardFox\hwvf9I3YuZpp59caz_02tkYa.exe
"C:\Users\Admin\Documents\GuardFox\hwvf9I3YuZpp59caz_02tkYa.exe"
C:\Users\Admin\Documents\GuardFox\rrWr6EtlIuK_vq7EqTglUb8N.exe
"C:\Users\Admin\Documents\GuardFox\rrWr6EtlIuK_vq7EqTglUb8N.exe"
C:\Users\Admin\Documents\GuardFox\ULeuvS6KQfIm0_cpAv6oSGUC.exe
"C:\Users\Admin\Documents\GuardFox\ULeuvS6KQfIm0_cpAv6oSGUC.exe"
C:\Users\Admin\Documents\GuardFox\GrOwuxn9g3h_LenoAnfzARTT.exe
"C:\Users\Admin\Documents\GuardFox\GrOwuxn9g3h_LenoAnfzARTT.exe"
C:\Users\Admin\Documents\GuardFox\c3AoZYpYAN5y_5E0jn2Xw5Yh.exe
"C:\Users\Admin\Documents\GuardFox\c3AoZYpYAN5y_5E0jn2Xw5Yh.exe"
C:\Users\Admin\Documents\GuardFox\hwvf9I3YuZpp59caz_02tkYa.exe
"C:\Users\Admin\Documents\GuardFox\hwvf9I3YuZpp59caz_02tkYa.exe"
C:\Users\Admin\AppData\Local\Temp\is-4FE62.tmp\ZxEIsayTB1ELKzR7mAA_z6yQ.tmp
"C:\Users\Admin\AppData\Local\Temp\is-4FE62.tmp\ZxEIsayTB1ELKzR7mAA_z6yQ.tmp" /SL5="$5011E,3515248,54272,C:\Users\Admin\Documents\GuardFox\ZxEIsayTB1ELKzR7mAA_z6yQ.exe"
C:\Users\Admin\Documents\GuardFox\o9cQpsoPKZEcwzdpOEEfjKS0.exe
"C:\Users\Admin\Documents\GuardFox\o9cQpsoPKZEcwzdpOEEfjKS0.exe"
C:\Users\Admin\Documents\GuardFox\ZxEIsayTB1ELKzR7mAA_z6yQ.exe
"C:\Users\Admin\Documents\GuardFox\ZxEIsayTB1ELKzR7mAA_z6yQ.exe"
C:\Users\Admin\Documents\GuardFox\871sk2dTwl9pwQmcSy9_xceI.exe
"C:\Users\Admin\Documents\GuardFox\871sk2dTwl9pwQmcSy9_xceI.exe"
C:\Users\Admin\Documents\GuardFox\2_PhPUvgZ0vJTIk2ohYmPx6i.exe
"C:\Users\Admin\Documents\GuardFox\2_PhPUvgZ0vJTIk2ohYmPx6i.exe"
C:\Users\Admin\Documents\GuardFox\nhi1SK0Vvbcyim7lPa1I5Q8w.exe
"C:\Users\Admin\Documents\GuardFox\nhi1SK0Vvbcyim7lPa1I5Q8w.exe"
C:\Users\Admin\Documents\GuardFox\ZVsDYq3Ch4_MMg9aTQKTVxSw.exe
"C:\Users\Admin\Documents\GuardFox\ZVsDYq3Ch4_MMg9aTQKTVxSw.exe"
C:\Users\Admin\Documents\GuardFox\tZ3sF5t6fvcIb4OapKTmlR3J.exe
"C:\Users\Admin\Documents\GuardFox\tZ3sF5t6fvcIb4OapKTmlR3J.exe"
C:\Users\Admin\Documents\GuardFox\JHwdRTPiVjZdu1uvZ4wHzsJi.exe
"C:\Users\Admin\Documents\GuardFox\JHwdRTPiVjZdu1uvZ4wHzsJi.exe"
C:\Users\Admin\AppData\Local\Web Resource Viewer\webresourceviewer.exe
"C:\Users\Admin\AppData\Local\Web Resource Viewer\webresourceviewer.exe" -s
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\WinTrackerSP\WinTrackerSP.exe" /tn "WinTrackerSP HR" /sc HOURLY /rl HIGHEST
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7eDL.CPL",
C:\Windows\SysWOW64\dialer.exe
"C:\Windows\system32\dialer.exe"
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\WinTrackerSP\WinTrackerSP.exe" /tn "WinTrackerSP LG" /sc ONLOGON /rl HIGHEST
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 5244 -ip 5244
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5244 -s 512
C:\Users\Admin\Documents\GuardFox\kilIGnE7Ee7xlISTtwnuNAyU.exe
"C:\Users\Admin\Documents\GuardFox\kilIGnE7Ee7xlISTtwnuNAyU.exe"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN kilIGnE7Ee7xlISTtwnuNAyU.exe /TR "C:\Users\Admin\Documents\GuardFox\kilIGnE7Ee7xlISTtwnuNAyU.exe" /F
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Users\Admin\AppData\Local\69ede988-cabe-4c3a-bd33-3c9b20ac4279" /deny *S-1-1-0:(OI)(CI)(DE,DC)
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Users\Admin\Documents\GuardFox\qemu-ga.exe
"C:\Users\Admin\Documents\GuardFox\qemu-ga.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd91c59758,0x7ffd91c59768,0x7ffd91c59778
C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe
"C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4440 -ip 4440
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 372
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 372 -p 4440 -ip 4440
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2184 --field-trial-handle=1928,i,15234740933686316559,4096264762207578264,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1928,i,15234740933686316559,4096264762207578264,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1676 --field-trial-handle=1928,i,15234740933686316559,4096264762207578264,131072 /prefetch:2
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 396
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3120 --field-trial-handle=1928,i,15234740933686316559,4096264762207578264,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3092 --field-trial-handle=1928,i,15234740933686316559,4096264762207578264,131072 /prefetch:1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 4440 -ip 4440
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 412
C:\Users\Admin\AppData\Local\Temp\1000114001\InstallSetup8.exe
"C:\Users\Admin\AppData\Local\Temp\1000114001\InstallSetup8.exe"
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 4440 -ip 4440
C:\Users\Admin\AppData\Local\Temp\1000115001\toolspub1.exe
"C:\Users\Admin\AppData\Local\Temp\1000115001\toolspub1.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 680
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 208 -ip 208
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4828 --field-trial-handle=1928,i,15234740933686316559,4096264762207578264,131072 /prefetch:8
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 4440 -ip 4440
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 208 -s 360
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 692
C:\Users\Admin\AppData\Local\Temp\nsj1D39.tmp
C:\Users\Admin\AppData\Local\Temp\nsj1D39.tmp
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 4440 -ip 4440
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 736
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 4440 -ip 4440
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 744
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 396 -p 4440 -ip 4440
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 776
C:\Windows\SysWOW64\chcp.com
chcp 1251
C:\Users\Admin\AppData\Local\Temp\1000117001\rty27.exe
"C:\Users\Admin\AppData\Local\Temp\1000117001\rty27.exe"
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\Admin\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F
C:\Users\Admin\AppData\Local\Temp\1000119001\FirstZ.exe
"C:\Users\Admin\AppData\Local\Temp\1000119001\FirstZ.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 4440 -ip 4440
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 740
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 4440 -ip 4440
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 740
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 396 -p 4440 -ip 4440
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 4440 -ip 4440
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 708
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 4440 -ip 4440
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 852
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 5720 -ip 5720
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\Admin\Documents\GuardFox\2_PhPUvgZ0vJTIk2ohYmPx6i.exe" & del "C:\ProgramData\*.dll"" & exit
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5720 -s 2488
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 4440 -ip 4440
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 860
C:\Windows\SysWOW64\timeout.exe
timeout /t 5
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 4440 -ip 4440
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 4440 -ip 4440
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 860
C:\Users\Admin\Documents\GuardFox\hwvf9I3YuZpp59caz_02tkYa.exe
"C:\Users\Admin\Documents\GuardFox\hwvf9I3YuZpp59caz_02tkYa.exe" --Admin IsNotAutoStart IsNotTask
C:\Users\Admin\Documents\GuardFox\hwvf9I3YuZpp59caz_02tkYa.exe
"C:\Users\Admin\Documents\GuardFox\hwvf9I3YuZpp59caz_02tkYa.exe" --Admin IsNotAutoStart IsNotTask
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 436 -ip 436
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 436 -s 568
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 4440 -ip 4440
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 864
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4440 -ip 4440
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 876
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 4440 -ip 4440
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 732
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\Admin\AppData\Local\Temp\nsj1D39.tmp" & del "C:\ProgramData\*.dll"" & exit
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 2392
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 3020 -ip 3020
C:\Users\Admin\Documents\GuardFox\kilIGnE7Ee7xlISTtwnuNAyU.exe
C:\Users\Admin\Documents\GuardFox\kilIGnE7Ee7xlISTtwnuNAyU.exe
C:\Windows\SysWOW64\timeout.exe
timeout /t 5
C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe
"C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 192 -p 1276 -ip 1276
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 336
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 1276 -ip 1276
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 356
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 1276 -ip 1276
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 396
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 1276 -ip 1276
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 652
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 1276 -ip 1276
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 652
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 372 -p 1276 -ip 1276
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 652
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 1276 -ip 1276
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 724
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 396 -p 1276 -ip 1276
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 732
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 1276 -ip 1276
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 736
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop UsoSvc
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop WaaSMedicSvc
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop wuauserv
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop bits
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop dosvc
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe delete "WSNKISKT"
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe create "WSNKISKT" binpath= "C:\ProgramData\wikombernizc\reakuqnanrkn.exe" start= "auto"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe start "WSNKISKT"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop eventlog
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7eDL.CPL",
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\7eDL.CPL",
C:\ProgramData\wikombernizc\reakuqnanrkn.exe
C:\ProgramData\wikombernizc\reakuqnanrkn.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\system32\cmd.exe
C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
C:\Windows\system32\netsh.exe
netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop UsoSvc
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop WaaSMedicSvc
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop wuauserv
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop bits
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop dosvc
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 1276 -ip 1276
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 776
C:\Windows\rss\csrss.exe
C:\Windows\rss\csrss.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 1588 -ip 1588
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 380
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 1588 -ip 1588
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 396
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 1588 -ip 1588
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 428
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 372 -p 1588 -ip 1588
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 684
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 1588 -ip 1588
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 728
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 196 -p 1588 -ip 1588
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 752
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 1588 -ip 1588
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 780
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 1588 -ip 1588
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 788
Network
| Country | Destination | Domain | Proto |
| DE | 77.105.147.130:80 | 77.105.147.130 | tcp |
| US | 8.8.8.8:53 | api.myip.com | udp |
| US | 172.67.75.163:443 | api.myip.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.147.105.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.75.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | 192.186.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vk.com | udp |
| US | 8.8.8.8:53 | 294self-limited.sbs | udp |
| US | 8.8.8.8:53 | cczhk.com | udp |
| US | 8.8.8.8:53 | ji.alie3ksggg.com | udp |
| FI | 109.107.182.40:80 | 109.107.182.40 | tcp |
| AT | 5.42.64.33:80 | 5.42.64.33 | tcp |
| US | 8.8.8.8:53 | joxy.ayazprak.com | udp |
| NL | 77.246.104.70:80 | 77.246.104.70 | tcp |
| US | 8.8.8.8:53 | medfioytrkdkcodlskeej.net | udp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| US | 188.114.97.2:80 | 294self-limited.sbs | tcp |
| US | 172.67.173.86:80 | joxy.ayazprak.com | tcp |
| RU | 91.215.85.209:80 | medfioytrkdkcodlskeej.net | tcp |
| US | 188.114.97.2:80 | 294self-limited.sbs | tcp |
| US | 188.114.97.2:80 | 294self-limited.sbs | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 91.215.85.209:80 | medfioytrkdkcodlskeej.net | tcp |
| US | 188.114.97.2:443 | 294self-limited.sbs | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 91.215.85.209:80 | medfioytrkdkcodlskeej.net | tcp |
| KR | 211.40.39.251:80 | cczhk.com | tcp |
| RU | 91.215.85.209:443 | medfioytrkdkcodlskeej.net | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| GB | 173.222.13.40:80 | x2.c.lencr.org | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| HK | 154.92.15.189:80 | ji.alie3ksggg.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| KR | 211.40.39.251:80 | cczhk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| NL | 95.142.206.3:443 | tcp | |
| NL | 95.142.206.1:443 | tcp | |
| NL | 95.142.206.1:443 | tcp | |
| RU | 87.240.132.67:443 | vk.com | tcp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| NL | 95.142.206.2:443 | tcp | |
| DE | 77.105.147.130:80 | 77.105.147.130 | tcp |
| DE | 185.172.128.24:80 | tcp | |
| US | 104.26.8.59:443 | api.myip.com | tcp |
| RU | 193.233.132.67:50505 | tcp | |
| US | 172.67.137.14:443 | tcp | |
| NL | 45.15.156.229:80 | tcp | |
| HK | 154.92.15.189:443 | ji.alie3ksggg.com | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 104.26.8.59:443 | api.myip.com | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| DE | 185.172.128.19:80 | tcp | |
| RU | 87.240.132.67:443 | vk.com | tcp |
| US | 8.8.8.8:53 | weedpairfolkloredheryw.site | udp |
| US | 172.67.174.43:443 | weedpairfolkloredheryw.site | tcp |
| US | 8.8.8.8:53 | app.alie3ksgaa.com | udp |
| GB | 142.250.187.195:443 | tcp | |
| GB | 142.250.187.202:443 | tcp | |
| NL | 91.92.245.15:80 | tcp | |
| MK | 95.86.30.3:80 | gxutc2c.com | tcp |
| NL | 45.15.156.60:12050 | tcp | |
| RU | 5.42.65.31:48396 | tcp | |
| GB | 96.17.179.201:80 | tcp | |
| NL | 52.142.223.178:80 | tcp | |
| HK | 154.92.15.189:80 | ji.alie3ksggg.com | tcp |
| US | 104.26.13.31:443 | tcp | |
| HK | 154.92.15.189:443 | ji.alie3ksggg.com | tcp |
| DE | 185.172.128.79:80 | 185.172.128.79 | tcp |
| US | 8.8.8.8:53 | 79.128.172.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | expenditureddisumilarwo.site | udp |
| US | 188.114.97.2:443 | expenditureddisumilarwo.site | tcp |
| HK | 154.92.15.189:80 | ji.alie3ksggg.com | tcp |
| RU | 158.160.118.17:80 | tcp | |
| AT | 5.42.64.33:80 | tcp | |
| DE | 185.172.128.90:80 | tcp | |
| HK | 154.92.15.189:80 | ji.alie3ksggg.com | tcp |
| NL | 52.142.223.178:80 | tcp | |
| RU | 87.240.132.67:80 | tcp | |
| US | 8.8.8.8:53 | paperambiguonusphoterew.site | udp |
| US | 8.8.8.8:53 | udp | |
| GB | 173.222.13.40:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| RU | 87.240.132.67:80 | tcp | |
| RU | 87.240.132.67:80 | tcp | |
| RU | 87.240.132.67:80 | tcp | |
| RU | 87.240.132.67:80 | tcp | |
| RU | 87.240.132.67:80 | tcp | |
| RU | 87.240.132.67:80 | tcp | |
| RU | 87.240.132.67:80 | tcp | |
| RU | 87.240.132.67:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| RU | 87.240.132.67:80 | tcp | |
| RU | 87.240.132.67:80 | tcp | |
| RU | 87.240.132.67:80 | tcp | |
| RU | 87.240.132.67:80 | tcp | |
| RU | 87.240.132.67:80 | tcp | |
| RU | 87.240.132.67:80 | tcp | |
| RU | 87.240.132.67:80 | tcp | |
| RU | 87.240.132.67:443 | tcp | |
| RU | 87.240.132.67:80 | tcp | |
| RU | 87.240.132.67:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 104.18.20.226:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 104.18.21.226:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| RU | 87.240.132.67:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| RU | 87.240.132.67:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 95.142.206.0:443 | tcp | |
| RU | 87.240.132.67:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| NL | 95.142.206.3:443 | tcp | |
| RU | 87.240.132.67:443 | tcp | |
| RU | 87.240.132.67:443 | tcp | |
| RU | 87.240.132.67:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| RU | 87.240.132.67:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| RU | 87.240.132.67:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 172.67.177.31:443 | paperambiguonusphoterew.site | tcp |
| US | 8.8.8.8:53 | 31.177.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | zeph-eu2.nanopool.org | udp |
| FR | 51.210.150.92:10943 | zeph-eu2.nanopool.org | tcp |
| US | 8.8.8.8:53 | 92.150.210.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pastebin.com | udp |
| US | 172.67.34.170:443 | pastebin.com | tcp |
| GB | 51.195.138.197:10943 | zeph-eu2.nanopool.org | tcp |
| US | 8.8.8.8:53 | 170.34.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.138.195.51.in-addr.arpa | udp |
| GB | 96.17.179.41:80 | tcp | |
| GB | 96.17.179.41:80 | tcp | |
| GB | 96.17.179.201:80 | tcp | |
| US | 172.67.175.187:443 | tcp | |
| DE | 185.172.128.19:80 | tcp | |
| US | 8.8.8.8:53 | copyrightspareddcitwew.site | udp |
| US | 104.21.55.202:443 | copyrightspareddcitwew.site | tcp |
| US | 8.8.8.8:53 | 202.55.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | 89.16.208.104.in-addr.arpa | udp |
Files
memory/2780-0-0x00007FF633EC0000-0x00007FF634904000-memory.dmp
memory/2780-1-0x00007FF633EC0000-0x00007FF634904000-memory.dmp
memory/2780-7-0x00007FFDAD5E0000-0x00007FFDAD69E000-memory.dmp
memory/2780-6-0x00007FFDAD1F0000-0x00007FFDAD4B9000-memory.dmp
memory/2780-10-0x00007FFD80030000-0x00007FFD80031000-memory.dmp
memory/2780-11-0x00007FFDAF4D0000-0x00007FFDAF6C5000-memory.dmp
memory/2780-12-0x00007FF633EC0000-0x00007FF634904000-memory.dmp
memory/2780-13-0x00007FF633EC0000-0x00007FF634904000-memory.dmp
memory/2780-9-0x00007FFD80000000-0x00007FFD80002000-memory.dmp
memory/2780-14-0x00007FF633EC0000-0x00007FF634904000-memory.dmp
memory/2780-8-0x00007FFDAD1F0000-0x00007FFDAD4B9000-memory.dmp
memory/2780-15-0x00007FF633EC0000-0x00007FF634904000-memory.dmp
memory/2780-16-0x00007FF633EC0000-0x00007FF634904000-memory.dmp
memory/2780-17-0x00007FF633EC0000-0x00007FF634904000-memory.dmp
memory/2780-18-0x00007FF633EC0000-0x00007FF634904000-memory.dmp
memory/2780-19-0x00007FF633EC0000-0x00007FF634904000-memory.dmp
memory/2780-20-0x00007FF633EC0000-0x00007FF634904000-memory.dmp
C:\Users\Admin\Documents\GuardFox\2_PhPUvgZ0vJTIk2ohYmPx6i.exe
| MD5 | 61692f0b639c69dc04b67646d9d3bf91 |
| SHA1 | 3bb6e2ffdbd7839098561d7c595d5911012efd7c |
| SHA256 | 36e762370e26fd18e7735a93cc3d67234ad8ed53d829e623f5dc4e33a05fb7a3 |
| SHA512 | 410e6984b4e332d4afab26d403c447353cced7bfaa1cd3b1a9263f58604964fefe3cc49b59da1cecc73e27fe3da707ccd6bf7b3d0ec168097070df21eef95eef |
C:\Users\Admin\Documents\GuardFox\ZxEIsayTB1ELKzR7mAA_z6yQ.exe
| MD5 | e47402fe288fc80f70f1dd3fba01be13 |
| SHA1 | 20339af8e44fddc8cbc9866b0b72b907e8d5f1ce |
| SHA256 | 06d036cd8bf5b58ee130dca3a5dcbd3d9063feb51ff469654e0a0a18ad7aae3b |
| SHA512 | 1eaf31103a0c229975b3bfca2b237074aa86295127554f50dc2233d17ce43eecfa26df8c13eafbd1b8639c87f33a4ad153547d77d41750872616ed3b8b4623ae |
C:\Users\Admin\Documents\GuardFox\JHwdRTPiVjZdu1uvZ4wHzsJi.exe
| MD5 | 6d44527862725a132b75e38a93ff47a4 |
| SHA1 | ed1405c6e725e852dd0de9b2bb9aaf778524dd0c |
| SHA256 | 9dbd160c39ce3f6324692ef5c4b55974eda81a89481b2d008224ae4b3fd3480f |
| SHA512 | 42544c2f529c6860a3ea1a0e637fa30483b05f9d86117168a4a0f0db97fab87ebeb8712cd0c85dc519603d7f10e09245e0794c71cf06e4c13571655ad3cc66a9 |
C:\Users\Admin\Documents\GuardFox\nhi1SK0Vvbcyim7lPa1I5Q8w.exe
| MD5 | 35a48a797f5d433aab31d6a52bbc14a8 |
| SHA1 | 421e55bae7bbcad5e2d0ef1a73a7b9c0a616f355 |
| SHA256 | e89f4562d306d2bce6a5f978fd04fd5def16dbedc46c5aa16d199bfc8eedb0eb |
| SHA512 | f28ccad641fa47d49d2863b190ff7ece6f70c6851b5b56ef1c60e3832c605ee2c114df92ffa5ece0ac54bf64be266a821ff1d355f52bddcf3b11ba41daa90258 |
C:\Users\Admin\Documents\GuardFox\ZVsDYq3Ch4_MMg9aTQKTVxSw.exe
| MD5 | 2b4adc35b730436cf337d1afdc913df9 |
| SHA1 | e5fe0fd80e1b21eb81e153732a271e909ec4f1d5 |
| SHA256 | 08f1cd68f879f4be83cd9db74643f1ead9e956bea1d5146f3dc46ba911f5a9d2 |
| SHA512 | d9fb270c8b87d96f78b34002ffc364d7665308d52342bb9794bde9f9631494c1695c895178de2501a4be8b6bb4965b163bc72a5b6ee1089cd03c69a020dfa25e |
C:\Users\Admin\Documents\GuardFox\tZ3sF5t6fvcIb4OapKTmlR3J.exe
| MD5 | e091b393fae6cd2780e4b9d40a911bd8 |
| SHA1 | 1ab6c2d9d04170f6ba420238add82e5818701c1b |
| SHA256 | 89b518ea7b5cc6a622229a2231eb8a61a43e911d7ec5a7782111e2ad27bd670b |
| SHA512 | 818c330be673b23ece1dfd3e60096a4cf423351548cd22aae5be26d50e561dfcfc730292e902ed5839b677b3f1a24ce0afd2443f4723143d5d8d6e7fc9cb54b2 |
C:\Users\Admin\Documents\GuardFox\o9cQpsoPKZEcwzdpOEEfjKS0.exe
| MD5 | a9e6e3919d53f3d7287b336dc0eea738 |
| SHA1 | 7cdfbdc6e113bb9bb59c9e8f2012ab1ce40a5ecd |
| SHA256 | 1102c62357a314344e7c5c98610160d5941d1cac1fcb6d92c9237ff2055754fc |
| SHA512 | a86ea183968695cea6b8f66b65f9da68271ad563e551001713ce54076433afce9e0e975dc26053eba4e7289fc685711a27927b14773872101c24ce43b9f82c51 |
C:\Users\Admin\Documents\GuardFox\871sk2dTwl9pwQmcSy9_xceI.exe
| MD5 | b110d42f488f666e3911d2ce418559a6 |
| SHA1 | aa0d163be3cbb90ca714f769b77a40cab9000ac9 |
| SHA256 | d853be0e0dfa6bf2504101ad99c01c28bd1b831a16cb1dddfa821c6dfddab68b |
| SHA512 | 061401281a869543cf89649a2d506dde705469552ebcdda27a383b39be914dddda4857342de8ce14d3cac6e971e4d276278647de1f7d892d21801acc9fc0b52c |
C:\Users\Admin\Documents\GuardFox\mmWF8pTdNbMuhIEYX62D821t.exe
| MD5 | f0d969a8713a20db4815499bc14a010f |
| SHA1 | f0c6e5fb8434d2b80c2bbf8d47850c31760a1cef |
| SHA256 | 96bbf4fbd5076f8415a0b56b5066ffcbfca7ec9853d7fc2956449f5162bcd8e8 |
| SHA512 | 064d5010920d4b7efcb6690d77acf816d995c533297bfa68eaa30327e7f23fe2810b11e6b2844a1221871fb1a42242c925eee8dc89bccb026a575c80d2ce7bfb |
C:\Users\Admin\Documents\GuardFox\ruG1blOZb4m4OwsuHDO3_mNX.exe
| MD5 | 46d4bc71ce67807a9988d01cb8039aac |
| SHA1 | 1b482db59bbd995ef1430748042c99c98a436945 |
| SHA256 | 4a8cf9e3fd1f6ba07930f4ce1b1aa5c64b160f18f3ae03688c1f36536b749017 |
| SHA512 | ad4c6e62aafbe9f828bf15ed16d48ad8af63765b4b6c8876f1b9f53f8141361948eda0337100936568a38415a00728997a4e997d11398cb9c9851c8d28e7218a |
C:\Users\Admin\Documents\GuardFox\Rr3Jv0BhakXDhheSTJsxXuTs.exe
| MD5 | d22136ad0c154dc6ccb32a17e69d03d8 |
| SHA1 | 0b0d79fc4dd9e741187beaa0be6ff0fc5b55017f |
| SHA256 | b299202c0fec08715a53ebb3a336f457eb4b274ddad70177f34e15a6e5f5d0a2 |
| SHA512 | 403ea7b582142be14bcfd7dc951a4e87477b00cc42f16376b0f061645113c35ca317a0f27ec7b102c694f9d114e6153498d072fd36541d725737637ed0912ed8 |
C:\Users\Admin\Documents\GuardFox\bd8oqd2X_KNvUIchBGw_sNLU.exe
| MD5 | 7c84d4b61805ff6356ecc523104019bf |
| SHA1 | 1aeb53be5800852de6f949c04c6ebabeb38198d9 |
| SHA256 | 8d4abf4a865e9c315ee9b1bec15e1f932158f75320af35df0c89bcd3e4bba593 |
| SHA512 | 7588fd954d17e64589925df2578ecb8e587c3ce87a7686d30aef7676d738b5ee95cbaa97c6d3d9fba5543f7e5539a7bb37702ceeed912f66505bab00ff5a6267 |
C:\Users\Admin\Documents\GuardFox\rrWr6EtlIuK_vq7EqTglUb8N.exe
| MD5 | d6ecdf43edf9123acb09375a627b86c1 |
| SHA1 | 8fbacf2b434289cbaeb54f31e636281a1ff19965 |
| SHA256 | fa3d9b5fb22881411e0dfa30e82aba7109f746e3179077eabc9a9b8fa382f436 |
| SHA512 | 456d8b7d5a35a67ed04b2e140beec678b3686273109ea2c3cf3d192b2e631cb03cb32b51e065a8d2282f032013a702f9a19f40f21587fbf5b36699b43801fbd8 |
C:\Users\Admin\Documents\GuardFox\GrOwuxn9g3h_LenoAnfzARTT.exe
| MD5 | 865a88f7456d441513a11b9efd206df3 |
| SHA1 | ee656bfb63d0c4abdac0444e5a253dde62541f87 |
| SHA256 | 27139a8d4192daace502890b616324a3e064e53bece3f86af60d39b083318d5d |
| SHA512 | 58850677d5730a563557d78d3da9b8e9a5aa0b6b61373571820cbf4496b8ec5c8ec4e0b803a7dfcb5d42667c6eccc68f459ec391989998bdfe38d1d961aaa310 |
C:\Users\Admin\Documents\GuardFox\hwvf9I3YuZpp59caz_02tkYa.exe
| MD5 | b91b160b4fbc76d07527b82598211119 |
| SHA1 | cdefb4ca4addf2bdce894d6a57010f6e271d7203 |
| SHA256 | b84f3a75b88843f496ee68209d2cbafddd9f3f59b95656f40d4e396694dd11b9 |
| SHA512 | 394291cdb40134cb62b6e2180b3ad7c9abdc2a78154d3e4e26e5e3d3c243b99ce316773db512dcaf81df4d450d5e71b4c42d454ea0d4decac2bc86345b4e73cc |
C:\Users\Admin\Documents\GuardFox\gXZVCk1BZlo0mniV8eftEhbm.exe
| MD5 | fdbf8084996045ac57c012b159f1a1ad |
| SHA1 | ab3bee1f88be71462aa4f11c6ac3878e0a82941b |
| SHA256 | cadc762202efc4bde4264f80c76fcaeba83b3fcc14a8db2068adb97e618a6ca5 |
| SHA512 | 9cf2c8ba1f457e59da248bcafff608ff6312c6a41c820d1236718ce66ccfee24ee0e94f9eb628323e4733d424615dc76f88a2a176c95df4d52181699f5267fc7 |
C:\Users\Admin\Documents\GuardFox\_q2vD9rmquvw9BRa8wd995tb.exe
| MD5 | 1d5b43bbc1e9af49bb2f221e7839a623 |
| SHA1 | 02588745fc68ba0356d68bbf17ab57d070dd4b55 |
| SHA256 | 110890ab6cfff16005ab79db6096fc468be23f1918d9d9647366798a798b7aa4 |
| SHA512 | b6e2f48a940671806b9a60937308a4fb68880b70310d8573ab319196ff95f0b794f95ec2772ea7cb7c75a70f2f6ac461ad19bac8b6fad8deb444aaba14a25f41 |
memory/2780-150-0x00007FF633EC0000-0x00007FF634904000-memory.dmp
C:\Users\Admin\Documents\GuardFox\zS8yXorgB6vI3hIuvu6cGp8B.exe
| MD5 | 128b45be2df32d310a7299512b80dc96 |
| SHA1 | 1910eda06b3e6594db7e3ad10539d1c596697467 |
| SHA256 | cd031a046c508d4f1e37d627c95a27e571a153c7c625493269eddb5c03fa5237 |
| SHA512 | 413b76f35ea72d8e8f668c71be27c8d6684c0977559b49d93fab933683aeb5dc1fabceb81943a0e5959c4cc35cdb99bb7830c2c9b9dd76c8250f7cc233629bf6 |
C:\Users\Admin\Documents\GuardFox\c3AoZYpYAN5y_5E0jn2Xw5Yh.exe
| MD5 | 0d2b358f70d299adc56592f9d8cfcbd0 |
| SHA1 | d8f8d272a2fbfcc0669da5bc90b10767db90d00a |
| SHA256 | cd43cbb1f13886f5c6bc5ef0e35f8c3eaf24b69c72bcc7152c56c41e8e3cbae9 |
| SHA512 | e5a9db5a57be3d0297dd0b6912bd41a2c3312098d0e17c6d614946b8dc63ad2cae6297a6012126142b17f86f9f4a9df86b6292f83a16519d9b2315ade75c8463 |
C:\Users\Admin\Documents\GuardFox\ULeuvS6KQfIm0_cpAv6oSGUC.exe
| MD5 | 6bb163a61c8de4abaac0a57838a1d8d3 |
| SHA1 | 6fc715ed763a9b8895a76d3c7ca2dbbebf6bbf75 |
| SHA256 | ad7147f9afc45009f28f4926ae340d61c18e5111881a64ab5533895c804f8bf6 |
| SHA512 | a76ea48779c1e40ab648da8fd9cc00d6c471c747f51bc0c6b2fe2ae8cab9140d180b0a83ce553ba8c3019994d9d6bffbeb93c3b16acc99533d807c2199e6df8e |
C:\Users\Admin\Documents\GuardFox\C3x1e4ZsTyHsRoZe2nRoREFS.exe
| MD5 | cc5db91953eb3833af4ea6348274086e |
| SHA1 | d597da6f2a7653967c7b720155cf3fe43bd068d6 |
| SHA256 | d136b17cab00721b96addaa2c147cda7da145cd49c1439854f3033dc52de604d |
| SHA512 | aa0b71b71f332576cbc2718264a4d54144d716da18daf5f32f2c1980e27c6f33fc7fe9aa00b1d7c38fe2016a02c3ed4eb8d17f1221cea9c2d1a64f93b8033d8f |
C:\Users\Admin\Documents\GuardFox\ULeuvS6KQfIm0_cpAv6oSGUC.exe
| MD5 | 6ec83770852f048bb953b577d66acd56 |
| SHA1 | 9eef677562f5460df6034f4668b144cc4435d7cb |
| SHA256 | 609fc4ecca8abf0bd00b9d3d9ccb933dbf0bf035748befc4aa87a4f77f7a96c8 |
| SHA512 | 73cfdd327c529b67d41ce2f1aaf9c9a4f37ca5bd15a51b8d695e4d9caa7743639f2a54d910490bb022d2ff1c4683030f42ae1e12cf916582a115cd5e3a316079 |
C:\Users\Admin\Documents\GuardFox\Rr3Jv0BhakXDhheSTJsxXuTs.exe
| MD5 | 854100a3721d654dc7bb1125c1fbfdb2 |
| SHA1 | b9b3e1387340fd93a6c5ca77c0291cfcded2ebdd |
| SHA256 | dc74e0efec6b121e3e0b851cbe018aba37cab524d3762c5c7b91ec9005ad5f99 |
| SHA512 | 1b9d9e8bd4fad94e7196918c5b08ff589f27c37c65849b2a889e41cdaddc726a3e080715c4ef822164c8969e850d07a27e3e58ab462d831c57d2ee85f55ede3b |
C:\Users\Admin\Documents\GuardFox\2_PhPUvgZ0vJTIk2ohYmPx6i.exe
| MD5 | 424f1ee1eef31285fd4ed3d07b2cc9f3 |
| SHA1 | b20929019267f1ba24b73cc49f399ac5b7914b26 |
| SHA256 | d8359580d3509abc71dbc452b643e889ba5baa579e3aa8de6a891ac238f1c44c |
| SHA512 | 791ad3e5e7620c5dda6256d2e14abb31e18ca1f37bb6ea69c2fef00ba9feff405a8eab1f47ac7140068c0ad42e9fb583a328566a9e77130f6224683fdd9b9d4c |
C:\Users\Admin\Documents\GuardFox\JHwdRTPiVjZdu1uvZ4wHzsJi.exe
| MD5 | 747f26fac411f9294d8f7e3b57e18687 |
| SHA1 | 3eed9f044663c335616dff999d204d0af5828790 |
| SHA256 | 4078860583edb9f1662b1645d2868f8f8992ce5b93c599c0492ca40f528f536d |
| SHA512 | 458ec8b1602185125fde38c9d4427d6f92644d41a23942b85cc68312ed53174fa5658c17911d7ae8f30f2ef225d6962da58330dc915873bf040762915d0e786d |
C:\Users\Admin\Documents\GuardFox\ZVsDYq3Ch4_MMg9aTQKTVxSw.exe
| MD5 | 45b383b7ccc74def38ffd1622085eae9 |
| SHA1 | 9a2a42ad0a34095e15d6c6fe9ae312df0791c364 |
| SHA256 | 7e8ad9d74d32efadf47556bf7b1ac2728eedc04cc364a11c3da4be78e66bfb4d |
| SHA512 | 6c4f2915b75e49cf48235b7f7004efd278f130a7b66a2db2447655d0145274e020b552b906313ea6fc932a7c084a00afe9c26e33cc70466b1b8cd09df9fbc63a |
C:\Users\Admin\Documents\GuardFox\ZxEIsayTB1ELKzR7mAA_z6yQ.exe
| MD5 | 970200a3bcfdc7f5c665e8d3e657e204 |
| SHA1 | c76fa6c153e698840dd5adf4868718a23e40928b |
| SHA256 | c59ad7d632abbbdcc7f018f21012d59046abc96c9ac40456817f36a40d1ecaed |
| SHA512 | 9d2ec5e0a05fa6804f8970fcbd1be4cac806f52e63767b09ea0c61e14b37c1a1722adb88bfde4c5f3b2edde65a623ca7b366781bd3691a07ff6f0319e20bcb9a |
memory/6040-666-0x0000000000400000-0x0000000000414000-memory.dmp
C:\Users\Admin\Documents\GuardFox\2_PhPUvgZ0vJTIk2ohYmPx6i.exe
| MD5 | 1e429296417bc0f1a903e1699b9eebb9 |
| SHA1 | c09785a034e8e98216b4d97d7144ec80523f4401 |
| SHA256 | 949d9c498ba2077e67224cdca937cf2e5537d0c6a338384c570c5f2694f8319e |
| SHA512 | 80f49b21a8a5204f54aa4e80d648e1cf535f73ad35bd51582a859eec8a4ac6db01730e9c78d7b67277817a636b2a2b1cc51da6d3504145ad2f6afba3785c2c56 |
C:\Users\Admin\Documents\GuardFox\ZxEIsayTB1ELKzR7mAA_z6yQ.exe
| MD5 | 87f900e5b83f0214f19d2b372f9e03d5 |
| SHA1 | a94bda1ef21bb432f2d917be1ab06d760f4cfcfe |
| SHA256 | 3e6246340f3899ab1d129331ede86b71a6a4c9de5be97e1750f08864b720fb5c |
| SHA512 | 7e022fa03eb18dd0ab5a03dd2975c5d42972df6ffcc6270a1d7f1719787a9273c727c96f7b8d99669667b93f83b9288cb332d229a3d2fd6f55aac3b01ed04d07 |
C:\Users\Admin\Documents\GuardFox\C3x1e4ZsTyHsRoZe2nRoREFS.exe
| MD5 | cde97960c2cc3bc19045889f57bcca4f |
| SHA1 | 2bd26bf93e012a44faf25fa01c858fc918110974 |
| SHA256 | 596f4da22e1d58e263ed8a636f1fc1e1e17f4f39e20301bd54664df43160ad64 |
| SHA512 | 14ecfba9cfc6de903c0d77b20c7c78576d8d6b671086cdd31131d2dba24a76881c38afbfc7836488fbf92154dfee8fd51909216e8e30d3809a8c7ceed1392ca2 |
C:\Users\Admin\Documents\GuardFox\o9cQpsoPKZEcwzdpOEEfjKS0.exe
| MD5 | 7bb4e4a54b72722f877b062c4cc9dbb0 |
| SHA1 | 5990baea57f927098846df41a8ed886b162e4eca |
| SHA256 | 5c4f585d378549286675445ba9b1861c0a5b2a6496fa37e10f89154056f737d0 |
| SHA512 | acf70c85b2409ed49cd9801c96816e22dc1be73d52d7f9178a5559479342d6b4b8b43f46fc27f95c02b07fffcdef090ddc93b50702d546fc6770c049a79eae9e |
C:\Users\Admin\Documents\GuardFox\tZ3sF5t6fvcIb4OapKTmlR3J.exe
| MD5 | 314500fd409743d9364883e4b1af8783 |
| SHA1 | fa8041ee5c74ae68c0e56a4a5bd438ca52551c16 |
| SHA256 | b85e1892fc51e3797e8ba6625102bffe506cd0da71bbabfc596a851ab0b99523 |
| SHA512 | ea257b5ae42613aac92a2b8c68aa2e82284816f3ee7dc8532293ff22968ce86c55801f096a42fb5deba865cd184e62e4a842e28cc059f0d31136fc91d9ebb46d |
C:\Users\Admin\Documents\GuardFox\o9cQpsoPKZEcwzdpOEEfjKS0.exe
| MD5 | fca4cc91019a946c83b6f7dd76d3ab2a |
| SHA1 | 688358dbfbef3b6c863bf1e920a3ec68dbe4e7c0 |
| SHA256 | 7f45d7838f6a91b82c226150daca6bf9205cc604e044906d8751959479e2e22c |
| SHA512 | 0d2312eea3c4878a1c5095d9a69067d940732d847d31bd233d72ca540e7464685fd78d2a395e610894c7b4f77dd97be933dd6b98e7e09e15971466d624ec9f5c |
C:\Users\Admin\Documents\GuardFox\871sk2dTwl9pwQmcSy9_xceI.exe
| MD5 | 2fc91bfe0c7f6b6f293665a4fcbad232 |
| SHA1 | 74fb4070e7f24ac483cdb17acd62dc0c93a3da9e |
| SHA256 | 74320d64e18f50950278670b6c7c5ca7ec5820c775b600435fd4b8001587ef5b |
| SHA512 | 5c495bf0c850916d20877a358099da0e4ee1d3eef8ca52cffe7c692c59a30c6174f2cbe792dd47b686a1f45553f3fd6d6ae30f7baa22869d46196211f12a0879 |
memory/5564-610-0x0000000000820000-0x0000000000D03000-memory.dmp
memory/2780-675-0x00007FFDAD1F0000-0x00007FFDAD4B9000-memory.dmp
memory/2780-678-0x00007FFDAD5E0000-0x00007FFDAD69E000-memory.dmp
memory/6040-681-0x0000000000400000-0x0000000000414000-memory.dmp
memory/5732-690-0x0000000000490000-0x0000000000590000-memory.dmp
C:\Users\Admin\Documents\GuardFox\hwvf9I3YuZpp59caz_02tkYa.exe
| MD5 | a92b40673022e3af2faf70250151260d |
| SHA1 | 4237907911dbb42151807302edf1c57094ea29ec |
| SHA256 | 6b5ea284f39998b5f221d8cc55987586b35e89e3c9125f4b700ebcfcd839ce76 |
| SHA512 | 5e9947d58319c5cb7eb1f515a69e672490db34fbc0c15d3ee53b564095341baeaa07542209baea7090c5e0ad596980010135b15ec67c57f9fb350d280f766881 |
memory/5244-707-0x0000000002010000-0x000000000209B000-memory.dmp
C:\Users\Admin\Documents\GuardFox\hwvf9I3YuZpp59caz_02tkYa.exe
| MD5 | a20d22aae9350b4abf5a2d14220cd07a |
| SHA1 | ad651adeee61364e1d2d4ed52d8cc44f58805c56 |
| SHA256 | d424e973f606965b3bdecab7cdccf54565080ed537c94be51a4b1be1c9eae037 |
| SHA512 | f3ddbcba789c8d85fbb08823a2421285af3ae7d391af720d99107e7797776b11d0d69dd7fc813163d2ae7996dcb35ca85464a6da175c501838c97daee820533a |
C:\Users\Admin\Documents\GuardFox\c3AoZYpYAN5y_5E0jn2Xw5Yh.exe
| MD5 | 63f4ea78e4fe4e6f988df948cf33661e |
| SHA1 | d897c4a103a35851a2c8e01c4cee4da0fdda449b |
| SHA256 | aac5eb0d2d7190ef96d46c9854c4bab2a74843ee24d71e0526c0d8707955cc8b |
| SHA512 | 17cdf1d3985c17e8eebb3f4c2810db3b3d49487ffdb5fcdf1ccf4ab982294ebe1f8ba0ed5ad8e345f0b6eb4ada944c7f85bbfe8d98dfcca6242b220e2d9fb974 |
memory/5464-916-0x0000000000480000-0x000000000048B000-memory.dmp
memory/5464-900-0x00000000005D0000-0x00000000006D0000-memory.dmp
memory/5720-833-0x00000000007B0000-0x00000000007CC000-memory.dmp
C:\Users\Admin\Documents\GuardFox\c3AoZYpYAN5y_5E0jn2Xw5Yh.exe
| MD5 | b8a5528ee826375879020179affdc99a |
| SHA1 | 4a463a7200ad36e9220e2f21421944ce984dda15 |
| SHA256 | e109e2bd6a67cb4a9903b5bf79b89ff9aa0803f200011ebe235c2fa28c7cd004 |
| SHA512 | f7665ae9cf1f230c7f5a6df18c8053efe7529a93231dcdfa0e746691e3df4d05bd921e62f5fa0158624c20533b1938c2bff256aeb76a77c8b0c2d838d01302d0 |
memory/5720-762-0x0000000000850000-0x0000000000950000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7eDl.cpl
| MD5 | ab9b1d2a6b1bce8d7332f3de9ef1bf60 |
| SHA1 | b204105cd357ba6e2e0f5ae3c1e4a7f0bf5afb81 |
| SHA256 | a7022b4b10abe3feaf91a445e70e7d7ad9b4142720bb7f5677d959f0470c049b |
| SHA512 | df173a61c678ff3727e3b720fb820483a9b53641dbc0153719b0cac8c0c8d29f8bebb172838f694baf2c6beebdac155da53e4322dad7470448a92d570f808a56 |
C:\Users\Admin\Documents\GuardFox\bd8oqd2X_KNvUIchBGw_sNLU.exe
| MD5 | 8e051ab6b9159a1f11ac47775a988c38 |
| SHA1 | 2d894c9da1bd5731460739335d1f9f63f0052933 |
| SHA256 | f07ecc77e1884844c4a70bb96371bf2f42abd62e609f7305f5fd16fcee777cef |
| SHA512 | 87345fc77093fc7126ceb15a2d9a29ef477423a634f0b9edea609de99bb346c8173e56014c92f5ac85025c52ef30e6bf7653488f5cc8c32a8e7ba34e3c77d5c7 |
C:\Users\Admin\Documents\GuardFox\Rr3Jv0BhakXDhheSTJsxXuTs.exe
| MD5 | d94323b48e864172d283de59f6e0c8db |
| SHA1 | 6876dc39d32b4a2576f8a44eaa2883e820f67bd1 |
| SHA256 | 4692ab68fef6e4312b911cabdde3d963b26ba2588d3c146cc42268a3c569907e |
| SHA512 | 539a55ef78facde791cc84e40cd04d4b93490387dc5e9053d6e688157d603fcc12630d50aa358fcb05b4985821ef6af5d3a252f4103aaf00e13b2c2c4848cbdd |
C:\Users\Admin\Documents\GuardFox\Rr3Jv0BhakXDhheSTJsxXuTs.exe
| MD5 | 0fada396214ee06955066d5715679b92 |
| SHA1 | db4fe835ce7d273fa0111bef766b3146b8eeb5c6 |
| SHA256 | 4c36eda2171ff921762c38bb11f767802aabc0ff04529f18d13b8a4ed9ac2450 |
| SHA512 | 43fd7bf0e902de8283729476b55b4e9694a6f441b95c511e8d397b5c8a5828a7e82efb4a848bca7382b6aab0c630e7354de8818d461bd9591044d6347f126b10 |
memory/5732-733-0x0000000000400000-0x000000000043C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-N6NAR.tmp\_isetup\_iscrypt.dll
| MD5 | a69559718ab506675e907fe49deb71e9 |
| SHA1 | bc8f404ffdb1960b50c12ff9413c893b56f2e36f |
| SHA256 | 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc |
| SHA512 | e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63 |
memory/5732-699-0x0000000000480000-0x000000000048B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-4FE62.tmp\ZxEIsayTB1ELKzR7mAA_z6yQ.tmp
| MD5 | c7f5dcc54f23de2003bf42d268262274 |
| SHA1 | 3cf03589aaaf782ccea772870172a402c9b4b37a |
| SHA256 | a394c2fc5c4bead183071b02e84c430de58916dc828f0eb2249aa5aff53f99e1 |
| SHA512 | 670269e9b5eca0e6cbb213a4380cd71d52b6194be61af809b1571c19fcf682c1a9c68760facb4c642d45133b90d61bf1960bdb9ae231b0d88244e2dd6b4dff8c |
C:\Users\Admin\AppData\Local\Temp\is-4FE62.tmp\ZxEIsayTB1ELKzR7mAA_z6yQ.tmp
| MD5 | 15fc617ea14cee3b753839aa41994eb7 |
| SHA1 | 09a9be3926d55a0c4cd682a43653101d88246e85 |
| SHA256 | 2078a504a953ad75527ea34e37a226c5737bd28ac8631a22b05bf4d43385f071 |
| SHA512 | 1dc8904ea14aa464b0f9a1525a514ec736654d77fcea2147dea9739f2a0785ed3c0fca1074a034ed2a0545f899d61fdc83bce0fe972896ba974334f2b07ef0db |
C:\Users\Admin\Documents\GuardFox\JHwdRTPiVjZdu1uvZ4wHzsJi.exe
| MD5 | 876748e1e16d48df8b9a278bf51250ea |
| SHA1 | 3ac7d449e03586025d924dfada4eb825ce76cd20 |
| SHA256 | f941b4dfcddc4de33d4828ef1d82f7747a610404d82112270da9b72e6703d233 |
| SHA512 | 1d9220f1b209d9be0ac199a218bf701267b66c4d150aa92c66db161f1d00904b52b6accf0e294f6dd16959709665cc47ef5674f9b7403959035e0008a1ee19f0 |
C:\Users\Admin\Documents\GuardFox\nhi1SK0Vvbcyim7lPa1I5Q8w.exe
| MD5 | d9540f23e790747e6b50ebd4a303c1a5 |
| SHA1 | 7d255f42c4d285da23b024b229830bd37bd71318 |
| SHA256 | f45d1a95054f346a725ed74005beae798af1f5422a1572b73fbbc35cbdfe316d |
| SHA512 | 3cd7792cd17c67c96d7952ed12ca4e4030de169a73658fe07365cd15cbdea7c116708ef247d1480ef62ff96fcc2539f1e6c4d0c7f90c60f9ceeef8c7afc0517e |
memory/2780-672-0x00007FF633EC0000-0x00007FF634904000-memory.dmp
C:\Users\Admin\Documents\GuardFox\_q2vD9rmquvw9BRa8wd995tb.exe
| MD5 | c0af2fac66bd22ccd24f96bd8ff82e83 |
| SHA1 | 1d47382193dfef92aa84363c26b745a910fc642b |
| SHA256 | c94808531db86533c6bc95379f75cb9385923d9f19f6b3960cf5af7a990b7abd |
| SHA512 | 0dd3eb11d171b28ab199d86afd672ba416ea739251756bbb522f44462af7a7b5fe7a1b4c5c4932643971ec9478f3bf9defc8aa938c96206260be81fbc81c25d8 |
C:\Users\Admin\Documents\GuardFox\871sk2dTwl9pwQmcSy9_xceI.exe
| MD5 | b0e1ee71812bf09622d3df6c4e19c714 |
| SHA1 | fa97926ce3c1b03cc6d3ded689d05a16c508f820 |
| SHA256 | e99f8c8587e99cda505cbbe19a513b267e8ee737afc36caa61d3eb1a76ab6b59 |
| SHA512 | 8719052623b2377197d4b5bd2f10caf6931648cb2273dd46c76686f9426e86e5a7fca8c165e0e0737740457a014a54aa2b4a67af8b8842f896c5be69cc0d1799 |
C:\Users\Admin\Documents\GuardFox\nhi1SK0Vvbcyim7lPa1I5Q8w.exe
| MD5 | d4b885fee063bfbd37b33a8a18e42e28 |
| SHA1 | c5008890800311cb28cbd0d4e89d7678b2815468 |
| SHA256 | 4f61b1aec4097037186160cd4a0b5c7b33dbf2df1f1b67a427a42d8982a43ed0 |
| SHA512 | 5e5ff1f771b4eb1b1b5deef99551b230abdb7c51ae084159893bf6592d96c25df63d93257607304a05a571bf7823c676f06263960bbd2b466b7c085b83a1952d |
C:\Users\Admin\Documents\GuardFox\ZVsDYq3Ch4_MMg9aTQKTVxSw.exe
| MD5 | 8f0a1303e720cde60697e527726fa021 |
| SHA1 | 8980b0c908b8a229c3fbd25b65770fbfdcb40b8d |
| SHA256 | 3522edafe36cd8c1d314e12f48b02acbe4aea3da4b741315680262ec9535b89b |
| SHA512 | 2cb6534d7dac85b7ba9a972e0c3905a631a0493274abed7a8a7ba956b9293c48e27032620379b78fea83ebc1d088077c14fd0f4e4fb616cbbf1305e835448831 |
C:\Users\Admin\Documents\GuardFox\rrWr6EtlIuK_vq7EqTglUb8N.exe
| MD5 | 1b8d4a72128415ed2614fb7a337c9a64 |
| SHA1 | 93fb3bdc00cd66148f6bbd5d7e8cf63d1fedb350 |
| SHA256 | 8aad1fc6d1c92e1376ed36c3ad8730feda51883d3b7b0faa4ed43516192c0d8e |
| SHA512 | 7755918b23ed92d8bd5e910e5ba95f489bbccfe8a8f8dbb5b53b2040d260b6b78e67a3ab5bfca1b254289b1853b945dd7f6bb6eedc1e23ccc7579c3501ad4d54 |
C:\Users\Admin\Documents\GuardFox\bd8oqd2X_KNvUIchBGw_sNLU.exe
| MD5 | cbcc1020551de305c9e0e68fc57845a4 |
| SHA1 | ff52750d71f10aa1662d4693943b115d43ddc1db |
| SHA256 | 54e141b86f922eabb2f20c73425d251cfd7bfe39b06536e70f8050b3c7d585b9 |
| SHA512 | 64f4bf012b424f76fa201ec05d5f781b9bf1a07615d5881bb38b0a8c34e20b6942b9e35552cea9b61705b1dd16cb426c96a243f1f5dafd15a06592e823fa9f64 |
C:\Users\Admin\Documents\GuardFox\tZ3sF5t6fvcIb4OapKTmlR3J.exe
| MD5 | 01af3741843e8c6d2f029d00a09cb19e |
| SHA1 | 310e878b071991fd0cc1bfbb3d336062523ed1b9 |
| SHA256 | afe0eaf505a31ae9310efec93ee92e33ec931c872dacd0f3cc5b8609da0044ed |
| SHA512 | 5af3eb9867b620a2949aada75b243867720684451003e4aa2c18a9365c450d9addf5f0fa54fcef5803cbeda629b197b1e1cc90ef3eafe5acb94e7fc3331bd32e |
memory/2780-381-0x00007FFD80010000-0x00007FFD80011000-memory.dmp
C:\Users\Admin\Documents\GuardFox\c3AoZYpYAN5y_5E0jn2Xw5Yh.exe
| MD5 | 091e7d6b1d0f0998a327f7e3fceeed30 |
| SHA1 | 5858ba692dbcd7e9c1ae99b2cf1efa53f5d8ef53 |
| SHA256 | d0ff675b57f4ca16613ed6fb8d16c7487eda26496f79072636e5227d4d5d0a41 |
| SHA512 | 389017d2f6a86a31935fd82ee203ca1c27eed43ec414377116cac4c4a4c1869c48dd32828178e1f0e4d885f1c512c183f98d6aaffd11fce1ced4f2b0eaec2854 |
C:\Users\Admin\Documents\GuardFox\gXZVCk1BZlo0mniV8eftEhbm.exe
| MD5 | ed607feadfa957ce51680950f60e42aa |
| SHA1 | e2bb5cd0d9368cb654b6c877be2102a6f5fced46 |
| SHA256 | 034be83ab3f2234923b4e5d1e1afa4d12043347635d4fede8fa51bfa138e2450 |
| SHA512 | c5dd922f0e375e404ef788b05b91afc721ee5715d48f41d21513e3ba4939c3f1f827dde2fce43631285f25c6ba57d38e94a4ba6565d8a72da19e440562f82f93 |
C:\Users\Admin\Documents\GuardFox\rrWr6EtlIuK_vq7EqTglUb8N.exe
| MD5 | b7d3df5eb168e2cdc90ebcc13023bffc |
| SHA1 | 76785f0b0721fc275c16090c68667f4c173d0ddd |
| SHA256 | cdd29bbdc03e71aa5d94455500be9c476673bedb3834585bcd5266d787d1136f |
| SHA512 | 7cb112cab9443b5c3ed5d55636d35e01e5287acc9e92b2c84c4381433c0c6213162360eb77145f0af693cb64d1a747fe4bfc73c9c9ba54e702195bd8204aebe9 |
memory/5464-932-0x0000000000400000-0x000000000043D000-memory.dmp
memory/4668-939-0x0000000000A40000-0x0000000000AD8000-memory.dmp
C:\ProgramData\TVTunerClassic66\TVTunerClassic66.exe
| MD5 | 251b11a6c24c2f8fecabf5a4c163155d |
| SHA1 | 389a0cb8858027d1f3c54caecf0b6d5965aad024 |
| SHA256 | 715bd088ca6c620e18950fe81923a19da40a309314c5d17520bbf0aa5e0b0e9a |
| SHA512 | 564267be62d0a8da1a2f472f4b63d35b57403644a93cbeb7ad9e302f18076ea5049dfdcf00729cec2dc2e519e7fbefdcc403c50030f3e78888e05118319dc2d4 |
C:\Users\Admin\AppData\Local\Web Resource Viewer\webresourceviewer.exe
| MD5 | 554b36a7abbe93a2ecb3a77ae96b9d59 |
| SHA1 | 0611e94e30c62a9896c99ce797cdc6f42bf3e5f2 |
| SHA256 | f2520ec27a6f37406f5d1099cd3a8bce4f1b4dbd3cdda9282544f7a357761e6b |
| SHA512 | bb32fcc946febffcc0854d9bf3a6a3bf5721bff5912711dd91b86ee621744629d83f1f55fe675eac497862b8ca28ddbb7a1738cae98d46d9adc2c5c55c8555a3 |
C:\Users\Admin\AppData\Local\Web Resource Viewer\webresourceviewer.exe
| MD5 | 42b8c03d670d61d236561472423750da |
| SHA1 | a130343847afb7d4d0d4c057d6b03e5309e8db12 |
| SHA256 | 7b12b73eefd32038acacaeee17d75fdc6034ce0468becb4351342ca533248d38 |
| SHA512 | 414791032486d8d81beea6f0b099401f71793ae21dceb5002718c81f134553ca78dec75869526f9e40de28dfbe875cdcbeffdb2bd38e24f5f36bbef7d224f725 |
C:\Users\Admin\Documents\GuardFox\C3x1e4ZsTyHsRoZe2nRoREFS.exe
| MD5 | 6759e4f91dcd8e8656a4868754846b97 |
| SHA1 | 281544552910ceff25ba041d7a1aaa9124aa2093 |
| SHA256 | 18c0d6409af840417ae73dd9d0c69d7169c70333634a17f5e25833e95f3c8bdc |
| SHA512 | f952a4a12fb4affd69ac1b7393308874f09e3251bb43654e49848df67ac41d807f825eeafd4e8b1f411195fd442882c9422e1f2535da7eb6d21593e693231c43 |
C:\Users\Admin\Documents\GuardFox\rrWr6EtlIuK_vq7EqTglUb8N.exe
| MD5 | e361fa252e7e2d8bc29a1280590342c1 |
| SHA1 | dcfd6288b43e6f9225e531a9d566fbab9618016d |
| SHA256 | 85b0731684ec2e86c688306f7fa10e224fec622808c552f9b8d1f22d74e8f949 |
| SHA512 | d69ccf9bb7f6a1828d8af900afaf04049c573de567418c89721fce3b8e69d108c1ae9115f1a5974ce06cb3a52ca6be6fd7d503c0512ca957253fee798cbe51f2 |
C:\Users\Admin\Documents\GuardFox\ULeuvS6KQfIm0_cpAv6oSGUC.exe
| MD5 | 0b419d8c66e1c947b9c916093e82ecaa |
| SHA1 | c0cb84f3fd88be7e169deabbf4b0a52e41cdc8fa |
| SHA256 | 37d76c9a38c35b80ac296681fb9e53e4fe4054e6035aa18f45aac1c39f215ae8 |
| SHA512 | 5e00d525cc3a2186aed534edee808f9c73bbdf1c1a60e7b234319fe04d2c22e4ea4a16f88aade6120c4c2bc2ecac64ac00e5cf945724e7d10edb498ffe24fe27 |
memory/5904-931-0x0000000000400000-0x0000000000889000-memory.dmp
C:\Users\Admin\Documents\GuardFox\C3x1e4ZsTyHsRoZe2nRoREFS.exe
| MD5 | d8d2b6f55511b9180d63162b7072a396 |
| SHA1 | adccaa8591fca5e84675675ec21ca01ce3f40a5b |
| SHA256 | cbee44b5036a7bc3d8d2149c6086a692d56bea4ebf4e1e7404e53b7ec7558477 |
| SHA512 | 0851a13fdfb5414c4a00187b0de07c49ca6130a2540afb3cf2e998bd06ed6fa5617d94594b6fd89594760f4c7193f669e35662645544a989b0b814015733ccc6 |
C:\Users\Admin\Documents\GuardFox\GrOwuxn9g3h_LenoAnfzARTT.exe
| MD5 | df35b910d8c563e1ad279a6199cf780f |
| SHA1 | f512d2cdf572b9a73c4ebcff5eaca72b2a0586e6 |
| SHA256 | 869ab0dd6fc81406a7be048c207aefef220f845789e126375d80a544612f1b55 |
| SHA512 | 34c33fe242050d5f58b3e8a7982ad41f276fa08107a103f36b36a5a186d3d23e73707786395c4eb1f452f67ef314830be2887f65e46e32913f48b1083cdc7595 |
C:\Users\Admin\Documents\GuardFox\GrOwuxn9g3h_LenoAnfzARTT.exe
| MD5 | c70194ceb1a3240170e24ef632239fec |
| SHA1 | b0136561464699f40f0413972756ed449e85b2de |
| SHA256 | a3d858ec64d351600a315bfa97c295894183682258eac1a0f901f73a8ad3a18f |
| SHA512 | e03a63dd5deb6c054e45222ab4332d8030301356544baba3c521e34c49495175f6855dbbc22b992174a334ab7525c32d0abaa6d63083145365150778a0afa3c2 |
C:\Users\Admin\Documents\GuardFox\gXZVCk1BZlo0mniV8eftEhbm.exe
| MD5 | 460783ccd36efc4f94cf015f71a58c7f |
| SHA1 | 83f44aa67a06c9fe07c8c8f1a5f9452a2cd13f66 |
| SHA256 | f9ef49e76b6fcd9af763966550d97c3bff669d423ce065cbded3ad73ce069e73 |
| SHA512 | 274d38711ab114d4f7d4f313b752e3a8f3afbbe0c0196fb1fbe3211ff32d15ec708fc01b0cfc5e16cbcba3ed2625b22b187c4b948484e4b4dc742432b3ba74d2 |
memory/5436-923-0x0000000000400000-0x0000000000537000-memory.dmp
C:\Users\Admin\Documents\GuardFox\gXZVCk1BZlo0mniV8eftEhbm.exe
| MD5 | 4ff99fc91298dbc0a1404c30bb6be02a |
| SHA1 | ced54e0bf51efaf95f774ed1f92e780ba77c6f89 |
| SHA256 | 5402c5e2fe9bc3380c0cb22aa120019c1f8d2a7343fdc250d23af48105030adf |
| SHA512 | ec6a8946fd5fd5a53a60c47a194a59b2c526422ecbf3dbccbaa0628ee489ccd4bb5b37138abe451e8e25057ecebb9e1c9e3190d44e956539c5dff01328877608 |
C:\Users\Admin\Documents\GuardFox\ULeuvS6KQfIm0_cpAv6oSGUC.exe
| MD5 | 361eaaa18a4f87e160d828126caac489 |
| SHA1 | 75d1d1388adf608b809b5f14024bd7f50295f8d7 |
| SHA256 | e4a402ebae1a5060624fe928b52b95b2b6b41b54f00539be350ad69ea324bf47 |
| SHA512 | 0e5d9f58cb677a0040b7695c58a58bad6a74b771b393610cc3237df5ede3971b37fe34a86b24659578e0be40f4985fdef5bfec14d3129f3137a9332ee2d30d2d |
memory/5384-917-0x0000000000390000-0x00000000003E8000-memory.dmp
memory/2552-943-0x00007FFDAF6D0000-0x00007FFDAF6D2000-memory.dmp
memory/5752-948-0x00000000049E0000-0x0000000004F84000-memory.dmp
memory/5316-947-0x00000000005F0000-0x0000000000B5C000-memory.dmp
memory/5904-945-0x0000000000400000-0x0000000000889000-memory.dmp
memory/5752-942-0x0000000004980000-0x00000000049E4000-memory.dmp
memory/5436-941-0x0000000000400000-0x0000000000537000-memory.dmp
C:\Users\Admin\Documents\GuardFox\_q2vD9rmquvw9BRa8wd995tb.exe
| MD5 | b61ab96e0f38f53f3d5f1e0727bb7f53 |
| SHA1 | dd74ecd50226c8d88c980867ef6e582871c50292 |
| SHA256 | 9db90f8cf4686711fb45c5844868e36c8b0c7c98c89da1d9b7c735b318626154 |
| SHA512 | 967868d2aaef0d3bb3e47235df8d3bb7206d9c8a50c4f9c9b4c7fc674e3bce962c54d24dd1e99424d1721765ab37cb8858f722e939bff3f5286cbaab4bb2aab6 |
C:\Users\Admin\Documents\GuardFox\_q2vD9rmquvw9BRa8wd995tb.exe
| MD5 | d8d24cf4f1d82663b2087770375af1a2 |
| SHA1 | 3c74c701ce33d71d941fedb1adeb1c87839354ab |
| SHA256 | c0eee28a20afe4f81e4c339939f2f3d7e96827ea90e4d1679eb7fc7f57935b17 |
| SHA512 | 9ff00388cebb392376e28e8da5abdf5bd4622090b54f18c8d544aa58249a79739a0c3bd30ebad1930ab08a89e20ca63637d0d9c15f39b33687a65a75bf260401 |
memory/5436-935-0x0000000000400000-0x0000000000537000-memory.dmp
C:\Users\Admin\Documents\GuardFox\hwvf9I3YuZpp59caz_02tkYa.exe
| MD5 | 1b88e892c24124b6dc71c4d87d5cf23a |
| SHA1 | 8d0f7c04c788ca71ef934329b78138dbc92f4d06 |
| SHA256 | 9b41e2e6554ebae6ad35617de1be833c0112b7d9999b38bcc07b0ddb228fcc4d |
| SHA512 | 5ce58e18673a2685a7dfd4cfd42a026fd6ad0eb12ff73833cec8d13529661a99ea8c9794a1a77978952aa9bc195efc15573aa6a6183a643ec4f8778123d33b0c |
memory/4668-940-0x0000000002530000-0x000000000264B000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
| MD5 | 60fe01df86be2e5331b0cdbe86165686 |
| SHA1 | 2a79f9713c3f192862ff80508062e64e8e0b29bd |
| SHA256 | c08ccbc876cd5a7cdfa9670f9637da57f6a1282198a9bc71fc7d7247a6e5b7a8 |
| SHA512 | ef9f9a4dedcbfe339f4f3d07fb614645596c6f2b15608bdccdad492578b735f7cb075bdaa07178c764582ee345857ec4665f90342694e6a60786bb3d9b3a3d23 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
| MD5 | fff0e59694b17cbb3a3671c432d3beb5 |
| SHA1 | 50786b924bc9e570601da3a294b706d91ebe4f54 |
| SHA256 | 1138dca6df667a4888122e21e827bec1efc5e1ad4184837a4a36dbd82a95bbf5 |
| SHA512 | bd1f0ead5d03772c725a6f6b793cb9cab68989967c33e4e1e8e9b5236498c9fdecf37c6c562411c969b604fb88826a699a3777a13ba61c0848aef546229bf123 |
memory/5316-955-0x00000000054E0000-0x000000000557C000-memory.dmp
memory/5752-954-0x0000000004FD0000-0x0000000005034000-memory.dmp
memory/5384-951-0x00000000053C0000-0x00000000059D8000-memory.dmp
memory/2552-950-0x0000000140000000-0x0000000140876000-memory.dmp
memory/2312-961-0x0000000000780000-0x0000000001094000-memory.dmp
memory/5384-959-0x0000000004C70000-0x0000000004C82000-memory.dmp
memory/756-952-0x0000000000C40000-0x000000000193F000-memory.dmp
memory/2312-967-0x0000000076F40000-0x0000000077030000-memory.dmp
memory/2312-972-0x0000000076F40000-0x0000000077030000-memory.dmp
memory/2312-971-0x0000000000780000-0x0000000001094000-memory.dmp
C:\Windows\System32\GroupPolicy\gpt.ini
| MD5 | 7cc972a3480ca0a4792dc3379a763572 |
| SHA1 | f72eb4124d24f06678052706c542340422307317 |
| SHA256 | 02ad5d151250848f2cc4b650a351505aa58ac13c50da207cc06295c123ddf5e5 |
| SHA512 | ff5f320356e59eaf8f2b7c5a2668541252221be2d9701006fcc64ce802e66eeaf6ecf316d925258eb12ee5b8b7df4f8da075e9524badc0024b55fae639d075b7 |
C:\Windows\System32\GroupPolicy\Machine\Registry.pol
| MD5 | cdfd60e717a44c2349b553e011958b85 |
| SHA1 | 431136102a6fb52a00e416964d4c27089155f73b |
| SHA256 | 0ee08da4da3e4133e1809099fc646468e7156644c9a772f704b80e338015211f |
| SHA512 | dfea0d0b3779059e64088ea9a13cd6b076d76c64db99fa82e6612386cae5cda94a790318207470045ef51f0a410b400726ba28cb6ecb6972f081c532e558d6a8 |
memory/5956-975-0x0000000000400000-0x0000000000D40000-memory.dmp
memory/2780-976-0x00007FF633EC0000-0x00007FF634904000-memory.dmp
memory/3556-974-0x0000000001570000-0x0000000001586000-memory.dmp
memory/5384-969-0x0000000004CD0000-0x0000000004D0C000-memory.dmp
memory/5956-970-0x0000000000DD0000-0x0000000000DD1000-memory.dmp
memory/5384-963-0x0000000004EB0000-0x0000000004FBA000-memory.dmp
C:\Users\Admin\AppData\Local\Web Resource Viewer\webresourceviewer.exe
| MD5 | 7fbc23967ef0aa49602fe512801f4f11 |
| SHA1 | 9914bbe0978ba4f95b6d4e6dcc9d425b0a79c187 |
| SHA256 | 151c8e68d7f6e83dc94c89d6933100461c55ca42d8d4bf2d996afdcd15e4e86d |
| SHA512 | 978b2b6989e473fc1cca5ac34ca4744aadaddb558cd1f317af0daa9da5b8221dc30dd74155b9400a0f6947a315773443a67801b827783c28fb9920d65ec08811 |
memory/5384-979-0x0000000004D30000-0x0000000004D7C000-memory.dmp
memory/5884-981-0x0000000000D70000-0x0000000001D23000-memory.dmp
memory/5328-995-0x0000000000580000-0x0000000000EC7000-memory.dmp
memory/5732-994-0x0000000000400000-0x000000000043C000-memory.dmp
memory/5328-992-0x0000000000FF0000-0x0000000000FF1000-memory.dmp
memory/2312-990-0x0000000076F40000-0x0000000077030000-memory.dmp
memory/5600-1002-0x0000000000400000-0x0000000000454000-memory.dmp
memory/2312-1001-0x0000000005970000-0x0000000005A02000-memory.dmp
memory/5384-998-0x0000000071C10000-0x00000000723C0000-memory.dmp
memory/2312-1008-0x00000000058A0000-0x00000000058AA000-memory.dmp
memory/2780-1007-0x00007FF633EC0000-0x00007FF634904000-memory.dmp
memory/5384-1017-0x0000000004FC0000-0x0000000005026000-memory.dmp
C:\Users\Admin\Documents\GuardFox\bd8oqd2X_KNvUIchBGw_sNLU.exe
| MD5 | b392ea4d10fcd77886c779352a1f851f |
| SHA1 | 37f9e6368f3434ff4c390c2c58008601ef624c7e |
| SHA256 | 0dbc6f1f90320e508ae26d02375f206f4c322228f2dd45878a75cbd144e47e58 |
| SHA512 | 64eba332d6ef3e21a9f4e3a8548df3245635850e79250fba20a26aab15e0b85fb7540f63cfb14810deae28aea61bb071114d3c95adf866f6dddcd3a4f6e1d99b |
memory/2780-1015-0x00007FFDAF4D0000-0x00007FFDAF6C5000-memory.dmp
memory/2780-1012-0x00007FFDAD1F0000-0x00007FFDAD4B9000-memory.dmp
memory/2312-1014-0x0000000076F40000-0x0000000077030000-memory.dmp
memory/2312-1011-0x0000000076F40000-0x0000000077030000-memory.dmp
memory/2780-1020-0x00007FFDAD5E0000-0x00007FFDAD69E000-memory.dmp
memory/5752-1023-0x0000000071C10000-0x00000000723C0000-memory.dmp
memory/5720-1031-0x0000000000400000-0x000000000062E000-memory.dmp
memory/756-1024-0x0000000000C40000-0x000000000193F000-memory.dmp
memory/5564-1025-0x0000000000820000-0x0000000000D03000-memory.dmp
memory/2312-1022-0x00000000771C4000-0x00000000771C6000-memory.dmp
memory/756-1018-0x0000000076F40000-0x0000000077030000-memory.dmp
memory/756-1036-0x0000000076F40000-0x0000000077030000-memory.dmp
memory/2552-1040-0x0000000140000000-0x0000000140876000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7eDl.cpl
| MD5 | 9a3cb14f023a8a7547e2e2084edcbce2 |
| SHA1 | f7f7078801197583448d4dacb25dc4b1cd5b5344 |
| SHA256 | a03166b7a115e7f3bcb93a4c58c1da9734f72a0f501c770a09a240cf7756487c |
| SHA512 | cde2d211982033eaab647d3596f05b8e0c0c3a1d145733b2886dd5d614dadd71e1b3f467f00729a61a0ca603977e1d7d554881833089ef04db5195bc488494f5 |
memory/5956-1056-0x0000000002950000-0x0000000002951000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7eDL.CPL
| MD5 | 19afd54c3121aa3e9a22c63d7c667ddb |
| SHA1 | e1978af1acb0efe334a30c19594cf7faaa971c07 |
| SHA256 | 1f81d15b2afda7db3b384eb26c2b57b1b5801fff7e54aba4190c8d2c153c5d29 |
| SHA512 | a91d8230499c2030767a1a60d582b604b3e3710e5c700ec440a5eb8c6f16b05049c44d7881483a6834d3070f79689156fca5fe8efb7129f38a9c73123a0bbb83 |
memory/5884-1075-0x0000000076F40000-0x0000000077030000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C
| MD5 | 01a26d70a8375fa48741354f52933b72 |
| SHA1 | 323c28ce5befe42454e32edb11721f9aea0bb83e |
| SHA256 | 016755c96d70ea69f68572a7d35a96dfee144adfcf8ad77eed046ff2a997f0c7 |
| SHA512 | 034e27ede1ee995adca9e9d83e4d01420222676ca6ef3870826b57a6f2b97daf0d23cd5200e83856f3264791a369ba06349d68e24ff84956ccca9671ed8346fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C
| MD5 | def82cd58d89e1d081e077913b61e7ef |
| SHA1 | 150f7cb3192c953a7f45f2348ce18a13ce78fa8f |
| SHA256 | e2c63cb615d98419ce6d49d7a9aa8de8c4912503c8794fd4d34a9708e09fa2aa |
| SHA512 | ccbce358f6f1bd5b9ceb5e44704c2744d6b870dfe27267d6169410e6e5aaf960dbd0eb2b556f560fa8f15a4d7057f6067eaf7762238803cf04504a73468c4fde |
memory/5884-1084-0x0000000076F40000-0x0000000077030000-memory.dmp
memory/5884-1077-0x0000000076F40000-0x0000000077030000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A65DBECD82A40019E873CE4ED0A79570
| MD5 | c754d28984555c8d5a27818fdb99ba99 |
| SHA1 | f746b66b7e2f86c09b001efb2dcfa8e8cdfee281 |
| SHA256 | 1f0b58cd2d64cb28b553834b73b15d4664025a9a0bb88f6e17bbe9e6cff46d98 |
| SHA512 | f9c643dd1239e4f0e5c4edcb735d7e4ff19322621b5fe0d704e9e7073738aa0b87ff330fe97ad26d513731b72825ec6904338082d30210cbf44c4638ecdc607d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A65DBECD82A40019E873CE4ED0A79570
| MD5 | 99f25cb837f8445649fafe4f50116edb |
| SHA1 | 7cd37819950b95758a84a68949e28e07fe0daccc |
| SHA256 | 6adb0f49740bf40758019147f0f951ede4db34834f45ff8be143616e8f4394fe |
| SHA512 | a35862543ef682f3b251d557f208f52a6664f642881f6749b99670cf904dabc1a1682051ce12c97b822aacb82b57a3970d236b6a6afe5af08e93668a87711bf1 |
C:\Users\Admin\Documents\GuardFox\kilIGnE7Ee7xlISTtwnuNAyU.exe
| MD5 | 23f06600a549ac1131597b849021e8ce |
| SHA1 | 7ad52e00c0218a1f6efcd11e99b99641b1e776f0 |
| SHA256 | ea0d0aee76356fb52168ed7f00ec164b43112c6391d21fd5c32f88a6d11c6c7a |
| SHA512 | 163613f6c5afa2c87a825545231f1e3c24944b416694d4dd248a3362ce015ca5c069d2d16b61aa4b1c03792ee2ba7bd1184dc12a248b10b5c4eeb0c6443623fa |
memory/5720-1067-0x0000000000400000-0x000000000062E000-memory.dmp
memory/756-1065-0x0000000076F40000-0x0000000077030000-memory.dmp
memory/6096-1062-0x00007FF776570000-0x00007FF7765C6000-memory.dmp
C:\Users\Admin\Documents\GuardFox\Jg4tvtWsk3avtNIkam4gAPUG.exe
| MD5 | b19bf21759183cc16df70c53e8d257eb |
| SHA1 | e575c5d4d34e4d3a341c1b99bdd6504618064c91 |
| SHA256 | 56b1d42e905b9b77d02e965296384ca8b562aa4ce71e4cfb07c04a1b26de501a |
| SHA512 | 2e3c653c4a4802301d181f6b702cc8718a1e4d84f109e699ca77258060d57c978ace344e3b52b7a83c85a9a3e3fdbbcbac14b052ed31400fdc0dcc96f062343a |
memory/756-1061-0x0000000076F40000-0x0000000077030000-memory.dmp
memory/756-1058-0x0000000076F40000-0x0000000077030000-memory.dmp
C:\Windows\System32\GroupPolicy\GPT.INI
| MD5 | 93b3886bce89b59632cb37c0590af8a6 |
| SHA1 | 04d3201fe6f36dc29947c0ca13cd3d8d2d6f5137 |
| SHA256 | 851dd2bb0f555afaef368f1f761154da17360aeea4c01b72e43bf83264762c9f |
| SHA512 | fc7baef346b827c3a1338819baa01af63d2d4c31f3f7e17b6f6b72adab70de81872a67e8f3c1a28453abb595dbac01819a9bcff0710e9651a45deaf2f89e65fb |
C:\Windows\System32\GroupPolicy\Machine\Registry.pol
| MD5 | a9a57ff96c0a4540dc89382a4f5a0a35 |
| SHA1 | 69bec1d35708491a5d165f500b35f1ff1334dabb |
| SHA256 | 72da779541479bec888f402ca03c87f4ea3df96f380665b04c01f7bb08bdf32d |
| SHA512 | 5cd6c25e665f988ed9ae6a9a3da3a31f8b8549a0aa52a733568514c04dffb37fd55f70641278df3b6fc792606bded68e0c7c176558768c36f40e8defa75b3d0f |
C:\Users\Admin\Documents\GuardFox\kilIGnE7Ee7xlISTtwnuNAyU.exe
| MD5 | 773f0fe5c9f89d9914c61721885cc9b3 |
| SHA1 | 2bfc6a9e8995c99da68a98718b2ddde9aa262048 |
| SHA256 | 460f361e5c82bf12d1042ac08cc941d4e24967df53fef2d43980abf3e00823dc |
| SHA512 | 2046f77438c05c39edc1e7634bac3f1842b62a3291043b182979aba0244dad6df9695da1ea6d6d6bb3760e37c04b00da0a79ebc898f7b8446ba4698e208ca517 |
C:\Users\Admin\Documents\GuardFox\kilIGnE7Ee7xlISTtwnuNAyU.exe
| MD5 | ee91a677bce1906e77f3d3b09c3d89a4 |
| SHA1 | f2a9b02d328bcccaf03f94e4e8c2af706bb3e2d9 |
| SHA256 | baafe12d9d5efb3ef2cc4256a7f74530cd7e34563d9a72deae19a9efb9568b0e |
| SHA512 | 5e7e6495167b802da4d0dabe3e0a329448d10ce57ebc9e25b407d743ddb98b8c17456473051b2ae165d00a805657bed8ac0157bc5d0df2ca43ef91158d57becc |
memory/5956-1043-0x0000000000400000-0x0000000000D40000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | 8202a1cd02e7d69597995cabbe881a12 |
| SHA1 | 8858d9d934b7aa9330ee73de6c476acf19929ff6 |
| SHA256 | 58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5 |
| SHA512 | 97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | dc6a437a305af2e1184e105f557768ff |
| SHA1 | 2183a0e126eb949103d188b24462da41ab649e0c |
| SHA256 | 588b3b802f29cebc9131d0ad232eb21d455d977ebd4fb6765601c9a179097dee |
| SHA512 | 2da6f5a15418991e05fa1da4e745298252f4268ae408a186bdbf819b8b822714c9ac04b7d61e8698a5c9035a881a8100008256f22c4541ea0f2e16399d615ea0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | b0e04da50e22c31e5a1bcd823b31bc0a |
| SHA1 | 834ed42ea8cc071f41030231dfd38dbdd3a92c33 |
| SHA256 | b97307b15450163273d276f2918012e7afbcb2dfe9359886402fc7acbc198031 |
| SHA512 | 37f70063bf02ed58b18dba6b1986fae9d57a6b54cded5d929098dab98fe450e81a8461c59e3f19a7e45c2b59295494264322747427cd1a30cdb3cbdd12238df5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 42adab366981eab55ca177e6ed21f07d |
| SHA1 | 38ce535c4da07c662421b11a77e5ad19d4b4afbd |
| SHA256 | 164b369e79315a67f27d120eacd616b4bda85b8cda1b19490803efadbcc0878b |
| SHA512 | 803769a28118283b397fdab6e355a626b0f9234dcaf1067b4db1a0a322474e2dff801667d505f7007d67be15e82a8b5fee5295364abc987634b6d2babf16345a |
C:\Users\Admin\AppData\Local\Temp\Protect544cd51a.dll
| MD5 | c023f94afff0b31b7619120d70f0ce62 |
| SHA1 | 7dd6e4246854dd14f5fb379fc95ba3bd4af11930 |
| SHA256 | f85606b7397430677a13fa2664032ddb1c72b81658e7db2c731a34bc892b3c18 |
| SHA512 | 856c3105a857520058936333c6a038d5e7ab84ca33a6b86e617996b964532204bbfabf03f558cc30b86efa69aefc0520a50b932b9eece8f54e9bf5bbd2242483 |
C:\Users\Admin\Documents\GuardFox\qemu-ga.exe
| MD5 | a5ce3aba68bdb438e98b1d0c70a3d95c |
| SHA1 | 013f5aa9057bf0b3c0c24824de9d075434501354 |
| SHA256 | 9b860be98a046ea97a7f67b006e0b1bc9ab7731dd2a0f3a9fd3d710f6c43278a |
| SHA512 | 7446f1256873b51a59b9d2d3498cef5a41dbce55864c2a5fb8cb7d25f7d6e6d8ea249d551a45b75d99b1ad0d6fb4b5e4544e5ca77bcd627717d6598b5f566a79 |
C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe
| MD5 | 664fe7a5e29a751577c1acd73e141159 |
| SHA1 | f43f1bf32742874e83994c0a4560d9110e314816 |
| SHA256 | 3971160c4a58e8d8d5c8e2588d6c99a809470846a88ea7078a836cdd0ccaf38b |
| SHA512 | 28cb4fbce0e884838e4c2d18f5f49f582626ac41ae99b18b269d3e5761c6928e52cf4034000654109f4bcb4b5bdb33221bf3a4e2e7af7e5de83066a9898e2a8f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 9685a2ff5479b0dc1cc4da404fcb3a76 |
| SHA1 | 370849bfdb3b928ece2a0d1423f9b43cf411c3f7 |
| SHA256 | c76b3afcaf3fdb6bb8e7e0647a6e179820c7ad0f9353e8750f213454ebfd4fe2 |
| SHA512 | 85942c292a94628800d6ed70a6707f6dc326d07d1792d3b9cd8ed29b622fab3bfc9417f91475515075591d423fa6069e4d20fd0bb2103d6556f6c168c522de70 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ceoajhiemdnnjfbilpkblfjghmmbhbda\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Temp\1000114001\InstallSetup8.exe
| MD5 | 5d92497f882dee9307c5600303aa3aba |
| SHA1 | 6c1324ecbc8418cf00e558a685249459690c5295 |
| SHA256 | 5cb256e6f43761c8e49ddc2f3a52962ee18cf80367d2a1314e54e679bb0dd531 |
| SHA512 | 6a31d65060e8c4ff51f2f1b712d722b66c2b944d5a8e9cae754ec4e7a6eb8c72f36bc6c5aec3754d643f1f2029e65e84858a86f0ffb2b6733e9824c937ed0442 |
C:\Users\Admin\AppData\Local\Temp\1000115001\toolspub1.exe
| MD5 | 07115ec04357e7144798a4b67cc98614 |
| SHA1 | b31172f3180dc608fbc916acff2d536bf15a1a0d |
| SHA256 | 3908c781ea862125800cddaa48192036008dcaab24a20ebed9af29ba167c63ec |
| SHA512 | 50a92726469941c96349b22af215d7d80bb552feb09fae891903fb590bb8feec8f8f005a789a322363c77aef3f12c3f9c9470d4aefa389e7c294a948e28846da |
C:\Users\Admin\AppData\Local\Temp\nsc179B.tmp\INetC.dll
| MD5 | 40d7eca32b2f4d29db98715dd45bfac5 |
| SHA1 | 124df3f617f562e46095776454e1c0c7bb791cc7 |
| SHA256 | 85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9 |
| SHA512 | 5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d |
C:\ProgramData\mozglue.dll
| MD5 | 821ea2f9a59e591fefc9afc0c9438002 |
| SHA1 | 35de88ad95afb11443b260374ada983a78242fce |
| SHA256 | 48a27d09f083c45b124861cf72b294b32681df12cd79a0bab05991792af838a2 |
| SHA512 | 04042986db210006b8c836b7b7a191c4a52a1d8efa0edc5865ad25561b09495ec31c1bfeb88d95f33e387eb4726e21f775c14855c88d9583107b1edb8b4dc9fa |
C:\Users\Admin\AppData\Local\Temp\1000119001\FirstZ.exe
| MD5 | 4a334b4f4216e5a370ed4e214e64ce21 |
| SHA1 | 19e2327701cad6daba5da73422fc53c620c47d66 |
| SHA256 | 083ad5013523b62eaa8217d3f8570d0d6ea1c087409d3e17739b0687ad892599 |
| SHA512 | fc6fe74115c38ec0c5a27aa84d45b74359012ece39ccb59ad6c44f0a9eae44b4605e0ced8e19aeca5585824ac0a1d7577e9e9ddc95cb05cf8fd453e58eaddff1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b7a94b3de2bb727fa32cf0cd29d2092c |
| SHA1 | ebf5f304646c6af7e9a369100c151d91d71f2184 |
| SHA256 | 49bc04f5dc00bfe748a268485560e46ea917a5cbc8d12f3325184455af8379fc |
| SHA512 | 1bc6c58af1dc241ab62d9421d44dbe2bfcb8575717524296d2a7c9ce61046df779f229827e06061dda3d237ea534de9b246f0011188e0aae166cd85787d8833a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 79dc9cbfafe952f1b3c31017876a7955 |
| SHA1 | 889358200ce4075e76c3e469b6db63a8b4b50a4a |
| SHA256 | 6325d207bcbbdeaec6b3b73153a59549e3f6a0fcc478af2c22fac057d460a24c |
| SHA512 | 51b178ec14d663172602c4ca6c5e27547a0234f76133560713c65262341ee01adf2edaefe592f94579e078075f81dd3ae473d4e6ce1deb4b5ea022f30b59d016 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7d174d09a29f1bf6f7a2c7e3e5b549bc |
| SHA1 | a2e7b9f5a9c6e28cd5d45867918c75ed89157ab7 |
| SHA256 | a46c9dd7ece8aecff62cf2d75fb4734f20c556e890979cffba75ab9e0318f324 |
| SHA512 | 2c4001a55de3cacdcf0236d27deaa9f7aa549ae974855870faea4af9e07c5e86c65729184849d8f5eb943d998db173998d8b03ede559e78686ecfc6fcdce0a7d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\a689780c793a34ad21406f00ea026895
| MD5 | c9ff7748d8fcef4cf84a5501e996a641 |
| SHA1 | 02867e5010f62f97ebb0cfb32cb3ede9449fe0c9 |
| SHA256 | 4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988 |
| SHA512 | d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73 |
C:\ProgramData\Are.docx
| MD5 | a33e5b189842c5867f46566bdbf7a095 |
| SHA1 | e1c06359f6a76da90d19e8fd95e79c832edb3196 |
| SHA256 | 5abf8e3d1f78de7b09d7f6fb87f9e80e60caacf13ef3c1289665653dacd7c454 |
| SHA512 | f2ad3812ec9b915e9618539b0f103f2e9acaad25fbbacd84941c954ce070af231324e83a4621e951c1dbae8d40d50410954e40dd52bbd46e34c54b0d1957407b |
C:\ProgramData\KJEHDHIE
| MD5 | 26767c12271852a16a294f25c961fe85 |
| SHA1 | b384a61493e4945c3657770796fd4da0b9daa31b |
| SHA256 | 4d98bc1361aa2d7897eba94f90637d9504f3a1ee27b2245f51d838af42a2d9b1 |
| SHA512 | 3f7c7b2d9a1c9056b961a90e47fd0aded1f0a5cd3018b465ec00e5f53cb63d202678e85cc0a6b2c6b5fc4c204bbb4abb9d07535274f7670d9978e89471809903 |
C:\ProgramData\HIIIEGDB
| MD5 | 78f7973c570de55b3c9eb47af004999c |
| SHA1 | bf05dba68bedd2b19eee7784aa5d70f8167936b9 |
| SHA256 | e911b3b7a3061f5239da2dfe1385f46b922aabc8bc42fa23418afc6a9ee4e34a |
| SHA512 | 7e40929fb85f2f6896a0877846551cdfa73a8693e032da140b2ee2b89e26855508b9a0784e3254b20354531bda0f3b7d910bb43a61db9e609dc965f5062e1a6d |
C:\ProgramData\nss3.dll
| MD5 | 534a57629b543cc4c630e8855baf173f |
| SHA1 | 8490fc2c32ffe18eb1a9baa0a16a43bfc51d1d74 |
| SHA256 | 7a7c6de88f8322ffd05a66aa7a928447a6c798f81681b9609306ebbb2d7b292d |
| SHA512 | c4fd088ad624c694f0e55a9ac89f1ca77a30abd0456b548284deacbb4c7dc577efeac49d282d633afa8c1129bb17de90cb9ba3fb6ec4ee4b98eb2270cafde72e |
C:\ProgramData\CopySearch.txt
| MD5 | e293805ade5021089e9902d7e90566f1 |
| SHA1 | 058fccbae4a68bac8e06a265b1b0ffa2c21989e2 |
| SHA256 | e8829c989bd67cc4a9a9b62cee217bb50eeebe1bf759c8b3069527bbca704bcb |
| SHA512 | 9b8114281fce9ad5406c179a2d36d48b3efae0812ec478fde4432edac32ae608b54b96a3f00d099a7ecc52e3e511b1fef57d634a776335a2907ca8aa4951e63a |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_s2oehbs3.3a4.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
C:\ProgramData\ConvertFromPing.xlsx
| MD5 | ec30c5386e026ce1f0b564accb8fcde4 |
| SHA1 | b506e736a1a15eee7838eb5ed62f2f2505c98577 |
| SHA256 | 7b44893fec3d788a940bebccbbc71cf03ae3c37826b22dc798bd9184835eb181 |
| SHA512 | 3a87e9e5b8896acb475482a40f72990dc175b06eb0308cfb7df4a0c4c489a4564558cd55bf0515cf5f19c2e8f313f8f00d660461deb5d2bd80033f4c7182d805 |