Analysis Overview
SHA256
07fc70e17fc81a62cce3afd89755eb174e090bb3c0f170ea23a55ac7cdda1820
Threat Level: Known bad
The file SecuriteInfo.com.Win64.Evo-gen.16085.20859 was found to be: Known bad.
Malicious Activity Summary
Stealc
Detect ZGRat V1
SmokeLoader
Djvu Ransomware
ZGRat
Detected Djvu ransomware
RedLine
Amadey
RedLine payload
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Creates new service(s)
Stops running service(s)
Downloads MZ/PE file
Modifies Windows Firewall
.NET Reactor proctector
Checks BIOS information in registry
Modifies file permissions
Checks computer location settings
Themida packer
Reads user/profile data of web browsers
UPX packed file
Looks up external IP address via web service
Legitimate hosting services abused for malware hosting/C2
Checks whether UAC is enabled
Drops file in System32 directory
Suspicious use of NtSetInformationThreadHideFromDebugger
Launches sc.exe
Enumerates physical storage devices
Unsigned PE
Program crash
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Enumerates processes with tasklist
Creates scheduled task(s)
Delays execution with timeout.exe
Runs ping.exe
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-01-23 16:27
Signatures
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-01-23 16:27
Reported
2024-01-23 16:29
Platform
win7-20231215-en
Max time kernel
4s
Max time network
154s
Command Line
Signatures
Detect ZGRat V1
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detected Djvu ransomware
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Djvu Ransomware
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
SmokeLoader
Stealc
ZGRat
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Evo-gen.16085.exe | N/A |
Downloads MZ/PE file
.NET Reactor proctector
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Evo-gen.16085.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Evo-gen.16085.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Evo-gen.16085.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | api.2ip.ua | N/A | N/A |
| N/A | api.myip.com | N/A | N/A |
| N/A | api.myip.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\GroupPolicy\gpt.ini | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Evo-gen.16085.exe | N/A |
| File created | C:\Windows\System32\GroupPolicy\Machine\Registry.pol | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Evo-gen.16085.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy\GPT.INI | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Evo-gen.16085.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Evo-gen.16085.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Evo-gen.16085.exe | N/A |
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Documents\GuardFox\hQgtvqK8VmQ1LY7m1AXNSeZx.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Documents\GuardFox\ilGyp4NneBqw4pbxzA7S7WGw.exe |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Evo-gen.16085.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Evo-gen.16085.exe"
C:\Users\Admin\Documents\GuardFox\zJ3jMj0GzYgdwDzzw9qRdQOd.exe
"C:\Users\Admin\Documents\GuardFox\zJ3jMj0GzYgdwDzzw9qRdQOd.exe"
C:\Users\Admin\Documents\GuardFox\KZH0_ViJLjDh1uYJKXnz_kpG.exe
"C:\Users\Admin\Documents\GuardFox\KZH0_ViJLjDh1uYJKXnz_kpG.exe"
C:\Users\Admin\Documents\GuardFox\0X5ArJglY2ONQo5sIbFdVoVP.exe
"C:\Users\Admin\Documents\GuardFox\0X5ArJglY2ONQo5sIbFdVoVP.exe"
C:\Users\Admin\Documents\GuardFox\cOJ7wsghBeakoo5SG56pGvIV.exe
"C:\Users\Admin\Documents\GuardFox\cOJ7wsghBeakoo5SG56pGvIV.exe"
C:\Users\Admin\Documents\GuardFox\YKK0vMV080jyVNM0bgr2l5L5.exe
"C:\Users\Admin\Documents\GuardFox\YKK0vMV080jyVNM0bgr2l5L5.exe"
C:\Users\Admin\Documents\GuardFox\DoewBw18fNbRUt9tzl2z14d9.exe
"C:\Users\Admin\Documents\GuardFox\DoewBw18fNbRUt9tzl2z14d9.exe"
C:\Users\Admin\Documents\GuardFox\qizZt7Bur6z1txTH4YXbihzk.exe
"C:\Users\Admin\Documents\GuardFox\qizZt7Bur6z1txTH4YXbihzk.exe"
C:\Users\Admin\Documents\GuardFox\2vg8st5gxt7xVyaMTMyPHcEB.exe
"C:\Users\Admin\Documents\GuardFox\2vg8st5gxt7xVyaMTMyPHcEB.exe"
C:\Users\Admin\AppData\Local\Temp\is-M0B92.tmp\0X5ArJglY2ONQo5sIbFdVoVP.tmp
"C:\Users\Admin\AppData\Local\Temp\is-M0B92.tmp\0X5ArJglY2ONQo5sIbFdVoVP.tmp" /SL5="$2019C,3515248,54272,C:\Users\Admin\Documents\GuardFox\0X5ArJglY2ONQo5sIbFdVoVP.exe"
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7eDL.CPL",
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\WinTrackerSP\WinTrackerSP.exe" /tn "WinTrackerSP HR" /sc HOURLY /rl HIGHEST
C:\Windows\SysWOW64\control.exe
"C:\Windows\System32\control.exe" "C:\Users\Admin\AppData\Local\Temp\7eDL.CPL",
C:\Users\Admin\Documents\GuardFox\1h5oX6AfKdjA7QKitchLMY7C.exe
"C:\Users\Admin\Documents\GuardFox\1h5oX6AfKdjA7QKitchLMY7C.exe"
C:\Users\Admin\Documents\GuardFox\xMUVVLpKRVMcQQBdGWoU2g9b.exe
"C:\Users\Admin\Documents\GuardFox\xMUVVLpKRVMcQQBdGWoU2g9b.exe"
C:\Users\Admin\Documents\GuardFox\3WEhPygXtgmAE0ixSLD2QBPg.exe
"C:\Users\Admin\Documents\GuardFox\3WEhPygXtgmAE0ixSLD2QBPg.exe"
C:\Users\Admin\Documents\GuardFox\p2ALwcMAIBBRoJauOyM6tY_I.exe
"C:\Users\Admin\Documents\GuardFox\p2ALwcMAIBBRoJauOyM6tY_I.exe"
C:\Users\Admin\Documents\GuardFox\K9064dCxqH0SR5hUFk6wIdGs.exe
"C:\Users\Admin\Documents\GuardFox\K9064dCxqH0SR5hUFk6wIdGs.exe"
C:\Users\Admin\Documents\GuardFox\u1nAJohI9NiVQVIhO_u_9qRV.exe
"C:\Users\Admin\Documents\GuardFox\u1nAJohI9NiVQVIhO_u_9qRV.exe"
C:\Users\Admin\Documents\GuardFox\p2ALwcMAIBBRoJauOyM6tY_I.exe
"C:\Users\Admin\Documents\GuardFox\p2ALwcMAIBBRoJauOyM6tY_I.exe"
C:\Users\Admin\Documents\GuardFox\S4yNXJTJDxFHKlOXMvXdgu88.exe
"C:\Users\Admin\Documents\GuardFox\S4yNXJTJDxFHKlOXMvXdgu88.exe"
C:\Users\Admin\Documents\GuardFox\ilGyp4NneBqw4pbxzA7S7WGw.exe
"C:\Users\Admin\Documents\GuardFox\ilGyp4NneBqw4pbxzA7S7WGw.exe"
C:\Users\Admin\Documents\GuardFox\hQgtvqK8VmQ1LY7m1AXNSeZx.exe
"C:\Users\Admin\Documents\GuardFox\hQgtvqK8VmQ1LY7m1AXNSeZx.exe"
C:\Users\Admin\Documents\GuardFox\_d_6oqBrYO9oDROynM5zoWeZ.exe
"C:\Users\Admin\Documents\GuardFox\_d_6oqBrYO9oDROynM5zoWeZ.exe"
C:\Users\Admin\AppData\Local\Web Resource Viewer\webresourceviewer.exe
"C:\Users\Admin\AppData\Local\Web Resource Viewer\webresourceviewer.exe" -i
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\WinTrackerSP\WinTrackerSP.exe" /tn "WinTrackerSP LG" /sc ONLOGON /rl HIGHEST
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 592
C:\Users\Admin\AppData\Local\Web Resource Viewer\webresourceviewer.exe
"C:\Users\Admin\AppData\Local\Web Resource Viewer\webresourceviewer.exe" -s
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Users\Admin\AppData\Local\54f46832-0836-4997-843f-8dc0861ac106" /deny *S-1-1-0:(OI)(CI)(DE,DC)
C:\Users\Admin\AppData\Local\Temp\4BDF.exe
C:\Users\Admin\AppData\Local\Temp\4BDF.exe
C:\Users\Admin\AppData\Local\Temp\4BDF.exe
C:\Users\Admin\AppData\Local\Temp\4BDF.exe
C:\Users\Admin\AppData\Local\Temp\5DDA.exe
C:\Users\Admin\AppData\Local\Temp\5DDA.exe
C:\Windows\SysWOW64\cmd.exe
cmd /k cmd < Dot & exit
C:\Users\Admin\AppData\Local\Temp\is-IAPO0.tmp\731F.tmp
"C:\Users\Admin\AppData\Local\Temp\is-IAPO0.tmp\731F.tmp" /SL5="$1020E,3501695,54272,C:\Users\Admin\AppData\Local\Temp\731F.exe"
C:\Users\Admin\Documents\GuardFox\p2ALwcMAIBBRoJauOyM6tY_I.exe
"C:\Users\Admin\Documents\GuardFox\p2ALwcMAIBBRoJauOyM6tY_I.exe" --Admin IsNotAutoStart IsNotTask
C:\Users\Admin\AppData\Local\Temp\731F.exe
C:\Users\Admin\AppData\Local\Temp\731F.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\Admin\Documents\GuardFox\2vg8st5gxt7xVyaMTMyPHcEB.exe" & del "C:\ProgramData\*.dll"" & exit
C:\Windows\SysWOW64\cmd.exe
cmd
C:\Users\Admin\AppData\Local\Temp\9032.exe
C:\Users\Admin\AppData\Local\Temp\9032.exe
C:\Windows\SysWOW64\findstr.exe
findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\timeout.exe
timeout /t 5
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
C:\Users\Admin\AppData\Local\Temp\AC3B.exe
C:\Users\Admin\AppData\Local\Temp\AC3B.exe
C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe
"C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe"
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 692
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "
C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\CB21.dll
C:\Windows\SysWOW64\findstr.exe
findstr /I "wrsa.exe"
C:\Windows\SysWOW64\chcp.com
chcp 1251
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\Admin\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F
C:\Users\Admin\AppData\Local\Temp\D1F5.exe
C:\Users\Admin\AppData\Local\Temp\D1F5.exe
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\CB21.dll
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7eDL.CPL",
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\7eDL.CPL",
C:\Users\Admin\AppData\Local\Temp\2563.exe
C:\Users\Admin\AppData\Local\Temp\2563.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c mkdir 17595
C:\Windows\SysWOW64\cmd.exe
cmd /c copy /b Produce + Vegetation + Workshops 17595\d
C:\Windows\SysWOW64\PING.EXE
ping -n 5 localhost
C:\Users\Admin\AppData\Local\Temp\30998\17595\Protest.pif
17595\Protest.pif 17595\d
C:\Windows\SysWOW64\cmd.exe
cmd /c copy /b Thumbnail + Hugh + Generic + Obj + Ve 17595\Protest.pif
C:\Users\Admin\AppData\Local\Temp\55E5.exe
C:\Users\Admin\AppData\Local\Temp\55E5.exe
C:\Users\Admin\AppData\Local\Temp\nstD00E.tmp
C:\Users\Admin\AppData\Local\Temp\nstD00E.tmp
Network
| Country | Destination | Domain | Proto |
| NL | 195.20.16.45:80 | 195.20.16.45 | tcp |
| US | 8.8.8.8:53 | api.myip.com | udp |
| US | 104.26.8.59:443 | api.myip.com | tcp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | vk.com | udp |
| US | 8.8.8.8:53 | joxy.ayazprak.com | udp |
| US | 8.8.8.8:53 | ji.alie3ksggg.com | udp |
| US | 8.8.8.8:53 | medfioytrkdkcodlskeej.net | udp |
| US | 8.8.8.8:53 | cczhk.com | udp |
| US | 8.8.8.8:53 | 294self-limited.sbs | udp |
| NL | 77.246.104.70:80 | 77.246.104.70 | tcp |
| FI | 109.107.182.40:80 | 109.107.182.40 | tcp |
| AT | 5.42.64.33:80 | 5.42.64.33 | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 91.215.85.209:80 | medfioytrkdkcodlskeej.net | tcp |
| US | 188.114.96.2:80 | 294self-limited.sbs | tcp |
| US | 104.21.80.24:80 | joxy.ayazprak.com | tcp |
| HK | 154.92.15.189:80 | ji.alie3ksggg.com | tcp |
| MX | 187.204.28.170:80 | cczhk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 91.215.85.209:80 | medfioytrkdkcodlskeej.net | tcp |
| US | 188.114.96.2:80 | 294self-limited.sbs | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| US | 188.114.96.2:80 | 294self-limited.sbs | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| MX | 187.204.28.170:80 | cczhk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 91.215.85.209:80 | medfioytrkdkcodlskeej.net | tcp |
| US | 188.114.96.2:80 | 294self-limited.sbs | tcp |
| US | 188.114.96.2:443 | 294self-limited.sbs | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 91.215.85.209:80 | medfioytrkdkcodlskeej.net | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 91.215.85.209:443 | medfioytrkdkcodlskeej.net | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| US | 8.8.8.8:53 | sun6-21.userapi.com | udp |
| NL | 95.142.206.1:443 | sun6-21.userapi.com | tcp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| US | 8.8.8.8:53 | sun6-23.userapi.com | udp |
| NL | 95.142.206.3:443 | sun6-23.userapi.com | tcp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| NL | 95.142.206.3:443 | sun6-23.userapi.com | tcp |
| NL | 95.142.206.2:443 | tcp | |
| NL | 95.142.206.1:443 | sun6-21.userapi.com | tcp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| NL | 195.20.16.45:80 | 195.20.16.45 | tcp |
| US | 8.8.8.8:53 | iplis.ru | udp |
| US | 104.21.63.150:443 | iplis.ru | tcp |
| DE | 185.172.128.24:80 | 185.172.128.24 | tcp |
| HK | 154.92.15.189:443 | ji.alie3ksggg.com | tcp |
| US | 104.21.65.24:443 | tcp | |
| US | 104.21.4.208:443 | tcp | |
| NL | 95.142.206.0:443 | tcp | |
| RU | 87.240.132.67:443 | vk.com | tcp |
| GB | 96.17.179.205:80 | tcp | |
| RU | 193.233.132.67:50505 | tcp | |
| NL | 91.92.245.15:80 | tcp | |
| RU | 91.215.85.120:80 | selebration17io.io | tcp |
| US | 8.8.8.8:53 | app.alie3ksgaa.com | udp |
| HK | 154.92.15.189:80 | app.alie3ksgaa.com | tcp |
| US | 104.26.12.31:443 | tcp | |
| DE | 185.172.128.19:80 | 185.172.128.19 | tcp |
| US | 8.8.8.8:53 | trmpc.com | udp |
| PA | 190.218.35.224:80 | trmpc.com | tcp |
| DE | 185.172.128.90:80 | tcp | |
| DE | 185.172.128.53:80 | tcp | |
| US | 8.8.8.8:53 | gxutc2c.com | udp |
| KR | 211.119.84.112:80 | gxutc2c.com | tcp |
| KR | 211.119.84.112:80 | gxutc2c.com | tcp |
| KR | 211.119.84.112:80 | gxutc2c.com | tcp |
| DE | 185.172.128.53:80 | tcp | |
| KR | 211.119.84.112:80 | gxutc2c.com | tcp |
| US | 8.8.8.8:53 | EvaxeIyBnCRISyqZrpFErpEgmoP.EvaxeIyBnCRISyqZrpFErpEgmoP | udp |
| KR | 211.119.84.112:80 | gxutc2c.com | tcp |
| GB | 96.17.179.201:80 | tcp | |
| KR | 211.119.84.112:80 | gxutc2c.com | tcp |
| KR | 211.119.84.112:80 | gxutc2c.com | tcp |
| DE | 185.172.128.109:80 | 185.172.128.109 | tcp |
| KR | 211.119.84.112:80 | gxutc2c.com | tcp |
Files
memory/1944-0-0x000000013FAE0000-0x0000000140524000-memory.dmp
memory/1944-1-0x000000013FAE0000-0x0000000140524000-memory.dmp
memory/1944-6-0x000007FEFDA20000-0x000007FEFDA8C000-memory.dmp
memory/1944-7-0x000007FEFDA20000-0x000007FEFDA8C000-memory.dmp
memory/1944-8-0x000007FEFDA20000-0x000007FEFDA8C000-memory.dmp
memory/1944-10-0x000007FE80010000-0x000007FE80011000-memory.dmp
memory/1944-9-0x0000000000170000-0x0000000000171000-memory.dmp
memory/1944-13-0x0000000077970000-0x0000000077B19000-memory.dmp
memory/1944-12-0x000000013FAE0000-0x0000000140524000-memory.dmp
memory/1944-11-0x000007FEFDA20000-0x000007FEFDA8C000-memory.dmp
memory/1944-14-0x000000013FAE0000-0x0000000140524000-memory.dmp
memory/1944-15-0x000000013FAE0000-0x0000000140524000-memory.dmp
memory/1944-16-0x000000013FAE0000-0x0000000140524000-memory.dmp
memory/1944-17-0x000000013FAE0000-0x0000000140524000-memory.dmp
memory/1944-18-0x000000013FAE0000-0x0000000140524000-memory.dmp
memory/1944-19-0x000000013FAE0000-0x0000000140524000-memory.dmp
memory/1944-20-0x000000013FAE0000-0x0000000140524000-memory.dmp
memory/1944-21-0x000000013FAE0000-0x0000000140524000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Tar5D13.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\Cab5CD2.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 42b26397e6a70a04b6a9e329abab5bb7 |
| SHA1 | 3891e4fd608b2a3555abcfe29419d3c3a84b97a5 |
| SHA256 | 823d04d6bb411cdb200d87ebed65b91cb407617e55d19022ca180513213ba8b9 |
| SHA512 | 3da0de130964805e9bf4ac91e5b2165e98b9af9db0afb60bc993619894da0907f822730fd856476e7229fed6e1165c412c2c9b34d807b5810c0c21abf61ba9b7 |
C:\Users\Admin\Documents\GuardFox\2vg8st5gxt7xVyaMTMyPHcEB.exe
| MD5 | 65b7eb148d5827a5f22d4c0b68354ce9 |
| SHA1 | 82731f9f58300b45a26acab23fefcdd2d63017b2 |
| SHA256 | 644ade98f0be05d2e575d727dad84042abc43c52c7bb7f40a97df7df1afb9dea |
| SHA512 | eea0b37f9a362b54dab288b4b3b64dfcccc39c30bcb4f44ee483d0e22ea8d5b298e440c77fc7f810b47d7c4eeb9242133d9d23bf93b22e620ca850c57237f7bb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 34d4d31e279bec61cb3b922cfa1106c6 |
| SHA1 | 9bc4e658006a79e0c3cabe2a6d1cff262ac78fc0 |
| SHA256 | 9334c5191f6e9c4030ddc24f29f26bc046f08d46b1709af2aad06aa25dbd8d47 |
| SHA512 | a11173d2c46ff4ce60b36cd58194a6eab1b437076d10e457dbdccfd312edde2eac05e51ed03fb110db9734b0506740bcd9ef1cf9c8b2a3d9942b5296ea72680f |
memory/1944-134-0x000000013FAE0000-0x0000000140524000-memory.dmp
C:\Users\Admin\Documents\GuardFox\0X5ArJglY2ONQo5sIbFdVoVP.exe
| MD5 | f66d6f5645ea4a5e4286ac266966e37f |
| SHA1 | 5fecf361e6f146355daa02d3678f45162deb8a71 |
| SHA256 | e7fc17e49e7a2025711c5aba292c5ed4d387383ad01017e87c9a1518e58ce2f2 |
| SHA512 | 78578eb1d77b068e2ffecd11866efd558ef8bdf79ede1abf9133556f0191d541100d39a9531b469beaa89703e3f23c6aaafacfded5b2353b5216dd22cc00eadc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7393d266688e9ecc002165f34b231a45 |
| SHA1 | 6bf8fd2ba7dcaa21d504c216965d81250bf8bdc5 |
| SHA256 | e88e2b54a5d750f5e263faa38287fc234620fddbe71dda49b945bbfab3a8d5ed |
| SHA512 | 7ba27739cd035508ea5e9face9a617442fcf77fb309d472c4b97c11f49ebcc44c294aa307b56f4351e87d1f54c8a3c91bed03a63374f566190ec950d2da1cbc7 |
C:\Users\Admin\Documents\GuardFox\qizZt7Bur6z1txTH4YXbihzk.exe
| MD5 | f740608b4fc3a10a4526f0c2db5fc67d |
| SHA1 | 91a6a17d5a90be772997021532d6d0615d550fed |
| SHA256 | 35e87fae499edf23f25bfc5be34be901c0dcef34851db88b7d96eeeb6733860d |
| SHA512 | 2d45013aa54d29977eb173ef873ee2464081ee650c3df04fd381f9e8aaaca4bbc58de61228cbf365439ad05a81de4bed8cdafbf4a3762eb489da23d65010fe3c |
C:\Users\Admin\Documents\GuardFox\DoewBw18fNbRUt9tzl2z14d9.exe
| MD5 | ebd6f7a6cb7aa2c1f16389618828dd18 |
| SHA1 | 6f0ab3eae5a5c4ed3383ac48a4ac067294c87728 |
| SHA256 | 80b7f795cac71ff494d915f171bca9feca53cf6d9c6d5b87b2c773ea8266403e |
| SHA512 | b0ab45f303c0c7051da0248713d0b672d262bafde69112e3fe021426bfce869089329b324e3355a94cea76cec4feb6a024ab74499e1f025f82eebc3da11521be |
C:\Users\Admin\Documents\GuardFox\YKK0vMV080jyVNM0bgr2l5L5.exe
| MD5 | 5373721eba16b7c52d1f53b02ca95302 |
| SHA1 | 8b945293d135a1afd888babf4738971dbd607475 |
| SHA256 | 8dcc8b0423941480f2dc4fcaca1811ea61164b8f8f213396b18ad32a20833b88 |
| SHA512 | c5d0c13f0d6036a54de22eb2996333bd7d908664879509699fa03a234b4b4e9fa62c8396b07cda534edf2102f3df5fa633b1e70265d536d9dfcefa28256ea4e4 |
C:\Users\Admin\Documents\GuardFox\cOJ7wsghBeakoo5SG56pGvIV.exe
| MD5 | e2a1976a1de9ce8f22ab1c9e8405cef1 |
| SHA1 | 7a8782a0b383d49b918093a39ea68e11191f039d |
| SHA256 | eac9ff6fb58b8b1f49a61dc3a976fd4c30e4c515bbc100ebde721ca9e4949db9 |
| SHA512 | 2b6f700ec66783548ada441ad2d6cac53900d84c17e386a58f4385f6f826bcfb0529e7773256c5bbc4c5a85ebfb30f1e8dce4267224d29810ef8640f0ded4c99 |
C:\Users\Admin\Documents\GuardFox\KZH0_ViJLjDh1uYJKXnz_kpG.exe
| MD5 | 2c6c31fbb52dcc0675921ee9bc9a18e0 |
| SHA1 | db6d0678f4a895ef817eee0dc15b8f09964d125e |
| SHA256 | fe079ab15f1ec887e1c50987c5a33410b27aa8a5509f2812f404d56dae1ed6a2 |
| SHA512 | 2d0ff27542d9ee58655a8f5eeec3a1ea8ee8bc146c7035ed8b3daf6f4ea79160089f4c296bf76adcb86c9da72ebc58e1f6b355b1ff237d373d2ed97b00e4faaa |
C:\Users\Admin\Documents\GuardFox\zJ3jMj0GzYgdwDzzw9qRdQOd.exe
| MD5 | fa31fbfe7e5d4f1d48d2e36a246cb4d0 |
| SHA1 | d2fd080418c47aa2e662b63943236dffb3e08ce5 |
| SHA256 | 71cabe5d7d93c8cd2e4c0ff042383547181ddf0fc6d346c315e1ac670e3d0869 |
| SHA512 | 8e8f19e920a0c387f6927860cd466657462e1f88783065d8d1354e48120b4b631c46d9fe542d883723abc43c1d83147b9624d4bf3e492bc82a5627b6a6378300 |
memory/1944-229-0x000000013FAE0000-0x0000000140524000-memory.dmp
memory/1944-246-0x000007FEFDA20000-0x000007FEFDA8C000-memory.dmp
C:\Users\Admin\Documents\GuardFox\hQgtvqK8VmQ1LY7m1AXNSeZx.exe
| MD5 | 19a16b92859c68276d2c7a40cd97aa1e |
| SHA1 | e663afffb471ed6c61d2d43fa4476bafe527fb19 |
| SHA256 | ee3d3ba1ed746cdb5d465f1a33e1cab4081d11cffb92a29b7f0ade2abe3565de |
| SHA512 | c0ca6ef5660059b46483d4ac245018fea59eed9ed7426944cac0e04be8695877dbf4613a04a5494211274a393faaf1276a58627d62b525fe14ccb0ded41f1493 |
C:\Users\Admin\Documents\GuardFox\S4yNXJTJDxFHKlOXMvXdgu88.exe
| MD5 | e55c4ff4955b3cb33399030bb0ab4c28 |
| SHA1 | 7ac45a3b0e4b0576f2f4ebe174a2c8bc775e1ea6 |
| SHA256 | 46026c1ca2d3f1489c5e697de12d6c5c4c11dd8261ad903bc684c9a22edc9151 |
| SHA512 | 9ffc6460ed692919ee0303f8cebee266b8f9d4f09dcc5c41389777f4a79fee9b144c3986b5ebc8458cdf81116234629bf06080f9a7788de7503cf30b0a830dc2 |
C:\Users\Admin\Documents\GuardFox\tpt8Z_Rgp4UVHKBj0WPdCHra.exe
| MD5 | 95f80dc65819376a452f65b299fae7fd |
| SHA1 | 31dd3a984c71978432c4a8f20c988fb27e24e70a |
| SHA256 | f2f15ad6be3cf33486b91f012d817190470cd340d6a34725bc0873d0ed53fb18 |
| SHA512 | 58115691c0cfafc59573d03923a4cd4f24232d0f394cd7f549a57d15a6358027489e5b475c7cb1321a6a2d9bb2bfe4ae86fc0ae7612ae1ad8dc3d297ea4e6b73 |
C:\Users\Admin\Documents\GuardFox\_d_6oqBrYO9oDROynM5zoWeZ.exe
| MD5 | 4dd06db5030f5f443ca8d74c940e8f71 |
| SHA1 | 2ede388bbd7fed2d49006d083989a4c89d2f1854 |
| SHA256 | 8872490263809f28f160683ff1f0b90ba30b425b35f34a8054ebf7f7e8531086 |
| SHA512 | 3d36f25817317a744f329e50abdf0a4731201ce94f64713b884453fce9a1b3da3c7ff1f5cfdade71bec81cc20b572cc821b1eee4db26136e72378a1e6077322f |
C:\Users\Admin\Documents\GuardFox\u1nAJohI9NiVQVIhO_u_9qRV.exe
| MD5 | b4bcb96996f07b78d7adaca8e303522a |
| SHA1 | 9b66721c244827b56a0b04fd7d59b945e7f4ce08 |
| SHA256 | 7655b19873caae125f013b1acf74b9ceda60fb7380b81f4dc8363adb8947f1fc |
| SHA512 | 620b69b2a75bc6c0819fd59fa9fb6da89f771e067fff5914f72413139103a1a09685f9f17b054458c26acc45691bc9f0b35fcacf5121024d61bf5e4a6861e286 |
C:\Users\Admin\Documents\GuardFox\1h5oX6AfKdjA7QKitchLMY7C.exe
| MD5 | 4f2586a0f7e0d4017d86d9b74b22390c |
| SHA1 | 122dd0f7c461e1b19772378580f01862a7ac9926 |
| SHA256 | 70b08304ec499a6bb13f55c22e74b7fc13ff578bffdecfecb4f8a0aeb3b88d9a |
| SHA512 | 8cc8bb3e9e0fc6b7ccb9c5d25358347dc904164b2151d632706aff1aaefdd4c6d7a99c5718d721443aa8d6927dbb048dafbd35ae46b723573caabedbbe2cd193 |
C:\Users\Admin\Documents\GuardFox\ZILA72kaOM5pYZfXMY03cnKT.exe
| MD5 | f5be32f456e268df40170f71cd023b61 |
| SHA1 | 2e49703d449838799ba8365fac58b052c87866ee |
| SHA256 | 66bf7e7eda0645921f7ce179ef6945d213b8852366a2881ea407052abbf06f2a |
| SHA512 | 41739f065c1868c6eb79d202737adecf817cfde8afedbdbc5d7bb2a544df40f922c77fe7ab1dbc8bd849cf7804357ffd1bbb27310e7d175ca5ac88ba40c3e726 |
C:\Users\Admin\Documents\GuardFox\K9064dCxqH0SR5hUFk6wIdGs.exe
| MD5 | 29ec7ecc8b9ec550042d0f0843b51627 |
| SHA1 | abb1f34f29274b63d17d9e0fbff03f9dcd64b96c |
| SHA256 | cafdaec53b96ac156ef00ea10f0eb503e8773a6d73d8985964ff7e091405bf7f |
| SHA512 | a2444e57690019725b5b6f5fd8af2443e99c319d40e968b3c00da642c3ec40c8105aafdc68063dfc07e6f1e844d9ff6ddbbaac0803aacc29a200208e385cf962 |
C:\Users\Admin\Documents\GuardFox\ilGyp4NneBqw4pbxzA7S7WGw.exe
| MD5 | d8b55bc6b954e09256b65f02ef7dd687 |
| SHA1 | 558a0277d25673e410f7d6758eca32c27d5ec7c2 |
| SHA256 | 67f9a06ebb02beaaf2d28328962906a073fcdcfc66b377dbcd6ad1d0e74de577 |
| SHA512 | eff671c78e7a39aa4e3e2ddbf9cae9aadb25bce77532b4b573b6659d7a59be37f353dc806cbc8b92f3c761cfd02b566228b5f75a68de529b3b75dd38783a38c8 |
C:\Users\Admin\Documents\GuardFox\3WEhPygXtgmAE0ixSLD2QBPg.exe
| MD5 | 21a57e123048b409f24493e4ff240fb6 |
| SHA1 | a341cb1930b81f36a5b48f52bb1fcd180f589757 |
| SHA256 | 1bdc8ed047e57eb2183c34e5f7b8049cfece73c4cdfcbb48ed24eff1c7edadaa |
| SHA512 | 46f78cf22513562a23d44c0057459f48c4850659485338936aca8ebe1934245855b2d15ba8d3b473c64d1a3e021b7c4892fa4b6d03e9f0bbba5fa10587c2f492 |
C:\Users\Admin\Documents\GuardFox\p2ALwcMAIBBRoJauOyM6tY_I.exe
| MD5 | e9216525ee09510c8c1b5cfd68eb74d8 |
| SHA1 | 58f8982d4ebbde62ebd11b82e0ac68ab1f97f6cd |
| SHA256 | 325ae4ed4ebaa092882647da4fbbe2d588e50ce76dac163e4d8b0be2f3911985 |
| SHA512 | 7593a3c907ae8bea96d32924632f566bbcfe2d636d5f97248cf0738d64924ae6a7727625ef7dca5ffeaed256761ca3c807563c27166aefe01711ec6f7abdb768 |
C:\Users\Admin\Documents\GuardFox\xMUVVLpKRVMcQQBdGWoU2g9b.exe
| MD5 | 499b89da4e0de844ba62e9d51f6dad88 |
| SHA1 | ebe293a851442b2b4e36796813428f6495e14862 |
| SHA256 | 8c458db2b5142f926c99e3581b8487a36283ede88356cc2849c0120cd98329aa |
| SHA512 | da91fc200eaeb30fc67f44ca0457fcc4462a2fdc4fa1b44a2a0e1e629877047fbea6683be4448a1375f8e3581114d251bb0c20b6b5930ff555f525ba67134060 |
memory/1944-352-0x0000000077970000-0x0000000077B19000-memory.dmp
C:\Users\Admin\Documents\GuardFox\0Cx81LmgTTDIL79OjufUMdUs.exe
| MD5 | 3d8d237b751486ab1340c6c6d4a79bef |
| SHA1 | 960b32b30e6d8fc8eb097ae1190a9a164f453208 |
| SHA256 | 77dbd5a3584f5cc70d3044349521e67f927727f1b13a08cc1c7ee516b6883c3e |
| SHA512 | dc9e5880b14bfa7e836b55eaa13002438c82b536370725ab2a2047c534fece751bb5983ec1d12cdf1810c1c5138d379b88ae79fe63182addb24de9394ab24e29 |
\Users\Admin\Documents\GuardFox\qizZt7Bur6z1txTH4YXbihzk.exe
| MD5 | 2676652e28d41a1da75a042da53ac749 |
| SHA1 | f2c03b266efd7f85e862812a85bfa8c3324e59cd |
| SHA256 | 3e24b512ab655fe087b58dffb20f330077c47cf4958aa69f8d02482399696b66 |
| SHA512 | 787127acd1abd9ff420f5d0d6bd1be035b3d569df9f31b4c95fcc767216278a6b05b1934326a0bf001196092ead5a9f2bc8806a890b09a6f5324910fd78729e7 |
memory/1704-401-0x0000000000400000-0x0000000000414000-memory.dmp
C:\Users\Admin\Documents\GuardFox\cOJ7wsghBeakoo5SG56pGvIV.exe
| MD5 | 95016d5592c590e2e1d999ab7ef3aa51 |
| SHA1 | 3d813ebca5d937eeb935172c4687c46ae4fbfafd |
| SHA256 | 93a698786a021035b167ae7f736b4443a691e203232117fa11b6ad606aaf77ea |
| SHA512 | f9fc18c7a637f10d76cdd654d5343489378892fc30af5cfd4885e5418901a35cb6058048ac4476511cfd69b6f341c6048f1f4d2d731e93a7c7c73192244c52e5 |
memory/2584-408-0x000000013F810000-0x000000013F866000-memory.dmp
memory/2744-434-0x00000000008E0000-0x0000000000972000-memory.dmp
C:\Users\Admin\Documents\GuardFox\K9064dCxqH0SR5hUFk6wIdGs.exe
| MD5 | 575612e2a6d358ee6833231312abcab2 |
| SHA1 | bb65fb8f730eb23d5e88312d88ed6b77b3159994 |
| SHA256 | 4c16492d1df7c1d8bc6d7634473857014cf8b16bf58b2ac39a46f8084f6f6cb6 |
| SHA512 | 08c374b43a07ddb019b25423b26c85b8cfa0ec0d9b42b1d43453311e1fbef21482334579bc74983e7a66c8dc4625bca299d874dcddf50e75d97500bc1ec3b345 |
memory/2216-444-0x0000000000F00000-0x0000000000F58000-memory.dmp
memory/388-450-0x0000000000D70000-0x0000000001684000-memory.dmp
\Users\Admin\AppData\Local\Temp\is-M0B92.tmp\0X5ArJglY2ONQo5sIbFdVoVP.tmp
| MD5 | a5116e30c644284c4aef3cf81b7d38eb |
| SHA1 | 08c7f475cf70af878c2cf655b6dfc0ee3196e4c6 |
| SHA256 | 2d755dd3c20d53c77246f0cb0a3caa3d59e68785c5c43544dd0babbc661630d5 |
| SHA512 | dc8c5157d0b11d97bf4c05bd8815cd58e747925bc7881489a38b21d0ade1e49fb1e0b8e0398699273ff979a867ce7e04e21ed65ef23e761cf53ff0200ff80229 |
memory/1328-447-0x00000000046D0000-0x0000000004734000-memory.dmp
memory/2744-452-0x0000000000B30000-0x0000000000C4B000-memory.dmp
memory/2244-453-0x0000000000A70000-0x000000000176F000-memory.dmp
memory/388-456-0x0000000076EB0000-0x0000000076FC0000-memory.dmp
memory/1020-462-0x0000000000400000-0x000000000043C000-memory.dmp
memory/1020-494-0x0000000000220000-0x000000000022B000-memory.dmp
C:\Users\Admin\Documents\GuardFox\u1nAJohI9NiVQVIhO_u_9qRV.exe
| MD5 | c7384afb068f12cb2a2736d9094cd820 |
| SHA1 | 9d440f795c87a57bf5badd9d7283e11edd618dee |
| SHA256 | 2cab68df059efa6f7994fdd280a9584166c7ff058ffe291c98b512bdfec9c049 |
| SHA512 | d6af9640633b628d5a0e00969e83d51ecdaa118ed01c08fe73531ddc4993e4050df0d5bf7d4ee9968c224dc57501079fd0936ec7f4b2c3b9f63f362ca0c0d141 |
C:\Users\Admin\AppData\Local\Temp\is-M0B92.tmp\0X5ArJglY2ONQo5sIbFdVoVP.tmp
| MD5 | 9e0d14e7cbaaf12a2e76819ed5ab1c4d |
| SHA1 | 589a186c63b9de5b6852cea444c4eb407242aee3 |
| SHA256 | 10a4c06e78159722c3a94df6ead602de066ed57222dfbb2df5e10c16a4a63f64 |
| SHA512 | 7ac3ed82990fc5c5c16e9b96e01aa6a96188b1f310a92f73ef521659b49380ec31eb4d5e486f00e558f676e81ada435f04585659b189d3913e7d3e0c685af255 |
memory/1856-504-0x0000000000400000-0x0000000000537000-memory.dmp
C:\Users\Admin\Documents\GuardFox\p2ALwcMAIBBRoJauOyM6tY_I.exe
| MD5 | e92df1f4e0b6cbc7634d9bc8b3410eef |
| SHA1 | 1f3f056d7b14d21eacc9cbd401555263d424d6d6 |
| SHA256 | 2ded7159ee7b23e51ccc243517510ba0ed586af6f3c6aebfb7f6af98965557f5 |
| SHA512 | 84b83ee1abe59ff38926f999a7f6d09e2bb6ab25ee034c7e5b78fc1e481056b2bd86e72942af740ce4f47c16eb57f494ff3a1e2fb65f3854e13cf933e93330ab |
memory/1856-501-0x0000000000400000-0x0000000000537000-memory.dmp
memory/928-518-0x0000000000220000-0x0000000000221000-memory.dmp
memory/928-524-0x0000000000220000-0x0000000000221000-memory.dmp
memory/928-537-0x0000000000400000-0x0000000000D40000-memory.dmp
memory/2208-535-0x00000000000F0000-0x00000000000F1000-memory.dmp
memory/2208-543-0x00000000000F0000-0x00000000000F1000-memory.dmp
memory/2208-544-0x00000000010E0000-0x0000000001A27000-memory.dmp
memory/3040-542-0x0000000000340000-0x00000000012F3000-memory.dmp
memory/388-556-0x0000000000D70000-0x0000000001684000-memory.dmp
memory/2756-534-0x0000000077B20000-0x0000000077B22000-memory.dmp
memory/928-529-0x0000000000400000-0x0000000000D40000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7eDL.CPL
| MD5 | 85d7ca9383a1b5187bba14f80703e8e4 |
| SHA1 | e4fc9ff1acdb403178c2d54524db414396f442aa |
| SHA256 | dfa5b97e17d9a9f9173e0f59f84d88511505430ed8d1f2e4adf73ad25239daf0 |
| SHA512 | 88d94a3615ff9aad81c6ee91a5e423813c1c585a74916c7a0ed974ac04a5c3adf011c297e9d39e2c9b0a68de0e66b3d7776b6465ac2b42b7e25da0a92bbe96f1 |
memory/1524-600-0x0000000000600000-0x000000000060E000-memory.dmp
memory/1524-602-0x0000000000230000-0x000000000023B000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerExpertNT.lnk
| MD5 | b18ca7ff547c776699ba7d986aff752b |
| SHA1 | 871eca7d4ee8bf5c90363a3f8809b734bd680f18 |
| SHA256 | 1df93c99e3fa7e2584332f822db9777f5feaf4e44b8800946956a27e1ecc82cf |
| SHA512 | 2d3a9fef07f69719ae1dbb7eaa84a627f7afb545bc6687733d3ac6d9ee5076de61b11c1125c245094b18dd3ed21f8cac356188e082b80c8261fadce384e6ba91 |
\Users\Admin\AppData\Local\Temp\PowerExpertNT\PowerExpertNT.exe
| MD5 | 9f6b9d07e0e1041150acaa97a368bcef |
| SHA1 | 02f52fd00786c4fb9a2b115fdb0ba040e6b49ef8 |
| SHA256 | dfa0ace04bab84553210479ff5a8b95ee87fbc9fa661037f1a7a5c9081117597 |
| SHA512 | c38f8ece7a0742b1f1d53a7a8e3ecf8ec00b465bca63620ecac7b441f84d1ad77413f9e0055eeecc9ca5a118e0477dde1993f7ab28312b9ad0c48d9d3cf4670e |
memory/1524-599-0x0000000000400000-0x000000000043D000-memory.dmp
\Users\Admin\AppData\Local\Temp\7eDl.cpl
| MD5 | f5a98ff46e05011aee19f1032c0ca3bb |
| SHA1 | 63e3a30a8765b4ca213359564ea012c9812f0e06 |
| SHA256 | a9374e19434373738556eaf32ec64045b85a57337e347d7c8444cb16d4635aba |
| SHA512 | c317a45b6983a5e1432b027a1f7188401b17824e5d281fba42366839a39e25a025bc4f84fe655640dd0bf21529fb576c89f3b3e0bad479fa25f6b820aeae29cc |
memory/1328-612-0x0000000004730000-0x0000000004794000-memory.dmp
\Users\Admin\AppData\Local\Temp\7eDl.cpl
| MD5 | 852b7a7d1eaf27a2528a74ca92f099b7 |
| SHA1 | f1c9b4d4849d2d92f718a9ebd1a0308a3a7d4255 |
| SHA256 | 301d9a5f7d4fdd33888590c3f9bbde32b21b6429d59a6d8db21d0dccb4b2a675 |
| SHA512 | ab048d56121daf451dc34dd76400db22972f3f0f90338df79d600b5763848250b432c15aafd5f6ab298e2ef5e547ec90afb37fe37ccf78a50a7893291aa753cd |
\Users\Admin\AppData\Local\Temp\7eDl.cpl
| MD5 | 73476bf4a8731d3dc134ed25b46db59b |
| SHA1 | bbe65a4f764f184c361d71d9fa5c855931e2ab3a |
| SHA256 | 91b8413906ed52b1a58056d549c174af197274b6d38904485c12032db45ba78c |
| SHA512 | e268f5bc9d0f2c35d2f7bcaca4d54e2c1473da546495286f635566d22f5795f3ae16953f1db45c05e62d5fd16dae4955e628318d557bac3dde76b6ad5d9cf18b |
\Users\Admin\AppData\Local\Temp\7eDl.cpl
| MD5 | c70b30525754f6b4e2a1eabe08de3b6a |
| SHA1 | 907c5cef27575704adba8db7b4e8ababc767cb54 |
| SHA256 | 770abdb99927d2b8bd7b9c418e0eef62a0337dd93b58f591de9df1e12d5f678e |
| SHA512 | b5be99a1ac632a0c6d1248d1b9ebe36dec38fb5a23c6bb68dbf93d4ac618e04c5084882e34d5aefed1774c64df3f5d44bd9afd4e1a22e5683fb6e0279394898c |
memory/1220-566-0x0000000002AD0000-0x0000000002AE6000-memory.dmp
memory/2528-617-0x0000000010000000-0x0000000010242000-memory.dmp
memory/1752-530-0x00000000002B0000-0x000000000033B000-memory.dmp
memory/928-528-0x0000000000220000-0x0000000000221000-memory.dmp
memory/2756-517-0x0000000077B20000-0x0000000077B22000-memory.dmp
C:\Users\Admin\Documents\GuardFox\3WEhPygXtgmAE0ixSLD2QBPg.exe
| MD5 | 5e9d3fcd8b7a49e4ed03b7a4e0ffdf1d |
| SHA1 | 405d71e66c54fe04b0d903b539d6ec552f64b538 |
| SHA256 | afa16200750a440b3c55256d3aa4a082332b753ef6911738d5525b783529927f |
| SHA512 | 3d3dbf4c8f10c6708b07990905d8458b705555075134cffb216cdc17b309f356116954657ad2bbc31656bdb3ffaee86b3d1d245241cf22f3d7398474940cb796 |
memory/1856-493-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
C:\Users\Admin\Documents\GuardFox\1h5oX6AfKdjA7QKitchLMY7C.exe
| MD5 | d325656ed73576aed21ecdb533e4b469 |
| SHA1 | c824f407a05c22b4a07636d6e53d0f1c9afe9358 |
| SHA256 | 074b0b0f9c47f2afe5792cc0254f324fed0e4a5ad75dcf43c48426571fd40453 |
| SHA512 | 6e4fb7af7a5a4cf1c7aa282f396bc47c78c59ccb1782ebf09e26498a050d1050fc52bef3f67f0e157384171f7de7284fcb7288b25cf61a9c23f9255162039231 |
C:\Users\Admin\Documents\GuardFox\1h5oX6AfKdjA7QKitchLMY7C.exe
| MD5 | 67572e0aa806645fe136bdda362c1352 |
| SHA1 | ae41e47921a42b80e0c330357cd2bf3d0b65eede |
| SHA256 | 591be8061d304141946f792ecc579fa437dcae50fd76eff204d55ef41e317f8d |
| SHA512 | 52c96d96e0fbaa9d805be4773d8ab14c5884cd15a89cf036e2e861df9135d4b6bfc2e9118022a97aeb71169ef071473edbdc8dd06e6cd3a5cc0e28024931dcf2 |
C:\Users\Admin\Documents\GuardFox\xMUVVLpKRVMcQQBdGWoU2g9b.exe
| MD5 | 7fb0f780d3ef29af2da679cf034829c3 |
| SHA1 | 68ab6db1545475f41ff4b6fb471cd322b810dcab |
| SHA256 | 38a4608c0b9bac48f44dd8affdc79f01d90e627556f9342f2c21e44da4b9f6c8 |
| SHA512 | ff41818e432b33412f5dfd8dd440d87edf981b018b52565275d6096e713a3c09156297749579bd36924be53b5d348631ba8deca9aa9e841b778366aa7f78419e |
\Users\Admin\AppData\Local\Temp\is-JK1GO.tmp\_isetup\_iscrypt.dll
| MD5 | a69559718ab506675e907fe49deb71e9 |
| SHA1 | bc8f404ffdb1960b50c12ff9413c893b56f2e36f |
| SHA256 | 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc |
| SHA512 | e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63 |
\Users\Admin\AppData\Local\Temp\is-JK1GO.tmp\_isetup\_shfoldr.dll
| MD5 | 92dc6ef532fbb4a5c3201469a5b5eb63 |
| SHA1 | 3e89ff837147c16b4e41c30d6c796374e0b8e62c |
| SHA256 | 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87 |
| SHA512 | 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3 |
C:\Users\Admin\Documents\GuardFox\xMUVVLpKRVMcQQBdGWoU2g9b.exe
| MD5 | 9271806ac71a07442ae166584e26f42c |
| SHA1 | 72c50cfc4c4806c86e7380bbb42628663bf9c157 |
| SHA256 | e62fba6b9430224d1f39f6837242dfa487530762e4eac010a1b1792659de9330 |
| SHA512 | 75ee68f4fbff50810848db0fee24dc545c2d5b8cb72cbc1c91eb6e418fc7b6f6584d30dff0fce3bffd512c96f72a937c5da1f4386979967824e607b5c8d5959b |
C:\Users\Admin\Documents\GuardFox\3WEhPygXtgmAE0ixSLD2QBPg.exe
| MD5 | 601b46c1f24b87b694163a3a2d758608 |
| SHA1 | e551bbc867877be83256148acf76261ee60ebea1 |
| SHA256 | 79be6eafee90e738399ff5f6828570013f6ae2fb75cea32232dec28bca690108 |
| SHA512 | 19b553e060680ed2d8df8bcce494eb22669b302c18d9a38830c8d23f7e790cce0c40728f1042fe2f73fe2ec6c1ee4cb1aa79add75d40aec3e95b7a222b9a93d4 |
C:\Users\Admin\Documents\GuardFox\xMUVVLpKRVMcQQBdGWoU2g9b.exe
| MD5 | 51baa11bfbfb52c2f9f99394c31ed82f |
| SHA1 | 2d9499bb470ae0b7ce868bb425594d250c3021ae |
| SHA256 | b980339bb3eccd6c5a16eca1fb423fa12f9d6109fbbb53e26acc21eef099d8e3 |
| SHA512 | f40a1be3f9a47363f712febdbab3a43ee10d7d584422c38ee0e4da558f70f610c3f1707b4d9abb2a0730ec1932b739c3d91a695e5e3407cc6314fccc7cc60b2a |
\Users\Admin\Documents\GuardFox\1h5oX6AfKdjA7QKitchLMY7C.exe
| MD5 | 495d40c2bf1e8bc819f7537f2b8cd35e |
| SHA1 | 231df1bf1ece08daac6e00d175a3db76d4b1516d |
| SHA256 | b153b5d97a38cde2ff81663272a48094101d634cdb1e80eb6641a6cdf155a93a |
| SHA512 | 36dd8c34080455ad1caf6b8c47c93096715bc8a3cb50c9ee2a8d9522a73352138ee2c2ae0401aabbd44dc0a368118d9179b1444f48f823d7c34a9a5e55f3c590 |
memory/1020-465-0x0000000000620000-0x000000000062E000-memory.dmp
memory/872-464-0x00000000013B0000-0x000000000191C000-memory.dmp
C:\Users\Admin\Documents\GuardFox\p2ALwcMAIBBRoJauOyM6tY_I.exe
| MD5 | 1dd8d18051328439b2ec873cbba003f4 |
| SHA1 | e02cfa185076a81c03fd7ec361cc9af274346be4 |
| SHA256 | 4e408148b0710f358733268837e82bd147d5daafe5ae700b03e48636f8aba8ce |
| SHA512 | 33ba7e83b252ed6a80c5e55bb4ea6dfc848d951cca2dd553cf2a76b947c6aec5af72de702987985ecaed28e9a21a8390c9ec111ba735f67cdc5313fae1e49b9c |
memory/3040-631-0x0000000000340000-0x00000000012F3000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-M0B92.tmp\0X5ArJglY2ONQo5sIbFdVoVP.tmp
| MD5 | f7a1e7ca916b5665f68f9d8559aabacf |
| SHA1 | d35baf1d886e338beac6ec1cd77d2b1e9386cedf |
| SHA256 | 4860cc12e693259f41fc361dade9c473e3af6f2a3665b8e150b30fbc4db155d7 |
| SHA512 | 341ad526bf17d6ce141cf97cf8af0342c2a8646086cb767efe806ba2ef571c6768162270e65830582399fbcaf8619f74a66fb823b5a0a224270cb7f36239bab8 |
memory/388-460-0x0000000076EB0000-0x0000000076FC0000-memory.dmp
memory/388-454-0x0000000076EB0000-0x0000000076FC0000-memory.dmp
memory/2744-451-0x00000000008E0000-0x0000000000972000-memory.dmp
C:\Users\Admin\Documents\GuardFox\u1nAJohI9NiVQVIhO_u_9qRV.exe
| MD5 | 01dc26008f4485b64820aa3b6ca4035a |
| SHA1 | 046f4034eaa513618889d967627f162c40584b38 |
| SHA256 | f3323eac403e1c112528bdb40c136416bfea8f3e5067dbeac1230e56729cbef5 |
| SHA512 | 3966da82f57295d219e1360a35e000a334b9f0038ecd1cc43b8993b4bf1b6239e32397159a1ea0ff9c66fabacedd17b1ee3784b7403dc16217a44860b4b818a7 |
C:\Users\Admin\Documents\GuardFox\S4yNXJTJDxFHKlOXMvXdgu88.exe
| MD5 | 5fa878455587d484dba37e41a46b9343 |
| SHA1 | 82f4dd3a18554bda4425a897433b31f2d783587a |
| SHA256 | e63841c08999245e9c424161cca81afbecb2c9e20b53aa2eb988a923cddbe6a4 |
| SHA512 | 60e23805e4a72ed423a65d2a3b19c2f6f4c16587f74499f78478180e0964dc9a80a584fb3a607c7a61ddf8085cd3ae23a5bf6a0d25aff78b96b808007d7e1654 |
C:\Users\Admin\Documents\GuardFox\u1nAJohI9NiVQVIhO_u_9qRV.exe
| MD5 | db6b6b3b8b0acf249e87e090f5fe0ccf |
| SHA1 | 44f171a46cab9aa8dad2d6db064b693d4e02c5b5 |
| SHA256 | 750df7aedb9ea7e14b5389fd6e4071f7ddbbc1c5e494dd05398d4598a9cb1723 |
| SHA512 | b154afb37ed994747e550c746b95872ef045685e7dceb83f526634fa1503cddece58e0eb39eaabef3033715ecc0266561055fce2090de70ec12320e51b7a596b |
C:\Users\Admin\Documents\GuardFox\_d_6oqBrYO9oDROynM5zoWeZ.exe
| MD5 | 916f9c69347044d2b139f701678d3d87 |
| SHA1 | 6ffe5b42ffbf4a783c9904938bc157cd462c8400 |
| SHA256 | b5e190e82761cdeb42ee2d6e2139cc3a969aaf532cf8d6993dab441e4aa2f621 |
| SHA512 | 65d03a5b5a6223efb7fd997704454dc43c364553f965ed173cf2cce4342cb70e01565e9d8dd470612f6dfe03f0448fe0d119f7ee9f4b968ddc39fbf3da4e6e42 |
C:\Users\Admin\Documents\GuardFox\p2ALwcMAIBBRoJauOyM6tY_I.exe
| MD5 | 6f0e5ad311936054a33eb7287c594521 |
| SHA1 | c973d47705660081bcbce5a99832c5f035168776 |
| SHA256 | 54ee98582d3733d200040666a41685a51467de8ed0f6e06bd076fb94ee7ec1a9 |
| SHA512 | a00a696feee34b30eaa3dc88878d649ea824d82abf67fbcfd058a2942d52a0092f750e3a41abc303b8b04a33b05a34b528be4e9827a272a40067e66ba8fa367d |
memory/952-431-0x00000000008C0000-0x0000000000DA3000-memory.dmp
C:\Users\Admin\Documents\GuardFox\ilGyp4NneBqw4pbxzA7S7WGw.exe
| MD5 | 752f7918a746b52d7ad0ebbf398b3fe0 |
| SHA1 | 20f9b3c105fe0fd0f76363e3ee14890844d6fc55 |
| SHA256 | 6c501edf4e43ec6eb06b61b29970570ade5961a63232e4a49c25c5ffe814843b |
| SHA512 | 53d2fb1c731a349e40356a8e865fe376ac7ccb1f5f4f61a38f6121d3fca9e1226774cee072cba565c42b76ef1d538c6f9d560c2ae3eeb72a92b1bd654ee2b81e |
C:\Users\Admin\Documents\GuardFox\0X5ArJglY2ONQo5sIbFdVoVP.exe
| MD5 | 9dafb97588be0e104cb9c8b6be62f373 |
| SHA1 | 65e97d3146059df75d46e25f08f873325f50d576 |
| SHA256 | 874ce7bfed886ccf5aa0397172270de1e14a5adf3e5d2a0112e359f7aa2cdad8 |
| SHA512 | 642230fdc66153b980a37050119561e4a3f2f8265d7cb353fd08243a65f0fa61ac9152425cdf2acaef3e36f921ba2f1a3f4b30cc17946df2a1fb38807da5fef5 |
C:\Users\Admin\Documents\GuardFox\_d_6oqBrYO9oDROynM5zoWeZ.exe
| MD5 | 918e3c0afcbb04797beb3a0d0a0e9431 |
| SHA1 | 2deabf3e815d57d7acf416858db8a210f4b21915 |
| SHA256 | 6af930fca4b0fe132f348b0f8eae0b21ab3410f44bddd567064f12cd4e37977d |
| SHA512 | 653d09d95db5a885fcbe0b60c5b8efa1677f03059a362e2939e277edd6ffb06bbe816eab9759ed07728c1ac9cd74082c45f7664abc3abf5595bb7e0bcf58a6f7 |
C:\Users\Admin\Documents\GuardFox\ilGyp4NneBqw4pbxzA7S7WGw.exe
| MD5 | 0f2ece55e7d9c911ace08e907815fbda |
| SHA1 | c6d34826da6a21ee313e08172909fe6b57fca968 |
| SHA256 | 604bb0e5165d9caf7e1c92936aea5f1b2f8180c828d0bf82154c9db14164d35b |
| SHA512 | 60c774db214226f7f6c13f6a2a05decc62b572b0ee71a6454a6094289bdabf65e3d2ef4dd2d53a0c05f56e4f2a1c4700617b2a191cad2f67b4a23f0a1fa8dbae |
C:\Users\Admin\Documents\GuardFox\ilGyp4NneBqw4pbxzA7S7WGw.exe
| MD5 | a0874ada9e27a6bd6fff8909e495768b |
| SHA1 | 2ebc052c567dd9a5ed8d3eace9e615b98a4384da |
| SHA256 | 86a620d514db5f45019d1e0a7232680faee59687f54948d7ff12be857b4454a8 |
| SHA512 | 0423537b90d1e37f1e3c5b0d65f401bf00fec3f5e1d993da21f196e1721cf60132d14e260dd8ef46242fec02199f0fc87f081308df2e93d05e91786663f04878 |
C:\Users\Admin\Documents\GuardFox\hQgtvqK8VmQ1LY7m1AXNSeZx.exe
| MD5 | 78816926d26a0a3aec43cdc3c4956ab8 |
| SHA1 | 809e335d6002b6f32b162a00a51fd2332e8f8a79 |
| SHA256 | accf49b74c6162e418771f5820d677a54d4e9a3ba46d2c39c1053193afb6c035 |
| SHA512 | b0a57ffbf8316fadbdfb8569fcea3e0992cc96463cfe1d59419c65677c2920835da18beef8427e7a31b0350266978de80a2b880a3cfb458ce8ac2fec23b2b22f |
memory/1944-414-0x0000000000180000-0x0000000000181000-memory.dmp
C:\Users\Admin\Documents\GuardFox\zJ3jMj0GzYgdwDzzw9qRdQOd.exe
| MD5 | 647aa5195d5e0b79d5ac67c9c9065c4b |
| SHA1 | c3de06765555ee4758e77f8495b0eb6f89f86aa4 |
| SHA256 | 646d7f95a05e617db68a99e2b55bf5fe457af405b48eade8138330703bb21e55 |
| SHA512 | 78c91deaef517cc3c110e3363d2669e8c40fab6b69d88fea3471ee1985f6ba27198343ad421dc08228c719c5fb0a58197ddc29c2e13deb3168ab47d5400537cc |
C:\Users\Admin\Documents\GuardFox\KZH0_ViJLjDh1uYJKXnz_kpG.exe
| MD5 | 9a19d296dcae5af72bcdcd0287b52dea |
| SHA1 | c50e8f2205b1b87403d52f3d94613b4c56ca5407 |
| SHA256 | 4d7946c16ab2396f76dd730628dfb66469defcc19bd65502d2785c474832a97a |
| SHA512 | 6292f24f055da98bea37e9b0cf265c6086f2717b4e82b3d7eee383751ce691376323ffec2eb1e12009c7874fe0e8482675946fe44eb696d6181c364a9a221dbe |
memory/1944-378-0x000000013FAE0000-0x0000000140524000-memory.dmp
C:\Users\Admin\Documents\GuardFox\cOJ7wsghBeakoo5SG56pGvIV.exe
| MD5 | 77a6e18faf24c43482753c10d8991c1c |
| SHA1 | 1cdbf4930a913753dd521c99f96dac04ef9c31b5 |
| SHA256 | dcf970cb259e1c7c2687ffcdeac3e14b2d3c9879795b7666141566f8d7b7f41b |
| SHA512 | 9e6bcedee96bc3b4486c79fce28dccd5c3f10584e72074491b14b4ab698aa324dfedbf700faa4e08e959904ec53c70ff30f2e86e382632c54aec0e3ae08ea42b |
C:\Users\Admin\Documents\GuardFox\0X5ArJglY2ONQo5sIbFdVoVP.exe
| MD5 | 4a124a78187a3c675e8433a01fcdc3b4 |
| SHA1 | 8af979dc93904333112e7c0f161b369e0dbdaf49 |
| SHA256 | 03d7cbb6bde96fd93a30d6d600318fe2e8286a49911ed9322762fd518ad22545 |
| SHA512 | 6ec28db4cfbaa9609e6370dd2a2a71c4e4b1341d77c1cd199302974b76083e75cec407724edf42c32c0b689290cf7c5c93812a4232a3e510a44fb15567c9493d |
C:\Users\Admin\Documents\GuardFox\2vg8st5gxt7xVyaMTMyPHcEB.exe
| MD5 | abdd44ee49644dd47d86cf9ee321d2d1 |
| SHA1 | 6414ddfab7d91d4be56e654219e56fb66cd1bf4f |
| SHA256 | 38cb8c23fa6a0aa7d2d8c3b58285b075adef643640838cb0e406f86a238eb607 |
| SHA512 | 8f25c9285ecfbb3d54f0ce21161eabf34dae40ff82bdea80773c7702b9f9b25b5852c6e6b5ffc5e5ed71e1808f872f34894f39a783689d1feadee6c796f216ff |
\Users\Admin\AppData\Local\Web Resource Viewer\webresourceviewer.exe
| MD5 | 5fbcdeb1d1286b952997ef9ece24c462 |
| SHA1 | af0aaab89a40b489cce80357068bbd384621acfc |
| SHA256 | a14ddacdefd71556cad5f421556bbb7b9f5b820dcc39a73ec519b078486830a0 |
| SHA512 | 562f9b1a68ef360f1aec22709646a00668c8f4310835d8b7598d27b8086040cb6b2b9fe700710956fa57146b4813d5c37bdae2e751b12e5260319ba27b02b79f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c4eb09fb1754972832db9cb92df89323 |
| SHA1 | 458f4e4935523b1862645b3f24e30ac29635b50b |
| SHA256 | 266d92a0402c1ee853ddbe77980e9e1a1c42a07bc954a6adea0477a30d77c73c |
| SHA512 | c3ba2557d5dff99c8688aa3457bd3254b5c69a783108d02f966f7c3cf480db3e6f397c0bb52119dfae6a75422e437ee24bc5e5f8dd9137cc7f7196dc758e9705 |
C:\Users\Admin\AppData\Local\Web Resource Viewer\webresourceviewer.exe
| MD5 | 9040620f7f6be970e5ca4be4ac5c825a |
| SHA1 | db164e269c2bdae18ae77edf7892e48175497a17 |
| SHA256 | 48adcd872e40b48282beca827de2094580e45e1476ca862ec786fdc23e769f5f |
| SHA512 | b5d6239ca752ca2aa97626cdd586d0b46fc5018f308fbf920da061788067e244719db59ca26b878ab2eb0a959087c3582a98a4450301d328baf26d66db7bdb12 |
\Users\Admin\Documents\GuardFox\hQgtvqK8VmQ1LY7m1AXNSeZx.exe
| MD5 | c00675b7122fc0fee4c9799bea17ff7b |
| SHA1 | 6ff612747d3206b3ddfb024a9dbf50d5ba60f5d6 |
| SHA256 | b7b67b2c68534909a8d9bd09e15aed3efc703f4c83e088f4e149754aef950f07 |
| SHA512 | 8cc54227d3af50b2adf173c89116b83a0148ecc15807613fb377b064e15f3532490c527e9ab9adf24f38524606fb3d4d3ec5cddafb7770771f5f74132d78fa20 |
\Users\Admin\Documents\GuardFox\hQgtvqK8VmQ1LY7m1AXNSeZx.exe
| MD5 | f3ccbd82b763466ed17fbcaee6712afb |
| SHA1 | 1e2d31385324282b41147e32afead3c68edb7935 |
| SHA256 | 81b9b50183ccb48b49f2ca6ca70346ddb9d720c00019d522aa81e49da3cda3d4 |
| SHA512 | b7f22d459d42488d08281db1ee0218ab2a23423f9abfdc4daa67837d2725eeeed0dfd57daecbbd20e736d3e5013adeef0db17c9f4ba8c429660c72eadc4c2a7a |
\Users\Admin\Documents\GuardFox\hQgtvqK8VmQ1LY7m1AXNSeZx.exe
| MD5 | 933aafb9fee54e28ab7caa3725856b6e |
| SHA1 | d528d563606d9508cd5295aedc60e9b23af08f14 |
| SHA256 | df04c05c352c7730700004caada9a405c180432d28591b2400fd2da1ce5c2983 |
| SHA512 | 76c3e280d8344eb4e4008a2eebfd9539e3be6d627f101b36b61ad0a9bc3f177b6facf4da7df0dbd1cb6aa0380fad8841c838a846e4dcbeb046a012558185819d |
\Users\Admin\Documents\GuardFox\hQgtvqK8VmQ1LY7m1AXNSeZx.exe
| MD5 | 461783c465969d627ce54cf34ce54a69 |
| SHA1 | 9459cd9be9f1783c163035a066a5436744243bd0 |
| SHA256 | 78c7eb7c4cb9a9ac4262a7c96044c6003f63203941a5cbdd46839ef0631d77da |
| SHA512 | 534058a078253a88ac3b8f2f86e27bc86bfd0ccd357557254f0c1571e755d0650712352fb6552c6a2f16c574611d19fd5218b9905ae0c953c961daf597749481 |
memory/1944-738-0x0000000077970000-0x0000000077B19000-memory.dmp
memory/1944-737-0x000007FEFDA20000-0x000007FEFDA8C000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\Documents\GuardFox\YKK0vMV080jyVNM0bgr2l5L5.exe
| MD5 | ed5dfe2f5985c130889ffeaabeeeaf02 |
| SHA1 | ce41a96cac1bc27f71ec57746ab242d0c0f66746 |
| SHA256 | 73ef1a13af91b0b3e5c3b884d24579d08643f9ebd84cb0106f9735c851443113 |
| SHA512 | 30b678f8fc9fe6debb79747ab1f88d69adf0bf9d1446c2b6ed56d52deb0a24ea93c1c9044f3556ed039af493ade4abc136f1b9c857a59a13c5d305b8737c82d8 |
memory/2560-750-0x0000000000400000-0x0000000000889000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | d67821adb9675cdb6aea3cc96c2ebb85 |
| SHA1 | d67f91d98358624148fe6afd69ce96a83df0154a |
| SHA256 | 05999c164df8711a100dadf843c1719a66af07e93162a6325351898c0dc83e2f |
| SHA512 | 3e311dbd6433eee427fc0531f344a8ce23fd2565ed20e90ca7a32dcaef05e2cd76a0e41490c6f3deb31bf40dff17b76bab17a09241fa158b8a76d68bb85a5364 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2c6295e4d566606499a7d3d8d47a9ec5 |
| SHA1 | 92d841bd02c2f1c19431312bfa8d86e94c40c9e5 |
| SHA256 | 4bed452eaf0f7d0382950d337494fa12eaa6a2479704dcce6acc29baee20d222 |
| SHA512 | 6758ccf330c4b58b872c2f80a2eeb3ff746c8e0e499cf8c2e31450c032da253e7488272c0b4fd15450cc762a05b56f2771bbea7243588fa0359e30384cefc757 |
C:\Users\Admin\AppData\Local\Web Resource Viewer\webresourceviewer.exe
| MD5 | c02c30c4827505ed5994715115f5abab |
| SHA1 | c510b6a19e50ca58ed4ff69b85e18108c7921ff8 |
| SHA256 | 986d3e40371e4383936f6e6e93d619ab19340db24732dce4d8fc4201956dfca0 |
| SHA512 | 2b38dfd787837ed9a698e0e305e3bcb4079b3a3adc98c43b6bd0444dd95202303e1f53793ee1caa3ead69dc07e8329d1a0a19feb285d85c560e621c351ca631d |
memory/1944-736-0x000000013FAE0000-0x0000000140524000-memory.dmp
C:\Users\Admin\AppData\Local\Web Resource Viewer\webresourceviewer.exe
| MD5 | dc8c848493dc249db02cb9edc0c8e39e |
| SHA1 | dc11e851fcbea4c13998f31295b1d36ded323af1 |
| SHA256 | 3495de09b5aa093637dfe2e40e12a872c5f031193064bb291fcb0755f584ff1c |
| SHA512 | d20403e9484043a64f87e358048c8598056a6d6359c73064a109196289207c18883a192d55639118a4e72f148e7a792fdf097d4dc2379a49aece39ebdb9fb44d |
\Users\Admin\Documents\GuardFox\hQgtvqK8VmQ1LY7m1AXNSeZx.exe
| MD5 | 4ff1d9fcfebf18efc26ac8460dbd16e8 |
| SHA1 | 2b3f6147bdd4eaba08bd9a1272ca2cf2e631a323 |
| SHA256 | 3935c9d8034916ba6ac712ac3569e20c893a24e7577f8cfee6f7bf25e7fcee4d |
| SHA512 | 2560f88b29d2f03f0096d6985ba00f452592387d0b7bbe728c581df07cbc8f938c75712ecf8871e386924505af72e5797d5a158c55a606f85b3cb7ef8fe952d6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 75c71fd794a9c8e9bdf61b4affad614f |
| SHA1 | a3496e4f89c993e46e24f3b3fffd26644ee95744 |
| SHA256 | 49dea7e1ed13b52808c7e480b95810e72af3d42578cdc246f2713dab31d571e0 |
| SHA512 | ed07477feb3763f6324afb2dc674f24d2aa905e39c84502611c423bcdd36573a6b9d7d52637d828e6508a6d6185e934a5e79104080b40e7b3a1a621ee219611e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
| MD5 | 60fe01df86be2e5331b0cdbe86165686 |
| SHA1 | 2a79f9713c3f192862ff80508062e64e8e0b29bd |
| SHA256 | c08ccbc876cd5a7cdfa9670f9637da57f6a1282198a9bc71fc7d7247a6e5b7a8 |
| SHA512 | ef9f9a4dedcbfe339f4f3d07fb614645596c6f2b15608bdccdad492578b735f7cb075bdaa07178c764582ee345857ec4665f90342694e6a60786bb3d9b3a3d23 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
| MD5 | 58fa57480ae8206394e935752a581182 |
| SHA1 | 952691e8f332f3afccd8a82e4d6760d35563854c |
| SHA256 | 55028a662584a58d57b7608196efdeda9ba2ab484f6e5ccb5cd35a92a0d74aaf |
| SHA512 | 3ccc1db054d27796efc051b1da89c1500a72b3ad56fe8c523a1c292c67583f5c4e1016cc8db487ad6bd06033a79ccfb91350c8d6a06634c2b5903b873bfbb2f7 |
memory/2216-826-0x0000000074510000-0x0000000074BFE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\4BDF.exe
| MD5 | c37d97b7a4fbd0bcce3080d9dfff254d |
| SHA1 | 999136d0a9c82fcd8a345c3bf710b34ce13f7947 |
| SHA256 | 426e8fa653f12c897ca71cfd608913aae188e0c3dfa09694cee79341463a5335 |
| SHA512 | e88417125b36c057ccf352025fcc51ca2a7c76bc53713a224e95a12442672bfcd5108f9a9093289a36941eaaebe4f60cfc8599616b0416d1498d63db1ff1b89b |
C:\Users\Admin\AppData\Local\Temp\4BDF.exe
| MD5 | 8d9838200994599f67783d670d7d981f |
| SHA1 | 138550bbfbfa619bbe88016c64ab3842f5a6877c |
| SHA256 | f0ba9a0191e61b1371835c464f9d9b3f4e7a8b3c1da1db3cf50683c9b1d2360a |
| SHA512 | 89d2167de1c029eeb08859df420bdf6163516f2b401f7d327a223e7f28d1a93c93da059a72bf6fe10aa1964af23a86364915b01d03b2ff00021bb7ad30bcff44 |
C:\Users\Admin\AppData\Local\Temp\4BDF.exe
| MD5 | 78a136a01d7556ab30014ed0bad5c71b |
| SHA1 | ef3de91cf1a59565a0a4b414112e31ceb9aa3d8b |
| SHA256 | 75826efc3ef7d7f8d9973755803e706088b12a55bbc4262d513dafc6a85388d0 |
| SHA512 | a1eec140a220ca000077aa81b94bd717c922293987d3ad91014624a49f00a0bd4e566754a0aceeb68587aefbb69fe8c22f4b739dda103ea9220957e6bb36ea31 |
\Users\Admin\AppData\Local\Temp\4BDF.exe
| MD5 | b8442811034a8a99ace222e561def11a |
| SHA1 | 43ce5fcf88fc840a3b8a10e25d704d84f3f08673 |
| SHA256 | 57dccdd72d2c583893819aa9407dbf3af1eaabd94c45183071ecc57514ef7a68 |
| SHA512 | bba058add02830132f0f8b8c84504456554ef9ae6f43bf64ca875082731ee46225d24a27716cd086426559a36a15095bceffdd90d5e31f459ae966b3945d6733 |
memory/872-863-0x0000000005880000-0x0000000005A88000-memory.dmp
memory/872-869-0x0000000006BC0000-0x0000000006D52000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-IAPO0.tmp\731F.tmp
| MD5 | 43534325bcaa2e866b9bfb404b1e77e9 |
| SHA1 | e3d88ed969308070d9d5995dc83cc7e8bf422f04 |
| SHA256 | dfde8a7e7da4aefaaa54b398efdeb2c496f14cc416a007ade3014f29135633e2 |
| SHA512 | 14f429cb9a20857a7c1c886caa53620d08d1cbc9e4284e10332d4c7ca518f6d6bb12d9261b51e5918111bee37d54c4a699aec18b96e3c40ef0c7556ada5f422c |
memory/1856-881-0x0000000000400000-0x0000000000537000-memory.dmp
C:\Users\Admin\AppData\Local\Web Resource Viewer\lang\is-DJ327.tmp
| MD5 | 54ffd881611a92540e4c85e2759278c9 |
| SHA1 | ef0c1ec4f6efe6abdf9a23f1adcd88c4ec5b4348 |
| SHA256 | d075cbfb1b43dadcdac8cf572c18689134e59319fbe425e82c7bb7c4e7d5948c |
| SHA512 | d9f77cacb264d080e12e765cba3e1cc69a19c186526bbcb25d093e0a83b4b4b8beef37a4acf2e803a08eb76c77d4a97a21fea74475d6d9d16a63f2137ab6253b |
C:\Users\Admin\AppData\Local\Web Resource Viewer\lang\is-Q6VVF.tmp
| MD5 | 8f920115a9ac5904787bc4578f161a52 |
| SHA1 | 941332d718cf5161881ca903b2fb125124cac68b |
| SHA256 | f8b63fa29af4c7cff131bf14fbdaac8e6b6945444e0f13e57417fea4a3de1a6b |
| SHA512 | b8521748d276de667e2013c697005adc45e405fee9a9970b80427cb47ba829e2f9e31fdae2bafc54cca5aeaa4c371f4d25e1ea34989eea19e732fd129abfa1c2 |
C:\Users\Admin\AppData\Local\Web Resource Viewer\lang\is-9AT55.tmp
| MD5 | 613ccb3ab7bc5304da08120a11bb34f2 |
| SHA1 | 9e1231dc2ddc6deb2a66d494c45f0dfcf04b1d97 |
| SHA256 | 565efa1b0407d221b1e6bc44811f529f98fe4d9ffb6e756b56b9525acb87ce28 |
| SHA512 | d27efae6748105c343abcdc8777d2c5065bc342569af2fd3bee92544a01ad4caefe359adf69fa56bae1fbc87f86575b797c20d821a42869d0b34ab1004b0138a |
memory/872-1011-0x0000000000400000-0x0000000000410000-memory.dmp
memory/1996-1013-0x0000000000AD0000-0x0000000000ADF000-memory.dmp
memory/1996-1014-0x0000000000230000-0x000000000024C000-memory.dmp
memory/1996-1015-0x0000000000400000-0x000000000062E000-memory.dmp
memory/2880-1021-0x00000000003A0000-0x0000000000988000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | 4a36a1278bc41e7202724299afed08b4 |
| SHA1 | 36446a59c7d237f198c8b8394a7b3abd971126a4 |
| SHA256 | 1d94a01259d5f5bc8acfad4cb70fcb17f750722ab9d4d128142c9a7a4c7c0389 |
| SHA512 | 13732eca432d21706d1e31129d2c91429d62a208c49edfe8f00b778a4090b84e90d25f034d093d21e3e437ead5956040e490a2a80d9863c587042d162509b3b9 |
memory/2880-1035-0x0000000074510000-0x0000000074BFE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\AC3B.exe
| MD5 | 6119b15b8c6cc97435ec6f77f0ab8f3a |
| SHA1 | a1813821b8091c9930ac5684c4e7558ff04dbfc1 |
| SHA256 | 7efb2cf4637599f5a8688c276c199e96ea316ef2836ceb1336382fb1cc091ef2 |
| SHA512 | bb6ab136b7972f49c5c65ce98d3e95260e86c4812d9845191054a40e4f92ac4d856d24b249b84820898333370a78a133f08b861fab82542bf042d2428b58324a |
C:\Users\Admin\AppData\Roaming\Temp\Task.bat
| MD5 | 11bb3db51f701d4e42d3287f71a6a43e |
| SHA1 | 63a4ee82223be6a62d04bdfe40ef8ba91ae49a86 |
| SHA256 | 6be22058abfb22b40a42fb003f86b89e204a83024c03eb82cd53e2a0a047c331 |
| SHA512 | 907ad2c070cc1db89f43459a94d7f48985d939d749c9648b78572a266f0d3fde47813a129e9151dbf4a7d96d36f588172f57c88b8b947b56ed818d7d068abab2 |
memory/2228-1077-0x0000000000220000-0x000000000022B000-memory.dmp
memory/2228-1082-0x0000000000400000-0x000000000043C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nseADDE.tmp\INetC.dll
| MD5 | 40d7eca32b2f4d29db98715dd45bfac5 |
| SHA1 | 124df3f617f562e46095776454e1c0c7bb791cc7 |
| SHA256 | 85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9 |
| SHA512 | 5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d |
memory/2228-1076-0x0000000000520000-0x000000000052E000-memory.dmp
memory/2268-1101-0x0000000000C10000-0x0000000001164000-memory.dmp
memory/2600-1110-0x0000000000010000-0x0000000000544000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nstD00E.tmp
| MD5 | 379fbc100c50379dae4dd1a7ea5782af |
| SHA1 | a2079a19b40e117dbc115936fb37eeb0759a0074 |
| SHA256 | c8e870c9649b4dcd70e73cd9ecadce2f5f247b37f240a3eca9564048c56d2b36 |
| SHA512 | ded939694aee266fe260d185fb113ef581cda6d7a8e28bd8575a80c48028a5a226ce0f71b99bc20bef8da284dfae47acc5d43c8f2d50b826fdc1d1b91c196a7b |
memory/2024-1130-0x0000000000280000-0x0000000000286000-memory.dmp
memory/3044-1129-0x0000000077B60000-0x0000000077C36000-memory.dmp
memory/3044-1123-0x0000000000400000-0x0000000000502000-memory.dmp
memory/2528-1131-0x0000000000130000-0x0000000000136000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-01-23 16:27
Reported
2024-01-23 16:29
Platform
win10v2004-20231215-en
Max time kernel
17s
Max time network
160s
Command Line
Signatures
Amadey
Detect ZGRat V1
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detected Djvu ransomware
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Djvu Ransomware
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
SmokeLoader
Stealc
ZGRat
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Evo-gen.16085.exe | N/A |
Creates new service(s)
Downloads MZ/PE file
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Stops running service(s)
.NET Reactor proctector
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Evo-gen.16085.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Evo-gen.16085.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Evo-gen.16085.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Reads user/profile data of web browsers
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Evo-gen.16085.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | api.myip.com | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | api.myip.com | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | api.2ip.ua | N/A | N/A |
| N/A | api.2ip.ua | N/A | N/A |
| N/A | api.myip.com | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | api.myip.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\GroupPolicy | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Evo-gen.16085.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy\gpt.ini | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Evo-gen.16085.exe | N/A |
| File created | C:\Windows\System32\GroupPolicy\Machine\Registry.pol | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Evo-gen.16085.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy\GPT.INI | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Evo-gen.16085.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Evo-gen.16085.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
Enumerates physical storage devices
Program crash
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Evo-gen.16085.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Evo-gen.16085.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Evo-gen.16085.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 840 wrote to memory of 1812 | N/A | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Evo-gen.16085.exe | C:\Users\Admin\Documents\GuardFox\Fhiu40oo3t1NFSHs6Nih2CPH.exe |
| PID 840 wrote to memory of 1812 | N/A | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Evo-gen.16085.exe | C:\Users\Admin\Documents\GuardFox\Fhiu40oo3t1NFSHs6Nih2CPH.exe |
| PID 840 wrote to memory of 1812 | N/A | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Evo-gen.16085.exe | C:\Users\Admin\Documents\GuardFox\Fhiu40oo3t1NFSHs6Nih2CPH.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Evo-gen.16085.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Evo-gen.16085.exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
C:\Users\Admin\Documents\GuardFox\HUVHjonu_Hje6G6JU7VaoIjt.exe
"C:\Users\Admin\Documents\GuardFox\HUVHjonu_Hje6G6JU7VaoIjt.exe"
C:\Users\Admin\Documents\GuardFox\Fhiu40oo3t1NFSHs6Nih2CPH.exe
"C:\Users\Admin\Documents\GuardFox\Fhiu40oo3t1NFSHs6Nih2CPH.exe"
C:\Users\Admin\Documents\GuardFox\V30CDH8Dluq42uED6_5d_908.exe
"C:\Users\Admin\Documents\GuardFox\V30CDH8Dluq42uED6_5d_908.exe"
C:\Users\Admin\Documents\GuardFox\JTb0PxmZFALhKcqoAtyuiktg.exe
"C:\Users\Admin\Documents\GuardFox\JTb0PxmZFALhKcqoAtyuiktg.exe"
C:\Users\Admin\Documents\GuardFox\EwpduaZj10LbAfghmKbC0XEl.exe
"C:\Users\Admin\Documents\GuardFox\EwpduaZj10LbAfghmKbC0XEl.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4468 -ip 4468
C:\Users\Admin\Documents\GuardFox\sbuycKPFZHgRBaJKN1N1aCEz.exe
"C:\Users\Admin\Documents\GuardFox\sbuycKPFZHgRBaJKN1N1aCEz.exe"
C:\Users\Admin\Documents\GuardFox\TBM9dwaxRE1IJerNiSbnNqaC.exe
"C:\Users\Admin\Documents\GuardFox\TBM9dwaxRE1IJerNiSbnNqaC.exe"
C:\Users\Admin\Documents\GuardFox\Iz2F_E2SsHuStXA_nVq69RNt.exe
"C:\Users\Admin\Documents\GuardFox\Iz2F_E2SsHuStXA_nVq69RNt.exe"
C:\Users\Admin\Documents\GuardFox\V4pYAb0MjziI6mmnQmBlqBlp.exe
"C:\Users\Admin\Documents\GuardFox\V4pYAb0MjziI6mmnQmBlqBlp.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 340
C:\Windows\SysWOW64\control.exe
"C:\Windows\System32\control.exe" "C:\Users\Admin\AppData\Local\Temp\7eDL.CPL",
C:\Users\Admin\AppData\Local\Web Resource Viewer\webresourceviewer.exe
"C:\Users\Admin\AppData\Local\Web Resource Viewer\webresourceviewer.exe" -i
C:\Users\Admin\Documents\GuardFox\qKYZynyy_NBhtwhTUfWTQeXE.exe
"C:\Users\Admin\Documents\GuardFox\qKYZynyy_NBhtwhTUfWTQeXE.exe"
C:\Users\Admin\Documents\GuardFox\ztf35Sy2IebzEPWHO3U10kcF.exe
"C:\Users\Admin\Documents\GuardFox\ztf35Sy2IebzEPWHO3U10kcF.exe"
C:\Users\Admin\Documents\GuardFox\zZoOSmhBGpbqhOnj9hrXXQ2h.exe
"C:\Users\Admin\Documents\GuardFox\zZoOSmhBGpbqhOnj9hrXXQ2h.exe"
C:\Users\Admin\Documents\GuardFox\ztf35Sy2IebzEPWHO3U10kcF.exe
"C:\Users\Admin\Documents\GuardFox\ztf35Sy2IebzEPWHO3U10kcF.exe"
C:\Users\Admin\AppData\Local\Temp\is-Q4J0B.tmp\HUVHjonu_Hje6G6JU7VaoIjt.tmp
"C:\Users\Admin\AppData\Local\Temp\is-Q4J0B.tmp\HUVHjonu_Hje6G6JU7VaoIjt.tmp" /SL5="$60208,3515248,54272,C:\Users\Admin\Documents\GuardFox\HUVHjonu_Hje6G6JU7VaoIjt.exe"
C:\Users\Admin\Documents\GuardFox\GEMP3wBL4EHtx1DKvSUjrltk.exe
"C:\Users\Admin\Documents\GuardFox\GEMP3wBL4EHtx1DKvSUjrltk.exe"
C:\Users\Admin\Documents\GuardFox\DlobcuKPjhqxD04VLJeAxs1Y.exe
"C:\Users\Admin\Documents\GuardFox\DlobcuKPjhqxD04VLJeAxs1Y.exe"
C:\Users\Admin\Documents\GuardFox\7LsW1tgu4RRNjIZfO6UkF0OD.exe
"C:\Users\Admin\Documents\GuardFox\7LsW1tgu4RRNjIZfO6UkF0OD.exe"
C:\Users\Admin\Documents\GuardFox\Kziy09yGH2ihEicFLDPHF7al.exe
"C:\Users\Admin\Documents\GuardFox\Kziy09yGH2ihEicFLDPHF7al.exe"
C:\Users\Admin\Documents\GuardFox\Ib3nHb7tep7rCpzrk68gEeCy.exe
"C:\Users\Admin\Documents\GuardFox\Ib3nHb7tep7rCpzrk68gEeCy.exe"
C:\Users\Admin\Documents\GuardFox\pNDGpTJMyJXYIj9W4rvJQwL8.exe
"C:\Users\Admin\Documents\GuardFox\pNDGpTJMyJXYIj9W4rvJQwL8.exe"
C:\Users\Admin\AppData\Local\Web Resource Viewer\webresourceviewer.exe
"C:\Users\Admin\AppData\Local\Web Resource Viewer\webresourceviewer.exe" -s
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7eDL.CPL",
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\WinTrackerSP\WinTrackerSP.exe" /tn "WinTrackerSP HR" /sc HOURLY /rl HIGHEST
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\WinTrackerSP\WinTrackerSP.exe" /tn "WinTrackerSP LG" /sc ONLOGON /rl HIGHEST
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Users\Admin\AppData\Local\544cfb45-d499-4a8f-8c9c-7cb7a2319129" /deny *S-1-1-0:(OI)(CI)(DE,DC)
C:\Windows\SysWOW64\dialer.exe
"C:\Windows\system32\dialer.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4800 -ip 4800
C:\Users\Admin\Documents\GuardFox\JW2xld96xf8kgJdQEwqnGgrz.exe
"C:\Users\Admin\Documents\GuardFox\JW2xld96xf8kgJdQEwqnGgrz.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4800 -s 548
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN JW2xld96xf8kgJdQEwqnGgrz.exe /TR "C:\Users\Admin\Documents\GuardFox\JW2xld96xf8kgJdQEwqnGgrz.exe" /F
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
C:\Users\Admin\Documents\GuardFox\qemu-ga.exe
"C:\Users\Admin\Documents\GuardFox\qemu-ga.exe"
C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe
"C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 228 -ip 228
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 228 -s 372
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 228 -ip 228
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc82539758,0x7ffc82539768,0x7ffc82539778
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 228 -s 388
C:\Users\Admin\AppData\Local\Temp\1000114001\InstallSetup8.exe
"C:\Users\Admin\AppData\Local\Temp\1000114001\InstallSetup8.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 228 -ip 228
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 228 -s 392
C:\Users\Admin\AppData\Local\Temp\1000115001\toolspub1.exe
"C:\Users\Admin\AppData\Local\Temp\1000115001\toolspub1.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 5720 -ip 5720
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5720 -s 352
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 228 -ip 228
C:\Users\Admin\AppData\Local\Temp\nsm5580.tmp
C:\Users\Admin\AppData\Local\Temp\nsm5580.tmp
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 228 -s 680
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 228 -ip 228
C:\Users\Admin\AppData\Local\Temp\1000117001\rty27.exe
"C:\Users\Admin\AppData\Local\Temp\1000117001\rty27.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 228 -s 720
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2112 --field-trial-handle=1888,i,3709614183489646200,12497876995794323442,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1888,i,3709614183489646200,12497876995794323442,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1888,i,3709614183489646200,12497876995794323442,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3104 --field-trial-handle=1888,i,3709614183489646200,12497876995794323442,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3096 --field-trial-handle=1888,i,3709614183489646200,12497876995794323442,131072 /prefetch:1
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7eDL.CPL",
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 228 -ip 228
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\Admin\Documents\GuardFox\Fhiu40oo3t1NFSHs6Nih2CPH.exe" & del "C:\ProgramData\*.dll"" & exit
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 1812 -ip 1812
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\7eDL.CPL",
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 2124
C:\Users\Admin\AppData\Local\Temp\1000119001\FirstZ.exe
"C:\Users\Admin\AppData\Local\Temp\1000119001\FirstZ.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 228 -s 720
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 228 -ip 228
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 228 -s 720
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 228 -ip 228
C:\Windows\SysWOW64\timeout.exe
timeout /t 5
C:\Windows\SysWOW64\chcp.com
chcp 1251
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 228 -s 748
C:\Users\Admin\Documents\GuardFox\ztf35Sy2IebzEPWHO3U10kcF.exe
"C:\Users\Admin\Documents\GuardFox\ztf35Sy2IebzEPWHO3U10kcF.exe" --Admin IsNotAutoStart IsNotTask
C:\Users\Admin\Documents\GuardFox\ztf35Sy2IebzEPWHO3U10kcF.exe
"C:\Users\Admin\Documents\GuardFox\ztf35Sy2IebzEPWHO3U10kcF.exe" --Admin IsNotAutoStart IsNotTask
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 5236 -ip 5236
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4100 --field-trial-handle=1888,i,3709614183489646200,12497876995794323442,131072 /prefetch:2
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5236 -s 568
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\Admin\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 228 -ip 228
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 228 -s 776
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 228 -ip 228
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 228 -s 916
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 228 -ip 228
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 228 -s 932
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 228 -ip 228
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 228 -s 896
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 228 -ip 228
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 228 -s 948
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 228 -ip 228
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 228 -s 644
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 228 -ip 228
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 228 -s 820
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 228 -ip 228
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 228 -s 644
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 228 -ip 228
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 228 -s 776
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 228 -ip 228
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 228 -s 624
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 228 -ip 228
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 228 -s 744
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\Admin\AppData\Local\Temp\nsm5580.tmp" & del "C:\ProgramData\*.dll"" & exit
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 6124 -ip 6124
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6124 -s 2364
C:\Windows\SysWOW64\timeout.exe
timeout /t 5
C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe
"C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 5340 -ip 5340
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 336
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 5340 -ip 5340
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 352
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 5340 -ip 5340
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 364
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 5340 -ip 5340
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 664
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 5340 -ip 5340
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 700
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 5340 -ip 5340
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 700
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 5340 -ip 5340
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 728
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5340 -ip 5340
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 404
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 5340 -ip 5340
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 752
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop UsoSvc
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop WaaSMedicSvc
C:\Users\Admin\AppData\Local\Temp\EEDF.exe
C:\Users\Admin\AppData\Local\Temp\EEDF.exe
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop wuauserv
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop bits
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop dosvc
C:\Users\Admin\AppData\Local\Temp\EEDF.exe
C:\Users\Admin\AppData\Local\Temp\EEDF.exe
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe delete "WSNKISKT"
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe create "WSNKISKT" binpath= "C:\ProgramData\wikombernizc\reakuqnanrkn.exe" start= "auto"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe start "WSNKISKT"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop eventlog
C:\ProgramData\wikombernizc\reakuqnanrkn.exe
C:\ProgramData\wikombernizc\reakuqnanrkn.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Users\Admin\AppData\Local\Temp\F420.exe
C:\Users\Admin\AppData\Local\Temp\F420.exe
C:\Users\Admin\Documents\GuardFox\JW2xld96xf8kgJdQEwqnGgrz.exe
C:\Users\Admin\Documents\GuardFox\JW2xld96xf8kgJdQEwqnGgrz.exe
C:\Users\Admin\AppData\Local\Temp\F970.exe
C:\Users\Admin\AppData\Local\Temp\F970.exe
C:\Users\Admin\AppData\Local\Temp\is-FKK43.tmp\F970.tmp
"C:\Users\Admin\AppData\Local\Temp\is-FKK43.tmp\F970.tmp" /SL5="$20300,3501695,54272,C:\Users\Admin\AppData\Local\Temp\F970.exe"
C:\Windows\system32\cmd.exe
C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
C:\Windows\system32\netsh.exe
netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop UsoSvc
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop WaaSMedicSvc
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop wuauserv
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop bits
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop dosvc
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Users\Admin\AppData\Local\Temp\902.exe
C:\Users\Admin\AppData\Local\Temp\902.exe
C:\Windows\SysWOW64\cmd.exe
cmd /k cmd < Dot & exit
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
C:\Windows\SysWOW64\cmd.exe
cmd
C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe
"C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe"
C:\Users\Admin\AppData\Local\Temp\1AC6.exe
C:\Users\Admin\AppData\Local\Temp\1AC6.exe
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 5240 -ip 5240
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5240 -s 348
C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\243D.dll
C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\243D.dll
C:\Users\Admin\AppData\Local\Temp\27F7.exe
C:\Users\Admin\AppData\Local\Temp\27F7.exe
C:\Users\Admin\AppData\Local\Temp\48BE.exe
C:\Users\Admin\AppData\Local\Temp\48BE.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.178.17.96.in-addr.arpa | udp |
| DE | 77.105.147.130:80 | 77.105.147.130 | tcp |
| US | 8.8.8.8:53 | api.myip.com | udp |
| US | 104.26.8.59:443 | api.myip.com | tcp |
| US | 8.8.8.8:53 | 130.147.105.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.8.26.104.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | 192.186.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vk.com | udp |
| US | 8.8.8.8:53 | medfioytrkdkcodlskeej.net | udp |
| US | 8.8.8.8:53 | 294self-limited.sbs | udp |
| FI | 109.107.182.40:80 | 109.107.182.40 | tcp |
| AT | 5.42.64.33:80 | 5.42.64.33 | tcp |
| US | 8.8.8.8:53 | ji.alie3ksggg.com | udp |
| NL | 77.246.104.70:80 | 77.246.104.70 | tcp |
| US | 8.8.8.8:53 | cczhk.com | udp |
| US | 8.8.8.8:53 | joxy.ayazprak.com | udp |
| RU | 91.215.85.209:80 | medfioytrkdkcodlskeej.net | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| US | 104.21.10.36:80 | 294self-limited.sbs | tcp |
| US | 104.21.80.24:80 | joxy.ayazprak.com | tcp |
| HK | 154.92.15.189:80 | ji.alie3ksggg.com | tcp |
| BG | 95.158.162.200:80 | cczhk.com | tcp |
| US | 104.21.10.36:80 | 294self-limited.sbs | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 91.215.85.209:80 | medfioytrkdkcodlskeej.net | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 91.215.85.209:80 | medfioytrkdkcodlskeej.net | tcp |
| RU | 91.215.85.209:443 | medfioytrkdkcodlskeej.net | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| BG | 95.158.162.200:80 | cczhk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| US | 104.21.10.36:80 | 294self-limited.sbs | tcp |
| US | 104.21.10.36:443 | 294self-limited.sbs | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| US | 8.8.8.8:53 | 189.15.92.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.162.158.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.85.215.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.137.240.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.182.107.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.80.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.10.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.64.42.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.104.246.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.181.190.20.in-addr.arpa | udp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:443 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:443 | vk.com | tcp |
| RU | 87.240.137.164:443 | vk.com | tcp |
| US | 8.8.8.8:53 | sun6-21.userapi.com | udp |
| NL | 95.142.206.1:443 | sun6-21.userapi.com | tcp |
| RU | 87.240.137.164:443 | vk.com | tcp |
| US | 8.8.8.8:53 | sun6-23.userapi.com | udp |
| NL | 95.142.206.3:443 | sun6-23.userapi.com | tcp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.206.142.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.206.142.95.in-addr.arpa | udp |
| NL | 95.142.206.3:443 | sun6-23.userapi.com | tcp |
| RU | 87.240.137.164:443 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:443 | vk.com | tcp |
| RU | 87.240.137.164:443 | vk.com | tcp |
| NL | 95.142.206.2:443 | tcp | |
| RU | 87.240.137.164:443 | vk.com | tcp |
| US | 8.8.8.8:53 | sun6-20.userapi.com | udp |
| NL | 95.142.206.0:443 | sun6-20.userapi.com | tcp |
| US | 20.72.205.209:443 | tcp | |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.alie3ksgaa.com | udp |
| HK | 154.92.15.189:443 | i.alie3ksgaa.com | tcp |
| DE | 77.105.147.130:80 | 77.105.147.130 | tcp |
| DE | 185.172.128.24:80 | 185.172.128.24 | tcp |
| US | 8.8.8.8:53 | 24.128.172.185.in-addr.arpa | udp |
| US | 172.67.147.32:443 | tcp | |
| US | 8.8.8.8:53 | iplogger.org | udp |
| US | 172.67.132.113:443 | iplogger.org | tcp |
| US | 8.8.8.8:53 | 32.147.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.132.67.172.in-addr.arpa | udp |
| RU | 87.240.137.164:443 | vk.com | tcp |
| US | 8.8.8.8:53 | api.2ip.ua | udp |
| US | 104.21.65.24:443 | api.2ip.ua | tcp |
| US | 8.8.8.8:53 | 201.179.17.96.in-addr.arpa | udp |
| FR | 194.33.191.60:44675 | tcp | |
| US | 8.8.8.8:53 | 24.65.21.104.in-addr.arpa | udp |
| RU | 193.233.132.67:50505 | tcp | |
| US | 8.8.8.8:53 | 60.191.33.194.in-addr.arpa | udp |
| NL | 45.15.156.229:80 | 45.15.156.229 | tcp |
| US | 8.8.8.8:53 | api.myip.com | udp |
| US | 172.67.75.163:443 | api.myip.com | tcp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | 67.132.233.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.156.15.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.75.67.172.in-addr.arpa | udp |
| NL | 45.15.156.60:12050 | tcp | |
| NL | 91.92.245.15:80 | tcp | |
| US | 8.8.8.8:53 | 60.156.15.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | combinethemepiggerygoj.site | udp |
| US | 104.21.38.174:443 | combinethemepiggerygoj.site | tcp |
| DE | 185.172.128.19:80 | 185.172.128.19 | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| US | 8.8.8.8:53 | 174.38.21.104.in-addr.arpa | udp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:443 | vk.com | tcp |
| HK | 154.92.15.189:80 | i.alie3ksgaa.com | tcp |
| US | 8.8.8.8:53 | qualifiedbehaviorrykej.site | udp |
| US | 8.8.8.8:53 | 19.128.172.185.in-addr.arpa | udp |
| US | 172.67.175.187:443 | qualifiedbehaviorrykej.site | tcp |
| US | 8.8.8.8:53 | weedpairfolkloredheryw.site | udp |
| US | 188.114.97.2:443 | weedpairfolkloredheryw.site | tcp |
| US | 8.8.8.8:53 | 2.97.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| DE | 185.172.128.19:80 | 185.172.128.19 | tcp |
| NL | 195.20.16.45:80 | 195.20.16.45 | tcp |
| US | 172.67.75.163:443 | api.myip.com | tcp |
| US | 8.8.8.8:53 | api.ip.sb | udp |
| US | 188.114.96.2:443 | weedpairfolkloredheryw.site | tcp |
| US | 104.26.13.31:443 | api.ip.sb | tcp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | 45.16.20.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.96.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.13.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | blackvlastelin.com | udp |
| US | 188.114.97.2:443 | blackvlastelin.com | tcp |
| NL | 195.20.16.45:80 | 195.20.16.45 | tcp |
| DE | 185.172.128.109:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | galandskiyher5.com | udp |
| RU | 158.160.118.17:80 | galandskiyher5.com | tcp |
| US | 8.8.8.8:53 | 90.128.172.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.63.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ji.alie3ksgff.com | udp |
| US | 104.21.63.150:443 | tcp | |
| US | 172.67.132.113:443 | iplogger.org | tcp |
| HK | 154.92.15.189:80 | ji.alie3ksgff.com | tcp |
| AT | 5.42.64.33:80 | 5.42.64.33 | tcp |
| RU | 5.42.65.31:48396 | tcp | |
| US | 8.8.8.8:53 | 31.65.42.5.in-addr.arpa | udp |
| HK | 154.92.15.189:443 | ji.alie3ksgff.com | tcp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | app.alie3ksgaa.com | udp |
| HK | 154.92.15.189:80 | app.alie3ksgaa.com | tcp |
| DE | 185.172.128.79:80 | 185.172.128.79 | tcp |
| US | 8.8.8.8:53 | 79.128.172.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | expenditureddisumilarwo.site | udp |
| US | 172.67.133.222:443 | expenditureddisumilarwo.site | tcp |
| US | 8.8.8.8:53 | 222.133.67.172.in-addr.arpa | udp |
| RU | 87.240.137.164:80 | tcp | |
| RU | 87.240.137.164:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| DE | 185.172.128.90:80 | tcp | |
| RU | 87.240.137.164:443 | tcp | |
| RU | 87.240.137.164:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| RU | 87.240.137.164:443 | tcp | |
| RU | 87.240.137.164:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | selebration17io.io | udp |
| RU | 91.215.85.120:80 | selebration17io.io | tcp |
| US | 8.8.8.8:53 | 120.85.215.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tiny.ayazprak.com | udp |
| US | 172.67.173.86:80 | tiny.ayazprak.com | tcp |
| FR | 163.172.29.34:443 | tcp | |
| US | 8.8.8.8:53 | 86.173.67.172.in-addr.arpa | udp |
| US | 50.7.8.141:443 | tcp | |
| DE | 185.172.128.19:80 | 185.172.128.19 | tcp |
| US | 8.8.8.8:53 | 141.8.7.50.in-addr.arpa | udp |
| DE | 136.243.92.194:9001 | tcp | |
| DE | 45.136.30.7:443 | tcp | |
| US | 8.8.8.8:53 | 194.92.243.136.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.30.136.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | zeph-eu2.nanopool.org | udp |
| FR | 163.172.171.111:10943 | zeph-eu2.nanopool.org | tcp |
| US | 8.8.8.8:53 | trmpc.com | udp |
| US | 8.8.8.8:53 | pastebin.com | udp |
| US | 104.20.68.143:443 | pastebin.com | tcp |
| NL | 51.15.89.13:10943 | zeph-eu2.nanopool.org | tcp |
| US | 8.8.8.8:53 | udp | |
| AR | 190.224.203.37:80 | trmpc.com | tcp |
| US | 8.8.8.8:53 | 13.89.15.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.203.224.190.in-addr.arpa | udp |
| US | 8.8.8.8:53 | paperambiguonusphoterew.site | udp |
| US | 172.67.177.31:443 | paperambiguonusphoterew.site | tcp |
| US | 8.8.8.8:53 | 31.177.67.172.in-addr.arpa | udp |
| DE | 45.136.30.7:443 | tcp | |
| DE | 136.243.92.194:9001 | tcp | |
| FI | 95.216.22.22:8443 | tcp | |
| US | 8.8.8.8:53 | 22.22.216.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | staff.sportzentrum.net | udp |
| US | 8.8.8.8:53 | staff.sportzentrum.net | udp |
| US | 8.8.8.8:53 | gta5grand.com | udp |
| US | 8.8.8.8:53 | gta5grand.com | udp |
| US | 8.8.8.8:53 | karriere.volkswagen.de | udp |
| US | 72.52.179.174:22 | staff.sportzentrum.net | tcp |
| US | 8.8.8.8:53 | karriere.volkswagen.de | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 72.52.179.174:21 | staff.sportzentrum.net | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | dgtic.minedu.gob.bo | udp |
| US | 72.52.179.174:443 | staff.sportzentrum.net | tcp |
| DE | 143.164.100.109:22 | karriere.volkswagen.de | tcp |
| US | 104.26.3.213:22 | gta5grand.com | tcp |
| US | 104.26.3.213:21 | gta5grand.com | tcp |
| US | 8.8.8.8:53 | mail.hope-mail.com | udp |
| US | 8.8.8.8:53 | dgtic.minedu.gob.bo | udp |
| US | 8.8.8.8:53 | sicoes.gob.bo | udp |
| US | 104.26.3.213:443 | gta5grand.com | tcp |
| DE | 143.164.100.109:21 | karriere.volkswagen.de | tcp |
| US | 8.8.8.8:53 | aspmx.l.google.com | udp |
| US | 8.8.8.8:53 | aulavirtual.unefco.edu.bo | udp |
| US | 8.8.8.8:53 | mailin14.audi.de | udp |
| DE | 143.164.100.109:443 | karriere.volkswagen.de | tcp |
| IE | 209.85.203.84:22 | accounts.google.com | tcp |
| IE | 209.85.203.84:21 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | sicoes.gob.bo | udp |
| US | 8.8.8.8:53 | aulavirtual.unefco.edu.bo | udp |
| US | 8.8.8.8:53 | campus.chamilo.org | udp |
| NL | 159.65.192.215:143 | mail.hope-mail.com | tcp |
| US | 104.26.3.213:80 | gta5grand.com | tcp |
| BO | 177.222.57.17:22 | dgtic.minedu.gob.bo | tcp |
| BO | 177.222.57.17:21 | dgtic.minedu.gob.bo | tcp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | alt3.gmr-smtp-in.l.google.com | udp |
| US | 8.8.8.8:53 | campus.chamilo.org | udp |
| NL | 159.65.192.215:465 | mail.hope-mail.com | tcp |
| US | 8.8.8.8:53 | us05web.zoom.us | udp |
| US | 8.8.8.8:53 | 213.3.26.104.in-addr.arpa | udp |
| US | 72.52.179.174:80 | staff.sportzentrum.net | tcp |
| BO | 177.222.57.17:443 | dgtic.minedu.gob.bo | tcp |
| US | 8.8.8.8:53 | us05web.zoom.us | udp |
| US | 8.8.8.8:53 | creately.com | udp |
| IE | 209.85.202.27:143 | aspmx.l.google.com | tcp |
| IE | 209.85.202.27:465 | aspmx.l.google.com | tcp |
| BO | 200.87.143.221:22 | sicoes.gob.bo | tcp |
| BO | 200.87.143.221:21 | sicoes.gob.bo | tcp |
| IE | 209.85.202.27:995 | aspmx.l.google.com | tcp |
| DE | 143.164.102.55:143 | mailin14.audi.de | tcp |
| US | 104.26.3.213:80 | gta5grand.com | tcp |
| US | 8.8.8.8:53 | 109.100.164.143.in-addr.arpa | udp |
| NL | 159.65.192.215:995 | mail.hope-mail.com | tcp |
| BO | 200.87.143.221:443 | sicoes.gob.bo | tcp |
| US | 198.98.53.183:22 | aulavirtual.unefco.edu.bo | tcp |
| US | 198.98.53.183:21 | aulavirtual.unefco.edu.bo | tcp |
| US | 104.26.2.213:22 | gta5grand.com | tcp |
| US | 104.26.2.213:21 | gta5grand.com | tcp |
| ES | 195.78.229.20:22 | campus.chamilo.org | tcp |
| US | 8.8.8.8:53 | creately.com | udp |
| US | 72.52.179.174:21 | staff.sportzentrum.net | tcp |
| US | 8.8.8.8:53 | 84.203.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mail.sicoes.gob.bo | udp |
| US | 8.8.8.8:53 | mail.aulavirtual.unefco.edu.bo | udp |
| DE | 143.164.102.55:465 | mailin14.audi.de | tcp |
| DE | 143.164.100.109:80 | karriere.volkswagen.de | tcp |
| US | 198.98.53.183:443 | mail.aulavirtual.unefco.edu.bo | tcp |
| NL | 142.251.9.14:143 | alt3.gmr-smtp-in.l.google.com | tcp |
| NL | 142.251.9.14:465 | alt3.gmr-smtp-in.l.google.com | tcp |
| IE | 209.85.203.84:80 | accounts.google.com | tcp |
| DE | 143.164.100.109:80 | karriere.volkswagen.de | tcp |
| ES | 195.78.229.20:21 | campus.chamilo.org | tcp |
| BO | 177.222.57.17:143 | dgtic.minedu.gob.bo | tcp |
| US | 8.8.8.8:53 | academicoaltiplano.sie.gob.bo | udp |
| US | 8.8.8.8:53 | 174.179.52.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.57.222.177.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.53.98.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.143.87.200.in-addr.arpa | udp |
| US | 104.26.3.213:443 | gta5grand.com | tcp |
| DE | 143.164.102.55:995 | mailin14.audi.de | tcp |
| US | 5.161.182.241:143 | mail.hope-mail.com | tcp |
| US | 172.67.71.138:22 | gta5grand.com | tcp |
| US | 172.67.71.138:21 | gta5grand.com | tcp |
| NL | 142.251.9.14:995 | alt3.gmr-smtp-in.l.google.com | tcp |
| US | 170.114.52.5:22 | us05web.zoom.us | tcp |
| US | 170.114.52.5:21 | us05web.zoom.us | tcp |
| ES | 195.78.229.20:443 | campus.chamilo.org | tcp |
| US | 104.26.3.213:443 | gta5grand.com | tcp |
| US | 8.8.8.8:53 | ww1.sportzentrum.net | udp |
| US | 72.52.179.174:80 | staff.sportzentrum.net | tcp |
| IE | 209.85.203.84:80 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | academicoaltiplano.sie.gob.bo | udp |
| US | 8.8.8.8:53 | campus.chamilo.org | udp |
| BO | 200.87.143.221:80 | sicoes.gob.bo | tcp |
| BO | 190.181.50.197:21 | sicoes.gob.bo | tcp |
| BO | 190.181.50.197:22 | sicoes.gob.bo | tcp |
| BO | 177.222.57.17:465 | dgtic.minedu.gob.bo | tcp |
| BO | 177.222.57.17:80 | dgtic.minedu.gob.bo | tcp |
| US | 5.161.182.241:465 | mail.hope-mail.com | tcp |
| US | 170.114.52.5:443 | us05web.zoom.us | tcp |
| US | 198.98.53.183:143 | mail.aulavirtual.unefco.edu.bo | tcp |
| DE | 18.173.154.81:22 | creately.com | tcp |
| BO | 200.87.143.221:22 | sicoes.gob.bo | tcp |
| DE | 18.173.154.81:21 | creately.com | tcp |
| US | 8.8.8.8:53 | es-la.facebook.com | udp |
| US | 8.8.8.8:53 | 20.229.78.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.52.114.170.in-addr.arpa | udp |
| US | 5.161.182.241:995 | mail.hope-mail.com | tcp |
| US | 104.26.3.213:443 | gta5grand.com | tcp |
| US | 198.98.53.183:465 | mail.aulavirtual.unefco.edu.bo | tcp |
| US | 198.98.53.183:80 | mail.aulavirtual.unefco.edu.bo | tcp |
| BO | 200.87.143.93:143 | mail.sicoes.gob.bo | tcp |
| DE | 18.173.154.81:443 | creately.com | tcp |
| BO | 200.87.143.221:21 | sicoes.gob.bo | tcp |
| DE | 64.190.63.136:80 | ww1.sportzentrum.net | tcp |
| BO | 177.222.57.17:995 | dgtic.minedu.gob.bo | tcp |
| US | 198.98.53.183:21 | mail.aulavirtual.unefco.edu.bo | tcp |
| BO | 200.87.143.93:995 | mail.sicoes.gob.bo | tcp |
| BO | 200.87.143.93:465 | mail.sicoes.gob.bo | tcp |
| US | 8.8.8.8:53 | us05web.zoom.us | udp |
| US | 8.8.8.8:53 | es-la.facebook.com | udp |
| ES | 195.78.229.20:143 | campus.chamilo.org | tcp |
| US | 198.98.53.183:995 | mail.aulavirtual.unefco.edu.bo | tcp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| DE | 143.164.100.109:443 | karriere.volkswagen.de | tcp |
| DE | 143.164.100.109:443 | karriere.volkswagen.de | tcp |
| DE | 143.164.100.109:443 | karriere.volkswagen.de | tcp |
| BO | 200.87.143.221:443 | sicoes.gob.bo | tcp |
| ES | 195.78.229.20:22 | campus.chamilo.org | tcp |
| DE | 18.173.154.87:22 | creately.com | tcp |
| US | 8.8.8.8:53 | sib.org.bo | udp |
| DE | 18.173.154.87:21 | creately.com | tcp |
| BO | 190.181.50.197:22 | sicoes.gob.bo | tcp |
| ES | 195.78.229.20:80 | campus.chamilo.org | tcp |
| US | 170.114.52.5:143 | us05web.zoom.us | tcp |
| ES | 195.78.229.20:465 | campus.chamilo.org | tcp |
| US | 170.114.52.5:21 | us05web.zoom.us | tcp |
| US | 170.114.52.5:22 | us05web.zoom.us | tcp |
| US | 104.26.3.213:80 | gta5grand.com | tcp |
| BO | 177.222.57.17:80 | dgtic.minedu.gob.bo | tcp |
| ES | 195.78.229.20:80 | campus.chamilo.org | tcp |
| IE | 209.85.202.27:143 | aspmx.l.google.com | tcp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| ES | 195.78.229.20:21 | campus.chamilo.org | tcp |
| BO | 200.87.143.221:80 | sicoes.gob.bo | tcp |
| US | 198.98.53.183:443 | mail.aulavirtual.unefco.edu.bo | tcp |
| US | 170.114.52.5:80 | us05web.zoom.us | tcp |
| US | 8.8.8.8:53 | sib.org.bo | udp |
| US | 8.8.8.8:53 | academico.sie.gob.bo | udp |
| US | 8.8.8.8:53 | academicoaltiplano.sie.gob.bo | udp |
| US | 8.8.8.8:53 | 81.154.173.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.63.190.64.in-addr.arpa | udp |
| US | 170.114.52.5:465 | us05web.zoom.us | tcp |
| US | 8.8.8.8:53 | ww7.sportzentrum.net | udp |
| BO | 200.87.143.93:143 | mail.sicoes.gob.bo | tcp |
| BO | 190.181.50.197:21 | sicoes.gob.bo | tcp |
| ES | 195.78.229.20:995 | campus.chamilo.org | tcp |
| IE | 209.85.202.27:465 | aspmx.l.google.com | tcp |
| US | 72.52.179.174:80 | staff.sportzentrum.net | tcp |
| DE | 18.173.154.81:80 | creately.com | tcp |
| US | 170.114.52.5:22 | us05web.zoom.us | tcp |
| US | 104.26.3.213:22 | gta5grand.com | tcp |
| ES | 195.78.229.20:443 | campus.chamilo.org | tcp |
| US | 170.114.52.5:80 | us05web.zoom.us | tcp |
| GB | 163.70.147.22:22 | es-la.facebook.com | tcp |
| US | 104.26.3.213:21 | gta5grand.com | tcp |
| GB | 163.70.147.22:21 | es-la.facebook.com | tcp |
| NL | 159.65.192.215:143 | mail.hope-mail.com | tcp |
| US | 72.52.179.174:22 | staff.sportzentrum.net | tcp |
| DE | 143.164.100.109:22 | karriere.volkswagen.de | tcp |
| IE | 209.85.203.84:22 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | academico.sie.gob.bo | udp |
| US | 8.8.8.8:53 | accounts.majorleaguegaming.com | udp |
| BO | 200.87.143.93:465 | mail.sicoes.gob.bo | tcp |
| US | 170.114.52.5:995 | us05web.zoom.us | tcp |
| BO | 200.87.143.221:80 | sicoes.gob.bo | tcp |
| US | 104.26.3.213:80 | gta5grand.com | tcp |
| IE | 209.85.202.27:995 | aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | smtpin.vvv.facebook.com | udp |
| US | 170.114.52.5:443 | us05web.zoom.us | tcp |
| US | 170.114.52.5:21 | us05web.zoom.us | tcp |
| DE | 143.164.100.109:21 | karriere.volkswagen.de | tcp |
| US | 209.59.190.46:21 | sib.org.bo | tcp |
| US | 8.8.8.8:53 | accounts.majorleaguegaming.com | udp |
| GB | 163.70.147.22:443 | es-la.facebook.com | tcp |
| DE | 18.173.154.81:80 | creately.com | tcp |
| BO | 200.87.143.221:22 | sicoes.gob.bo | tcp |
| US | 72.52.179.174:990 | staff.sportzentrum.net | tcp |
| IE | 209.85.202.27:465 | aspmx.l.google.com | tcp |
| BO | 200.87.143.221:21 | sicoes.gob.bo | tcp |
| US | 209.59.190.46:22 | sib.org.bo | tcp |
| US | 104.26.2.213:22 | gta5grand.com | tcp |
| IE | 209.85.202.27:143 | aspmx.l.google.com | tcp |
| US | 104.26.2.213:21 | gta5grand.com | tcp |
| US | 5.161.182.241:143 | mail.hope-mail.com | tcp |
| ES | 195.78.229.20:143 | campus.chamilo.org | tcp |
| DE | 143.164.102.55:143 | mailin14.audi.de | tcp |
| BO | 177.222.57.17:21 | dgtic.minedu.gob.bo | tcp |
| NL | 159.65.192.215:465 | mail.hope-mail.com | tcp |
| BO | 177.222.57.17:22 | dgtic.minedu.gob.bo | tcp |
| US | 198.98.53.183:22 | mail.aulavirtual.unefco.edu.bo | tcp |
| US | 8.8.8.8:53 | signup.na.leagueoflegends.com | udp |
| BO | 200.87.143.93:995 | mail.sicoes.gob.bo | tcp |
| IE | 209.85.203.84:21 | accounts.google.com | tcp |
| US | 198.98.53.183:21 | mail.aulavirtual.unefco.edu.bo | tcp |
| US | 199.59.243.225:80 | ww7.sportzentrum.net | tcp |
| US | 198.98.53.183:443 | mail.aulavirtual.unefco.edu.bo | tcp |
| BO | 200.87.143.221:443 | sicoes.gob.bo | tcp |
| BO | 177.222.57.17:443 | dgtic.minedu.gob.bo | tcp |
| DE | 143.164.100.109:80 | karriere.volkswagen.de | tcp |
| IE | 209.85.203.84:80 | accounts.google.com | tcp |
| DE | 143.164.100.109:80 | karriere.volkswagen.de | tcp |
| US | 8.8.8.8:53 | signup.na.leagueoflegends.com | udp |
| DE | 143.164.102.55:465 | mailin14.audi.de | tcp |
| BO | 190.181.50.197:22 | sicoes.gob.bo | tcp |
| BO | 190.181.50.197:21 | sicoes.gob.bo | tcp |
| US | 5.161.182.241:465 | mail.hope-mail.com | tcp |
| NL | 142.251.9.14:143 | alt3.gmr-smtp-in.l.google.com | tcp |
| ES | 195.78.229.20:465 | campus.chamilo.org | tcp |
| NL | 159.65.192.215:995 | mail.hope-mail.com | tcp |
| ES | 195.78.229.20:21 | campus.chamilo.org | tcp |
| ES | 195.78.229.20:80 | campus.chamilo.org | tcp |
| US | 8.8.8.8:53 | elephantbet.co.mz | udp |
| US | 198.98.53.183:443 | mail.aulavirtual.unefco.edu.bo | tcp |
| ES | 195.78.229.20:143 | campus.chamilo.org | tcp |
| IE | 209.85.202.27:995 | aspmx.l.google.com | tcp |
| US | 170.114.52.5:143 | us05web.zoom.us | tcp |
| US | 173.252.87.251:143 | smtpin.vvv.facebook.com | tcp |
| ES | 195.78.229.20:443 | campus.chamilo.org | tcp |
| US | 170.114.52.5:990 | us05web.zoom.us | tcp |
| US | 170.114.52.5:222 | us05web.zoom.us | tcp |
| US | 104.26.3.213:443 | gta5grand.com | tcp |
| IE | 209.85.203.84:80 | accounts.google.com | tcp |
| US | 104.26.3.213:443 | gta5grand.com | tcp |
| ES | 195.78.229.20:22 | campus.chamilo.org | tcp |
| US | 8.8.8.8:53 | sibnet.sib.org.bo | udp |
| US | 8.8.8.8:53 | 46.190.59.209.in-addr.arpa | udp |
| DE | 143.164.102.55:995 | mailin14.audi.de | tcp |
| US | 8.8.8.8:53 | copyrightspareddcitwew.site | udp |
| US | 8.8.8.8:53 | elephantbet.co.mz | udp |
| US | 104.21.55.202:443 | copyrightspareddcitwew.site | tcp |
| NL | 142.251.9.14:995 | alt3.gmr-smtp-in.l.google.com | tcp |
| BO | 177.222.57.30:21 | academico.sie.gob.bo | tcp |
| NL | 142.251.9.14:465 | alt3.gmr-smtp-in.l.google.com | tcp |
| US | 198.98.53.183:995 | mail.aulavirtual.unefco.edu.bo | tcp |
| ES | 195.78.229.20:995 | campus.chamilo.org | tcp |
| BO | 200.87.143.93:143 | mail.sicoes.gob.bo | tcp |
| BO | 177.222.57.17:143 | dgtic.minedu.gob.bo | tcp |
| US | 8.8.8.8:53 | m.facebook.com | udp |
| US | 198.98.53.183:143 | mail.aulavirtual.unefco.edu.bo | tcp |
| US | 170.114.52.5:443 | us05web.zoom.us | tcp |
| US | 170.114.52.5:465 | us05web.zoom.us | tcp |
| US | 173.252.87.251:465 | smtpin.vvv.facebook.com | tcp |
| DE | 18.173.154.81:22 | creately.com | tcp |
| GB | 163.70.147.22:80 | es-la.facebook.com | tcp |
| BO | 177.222.57.17:465 | dgtic.minedu.gob.bo | tcp |
| ES | 195.78.229.20:80 | campus.chamilo.org | tcp |
| BO | 200.87.143.93:465 | mail.sicoes.gob.bo | tcp |
| US | 8.8.8.8:53 | 22.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.243.59.199.in-addr.arpa | udp |
| DE | 18.173.154.81:21 | creately.com | tcp |
| BO | 200.87.143.221:22 | sicoes.gob.bo | tcp |
| DE | 18.173.187.81:21 | accounts.majorleaguegaming.com | tcp |
| BO | 177.222.57.30:443 | academico.sie.gob.bo | tcp |
| US | 170.114.52.5:143 | us05web.zoom.us | tcp |
| US | 170.114.52.5:22 | us05web.zoom.us | tcp |
| BO | 200.87.143.221:80 | sicoes.gob.bo | tcp |
| ES | 195.78.229.20:80 | campus.chamilo.org | tcp |
| US | 8.8.8.8:53 | web.facebook.com | udp |
| US | 8.8.8.8:53 | droidvpn.com | udp |
| BO | 200.87.130.51:465 | sibnet.sib.org.bo | tcp |
| US | 8.8.8.8:53 | academicoaltiplano.sie.gob.bo | udp |
| US | 173.252.87.251:995 | smtpin.vvv.facebook.com | tcp |
| US | 198.98.53.183:465 | mail.aulavirtual.unefco.edu.bo | tcp |
| BO | 200.87.143.221:21 | sicoes.gob.bo | tcp |
| US | 170.114.52.5:995 | us05web.zoom.us | tcp |
| ES | 195.78.229.20:22 | campus.chamilo.org | tcp |
| US | 72.52.179.174:80 | staff.sportzentrum.net | tcp |
| DE | 18.173.154.81:443 | creately.com | tcp |
| US | 8.8.8.8:53 | 202.55.21.104.in-addr.arpa | udp |
| BO | 200.87.130.51:143 | sibnet.sib.org.bo | tcp |
| US | 170.114.52.5:21 | us05web.zoom.us | tcp |
| DE | 18.173.187.81:443 | accounts.majorleaguegaming.com | tcp |
| BO | 200.87.143.93:995 | mail.sicoes.gob.bo | tcp |
| GB | 3.10.126.228:21 | signup.na.leagueoflegends.com | tcp |
| US | 8.8.8.8:53 | web.facebook.com | udp |
| US | 170.114.52.5:465 | us05web.zoom.us | tcp |
| US | 170.114.52.5:80 | us05web.zoom.us | tcp |
| ES | 195.78.229.20:465 | campus.chamilo.org | tcp |
| US | 170.114.52.5:80 | us05web.zoom.us | tcp |
| GB | 163.70.147.22:22 | web.facebook.com | tcp |
| IE | 209.85.202.27:143 | aspmx.l.google.com | tcp |
| ES | 195.78.229.20:21 | campus.chamilo.org | tcp |
| US | 209.59.190.46:80 | sib.org.bo | tcp |
| BO | 200.87.130.51:995 | sibnet.sib.org.bo | tcp |
| US | 8.8.8.8:53 | droidvpn.com | udp |
| US | 8.8.8.8:53 | academico.apolitecnica.ac.mz | udp |
| US | 72.52.179.174:80 | staff.sportzentrum.net | tcp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| DE | 143.164.100.109:443 | karriere.volkswagen.de | tcp |
| US | 8.8.8.8:53 | 30.57.222.177.in-addr.arpa | udp |
| US | 198.98.53.183:80 | mail.aulavirtual.unefco.edu.bo | tcp |
| ES | 195.78.229.20:443 | campus.chamilo.org | tcp |
| US | 8.8.8.8:53 | academico.apolitecnica.ac.mz | udp |
| US | 8.8.8.8:53 | account.live.com | udp |
| ES | 195.78.229.20:80 | campus.chamilo.org | tcp |
| US | 8.8.8.8:53 | spool.mail.gandi.net | udp |
| BO | 200.87.143.221:443 | sicoes.gob.bo | tcp |
| US | 72.52.179.174:80 | staff.sportzentrum.net | tcp |
| US | 8.8.8.8:53 | 81.187.173.18.in-addr.arpa | udp |
| US | 104.26.3.213:80 | gta5grand.com | tcp |
| US | 8.8.8.8:53 | account.live.com | udp |
| US | 8.8.8.8:53 | es.surveymonkey.com | udp |
Files
memory/840-0-0x00007FF6398B0000-0x00007FF63A2F4000-memory.dmp
memory/840-1-0x00007FF6398B0000-0x00007FF63A2F4000-memory.dmp
memory/840-6-0x00007FFCA0FD0000-0x00007FFCA1299000-memory.dmp
memory/840-7-0x00007FFCA1BD0000-0x00007FFCA1C8E000-memory.dmp
memory/840-8-0x00007FFCA0FD0000-0x00007FFCA1299000-memory.dmp
memory/840-9-0x00007FFCA33F0000-0x00007FFCA35E5000-memory.dmp
memory/840-10-0x00007FFC80030000-0x00007FFC80031000-memory.dmp
memory/840-12-0x00007FFCA0FD0000-0x00007FFCA1299000-memory.dmp
memory/840-11-0x00007FF6398B0000-0x00007FF63A2F4000-memory.dmp
memory/840-13-0x00007FFC80000000-0x00007FFC80002000-memory.dmp
memory/840-14-0x00007FF6398B0000-0x00007FF63A2F4000-memory.dmp
memory/840-15-0x00007FF6398B0000-0x00007FF63A2F4000-memory.dmp
memory/840-16-0x00007FF6398B0000-0x00007FF63A2F4000-memory.dmp
memory/840-17-0x00007FF6398B0000-0x00007FF63A2F4000-memory.dmp
memory/840-18-0x00007FF6398B0000-0x00007FF63A2F4000-memory.dmp
memory/840-19-0x00007FF6398B0000-0x00007FF63A2F4000-memory.dmp
memory/840-20-0x00007FF6398B0000-0x00007FF63A2F4000-memory.dmp
memory/840-21-0x00007FF6398B0000-0x00007FF63A2F4000-memory.dmp
C:\Windows\System32\GroupPolicy\gpt.ini
| MD5 | 8ef9853d1881c5fe4d681bfb31282a01 |
| SHA1 | a05609065520e4b4e553784c566430ad9736f19f |
| SHA256 | 9228f13d82c3dc96b957769f6081e5bac53cffca4ffde0ba1e102d9968f184a2 |
| SHA512 | 5ddee931a08cfea5bb9d1c36355d47155a24d617c2a11d08364ffc54e593064011dee4fea8ac5b67029cab515d3071f0ba0422bb76af492a3115272ba8feb005 |
C:\Users\Admin\Documents\GuardFox\Fhiu40oo3t1NFSHs6Nih2CPH.exe
| MD5 | abdd44ee49644dd47d86cf9ee321d2d1 |
| SHA1 | 6414ddfab7d91d4be56e654219e56fb66cd1bf4f |
| SHA256 | 38cb8c23fa6a0aa7d2d8c3b58285b075adef643640838cb0e406f86a238eb607 |
| SHA512 | 8f25c9285ecfbb3d54f0ce21161eabf34dae40ff82bdea80773c7702b9f9b25b5852c6e6b5ffc5e5ed71e1808f872f34894f39a783689d1feadee6c796f216ff |
C:\Users\Admin\Documents\GuardFox\HUVHjonu_Hje6G6JU7VaoIjt.exe
| MD5 | 3fdc03bf751bd82fe71fd7aa097ba266 |
| SHA1 | d3eff184804b1d32560bab9764fd090a35aada20 |
| SHA256 | 3b1737e6ac3ca0bf6b2146e6336054bd83f9d03c808f7d631ab08e6bee988882 |
| SHA512 | 416ea4bfa76b4dab68b11fdf828e5c2348f5f78ad96fb844f2b9ca0533e1ab16c10b03a061fb34c0fdd029cd05c711dc2ac5855a631965c42840fe9ec57a91e5 |
C:\Users\Admin\Documents\GuardFox\GEMP3wBL4EHtx1DKvSUjrltk.exe
| MD5 | ebd6f7a6cb7aa2c1f16389618828dd18 |
| SHA1 | 6f0ab3eae5a5c4ed3383ac48a4ac067294c87728 |
| SHA256 | 80b7f795cac71ff494d915f171bca9feca53cf6d9c6d5b87b2c773ea8266403e |
| SHA512 | b0ab45f303c0c7051da0248713d0b672d262bafde69112e3fe021426bfce869089329b324e3355a94cea76cec4feb6a024ab74499e1f025f82eebc3da11521be |
C:\Users\Admin\Documents\GuardFox\DlobcuKPjhqxD04VLJeAxs1Y.exe
| MD5 | 0300df90c7be2e5f7124509c7d3ef042 |
| SHA1 | e2b17e87f16280d5597cddaa1db7b4c93bd53cc6 |
| SHA256 | eefaf8133d167973725e6b43f93fe13bcdc491d9570dd0034ac6e726704e0b95 |
| SHA512 | bc29a934e777b15ec150898912d3f5accb392f834cb158b030c90fd5c9c2c36c78b016cbe69bbfbdee53bb68e67b9bd0ad00a79ec9b1782a8eb7c2ef5c24203b |
C:\Users\Admin\Documents\GuardFox\Ib3nHb7tep7rCpzrk68gEeCy.exe
| MD5 | 5373721eba16b7c52d1f53b02ca95302 |
| SHA1 | 8b945293d135a1afd888babf4738971dbd607475 |
| SHA256 | 8dcc8b0423941480f2dc4fcaca1811ea61164b8f8f213396b18ad32a20833b88 |
| SHA512 | c5d0c13f0d6036a54de22eb2996333bd7d908664879509699fa03a234b4b4e9fa62c8396b07cda534edf2102f3df5fa633b1e70265d536d9dfcefa28256ea4e4 |
C:\Users\Admin\Documents\GuardFox\7LsW1tgu4RRNjIZfO6UkF0OD.exe
| MD5 | f740608b4fc3a10a4526f0c2db5fc67d |
| SHA1 | 91a6a17d5a90be772997021532d6d0615d550fed |
| SHA256 | 35e87fae499edf23f25bfc5be34be901c0dcef34851db88b7d96eeeb6733860d |
| SHA512 | 2d45013aa54d29977eb173ef873ee2464081ee650c3df04fd381f9e8aaaca4bbc58de61228cbf365439ad05a81de4bed8cdafbf4a3762eb489da23d65010fe3c |
C:\Users\Admin\Documents\GuardFox\Kziy09yGH2ihEicFLDPHF7al.exe
| MD5 | 3587237650454077f0091c4b785cc0a4 |
| SHA1 | 3382a89b5ad5437c5d398e1a823c1f30abcad5a1 |
| SHA256 | 38835336488e14f393512cc51ab575686cdc8193ac53a9efa1e5daa5881a92d8 |
| SHA512 | a0b2b6af85e42b125970feb1101017b5af671f1b2d68a9b04d4cec742125fea68180e4d4622b14a6e2f52343498bef4f037e799acbd745442935799f79702e8d |
C:\Users\Admin\Documents\GuardFox\zZoOSmhBGpbqhOnj9hrXXQ2h.exe
| MD5 | bbf6e342443d542bc441c19218d1938c |
| SHA1 | 531eb607991320a4a82453e853ddead10e87fd10 |
| SHA256 | c9946ebd3b46a85c3e6d4b657994150928ceb1030d3c4f4594e80a130c230698 |
| SHA512 | 4ea5f07803633c0fbbe3d1d5ee61b778ffce067e29a4825d43d36244a4c6c590706d58a175079e2ebef0d0e157f7135d7ae3a2619cdbf8d90b91fab3f1e5af55 |
C:\Users\Admin\Documents\GuardFox\9UdKiMABHzlnZ75ggE48MsEl.exe
| MD5 | 0338d812ee80b867ee55aeca639aea4b |
| SHA1 | c8000bdd98b4e25d7f7d58575a88cae4423fc329 |
| SHA256 | 8a04644aead7ae70566f1affc9f53507d5ea89fff0e2add36fca584a3ac08eec |
| SHA512 | 611f72f5d8fc065afbe829365a0b9f5acf861eed37335a3b0a8e0009903dc4a25f4b20e4e5c2c9ab66091f2b1f128e0d4dc9f34cea14463472cc9506c14f9a4a |
C:\Users\Admin\Documents\GuardFox\qKYZynyy_NBhtwhTUfWTQeXE.exe
| MD5 | b7bc9e112100ed482631a02cff4c533d |
| SHA1 | 66e8d225495d097bc4f570c176b67f52964349f9 |
| SHA256 | 110b2111d924c6c26437b633ad933d08003742723725ad22037e5a337cc16069 |
| SHA512 | e6d6b43ec74c72ff61f016d6faf2e390b5e908ca6a5a3f307c70e48562f82b7b32d6a8a2773d106dd0ce52f655b15d5aa30c22489dae40b6ac266acd0746bdd6 |
memory/840-114-0x00007FF6398B0000-0x00007FF63A2F4000-memory.dmp
C:\Users\Admin\Documents\GuardFox\TBM9dwaxRE1IJerNiSbnNqaC.exe
| MD5 | 5fa878455587d484dba37e41a46b9343 |
| SHA1 | 82f4dd3a18554bda4425a897433b31f2d783587a |
| SHA256 | e63841c08999245e9c424161cca81afbecb2c9e20b53aa2eb988a923cddbe6a4 |
| SHA512 | 60e23805e4a72ed423a65d2a3b19c2f6f4c16587f74499f78478180e0964dc9a80a584fb3a607c7a61ddf8085cd3ae23a5bf6a0d25aff78b96b808007d7e1654 |
C:\Users\Admin\Documents\GuardFox\EwpduaZj10LbAfghmKbC0XEl.exe
| MD5 | 7b8e8862202f2c42bd909e44a20ce7ac |
| SHA1 | 5174b3130f9da872e70c705a6eecf378b9981365 |
| SHA256 | bb168eb325b35d5bdd98a628a5832952c35bb6e18a5bd9031d9f50fad9ac61da |
| SHA512 | 26398dea94a1a7d9dc3a744ee1f210071361241ef5658259e1af5c1de4728036a4e93c975d80aaf134b6c57001e135925f4204241282d73537f85356d11b7285 |
C:\Users\Admin\Documents\GuardFox\sbuycKPFZHgRBaJKN1N1aCEz.exe
| MD5 | 2dce99f902dafc3c53f20db467b8655f |
| SHA1 | fa206f040a42536170553c205fa0dbe95df9c337 |
| SHA256 | 891f2a710fd359c92435537a4fd83776ad188304d3b3b8ee81e5d62b2114f0a1 |
| SHA512 | 12d282164ffc8fd5900c935ec7b6d2827c7a6c44f2df33ff2016c85bd7199a5b4ed15dca8c4bea655658e5362f5e4cf0c0201079ed4392984b29d23da5879bc6 |
C:\Users\Admin\Documents\GuardFox\JdZPq1P5EKDFC4HyZ_OuQvq9.exe
| MD5 | cbf8063075619138caa08fb1afb1cfa2 |
| SHA1 | bdd94089d791985baf2f459a0c518710887b5471 |
| SHA256 | 5030e4e9b296805fe67e5224c49be0c834f9fe3ce1028bd36f2d7ab9ec88caa1 |
| SHA512 | 5230127832c1518fdec8a7ce4e264148f1fa0a30068f5a0aca9d85348a4a412f05233a7951c08fddbd104e7f1ab41cc9b405f6413ce5b7db356478a24fc43853 |
C:\Users\Admin\Documents\GuardFox\Iz2F_E2SsHuStXA_nVq69RNt.exe
| MD5 | bf21be3446b558a2864093d287090247 |
| SHA1 | cf6435fec0562f30badd13ad4305c75ac58a3d99 |
| SHA256 | 6e03ecd231d9b04fb6eb31331d478aa33ee08b64fd487a4b1c58c4ddf20ba195 |
| SHA512 | 8551b54e70e3933ac125acf83f52fab927369097acd12885724523552b2559a26e79c33e0016b703915060be5d728757db7e4c8c192967c6de021295927060f1 |
C:\Users\Admin\Documents\GuardFox\KdVPYGEBaFAKLdQMMkqc0P9O.exe
| MD5 | 3f750d3e7f23601110827271f4af175a |
| SHA1 | 357a39dd4c271870e2036c8c85ec5b58ed55984e |
| SHA256 | 3c3f0b4ff1e617138d09f5a1bec8e28f8517d63735978bc1646da6cb3967ce49 |
| SHA512 | 7fbbed3b7f0750b5389f5ce341cb7dbff1980f2a729e20abf2f60888de3959d11ad4303562c527c143932426cb5bbf4533d70f0a1fd272d665dbdc92e70e396f |
C:\Users\Admin\Documents\GuardFox\V30CDH8Dluq42uED6_5d_908.exe
| MD5 | 82e178bd7bfcdb6eb59874636a000a30 |
| SHA1 | 077bf3ba8147b8df18c98d450e2f1b197e9859e6 |
| SHA256 | ae8118215495ebe87042849318bcfc4e122d69775effbc375aae3e76ea120059 |
| SHA512 | 9f8fdb14410bb61d58f2f0790ebbef0a75d7dcb70d786aea9138b3e903fa63fbb018d76163e10a06bbc078ff98fec9bdd62a5cdbb7cdbe979d31b6fd35a98f65 |
C:\Users\Admin\Documents\GuardFox\pNDGpTJMyJXYIj9W4rvJQwL8.exe
| MD5 | 90487cf41bc9545f0aac8c6bf0a6b855 |
| SHA1 | 32d444978a1e90f449393c095e451ddc920c9122 |
| SHA256 | 339c65b2fa9c57e5455181829df42a83ce220844e2dbba006a5f24b6e1012b2f |
| SHA512 | bda05055737444a1d514845a693a99c75682a328242cec1b163aac22b441208002032b245b7825a51d0e15326cb5b6ce7a14a05179e9605e0f4a75229a8e1ad8 |
C:\Users\Admin\Documents\GuardFox\V4pYAb0MjziI6mmnQmBlqBlp.exe
| MD5 | 5b7b15e57bf07b1cf432b370f2c367ca |
| SHA1 | 7679de14d2950fd85983b68331515e668ad25de9 |
| SHA256 | e9ef42e373a505c4a24b3f31b349775a420c92353a6fe64cccee3986455ad062 |
| SHA512 | 50d11642c97e3442b31a5fe3f3a1cf9b6c1a608fea25e0e4557f20b25d9217986679a7cf683d5344d8deb47b8ae8733e079d944b2001ea9836a586d269713cf9 |
C:\Users\Admin\Documents\GuardFox\JTb0PxmZFALhKcqoAtyuiktg.exe
| MD5 | 026733d178143f6742ae5c9f308abb57 |
| SHA1 | eb077b40272cc399d25376053531d4b7c0bac7cf |
| SHA256 | e7790b04a89009e8c77eec9e6e64a4bc85d91c730003a83da47b58da91dab060 |
| SHA512 | 1a1d12f1edb82b3171a860552b5a9e7115a8f1de8a9d1c0a88efd0096080c24699294f3b2ea00158dddcfcd949a8d9a2748a68bfb374959f7c6e78f0ac5eda6d |
C:\Users\Admin\Documents\GuardFox\ztf35Sy2IebzEPWHO3U10kcF.exe
| MD5 | 55f4a05bd965b92e765bae679cfa54fa |
| SHA1 | e6bb39eb3f182cb73e1d998f8875a33e9cf1d6c6 |
| SHA256 | 6e9e3854a7d5ed2c4b486f7a3cbc6525e51e9895ce804308a5cfa35a7c88bdc6 |
| SHA512 | 00f0bace053a11e32fd387bfb04a6ac5a87158b981db99bcaa201d53d9b3453acf022d6d88be7ef82c255377228c720409265d2bc037bfb4a28aca9ce17f4b79 |
C:\Users\Admin\Documents\GuardFox\V30CDH8Dluq42uED6_5d_908.exe
| MD5 | 32230b2cf5811f0a184e2702a59190e0 |
| SHA1 | db772145066b84cf040b9b2b88c822c85997d914 |
| SHA256 | 6df670800034fe8fc0b8d05c9f3ea89f143ddc8c5122dcf381477a4f2e48da0b |
| SHA512 | 9710c1ddb04b561f300ce336ec2c1c263f5b51e526dc7a91de1fde3be4297dacec51eb797022a4a5753766d4cc13fd8bb64762b6ee69f051e23daed9b382229e |
C:\Users\Admin\Documents\GuardFox\ztf35Sy2IebzEPWHO3U10kcF.exe
| MD5 | 90d8dd3b634c60d0c7129ade169c139d |
| SHA1 | 91c4695e3d4a4043aa2600905d41eae5831fb97a |
| SHA256 | 63a0b432d31b1fdba074142f65ea3ac360fbe6cbbaeeee02f69845d459a24e95 |
| SHA512 | 29ed005f8c8f0dc07bd6622cf9ce4604cb1313bb30581186c4d1cf1f9f91f0cbde96b116f416f65df4fde38b4e48293c761b0f2bf4444147d27fc268c887e782 |
C:\Users\Admin\Documents\GuardFox\JTb0PxmZFALhKcqoAtyuiktg.exe
| MD5 | 8106372827f3792f9b79a8ce0b32d275 |
| SHA1 | cfff571cf58eff5268342ddabd395dd938442bdc |
| SHA256 | 9d8782d492f3a1cc06c25fd4415927ee0274c024465b2db58393b7c6c46d9ca2 |
| SHA512 | 3ac870e2aaddde91da93eb4fcf5d4dfe887de863417ab09c8a92a7082445f622734daff9060ecf88d175c7fead0c131e4635d0458b6786e977a19be7929caf2f |
C:\Users\Admin\Documents\GuardFox\Kziy09yGH2ihEicFLDPHF7al.exe
| MD5 | fbc8c9fe49f30e78b2f3ba323ebfa70f |
| SHA1 | 21c15004f75c098737cce3bf9818b833eea7404a |
| SHA256 | 660185be0f587322a3daa203803eecf49d42a686ceffa06315491ecf37d73701 |
| SHA512 | fda14ebb8f3b6d8fd9501e57c686640fded4c7e581ea938ec7016ea999410bde9b98042b035c8d0d9da3a70af17ec6731b446656fbc9b9a06aa5c87f8c2cf85b |
C:\Users\Admin\Documents\GuardFox\HUVHjonu_Hje6G6JU7VaoIjt.exe
| MD5 | f913fe9d70042c53b254827acc6b499f |
| SHA1 | b250b7e729c4ef048003a355744e73fd53c116ba |
| SHA256 | 8cb8cc58c6944b015ad8afd1759486b0441240fec99e54a37e06b8f75089ff00 |
| SHA512 | 5376c6a286d740a4f0faa65bf65adf3892928bc874a7d4c1cf3ea736fdd6bc66b0e230a3cae4ffeaa494fcf5cecc97d3078f9fc4773d1b006833983181a323bf |
C:\Users\Admin\Documents\GuardFox\HUVHjonu_Hje6G6JU7VaoIjt.exe
| MD5 | fa0b656d3d278e9336c15448ef7c2d15 |
| SHA1 | 4cd51fcf01b7f6e685f79778ecb56e9045d0e30f |
| SHA256 | 5122af5f90ae5fa4445cbb52cc7352e1e529586dc7f7188ae3d1d9415b484445 |
| SHA512 | b54d6f836c1df07ed5b870b7229fb304cc0df9477cee86efb6cf091a1b06204bb8f01ff7bbe0560c57c6c2505a704cff66e9ea5811d54b0176aff4dd44f6df32 |
C:\Users\Admin\Documents\GuardFox\sbuycKPFZHgRBaJKN1N1aCEz.exe
| MD5 | 502868901be03efb85000e67c64601b3 |
| SHA1 | d4ac62ca27427002331abb0cbb8e247ce6c5193c |
| SHA256 | 8ae07f45777add8b7af1e0b112165d7800350f9091448da55b7caf06a228a750 |
| SHA512 | 97a0bab350923fb6712c0805f8dc4d2ef4ef4ad7a5e66c2b29057f4a76e561ac4ab8d982f015f885cc9fe608ed2e9dd15e5edf99bad6ab6e3a2b2d63386ece78 |
C:\Users\Admin\Documents\GuardFox\pNDGpTJMyJXYIj9W4rvJQwL8.exe
| MD5 | 2a25d202bade6cc79ff0d61effb4e1ef |
| SHA1 | 8ec2ac45283a15ac0560844e1c46bc7f0c2c5774 |
| SHA256 | 7b55a1c6d0f72455bccd6a93db9d6b11030b050b691d4c90697935a3d6ffaecc |
| SHA512 | 983b120a8d229d37ee0d62cac303e97b1086de9bbca9f9ab0e1607332cf87611aaca4fe2e17db584ac19d1cb74302486a5851202f6161d9bbc55cb593a65d40b |
memory/840-603-0x00007FFC80010000-0x00007FFC80011000-memory.dmp
C:\Users\Admin\Documents\GuardFox\GEMP3wBL4EHtx1DKvSUjrltk.exe
| MD5 | e1cb766dc575cc1bf368143497e4734e |
| SHA1 | 5d73dfa40b600bd0b03893d9d519bec8321c68f0 |
| SHA256 | 3e5dbc59f5e21ac6512581b1268295f48b863a8a5b1609072b84dfceb609b784 |
| SHA512 | f7e3563c7c7360aeacdcd02c4e6e0eee914f06944a20f4db3cd77f332f60095ef7868a5d9653fb191c487730cf3e3e58ff7c148c1f1862b60faa79335a30fa0a |
C:\Users\Admin\Documents\GuardFox\DlobcuKPjhqxD04VLJeAxs1Y.exe
| MD5 | 04a0ff98b24970358be912742b1b12e9 |
| SHA1 | 7662063af43a5a00e747517c9f6d86eb2b40b33e |
| SHA256 | f6552d836ffc1cd88e7b952efdc0388570734d652cb9356be169fe3981b15ca1 |
| SHA512 | 1c51c64fc2438f13ed6d1cf814de34a0d24b2ad952c74d1ee61a2b49bbae210893a7f64d781c024da69737bedc4b91eb59a322ae4f855b6a9cfb7119572d5230 |
C:\Users\Admin\Documents\GuardFox\7LsW1tgu4RRNjIZfO6UkF0OD.exe
| MD5 | d0901b92749db4d796381d541e977f04 |
| SHA1 | b3ceb02addc1add99e9c099228a09ad3a0e04d79 |
| SHA256 | 67c2e03ac2744fe2e87983c42cfa7c86cf8069a6b3dac91ff4b214218eb78b01 |
| SHA512 | 73d02fde1190c89c7977890cde69e0f71efdc5f10cb811eadeeeb657ec31d06d1a2d5fb04ec5a2556aaa329d89481a7b879c4bcba577babc1f451bc1b12eb516 |
C:\Users\Admin\Documents\GuardFox\Ib3nHb7tep7rCpzrk68gEeCy.exe
| MD5 | 80ce593e055e11b63b129103d490bbaa |
| SHA1 | 0057cff329b9b1d8cb7d0d946d938c12cc5471f6 |
| SHA256 | c5766284acf2a88d735a6401e7b2b12c2ff0b5ddc7744779242c90db06225dd3 |
| SHA512 | 636ae91b58fc872e063c5425f935e9ad05554c659706b2367b17584d5d16fc1acebd09062688e3be90dc6db9e0377f88523a653f729de97a476ea1068d2005ee |
C:\Users\Admin\Documents\GuardFox\pNDGpTJMyJXYIj9W4rvJQwL8.exe
| MD5 | 34d0dc32f8fab919a969f7d8a6185057 |
| SHA1 | d8c01aefc6381ed0e81a528a66e82e4819a0b063 |
| SHA256 | 95247ce385d65ee38a0d020cfbd46fe70e88a779e2501d83841761d562f93880 |
| SHA512 | 9b35304fe5301b15882bddbe23f9e82d69e5b7726761076de66fb51b8e36f09f7a35e63f139f227b9b778b1815c24e8881ab014b55de77bae667a7ad3d4629c0 |
C:\Users\Admin\Documents\GuardFox\Ib3nHb7tep7rCpzrk68gEeCy.exe
| MD5 | 5f3cc6eb7d7e17292a0276d27af98bf3 |
| SHA1 | d401b9ecd245b73bfd29de7eda5b99e40eff4d91 |
| SHA256 | 22f4d6222a7ad203bb98a80e8179b337920e109d7540be3427585193d632e627 |
| SHA512 | 6d9dd083fe2684929e0e77a677ad9c5cae82ec2165e2cde94ac8e5000d8d7ffc9bda47fcd65aa56dc74c84472c729b87ec267d5bde3304c099fe239e554b2209 |
C:\Users\Admin\Documents\GuardFox\DlobcuKPjhqxD04VLJeAxs1Y.exe
| MD5 | 47ccf763cfee28a4769e61ea0999deec |
| SHA1 | 0c013af2165a7df3878808411a780bafd08fa4cd |
| SHA256 | 858da9cc7e55da3937dbb0c12e3c44505a0808b676ed98bf6c0b2d556539e866 |
| SHA512 | eff34d00122c8f4432516c1a7d2ebf360591b9bf199c2b57d678a008f193c706b3c41185115abc3124d6297f6f22502ab28ee14dfebd53160c45aadc9c57d1d8 |
C:\Users\Admin\Documents\GuardFox\7LsW1tgu4RRNjIZfO6UkF0OD.exe
| MD5 | 7daea3a8269ca531bec3b57f351c5f11 |
| SHA1 | 96d1bdb08a1e83ce573e11651320ca276017c8ec |
| SHA256 | 17c2a327606ca410fc6e6a393d4a4b242e8c0903a9e8fa0ae8e99cbbb562b0f3 |
| SHA512 | 4b4a956212a7e9ea004435642583c7438db679273cc638a60bc04546d569d03cfa336e04c5f7beb79b57e55984e9db1607b1229566cbdab76ffba3012d6fbb74 |
memory/5900-678-0x0000000000D20000-0x0000000001203000-memory.dmp
C:\Users\Admin\Documents\GuardFox\Kziy09yGH2ihEicFLDPHF7al.exe
| MD5 | 0537da2ea91d9c0204fb0a6ba01ed11f |
| SHA1 | 69c83b99c015b372c6c2a10b5ec8b5999d51c906 |
| SHA256 | 327c8262f490d93c9d0d633d868623041b9649372953047aafadaa1effc67e41 |
| SHA512 | 03097895449ae0e7be27e9a343c29e8536e93c90ed1f4940cc9597684e20e67c11026ec00f7cb8ee08911864d771c9db5f3d3c97c03ee104f25addf4a9e9b1bb |
memory/5964-682-0x00000000005B0000-0x00000000005BB000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-Q4J0B.tmp\HUVHjonu_Hje6G6JU7VaoIjt.tmp
| MD5 | 178a36772a6533aa2b6cfc730e0ece5b |
| SHA1 | 2077eabf003d62430d003e4b6cc0b89870534c65 |
| SHA256 | 39d54851669305265953dbf7a1bc7f9370ac13c9e5a99e0990a41b68a5375eb2 |
| SHA512 | cf740e40da39bd795f2fc639bfe3bde038280e0f53068f34c26bc77b9b475d65260baadd9f4c1b951546988b7345d4fae52b7fbd42096d9ad46f98983a5f7a4f |
C:\Users\Admin\AppData\Local\Temp\is-Q4J0B.tmp\HUVHjonu_Hje6G6JU7VaoIjt.tmp
| MD5 | dc54d0d10aaba59bc309cfe34e2fb44b |
| SHA1 | acd39e1d610e90102bffcefb59ac594b2c66f114 |
| SHA256 | 260260b6fe49d8682566d5749d4b2438416d0ad2fadadac2b73fc9f623ef4478 |
| SHA512 | 643500a5c20f3a4ab3f9169c1e4ee4c22f3b5cc81ff7cae7422da7ae66fd65965a8206cd9229ca63c11329bad95effafc5bb7a1b0881cb562b166cc6d90083ee |
memory/1812-688-0x0000000000790000-0x00000000007AC000-memory.dmp
memory/1812-689-0x0000000000400000-0x000000000062E000-memory.dmp
memory/4468-691-0x0000000000480000-0x000000000048B000-memory.dmp
memory/5964-715-0x0000000000600000-0x0000000000700000-memory.dmp
C:\Users\Admin\Documents\GuardFox\GEMP3wBL4EHtx1DKvSUjrltk.exe
| MD5 | fc46234d4c69d58e648d72302a1406ac |
| SHA1 | 34f70aaf3ee9c3f09e5f1c9c3708dde984ce38e3 |
| SHA256 | d2afea6d72413f5235b512d740d8283bcbcfecd2a7e97e3deee5b0b283a1394d |
| SHA512 | 072180a272dd3d9fe3d026ad37da48710918bc2562fd4310264534951886c5682393eacd03fcaeef73cb5e6b41deb25d52d8ad7699d36ebff33b368a03b8fd80 |
C:\Users\Admin\AppData\Local\Temp\is-EPDDO.tmp\_isetup\_iscrypt.dll
| MD5 | a69559718ab506675e907fe49deb71e9 |
| SHA1 | bc8f404ffdb1960b50c12ff9413c893b56f2e36f |
| SHA256 | 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc |
| SHA512 | e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63 |
C:\Users\Admin\Documents\GuardFox\sbuycKPFZHgRBaJKN1N1aCEz.exe
| MD5 | df9cbd5114a0a995233d6b4a2ea30d66 |
| SHA1 | b8ecce509463887d837ef7ccedfe57b34c109ed3 |
| SHA256 | c9e1861cec48f0cc3a7528dde67f8e08b3c5dd249405d9efb43986c1a4b01758 |
| SHA512 | be0b8522320f6ac4bf8b17e2a93f73a38e8081365636df11fc11074e9b9c189b028f80e15af08598e605950a53eabcac2378b811399e577ef8e8d6ded6512b12 |
C:\Users\Admin\Documents\GuardFox\sbuycKPFZHgRBaJKN1N1aCEz.exe
| MD5 | a9f5eec6112e3828eb18a32aff5f0440 |
| SHA1 | da5da36fc081ad8d7379336d685857fa695bde07 |
| SHA256 | e4d1bf47757116e75e7cd321265d914cdc0bd5861d4a1ba82e3ce0217c538499 |
| SHA512 | 8f563e942744f834b3a849dcd0c0b24429345c2618aa7246180e570a9c06ba2ede210984b23d5a2c014a6af601c545570d5dddb60645c9f60743a8f8885b40c4 |
C:\Users\Admin\Documents\GuardFox\zZoOSmhBGpbqhOnj9hrXXQ2h.exe
| MD5 | 3d4fd70475c366b991ba3e5befbe862f |
| SHA1 | 4aea50b28029abd602ced03396d332417b61df1d |
| SHA256 | 99bfe586f2b4e64610a29ad2f9a23bd7ed4edec011172f7c0a47b5f74c541b78 |
| SHA512 | 9ee28f77d260c3981f0cbb1e7b470eeef5f6faec15376a8f1f0c3b92c1fd5374641f7098fbade713174ad588814c6809c764d71b3fe61fe154bdd88d4257f66f |
C:\Users\Admin\Documents\GuardFox\zZoOSmhBGpbqhOnj9hrXXQ2h.exe
| MD5 | bee2b57866965861f9380a95f8195c9a |
| SHA1 | 1ea9c5fd00d1523cca7003d49c5724ec509da5a8 |
| SHA256 | a5954eace2cccca1fec38e1de5b8fe859ebc3e7166dcb901176521a6ebf0f0c9 |
| SHA512 | c8addc047354f93e059d45c9e6ea8bb309ec895daf822e24021f11e6a598edda69a512b80927964f0e287f4b4317e6cfbf9c612a8fc29b3d0c21a840fc5b709f |
C:\Users\Admin\Documents\GuardFox\ztf35Sy2IebzEPWHO3U10kcF.exe
| MD5 | b23afa9df6df17f979f65d92af77942d |
| SHA1 | b13b206f088dda385566f7e90211b5e3b7cb0383 |
| SHA256 | fe9e9241baf4d59de23503e543981a28b3571ef5c33f80328543eeb403afb5f9 |
| SHA512 | a86ad0889f7016620356f87179d3c6d36c02921c2834ceebf3bac1edf98a8fadc8f03b7ea5255c743f6cf3fa7bed0c089477e1e7bb2e13c0c27ede2b36461659 |
C:\Users\Admin\Documents\GuardFox\ztf35Sy2IebzEPWHO3U10kcF.exe
| MD5 | 3ea5a9fc917c894462ee6761728266b8 |
| SHA1 | e5128ff26f9d96e3c47021c51d3aafd9386114a7 |
| SHA256 | 67ae0780b9cfab6ec27b28a9a767f019c429e803b0ecc27bf7ab36d608085ab6 |
| SHA512 | 6b685957c8903ead75ed8fff77ba69219946ca249eba0545866683b81f5005a1fc205b8baaa24eb74634b188a0e5a61f37b9421cd69d02dd82f637f911c2d5e0 |
C:\Users\Admin\Documents\GuardFox\V30CDH8Dluq42uED6_5d_908.exe
| MD5 | 5c007e2c288c3af201853c7b5fe6ce79 |
| SHA1 | 7aef41708ef2d4b3a47d6e84793d458d218ebbba |
| SHA256 | 747434f993aa3afc5436f81da1efb8431517e980ba57b6fd203a2091bd61f4bc |
| SHA512 | f4843971cec2d821786f1652126832cfda62bff35934abbf9a576e2047259285f93573a62458c93d8e6205e78b3f1b01f2352dca5ac42386687439e002e44d5e |
C:\Users\Admin\Documents\GuardFox\V30CDH8Dluq42uED6_5d_908.exe
| MD5 | 18375b1b7895eb996a528352c2b34bc1 |
| SHA1 | 1010b53f3007f6c8a4731b37058eba868acad694 |
| SHA256 | 82fd3555f1d75cc1e57efc3d7bce382b544d06e896343a35c1d3f9bd6d9cad85 |
| SHA512 | 26f5bc251e214fca4d2f352c06ff90a334320849dbed9bd02211808139c19a75293d133ac096160620e53f2148fc96b6c2d7d3728159a7fd510ccb94c5136860 |
C:\Users\Admin\Documents\GuardFox\JTb0PxmZFALhKcqoAtyuiktg.exe
| MD5 | 39f6788e7f8353ecc003a99ce45d3355 |
| SHA1 | d1d98bfcdf41108ea1e3dbcaf9ec425265c86861 |
| SHA256 | 64c147bed56a52fc41afcc96e983f9312f5ad68103c4142cd161ef304ef69a3c |
| SHA512 | 2f4c73198e15c3da035127112d3854878e9de4662a31eae3cd2d8506f4c7e02cbfd5ffb32a2a834295c26fee03b62e83c6923cc35712ecd3dfe85a19ef31243c |
C:\Users\Admin\Documents\GuardFox\EwpduaZj10LbAfghmKbC0XEl.exe
| MD5 | 50ebac3b8916f5c03d6fc1573fbec583 |
| SHA1 | ca5be7aeabd053f330588d1fd04f8a84c4f0dcb3 |
| SHA256 | a50847fd89fd4a18b7415661d19bb016ad668c49dd260baa07e0376bc8d90d61 |
| SHA512 | 6665335e912d350808f1fe01a647213060b2eb19337e27481696acee0b909f2f044e2c3a3b862fb57532f349820e949b6b98f5e2e29105b2b9f80932dd98bf99 |
C:\Users\Admin\Documents\GuardFox\EwpduaZj10LbAfghmKbC0XEl.exe
| MD5 | f04f1a44c5847c2745701adee09ca0c0 |
| SHA1 | ed5f46c66b0a2663ca8d9ec41a5c60ce33343f7c |
| SHA256 | 35a0138d5f1dadf0026ab2fc9e02208245102f199fa541bf99e1420355e22dd5 |
| SHA512 | 649c621470b1db83d5b5bb0f8ff2e38436817f3a588e0e3a87c7886640854c256f82a2e4ab6858e578441e3885740140a3578385a810f4c62bdd8b72967fb764 |
memory/4468-723-0x0000000000670000-0x0000000000770000-memory.dmp
memory/840-863-0x00007FF6398B0000-0x00007FF63A2F4000-memory.dmp
memory/840-906-0x00007FFCA0FD0000-0x00007FFCA1299000-memory.dmp
memory/4536-913-0x0000000000610000-0x0000000000611000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
| MD5 | 60fe01df86be2e5331b0cdbe86165686 |
| SHA1 | 2a79f9713c3f192862ff80508062e64e8e0b29bd |
| SHA256 | c08ccbc876cd5a7cdfa9670f9637da57f6a1282198a9bc71fc7d7247a6e5b7a8 |
| SHA512 | ef9f9a4dedcbfe339f4f3d07fb614645596c6f2b15608bdccdad492578b735f7cb075bdaa07178c764582ee345857ec4665f90342694e6a60786bb3d9b3a3d23 |
memory/5588-923-0x0000000000400000-0x0000000000537000-memory.dmp
memory/5588-930-0x0000000000400000-0x0000000000537000-memory.dmp
memory/1436-943-0x0000000002540000-0x000000000265B000-memory.dmp
C:\Users\Admin\Documents\GuardFox\qKYZynyy_NBhtwhTUfWTQeXE.exe
| MD5 | b90cdb4a2042bd0a6167bb1bc9e8ad94 |
| SHA1 | 122c52c8291252bc2577ebddcc7113accd23d929 |
| SHA256 | 54990ee80391578fda5d8680dbd0e1a2d521dabffa3f094a4465a70181b1e5e4 |
| SHA512 | aa33bbd310d6c54aeb8ca1031e9b3969f38a06e7df915cd9e099942409d8936b9e035b9a9b378cbc0fc1e537ab82befcb708769befbfef90d2dc323127d10b5a |
C:\Users\Admin\AppData\Local\Web Resource Viewer\webresourceviewer.exe
| MD5 | 76ee1b57425fa824014e58cf489f9928 |
| SHA1 | 4dc015c1701f7fc8e70c4629313ed5a781b83099 |
| SHA256 | b1b1abb9ccb838ff324eeb1bf1a9b30ecfe3520aba28f61a15685995b90bba4f |
| SHA512 | dae41969a07a7f9abe632a649e097ac7d1c6edb0d89b7fb0da0e52cf17db920e1fc8be2e805cfade6c1e32f186863286b07731665f769e911b158392a8145760 |
memory/2804-960-0x00007FFCA35F0000-0x00007FFCA35F2000-memory.dmp
memory/4300-959-0x0000000005000000-0x0000000005064000-memory.dmp
memory/5428-958-0x0000000005180000-0x0000000005192000-memory.dmp
memory/840-952-0x00007FF6398B0000-0x00007FF63A2F4000-memory.dmp
memory/5428-950-0x00000000058B0000-0x0000000005EC8000-memory.dmp
C:\Users\Admin\AppData\Local\Web Resource Viewer\webresourceviewer.exe
| MD5 | 6f33ccbfb65037bb8f15d956fa0375be |
| SHA1 | 85c760fe15369194767ae6620df57bdf7b5b24d7 |
| SHA256 | 32d2ebff858569c4268b6383aca9fda89311450a766899c63d334c605b7d0df0 |
| SHA512 | 8997855c1499b12ca79a8af6f4d4d85fac0a09332bd2dc858a0ab0248e69fc4fc7557717758901e50b41b849438a9f3364a33cc6a818cefdcadbd838d5e542a4 |
memory/4300-947-0x0000000004A10000-0x0000000004FB4000-memory.dmp
memory/2896-951-0x0000000005290000-0x000000000532C000-memory.dmp
memory/5588-949-0x0000000000400000-0x0000000000537000-memory.dmp
memory/3956-946-0x0000000000BC0000-0x0000000001B73000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7eDl.cpl
| MD5 | 1daf9bcd2766a3f4812f4c37cf8b9d7f |
| SHA1 | 16598effdd2c3541e60227ef7279e89d50f144b7 |
| SHA256 | a3492e4248df533189fda02f6b7dc8e1bbbe5ccbdf8823f4f24faa5144df46b4 |
| SHA512 | 37cda8d8bb9a4a4b24bbda2ff16ae5d36d86ad32c1f13c6453e8aaebc7f9442e51c34efc1cc96bddbc60e157b07a818bb9adfd7032d52bc093cdeaf03eedf106 |
C:\Users\Admin\Documents\GuardFox\ztf35Sy2IebzEPWHO3U10kcF.exe
| MD5 | 0a7ba92de129324b108148efed139677 |
| SHA1 | 634ef23a81d864b183cf2ea1f0bb8bf9a1fc47e6 |
| SHA256 | f04e92f6ab432dc857dab3251c2c0ce3a880a408d810d8f9e430fe62f8f9e3cc |
| SHA512 | 14e96363150ad53fedba14c60459528e22c3fadb5e7a2f6ec62bf5788794e354cd35caf5e9c7af8e19ec27e42db0274fc3396dcb6c0204aad996658b988fe4ec |
memory/1436-938-0x0000000000B77000-0x0000000000C09000-memory.dmp
memory/2896-927-0x0000000000470000-0x00000000009DC000-memory.dmp
C:\Users\Admin\Documents\GuardFox\qKYZynyy_NBhtwhTUfWTQeXE.exe
| MD5 | cae19937bf01eabc6618b719d001053a |
| SHA1 | 3ccfebbc7a00776a81e498347e54c664736a301a |
| SHA256 | da450c89b880b1d154127d2fe9bf53cc8d48b985decb881f7c4a17e376612249 |
| SHA512 | 449a18b2a1aa1df62be4dc28eeceea020d1a89e38e1210adad84f64791233da2ef6834eaf1af99b71721aeee3c324e055040a872f388ca7f4ae8fe43b227e161 |
memory/4300-922-0x0000000002350000-0x00000000023B4000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
| MD5 | fb7dd465e7d9417401670d2db856595e |
| SHA1 | 13a3ed34099ce82b16ab397315de7a7a5caff766 |
| SHA256 | 9810c5ab62e08de4520867619015aa235a54ba1284de454c22b9014061215815 |
| SHA512 | 935ca765b10c92b66af06fdb83ffeeb460db1f928560fe858c1d8560fe8a7f2ff14c4eca4891363d426bcadc87ab9a9e8feecbdcc505726d6b5be79c765a0141 |
C:\Users\Admin\Documents\GuardFox\Iz2F_E2SsHuStXA_nVq69RNt.exe
| MD5 | 95eda1020636a6a9923eb7a40c5b6f5c |
| SHA1 | 04f14970f5333e099c874c6ec5038b14e41d54fa |
| SHA256 | 2bb95a44a8033f2c637b91ec2766dffef101630a1c009cbeef0905a633c0dfeb |
| SHA512 | 4a9fea6871fb980abcb902aa8aba3e5a0152a81683773f6f492e334334a625645c0b47fe49858bdac1edf048fd30f9e1b088c9e03c41a9f691dd6e307245cb46 |
C:\Users\Admin\Documents\GuardFox\V4pYAb0MjziI6mmnQmBlqBlp.exe
| MD5 | da9bdad0df080b7c330fbe5b47c9fd60 |
| SHA1 | 9a8188f6ced264127c6b2fff5c8d6d68e25ef6c1 |
| SHA256 | 00fd22574fdc52c4af573c2f4298b13c7c5ecafbaf8de6ecbdba221762f99386 |
| SHA512 | 48ce10683a47a22f3054245f7f6e2d37d707bc9bac6bb5bbbcffe58fd3edef2af821909d563ee0d8c67c5b06a75e523326090ae74b090345ea07908d13121621 |
C:\Users\Admin\Documents\GuardFox\Iz2F_E2SsHuStXA_nVq69RNt.exe
| MD5 | ad9cf5a83e9c211f2099d573b6961584 |
| SHA1 | 0c7e1c935697490092e12eb402162f8e5377b7a4 |
| SHA256 | 1e5b67b934f63417bd1632859d85afda9be1eb03eb09c75e06b36a500f632c0d |
| SHA512 | b8e6a1f05aa3e742162b95ee784ecac91980b83b22ee78c50b50d79781918e5a70da49f468b9d48921bb37871ab372a7330d4860bbae1f81e7a02d123512d839 |
C:\Users\Admin\Documents\GuardFox\V4pYAb0MjziI6mmnQmBlqBlp.exe
| MD5 | 6f464ac85fb41827bccb4a21023378c2 |
| SHA1 | a962137656a8164b9652edc195b745e3c4910646 |
| SHA256 | d0c01aea107bdc2fa716cbf58c1974ca21815681adcdab080f5abb4ef009fddc |
| SHA512 | 6414ac437f111ae177a48a60d9eb54ea56dd5841004ec3e0c62928dbd482a24154fa40b226ff363dae8f5d5e567c370c0cf35b683e901e137782b67c63d92889 |
memory/5428-909-0x00000000008A0000-0x00000000008F8000-memory.dmp
memory/5428-965-0x00000000053A0000-0x00000000054AA000-memory.dmp
memory/2804-964-0x0000000140000000-0x0000000140876000-memory.dmp
memory/2896-967-0x0000000072E00000-0x00000000735B0000-memory.dmp
memory/5780-961-0x0000000000400000-0x0000000000889000-memory.dmp
memory/3420-963-0x0000000001060000-0x0000000001076000-memory.dmp
memory/4800-911-0x0000000002250000-0x00000000022DB000-memory.dmp
memory/4468-692-0x0000000000400000-0x000000000043C000-memory.dmp
memory/1812-685-0x0000000000900000-0x0000000000A00000-memory.dmp
memory/5964-684-0x0000000000400000-0x000000000043D000-memory.dmp
memory/1728-680-0x00007FF6B34F0000-0x00007FF6B3546000-memory.dmp
memory/4956-667-0x0000000000400000-0x0000000000414000-memory.dmp
C:\Users\Admin\Documents\GuardFox\zZoOSmhBGpbqhOnj9hrXXQ2h.exe
| MD5 | 4965e480459003ac3f00a47d255bd844 |
| SHA1 | 1206bea3e29f6d16dcf08a31227e0fb8c1240f9a |
| SHA256 | 1a9126e74e5c23ed553fa7ebd75f2ffb8c14af809415b9d3937c02fa6c4c9dde |
| SHA512 | ae66d9f1f5062e7fa1996427f1af84fdec23a7d18a45cc1a5b10479ca91a68318202daa3d95838d35b4026ea35ed9780c54e64db8f61a942ffe7898b74be9a1f |
C:\Users\Admin\Documents\GuardFox\qKYZynyy_NBhtwhTUfWTQeXE.exe
| MD5 | cc049fd8ea33fca2d865424d5f56b96e |
| SHA1 | 42e6c806f9ed72b14b1889b2484ee13fe73fc8d7 |
| SHA256 | 247fafbea6f2bfea5dea54df8f85e6830c1c6970bcbec31bdf2971f5b1441b2d |
| SHA512 | dbe84dfde6b5981d38160593df33d559dde22130f262fe5d18aa4f8b6a023c07d537354747b0aa8040eb7980bc1de2fe8106469156343e20bf6569ac3e918dfa |
C:\Users\Admin\Documents\GuardFox\EwpduaZj10LbAfghmKbC0XEl.exe
| MD5 | 78816926d26a0a3aec43cdc3c4956ab8 |
| SHA1 | 809e335d6002b6f32b162a00a51fd2332e8f8a79 |
| SHA256 | accf49b74c6162e418771f5820d677a54d4e9a3ba46d2c39c1053193afb6c035 |
| SHA512 | b0a57ffbf8316fadbdfb8569fcea3e0992cc96463cfe1d59419c65677c2920835da18beef8427e7a31b0350266978de80a2b880a3cfb458ce8ac2fec23b2b22f |
C:\Users\Admin\Documents\GuardFox\Iz2F_E2SsHuStXA_nVq69RNt.exe
| MD5 | d4ac3c5d291d72aa20980676f9b75790 |
| SHA1 | d489a1c49a672ee13d938c3858af040d169e42cb |
| SHA256 | 2bbdd13429adf2d4aa15fa035c29390e44b17e3742804d1b6426c090e015ea63 |
| SHA512 | 62f7e9eff0cff5daf10e3588ff43bc2ca0bde757ebab8f5a16fa31c15c14d0f38dfc6dd2b1e7ce4ab385c103178fdf5d3931460c1f021cc10484db86b0511442 |
memory/5428-973-0x00000000051E0000-0x000000000521C000-memory.dmp
memory/5508-968-0x0000000000460000-0x000000000115F000-memory.dmp
memory/1312-975-0x0000000077DE4000-0x0000000077DE6000-memory.dmp
memory/5964-971-0x0000000000400000-0x000000000043D000-memory.dmp
memory/5780-969-0x0000000000400000-0x0000000000889000-memory.dmp
memory/5428-978-0x0000000005290000-0x00000000052DC000-memory.dmp
memory/1312-976-0x0000000000450000-0x0000000000D64000-memory.dmp
memory/5428-982-0x0000000072E00000-0x00000000735B0000-memory.dmp
memory/840-987-0x00007FFCA0FD0000-0x00007FFCA1299000-memory.dmp
memory/1812-986-0x0000000000400000-0x000000000062E000-memory.dmp
C:\Users\Admin\AppData\Local\Web Resource Viewer\webresourceviewer.exe
| MD5 | 8543d9894171710075152f44d9aafd57 |
| SHA1 | 789e45acfa7cac7f2b7c8aa465e100c740d44635 |
| SHA256 | bd3d9c4de0f609c6f9618a036bfab5d01cdc19cf0c783132732f9a90747c7967 |
| SHA512 | 43553a779efb09c1e52b56ea43d90dd0329c32b5667cd58a78d579c9944191488b2a9e357dfb0e8a3f734bc02048d98988ecd2d2b32e22282639c302766995c0 |
memory/840-981-0x00007FF6398B0000-0x00007FF63A2F4000-memory.dmp
memory/840-991-0x00007FFCA1BD0000-0x00007FFCA1C8E000-memory.dmp
memory/1312-990-0x0000000005530000-0x00000000055C2000-memory.dmp
memory/4956-989-0x0000000000400000-0x0000000000414000-memory.dmp
memory/840-993-0x00007FFCA33F0000-0x00007FFCA35E5000-memory.dmp
memory/5916-992-0x0000000000400000-0x0000000000454000-memory.dmp
memory/1312-995-0x00000000054B0000-0x00000000054BA000-memory.dmp
memory/5628-1003-0x0000000000DC0000-0x0000000000DC1000-memory.dmp
memory/3956-998-0x0000000000BC0000-0x0000000001B73000-memory.dmp
memory/5532-1005-0x0000000000980000-0x00000000012C7000-memory.dmp
C:\Windows\System32\GroupPolicy\gpt.ini
| MD5 | 7cc972a3480ca0a4792dc3379a763572 |
| SHA1 | f72eb4124d24f06678052706c542340422307317 |
| SHA256 | 02ad5d151250848f2cc4b650a351505aa58ac13c50da207cc06295c123ddf5e5 |
| SHA512 | ff5f320356e59eaf8f2b7c5a2668541252221be2d9701006fcc64ce802e66eeaf6ecf316d925258eb12ee5b8b7df4f8da075e9524badc0024b55fae639d075b7 |
memory/4300-1020-0x0000000072E00000-0x00000000735B0000-memory.dmp
memory/5428-1019-0x0000000005620000-0x0000000005686000-memory.dmp
memory/5628-1006-0x0000000000400000-0x0000000000D40000-memory.dmp
C:\Windows\System32\GroupPolicy\Machine\Registry.pol
| MD5 | cdfd60e717a44c2349b553e011958b85 |
| SHA1 | 431136102a6fb52a00e416964d4c27089155f73b |
| SHA256 | 0ee08da4da3e4133e1809099fc646468e7156644c9a772f704b80e338015211f |
| SHA512 | dfea0d0b3779059e64088ea9a13cd6b076d76c64db99fa82e6612386cae5cda94a790318207470045ef51f0a410b400726ba28cb6ecb6972f081c532e558d6a8 |
memory/5532-1002-0x00000000034E0000-0x00000000034E1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7eDL.CPL
| MD5 | e5e00238ad2cf184e54237951df4daa0 |
| SHA1 | 30b44c9ef00259704f4f51b472a66ad153f85ca9 |
| SHA256 | f41b440c1222e5a5edcce6af4ce8953df7e0e452718966cc3e4e79cd1397623b |
| SHA512 | c47bc03a3c96bbd9081562602d5238caebf0a5bee1506ae233dd672fecb12ee66b14871e251ef319a76b8ed8d2630c176c2c6befde52993734988fd9bb2ca3f9 |
memory/1812-1033-0x0000000061E00000-0x0000000061EF3000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7eDl.cpl
| MD5 | af90b0d4141e3024662bac83e4f48206 |
| SHA1 | 882f8c053cac13ac0dc7927f757b6df1e9d7471b |
| SHA256 | 09e76675aa5b993f36384bfa97b94869178c8e75eb731e1f51f507573aa40310 |
| SHA512 | 5bbd966ee76c77eece767e6f824a8982d3ee68ae74b4caa7bbfcde65febf6a41a02763724fe9665940e928afbf159cc712fc540cfba1439561974b4d84cab4be |
C:\Users\Admin\Documents\GuardFox\JTb0PxmZFALhKcqoAtyuiktg.exe
| MD5 | ba8c91e4dc237de34a9a91004d04eb50 |
| SHA1 | 506d20662fefda05993536b66b1c44f607fba7cd |
| SHA256 | 11f45adf6d94e5bb036cb104e476b5cd57abe6fa7915ea01475b8ac606c02e00 |
| SHA512 | ccf2691b1c62f9794451dcbbe0e22b979d33f76082b171cb2ab4d70ced64868450237db3ec105c8032f30b80340ee6cbbdbe5d3ce62a6aa2e8f26bdbbbae3dc3 |
memory/1312-1054-0x0000000076AD0000-0x0000000076BC0000-memory.dmp
memory/3956-1056-0x0000000076AD0000-0x0000000076BC0000-memory.dmp
memory/1312-1058-0x0000000076AD0000-0x0000000076BC0000-memory.dmp
memory/1312-1063-0x0000000076AD0000-0x0000000076BC0000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A65DBECD82A40019E873CE4ED0A79570
| MD5 | 45f01cde87b673a91026d282f79c395b |
| SHA1 | 0120b973caa006b996dcfc96ec6df937699b33de |
| SHA256 | 60f1e0c875ffe512dd10b4cdd854b298813219ee8e3a54827cfaa5e8d709feb6 |
| SHA512 | 94d187f61ee070092370ea56a3072854b1eaba02d479216855c5ae7079cbd2024620eaef4bb7c81ad28f76094cbcf64f400b3e3faf1d8001fbd55be004b70848 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A65DBECD82A40019E873CE4ED0A79570
| MD5 | e901cfece1b8674aaed4ac5a9e1ff7f8 |
| SHA1 | 21767f76932d1e1fb587ba437fd50affc1d97d8c |
| SHA256 | 45699fef9dfc5acd462e20ee732df1948ffc19750cac02284e8120015cb41ae8 |
| SHA512 | eadc1382204877bb2b6d4ec496412f2e043ea3bf0e8ee5bbed5e3dad92a3fd68fa7ff2c24de91dce5bd7cde3d9896cea686c3cf95d7de10ce0db2ea0000e4c80 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C
| MD5 | 589fde611353f6b2fa8c8afe88af1a0a |
| SHA1 | 57c87e13a64ce89bd6a6caf50e4926351675a5ee |
| SHA256 | 15c8ba6bd7d3bbec3363f20b6b32429a89ae276096ff587565da98d29529fc6e |
| SHA512 | 2ba829042e83bbbbc2be7239c31d322a6b7267b1afe7df6a2887d65ae0fb88de05f713dc038703ebebd10aad96d2ac75d4e55841dd6774263c3e319b8343923d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C
| MD5 | d2cf38c2dbb1209bc8987b5ee6ccfedf |
| SHA1 | 64e373568d144b634f8468c97f8b8ea4bde3e4a4 |
| SHA256 | 156dd420cfccc9472d5dc14afe3e715de5d47e537ccda59316a9be8e581e4d7b |
| SHA512 | 0509266293adc85819e6accb72337af6ed9a72e974b866ae5854dfd2a5055525380eb9f3dc39548de896e61b65b28f390c94ef579368a941af4bcc8fff9b7f2a |
C:\Users\Admin\Documents\GuardFox\JW2xld96xf8kgJdQEwqnGgrz.exe
| MD5 | 46f510b451021ce27537693e8dbf7420 |
| SHA1 | c294aaf7f325f1ace8f40920ce89d564fee9c9f9 |
| SHA256 | 1dabb6e2edabd4167a3a570bd70c7f47ae96f32fc74348b8bf22319be4de4b7d |
| SHA512 | 53f25eb50c4fe7124ba64842fb419639d0c3abe1f8ed8b311e43a5ff8efc2d33cd97e65012bcf3ed8fabd0a193fa5d0660b53da56636e3a455bd04af2229abec |
memory/5428-1075-0x0000000006090000-0x0000000006106000-memory.dmp
C:\Users\Admin\Documents\GuardFox\k9Keflj4cumGOB0nHrIBIism.exe
| MD5 | eab12c1dabdc764b86cf9afa8cbdacef |
| SHA1 | b235a5f11926483c63a08d7223fbc54fff6d2953 |
| SHA256 | 51d89b14cb52fd26a3995958fae9124ab774f00994ac9e3aa64ea52955fde8f0 |
| SHA512 | 3547550905ec8aef76a816c81e3d9c5a59d9e0ffe9c060b835ea5c545c20ef56c14ed4accfd9d76e951baff4f894c0f5ffee7f5b0db2716aa710178d075a7abe |
memory/5428-1107-0x0000000006270000-0x000000000628E000-memory.dmp
C:\Users\Admin\Documents\GuardFox\JW2xld96xf8kgJdQEwqnGgrz.exe
| MD5 | b55217b178b74e29da3a7ca7a714ab54 |
| SHA1 | f1d3bfe7b83fd50408cd678e48587e7a6f5618d1 |
| SHA256 | 33b7a904b67bce952eff98b55e33c9d39fbd29f6cc3c2677fc0cc1a5b3f4d3b2 |
| SHA512 | ef1418c5c8a3607d681e8ebbfabfbd2f9268bbd954e5a05b7c0d4d6abf60aa3bc533e2ade24bfc9ef02202f7421a853739c596176ef85dadf16e3041805a6a65 |
C:\Users\Admin\Documents\GuardFox\JW2xld96xf8kgJdQEwqnGgrz.exe
| MD5 | 0099a99f5ffb3c3ae78af0084136fab3 |
| SHA1 | 0205a065728a9ec1133e8a372b1e3864df776e8c |
| SHA256 | 919ae827ff59fcbe3dbaea9e62855a4d27690818189f696cfb5916a88c823226 |
| SHA512 | 5ac4f3265c7dd7d172284fb28c94f8fc6428c27853e70989f4ec4208f9897be91720e8eee1906d8e843ab05798f3279a12492a32e8a118f5621ac5e1be2031b6 |
memory/2804-1140-0x0000000140000000-0x0000000140876000-memory.dmp
memory/5428-1144-0x0000000008350000-0x00000000083A0000-memory.dmp
memory/5428-1143-0x0000000007D30000-0x0000000007EF2000-memory.dmp
memory/5428-1147-0x00000000088D0000-0x0000000008DFC000-memory.dmp
memory/4800-1148-0x000000000345F000-0x0000000003850000-memory.dmp
memory/4800-1146-0x0000000003450000-0x000000000345F000-memory.dmp
C:\Windows\System32\GroupPolicy\GPT.INI
| MD5 | 93b3886bce89b59632cb37c0590af8a6 |
| SHA1 | 04d3201fe6f36dc29947c0ca13cd3d8d2d6f5137 |
| SHA256 | 851dd2bb0f555afaef368f1f761154da17360aeea4c01b72e43bf83264762c9f |
| SHA512 | fc7baef346b827c3a1338819baa01af63d2d4c31f3f7e17b6f6b72adab70de81872a67e8f3c1a28453abb595dbac01819a9bcff0710e9651a45deaf2f89e65fb |
memory/5800-1161-0x00000000022F0000-0x00000000022FF000-memory.dmp
memory/5800-1162-0x00000000022FF000-0x00000000026F0000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | f924638b5f0f0fbd9c84107135c0f158 |
| SHA1 | 7091b773861c8ca03263769f4ab0b605a2da374d |
| SHA256 | 1c9edc08c17683bc6af3f79a4929e07844b2d8db08edd9d93f044ae69190f0b3 |
| SHA512 | f4f4af48b1dbd2842e8d34e51fb8907309d10252f311fecfdc69eb67171d4893fe3e70d89b47bc00268c9728b83bc10daf4e5badd382e380130d479a3160fc13 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | 8202a1cd02e7d69597995cabbe881a12 |
| SHA1 | 8858d9d934b7aa9330ee73de6c476acf19929ff6 |
| SHA256 | 58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5 |
| SHA512 | 97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | 9cb5fed1df4d67fc4dbf77eb46d75f80 |
| SHA1 | cd045c2bc1753c4bd55e09cd7f6822ed81ab6f7a |
| SHA256 | 886ddf853ace08da35f7e95b04676b7b30d861e349cbc1a706d8fe74ffd83bfd |
| SHA512 | 4bd7801fcf0636cebb1736930944cfbbadb8ebe5086a90621a88bb4987a42f9840f40d1524511111080cdaeb400933e139335561859521a63c8eaa4cc5b3c717 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | b0e04da50e22c31e5a1bcd823b31bc0a |
| SHA1 | 834ed42ea8cc071f41030231dfd38dbdd3a92c33 |
| SHA256 | b97307b15450163273d276f2918012e7afbcb2dfe9359886402fc7acbc198031 |
| SHA512 | 37f70063bf02ed58b18dba6b1986fae9d57a6b54cded5d929098dab98fe450e81a8461c59e3f19a7e45c2b59295494264322747427cd1a30cdb3cbdd12238df5 |
C:\Users\Admin\Documents\GuardFox\qemu-ga.exe
| MD5 | a5ce3aba68bdb438e98b1d0c70a3d95c |
| SHA1 | 013f5aa9057bf0b3c0c24824de9d075434501354 |
| SHA256 | 9b860be98a046ea97a7f67b006e0b1bc9ab7731dd2a0f3a9fd3d710f6c43278a |
| SHA512 | 7446f1256873b51a59b9d2d3498cef5a41dbce55864c2a5fb8cb7d25f7d6e6d8ea249d551a45b75d99b1ad0d6fb4b5e4544e5ca77bcd627717d6598b5f566a79 |
memory/2088-1183-0x0000000000930000-0x0000000000938000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe
| MD5 | 2c87a61333897fbcf530ba0365d2e700 |
| SHA1 | e1f24cb583d0c8c8a95e14557d0b01150d3071b6 |
| SHA256 | 59d86aaa9d414ed5f0f812ea097166c707c78577589237047fde983b0ff62c2c |
| SHA512 | 52ce5c37d34134edece4c399739e13000b7947a218a6c66effec847a7eb0ab995705f4eec1caabf95d496a54c8deecf5ecb118acf5121c9ec6cffe5debd4de7b |
C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe
| MD5 | 5a92aeb22e361ebcfbd975c5e18b614b |
| SHA1 | a746eaf6e2ec4bb5caa1130cd5f74221f0711bc3 |
| SHA256 | 9c59160407afc133e707bceee91d12b492a5e77982893d9bad73219b39085579 |
| SHA512 | e4341bf9744ea055df9b8a23b3760711c755192a9f7976538a57d30cfeb67fa51240271651bc2bb8587492cd6812de3e533bdd51a89c77b2291538adccd72b42 |
C:\ProgramData\mozglue.dll
| MD5 | d8eac53987b5005a3ebae4be5e3649d3 |
| SHA1 | baa011a3884297b14fe1de242b9dd2728681a67d |
| SHA256 | 9c6f457c53026bb88aac7925859900c1a4de5ffdf65aaf41d5dcc9d56eb1bfde |
| SHA512 | 8cb624fa3c8d0b2478b3e08e32551688418a277af5931004b07759b653a0204b0d578c382120e0abe4472eba7512408e68b7ff7cb30c9a70c1616c8407fb5bd4 |
C:\Users\Admin\AppData\Local\Temp\1000114001\InstallSetup8.exe
| MD5 | bb4b21aa7671e0baec96eba7864aa8e2 |
| SHA1 | d8353c2ae3748cf70a88651b5b66c3a71502a01b |
| SHA256 | 2593a7f5a9dc149268edb4879fbbc5df773b08deebfcdc391f66ad07597b2016 |
| SHA512 | c07f0eb40d4aabd3051d57e226e0789b5c419a6368a636fdcafd1189d70c4b06fcdeb89d43fdbd7e95e8e1828e6f2e4c8ee75a233a0d6a111cc6307f02bea09f |
C:\Users\Admin\AppData\Local\Temp\1000115001\toolspub1.exe
| MD5 | 7425a083398b17d64cfb52a00d48db50 |
| SHA1 | ef24f4394fe0ccfe21c5e0c025c2b04884c3d295 |
| SHA256 | ea73f95c11dc2dee2df70f6cdf91f2283ed93f02e7d374e1ced51adb1e8aa2c2 |
| SHA512 | 3e38161eb5c845b287374c095246b96ae885140b9696d39a59ddbccd761f7f4e1e460e8a4a2931e070bacfa93aa8117a70334d5f237a51b94ebabf0f616c684b |
C:\ProgramData\Are.docx
| MD5 | a33e5b189842c5867f46566bdbf7a095 |
| SHA1 | e1c06359f6a76da90d19e8fd95e79c832edb3196 |
| SHA256 | 5abf8e3d1f78de7b09d7f6fb87f9e80e60caacf13ef3c1289665653dacd7c454 |
| SHA512 | f2ad3812ec9b915e9618539b0f103f2e9acaad25fbbacd84941c954ce070af231324e83a4621e951c1dbae8d40d50410954e40dd52bbd46e34c54b0d1957407b |
C:\Users\Admin\AppData\Local\Temp\nsj4E7A.tmp\INetC.dll
| MD5 | 40d7eca32b2f4d29db98715dd45bfac5 |
| SHA1 | 124df3f617f562e46095776454e1c0c7bb791cc7 |
| SHA256 | 85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9 |
| SHA512 | 5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d |
C:\Users\Admin\AppData\Local\Temp\1000119001\FirstZ.exe
| MD5 | 162f0dde22d09397c77318df6da77f87 |
| SHA1 | d4215189ee53cb5a00aa52eef962c20d6cdc2b63 |
| SHA256 | ea4d490e028ab7abca09e3b981596808b333bfece1667f2c6d65f8f5ef5da481 |
| SHA512 | 6e187adfd4dc94932b39c1ac19416bb88f93a7f27af86a2c827f382017e21ca82b5f2aff827b25991a25cf3fa2b5cd8c903ee221382d751ef03a836d582ca21a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ceoajhiemdnnjfbilpkblfjghmmbhbda\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 898ce1b4e9ccc82fc5f85614d29597a8 |
| SHA1 | 4f7dfec452a53a133165f1959abefbcb922135fe |
| SHA256 | 9677aecea5733abe1ff96ed44c7433801b66aafe8f709dd5c6996394cc67d950 |
| SHA512 | 21ca32c276993ddd8da1d2c5eb8335f75dbf87050f3533d75392ae07ba646dbb10d9b72fc9846b630ccb6c00e08c80a1f6c61d9b4032475322160c4b35af0fdd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 41b14389b4aa198ff0ad6288da442f89 |
| SHA1 | 2fca0116c34bc7a00552e79dc9da4800581925af |
| SHA256 | f47ecfa9118bcc33545be89741e528e86d169bbc9a1fddcc2eb73e0820342731 |
| SHA512 | 470a8520387fbfd2641b9c45fa1a1c34af616b0ec63ac87840419991470b65cad4b14ee424e68764655fae45773377d5ac5284bffe77557f737c96913a519ed8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 48d74d3db0f339870d96eab2a28219e0 |
| SHA1 | 4e98b32e1304128e859167423b78b3af71416d8b |
| SHA256 | 0d192a45029e7d63f36f772b45754945e6aafc9a3a61681755b9ec4f4ca1a681 |
| SHA512 | a68b16debc525212ce745ffe495f56f94349e437360d9bb006da87e554ca7d98ac8b9561ddd5b548d668f1e45676b40c7408fadfa4bc8e188b728388096e935e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 43006352d0e7ee8cf655edea38e0425e |
| SHA1 | 1aa2a1ef78075e67cdb42dd2340f9f0912dcfee1 |
| SHA256 | 05a8c478ce70187867e574a4cd156b06a861c2b8ec326ebbc323b0686d5d6cb8 |
| SHA512 | 8655c2752445d5b3accd1064ade37b0c527881c8cc4b9f0ebfb25bde39afc43babf547be75a749dc13ee0a6d5044d2418501e61b328ba615d5b51eaea2474a52 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5882b8.TMP
| MD5 | ad53bb075d09d1d0687136c4d6c85e55 |
| SHA1 | 09efebe4bf539f48255795b4fdeb63d0627343a9 |
| SHA256 | bc909f379285232117a53e307c2c370ac1537f449ee0afbd9b1581aa02ee0ff6 |
| SHA512 | 930c86a3b449cd2519bd4af5da68e2ccab03c092f4fd466d69ebe65111197c69b67b28ffa6a0592a36f46697373243ac9614ada61640f7c701dfba0027866dc7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 509ec7fac37ab5d2f3d7f296f7491071 |
| SHA1 | 472e6ee776262147b90e3713b2413cc1152f5f33 |
| SHA256 | f3a11da2f92fad3498bade15472b602799c9d78a7bb3af7085d44d9fedd51791 |
| SHA512 | 26482ed59217fefa962feaec138591ccee7f874f19426247a78a89ab8286ac597a7e98a26fc10c0d8b0d6cd609d706c6761544ea2199f6707a408eb45945b041 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5173333756c00117e23a58e41c5f2b2f |
| SHA1 | e311444b48ccbd0da556a7126f8b35aa77f95bc4 |
| SHA256 | a67f17e4cbb4b7ec70e7961315d6ca1292630fedcdb545d6dc18c3834c7d345a |
| SHA512 | fbc14d393cb72f79803cf282d9ad2097e4c7a4e7c01fcd8b9bbaac6bb16d7e4cf591ace208ba900a023db66460627341ef6bb9af3b987a0f33d9ce80d2d0b923 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\22916dda388fdd5c24ab9c90241be0b2
| MD5 | c9ff7748d8fcef4cf84a5501e996a641 |
| SHA1 | 02867e5010f62f97ebb0cfb32cb3ede9449fe0c9 |
| SHA256 | 4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988 |
| SHA512 | d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73 |
C:\ProgramData\HJJDGHCB
| MD5 | f9eceb2b3b8275bde4b42e88496e0fcd |
| SHA1 | 05796a4fe4b2a239a397c5e22923f65bbff7c235 |
| SHA256 | 89a147914373346218860e18036bbfad419d0cd7109ddf96b7332f68842bf99f |
| SHA512 | 216ad74d6f8d7adcaac616dcbfda838c707121f5f279bc3b3c941f431b1252f1a4ba2cc70dd29ccb574cfbc6f2e8d18c00acf3863052bac4f53bccbfacdd72e7 |
C:\ProgramData\GDBAKEGI
| MD5 | f70aa3fa04f0536280f872ad17973c3d |
| SHA1 | 50a7b889329a92de1b272d0ecf5fce87395d3123 |
| SHA256 | 8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8 |
| SHA512 | 30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84 |
C:\ProgramData\nss3.dll
| MD5 | 1cc453cdf74f31e4d913ff9c10acdde2 |
| SHA1 | 6e85eae544d6e965f15fa5c39700fa7202f3aafe |
| SHA256 | ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5 |
| SHA512 | dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571 |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_s3zkot5z.nnn.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
C:\Users\Admin\AppData\Local\Temp\is-BHOJ3.tmp\_isetup\_shfoldr.dll
| MD5 | 92dc6ef532fbb4a5c3201469a5b5eb63 |
| SHA1 | 3e89ff837147c16b4e41c30d6c796374e0b8e62c |
| SHA256 | 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87 |
| SHA512 | 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3 |
C:\Users\Admin\AppData\Local\Web Resource Viewer\lang\is-NT5H7.tmp
| MD5 | 54ffd881611a92540e4c85e2759278c9 |
| SHA1 | ef0c1ec4f6efe6abdf9a23f1adcd88c4ec5b4348 |
| SHA256 | d075cbfb1b43dadcdac8cf572c18689134e59319fbe425e82c7bb7c4e7d5948c |
| SHA512 | d9f77cacb264d080e12e765cba3e1cc69a19c186526bbcb25d093e0a83b4b4b8beef37a4acf2e803a08eb76c77d4a97a21fea74475d6d9d16a63f2137ab6253b |
C:\Users\Admin\AppData\Local\Web Resource Viewer\lang\is-MQBOV.tmp
| MD5 | 8f920115a9ac5904787bc4578f161a52 |
| SHA1 | 941332d718cf5161881ca903b2fb125124cac68b |
| SHA256 | f8b63fa29af4c7cff131bf14fbdaac8e6b6945444e0f13e57417fea4a3de1a6b |
| SHA512 | b8521748d276de667e2013c697005adc45e405fee9a9970b80427cb47ba829e2f9e31fdae2bafc54cca5aeaa4c371f4d25e1ea34989eea19e732fd129abfa1c2 |
C:\Users\Admin\AppData\Local\Web Resource Viewer\lang\is-7HVRI.tmp
| MD5 | 613ccb3ab7bc5304da08120a11bb34f2 |
| SHA1 | 9e1231dc2ddc6deb2a66d494c45f0dfcf04b1d97 |
| SHA256 | 565efa1b0407d221b1e6bc44811f529f98fe4d9ffb6e756b56b9525acb87ce28 |
| SHA512 | d27efae6748105c343abcdc8777d2c5065bc342569af2fd3bee92544a01ad4caefe359adf69fa56bae1fbc87f86575b797c20d821a42869d0b34ab1004b0138a |
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp
| MD5 | aef61b590ca96fc1059db0dc49023c36 |
| SHA1 | 65390c6244122f2f7d4557aac80db38e5e7ad181 |
| SHA256 | 13e2478d80f37d5bc020a0ff2083728608c99dbe57420f58e01dfaf8ca0d3b27 |
| SHA512 | 98c838ad8071bfcbccbf36a5114c7e0b90b807291498e09f7753106e08d5541f3b9dc9d2843f3fb7b55584ecd44f9ebc1b6c6668a623bba2c2bbcfe6006608be |
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | 2301cdc3d53e8dfcdecaaef8489e742c |
| SHA1 | 26da14bded164c2477f1fa3837fc70ef89736c60 |
| SHA256 | 0d36b3f0f173b44aac7ac3a61676146ea2369162ffe1c14854c89bb069ebbf8c |
| SHA512 | 51dc334026485b8264873c6b738520ac93d0fa3de6a465b88dd8a3aa48c55faec6003ea064afece29cf6a9e4b5958981002a1ec369955a6f3cb763470d5c7ee8 |
C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe
| MD5 | a73520525514801e915d6acc15243304 |
| SHA1 | f67775f245cc47ef12f7529345f7cb49d9237e80 |
| SHA256 | 5c145a591cef8f4553d47941fc3d56495f24dbc58aa8d0157905caebdb281f9f |
| SHA512 | 9b156205a18cbed8cb9c8021dc4a0d14e4203c046bfedf177aad8f3ba673885865c4d46d71102d602dfd35279293f921db7c30dd7e9486c8bd1b9bb9c98d4d01 |
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new
| MD5 | dc8d5c934396621184322266f24335c4 |
| SHA1 | b0273003df4ed68dade4a5838df375afb877f304 |
| SHA256 | eb39dd63dfaee1038ffd50c5ef68553c313c976f831409b8fa7e15f49410069c |
| SHA512 | cd99f9edab7485c7d82e52247914476b100ec4024a879e95a1e053333ea89d8dce21efb7908823493714cd81f3545f915e8fab194e3bd7e1c456e63b57750965 |