Analysis Overview
SHA256
5c9ec77a657f11d8600eec7c726c1cdf618f402aa9ed1f3fa6a8f1f3380d0b29
Threat Level: Known bad
The file setup.exe was found to be: Known bad.
Malicious Activity Summary
RedLine
RisePro
Detect ZGRat V1
RedLine payload
Detected Djvu ransomware
Djvu Ransomware
Stealc
Amadey
SmokeLoader
ZGRat
Creates new service(s)
Downloads MZ/PE file
Stops running service(s)
Themida packer
Reads user/profile data of web browsers
Modifies file permissions
Checks computer location settings
.NET Reactor proctector
Unexpected DNS network traffic destination
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
Drops file in System32 directory
AutoIT Executable
Launches sc.exe
Enumerates physical storage devices
Program crash
Kills process with taskkill
Suspicious behavior: EnumeratesProcesses
Views/modifies file attributes
Creates scheduled task(s)
Enumerates processes with tasklist
Delays execution with timeout.exe
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-01-24 11:55
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-01-24 11:52
Reported
2024-01-24 11:59
Platform
win10-20231215-en
Max time kernel
30s
Max time network
179s
Command Line
Signatures
Detect ZGRat V1
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detected Djvu ransomware
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Djvu Ransomware
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
RisePro
SmokeLoader
Stealc
ZGRat
Creates new service(s)
Downloads MZ/PE file
Stops running service(s)
.NET Reactor proctector
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1968775928-2924269989-3510977013-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Reads user/profile data of web browsers
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.myip.com | N/A | N/A |
| N/A | api.myip.com | N/A | N/A |
| N/A | api.2ip.ua | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | api.2ip.ua | N/A | N/A |
| N/A | api.myip.com | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | api.myip.com | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | api.2ip.ua | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | api.2ip.ua | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\GroupPolicy | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy\gpt.ini | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| File created | C:\Windows\System32\GroupPolicy\Machine\Registry.pol | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy\GPT.INI | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
Program crash
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\setup.exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s fhsvc
C:\Users\Admin\Documents\GuardFox\YTox_MCSKRwJHg1SpZK8Y98k.exe
"C:\Users\Admin\Documents\GuardFox\YTox_MCSKRwJHg1SpZK8Y98k.exe"
C:\Users\Admin\Documents\GuardFox\zQy0NOgy1Rb7OqdRZdgs_hO1.exe
"C:\Users\Admin\Documents\GuardFox\zQy0NOgy1Rb7OqdRZdgs_hO1.exe"
C:\Users\Admin\Documents\GuardFox\DFyMfvObJ8usnTwdj1GztYQE.exe
"C:\Users\Admin\Documents\GuardFox\DFyMfvObJ8usnTwdj1GztYQE.exe"
C:\Users\Admin\Documents\GuardFox\cmNy3IB9_5EvlEYHGF9GW0SQ.exe
"C:\Users\Admin\Documents\GuardFox\cmNy3IB9_5EvlEYHGF9GW0SQ.exe"
C:\Users\Admin\Documents\GuardFox\Cns1cHGKmXhz_HXdav4nLNRw.exe
"C:\Users\Admin\Documents\GuardFox\Cns1cHGKmXhz_HXdav4nLNRw.exe"
C:\Users\Admin\Documents\GuardFox\jXfmGilbDyI8ckBR530IqRzM.exe
"C:\Users\Admin\Documents\GuardFox\jXfmGilbDyI8ckBR530IqRzM.exe"
C:\Users\Admin\Documents\GuardFox\2rNhNEcNw_ySloYfdlydl5Vc.exe
"C:\Users\Admin\Documents\GuardFox\2rNhNEcNw_ySloYfdlydl5Vc.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 480
C:\Users\Admin\AppData\Local\Temp\is-7OP8H.tmp\Cns1cHGKmXhz_HXdav4nLNRw.tmp
"C:\Users\Admin\AppData\Local\Temp\is-7OP8H.tmp\Cns1cHGKmXhz_HXdav4nLNRw.tmp" /SL5="$20278,3301412,119808,C:\Users\Admin\Documents\GuardFox\Cns1cHGKmXhz_HXdav4nLNRw.exe"
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST
C:\Users\Admin\Documents\GuardFox\fFA6TKdlXa1JDaLwE3bYzWaz.exe
"C:\Users\Admin\Documents\GuardFox\fFA6TKdlXa1JDaLwE3bYzWaz.exe"
C:\Users\Admin\Documents\GuardFox\TMcIOeEwMsIWBGXFNbolMUOJ.exe
"C:\Users\Admin\Documents\GuardFox\TMcIOeEwMsIWBGXFNbolMUOJ.exe"
C:\Users\Admin\Documents\GuardFox\GROqsGl6h90I0zXqq4gFbf4x.exe
"C:\Users\Admin\Documents\GuardFox\GROqsGl6h90I0zXqq4gFbf4x.exe"
C:\Users\Admin\Documents\GuardFox\d4rpp5b1IR2uXI0gZxCsIs9A.exe
"C:\Users\Admin\Documents\GuardFox\d4rpp5b1IR2uXI0gZxCsIs9A.exe"
C:\Users\Admin\Documents\GuardFox\DhI9_2NRkwmRCsofJ3GRJ0x6.exe
"C:\Users\Admin\Documents\GuardFox\DhI9_2NRkwmRCsofJ3GRJ0x6.exe"
C:\Users\Admin\Documents\GuardFox\euCU7vfPHsacTg9i0zqHqBRD.exe
"C:\Users\Admin\Documents\GuardFox\euCU7vfPHsacTg9i0zqHqBRD.exe"
C:\Users\Admin\Documents\GuardFox\XTRA7YjGlK9Vd_LQIh5SzwaW.exe
"C:\Users\Admin\Documents\GuardFox\XTRA7YjGlK9Vd_LQIh5SzwaW.exe"
C:\Users\Admin\Documents\GuardFox\KjIIxd9k00s3liYBG782ijI5.exe
"C:\Users\Admin\Documents\GuardFox\KjIIxd9k00s3liYBG782ijI5.exe"
C:\Users\Admin\Documents\GuardFox\fFA6TKdlXa1JDaLwE3bYzWaz.exe
"C:\Users\Admin\Documents\GuardFox\fFA6TKdlXa1JDaLwE3bYzWaz.exe"
C:\Users\Admin\Documents\GuardFox\G0RX5STvE17sZf_g2LwWvby6.exe
"C:\Users\Admin\Documents\GuardFox\G0RX5STvE17sZf_g2LwWvby6.exe"
C:\Users\Admin\Documents\GuardFox\ioJ9tsr0R3KhvVCNQfnDbb4O.exe
"C:\Users\Admin\Documents\GuardFox\ioJ9tsr0R3KhvVCNQfnDbb4O.exe"
C:\Users\Admin\Documents\GuardFox\aGBF9ZWcO9LXdG3njGUruh8W.exe
"C:\Users\Admin\Documents\GuardFox\aGBF9ZWcO9LXdG3njGUruh8W.exe"
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST
C:\Users\Admin\AppData\Local\UUID Code Generator\uuidcodegenerator.exe
"C:\Users\Admin\AppData\Local\UUID Code Generator\uuidcodegenerator.exe" -i
C:\Users\Admin\AppData\Local\UUID Code Generator\uuidcodegenerator.exe
"C:\Users\Admin\AppData\Local\UUID Code Generator\uuidcodegenerator.exe" -s
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\WinTrackerSP\WinTrackerSP.exe" /tn "WinTrackerSP HR" /sc HOURLY /rl HIGHEST
\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s fhsvc
C:\Windows\SysWOW64\control.exe
"C:\Windows\System32\control.exe" "C:\Users\Admin\AppData\Local\Temp\LgU0.CPl",
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\WinTrackerSP\WinTrackerSP.exe" /tn "WinTrackerSP LG" /sc ONLOGON /rl HIGHEST
C:\Users\Admin\AppData\Local\Temp\msvcp_win\UniversalInstaller.exe
C:\Users\Admin\AppData\Local\Temp\msvcp_win\UniversalInstaller.exe
C:\Users\Admin\AppData\Roaming\msvcp_win\UniversalInstaller.exe
"C:\Users\Admin\AppData\Roaming\msvcp_win\UniversalInstaller.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\LgU0.CPl",
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH1\MPGPH1.exe" /tn "MPGPH1 HR" /sc HOURLY /rl HIGHEST
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Users\Admin\AppData\Local\e4015202-61dd-4570-8a14-85fa4c607041" /deny *S-1-1-0:(OI)(CI)(DE,DC)
C:\Users\Admin\Documents\GuardFox\8dFUuPXhaghlBY9svrSYVMq9.exe
"C:\Users\Admin\Documents\GuardFox\8dFUuPXhaghlBY9svrSYVMq9.exe"
C:\Users\Admin\AppData\Local\Temp\jobA4ceFM88uXfjtJg\jTVSOKTat72Un0WaBRx0.exe
"C:\Users\Admin\AppData\Local\Temp\jobA4ceFM88uXfjtJg\jTVSOKTat72Un0WaBRx0.exe"
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH1\MPGPH1.exe" /tn "MPGPH1 LG" /sc ONLOGON /rl HIGHEST
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Users\Admin\AppData\Local\Temp\jobA4ceFM88uXfjtJg\nnX7HtMrOQ6I_QDZnwrI.exe
"C:\Users\Admin\AppData\Local\Temp\jobA4ceFM88uXfjtJg\nnX7HtMrOQ6I_QDZnwrI.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0x4c,0xd8,0x7ff9fc949758,0x7ff9fc949768,0x7ff9fc949778
C:\Users\Admin\AppData\Local\Temp\jobA4ceFM88uXfjtJg\yUm2oxq11KRJxZQ9zZ9D.exe
"C:\Users\Admin\AppData\Local\Temp\jobA4ceFM88uXfjtJg\yUm2oxq11KRJxZQ9zZ9D.exe"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN 8dFUuPXhaghlBY9svrSYVMq9.exe /TR "C:\Users\Admin\Documents\GuardFox\8dFUuPXhaghlBY9svrSYVMq9.exe" /F
C:\Users\Admin\AppData\Local\Temp\jobA4ceFM88uXfjtJg\eXkD5E9oTVdnY4nrg9t0.exe
"C:\Users\Admin\AppData\Local\Temp\jobA4ceFM88uXfjtJg\eXkD5E9oTVdnY4nrg9t0.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\Admin\Documents\GuardFox\cmNy3IB9_5EvlEYHGF9GW0SQ.exe" & del "C:\ProgramData\*.dll"" & exit
C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe
"C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe"
C:\Windows\SysWOW64\timeout.exe
timeout /t 5
C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe
"C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe"
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\LgU0.CPl",
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\LgU0.CPl",
C:\Users\Admin\AppData\Local\Temp\jobA4ceFM88uXfjtJg\TsAYr9HGL5Mue6Ojasq1.exe
"C:\Users\Admin\AppData\Local\Temp\jobA4ceFM88uXfjtJg\TsAYr9HGL5Mue6Ojasq1.exe"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN explorhe.exe /TR "C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe" /F
C:\Users\Admin\AppData\Local\Temp\1000114001\InstallSetup8.exe
"C:\Users\Admin\AppData\Local\Temp\1000114001\InstallSetup8.exe"
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 1224
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Users\Admin\AppData\Local\Temp\1000115001\toolspub1.exe
"C:\Users\Admin\AppData\Local\Temp\1000115001\toolspub1.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1816 --field-trial-handle=2180,i,9792089055279853576,13313216801956571691,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1768 --field-trial-handle=2180,i,9792089055279853576,13313216801956571691,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=2180,i,9792089055279853576,13313216801956571691,131072 /prefetch:2
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 480
C:\Users\Admin\AppData\Local\Temp\nslD1B5.tmp
C:\Users\Admin\AppData\Local\Temp\nslD1B5.tmp
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2992 --field-trial-handle=2180,i,9792089055279853576,13313216801956571691,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2984 --field-trial-handle=2180,i,9792089055279853576,13313216801956571691,131072 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\jobA4ceFM88uXfjtJg\8EJqwAAKM4eiWpqUJQyt.exe
"C:\Users\Admin\AppData\Local\Temp\jobA4ceFM88uXfjtJg\8EJqwAAKM4eiWpqUJQyt.exe"
C:\Users\Admin\AppData\Local\Temp\1000495001\SetupPowerGREPDemo.exe
"C:\Users\Admin\AppData\Local\Temp\1000495001\SetupPowerGREPDemo.exe"
C:\Users\Admin\AppData\Local\Temp\1000117001\rty27.exe
"C:\Users\Admin\AppData\Local\Temp\1000117001\rty27.exe"
C:\Windows\SysWOW64\chcp.com
chcp 1251
C:\Users\Admin\AppData\Local\Temp\d887ceb89d\qemu-ga.exe
"C:\Users\Admin\AppData\Local\Temp\d887ceb89d\qemu-ga.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 2028
C:\Users\Admin\AppData\Local\Temp\1000119001\FirstZ.exe
"C:\Users\Admin\AppData\Local\Temp\1000119001\FirstZ.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4564 --field-trial-handle=2180,i,9792089055279853576,13313216801956571691,131072 /prefetch:8
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\Admin\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F
C:\Users\Admin\AppData\Local\Temp\1000544001\Zjqkz.exe
"C:\Users\Admin\AppData\Local\Temp\1000544001\Zjqkz.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\main\main.bat" /S"
C:\Users\Admin\AppData\Local\Temp\1000545001\gold1234.exe
"C:\Users\Admin\AppData\Local\Temp\1000545001\gold1234.exe"
C:\Users\Admin\Documents\GuardFox\fFA6TKdlXa1JDaLwE3bYzWaz.exe
"C:\Users\Admin\Documents\GuardFox\fFA6TKdlXa1JDaLwE3bYzWaz.exe" --Admin IsNotAutoStart IsNotTask
C:\Windows\system32\mode.com
mode 65,10
C:\Users\Admin\Documents\GuardFox\fFA6TKdlXa1JDaLwE3bYzWaz.exe
"C:\Users\Admin\Documents\GuardFox\fFA6TKdlXa1JDaLwE3bYzWaz.exe" --Admin IsNotAutoStart IsNotTask
C:\Users\Admin\AppData\Local\Temp\1000546001\rdx1122.exe
"C:\Users\Admin\AppData\Local\Temp\1000546001\rdx1122.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\1000548001\flesh.exe
"C:\Users\Admin\AppData\Local\Temp\1000548001\flesh.exe"
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e file.zip -p4632370330209207692137030328 -oextracted
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\46afe9c41d084a88984c315ec5cf1f3f /t 3856 /p 6132
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll, Main
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e extracted/file_9.zip -oextracted
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e extracted/file_8.zip -oextracted
C:\Users\Admin\AppData\Local\Temp\1000552001\store.exe
"C:\Users\Admin\AppData\Local\Temp\1000552001\store.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e extracted/file_7.zip -oextracted
C:\Users\Admin\AppData\Local\Temp\1000556001\latestrocki.exe
"C:\Users\Admin\AppData\Local\Temp\1000556001\latestrocki.exe"
C:\Users\Admin\AppData\Local\Temp\InstallSetup7.exe
"C:\Users\Admin\AppData\Local\Temp\InstallSetup7.exe"
C:\Users\Admin\AppData\Local\Temp\toolspub1.exe
"C:\Users\Admin\AppData\Local\Temp\toolspub1.exe"
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5620 -s 480
C:\Users\Admin\AppData\Local\Temp\rty25.exe
"C:\Users\Admin\AppData\Local\Temp\rty25.exe"
C:\Users\Admin\AppData\Local\Temp\1000560001\kskskfsf.exe
"C:\Users\Admin\AppData\Local\Temp\1000560001\kskskfsf.exe"
C:\Users\Admin\AppData\Local\Temp\FirstZ.exe
"C:\Users\Admin\AppData\Local\Temp\FirstZ.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 964 -s 384
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\Admin\AppData\Local\Temp\nslD1B5.tmp" & del "C:\ProgramData\*.dll"" & exit
C:\Users\Admin\AppData\Local\Temp\1000563001\pixellslsss.exe
"C:\Users\Admin\AppData\Local\Temp\1000563001\pixellslsss.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 964 -s 360
C:\Users\Admin\AppData\Local\Temp\1000564001\num.exe
"C:\Users\Admin\AppData\Local\Temp\1000564001\num.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 964 -s 436
C:\Windows\SysWOW64\timeout.exe
timeout /t 5
C:\Users\Admin\AppData\Local\Temp\1000569001\leg221.exe
"C:\Users\Admin\AppData\Local\Temp\1000569001\leg221.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 964 -s 620
C:\Users\Admin\AppData\Local\Temp\1000570001\leg221.exe
"C:\Users\Admin\AppData\Local\Temp\1000570001\leg221.exe"
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e extracted/file_6.zip -oextracted
C:\Users\Admin\AppData\Local\Temp\1000571001\Gzxzuhejdab.exe
"C:\Users\Admin\AppData\Local\Temp\1000571001\Gzxzuhejdab.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 964 -s 656
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e extracted/file_5.zip -oextracted
C:\Users\Admin\AppData\Local\Temp\1000572001\crypted.exe
"C:\Users\Admin\AppData\Local\Temp\1000572001\crypted.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 964 -s 716
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 964 -s 680
C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe
C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Documents\GuardFox\8dFUuPXhaghlBY9svrSYVMq9.exe
C:\Users\Admin\Documents\GuardFox\8dFUuPXhaghlBY9svrSYVMq9.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 964 -s 532
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e extracted/file_4.zip -oextracted
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e extracted/file_3.zip -oextracted
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e extracted/file_2.zip -oextracted
C:\Users\Admin\AppData\Local\Temp\1000573001\moto.exe
"C:\Users\Admin\AppData\Local\Temp\1000573001\moto.exe"
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e extracted/file_1.zip -oextracted
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe delete "FLWCUERA"
C:\Users\Admin\AppData\Local\Temp\1000574001\stan.exe
"C:\Users\Admin\AppData\Local\Temp\1000574001\stan.exe"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe create "FLWCUERA" binpath= "C:\ProgramData\eyfisgalqlbk\iojmibhyhiws.exe" start= "auto"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\1000573001\moto.exe"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe start "FLWCUERA"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop eventlog
C:\ProgramData\eyfisgalqlbk\iojmibhyhiws.exe
C:\ProgramData\eyfisgalqlbk\iojmibhyhiws.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
conhost.exe
C:\Windows\system32\choice.exe
choice /C Y /N /D Y /T 3
C:\Windows\system32\attrib.exe
attrib +H "xfAk7rC2FeEN35Y8o.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop UsoSvc
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop WaaSMedicSvc
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop wuauserv
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop bits
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop dosvc
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe delete "WSNKISKT"
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe create "WSNKISKT" binpath= "C:\ProgramData\wikombernizc\reakuqnanrkn.exe" start= "auto"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 964 -s 796
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop eventlog
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe start "WSNKISKT"
C:\ProgramData\wikombernizc\reakuqnanrkn.exe
C:\ProgramData\wikombernizc\reakuqnanrkn.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 964 -s 676
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "
C:\Users\Admin\AppData\Local\Temp\nss8FC.tmp
C:\Users\Admin\AppData\Local\Temp\nss8FC.tmp
C:\Windows\SysWOW64\chcp.com
chcp 1251
Network
| Country | Destination | Domain | Proto |
| DE | 77.105.147.130:80 | 77.105.147.130 | tcp |
| US | 8.8.8.8:53 | api.myip.com | udp |
| US | 172.67.75.163:443 | api.myip.com | tcp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | 130.147.105.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.75.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.186.117.34.in-addr.arpa | udp |
| AT | 5.42.64.33:80 | 5.42.64.33 | tcp |
| US | 8.8.8.8:53 | vk.com | udp |
| US | 8.8.8.8:53 | cczhk.com | udp |
| US | 8.8.8.8:53 | joxy.ayazprak.com | udp |
| FI | 109.107.182.40:80 | 109.107.182.40 | tcp |
| US | 8.8.8.8:53 | ji.alie3ksggg.com | udp |
| US | 8.8.8.8:53 | 294self-limited.sbs | udp |
| US | 8.8.8.8:53 | medfioytrkdkcodlskeej.net | udp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 91.215.85.209:80 | medfioytrkdkcodlskeej.net | tcp |
| US | 172.67.173.86:80 | joxy.ayazprak.com | tcp |
| US | 188.114.96.2:80 | 294self-limited.sbs | tcp |
| US | 188.114.96.2:80 | 294self-limited.sbs | tcp |
| US | 188.114.96.2:80 | 294self-limited.sbs | tcp |
| US | 188.114.96.2:443 | 294self-limited.sbs | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 91.215.85.209:80 | medfioytrkdkcodlskeej.net | tcp |
| HK | 154.92.15.189:80 | ji.alie3ksggg.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 91.215.85.209:80 | medfioytrkdkcodlskeej.net | tcp |
| RU | 91.215.85.209:443 | medfioytrkdkcodlskeej.net | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| BA | 185.12.79.25:80 | cczhk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| GB | 173.222.13.40:80 | x2.c.lencr.org | tcp |
| BA | 185.12.79.25:80 | cczhk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| US | 8.8.8.8:53 | 33.64.42.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.173.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.182.107.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.96.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.132.240.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.85.215.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.13.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.79.12.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.15.92.154.in-addr.arpa | udp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| US | 8.8.8.8:53 | sun6-21.userapi.com | udp |
| NL | 95.142.206.1:443 | sun6-21.userapi.com | tcp |
| NL | 95.142.206.1:443 | sun6-21.userapi.com | tcp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| US | 8.8.8.8:53 | sun6-23.userapi.com | udp |
| NL | 95.142.206.3:443 | sun6-23.userapi.com | tcp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| NL | 95.142.206.3:443 | sun6-23.userapi.com | tcp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| US | 8.8.8.8:53 | sun6-22.userapi.com | udp |
| NL | 95.142.206.2:443 | sun6-22.userapi.com | tcp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| US | 8.8.8.8:53 | psv4.userapi.com | udp |
| US | 8.8.8.8:53 | 1.206.142.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.206.142.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.206.142.95.in-addr.arpa | udp |
| RU | 87.240.190.89:443 | psv4.userapi.com | tcp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| US | 8.8.8.8:53 | sun6-20.userapi.com | udp |
| NL | 95.142.206.0:443 | sun6-20.userapi.com | tcp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| NL | 95.142.206.2:443 | sun6-22.userapi.com | tcp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| US | 8.8.8.8:53 | 89.190.240.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.206.142.95.in-addr.arpa | udp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| US | 8.8.8.8:53 | i.alie3ksgaa.com | udp |
| HK | 154.92.15.189:443 | i.alie3ksgaa.com | tcp |
| US | 8.8.8.8:53 | 201.179.17.96.in-addr.arpa | udp |
| DE | 185.172.128.24:80 | 185.172.128.24 | tcp |
| US | 8.8.8.8:53 | 24.128.172.185.in-addr.arpa | udp |
| RU | 193.233.132.62:50500 | tcp | |
| US | 8.8.8.8:53 | app.alie3ksgaa.com | udp |
| FR | 194.33.191.60:44675 | tcp | |
| HK | 154.92.15.189:80 | app.alie3ksgaa.com | tcp |
| RU | 193.233.132.67:50505 | tcp | |
| US | 8.8.8.8:53 | 60.191.33.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.132.233.193.in-addr.arpa | udp |
| NL | 91.92.245.15:80 | tcp | |
| US | 8.8.8.8:53 | 15.245.92.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.132.233.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.imgur.com | udp |
| FR | 199.232.168.193:443 | i.imgur.com | tcp |
| US | 8.8.8.8:53 | combinethemepiggerygoj.site | udp |
| US | 8.8.8.8:53 | 193.168.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | qualifiedbehaviorrykej.site | udp |
| US | 172.67.175.187:443 | qualifiedbehaviorrykej.site | tcp |
| US | 188.114.96.2:443 | combinethemepiggerygoj.site | tcp |
| US | 8.8.8.8:53 | iplis.ru | udp |
| US | 172.67.147.32:443 | iplis.ru | tcp |
| NL | 45.15.156.229:80 | tcp | |
| DE | 77.105.147.130:80 | tcp | |
| US | 104.21.4.208:443 | tcp | |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | 32.147.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.4.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.134.221.88.in-addr.arpa | udp |
| NL | 45.15.156.229:80 | 45.15.156.229 | tcp |
| NL | 195.20.16.45:80 | 195.20.16.45 | tcp |
| US | 8.8.8.8:53 | api.2ip.ua | udp |
| US | 8.8.8.8:53 | api.myip.com | udp |
| NL | 45.15.156.60:12050 | tcp | |
| US | 104.21.65.24:443 | api.2ip.ua | tcp |
| US | 172.67.75.163:443 | api.myip.com | tcp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | api.ip.sb | udp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| FI | 109.107.182.3:80 | tcp | |
| US | 104.26.13.31:443 | api.ip.sb | tcp |
| NL | 195.20.16.45:80 | tcp | |
| RU | 87.240.132.67:443 | vk.com | tcp |
| NL | 45.15.156.229:80 | 45.15.156.229 | tcp |
| RU | 185.215.113.68:80 | 185.215.113.68 | tcp |
| US | 104.26.9.59:443 | api.myip.com | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| DE | 185.172.128.19:80 | tcp | |
| US | 8.8.8.8:53 | 68.113.215.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| RU | 193.233.132.67:50500 | tcp | |
| US | 8.8.8.8:53 | iplis.ru | udp |
| US | 104.21.63.150:443 | iplis.ru | tcp |
| US | 8.8.8.8:53 | iplogger.org | udp |
| US | 104.21.4.208:443 | iplogger.org | tcp |
| US | 8.8.8.8:53 | 150.63.21.104.in-addr.arpa | udp |
| RU | 5.42.65.31:48396 | tcp | |
| DE | 185.172.128.19:80 | 185.172.128.19 | tcp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| RU | 193.233.132.62:50500 | tcp | |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | shitshitshitshit.net | udp |
| US | 104.21.40.213:443 | shitshitshitshit.net | tcp |
| US | 8.8.8.8:53 | blackvlastelin.com | udp |
| US | 188.114.96.2:443 | blackvlastelin.com | tcp |
| US | 8.8.8.8:53 | 31.65.42.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.40.21.104.in-addr.arpa | udp |
| DE | 185.172.128.109:80 | 185.172.128.109 | tcp |
| US | 8.8.8.8:53 | 109.128.172.185.in-addr.arpa | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| RU | 185.215.113.68:80 | 185.215.113.68 | tcp |
| DE | 87.251.77.166:80 | 87.251.77.166 | tcp |
| US | 8.8.8.8:53 | galandskiyher5.com | udp |
| RU | 158.160.118.17:80 | galandskiyher5.com | tcp |
| US | 8.8.8.8:53 | udp | |
| DE | 185.172.128.90:80 | tcp | |
| US | 8.8.8.8:53 | ji.alie3ksgff.com | udp |
| AT | 5.42.64.33:80 | 5.42.64.33 | tcp |
| US | 8.8.8.8:53 | 90.128.172.185.in-addr.arpa | udp |
| HK | 154.92.15.189:80 | ji.alie3ksgff.com | tcp |
| US | 8.8.8.8:53 | 166.77.251.87.in-addr.arpa | udp |
| FI | 109.107.182.3:80 | 109.107.182.3 | tcp |
| US | 8.8.8.8:53 | expenditureddisumilarwo.site | udp |
| US | 172.67.133.222:443 | expenditureddisumilarwo.site | tcp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.179.238:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 222.133.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| DE | 185.172.128.79:80 | 185.172.128.79 | tcp |
| US | 8.8.8.8:53 | 79.128.172.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.alie3ksgaa.com | udp |
| HK | 154.92.15.189:443 | i.alie3ksgaa.com | tcp |
| US | 8.8.8.8:53 | 202.178.17.96.in-addr.arpa | udp |
| RU | 5.42.65.31:48396 | tcp | |
| DE | 20.113.35.45:38357 | tcp | |
| US | 8.8.8.8:53 | 45.35.113.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.2ip.ua | udp |
| US | 172.67.139.220:443 | api.2ip.ua | tcp |
| DE | 141.95.211.148:46011 | tcp | |
| US | 8.8.8.8:53 | 220.139.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.211.95.141.in-addr.arpa | udp |
| RU | 185.215.113.68:80 | 185.215.113.68 | tcp |
| US | 8.8.8.8:53 | habrafa.com | udp |
| US | 8.8.8.8:53 | app.alie3ksgaa.com | udp |
| KR | 175.126.109.15:80 | habrafa.com | tcp |
| HK | 154.92.15.189:80 | app.alie3ksgaa.com | tcp |
| US | 8.8.8.8:53 | 15.109.126.175.in-addr.arpa | udp |
| DE | 185.172.128.19:80 | 185.172.128.19 | tcp |
| US | 8.8.8.8:53 | gxutc2c.com | udp |
| US | 8.8.8.8:53 | paperambiguonusphoterew.site | udp |
| US | 104.21.83.138:443 | paperambiguonusphoterew.site | tcp |
| BA | 109.175.29.39:80 | gxutc2c.com | tcp |
| BA | 109.175.29.39:80 | gxutc2c.com | tcp |
| US | 8.8.8.8:53 | 138.83.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.29.175.109.in-addr.arpa | udp |
| BA | 109.175.29.39:80 | gxutc2c.com | tcp |
| BA | 109.175.29.39:80 | gxutc2c.com | tcp |
| BA | 109.175.29.39:80 | gxutc2c.com | tcp |
| BA | 109.175.29.39:80 | gxutc2c.com | tcp |
| BA | 109.175.29.39:80 | gxutc2c.com | tcp |
| BA | 109.175.29.39:80 | gxutc2c.com | tcp |
| BA | 109.175.29.39:80 | gxutc2c.com | tcp |
| US | 8.8.8.8:53 | 85.65.42.20.in-addr.arpa | udp |
| BA | 109.175.29.39:80 | gxutc2c.com | tcp |
| BA | 109.175.29.39:80 | gxutc2c.com | tcp |
| BA | 109.175.29.39:80 | gxutc2c.com | tcp |
| NL | 94.156.67.176:13781 | tcp | |
| BA | 109.175.29.39:80 | gxutc2c.com | tcp |
| BA | 109.175.29.39:80 | gxutc2c.com | tcp |
| HK | 154.92.15.189:443 | app.alie3ksgaa.com | tcp |
| US | 8.8.8.8:53 | consciouosoepewmausj.site | udp |
| DE | 138.201.125.92:15647 | tcp | |
| US | 8.8.8.8:53 | 129.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.125.201.138.in-addr.arpa | udp |
| US | 104.21.71.8:443 | consciouosoepewmausj.site | tcp |
| BA | 109.175.29.39:80 | gxutc2c.com | tcp |
| US | 8.8.8.8:53 | braidfadefriendklypk.site | udp |
| US | 8.8.8.8:53 | 8.71.21.104.in-addr.arpa | udp |
| US | 104.21.1.205:443 | braidfadefriendklypk.site | tcp |
| NL | 80.79.4.61:18236 | tcp | |
| US | 8.8.8.8:53 | racerecessionrestrai.site | udp |
| US | 172.67.206.188:443 | racerecessionrestrai.site | tcp |
| US | 8.8.8.8:53 | 205.1.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.4.79.80.in-addr.arpa | udp |
| NL | 80.79.4.61:18236 | tcp | |
| US | 8.8.8.8:53 | cooperatecliqueobstac.site | udp |
| US | 172.67.160.12:443 | cooperatecliqueobstac.site | tcp |
| US | 8.8.8.8:53 | 188.206.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.160.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vesselspeedcrosswakew.site | udp |
| US | 104.21.17.48:443 | vesselspeedcrosswakew.site | tcp |
| US | 8.8.8.8:53 | carvewomanflavourwop.site | udp |
| US | 172.67.129.86:443 | carvewomanflavourwop.site | tcp |
| US | 8.8.8.8:53 | communicationinchoicer.site | udp |
| US | 8.8.8.8:53 | 48.17.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.129.67.172.in-addr.arpa | udp |
| US | 172.67.216.203:443 | communicationinchoicer.site | tcp |
| US | 8.8.8.8:53 | retainfactorypunishjkw.site | udp |
| US | 188.114.97.2:443 | retainfactorypunishjkw.site | tcp |
| US | 8.8.8.8:53 | 203.216.67.172.in-addr.arpa | udp |
| HK | 154.92.15.189:80 | app.alie3ksgaa.com | tcp |
| US | 8.8.8.8:53 | 2.97.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | brickabsorptiondullyi.site | udp |
| DE | 144.76.1.85:25894 | tcp | |
| US | 188.114.96.2:443 | brickabsorptiondullyi.site | tcp |
| US | 8.8.8.8:53 | 85.1.76.144.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pool.hashvault.pro | udp |
| US | 8.8.8.8:53 | copyrightspareddcitwew.site | udp |
| US | 104.21.55.202:443 | copyrightspareddcitwew.site | tcp |
| US | 8.8.8.8:53 | 202.55.21.104.in-addr.arpa | udp |
| US | 104.21.83.138:443 | paperambiguonusphoterew.site | tcp |
| RU | 193.233.132.62:50500 | tcp | |
| NL | 94.156.67.176:13781 | tcp | |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| DE | 45.76.89.70:80 | pool.hashvault.pro | tcp |
| DE | 185.172.128.90:80 | 185.172.128.90 | tcp |
| US | 8.8.8.8:53 | 70.89.76.45.in-addr.arpa | udp |
| AT | 5.42.64.33:80 | 5.42.64.33 | tcp |
| US | 188.114.96.2:443 | brickabsorptiondullyi.site | tcp |
| DE | 185.172.128.79:80 | 185.172.128.79 | tcp |
Files
memory/4020-0-0x00007FFA17AD0000-0x00007FFA17AD2000-memory.dmp
memory/4020-2-0x00007FF7DC800000-0x00007FF7DD4D3000-memory.dmp
memory/4020-1-0x00007FF7DC800000-0x00007FF7DD4D3000-memory.dmp
C:\Users\Admin\Documents\GuardFox\cmNy3IB9_5EvlEYHGF9GW0SQ.exe
| MD5 | b982a1886afa6dc5d429f1d9fa631cf6 |
| SHA1 | 59695508f14578530305bedb8a6196aed68d18ae |
| SHA256 | 34d25a6f3925f6ac52da525a74a45bfc284f5815fd3a18a6691a87932a02f451 |
| SHA512 | 201cf1a8ac28298c37e9d7f23a18b14b2343c23082d11912065f8f512fdb461fe7236baf8d508a9ea1e7079e08e2531b781699603db5c7216f1979b338b37157 |
C:\Users\Admin\Documents\GuardFox\Cns1cHGKmXhz_HXdav4nLNRw.exe
| MD5 | 8739ce46eb14e886de7eb60e81b82fbe |
| SHA1 | 993e7aa515a9b6f574702c58b70be6ca9b2006cc |
| SHA256 | 8210af8dd18c0e7dbfd76cef58ca7f5da0d03bfc4e4a541781cefd87cc2d1882 |
| SHA512 | c960a29b9236deb1010b2361a949f0611d880d6483ca35a731aea53f78b39a5cb70e85fe140866a8e64241858f87da2987114fb35659ff93e7d1a9fdfa52f05d |
C:\Users\Admin\Documents\GuardFox\YTox_MCSKRwJHg1SpZK8Y98k.exe
| MD5 | 1e4efa10727b15bd49e5af140b6a10f2 |
| SHA1 | 4c286c92867ca111fbdf1a6538f1a142103361c0 |
| SHA256 | a880d9aba5ce9a19c13237d8f4af2f76329235ee94a3ed984e0564d6125f4667 |
| SHA512 | d9ba4320abb12753912e0f32787ee88889995fe7ba155f6fecbb6e4fb53ea4049d583263d9f6dc96818d3ff12e6f09e4119b88e676e195c66f69902d2760432f |
C:\Users\Admin\Documents\GuardFox\2rNhNEcNw_ySloYfdlydl5Vc.exe
| MD5 | 47367776129775ff7c382a0f1a6adf65 |
| SHA1 | bf14ecd55a0bc0d29a23a1e1b3270ff4deedf77f |
| SHA256 | 49c616bf0f452c60b770d3c2856f0ae7b99be5655596d6b4d76321168966959a |
| SHA512 | 8490683679e6bde2196855592cea0dba3906fe92edd952bf27ef939f09873910ee974b8ca3648cb6e0002fcdce83a50c5931c72b1c5efb76c2fbe7fc95cd6aae |
C:\Users\Admin\Documents\GuardFox\zQy0NOgy1Rb7OqdRZdgs_hO1.exe
| MD5 | 93d27211879f8ce50b4588e879104213 |
| SHA1 | 66606a241408031dbc8c74082d189b6cae21ca1e |
| SHA256 | 7ee0979e735adccd1f4a0abf6869b368dff67d0b1638c6176eeb42a309c82cdd |
| SHA512 | cf125b91cea7cef618b2b54b84fe7c66ea9e75cba71bfce5e45a262064824f64c8e8a4d7a8831cde7130fef95043560b5f11ca0e798ad4d92fd3973710b7f9c2 |
C:\Users\Admin\Documents\GuardFox\jXfmGilbDyI8ckBR530IqRzM.exe
| MD5 | 82b69fc2505caef744a9cd0df382a455 |
| SHA1 | 9b84812f1a90934011c695678ca5a55989c41428 |
| SHA256 | 323a117ec41e5386e1f47e33bbdd181be0ecce58cfa87538e44697bda040ae16 |
| SHA512 | aaebbf3ab6ff8ea2bc94ba3b7aa95329427805549bc79dc4fddb0843130a4ab6dc46434dee8d9dedca76b5e6204fc5b7a8854894aa1b174bd44652a1a750b07e |
C:\Users\Admin\Documents\GuardFox\DFyMfvObJ8usnTwdj1GztYQE.exe
| MD5 | f740608b4fc3a10a4526f0c2db5fc67d |
| SHA1 | 91a6a17d5a90be772997021532d6d0615d550fed |
| SHA256 | 35e87fae499edf23f25bfc5be34be901c0dcef34851db88b7d96eeeb6733860d |
| SHA512 | 2d45013aa54d29977eb173ef873ee2464081ee650c3df04fd381f9e8aaaca4bbc58de61228cbf365439ad05a81de4bed8cdafbf4a3762eb489da23d65010fe3c |
C:\Users\Admin\Documents\GuardFox\GROqsGl6h90I0zXqq4gFbf4x.exe
| MD5 | 63e8c181afbd60cbf5c63876546c7406 |
| SHA1 | 450c10e32cc3f223b2740c075cc4861f5ea5e2fb |
| SHA256 | 67f1539e2bea3ab708d0c4dc1837e859644e19364435cd572273653465b5ae97 |
| SHA512 | 4fa3fd3943a8bf9a444d3a766a7b154e858a58e989e4914f158c374be0195643a18bdb7ac4e699af2b84f4339d54a504eddc70d8f34921472cb8cf9576c78c2a |
C:\Users\Admin\Documents\GuardFox\G0RX5STvE17sZf_g2LwWvby6.exe
| MD5 | c6fd7f30d5634f497119602279abf8a1 |
| SHA1 | d2d669618abb8848e16f68b50f38dbe9943bebd2 |
| SHA256 | e29a55dcf41a0d3a26b9c90d587ae94f24c023c49d3838c5c68386046632f1b9 |
| SHA512 | 039821901cc9801b7de0ec0c08d15eed48c39d4505862a8ed4265426429d5154e8290348b7ad9e30b216ed5cd0bdad0c276c296a4350cfff7744fda231a94a75 |
C:\Users\Admin\Documents\GuardFox\ioJ9tsr0R3KhvVCNQfnDbb4O.exe
| MD5 | 5fa878455587d484dba37e41a46b9343 |
| SHA1 | 82f4dd3a18554bda4425a897433b31f2d783587a |
| SHA256 | e63841c08999245e9c424161cca81afbecb2c9e20b53aa2eb988a923cddbe6a4 |
| SHA512 | 60e23805e4a72ed423a65d2a3b19c2f6f4c16587f74499f78478180e0964dc9a80a584fb3a607c7a61ddf8085cd3ae23a5bf6a0d25aff78b96b808007d7e1654 |
C:\Users\Admin\Documents\GuardFox\TMcIOeEwMsIWBGXFNbolMUOJ.exe
| MD5 | 7f43199533320db39934f6f4bb41ddb5 |
| SHA1 | a48830c5f6fb68b1597f04946cc75592ce602164 |
| SHA256 | 3fab8343541f4395f58ce2c9a17c51e1b1691926ca4a5e1eea17c0569aa20e95 |
| SHA512 | b62aba4d6f9c105779d64ab15ba59f6bbdf403a4fac183c84ce4eef810f054341c9329f5f4d9dc8827c9a147c81e97949e71b6426bb4b85dc612a06929bbacd8 |
C:\Users\Admin\Documents\GuardFox\fFA6TKdlXa1JDaLwE3bYzWaz.exe
| MD5 | 6f0e5ad311936054a33eb7287c594521 |
| SHA1 | c973d47705660081bcbce5a99832c5f035168776 |
| SHA256 | 54ee98582d3733d200040666a41685a51467de8ed0f6e06bd076fb94ee7ec1a9 |
| SHA512 | a00a696feee34b30eaa3dc88878d649ea824d82abf67fbcfd058a2942d52a0092f750e3a41abc303b8b04a33b05a34b528be4e9827a272a40067e66ba8fa367d |
C:\Users\Admin\Documents\GuardFox\_oEFU32KaDt0gpLmGibEz7g9.exe
| MD5 | bc019d498cd53649d359cf678a835779 |
| SHA1 | ada2e16d88843822d1dc70a9b03c4ad8f1e43d86 |
| SHA256 | 95ab81c2a35fdc6f417f66dfbe1c9d4b4e528c755dd44f12ae369e7cb6f36fd0 |
| SHA512 | 4b3e901cc6e3846174a9bde210d550b1895d078feffb1a6e46e3e615e2eef2ad9697d37fb60cb93e4e60cf7eae791a90e711540c13e9f7a5be79f6607dc61475 |
C:\Users\Admin\Documents\GuardFox\d4rpp5b1IR2uXI0gZxCsIs9A.exe
| MD5 | 90ce59c5ea0288f901e2f14ee814a450 |
| SHA1 | 154e1f9c7d84fe79a1d5e2012bfaae2fc359a808 |
| SHA256 | 04a696d8391ad3bcd93a3b600e9459aa41d6451be79cddafecb7825bb96d95d9 |
| SHA512 | 07b214722b5985b98b7c913be2dca98320290a0e9df108f1d314447b47d4b06918e75c524dbeba9946a0d58b1968c5dee4b0adfeec7a6db97850705ed106a87e |
C:\Users\Admin\Documents\GuardFox\KjIIxd9k00s3liYBG782ijI5.exe
| MD5 | eb9d1132e0c967a623fd5d9ebd53d109 |
| SHA1 | c0f5221c4a4d1d75eb7bbb39f9f9b66bb868d615 |
| SHA256 | 65a4b913f32f1c9567ec8468ae9689c5b900c54843fab84cdfab441986a5519b |
| SHA512 | 11be80eac96a6dea3a13343da8d3172cb3b57b299a0ca2cb0c6a7f772bc2b2b4f380f4e2eaa57530e83de21d46803edbf8219d176f1bffda8d931907c0cb39a1 |
C:\Users\Admin\Documents\GuardFox\DhI9_2NRkwmRCsofJ3GRJ0x6.exe
| MD5 | 91c25eb944b2188db2e841749a398ee8 |
| SHA1 | be001be8b11e8e5f549af2282fdb9a171ad61c03 |
| SHA256 | 0e2907bc42fd4386fa611d57d340f5d5aafcf5de0c5599d7255ffe1c0dbdc46a |
| SHA512 | deb04153eb5d417ed20b9d5d6ebdc8b04a73d8f5bdab6d9c07b824784e9c52154d11fc7047142faef979b72601bc0792b4a13eb5dc161318b5ce607d2b16d649 |
C:\Users\Admin\Documents\GuardFox\euCU7vfPHsacTg9i0zqHqBRD.exe
| MD5 | 6831bae11d01a5fa8989d0a1677a9fc7 |
| SHA1 | 3a2833a59afa468adc4931513240a8362c3fbf8a |
| SHA256 | d699e268d8f668913689aa0174d80debc04823e59b0aced6ff60dc71df1434f1 |
| SHA512 | d83f20ee64091be19465a604482c4a6162938b5ca54e54a5aed340cd8d08408274fcf1740f8a9b082fbf2748c85da6f05dd378a7af3d5cac6ea6b2dfacf52258 |
C:\Users\Admin\Documents\GuardFox\vCSdCOg5wlNsNQ9TEJIlred9.exe
| MD5 | 77abdb617b0a5e18cf947bf9e283626a |
| SHA1 | cc75c0a1cf52d50b350aebd90bbfac8ee9d6f6ab |
| SHA256 | b35403395468fd0dacd75c85abbd223efafde98d28e3ef3fbd15c684681949ec |
| SHA512 | 57c8ced467e2e942a8c9abab978986128c6cbcb7312b2295051e0cfe1e265b331794e31fa65fc18f56737c34e2f3e85ad5c4a714ee97245de39641cffb522e21 |
C:\Users\Admin\Documents\GuardFox\XTRA7YjGlK9Vd_LQIh5SzwaW.exe
| MD5 | 440de6cf05348a15bdd3e32dd2f5466c |
| SHA1 | 0e78bef43a1ee3768cf6c8e3ecbbcc7ca7ea0e7d |
| SHA256 | 4b6726dbc5d66c56480c5e231b6bea2cc5c0bc2b035c7e3b19278cdf1c65dc5d |
| SHA512 | cc7665ee8a1a906875b9ffa0ed612ea200e32ed0b9c58d95717d983bc16dca34fede83d56b6a6fb902cac7785d54b4124c437bc152b3a44a3ebd611a39f79994 |
C:\Users\Admin\Documents\GuardFox\aGBF9ZWcO9LXdG3njGUruh8W.exe
| MD5 | bd8fa7a4c71a32db7458ddc04f91882c |
| SHA1 | a16918f9d1c570ed2665d585980b1f442229015f |
| SHA256 | b174ebfb9610313e80d1bf3af38619c2458e3db66db3b44026227a0590416f66 |
| SHA512 | 598629ebafff93e579573d937a20c243d75b2383d466ccc5f276714dd73a9b599312790d4e95d8825ac41012fb90e614f2937a37635c5081447c0d0ea432285a |
memory/2436-220-0x00007FF6556F0000-0x00007FF655746000-memory.dmp
memory/2664-227-0x00000000001F0000-0x00000000001FB000-memory.dmp
memory/4656-239-0x00000000001F0000-0x00000000001FB000-memory.dmp
memory/4656-234-0x0000000002C00000-0x0000000002D00000-memory.dmp
memory/4364-226-0x0000000000380000-0x0000000000863000-memory.dmp
memory/4524-245-0x0000000000400000-0x0000000000424000-memory.dmp
C:\Users\Admin\Documents\GuardFox\XTRA7YjGlK9Vd_LQIh5SzwaW.exe
| MD5 | 988bb91b50cf808780955f669a760f6d |
| SHA1 | ff3f190091cc370e45b88ab035cf59aff5027019 |
| SHA256 | 0af8dbc2842be28ba2714c90fa8b1c155c16e51da7ab9f9e5e9d3323f79daac2 |
| SHA512 | e0e09ca0f89f138c0af398039351cea1648c0b050c9ad5bad792684d61d639d9f488b7ce0881ce4d887994741d2b6b90261474ef682dcf8e5d5d9f4ca6b9a4e2 |
C:\Users\Admin\Documents\GuardFox\aGBF9ZWcO9LXdG3njGUruh8W.exe
| MD5 | b6f2813d8654c0c5ef146c58151d74bb |
| SHA1 | d61806d8e255ffcebc725d39f8079f56e267ebd6 |
| SHA256 | 7d20a76e07daa79d6d09daefea54498b976da8c6a120395668656abbca8e8976 |
| SHA512 | 38894204b0618c3abb4ce11bbca871e0d0134b55ce64c77afd3e50c2cd54b942b5873daaffe4e1937bcbf4438ca85b6ec236f2305f33c44fe6af24f09f668a79 |
C:\Users\Admin\Documents\GuardFox\GROqsGl6h90I0zXqq4gFbf4x.exe
| MD5 | 29545ab1f03d615eb13b5525b1b51eab |
| SHA1 | 453938500602028628c694e548b06b1ebfbed8fd |
| SHA256 | d919ba50634cefa3f08751b95957c4d861c41928da5dde71964a36dafb74dc5a |
| SHA512 | 8ae953f0c9b8034148aa50042d726efe8d8b9e9e80ad098a37e26242f6834b62a5d32e8d49d24d0a925430e8d4ee986ea1cbf1c5ab943ec05f12f21a706a0e4f |
C:\Users\Admin\Documents\GuardFox\d4rpp5b1IR2uXI0gZxCsIs9A.exe
| MD5 | 91d50a961032174eb765b286b1dcd858 |
| SHA1 | 828676b17b5e94044b8338d428c3cffb1f83d2f1 |
| SHA256 | d371278f36a1d88cf428461ec3e4671ec60a1c5a0181a86fe80c75f2b169eb80 |
| SHA512 | c684e679fe0b445636ec70d912b283cf32aba7c533c5b04c61f679230b051b13778f7da670fbe66c54a603de75b1ce4dbca9d3be72852be4d33479c92ec5722a |
memory/4656-729-0x0000000000400000-0x0000000002B13000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
| MD5 | 60fe01df86be2e5331b0cdbe86165686 |
| SHA1 | 2a79f9713c3f192862ff80508062e64e8e0b29bd |
| SHA256 | c08ccbc876cd5a7cdfa9670f9637da57f6a1282198a9bc71fc7d7247a6e5b7a8 |
| SHA512 | ef9f9a4dedcbfe339f4f3d07fb614645596c6f2b15608bdccdad492578b735f7cb075bdaa07178c764582ee345857ec4665f90342694e6a60786bb3d9b3a3d23 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
| MD5 | 6268696c28afddc78170083b5f27b432 |
| SHA1 | f6489ed281e9b1984e2540c0a5a8cd21e90593b1 |
| SHA256 | 193949ad46d40bca1d9fb60578fd37478206e8621cd8dd4c5943f41643493825 |
| SHA512 | 7759bfc5de02a99c040174692ea6c974d01c4a5263f500c4b1b46ef94d279cec67c96c2fbbeacc5f83b681a9baa63cc281a7aee255b74e7cf4465b1fee09bd14 |
memory/2284-732-0x0000000002B40000-0x0000000002B5C000-memory.dmp
memory/2284-733-0x0000000000400000-0x0000000002B13000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-7OP8H.tmp\Cns1cHGKmXhz_HXdav4nLNRw.tmp
| MD5 | f7a1e7ca916b5665f68f9d8559aabacf |
| SHA1 | d35baf1d886e338beac6ec1cd77d2b1e9386cedf |
| SHA256 | 4860cc12e693259f41fc361dade9c473e3af6f2a3665b8e150b30fbc4db155d7 |
| SHA512 | 341ad526bf17d6ce141cf97cf8af0342c2a8646086cb767efe806ba2ef571c6768162270e65830582399fbcaf8619f74a66fb823b5a0a224270cb7f36239bab8 |
C:\Users\Admin\Documents\GuardFox\euCU7vfPHsacTg9i0zqHqBRD.exe
| MD5 | 2cac82b75529eaca2111c19d07668dd5 |
| SHA1 | 25527710cce194c75dc1a87b416c000aaca06f4d |
| SHA256 | 0deb625b34248153974478c27a5ea8f21441946bd5814ce87fab41002a40de16 |
| SHA512 | 927aec289f0185941e9da16769ffd6446a5e50740098a1908405ae240b5d53678b3352ee890d747bd17417866391b0d14c003bf501a1384044187a0ea165a444 |
C:\Users\Admin\Documents\GuardFox\XTRA7YjGlK9Vd_LQIh5SzwaW.exe
| MD5 | 58f3475574716e62f2eb973b58f7c3e6 |
| SHA1 | 89ebba01cc41c0fac5ad08bea8fa859bedaecfdd |
| SHA256 | 2fabebed0f2d9016d49425142492b0b8f83556bf4231df84a63c6e4bdb44f6e7 |
| SHA512 | 9952a9a55ae56554c7f41c9885b99af35891c1602e4745b90f45611a4a8168706efb8d3c41626bd9a8714a006535f96e3961deb24701bb2bab6da0727f2238d3 |
C:\Users\Admin\Documents\GuardFox\d4rpp5b1IR2uXI0gZxCsIs9A.exe
| MD5 | 38e62d574f0c1dcf16c0d0f26013c803 |
| SHA1 | 67417f6957e731c20e0b960c1ec34ea8db1f6ef8 |
| SHA256 | 2d92c3b1be5ffe322a405c1656e98309d88386da3193fb728e6ea10b2be2a5f2 |
| SHA512 | 959cc1d146a67ac7151f93769e055efc7f4388082a30e93dc432c74bce53aceb1b8250c9f7e0c9e955196a8c93b041dc121b17e3560e9da906b5a6232dd1c64a |
C:\Users\Admin\Documents\GuardFox\euCU7vfPHsacTg9i0zqHqBRD.exe
| MD5 | 456276e639acca7ffa4ab8b477a67567 |
| SHA1 | b99c0542dd821ce622e11c4b2f742fa1ab5e53fb |
| SHA256 | e2f322d4ae87a44b87d9941f4573701ad5ced558caffdc05d9e863ab9a53aa19 |
| SHA512 | 83f0f3e4236ba59f045b8297ea4a35113c46ad0f4f673306519fe821537e52b19aeb882de8989b321303fa73f96b56bf105f54bf1f6172ddfe4568cf9fe699fb |
C:\Users\Admin\Documents\GuardFox\d4rpp5b1IR2uXI0gZxCsIs9A.exe
| MD5 | 68059a6d0d8372ccf7e5dfdb96d37f9b |
| SHA1 | dfc948b33b9b5589ab4023f1b508d44970e3930a |
| SHA256 | dc6c9f7bc69f31d523cad00dcc2201b561a671105366ed89adaabb8c984a05cd |
| SHA512 | 5362b8051a2795611e1584fdc64940b79ac148903b50400b01b72627365f085d955a161b62712c863bd77e49fb333ce1821429f36ab860c30bee31282ec2a777 |
memory/3532-779-0x00000000008A0000-0x00000000008F8000-memory.dmp
C:\Users\Admin\Documents\GuardFox\XTRA7YjGlK9Vd_LQIh5SzwaW.exe
| MD5 | 98e9ab66e6b1a6588704cdb4289fc13b |
| SHA1 | 100cc659921c17d8b2de0f3714d5ff4dae095c9a |
| SHA256 | 3105a1c862948ea22626abc2ee17eec36756abf47c450b99e5cadc9b58f54ce6 |
| SHA512 | c2d9e3dfe826f6f8eaad658e9edde247e5d4a78d2e7637a2b1572a3ece00296a024fee25b30e6dcc6a9e26c8c92c34b624d9583a0a9f7bc437617c127aa08ce2 |
C:\Users\Admin\Documents\GuardFox\KjIIxd9k00s3liYBG782ijI5.exe
| MD5 | b566ecbaa0f08930efcddaae7acc1a53 |
| SHA1 | f9a5c92c53412aea5c687d25f00f262b8baa0559 |
| SHA256 | 7717088c770b5a0aab8b48ed6fb459b1f4a63961fe849ce5cb40d88232501d7c |
| SHA512 | 90926c439c3a3e1d3da0ea1091d4f126bb8c29b9421240068b08e0c8e42340c56bb2714f7cd9a2c11f9c8252c195c0626f35c89dfa9c681de1ba6effed8d6b53 |
C:\Users\Admin\Documents\GuardFox\G0RX5STvE17sZf_g2LwWvby6.exe
| MD5 | d8d52a95b809c586afe1bbf5373edfc4 |
| SHA1 | 4081f7d0211614df482969ba5af1f29e5ab2bee7 |
| SHA256 | 629e031747e94b66f85f83711433a1c3d084ac0a57fbcc58f970be04de2d48cb |
| SHA512 | ad743b537b5886ff6a685d8f9666d66aac955765c531a7d82adb72425754d762b9580491382f5e9d123e03d169f931ca91d6c6df44009a219ddcd17469b80c15 |
memory/2664-735-0x0000000002C30000-0x0000000002D30000-memory.dmp
memory/4524-734-0x0000000000400000-0x0000000000424000-memory.dmp
memory/2364-795-0x00007FF791A80000-0x00007FF791D61000-memory.dmp
memory/1232-792-0x0000000000400000-0x0000000000537000-memory.dmp
C:\Users\Admin\Documents\GuardFox\KjIIxd9k00s3liYBG782ijI5.exe
| MD5 | a6a85cf86643e192bd4c87fa4cb3a291 |
| SHA1 | d86a8874a1b9ba8aebaad50c9ece90d43d771ac1 |
| SHA256 | 7bc076b665a371389cdbf336e3be5512613117af9a0df22caa462b48915b7903 |
| SHA512 | e5d1ce49328c085f5100c889a17ce9c078a26cf015b50baf800be09a8dbdfc2b507942176de47aaeda7aa438044208bd56ea73d65284b79167b8ab47e74e6a95 |
memory/1232-806-0x0000000000400000-0x0000000000537000-memory.dmp
memory/1232-916-0x0000000000400000-0x0000000000537000-memory.dmp
memory/3532-923-0x0000000002BD0000-0x0000000002BE2000-memory.dmp
memory/1160-920-0x0000000002680000-0x00000000026EC000-memory.dmp
memory/2772-921-0x0000000005120000-0x000000000536E000-memory.dmp
memory/3532-919-0x0000000005900000-0x0000000005F06000-memory.dmp
memory/716-918-0x00007FFA17AD0000-0x00007FFA17AD2000-memory.dmp
memory/2664-849-0x0000000000400000-0x0000000002B13000-memory.dmp
memory/2772-917-0x00000000055C0000-0x0000000005ABE000-memory.dmp
memory/3856-838-0x0000000005A60000-0x0000000005AFC000-memory.dmp
memory/1936-887-0x00000000025C0000-0x00000000026DB000-memory.dmp
memory/3344-862-0x0000000002CF0000-0x0000000002D06000-memory.dmp
memory/1936-819-0x0000000000A4F000-0x0000000000AE1000-memory.dmp
memory/2772-808-0x0000000005370000-0x00000000055C0000-memory.dmp
memory/1160-807-0x0000000002500000-0x000000000256E000-memory.dmp
\Users\Admin\AppData\Local\Temp\is-GKRRD.tmp\_isetup\_iscrypt.dll
| MD5 | a69559718ab506675e907fe49deb71e9 |
| SHA1 | bc8f404ffdb1960b50c12ff9413c893b56f2e36f |
| SHA256 | 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc |
| SHA512 | e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63 |
memory/3856-793-0x0000000000CF0000-0x00000000011C2000-memory.dmp
memory/1160-929-0x0000000002680000-0x00000000026E7000-memory.dmp
memory/1160-933-0x0000000002680000-0x00000000026E7000-memory.dmp
memory/2284-932-0x0000000002C50000-0x0000000002D50000-memory.dmp
memory/3532-928-0x00000000052F0000-0x00000000053FA000-memory.dmp
memory/716-922-0x0000000140000000-0x0000000140876000-memory.dmp
memory/1160-939-0x0000000002680000-0x00000000026E7000-memory.dmp
memory/3532-937-0x0000000005180000-0x00000000051BE000-memory.dmp
memory/3532-941-0x00000000051E0000-0x000000000522B000-memory.dmp
memory/1160-949-0x0000000002680000-0x00000000026E7000-memory.dmp
memory/4988-948-0x0000000000400000-0x0000000000D40000-memory.dmp
C:\Windows\System32\GroupPolicy\gpt.ini
| MD5 | 7cc972a3480ca0a4792dc3379a763572 |
| SHA1 | f72eb4124d24f06678052706c542340422307317 |
| SHA256 | 02ad5d151250848f2cc4b650a351505aa58ac13c50da207cc06295c123ddf5e5 |
| SHA512 | ff5f320356e59eaf8f2b7c5a2668541252221be2d9701006fcc64ce802e66eeaf6ecf316d925258eb12ee5b8b7df4f8da075e9524badc0024b55fae639d075b7 |
memory/1928-964-0x0000000000F50000-0x0000000000F51000-memory.dmp
memory/4676-952-0x0000000000DB0000-0x0000000001D63000-memory.dmp
memory/1160-970-0x0000000002680000-0x00000000026E7000-memory.dmp
memory/1928-967-0x00000000000D0000-0x0000000000A17000-memory.dmp
memory/4364-973-0x0000000000380000-0x0000000000863000-memory.dmp
memory/1160-975-0x0000000002680000-0x00000000026E7000-memory.dmp
memory/4780-979-0x0000000005450000-0x00000000054E2000-memory.dmp
memory/1160-980-0x0000000002680000-0x00000000026E7000-memory.dmp
memory/1160-965-0x0000000002680000-0x00000000026E7000-memory.dmp
memory/1160-985-0x0000000002680000-0x00000000026E7000-memory.dmp
memory/3532-982-0x0000000005570000-0x00000000055D6000-memory.dmp
memory/4780-981-0x0000000005390000-0x000000000539A000-memory.dmp
memory/4780-966-0x0000000000E40000-0x0000000001616000-memory.dmp
C:\Windows\System32\GroupPolicy\Machine\Registry.pol
| MD5 | cdfd60e717a44c2349b553e011958b85 |
| SHA1 | 431136102a6fb52a00e416964d4c27089155f73b |
| SHA256 | 0ee08da4da3e4133e1809099fc646468e7156644c9a772f704b80e338015211f |
| SHA512 | dfea0d0b3779059e64088ea9a13cd6b076d76c64db99fa82e6612386cae5cda94a790318207470045ef51f0a410b400726ba28cb6ecb6972f081c532e558d6a8 |
memory/4676-947-0x0000000000DB0000-0x0000000001D63000-memory.dmp
memory/4988-944-0x00000000001E0000-0x00000000001E1000-memory.dmp
memory/2664-925-0x0000000000400000-0x0000000002B13000-memory.dmp
memory/1160-989-0x0000000002680000-0x00000000026E7000-memory.dmp
memory/1160-991-0x0000000002680000-0x00000000026E7000-memory.dmp
memory/2284-988-0x0000000000400000-0x0000000002B13000-memory.dmp
memory/1160-994-0x0000000002680000-0x00000000026E7000-memory.dmp
memory/940-997-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/4524-995-0x0000000000400000-0x0000000000424000-memory.dmp
memory/1232-1000-0x0000000000400000-0x0000000000537000-memory.dmp
memory/1160-999-0x0000000002680000-0x00000000026E7000-memory.dmp
memory/3532-1004-0x0000000072540000-0x0000000072C2E000-memory.dmp
memory/4780-1020-0x0000000076840000-0x0000000076A02000-memory.dmp
memory/2772-1022-0x0000000002390000-0x00000000023A0000-memory.dmp
memory/3856-1026-0x0000000072540000-0x0000000072C2E000-memory.dmp
memory/4780-1029-0x00000000778E0000-0x00000000779B0000-memory.dmp
memory/4780-1032-0x00000000778E0000-0x00000000779B0000-memory.dmp
memory/4780-1038-0x00000000778E0000-0x00000000779B0000-memory.dmp
memory/3532-1041-0x00000000052E0000-0x00000000052F0000-memory.dmp
C:\Users\Admin\AppData\Local\UUID Code Generator\uuidcodegenerator.exe
| MD5 | 33e46616accad320995ff00c2e0e6dc1 |
| SHA1 | b14495d10ade41f0fe8db7ccae000dd563356c77 |
| SHA256 | fcd3c48b1e7b9eb7e3c2a554c0348d3b29848410ef1162ca8cbcef1c48c0cd2b |
| SHA512 | 1fa5aea3096cad2f100cb42e5fba1af18ec3cc17267f7bff92668416014675ee092f383f3b2c7acf40d02b15ac701c1c397c3da5d3370def2161902bb0351a3c |
memory/1160-1052-0x0000000004D60000-0x0000000004D70000-memory.dmp
memory/1160-1049-0x0000000072540000-0x0000000072C2E000-memory.dmp
memory/2772-1058-0x0000000072540000-0x0000000072C2E000-memory.dmp
C:\Users\Admin\AppData\Local\UUID Code Generator\uuidcodegenerator.exe
| MD5 | aacc40d9367068ff51913143d99cecdc |
| SHA1 | 4666758729ddcecce779af6abf79488d56f053d8 |
| SHA256 | 60db094d584a504e611b5ae099eaf1958341c2d8af3b7f5d16a33faa5f074df6 |
| SHA512 | be5ad9b8d19f999dfc801db7b9529333811586ac29ec19763f9e9aacd4630d100a016cf03097a9eb791d0faef795c034faf3f259e441ea940ee6132caa2bde69 |
memory/2772-1067-0x0000000002390000-0x00000000023A0000-memory.dmp
memory/1160-1071-0x0000000004D60000-0x0000000004D70000-memory.dmp
memory/940-1064-0x00000000001F0000-0x00000000001F1000-memory.dmp
memory/1160-1074-0x0000000004D60000-0x0000000004D70000-memory.dmp
memory/2772-1076-0x0000000002390000-0x00000000023A0000-memory.dmp
memory/3516-1057-0x0000000000400000-0x0000000000760000-memory.dmp
memory/716-1081-0x0000000140000000-0x0000000140876000-memory.dmp
memory/716-1087-0x0000000140000000-0x0000000140876000-memory.dmp
memory/4780-1089-0x0000000077BB4000-0x0000000077BB5000-memory.dmp
memory/2436-1092-0x0000024E34F30000-0x0000024E3503B000-memory.dmp
memory/1160-1091-0x0000000004D60000-0x0000000004D70000-memory.dmp
C:\Users\Admin\AppData\Local\UUID Code Generator\uuidcodegenerator.exe
| MD5 | 0874949c8935e9cfef97e5dc043491b8 |
| SHA1 | 0fbc633bca69fb8033dac5163d9dec269d19b880 |
| SHA256 | 0e4692e2b01b206fa60ba89b6446fa9fbe4d7e54ee89e74788792d78f3721b1a |
| SHA512 | fa2c338ac1a6d537bd83adf9d9bcd561d154c9da6faf49600dc23aaedcba66cb6f1a6a0be4fc068cb8855b4f9fe710a971c00f91a2bc7f59016ecb836be591cf |
memory/1928-1093-0x00000000000D0000-0x0000000000A17000-memory.dmp
memory/4988-1102-0x0000000000400000-0x0000000000D40000-memory.dmp
memory/4988-1105-0x0000000000E90000-0x0000000000ED0000-memory.dmp
memory/4988-1104-0x0000000000E90000-0x0000000000ED0000-memory.dmp
memory/4988-1106-0x0000000000E90000-0x0000000000ED0000-memory.dmp
memory/4988-1108-0x0000000000E90000-0x0000000000ED0000-memory.dmp
memory/4676-1110-0x00000000778E0000-0x00000000779B0000-memory.dmp
C:\Windows\System32\GroupPolicy\GPT.INI
| MD5 | 93b3886bce89b59632cb37c0590af8a6 |
| SHA1 | 04d3201fe6f36dc29947c0ca13cd3d8d2d6f5137 |
| SHA256 | 851dd2bb0f555afaef368f1f761154da17360aeea4c01b72e43bf83264762c9f |
| SHA512 | fc7baef346b827c3a1338819baa01af63d2d4c31f3f7e17b6f6b72adab70de81872a67e8f3c1a28453abb595dbac01819a9bcff0710e9651a45deaf2f89e65fb |
memory/4676-1111-0x00000000778E0000-0x00000000779B0000-memory.dmp
memory/4676-1109-0x00000000778E0000-0x00000000779B0000-memory.dmp
\ProgramData\mozglue.dll
| MD5 | 4ee43056e01abc8e505db4ed00544414 |
| SHA1 | 476ade2cc600b80437fdc314ea1c4ef8ed26e9d8 |
| SHA256 | 7ecbeb442533c4f4162a4809fe42c326e58fbd580b9491c30e850714230432e8 |
| SHA512 | f432ac028ef5e94d9f8fcde50d47f2a5e74609be0fe2cb00fd4eff0c641be31decd191395eb6c043588c73fbf72a32557b1280b700b59d83418318aeaac6d358 |
C:\ProgramData\mozglue.dll
| MD5 | c8fd9be83bc728cc04beffafc2907fe9 |
| SHA1 | 95ab9f701e0024cedfbd312bcfe4e726744c4f2e |
| SHA256 | ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a |
| SHA512 | fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040 |
\ProgramData\nss3.dll
| MD5 | b77ea4f92089ec8cd203a99d11a1eb44 |
| SHA1 | 84919087221ed91ace80e339b344e640ec29e5a3 |
| SHA256 | 88299ca9b677f8135f2d04056a8c396a1eeaa69bbdb8100d868f8429887b4cdf |
| SHA512 | a7fd5f8a30eba988b7dafdb19be529723a16568dc0d6db529506b87150038ddbaa2a476dd7e89d8726419e9594103f6d4f2f6c36d0c4ea4b8a8340f32986b259 |
C:\Users\Admin\Documents\GuardFox\DhI9_2NRkwmRCsofJ3GRJ0x6.exe
| MD5 | 525597a13473c1e484b4b641d122cf35 |
| SHA1 | 3eb5d96134e261f142a140cc7c0dcc4cbf17a837 |
| SHA256 | 03945708d89b9bd5aa1507aa02d982f2ea67f42abad7b2d69f1093183d8e955b |
| SHA512 | 2e7fd1fc6462f332acad96c559505fbf0691f1f6feac1d3ca35c05815c9d5b640a196460bac33cadd7607e80bd20af0b643edca9af604c2fc5feef2d8fb913b7 |
C:\Users\Admin\AppData\Local\Temp\jobA4ceFM88uXfjtJg\oOPEmFmu_xsJCookies
| MD5 | c9ff7748d8fcef4cf84a5501e996a641 |
| SHA1 | 02867e5010f62f97ebb0cfb32cb3ede9449fe0c9 |
| SHA256 | 4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988 |
| SHA512 | d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73 |
C:\Users\Admin\AppData\Local\Temp\jobA4ceFM88uXfjtJg\D87fZN3R3jFeWeb Data
| MD5 | 7540ca42e247f0856ca4d4caca7deba3 |
| SHA1 | ba696363e1c2278de858f5fd17719567a33c9ba5 |
| SHA256 | 5b3ff8c5f31fa06e47538f77438a8d53aedb39e15c1a9b78a9c51031eafca09a |
| SHA512 | 4db0a137c2c4dc3f0341a437bc1783a3b186c9bb5b09ba1e53ce4786b1222c67ab77bd75e0f834a6b0472a9dc6faffbc003623d97f3879277726b8b608f5ad63 |
C:\Users\Admin\AppData\Local\Temp\jobA4ceFM88uXfjtJg\3b6N2Xdh3CYwplaces.sqlite
| MD5 | 81427a4fd5d59a2abf517c219eb8c5df |
| SHA1 | e51775f91952fd381176ffba0e2f62e63e832b51 |
| SHA256 | d25eb7e922c130102d646efa9b486d18d45fc6e50ea1574a7ebe9979880a0fd7 |
| SHA512 | 3770620cd701ed118013eef5c8183d1279b09c300ab37a1c06b834796f81a9830d2f8039d7c7eef06f0ad3d833f9ff9fd218075e79834847234edf8c2e33165a |
C:\Users\Admin\AppData\Local\Temp\jobA4ceFM88uXfjtJg\8ghN89CsjOW1Login Data For Account
| MD5 | 02d2c46697e3714e49f46b680b9a6b83 |
| SHA1 | 84f98b56d49f01e9b6b76a4e21accf64fd319140 |
| SHA256 | 522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9 |
| SHA512 | 60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac |
C:\Users\Admin\AppData\Local\Temp\jobA3ceFM88uXfjtJg\information.txt
| MD5 | 5551d840c4f49a70060238c6778fe73e |
| SHA1 | 87f432a9468682682b7fed3202d02f064b907d41 |
| SHA256 | 445462138281347c14b5f9b2c1ed455c7c98760818f47b7469ed2e8101416abf |
| SHA512 | bd46174375eaef84d0c20e1f9e4b8ccbe01ec6ececc7fab59da8defac0e8591aa2ce41db2ad9be3b635f168559eadf96d72a5ce03f2b7acf7e2597e49d396fe1 |
C:\Users\Admin\AppData\Local\Temp\msvcp_win\UniversalInstaller.exe
| MD5 | efa36e95216db75fa02dc46ccd8ba719 |
| SHA1 | 12bc22427c9f84c71ec100496754a1c019a42846 |
| SHA256 | 031619f557dc8c5ee6cee5e50f33eccae9b76a026ed705d7f2a46c39812e0e95 |
| SHA512 | 6ca47d57a38b78f6a613c43437f7d909b504b80c60b370407f87ef59fff30635fcbe4dc1b2cde4263e7ff684094206b7f80992a86e595d44708c0e77d7661b11 |
C:\Users\Admin\AppData\Local\Temp\msvcp_win\relay.dll
| MD5 | 7f934fea1f932a625927625a67ee80b0 |
| SHA1 | cb8909c500bb87ed3161c9bbd7d62181f3b78a75 |
| SHA256 | b1ebb4a2697d02f3597bb720f3da86d52ef81ac53883499c52f2fcc201f546a0 |
| SHA512 | a46d9cb42edf7a6cf69ae132f2120a486719dd7e1f4b0921af3282499e785c7dad9daa582625dbb52e2890965ede7f75d1c03c94d676df8e1bae987b6e0c040e |
C:\Users\Admin\AppData\Local\Temp\msvcp_win\sanitarium.ai
| MD5 | fbc5c73621e5f1f8807b37353903b91a |
| SHA1 | 1aaba77765231ee617dc4ed822f59d7c0efeb1a2 |
| SHA256 | 1d784d2c83b31be5dcae1c7dceee0e42d2e00c150b50758826609158ebd2c591 |
| SHA512 | fd22c48c9cc1c6a9ce4f884cde7c6c3148c90687354849e82b2c9b98c9c075100b17ccd9e4a14f33186c884ad88995a5560ee77b4189febb84aab2e17ca87d50 |
C:\Users\Admin\AppData\Local\Temp\msvcp_win\grille.eps
| MD5 | 2b3af3b41255b4ced8911e4e107e73b6 |
| SHA1 | f5e16f7feae0286b21fe3e4c155beaa26c14b941 |
| SHA256 | 5ba877e2f7f234c2a9b41a4a8350d592ec3208ab9c3a703c464add65fda648f6 |
| SHA512 | aa42b6f11d37ac104084ada9561edaa09b931440122057cd38f82623ffb476933ebddaaf0eb37ec4a983537b22ab49f152399c289aecf24d55368fb0657ec176 |
\Users\Admin\AppData\Local\Temp\msvcp_win\relay.dll
| MD5 | 832d416f778a12667d881d0132787a83 |
| SHA1 | 5388489509fd613a6ea4a695e283821a37600bb5 |
| SHA256 | 54641cca277fb0dfddb38e87351d0558a76691284ed87e789d272164c87d96d7 |
| SHA512 | 28d34cdcf152ce66a816b91f7db7a55dc3e62b0deac7154145911e64e2ee13059040147e246488b98ccb879e849c3b2f6b329b307ec082a090a511c97ac46e69 |
C:\Users\Admin\AppData\Local\Temp\msvcp_win\UniversalInstaller.exe
| MD5 | 7d8024c52ce6db404a7066a0c0c62b8a |
| SHA1 | 77a142ee7eb7d3c219c952cef7bd5dc1d19e3587 |
| SHA256 | 5189f142a4d625d498672cc2502abf9ec816135050c6690fe5b9ae99fae61c44 |
| SHA512 | 4203117d4c4e0036f4ce5372f2870b67c66f568dbd1d0de0ab7787b401ad6a2d1f6370596565da32982b1e728089da623cab1a0e4a93464120fa07ff734a6401 |
C:\Users\Admin\AppData\Local\Temp\msvcp_win\UIxMarketPlugin.dll
| MD5 | 3e6212b58ce4c24f4bfd051af5ff2986 |
| SHA1 | 5575449b264e5656a5def0d6592cf4f585b32a7c |
| SHA256 | c1ea206bcae79173de261924168b0a1e542e0422c1af94cdb60355eda8ff617a |
| SHA512 | 909d7fb7e5c0de5bcb9ef916a591264989778e8c84a86ce47c3388901c7c764c8f16675268d85b1023e79f8b7cc971ec0c6dbd9e487f3ee20a75b96a00528898 |
C:\Users\Admin\AppData\Roaming\msvcp_win\UniversalInstaller.exe
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Roaming\msvcp_win\relay.dll
| MD5 | abe726e6443d81297253400bc44d19cf |
| SHA1 | 2626b5a42da7f7182fa392e4c69bd34e481331e5 |
| SHA256 | 5bab8c40c8d7ba92d16ec4e6b20178f676e08d249cce9bce374e64a5ef8e995e |
| SHA512 | 1caccb5df50104e59f52d4f0055086b8dfb39bb948ffe67319d91304860cb789024a638bcb90858127a82d267a793d332c32c9c1b4419efb34d94c46a10a123c |
C:\Users\Admin\AppData\Roaming\msvcp_win\grille.eps
| MD5 | 3b6a0b14dc8831e3b426cec742e90059 |
| SHA1 | 75ef923554485165a5cee04910e550164e15c51c |
| SHA256 | ed0a03950e1e3857fcc0623d57b7d5c3694762e1b999f8be0568bafb90209c3a |
| SHA512 | f10bd3afb2dfb2b682f299579c58c0418835faa1e06ab352fd6621f9187b8a05a138434a67bcfce752d6dd96832a33013b3dc6a4a1260983b77ecb4914e41eb8 |
C:\Users\Admin\AppData\Roaming\msvcp_win\sanitarium.ai
| MD5 | 4cb5e6e39ee3ed9f5c3a56842bf8e31f |
| SHA1 | 662bccbb1653b4d2f37295d408f8fc4416591582 |
| SHA256 | 7df0130a7bea0f4b53fc48f30bb24cba4e3dda94c1fe364a6de88ab21714e0da |
| SHA512 | 4213c87ce37435ff7f6a26d8dd63531cf164c263d8a7ff463d7e002bbc0fc987a744dcdb56d9a82c81ad000b9b7b31a187b5ca54bc392e98d6116b797671e57a |
\Users\Admin\AppData\Roaming\msvcp_win\relay.dll
| MD5 | f9cd128bd6e0c2298eec3f3073272f1c |
| SHA1 | fe311de425777b16c8401ddf84873025774c8168 |
| SHA256 | 30b74e49121f8d20be50668ec68f17fe695943ce913bf92cdb66da1929fbf105 |
| SHA512 | 6c0be9ee108a5e91fb7124817843cbfc0b775582df525f2dac408905b1b7abea1636f78217e95c9a24ef73fc7e4c5b03dbce87d1e2d76ca478837f741619be40 |
C:\Users\Admin\AppData\Roaming\msvcp_win\UniversalInstaller.exe
| MD5 | 4633a3161ab0f52fef092897c0cd1b82 |
| SHA1 | 1ae283bc03033fcebfff5ee991eb67b3ebcc2102 |
| SHA256 | 0ec90fd536180f7572c95999d684deb6f9ec83ae413e1e9ed3e24a125913932b |
| SHA512 | b91944964774e670631a648240f65d77c981f33559388e2140b9aaad3a77e0cf8275a7f72c3baf72df43796227a75fd086528bc22d4e59a290c6d548091a802a |
C:\Users\Admin\Documents\GuardFox\8dFUuPXhaghlBY9svrSYVMq9.exe
| MD5 | ec9deef40935b204d36f34972a005219 |
| SHA1 | ad203754cc31517cc714413c9e90b0e2eb7340cd |
| SHA256 | d8b146834a991a247146e059540dbe43c73e38eaf7c0acf6045d4bd984a68ae3 |
| SHA512 | a2aec6a1e5b62d574c232787d364df6dd5c860327527bde0f891171cb9b785eb694167c5ae002dd37e0a829ae7947b395fbd7031c9e30ae2c978c18cb3bea60a |
C:\Users\Admin\Documents\GuardFox\9DGWd0ps_7vKTHgGezZ5yTAA.exe
| MD5 | 75780408f6578ae91e498621aad54f41 |
| SHA1 | ffa3069168df60d9f7e4cc7bac8627eaeac895ed |
| SHA256 | e42575c092a3a9c31325ef8cf59fad78476bb10071eb51dfd5bc922ffa1371ff |
| SHA512 | f2c2295425f949a6aea34b86192fabd00cdcc200daa997f3b64a4d7af0d9634ea2c93457cf4d7af56d6b607c37954991b7cdb89d1fe2265a66d285321c15c1fd |
C:\ProgramData\Are.docx
| MD5 | a33e5b189842c5867f46566bdbf7a095 |
| SHA1 | e1c06359f6a76da90d19e8fd95e79c832edb3196 |
| SHA256 | 5abf8e3d1f78de7b09d7f6fb87f9e80e60caacf13ef3c1289665653dacd7c454 |
| SHA512 | f2ad3812ec9b915e9618539b0f103f2e9acaad25fbbacd84941c954ce070af231324e83a4621e951c1dbae8d40d50410954e40dd52bbd46e34c54b0d1957407b |
C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe
| MD5 | 1b6fcd3aacbce730397668781ccd2649 |
| SHA1 | 456a750a0e09496227f23930f544c7ac2da8a5fb |
| SHA256 | 3cd08f29881c8e4b57020c2c69391326c64da99c06dd26eb6f6398a2b30a9fe4 |
| SHA512 | 266fec63d40a8e300bfcf54b87460295b3e0a923df204c834e46c139fe8ad6e5f63614bb5c961b8a87b3d8349d6e09e0752ff627ffca259e8d05d21f8f6b7684 |
C:\Users\Admin\AppData\Local\Temp\jobA484PKp_EKKIobA\02zdBXl47cvzHistory
| MD5 | 90a1d4b55edf36fa8b4cc6974ed7d4c4 |
| SHA1 | aba1b8d0e05421e7df5982899f626211c3c4b5c1 |
| SHA256 | 7cf3e9e8619904e72ea6608cc43e9b6c9f8aa2af02476f60c2b3daf33075981c |
| SHA512 | ea0838be754e1258c230111900c5937d2b0788f90bbf7c5f82b2ceda7868e50afb86c301f313267eaa912778da45755560b5434885521bf915967a7863922ae2 |
C:\Users\Admin\AppData\Local\Temp\jobA484PKp_EKKIobA\02zdBXl47cvzcookies.sqlite
| MD5 | af3f30fbb79e6851b003d2c63d0805c0 |
| SHA1 | 5d13516f3af0343da0763ac1295c40d4bd5b9b0e |
| SHA256 | ca2befd328b5107fb33ed5c00b2c4e4703e6a14759d2de7a3fa642ab4639776b |
| SHA512 | 9c04174debfb0b5867595628e79f25240886f9bdd01694caef3cef52e3207feea71a46a9f4ffbe91eef910804f7e55eebff7370eb1ae021dff14798c1d16bbfc |
C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe
| MD5 | a13780b8ee3f9cb4e22896211bf1bb46 |
| SHA1 | 05dc361ac8ca32dc130c5e575d3d3e23835fce1d |
| SHA256 | bcfe456d4088d90bd28bca4cf8ee0991d9bc09653813a0bb73eda324d1360e8a |
| SHA512 | 58c42535b6a1debd0a7528d4ddd40b7be086386acdc97b6572736ceedcfa9245d6fbf9bd5663bc775fab1499d6988e2dd628fe645e9f412ced351cc32d6afd84 |
C:\Users\Admin\AppData\Local\Temp\jobA384PKp_EKKIobA\passwords.txt
| MD5 | cb415a199ac4c0a1c769510adcbade19 |
| SHA1 | 6820fbc138ddae7291e529ab29d7050eaa9a91d9 |
| SHA256 | bae990e500fc3bbc98eddec0d4dd0b55c648cc74affc57f0ed06efa4bde79fee |
| SHA512 | a4c967e7ba5293970450fc873bf203bf12763b9915a2f4acd9e6fa287f8e5f74887f24320ddac4769f591d7ef206f34ce041e7f7aaca615757801eb3664ba9a4 |
C:\Users\Admin\AppData\Local\Temp\jobA384PKp_EKKIobA\information.txt
| MD5 | 70bcf59df9d5340ba61620f306d9ec7e |
| SHA1 | de2f7889860885609aef9856b3d741b9a6a6aaba |
| SHA256 | 0708fff6a512bfb90b8879d9da59143eefd38cd80f63a23c91af78f28f0b4964 |
| SHA512 | 070c21286ec18f1ebd78dc2bd06ba2c6079a158270a5fac0b59bdf67f287cfe01d21938c570c4b5e0f4eaccc5e4fa273759360307b56d06c41db1361afff6c7c |
C:\Users\Admin\AppData\Local\Temp\jobA384PKp_EKKIobA\Files\AddUpdate.txt
| MD5 | 303449cfdba7f615c5a1691ebcc3884b |
| SHA1 | 517240db2372d2ee1fe63f2b15ce57914f2baad0 |
| SHA256 | 7d9276f7a7dede230286784f2abdb6381f727ac40600e5d26480abd46718f52e |
| SHA512 | 1a4c0a958dcc5e089d3471a0493bc0d8b16ef6d9b888814f982c68b5bd88373dacb3bc937242c6db3c64747467303fe703d62917e8672257c9491fde3455050b |
C:\Users\Admin\AppData\Local\Temp\1000114001\InstallSetup8.exe
| MD5 | 745aaf2d3831f5b1eb0132cad4ac7d4d |
| SHA1 | 4fdc0ad63ceb132abbc1643ec9fb66917dd65b4e |
| SHA256 | 92d1875bdc64d25af56e8b9a7685af6d5b22b1c147100d32ba6886d39f5fcab2 |
| SHA512 | 5f7f27dae5c2f6874162a9afc4f388cdcb832ea3209b64e191c0403877a3d0281c7cfeba439150e417a07c41ef129260fe86d06e6cfcba76b1e56e0fcd2ebf44 |
C:\Users\Admin\AppData\Local\Temp\1000115001\toolspub1.exe
| MD5 | 9f81fc3c21e24fec9bca3edea3701166 |
| SHA1 | 21746cc141904c9e9f2c626caff7679863a5eeb8 |
| SHA256 | af8aedd6ebd48609912b724d06cab5b173b1206ef720c5a3ffcb6bac14383164 |
| SHA512 | 8b64358a1d29b43ac6ca85ca8a3f09091668a0f34d250b3ff2c6fbab0017736a478a5e77588bfdb75dd499e477745eded8ac527d09c7d3ca9baeb01ddcba6f4f |
C:\Users\Admin\AppData\Local\Temp\nsmC7C1.tmp\INetC.dll
| MD5 | 40d7eca32b2f4d29db98715dd45bfac5 |
| SHA1 | 124df3f617f562e46095776454e1c0c7bb791cc7 |
| SHA256 | 85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9 |
| SHA512 | 5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d |
C:\Users\Admin\AppData\Local\Temp\1000495001\SetupPowerGREPDemo.exe
| MD5 | e3e85877b0cfdee5bf1bbe0e90a499da |
| SHA1 | 01b29a77741595694a65722db04a1932b8c8963b |
| SHA256 | 974fcf34f49540a975b8b3305b7f0a8f9582cc739fd421d895f9be8129c77caa |
| SHA512 | cabfc26b5cd1c0ba04b7e9b4e048be87cd38c612c33ce8842f8ca8fe99dce834aae40158f4b7347ee8e6b5bb30c43fa557964e12e31f346f9ae530d320324f59 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 81ae5d9caa10b2183ee1b23e4da1231e |
| SHA1 | 7985d11b028f135b5896213fb4da0eddc507bff8 |
| SHA256 | 46b773bfba4b414ccf26b702595d9ad56a17427c36c4d66798f47e4431f2b952 |
| SHA512 | 35f33015a510052f14169dced60dafc7f65b1d44888453dcf0991165a7231cf314148f27f98c125b29b31782fa9341450127e99e1c56ff503dc1464d251aad93 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Temp\1000119001\FirstZ.exe
| MD5 | ffada57f998ed6a72b6ba2f072d2690a |
| SHA1 | 6857b5f0c40a1cdb0411eb34aa9fe5029bcdb84f |
| SHA256 | 677f393462e24fb6dba1a47b39e674f485450f91deee6076ccbad9fd5e05bd12 |
| SHA512 | 1de77f83a89935bb3fc3772d5190c3827d76a998785d451e2c0d11a0061cfd28f1b96eccb41b012c76ddda2021e3333a0a647489ae3c6dac10cfb8302abdf33f |
C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll
| MD5 | 1b7c22a214949975556626d7217e9a39 |
| SHA1 | d01c97e2944166ed23e47e4a62ff471ab8fa031f |
| SHA256 | 340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87 |
| SHA512 | ba64847cf1d4157d50abe4f4a1e5c1996fe387c5808e2f758c7fb3213bfefe1f3712d343f0c30a16819749840954654a70611d2250fd0f7b032429db7afd2cc5 |
C:\Users\Admin\AppData\Local\Temp\1000544001\Zjqkz.exe
| MD5 | 3ef515bb081e3a8546a39219bf1310a4 |
| SHA1 | 65b19bc8100f6b67368c46b33d39ef441aaeaeb0 |
| SHA256 | 9ae50d0f38c49c5e2a1e90d5bfa9972e551f8274f83fcf7182ab3ed38b2fd394 |
| SHA512 | 22dcac861796e40936f536c3eb908d16fb33b209dcfe5ebd39318bca9134bcdf1504d01ace87b348d6fcfa3cb92f7366d47df1de6f07a64f8b9eaaecf1c2fbd1 |
C:\Users\Admin\AppData\Local\Temp\1000545001\gold1234.exe
| MD5 | 4dc62aa51086843a31d87236c87f21e4 |
| SHA1 | c7cdc373668dd8f7373a433ed0f3703843b67c10 |
| SHA256 | 5a1a04657de632f044fcf0f4b089686de18840fa979a8265d8f9978f4feb5d27 |
| SHA512 | a876f4404d3be84ff8c36bd1005d844b0c22630cafb34631db7b07009c95f6564864a6811bb1b45ac415a64000748cb1626aa367d3deb8b616b6633bfde06658 |
C:\Users\Admin\AppData\Local\Temp\1000546001\rdx1122.exe
| MD5 | 927fa2810d057f5b7740f9fd3d0af3c9 |
| SHA1 | b75d4c86d3b4fd9d6ecf4be05d9ebcf4d7fd7ec8 |
| SHA256 | 9285f56d3f84131e78d09d2b85dad48a871eec4702cb6494e9c46a24f70e50f9 |
| SHA512 | 54af68949da4520c87e24d613817003705e8e50d3006e81dcf5d924003c1a1b8185ba89f6878c0abac61f34efbe7a9233f28ba3e678a35983c1e74216a5ac1a8 |
C:\Users\Admin\AppData\Local\Temp\1000548001\flesh.exe
| MD5 | d8337d7ca38eddace5472f7a274b3943 |
| SHA1 | 273fc254a6051aaf13d74b6f426fd9f1a58dee19 |
| SHA256 | 3ac6dde9c9dfcaed7066ea5af5121fd75a7c6c1ab9bb7bb4ca35784d50efa202 |
| SHA512 | c65082f8478a7dfae7c244e093f34b8cd67599ab20e39a7db3fc50b346039588772764a4f737ad71fff74655534d6c307338c36de6ca209c5ff8b41d0171f589 |
C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll
| MD5 | 85af6c99d918757171d2d280e5ac61ef |
| SHA1 | ba1426d0ecf89825f690adad0a9f3c8c528ed48e |
| SHA256 | 150fb1285c252e2b79dea84efb28722cc22d370328ceb46fb9553de1479e001e |
| SHA512 | 12c061d8ff87cdd3b1f26b84748396e4f56fc1429152e418988e042bc5362df96a2f2c17bcf826d17a8bae9045ee3ba0c063fb565d75c604e47009ff442e8c8e |
C:\ProgramData\nss3.dll
| MD5 | 1cc453cdf74f31e4d913ff9c10acdde2 |
| SHA1 | 6e85eae544d6e965f15fa5c39700fa7202f3aafe |
| SHA256 | ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5 |
| SHA512 | dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571 |
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
| MD5 | 619f7135621b50fd1900ff24aade1524 |
| SHA1 | 6c7ea8bbd435163ae3945cbef30ef6b9872a4591 |
| SHA256 | 344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2 |
| SHA512 | 2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628 |
C:\Users\Admin\AppData\Local\Temp\1000552001\store.exe
| MD5 | 88a1669cf7aeddae3c96cb9512ae9a7f |
| SHA1 | d8d934b2d7eb85a744012458e742d7616d7fe63a |
| SHA256 | 5bc7282bd88dccc0ac5e1c63456078cd7a59605dfcf3dd362f36b31b6b518332 |
| SHA512 | b907f7015c851c9dd7fa7d23c6a9bc4c775c0f5c30ef8b0f99b47fdf5653009ab483da657e2a2a5834561852f60f429f32feddcb10a12df56d87f787d862db2d |
C:\ProgramData\RemoveHide.txt
| MD5 | cf740fd5ad6be11de03a382d34ad20dc |
| SHA1 | a0bce501865f640a766eea71111ac3fbfad59bdc |
| SHA256 | 5d764cb6081a89ec69025b81aa0798cb9defad80c735455e2000f2486cda0677 |
| SHA512 | 994c4688560a63ca4197ebffed7b22719b1bb75781ec61dab6439347a5a944f7b1141a75f62b12217a86357426fcdab65c48483b0eaf32ec23911631d277648b |
C:\Users\Admin\AppData\Local\Temp\1000556001\latestrocki.exe
| MD5 | 646914a93205fc40bd9b4d0a2df46181 |
| SHA1 | 15c9611ca482884a52ff76b85db6f2bccaa30101 |
| SHA256 | ae42b5bea91cc6272260817859bd22ff25a3802179f1f29b532d77bed9bb467a |
| SHA512 | 86d36c6b45a73d5c15851907c1fe6f9d71ac83e05e8c998d1aceea8f1f88458fe5d11e8d2576f4124cf2b73492850f2a42f0023c914387983ec2a7b3c2d2afc2 |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ezcolmnv.3ky.ps1
| MD5 | c4ca4238a0b923820dcc509a6f75849b |
| SHA1 | 356a192b7913b04c54574d18c28d46e6395428ab |
| SHA256 | 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b |
| SHA512 | 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a |
C:\Users\Admin\AppData\Local\Temp\1000560001\kskskfsf.exe
| MD5 | d75a38987ba68363fb67861537749274 |
| SHA1 | f0b3f8c862c01dc1d419ae9dd24b6c03e88b9969 |
| SHA256 | cfc25ec5eeba4d8b6ab70bc0ce66492119f07739ac34fbe97048d5d253547c05 |
| SHA512 | 1153bbb754163200198e7355cd9e6a5362830246492b9872bd4034267910ca63f41a873839597d2c4549042baf142fcd766ba6617d0bc7e2b28582171994d324 |
C:\Users\Admin\AppData\Local\Temp\1000563001\pixellslsss.exe
| MD5 | 8244f65c3a732ddf4f1efd3e5fd6b518 |
| SHA1 | 1d144dd4af5bc24596da2cdf4e83d69b6cbf1b64 |
| SHA256 | 769dca9ebcfe2a0ae9060d97a9b91d159dcab16debb2dffe9b06d28ae6425f01 |
| SHA512 | 5549a81d1a85b475ef0e59b33b59b4377f07c56547c99ab35f671b76d948c70259d98dd75df4f9456814cced8f47205031579b9e6c764b5d3df15735e7b21a7e |
C:\Users\Admin\AppData\Local\Temp\1000564001\num.exe
| MD5 | 074b6ff06109b2b69ae7dc9a0f1cb17d |
| SHA1 | e31114f21e636520e9945ba9ee9289c4eb3ebcee |
| SHA256 | 2aa60848673a9097f89401c1d8c3c3785a943a54fe2ffac1ee9399917a2e8c7a |
| SHA512 | d5a2aba12e255891d7a38dd443821692ed7608bda3f699e95ed39a9a878c19af3af1fe4c3ad5ddee0896434d745299ab9053f0adf98a7312b3aba7514aa96fa4 |
C:\Users\Admin\AppData\Local\Temp\1000569001\leg221.exe
| MD5 | d177caf6762f5eb7e63e33d19c854089 |
| SHA1 | f25cf817e3272302c2b319cedf075cb69e8c1670 |
| SHA256 | 4296e28124f0def71c811d4b21284c5d4e1a068484db03aeae56f536c89976c0 |
| SHA512 | 9d0e67e35dac6ad8222e7c391f75dee4e28f69c29714905b36a63cf5c067d31840aaf30e79cfc7b56187dc9817a870652113655bec465c1995d2a49aa276de25 |
C:\Users\Admin\AppData\Local\Temp\main\main.bat
| MD5 | 4b3a5b96f9eedd8626a8c12976765b56 |
| SHA1 | 85307e380d233c8229f9e0de16ed82821221a0be |
| SHA256 | 1651b6ed815b2128c2362ad38a7cfcdafc6c5f8705572626c872ad788c41f6ef |
| SHA512 | b274c74ebf059fa203408a120a2c6f54f769d93d34d916aad9b4f712455b3ffe396e325744d2488a090dafb1c4621f83428719c8fe20d93b10904953dcdc8790 |
C:\Users\Admin\AppData\Local\Temp\1000571001\Gzxzuhejdab.exe
| MD5 | 2fadc3984b71f0fd08c832adeedf2b52 |
| SHA1 | cc1fc06a55af72364fb0a1266d3f5936577162f9 |
| SHA256 | 34f47e63788cdb398c48ad06f3878ec9bce9fd0e261306b2c81b3796925f9240 |
| SHA512 | 63e8127e2d44cd98cd6225eb8d1f348f5e3e7d7f86900e2f949329f6d35a943147aa1fb72061a8868cfcd9e53fde536dc870b3a9c9248b6aab067774b1654685 |
C:\Users\Admin\AppData\Local\Temp\1000572001\crypted.exe
| MD5 | 3c9da20ad78d24df53b661b7129959e0 |
| SHA1 | e7956e819cc1d2abafb2228a10cf22b9391fb611 |
| SHA256 | 2fd37ed834b6cd3747f1017ee09b3f97170245f59f9f2ed37c15b62580623319 |
| SHA512 | 1a02da1652a2c00df33eceda0706adebb5a5f1c3c05e30a09857c94d2fbb93e570f768af5d6648d3a5d11eea3b5c4b1ceb9393fc05248f1eefd96e17f3bbe1b4 |
C:\Users\Admin\AppData\Local\Temp\1000573001\moto.exe
| MD5 | 2eafb4926d78feb0b61d5b995d0fe6ee |
| SHA1 | f6e75678f1dafcb18408452ea948b9ad51b5d83e |
| SHA256 | 50b50beee2174d403ddba91f4f0b13d8e754ed2f979ad7c60baeb6617249bb30 |
| SHA512 | 1885f5874c44a6841be4d53140ad63304e8d1924bb98fe14602d884fbc289ec8913db772a9e2db93e45298d1328700e2000ddab109af3964eaf6f23af61ef78e |
C:\Users\Admin\AppData\Local\Temp\1000574001\stan.exe
| MD5 | 1a4f852a7299ed05ce883b4736b90de3 |
| SHA1 | 93c8ced82ed7b29c2ee7461754352315d5eee71a |
| SHA256 | 0991757054bbece76e8b22861d217641df2be6b8902873076ed9eeaea61fb1a0 |
| SHA512 | 8207206f83d6a87ad0bc6d96fb8e6b85a69f51f8570638c9bc0f001d14bb7e774721b9a0ace50d521258fac25c7546b7fcba79aabb306e642cbeb780ca212ec2 |
C:\Users\Admin\AppData\Local\Temp\F59E91F8
| MD5 | 5cac70fbe2fc9869397bf1989e592841 |
| SHA1 | cc522bec3c1772269465799d35268630248e801b |
| SHA256 | 17e571023337ad513deb4d436c17573b6ab3c9ebf2a3e30425c3f5fa9a638806 |
| SHA512 | f56d8d7a996401404b850b6503960ea17d68fe56acbc06de8fa9c39b20dd7f01d24837283f459655ac4efb3da10a8864623cbb041ca9ad81bc9afd1ecf9b5fb9 |
C:\Users\Admin\AppData\Local\Temp\nss8FC.tmp
| MD5 | 572e08d58cfa2070e5afffc1211da814 |
| SHA1 | 2f553d7c8166f40dc0bcb37494f58e32d5a2ca89 |
| SHA256 | 955fd85058f3c9e90e832857e012ec8439e786d3f43c8421db2d119772515f30 |
| SHA512 | 4a4ca8d39ff7e223cdbe856c45e4f5fca5decd959e25205f9e6cddb05904055c01f6f903b13ac0300219347bcf1c211a19fdf91318e6a63b7a6ef11184a558d9 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-01-24 11:52
Reported
2024-01-24 12:00
Platform
win10v2004-20231215-en
Max time kernel
20s
Max time network
158s
Command Line
Signatures
Amadey
Detect ZGRat V1
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detected Djvu ransomware
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Djvu Ransomware
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
RisePro
SmokeLoader
Stealc
ZGRat
Creates new service(s)
Downloads MZ/PE file
Stops running service(s)
.NET Reactor proctector
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Reads user/profile data of web browsers
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Unexpected DNS network traffic destination
| Description | Indicator | Process | Target |
| Destination IP | 91.211.247.248 | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.myip.com | N/A | N/A |
| N/A | api.myip.com | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\GroupPolicy\Machine\Registry.pol | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy\GPT.INI | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy\gpt.ini | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
Enumerates physical storage devices
Program crash
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\setup.exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
C:\Users\Admin\Documents\GuardFox\wxH2JcIj8haDyTEooYqvLo4p.exe
"C:\Users\Admin\Documents\GuardFox\wxH2JcIj8haDyTEooYqvLo4p.exe"
C:\Users\Admin\AppData\Local\Temp\is-0K59B.tmp\m5W8JZPrsOJy8OpyMuPjKKdQ.tmp
"C:\Users\Admin\AppData\Local\Temp\is-0K59B.tmp\m5W8JZPrsOJy8OpyMuPjKKdQ.tmp" /SL5="$100066,3301412,119808,C:\Users\Admin\Documents\GuardFox\m5W8JZPrsOJy8OpyMuPjKKdQ.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 1296 -ip 1296
C:\Users\Admin\Documents\GuardFox\MqgEKze8_FBCUvVdaibGMwDq.exe
"C:\Users\Admin\Documents\GuardFox\MqgEKze8_FBCUvVdaibGMwDq.exe"
C:\Users\Admin\Documents\GuardFox\bfsRWO_r1Q4cpN4Z5XW65UAC.exe
"C:\Users\Admin\Documents\GuardFox\bfsRWO_r1Q4cpN4Z5XW65UAC.exe"
C:\Users\Admin\Documents\GuardFox\ux87w6G5ryaxJZ7hW1nIqyyv.exe
"C:\Users\Admin\Documents\GuardFox\ux87w6G5ryaxJZ7hW1nIqyyv.exe"
C:\Users\Admin\Documents\GuardFox\mM1gK9oagKaOPZ6FsYOqnxvz.exe
"C:\Users\Admin\Documents\GuardFox\mM1gK9oagKaOPZ6FsYOqnxvz.exe"
C:\Users\Admin\Documents\GuardFox\L8QOEhc0yzF4YCsvrmbtoUJq.exe
"C:\Users\Admin\Documents\GuardFox\L8QOEhc0yzF4YCsvrmbtoUJq.exe"
C:\Users\Admin\Documents\GuardFox\n0HpP0iKzD4Lj3OCgKc5tQwA.exe
"C:\Users\Admin\Documents\GuardFox\n0HpP0iKzD4Lj3OCgKc5tQwA.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 344
C:\Users\Admin\AppData\Local\UUID Code Generator\uuidcodegenerator.exe
"C:\Users\Admin\AppData\Local\UUID Code Generator\uuidcodegenerator.exe" -s
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\WinTrackerSP\WinTrackerSP.exe" /tn "WinTrackerSP HR" /sc HOURLY /rl HIGHEST
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\WinTrackerSP\WinTrackerSP.exe" /tn "WinTrackerSP LG" /sc ONLOGON /rl HIGHEST
C:\Users\Admin\Documents\GuardFox\FQRE4NwXxutprrPJS0zwfFuh.exe
"C:\Users\Admin\Documents\GuardFox\FQRE4NwXxutprrPJS0zwfFuh.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Users\Admin\AppData\Local\f8a829c5-fe8b-488f-8111-b2039125da6c" /deny *S-1-1-0:(OI)(CI)(DE,DC)
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN FQRE4NwXxutprrPJS0zwfFuh.exe /TR "C:\Users\Admin\Documents\GuardFox\FQRE4NwXxutprrPJS0zwfFuh.exe" /F
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\msvcp_win\UniversalInstaller.exe
C:\Users\Admin\AppData\Local\Temp\msvcp_win\UniversalInstaller.exe
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\LgU0.CPl",
C:\Users\Admin\Documents\GuardFox\qemu-ga.exe
"C:\Users\Admin\Documents\GuardFox\qemu-ga.exe"
C:\Users\Admin\AppData\Roaming\msvcp_win\UniversalInstaller.exe
"C:\Users\Admin\AppData\Roaming\msvcp_win\UniversalInstaller.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc7f79758,0x7ffdc7f79768,0x7ffdc7f79778
C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe
"C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe"
C:\Users\Admin\AppData\Local\Temp\1000114001\InstallSetup8.exe
"C:\Users\Admin\AppData\Local\Temp\1000114001\InstallSetup8.exe"
C:\Users\Admin\Documents\GuardFox\MqgEKze8_FBCUvVdaibGMwDq.exe
"C:\Users\Admin\Documents\GuardFox\MqgEKze8_FBCUvVdaibGMwDq.exe"
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1884,i,6230241022964825669,10402929922123868183,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2200 --field-trial-handle=1884,i,6230241022964825669,10402929922123868183,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1884,i,6230241022964825669,10402929922123868183,131072 /prefetch:8
C:\Users\Admin\AppData\Local\UUID Code Generator\uuidcodegenerator.exe
"C:\Users\Admin\AppData\Local\UUID Code Generator\uuidcodegenerator.exe" -i
C:\Windows\SysWOW64\control.exe
"C:\Windows\System32\control.exe" "C:\Users\Admin\AppData\Local\Temp\LgU0.CPl",
C:\Users\Admin\Documents\GuardFox\uvFmaHyGgsN7k8ts6ek6mPXs.exe
"C:\Users\Admin\Documents\GuardFox\uvFmaHyGgsN7k8ts6ek6mPXs.exe"
C:\Users\Admin\Documents\GuardFox\3_OhiSAmwwThCvnW5Rd_YQ0F.exe
"C:\Users\Admin\Documents\GuardFox\3_OhiSAmwwThCvnW5Rd_YQ0F.exe"
C:\Users\Admin\Documents\GuardFox\XaFBGKDk9KcFdKp9DwcwqG_W.exe
"C:\Users\Admin\Documents\GuardFox\XaFBGKDk9KcFdKp9DwcwqG_W.exe"
C:\Users\Admin\Documents\GuardFox\XRa8WzCQ1_dVNAvzlHwg0HOx.exe
"C:\Users\Admin\Documents\GuardFox\XRa8WzCQ1_dVNAvzlHwg0HOx.exe"
C:\Users\Admin\Documents\GuardFox\D02OA3sYPHkXl2JImJ4GRedj.exe
"C:\Users\Admin\Documents\GuardFox\D02OA3sYPHkXl2JImJ4GRedj.exe"
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3140 --field-trial-handle=1884,i,6230241022964825669,10402929922123868183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3120 --field-trial-handle=1884,i,6230241022964825669,10402929922123868183,131072 /prefetch:1
C:\Users\Admin\Documents\GuardFox\SW_MB3axMR1nzbfRPxcxP_cx.exe
"C:\Users\Admin\Documents\GuardFox\SW_MB3axMR1nzbfRPxcxP_cx.exe"
C:\Users\Admin\Documents\GuardFox\00BCflRjBlvLGR_M7jw_UMMb.exe
"C:\Users\Admin\Documents\GuardFox\00BCflRjBlvLGR_M7jw_UMMb.exe"
C:\Users\Admin\Documents\GuardFox\m5W8JZPrsOJy8OpyMuPjKKdQ.exe
"C:\Users\Admin\Documents\GuardFox\m5W8JZPrsOJy8OpyMuPjKKdQ.exe"
C:\Users\Admin\Documents\GuardFox\us0OF5kRFjjCHL_Pdc4m6fsq.exe
"C:\Users\Admin\Documents\GuardFox\us0OF5kRFjjCHL_Pdc4m6fsq.exe"
C:\Users\Admin\Documents\GuardFox\dB97ZTf5xW0sPbrc3gKOpjik.exe
"C:\Users\Admin\Documents\GuardFox\dB97ZTf5xW0sPbrc3gKOpjik.exe"
C:\Users\Admin\Documents\GuardFox\WdMfqOZIFj2GNZNeewRO76dx.exe
"C:\Users\Admin\Documents\GuardFox\WdMfqOZIFj2GNZNeewRO76dx.exe"
C:\Users\Admin\AppData\Local\Temp\nscFDEA.tmp
C:\Users\Admin\AppData\Local\Temp\nscFDEA.tmp
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "
C:\Users\Admin\AppData\Local\Temp\1000115001\toolspub1.exe
"C:\Users\Admin\AppData\Local\Temp\1000115001\toolspub1.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 1980 -ip 1980
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 340
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4860 --field-trial-handle=1884,i,6230241022964825669,10402929922123868183,131072 /prefetch:8
C:\Windows\SysWOW64\chcp.com
chcp 1251
C:\Users\Admin\AppData\Local\Temp\1000117001\rty27.exe
"C:\Users\Admin\AppData\Local\Temp\1000117001\rty27.exe"
C:\Users\Admin\AppData\Local\Temp\1000119001\FirstZ.exe
"C:\Users\Admin\AppData\Local\Temp\1000119001\FirstZ.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\Admin\Documents\GuardFox\dB97ZTf5xW0sPbrc3gKOpjik.exe" & del "C:\ProgramData\*.dll"" & exit
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 5136 -ip 5136
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5136 -s 2320
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\Admin\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc7f79758,0x7ffdc7f79768,0x7ffdc7f79778
C:\Users\Admin\Documents\GuardFox\MqgEKze8_FBCUvVdaibGMwDq.exe
"C:\Users\Admin\Documents\GuardFox\MqgEKze8_FBCUvVdaibGMwDq.exe" --Admin IsNotAutoStart IsNotTask
C:\Users\Admin\Documents\GuardFox\MqgEKze8_FBCUvVdaibGMwDq.exe
"C:\Users\Admin\Documents\GuardFox\MqgEKze8_FBCUvVdaibGMwDq.exe" --Admin IsNotAutoStart IsNotTask
C:\Windows\SysWOW64\timeout.exe
timeout /t 5
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 6124 -ip 6124
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6124 -s 572
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1948 --field-trial-handle=2380,i,7316163953626916138,6971931124314445834,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1924 --field-trial-handle=2380,i,7316163953626916138,6971931124314445834,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=2380,i,7316163953626916138,6971931124314445834,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=2380,i,7316163953626916138,6971931124314445834,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=2380,i,7316163953626916138,6971931124314445834,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4844 --field-trial-handle=2380,i,7316163953626916138,6971931124314445834,131072 /prefetch:8
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH1\MPGPH1.exe" /tn "MPGPH1 HR" /sc HOURLY /rl HIGHEST
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH1\MPGPH1.exe" /tn "MPGPH1 LG" /sc ONLOGON /rl HIGHEST
C:\Users\Admin\Documents\GuardFox\FQRE4NwXxutprrPJS0zwfFuh.exe
C:\Users\Admin\Documents\GuardFox\FQRE4NwXxutprrPJS0zwfFuh.exe
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 4416 -ip 4416
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 1400
C:\Users\Admin\AppData\Local\Temp\jobA4YdhQ2r8P00rkZ\1uMVCRFptcIIlY17MXAG.exe
"C:\Users\Admin\AppData\Local\Temp\jobA4YdhQ2r8P00rkZ\1uMVCRFptcIIlY17MXAG.exe"
C:\Users\Admin\AppData\Local\Temp\jobA4YdhQ2r8P00rkZ\7qSs68sESccfonx45Ne4.exe
"C:\Users\Admin\AppData\Local\Temp\jobA4YdhQ2r8P00rkZ\7qSs68sESccfonx45Ne4.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
C:\Users\Admin\AppData\Local\Temp\jobA4YdhQ2r8P00rkZ\NaE0wSEn8rF34rphC0Fe.exe
"C:\Users\Admin\AppData\Local\Temp\jobA4YdhQ2r8P00rkZ\NaE0wSEn8rF34rphC0Fe.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffdc55246f8,0x7ffdc5524708,0x7ffdc5524718
C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe
"C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffdc55246f8,0x7ffdc5524708,0x7ffdc5524718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc55246f8,0x7ffdc5524708,0x7ffdc5524718
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN explorhe.exe /TR "C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe" /F
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.youtube.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.facebook.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc55246f8,0x7ffdc5524708,0x7ffdc5524718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffdc55246f8,0x7ffdc5524708,0x7ffdc5524718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffdc55246f8,0x7ffdc5524708,0x7ffdc5524718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,1089155650766252689,4783137317579857867,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,1089155650766252689,4783137317579857867,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,1089155650766252689,4783137317579857867,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xdc,0xe0,0xd4,0xd8,0x104,0x7ffdc7f79758,0x7ffdc7f79768,0x7ffdc7f79778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdc7f79758,0x7ffdc7f79768,0x7ffdc7f79778
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1089155650766252689,4783137317579857867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1089155650766252689,4783137317579857867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5320 --field-trial-handle=2380,i,7316163953626916138,6971931124314445834,131072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,7905895198395250883,14266734738825635959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com
C:\Users\Admin\AppData\Local\Temp\jobA4YdhQ2r8P00rkZ\Zf7Zfr8wjeEHCf8UU6BJ.exe
"C:\Users\Admin\AppData\Local\Temp\jobA4YdhQ2r8P00rkZ\Zf7Zfr8wjeEHCf8UU6BJ.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1089155650766252689,4783137317579857867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1089155650766252689,4783137317579857867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3904 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,7905895198395250883,14266734738825635959,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5612 --field-trial-handle=2380,i,7316163953626916138,6971931124314445834,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5460 --field-trial-handle=2380,i,7316163953626916138,6971931124314445834,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4904 --field-trial-handle=2380,i,7316163953626916138,6971931124314445834,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdc7f79758,0x7ffdc7f79768,0x7ffdc7f79778
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1089155650766252689,4783137317579857867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,1325265330744642417,3441461597490046211,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7324.0.1458820358\1620600769" -parentBuildID 20221007134813 -prefsHandle 1880 -prefMapHandle 1872 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {243cd5bf-3b32-4911-b222-0be67c0ad7d1} 7324 "\\.\pipe\gecko-crash-server-pipe.7324" 1976 1e6951d2758 gpu
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1089155650766252689,4783137317579857867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1089155650766252689,4783137317579857867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,1325265330744642417,3441461597490046211,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,473278863846908902,14177309908476060151,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 /prefetch:3
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Users\Admin\AppData\Local\Temp\jobA4YdhQ2r8P00rkZ\bkZFmjGd0fHWFibWRWJY.exe
"C:\Users\Admin\AppData\Local\Temp\jobA4YdhQ2r8P00rkZ\bkZFmjGd0fHWFibWRWJY.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1089155650766252689,4783137317579857867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1089155650766252689,4783137317579857867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7324.1.458560306\30152072" -parentBuildID 20221007134813 -prefsHandle 2408 -prefMapHandle 2248 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {289d62b0-24dd-4517-9b06-167c63a053d5} 7324 "\\.\pipe\gecko-crash-server-pipe.7324" 2420 1e694b3f858 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7324.2.458121599\2051700470" -childID 1 -isForBrowser -prefsHandle 2936 -prefMapHandle 2932 -prefsLen 21603 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {45942576-cfb6-4a2b-aaf1-68d15b807048} 7324 "\\.\pipe\gecko-crash-server-pipe.7324" 3468 1e6990c9858 tab
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 1556 -ip 1556
C:\Users\Admin\AppData\Local\Temp\1000544001\Zjqkz.exe
"C:\Users\Admin\AppData\Local\Temp\1000544001\Zjqkz.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\Admin\AppData\Local\Temp\nscFDEA.tmp" & del "C:\ProgramData\*.dll"" & exit
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 2292
C:\Users\Admin\AppData\Local\Temp\d887ceb89d\qemu-ga.exe
"C:\Users\Admin\AppData\Local\Temp\d887ceb89d\qemu-ga.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7324.3.601193515\373140699" -childID 2 -isForBrowser -prefsHandle 3348 -prefMapHandle 3336 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b9a17bb-e365-4dab-80cd-8155d1b22800} 7324 "\\.\pipe\gecko-crash-server-pipe.7324" 3384 1e688666858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7324.4.358140499\2027561127" -childID 3 -isForBrowser -prefsHandle 3192 -prefMapHandle 3188 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8173a2c5-6823-4b12-a10e-217d6b85b8e2} 7324 "\\.\pipe\gecko-crash-server-pipe.7324" 3920 1e698826258 tab
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 --field-trial-handle=2380,i,7316163953626916138,6971931124314445834,131072 /prefetch:8
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7324.5.2111362620\820870002" -childID 4 -isForBrowser -prefsHandle 3028 -prefMapHandle 3084 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e12b0e07-6f8c-4a9a-96e3-2c6e58c9b007} 7324 "\\.\pipe\gecko-crash-server-pipe.7324" 4144 1e69a5aed58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7324.6.854366280\255284573" -childID 5 -isForBrowser -prefsHandle 5240 -prefMapHandle 5236 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd837d1c-55e3-432d-bfac-b74556904e3e} 7324 "\\.\pipe\gecko-crash-server-pipe.7324" 5248 1e69b24ee58 tab
C:\Users\Admin\AppData\Local\Temp\jobA4YdhQ2r8P00rkZ\gjo0n8gyoaT0wn8F70iV.exe
"C:\Users\Admin\AppData\Local\Temp\jobA4YdhQ2r8P00rkZ\gjo0n8gyoaT0wn8F70iV.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\1000546001\rdx1122.exe
"C:\Users\Admin\AppData\Local\Temp\1000546001\rdx1122.exe"
C:\Windows\SysWOW64\timeout.exe
timeout /t 5
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\1000548001\flesh.exe
"C:\Users\Admin\AppData\Local\Temp\1000548001\flesh.exe"
C:\Users\Admin\AppData\Local\Temp\1000545001\gold1234.exe
"C:\Users\Admin\AppData\Local\Temp\1000545001\gold1234.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7324.7.1104102710\2001526406" -childID 6 -isForBrowser -prefsHandle 5816 -prefMapHandle 5812 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2b1e897-7de1-44dc-b177-ba3c59c07af0} 7324 "\\.\pipe\gecko-crash-server-pipe.7324" 5804 1e69cb1e958 tab
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\main\main.bat" /S"
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\LgU0.CPl",
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\LgU0.CPl",
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7324.8.1769321740\50501293" -parentBuildID 20221007134813 -prefsHandle 3224 -prefMapHandle 3220 -prefsLen 26381 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce59f53c-cbe4-46f9-8a6e-ba3619736ff3} 7324 "\\.\pipe\gecko-crash-server-pipe.7324" 6036 1e68866ab58 rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7324.9.628260280\1722455709" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6188 -prefMapHandle 6184 -prefsLen 26381 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {590fdcf3-d72e-4ffc-9070-9e7fa3ff7e97} 7324 "\\.\pipe\gecko-crash-server-pipe.7324" 6196 1e6985b4858 utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7324.10.1652025974\464803885" -childID 7 -isForBrowser -prefsHandle 6344 -prefMapHandle 6336 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {26c99a4b-c21b-4c36-a20d-493188dc3de3} 7324 "\\.\pipe\gecko-crash-server-pipe.7324" 6352 1e698827d58 tab
C:\Windows\SysWOW64\taskkill.exe
"taskkill.exe" /im chrome.exe /f
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll, Main
C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe
"C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe"
C:\Windows\system32\mode.com
mode 65,10
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Users\Admin\AppData\Local\Temp\1000556001\latestrocki.exe
"C:\Users\Admin\AppData\Local\Temp\1000556001\latestrocki.exe"
C:\Users\Admin\AppData\Local\Temp\InstallSetup7.exe
"C:\Users\Admin\AppData\Local\Temp\InstallSetup7.exe"
C:\Users\Admin\AppData\Local\Temp\toolspub1.exe
"C:\Users\Admin\AppData\Local\Temp\toolspub1.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 3372 -ip 3372
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"
C:\Users\Admin\AppData\Local\Temp\rty25.exe
"C:\Users\Admin\AppData\Local\Temp\rty25.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 348
C:\Users\Admin\AppData\Local\Temp\1000560001\kskskfsf.exe
"C:\Users\Admin\AppData\Local\Temp\1000560001\kskskfsf.exe"
C:\Users\Admin\AppData\Local\Temp\FirstZ.exe
"C:\Users\Admin\AppData\Local\Temp\FirstZ.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 10068 -ip 10068
C:\Users\Admin\AppData\Local\Temp\FECD.exe
C:\Users\Admin\AppData\Local\Temp\FECD.exe
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e file.zip -p4632370330209207692137030328 -oextracted
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10068 -s 376
C:\Users\Admin\AppData\Local\Temp\FECD.exe
C:\Users\Admin\AppData\Local\Temp\FECD.exe
C:\Users\Admin\AppData\Local\Temp\1EB.exe
C:\Users\Admin\AppData\Local\Temp\1EB.exe
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 10068 -ip 10068
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop UsoSvc
C:\Users\Admin\AppData\Local\Temp\1000563001\pixellslsss.exe
"C:\Users\Admin\AppData\Local\Temp\1000563001\pixellslsss.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10068 -s 400
C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\95F.dll
C:\Users\Admin\AppData\Local\Temp\1000564001\num.exe
"C:\Users\Admin\AppData\Local\Temp\1000564001\num.exe"
C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\95F.dll
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /k cmd < Adjustments & exit
C:\Users\Admin\AppData\Local\Temp\E32.exe
C:\Users\Admin\AppData\Local\Temp\E32.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 10068 -ip 10068
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop WaaSMedicSvc
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10068 -s 440
C:\Users\Admin\AppData\Local\Temp\1000569001\leg221.exe
"C:\Users\Admin\AppData\Local\Temp\1000569001\leg221.exe"
C:\Users\Admin\AppData\Local\Temp\nsjC4D.tmp
C:\Users\Admin\AppData\Local\Temp\nsjC4D.tmp
C:\Users\Admin\AppData\Local\Temp\1000570001\leg221.exe
"C:\Users\Admin\AppData\Local\Temp\1000570001\leg221.exe"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop wuauserv
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 10068 -ip 10068
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10068 -s 680
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 9664 -ip 9664
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc7f79758,0x7ffdc7f79768,0x7ffdc7f79778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Users\Admin\AppData\Local\Temp\1000571001\Gzxzuhejdab.exe
"C:\Users\Admin\AppData\Local\Temp\1000571001\Gzxzuhejdab.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9664 -s 1016
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 10068 -ip 10068
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop bits
C:\Users\Admin\AppData\Local\Temp\1000552001\store.exe
"C:\Users\Admin\AppData\Local\Temp\1000552001\store.exe"
C:\Users\Admin\AppData\Local\Temp\297B.exe
C:\Users\Admin\AppData\Local\Temp\297B.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10068 -s 720
C:\Users\Admin\AppData\Local\Temp\1000572001\crypted.exe
"C:\Users\Admin\AppData\Local\Temp\1000572001\crypted.exe"
C:\Windows\SysWOW64\cmd.exe
cmd
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 10068 -ip 10068
C:\Users\Admin\Documents\GuardFox\FQRE4NwXxutprrPJS0zwfFuh.exe
C:\Users\Admin\Documents\GuardFox\FQRE4NwXxutprrPJS0zwfFuh.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe
C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe
C:\Users\Admin\AppData\Roaming\ggrwetf
C:\Users\Admin\AppData\Roaming\ggrwetf
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop dosvc
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10068 -s 720
C:\Windows\SysWOW64\chcp.com
chcp 1251
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 10068 -ip 10068
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1868 --field-trial-handle=2008,i,18266643290457813015,7758956839543145614,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 --field-trial-handle=2008,i,18266643290457813015,7758956839543145614,131072 /prefetch:2
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10068 -s 760
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe delete "WSNKISKT"
C:\Users\Admin\AppData\Local\Temp\4419.exe
C:\Users\Admin\AppData\Local\Temp\4419.exe
C:\Users\Admin\AppData\Local\Temp\1000573001\moto.exe
"C:\Users\Admin\AppData\Local\Temp\1000573001\moto.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 10068 -ip 10068
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10068 -s 720
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe delete "FLWCUERA"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe create "WSNKISKT" binpath= "C:\ProgramData\wikombernizc\reakuqnanrkn.exe" start= "auto"
C:\Users\Admin\AppData\Local\Temp\1000574001\stan.exe
"C:\Users\Admin\AppData\Local\Temp\1000574001\stan.exe"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe create "FLWCUERA" binpath= "C:\ProgramData\eyfisgalqlbk\iojmibhyhiws.exe" start= "auto"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe start "WSNKISKT"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop eventlog
C:\Users\Admin\AppData\Local\Temp\6185.exe
C:\Users\Admin\AppData\Local\Temp\6185.exe
C:\ProgramData\wikombernizc\reakuqnanrkn.exe
C:\ProgramData\wikombernizc\reakuqnanrkn.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Users\Admin\AppData\Local\Temp\is-G4GPR.tmp\6185.tmp
"C:\Users\Admin\AppData\Local\Temp\is-G4GPR.tmp\6185.tmp" /SL5="$60290,3460870,54272,C:\Users\Admin\AppData\Local\Temp\6185.exe"
C:\Users\Admin\AppData\Local\AAC Audio Converter\aacaudioconverter.exe
"C:\Users\Admin\AppData\Local\AAC Audio Converter\aacaudioconverter.exe" -i
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\system32\schtasks.exe" /Delete /F /TN "AACAC1241"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\1000573001\moto.exe"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe start "FLWCUERA"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop eventlog
C:\Users\Admin\AppData\Local\AAC Audio Converter\aacaudioconverter.exe
"C:\Users\Admin\AppData\Local\AAC Audio Converter\aacaudioconverter.exe" -s
C:\ProgramData\eyfisgalqlbk\iojmibhyhiws.exe
C:\ProgramData\eyfisgalqlbk\iojmibhyhiws.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
conhost.exe
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\Admin\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F
C:\Windows\system32\choice.exe
choice /C Y /N /D Y /T 3
C:\Users\Admin\AppData\Local\Temp\91BE.exe
C:\Users\Admin\AppData\Local\Temp\91BE.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 6008 -ip 6008
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| DE | 77.105.147.130:80 | 77.105.147.130 | tcp |
| US | 8.8.8.8:53 | api.myip.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 130.147.105.77.in-addr.arpa | udp |
| US | 172.67.75.163:443 | api.myip.com | tcp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | 163.75.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.186.117.34.in-addr.arpa | udp |
| FI | 109.107.182.40:80 | 109.107.182.40 | tcp |
| US | 8.8.8.8:53 | cczhk.com | udp |
| AT | 5.42.64.33:80 | 5.42.64.33 | tcp |
| US | 8.8.8.8:53 | joxy.ayazprak.com | udp |
| US | 8.8.8.8:53 | ji.alie3ksggg.com | udp |
| US | 8.8.8.8:53 | 294self-limited.sbs | udp |
| US | 8.8.8.8:53 | vk.com | udp |
| US | 8.8.8.8:53 | medfioytrkdkcodlskeej.net | udp |
| US | 104.21.10.36:80 | 294self-limited.sbs | tcp |
| RU | 91.215.85.209:80 | medfioytrkdkcodlskeej.net | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| US | 104.21.80.24:80 | joxy.ayazprak.com | tcp |
| US | 104.21.10.36:80 | 294self-limited.sbs | tcp |
| HK | 154.92.15.189:80 | ji.alie3ksggg.com | tcp |
| US | 104.21.10.36:80 | 294self-limited.sbs | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 91.215.85.209:80 | medfioytrkdkcodlskeej.net | tcp |
| US | 104.21.10.36:443 | 294self-limited.sbs | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 91.215.85.209:80 | medfioytrkdkcodlskeej.net | tcp |
| KR | 211.119.84.111:80 | cczhk.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| RU | 91.215.85.209:443 | medfioytrkdkcodlskeej.net | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| KR | 211.119.84.111:80 | cczhk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:80 | vk.com | tcp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| US | 8.8.8.8:53 | sun6-23.userapi.com | udp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| NL | 95.142.206.3:443 | sun6-23.userapi.com | tcp |
| NL | 95.142.206.3:443 | sun6-23.userapi.com | tcp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| US | 8.8.8.8:53 | sun6-21.userapi.com | udp |
| RU | 87.240.132.67:443 | vk.com | tcp |
| DE | 77.105.147.130:80 | 77.105.147.130 | tcp |
| HK | 154.92.15.189:443 | ji.alie3ksggg.com | tcp |
| US | 8.8.8.8:53 | 24.128.172.185.in-addr.arpa | udp |
| DE | 185.172.128.24:80 | tcp | |
| FR | 199.232.168.193:443 | tcp | |
| GB | 216.58.204.67:80 | tcp | |
| DE | 185.172.128.19:80 | 185.172.128.19 | tcp |
| HK | 154.92.15.189:443 | ji.alie3ksggg.com | tcp |
| RU | 193.233.132.62:50500 | tcp | |
| RU | 5.42.65.31:48396 | tcp | |
| DE | 185.172.128.79:80 | 185.172.128.79 | tcp |
| FI | 109.107.182.3:80 | tcp | |
| IE | 209.85.203.84:443 | tcp | |
| US | 157.240.229.35:443 | tcp | |
| US | 157.240.229.35:443 | tcp | |
| FI | 109.107.182.3:80 | tcp | |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.179.238:443 | udp | |
| GB | 142.250.179.238:443 | tcp | |
| IE | 209.85.203.84:443 | udp | |
| GB | 142.250.187.227:443 | udp | |
| GB | 163.70.147.23:443 | udp | |
| GB | 163.70.147.35:443 | udp | |
| DE | 20.113.35.45:38357 | tcp | |
| RU | 185.215.113.68:80 | 185.215.113.68 | tcp |
| DE | 141.95.211.148:46011 | tcp | |
| GB | 142.250.200.35:443 | tcp | |
| GB | 142.250.179.238:443 | tcp | |
| GB | 142.250.179.238:443 | tcp | |
| GB | 142.250.187.202:443 | tcp | |
| GB | 142.250.179.238:443 | tcp | |
| GB | 142.250.187.246:443 | i.ytimg.com | tcp |
| GB | 142.250.187.195:443 | tcp | |
| GB | 142.250.179.238:443 | udp | |
| GB | 142.250.200.35:443 | udp | |
| RU | 185.215.113.68:80 | 185.215.113.68 | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.187.202:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.187.202:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| GB | 142.250.187.202:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 31.177.67.172.in-addr.arpa | udp |
| RU | 193.233.132.62:50500 | tcp | |
| HK | 154.92.15.189:80 | ji.alie3ksggg.com | tcp |
| RU | 5.42.65.31:48396 | tcp | |
| DE | 185.172.128.19:80 | tcp | |
| US | 8.8.8.8:53 | selebration17io.io | udp |
| RU | 91.215.85.120:80 | selebration17io.io | tcp |
| HK | 154.92.15.189:80 | ji.alie3ksggg.com | tcp |
| US | 8.8.8.8:53 | 120.85.215.91.in-addr.arpa | udp |
| HK | 154.92.15.189:443 | ji.alie3ksggg.com | tcp |
| DE | 185.172.128.90:80 | 185.172.128.90 | tcp |
| AT | 5.42.64.33:80 | 5.42.64.33 | tcp |
| GB | 163.70.147.23:443 | tcp | |
| NL | 94.156.67.176:13781 | tcp | |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | consciouosoepewmausj.site | udp |
| US | 104.21.71.8:443 | consciouosoepewmausj.site | tcp |
| PL | 145.239.84.172:80 | tcp | |
| FR | 51.15.246.170:443 | tcp | |
| US | 8.8.8.8:53 | 8.71.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | braidfadefriendklypk.site | udp |
| US | 188.114.96.2:443 | braidfadefriendklypk.site | tcp |
| DE | 185.172.128.79:80 | 185.172.128.79 | tcp |
| US | 8.8.8.8:53 | 172.84.239.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.246.15.51.in-addr.arpa | udp |
| NL | 80.79.4.61:18236 | tcp | |
| US | 8.8.8.8:53 | racerecessionrestrai.site | udp |
| US | 188.114.96.2:443 | racerecessionrestrai.site | tcp |
| HK | 154.92.15.189:80 | ji.alie3ksggg.com | tcp |
| DE | 5.104.111.208:443 | tcp | |
| FI | 95.216.13.55:9030 | tcp | |
| HK | 154.92.15.189:80 | ji.alie3ksggg.com | tcp |
| NL | 80.79.4.61:18236 | tcp | |
| US | 8.8.8.8:53 | 61.4.79.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.111.104.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.13.216.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cooperatecliqueobstac.site | udp |
| US | 188.114.96.2:443 | cooperatecliqueobstac.site | tcp |
| US | 8.8.8.8:53 | vesselspeedcrosswakew.site | udp |
| US | 172.67.222.78:443 | vesselspeedcrosswakew.site | tcp |
| US | 8.8.8.8:53 | 78.222.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | carvewomanflavourwop.site | udp |
| US | 172.67.129.86:443 | carvewomanflavourwop.site | tcp |
| US | 8.8.8.8:53 | udp | |
| DE | 185.172.128.19:80 | tcp | |
| US | 8.8.8.8:53 | communicationinchoicer.site | udp |
| DE | 144.76.1.85:25894 | tcp | |
| US | 104.21.38.11:443 | communicationinchoicer.site | tcp |
| US | 8.8.8.8:53 | 85.1.76.144.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.38.21.104.in-addr.arpa | udp |
| DE | 5.104.111.208:443 | tcp | |
| US | 8.8.8.8:53 | retainfactorypunishjkw.site | udp |
| US | 188.114.96.2:443 | retainfactorypunishjkw.site | tcp |
| FI | 95.216.13.55:9030 | tcp | |
| US | 8.8.8.8:53 | brickabsorptiondullyi.site | udp |
| US | 104.21.93.182:443 | brickabsorptiondullyi.site | tcp |
| US | 172.67.177.31:443 | tcp | |
| US | 8.8.8.8:53 | copyrightspareddcitwew.site | udp |
| US | 8.8.8.8:53 | 182.93.21.104.in-addr.arpa | udp |
| US | 172.67.172.166:443 | copyrightspareddcitwew.site | tcp |
| US | 8.8.8.8:53 | tiny.ayazprak.com | udp |
| US | 172.67.173.86:80 | tiny.ayazprak.com | tcp |
| US | 8.8.8.8:53 | 166.172.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.173.67.172.in-addr.arpa | udp |
| DE | 138.201.125.92:15647 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| RU | 87.240.132.67:80 | tcp | |
| RU | 87.240.132.67:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| RU | 87.240.132.67:80 | tcp | |
| RU | 87.240.132.67:80 | tcp | |
| RU | 87.240.132.67:80 | tcp | |
| RU | 87.240.132.67:80 | tcp | |
| RU | 87.240.132.67:80 | tcp | |
| RU | 87.240.132.67:80 | tcp | |
| RU | 87.240.132.67:80 | tcp | |
| RU | 87.240.132.67:80 | tcp | |
| RU | 87.240.132.67:80 | tcp | |
| RU | 87.240.132.67:80 | tcp | |
| RU | 87.240.132.67:80 | tcp | |
| RU | 87.240.132.67:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| RU | 87.240.132.67:80 | tcp | |
| RU | 87.240.132.67:80 | tcp | |
| RU | 87.240.132.67:80 | tcp | |
| US | 52.137.106.217:443 | tcp | |
| RU | 87.240.132.67:80 | tcp | |
| RU | 87.240.132.67:80 | tcp | |
| RU | 87.240.132.67:80 | tcp | |
| RU | 87.240.132.67:80 | tcp | |
| RU | 87.240.132.67:80 | tcp | |
| RU | 87.240.132.67:80 | tcp | |
| RU | 87.240.132.67:80 | tcp | |
| RU | 87.240.132.67:80 | tcp | |
| RU | 87.240.132.67:80 | tcp | |
| RU | 87.240.132.67:80 | tcp | |
| RU | 87.240.132.67:80 | tcp | |
| RU | 87.240.132.67:80 | tcp | |
| RU | 87.240.132.67:80 | tcp | |
| RU | 87.240.132.67:80 | tcp | |
| RU | 87.240.132.67:80 | tcp | |
| RU | 87.240.132.67:443 | tcp | |
| RU | 87.240.132.67:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 52.137.106.217:443 | tcp | |
| US | 104.18.21.226:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 95.142.206.1:443 | tcp | |
| N/A | 95.142.206.1:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| RU | 87.240.132.67:443 | tcp | |
| RU | 87.240.132.67:443 | tcp | |
| RU | 87.240.132.67:443 | tcp | |
| RU | 87.240.132.67:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 87.240.190.76:443 | tcp | |
| RU | 87.240.132.67:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| RU | 87.240.132.67:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 95.142.206.0:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 95.142.206.2:443 | tcp | |
| N/A | 95.142.206.2:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| DE | 185.172.128.19:80 | 185.172.128.19 | tcp |
| US | 8.8.8.8:53 | willpoweragreebokkskiew.site | udp |
| US | 188.114.96.2:443 | willpoweragreebokkskiew.site | tcp |
| GB | 96.17.179.193:80 | tcp | |
| US | 188.114.96.2:443 | willpoweragreebokkskiew.site | tcp |
| NL | 94.156.67.176:13781 | tcp | |
| US | 104.21.35.143:443 | tcp | |
| US | 188.114.96.2:443 | willpoweragreebokkskiew.site | tcp |
| US | 188.114.96.2:443 | willpoweragreebokkskiew.site | tcp |
| US | 8.8.8.8:53 | connect.dstv.com | udp |
| US | 8.8.8.8:53 | cx.usiu.ac.ke | udp |
| US | 8.8.8.8:53 | cx.usiu.ac.ke | udp |
| US | 8.8.8.8:53 | connect.dstv.com | udp |
| US | 8.8.8.8:53 | login.coupang.com | udp |
| GB | 18.165.227.101:22 | connect.dstv.com | tcp |
| US | 8.8.8.8:53 | login.coupang.com | udp |
| US | 8.8.8.8:53 | accounts.kakao.com | udp |
| US | 8.8.8.8:53 | accounts.kakao.com | udp |
| KE | 41.204.183.17:22 | cx.usiu.ac.ke | tcp |
| US | 8.8.8.8:53 | uzdevumi.lv | udp |
| GB | 18.165.227.101:21 | connect.dstv.com | tcp |
| KE | 41.204.183.17:21 | cx.usiu.ac.ke | tcp |
| GB | 18.165.227.101:443 | connect.dstv.com | tcp |
| US | 8.8.8.8:53 | uzdevumi.lv | udp |
| US | 8.8.8.8:53 | clogin.nexon.com | udp |
| KE | 41.204.183.17:443 | cx.usiu.ac.ke | tcp |
| KR | 110.76.142.110:21 | accounts.kakao.com | tcp |
| GB | 2.22.68.13:22 | login.coupang.com | tcp |
| GB | 2.22.68.13:21 | login.coupang.com | tcp |
| US | 8.8.8.8:53 | clogin.nexon.com | udp |
| GB | 2.22.68.13:443 | login.coupang.com | tcp |
| KR | 110.76.142.110:22 | accounts.kakao.com | tcp |
| US | 188.114.96.2:443 | willpoweragreebokkskiew.site | tcp |
| GB | 13.224.245.9:22 | uzdevumi.lv | tcp |
| US | 8.8.8.8:53 | seoulrental.co.kr | udp |
| US | 8.8.8.8:53 | accounts.autodesk.com | udp |
| GB | 13.224.245.9:21 | uzdevumi.lv | tcp |
| GB | 2.22.68.13:143 | login.coupang.com | tcp |
| KR | 110.76.142.110:443 | accounts.kakao.com | tcp |
| US | 8.8.8.8:53 | 101.227.165.18.in-addr.arpa | udp |
| KE | 41.204.183.17:143 | cx.usiu.ac.ke | tcp |
| US | 8.8.8.8:53 | seoulrental.co.kr | udp |
| US | 8.8.8.8:53 | accounts.autodesk.com | udp |
| US | 8.8.8.8:53 | filmai.kinopavasaris.lt | udp |
| GB | 18.165.227.46:22 | connect.dstv.com | tcp |
| KR | 183.110.0.26:22 | clogin.nexon.com | tcp |
| US | 8.8.8.8:53 | accounts.kakao.com | udp |
| GB | 13.224.245.9:443 | uzdevumi.lv | tcp |
| US | 8.8.8.8:53 | aspmx.l.google.com | udp |
| GB | 2.22.68.13:80 | login.coupang.com | tcp |
| GB | 2.22.68.13:465 | login.coupang.com | tcp |
| GB | 18.165.227.101:80 | connect.dstv.com | tcp |
| KE | 41.204.183.17:465 | cx.usiu.ac.ke | tcp |
| GB | 18.165.227.101:143 | connect.dstv.com | tcp |
| KE | 41.204.183.17:80 | cx.usiu.ac.ke | tcp |
| KR | 183.110.0.26:21 | clogin.nexon.com | tcp |
| GB | 2.22.68.13:80 | login.coupang.com | tcp |
| US | 8.8.8.8:53 | 17.183.204.41.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.68.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | filmai.kinopavasaris.lt | udp |
| US | 8.8.8.8:53 | alpharacks.com | udp |
| GB | 2.22.68.13:995 | login.coupang.com | tcp |
| RU | 158.160.118.17:80 | tcp | |
| US | 188.114.97.2:443 | willpoweragreebokkskiew.site | tcp |
| US | 188.114.96.2:443 | willpoweragreebokkskiew.site | tcp |
| KE | 41.204.183.17:995 | cx.usiu.ac.ke | tcp |
| GB | 18.165.227.46:21 | connect.dstv.com | tcp |
| KR | 183.110.0.26:443 | clogin.nexon.com | tcp |
| GB | 18.165.227.101:465 | connect.dstv.com | tcp |
| GB | 18.165.227.101:80 | connect.dstv.com | tcp |
| US | 8.8.8.8:53 | alpharacks.com | udp |
| US | 8.8.8.8:53 | cloud.digitalocean.com | udp |
| US | 8.8.8.8:53 | 110.142.76.110.in-addr.arpa | udp |
| GB | 18.165.227.101:995 | connect.dstv.com | tcp |
| US | 8.8.8.8:53 | www.uzdevumi.lv | udp |
| GB | 108.156.39.88:22 | accounts.autodesk.com | tcp |
| GB | 2.22.68.13:80 | login.coupang.com | tcp |
| KR | 119.205.215.209:22 | seoulrental.co.kr | tcp |
| KR | 119.205.215.209:21 | seoulrental.co.kr | tcp |
| GB | 108.156.39.88:21 | accounts.autodesk.com | tcp |
| GB | 18.165.227.13:22 | connect.dstv.com | tcp |
| KR | 211.231.99.67:143 | accounts.kakao.com | tcp |
| GB | 13.224.245.27:22 | uzdevumi.lv | tcp |
| GB | 13.224.245.9:80 | uzdevumi.lv | tcp |
| IE | 74.125.193.26:143 | aspmx.l.google.com | tcp |
| IE | 74.125.193.26:465 | aspmx.l.google.com | tcp |
| US | 8.8.8.8:53 | 9.245.224.13.in-addr.arpa | udp |
| GB | 108.156.39.88:443 | accounts.autodesk.com | tcp |
| KR | 119.205.215.209:443 | seoulrental.co.kr | tcp |
| US | 8.8.8.8:53 | noping.com | udp |
| US | 8.8.8.8:53 | clogin.nexon.com | udp |
| GB | 18.165.227.13:21 | connect.dstv.com | tcp |
| US | 172.67.203.67:21 | filmai.kinopavasaris.lt | tcp |
| US | 172.67.203.67:22 | filmai.kinopavasaris.lt | tcp |
| US | 8.8.8.8:53 | mail.seoulrental.co.kr | udp |
| GB | 13.224.245.27:21 | uzdevumi.lv | tcp |
| KR | 211.231.99.67:465 | accounts.kakao.com | tcp |
| KR | 211.231.99.67:995 | accounts.kakao.com | tcp |
| KR | 211.231.99.67:80 | accounts.kakao.com | tcp |
| KR | 183.110.0.26:143 | clogin.nexon.com | tcp |
| US | 172.67.222.78:443 | vesselspeedcrosswakew.site | tcp |
| US | 8.8.8.8:53 | 26.0.110.183.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cibersity.umecit.edu.pa | udp |
| IE | 74.125.193.26:995 | aspmx.l.google.com | tcp |
| GB | 18.165.227.101:443 | connect.dstv.com | tcp |
| US | 8.8.8.8:53 | pool.hashvault.pro | udp |
| KR | 183.110.0.154:22 | clogin.nexon.com | tcp |
| GB | 18.165.227.46:143 | connect.dstv.com | tcp |
| KR | 183.110.0.154:21 | clogin.nexon.com | tcp |
| GB | 13.224.245.107:22 | uzdevumi.lv | tcp |
| US | 104.18.154.42:22 | cloud.digitalocean.com | tcp |
| US | 8.8.8.8:53 | noping.com | udp |
| US | 8.8.8.8:53 | cibersity.umecit.edu.pa | udp |
| US | 8.8.8.8:53 | fortnite.gg | udp |
| US | 13.107.246.64:443 | www.uzdevumi.lv | tcp |
| US | 172.67.203.67:443 | filmai.kinopavasaris.lt | tcp |
| KE | 41.204.183.17:80 | cx.usiu.ac.ke | tcp |
| GB | 2.22.68.13:80 | login.coupang.com | tcp |
| GB | 18.165.227.101:443 | connect.dstv.com | tcp |
| US | 104.18.154.42:21 | cloud.digitalocean.com | tcp |
| KR | 183.110.0.154:465 | clogin.nexon.com | tcp |
| KR | 183.110.0.154:80 | clogin.nexon.com | tcp |
| GB | 108.156.39.88:143 | accounts.autodesk.com | tcp |
| LT | 91.211.247.248:53 | dtylsta.info | udp |
| GB | 108.156.39.113:22 | accounts.autodesk.com | tcp |
| GB | 18.165.227.46:465 | connect.dstv.com | tcp |
| GB | 2.22.68.13:80 | login.coupang.com | tcp |
| GB | 13.224.245.107:21 | uzdevumi.lv | tcp |
| RU | 193.233.132.67:50505 | tcp | |
| GB | 108.156.39.88:80 | accounts.autodesk.com | tcp |
| GB | 108.156.39.88:465 | accounts.autodesk.com | tcp |
| KR | 183.110.0.154:995 | clogin.nexon.com | tcp |
| US | 172.67.203.67:143 | filmai.kinopavasaris.lt | tcp |
Files
memory/2020-0-0x00007FFDE8EB0000-0x00007FFDE8EB2000-memory.dmp
memory/2020-1-0x00007FF7630E0000-0x00007FF763DB3000-memory.dmp
memory/2020-2-0x00007FF7630E0000-0x00007FF763DB3000-memory.dmp
C:\Users\Admin\Documents\GuardFox\dB97ZTf5xW0sPbrc3gKOpjik.exe
| MD5 | 24a1591780f3e9a58fd528af00060966 |
| SHA1 | ddbc52e38ce74c3099b5a100544749f554b6eabc |
| SHA256 | 00045259534221b50277320345b255434c2b7aa1c85fa2899145074f0431e3f6 |
| SHA512 | c0703325d412e121569bef22b26cf4f1e30cea0ad62a60a160acfd8b9cf104cd4d48e889f92482c8989df0f229cb422f13744b574364be72d3debccdce8b5719 |
C:\Users\Admin\Documents\GuardFox\m5W8JZPrsOJy8OpyMuPjKKdQ.exe
| MD5 | bb9c26dbffa3d1d901388681ee718aec |
| SHA1 | 92532e3f905c1c4f6a8e06d02c943c7708b21ced |
| SHA256 | aafc488d43ff4ea9183e1bc15a58da79ae5aaddaed17ae2ca246859381d709f1 |
| SHA512 | b2e25c5706a2158c09a8e7275f85402e595cefefcdd149cf0389ac40a67043732de9f211b65649cf9adbadf99b1ef023c9148369e1ab95f373f0b84878aafd9e |
C:\Users\Admin\Documents\GuardFox\SW_MB3axMR1nzbfRPxcxP_cx.exe
| MD5 | 9cc904aad30054abf7bb4e0afc8943f2 |
| SHA1 | 3c059f2e045b5e2ace8b5139359bcbbef3f8c883 |
| SHA256 | 7ccffcb85bb50cbb8173d6b58b2ea6fdc54862a923a451d638822e2389e68ac7 |
| SHA512 | 3d1b3fe1890fb889da7a8f25204a974d7f29b2b62083c24a467b39121d3cf90c693bf1292d3c53cbfd4335299f1526909ab18edcf194695fff59683f569412ce |
C:\Users\Admin\Documents\GuardFox\us0OF5kRFjjCHL_Pdc4m6fsq.exe
| MD5 | 0b84d480dd13e96461340089800aba17 |
| SHA1 | cefc9fccd951c95001d433fdb4e47236dc9fead5 |
| SHA256 | 0c8698c7d126f240cb735b6549191251926bcd36de9d9474c834b2b555c5a846 |
| SHA512 | 36e1802bc4cfd4b32c32dbf2a7c2538e6fab64b6e58b03e6242b48a1df4a04a335f8ca9654b81eaf74c24ba85aed5209d1ad81bd2e4abb3080038940c4c2d7be |
C:\Users\Admin\Documents\GuardFox\wxH2JcIj8haDyTEooYqvLo4p.exe
| MD5 | 412596cbb1287571a5b9d6dbed3d2acf |
| SHA1 | beaccd62efc7a5edc4de1332e5b09c5db2a673e2 |
| SHA256 | 39114d72ca601c5822a9c3e55636e41fbb6149341d89245694b50d7f2743ae79 |
| SHA512 | 11398bcc3eb46b944a3910714abdccbbfb0a605ba054c72ebad53bf971b195b17a3a2edc31f5e6061f948d438f6519d0b17c923eafaafa70e62baef9e37fc525 |
C:\Users\Admin\Documents\GuardFox\00BCflRjBlvLGR_M7jw_UMMb.exe
| MD5 | 5c3199de004a5035317f03e45fdb118f |
| SHA1 | 1548781b0a5d86a09d0c94369a5901079d8ca334 |
| SHA256 | 56eac13a52e9e254dce9f9e8d8d660f866affd65315bead4ab2ac118624d3f25 |
| SHA512 | 01e28e649d248d6e1f026a410842658ee91e676ff000ab6dd71ee29c76f25fa67bf9dda14bcebd32b8270a1674added638cd7e0946c6acd8084363ea9918fc0f |
C:\Users\Admin\Documents\GuardFox\WdMfqOZIFj2GNZNeewRO76dx.exe
| MD5 | 109a4ed7e70db45ba72c36243cff2c16 |
| SHA1 | 42767e22334eb90658923b809b7a19a0deed51a8 |
| SHA256 | fe317371d842c790eee2fa725e5f151c8dd60229bfe7e75948e50f3e6a79e09a |
| SHA512 | e63a02df22bfa7e4898757ac88261dc4fe0e1d3b0877f555ab6726c361bbe1193bb5617f1594459bad24c0d83c9dc8a707164e4c15948b4b3215f4d556d88609 |
C:\Users\Admin\Documents\GuardFox\L3jMt5b7TnZ1FuEjJN7XXSoc.exe
| MD5 | 6b4f6b6f9f2ec191195514d75b8cf6ed |
| SHA1 | 1f5dcea7fe9cde9c96c80517cd781b3077f25a3f |
| SHA256 | 089894da1d960cbe6db1fee578c6b7a3d91a2d0c726078d5634930c0b4522ca8 |
| SHA512 | b925e42dc71d639abdee55061f38e4e8a22eb16341d71b7d8c3a2557b0cf6b0efe37317199f573119d02059138f0b0ca084ce825d3a7588dd9565c6153079999 |
C:\Users\Admin\Documents\GuardFox\XRa8WzCQ1_dVNAvzlHwg0HOx.exe
| MD5 | 932da201f02bd5a3380db701330ffc29 |
| SHA1 | 913ea7ae4c2074d592979339a2b146e5b1e52060 |
| SHA256 | 07e05663b7ff5b4813e0fd629eab5afbe698782504601692a47a000a557efa8f |
| SHA512 | 20cba19279007a3edd24ed515fb0ce116fc80bfc4f53f488a426124db66fdf6897aec16cd51e9d1d8374bb50ef070a269be8f48a8007d3df4d413fffc46888b5 |
C:\Users\Admin\Documents\GuardFox\mM1gK9oagKaOPZ6FsYOqnxvz.exe
| MD5 | 42d7e2a2930f5dbe38ee6943c9366a06 |
| SHA1 | 4bcfa40c2a790723eca87b03ab1c40a7d9a0bce8 |
| SHA256 | 038083d3822694f1f8bd227ad283d371efb1fdf9fa4aac0209831f31c779b656 |
| SHA512 | b6e4e241776cc4c288189af9f9010e05b99f93856480328ce1a64de96f1ca57f138c0d9e418775126a47bc84404d0fa8b9995c9fcef6952081811746519a7a07 |
C:\Users\Admin\Documents\GuardFox\L8QOEhc0yzF4YCsvrmbtoUJq.exe
| MD5 | 4eb83606a33de6e1e07c2638ed677845 |
| SHA1 | 464873e4d97ecdad057b4cf5e36235ce94444b85 |
| SHA256 | e26f65734d1350f563cb76a8821345e3b0313d3ad5c3b3c49447328669715f3d |
| SHA512 | 0be44df53031e2dfbf62a0a46ce2ac4df6e895f41057920a05639706b592040a8f1198b298758ac8845199f6b464c1b37213b40343d9a9d5d7e550530db01ca0 |
C:\Users\Admin\Documents\GuardFox\ux87w6G5ryaxJZ7hW1nIqyyv.exe
| MD5 | c314cf39ebcf5e087e80b688ece19ea5 |
| SHA1 | 979ecf83979f55db594b9f4bfef1aa1a4bbb676e |
| SHA256 | 5ae0d8ef669f81169b0489d755676c3002bca4e5b2d8de094b77e160e198783b |
| SHA512 | b02082aa5f6665de5e2b83643cb44ac3988c991ebda240287a27d0079ddb60a5b9940842cbe3292fa81989200fadfbeacdbe4a6192cfc29d95def0c3c2714251 |
C:\Users\Admin\Documents\GuardFox\D02OA3sYPHkXl2JImJ4GRedj.exe
| MD5 | 391c48765429b000cf019c36077afb05 |
| SHA1 | c3a8e22cfb524def089de0f6b7dfe2eecc4ea4b9 |
| SHA256 | dc43eb563a769a18c1665429bdc8b1d07826e141333f50a7a2ae769f034ae375 |
| SHA512 | 8ff4820c741bdc9c1e073fa145a4a9154cd35469cb5834f052b984d9a16cbc5dad329263205b061b5c0676fd4d277e24ded5061e7e5d8e194855826e2307aa3b |
C:\Users\Admin\Documents\GuardFox\25P6A0l8X3m7HaqHLD_aVQfS.exe
| MD5 | 458ac60a566de88dc92a457c3385962d |
| SHA1 | 54433ab7e3562433fb911547bbe62f8494aa97b4 |
| SHA256 | 367686a0ba11913b6b8f7f49c9c3e308dfbe73f4d88ac4563470a9869a4e6c56 |
| SHA512 | 85504c0696dc2d062f38a5a0df3b4a282628a291136ea370854e9780152ba59853061360a530c75e9d814eaf15a7bc7c95620d94c6075bbfd89cbc6d91007008 |
C:\Users\Admin\Documents\GuardFox\MqgEKze8_FBCUvVdaibGMwDq.exe
| MD5 | fb417504c0e6d39e903a04f5c141c38d |
| SHA1 | bb29cc84d2357f790b61aa4262cfa2cfdfdda9a7 |
| SHA256 | 76874ee872599633ed416e83fbe7e7cd3bc9636f8d3f85c926f99d19c2b7ee62 |
| SHA512 | d4f7ce39d887c4a09a3eb3bf0d7b2428d8f36dd624f68b743943cf4d56b45863617143da7520d8b83e982b6d8ed15cb0042dbc04d1fd1d7a2f6dfed73b156a21 |
C:\Users\Admin\Documents\GuardFox\bfsRWO_r1Q4cpN4Z5XW65UAC.exe
| MD5 | 4cc81238fef610b16dc52ac752b3d8a3 |
| SHA1 | cc855fd6d6abac0abaecd94ed264a531e4e12413 |
| SHA256 | 04e03c3dbd9c78dd6271343b33ae890feec7109fa3f3e35a42e92b94d1e4e46e |
| SHA512 | 786f842af85daf762d2febc5847341b053f2f6735546221ce8df56f2240b5f4ab8cb863d3accd6ae257c2aa85f70b90776ed3ec58bc0eba70f96ab9b34585d70 |
C:\Users\Admin\Documents\GuardFox\n0HpP0iKzD4Lj3OCgKc5tQwA.exe
| MD5 | 6506695dfa969cc007027dd4f93236a1 |
| SHA1 | 92592086fc76223b1c7aceac39e8d813a76f229e |
| SHA256 | 1378f45802c5092b835751f5d166ebc84a88970fdf7374251137cf3cacdf9bfe |
| SHA512 | d4c5c21e18ff2b2c1d4e9512b28cdf5d74adf1c944025946ab53c68a7674c80045868f06ae370042ca3d42caccb518f3d9964212b9336cba48c0f2695398bde6 |
C:\Users\Admin\Documents\GuardFox\XaFBGKDk9KcFdKp9DwcwqG_W.exe
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\Documents\GuardFox\3_OhiSAmwwThCvnW5Rd_YQ0F.exe
| MD5 | 33de6db0b60f94a16d58070e1bce271d |
| SHA1 | d16583c656894ddc8b9bbfced6ab0438da14b09a |
| SHA256 | 096b8839c26850e7ec89f668502862252514e4a19474615f7ed61d8176e520cc |
| SHA512 | 1db14b886bacd4261b4161df74e54fab066d91c01947ae80c0fd10d887a84465fed542738ae93142de351b81265c45a8c9c01ddcc7768dbbd5a5468647024ec7 |
C:\Users\Admin\Documents\GuardFox\mM1gK9oagKaOPZ6FsYOqnxvz.exe
| MD5 | 7773e866b1fc213ec8c923af22f15216 |
| SHA1 | f64980d2f41c62f5477a8cde438d0a5d0d53e727 |
| SHA256 | 3238b7c05658aed3929f3ac7a280bc0e64005014e79430cb8eccb276bf4ffc31 |
| SHA512 | 3c4c045f380725aeea5b634bc382580ee89af747de61d09073642e3b58ea95678dac9f63f47ada1551d47075e284633e2dc967b083c8007c6fc697073412743a |
C:\Users\Admin\Documents\GuardFox\dB97ZTf5xW0sPbrc3gKOpjik.exe
| MD5 | 50e2bca3931a67f5bc9ee2b296a91ae1 |
| SHA1 | 5850117d607803e97718cabb2b076b6531cc8b06 |
| SHA256 | fd603baf13938b504bbbe4e02c91e231f8feea75f36c248f8c6791aa22f0b24c |
| SHA512 | bf0a234b4ac43fc790dce6013d5c9dfcaaa10a749bb613b8084dd1a70505e266fd084da0c30544eec5344e056e029372f09572d17b4510da26949ecdbbfe34c6 |
C:\Users\Admin\Documents\GuardFox\00BCflRjBlvLGR_M7jw_UMMb.exe
| MD5 | d995cd525145ff93b770a0949db03442 |
| SHA1 | 8418b50f496a26bf8c021d3338736604e8b6b6d6 |
| SHA256 | 413f8fd8dfa6a41202fab3aa53f6b0330bed52f49830f61845dfedb79d3047aa |
| SHA512 | 3b5ac8173b96af5bf8cd60b0e93611a66f499c6c9278bf025d0a5bf12096579fe0f07d47b20ac7b13afd8a07be14debae6e582f963320eee1502f1f1c3a58e6e |
C:\Users\Admin\Documents\GuardFox\00BCflRjBlvLGR_M7jw_UMMb.exe
| MD5 | 4c1ecd2cb4315c62a4ec5960abb2e5c2 |
| SHA1 | 47999b975e9d561ffbe0afbf32eb695cef9e8044 |
| SHA256 | f074eb22449cc476a67e2a432a037dea09de87ab14ffa230c859ad85acf61c2b |
| SHA512 | e5658c5da0cce0482993142301822ba3e1fef43009fb7e19f4b086ace27032cd3c90a696ca623155dbfc82c2f6ff75b6c2c893ffe2f97620dc4cf3e4bfea3c71 |
C:\Users\Admin\Documents\GuardFox\m5W8JZPrsOJy8OpyMuPjKKdQ.exe
| MD5 | c8457dbba1f204c7aa7d94b35aa87893 |
| SHA1 | 7cb06f4123bfe6a80014754552a387c45dae8844 |
| SHA256 | 19640e29d7b27ab1f9600401b56133f49814dd1fc6d07014bcf2561cec6e0890 |
| SHA512 | 3ef0120ecdf0e597444942a96a57b1031b1b2cc366af33289db90b5004fe6a1d223d23ec03c7ad787f71d67580d4a160c4595a3413c320457764844441234273 |
C:\Users\Admin\Documents\GuardFox\wxH2JcIj8haDyTEooYqvLo4p.exe
| MD5 | f65050cf8cab8bda69fb452e70e4e713 |
| SHA1 | 32b44072985f56f917fe5a634463754f74093bf8 |
| SHA256 | 47a6c666da7ebd3cb6e22de982f1e52f7373f6b58271ae32bdefc83354e3bfeb |
| SHA512 | 923cd28017cac90d539d34cd7a8e1d74b9b4f44ceaee02dae2f5dcd36028b5d473625b34bc5e4820a27a3afb9cd03765dbd49a7cd4f1dac4b0609e1f0be14435 |
C:\Users\Admin\Documents\GuardFox\D02OA3sYPHkXl2JImJ4GRedj.exe
| MD5 | aa3168923d538964494d618905eceb18 |
| SHA1 | 52b5e040b23cfd3e6a0d55a4992e1da259e79f33 |
| SHA256 | 0f41f7df4a19106e917021f6570a13e43049d4a60e410d882114b5aab019a494 |
| SHA512 | eed0abd4b1d988bca910aa27b571dee77d6d29f711fe5577e2d5456361732d56791b18e20bc8b8c3962582bd101f2b85e2e0bfdda948a5f5d672d85972861ac2 |
C:\Users\Admin\Documents\GuardFox\3_OhiSAmwwThCvnW5Rd_YQ0F.exe
| MD5 | 9e8e4304a33a42f4ea32f4bf3b90ec2e |
| SHA1 | e7c28b8bfb6b1152ce7b7a58cb5b5e374568bf40 |
| SHA256 | 7a22324fdea5b5f7ccd12c061f691bd6f01a95d195e6fa78477e8d1e7eefa3c2 |
| SHA512 | 043a38c41fc29aa73c8acd8988db5e468beeae0599672c7879ea1d3289677514a4eb6ecf4a77ab86a00be1a58f0129c91698562bb2b1eee6d6fe1e61b1f744a7 |
memory/2020-698-0x00007FF7630E0000-0x00007FF763DB3000-memory.dmp
memory/5124-700-0x0000000002B60000-0x0000000002B6B000-memory.dmp
C:\Users\Admin\Documents\GuardFox\SW_MB3axMR1nzbfRPxcxP_cx.exe
| MD5 | 320095239d68a77d2dbe8b96f75c1803 |
| SHA1 | d66f46976874c6aaf3c05c32ba1afecb67f21407 |
| SHA256 | a049b87742cc3e515cd579f3f4d49c0a60ccde31853e1bf653e73afb33017602 |
| SHA512 | 3c66296c738fec64f12f9565f20fc9b593ebcb36514665431f25a10f7af567b8f179654b544e5903ff8f1e0ef4fe0dacfd49735000bc790f3fe9789d5257a77d |
C:\Users\Admin\Documents\GuardFox\WdMfqOZIFj2GNZNeewRO76dx.exe
| MD5 | 9471ea6d5cc57f3db32596ad50d9d145 |
| SHA1 | d4c58906a7715ab90398b71d8e0bb5c200b7842a |
| SHA256 | 9bfff4de54f49ce7cc2daf51881d18df909ed8f177a91ade2ebc4b9a517b00c8 |
| SHA512 | 836aebef074ffff2d07fdddccacdb04dfadf3d7ea0a993e8b6fc202c689b50f66b8f096a1704f450706ebcc3a3cb696a2733f02f7a1cee4821f3c33b73f05573 |
memory/5152-697-0x0000000000400000-0x0000000000424000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-0K59B.tmp\m5W8JZPrsOJy8OpyMuPjKKdQ.tmp
| MD5 | 22e1a55799010afb6fc00a3343053467 |
| SHA1 | 65e58711f09ad262992b0389fe3a102b8692b3f6 |
| SHA256 | ca8ebb828460b47825e21e1776152cc1bc09e2927d8122d3acb02fac2dfbe372 |
| SHA512 | 2b4342735cd972a873b09949470a8e1c7b7e07223c165cae7a19e394bdb20988a205bfa7fbeeca3e732da7b00669adc9641bceb60ba623fdb294166dc611edea |
C:\Users\Admin\AppData\Local\Temp\is-93TRH.tmp\_isetup\_iscrypt.dll
| MD5 | a69559718ab506675e907fe49deb71e9 |
| SHA1 | bc8f404ffdb1960b50c12ff9413c893b56f2e36f |
| SHA256 | 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc |
| SHA512 | e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63 |
C:\Users\Admin\AppData\Local\Temp\is-0K59B.tmp\m5W8JZPrsOJy8OpyMuPjKKdQ.tmp
| MD5 | 61ceba2869e1ad8963e5432107cfdfbe |
| SHA1 | e53b08f7fa4f38feaeac54b1223a064961cb3a94 |
| SHA256 | 96b9b98beb899a4c12a857d47b950b02a37920a69ce6e832dbe7828cb0375195 |
| SHA512 | 509639648f24bd1380888ec537fedffece3709d2b59d62a0adaf329ef8a26b503c99385331d9edde88c35ee614cd2606b9142bbe4e59ab5ca08e05ef057d9661 |
C:\Users\Admin\Documents\GuardFox\SW_MB3axMR1nzbfRPxcxP_cx.exe
| MD5 | f137120a053ab30040b23ae2f43a5de9 |
| SHA1 | 02afbbad88dac18e60bda76779febb39bdccf8e3 |
| SHA256 | e549547605c3e25df1d311c1061d6ce1b3731b5a21c85259db0eaeaaf191f0e3 |
| SHA512 | 35d6b426dbeefe77010af70354aab44a2305dc298fa6481de3f3c9dcdf41eece9f02ad1c486ad782dd853b536e2a9de3970006d3e864e81fff460c5e4ed27f7f |
memory/5144-569-0x00007FF7089E0000-0x00007FF708A36000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\lgU0.cpl
| MD5 | 16451a3b73bac7fbcd96563eabad3040 |
| SHA1 | 7b433d58626da917fef426df218b15d1501cce49 |
| SHA256 | 2e6dd793bf863d063343bbab754070b72eda036be268b447793ee4dc5d14bab0 |
| SHA512 | f1f9bb57447dddbd3a164f76dbd93f0a9a2ffbd6f8f61dae8376173bd28ed021fc7eb54ef9e6676621188b5fc135f9561fc7eec7c72f2c8a2ab33e01b834a53b |
C:\Users\Admin\Documents\GuardFox\ux87w6G5ryaxJZ7hW1nIqyyv.exe
| MD5 | 3ed9c86019ae5e814d200f2e16ee5c88 |
| SHA1 | 1af037c879f8fcef1677df25462531c3540de715 |
| SHA256 | 66fcfdb611d3f4f31a9e5491e67f9f5e3e90c9b5d2cdabd765d9d378bc0c6349 |
| SHA512 | 170e12ca013d463be6c64cacc583fb2b432dfe353f2e4ef36f9c1db39bed3ee70da93fa180a19ecc1e3a28e1330338817aa12bcc863dc33ba46a1eb00b4a0100 |
C:\Users\Admin\Documents\GuardFox\L8QOEhc0yzF4YCsvrmbtoUJq.exe
| MD5 | 15ad1bf57fa0e2193ffeab9d3c09808d |
| SHA1 | 7db5c00e990d7cad190d6432bef3f8f3160a7997 |
| SHA256 | 0ca7c06c19a3eb463458af06d56dc635de1a612b980b59cf14de8e881b96357c |
| SHA512 | 4875573354fdf3a3aa58df8f6fa84cf40290d981eca8eb9d0ebd65853afef1d64f629232bdd0005435419f78498bf5a2de47ab6b2b4fdaf2fc87d502dce448f9 |
C:\Users\Admin\Documents\GuardFox\D02OA3sYPHkXl2JImJ4GRedj.exe
| MD5 | a31d19130093000de2e6221188743258 |
| SHA1 | c0024ecb46b3c5f736b6354dff901e36261f43b5 |
| SHA256 | f8e0dc08e5773e7414b2ef4d8bb7a4a20ee993f831e66bb64ae63de080718af0 |
| SHA512 | a5b2deae2e053d9ceed7c5c333e91398060d134e34027368c4dd1ffc801a7119d321a6e1a444d90bf64a803eb8c8bcc99763600bbf80014fb8d52a7331f3bb30 |
C:\Users\Admin\Documents\GuardFox\D02OA3sYPHkXl2JImJ4GRedj.exe
| MD5 | 312f0a4b3f21607cf4b6ea7a061302b3 |
| SHA1 | 77954b5b34c137dcb456821e2f6122e771343bce |
| SHA256 | fde8d9fd4c294bd3e83665db3d943052593acdfa6e73b1d08fe42f9fa941d8ce |
| SHA512 | a1ffca6cdccfa8d1dde50cf1cb03ea03b556f2646be844ecd3317de4038ad005b677b081398b00498d3c9b12f8b3cd1e5e2348fdcd3c0a4845cf92647ac779b2 |
C:\Users\Admin\Documents\GuardFox\XaFBGKDk9KcFdKp9DwcwqG_W.exe
| MD5 | 7b0e302b0d84fb77766a4230525cbfdc |
| SHA1 | ceca09475247bcfbf59ee9298208d8aa1e988370 |
| SHA256 | cc5ac34410e81e048a58d8b293816d5144a5137b4e7011111780746f664bb643 |
| SHA512 | 3752d5d0539de2c96b7915fc22411d2c5c7dd320f6af30f64500a4056f74072020bc6be32157c3fca9616f02c78c3c7d0d609f0fe8cc378658bd5d0fa7e50600 |
C:\Users\Admin\Documents\GuardFox\XaFBGKDk9KcFdKp9DwcwqG_W.exe
| MD5 | de1125a1262117b1f7fdcf352dfbba5a |
| SHA1 | 6de693fcacc3b37966bfbb4622f4f22ec84341eb |
| SHA256 | 544c6456a50bbf92a08048ebed48ee6a68b83b00532704ab7502bc561fe67e67 |
| SHA512 | 3566b7d3b0ef694c09e1807a72bb097138ee42b2eb4b143d4377ea6816445ec0bfa8b6addd871aba26f2672c66a531f9b1f8d3620e9cc7172f226bb5e5a9853d |
memory/5628-941-0x00007FF6A1030000-0x00007FF6A1311000-memory.dmp
memory/5904-950-0x0000000000970000-0x00000000009C8000-memory.dmp
memory/4892-952-0x0000000005270000-0x00000000054C0000-memory.dmp
C:\Users\Admin\AppData\Local\UUID Code Generator\uuidcodegenerator.exe
| MD5 | cf612bd9955b2bddc2057e742771e055 |
| SHA1 | fc46a17eaabf6b854be866d6dd48132317ce7488 |
| SHA256 | de375ee8da00cdb5f3663a996f4e9f0a5898e53c9c5c0eba6b42724af0f312c1 |
| SHA512 | d243fb64f10892fe4941cf2d7130a71855d9620652eefd4b79c15030f75e65da460b872586290963dce84093cf152d7e31e22bee7cdbf30850293e9368b2809d |
memory/4892-957-0x00000000054C0000-0x0000000005A64000-memory.dmp
memory/5904-966-0x0000000005260000-0x0000000005272000-memory.dmp
memory/5960-974-0x0000000000400000-0x0000000000760000-memory.dmp
memory/5584-979-0x0000000000D80000-0x0000000000D81000-memory.dmp
memory/5584-987-0x0000000000400000-0x0000000000D40000-memory.dmp
memory/1296-992-0x0000000002B60000-0x0000000002B6B000-memory.dmp
C:\Users\Admin\AppData\Local\UUID Code Generator\uuidcodegenerator.exe
| MD5 | 609774f21193686d6a4c43a5c5d546b6 |
| SHA1 | f8f67e7c019502bb1f7fc76f263b8d8662cdd639 |
| SHA256 | d996f77a7aec8fa5d6dace77ce5c2c287034bc28bab7bd27273fa9916754d4f1 |
| SHA512 | 5ee1dda3d9bfdc78486ef30c1ff605f71f392327512276a773d83a218ca67e65cf2498e3e82bc5a0632fc0b2742c60281c786212ed38ac25b762f7237be385c6 |
memory/5672-990-0x0000000005280000-0x00000000052E7000-memory.dmp
C:\Windows\System32\GroupPolicy\gpt.ini
| MD5 | 7cc972a3480ca0a4792dc3379a763572 |
| SHA1 | f72eb4124d24f06678052706c542340422307317 |
| SHA256 | 02ad5d151250848f2cc4b650a351505aa58ac13c50da207cc06295c123ddf5e5 |
| SHA512 | ff5f320356e59eaf8f2b7c5a2668541252221be2d9701006fcc64ce802e66eeaf6ecf316d925258eb12ee5b8b7df4f8da075e9524badc0024b55fae639d075b7 |
memory/3372-1011-0x0000000000B10000-0x00000000012E6000-memory.dmp
memory/1296-1019-0x0000000000400000-0x0000000002B13000-memory.dmp
memory/3372-1024-0x0000000000B10000-0x00000000012E6000-memory.dmp
memory/3372-1023-0x0000000005D10000-0x0000000005DA2000-memory.dmp
memory/5124-1021-0x0000000000400000-0x0000000002B13000-memory.dmp
memory/5124-1038-0x0000000002B82000-0x0000000002B97000-memory.dmp
memory/5672-1036-0x0000000005280000-0x00000000052E7000-memory.dmp
memory/4416-1043-0x0000000000400000-0x0000000000830000-memory.dmp
memory/5672-1050-0x00000000028D0000-0x00000000028E0000-memory.dmp
memory/5672-1057-0x0000000005280000-0x00000000052E7000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\lgU0.cpl
| MD5 | 57dd1c2ae6a4dce71b251d7ae39d527e |
| SHA1 | 40158b7c32392e0865b2b524f8bd5ead2518b383 |
| SHA256 | 26424a48e05dbca3106f46264a21e1ec4fe165114dd48b52a6a1a3620b724740 |
| SHA512 | 4c958b0608c05c5c2cb13391044a405996b3028c5584aeb3f50aaa61e48045ba74dc00518b3a189225120b6c210e06539cc7ffbdb0cb597ca076aa933e0d14ef |
memory/5672-1064-0x0000000005280000-0x00000000052E7000-memory.dmp
memory/4416-1068-0x0000000000400000-0x0000000000830000-memory.dmp
memory/5904-1073-0x0000000002CE0000-0x0000000002CF0000-memory.dmp
memory/336-1078-0x0000000140000000-0x0000000140876000-memory.dmp
C:\Users\Admin\Documents\GuardFox\bfsRWO_r1Q4cpN4Z5XW65UAC.exe
| MD5 | 04b01c14c0bfd48852df60332347fcc4 |
| SHA1 | 07bc36a90bd7aa460a90108e7b3c0da3a34e0b58 |
| SHA256 | 14858c46136524b4cc572557e483578c920189ebbe73b012f1b59813f71fc9df |
| SHA512 | c57ca7e34e1b4a5c577cc5de7ce9120db8808fd32f4d07a9d15fc2b16cf7f4effc1d075406b411fd6c2d57317d6571b9be828e1df921431c64420beed0feef2e |
memory/336-1084-0x0000000140000000-0x0000000140876000-memory.dmp
memory/5672-1074-0x0000000005280000-0x00000000052E7000-memory.dmp
memory/5672-1088-0x0000000072150000-0x0000000072900000-memory.dmp
memory/3372-1065-0x0000000077620000-0x0000000077710000-memory.dmp
memory/5904-1062-0x0000000072150000-0x0000000072900000-memory.dmp
memory/5456-1063-0x0000000010000000-0x000000001028B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\LgU0.CPl
| MD5 | d4440d9a68d70dffb3bbde80d884b318 |
| SHA1 | 8d98ef5c4e706699126e470b3b92c27d4e0e834b |
| SHA256 | d898dcea49a4f265781115b890c8fa5ff40cfd4cb86c5293d131fba3f44dac0a |
| SHA512 | 6e837428048e31f25319ffc1b4f2e4c85c058f219d12a0a2525f3b5ec81dd2e3eed34a88a947365393322644ea1f663596d2b62e33bb6ab1edbebb631e69db6f |
memory/5904-1112-0x0000000006120000-0x0000000006196000-memory.dmp
memory/5728-1055-0x0000000000400000-0x0000000000537000-memory.dmp
memory/4892-1054-0x0000000072150000-0x0000000072900000-memory.dmp
memory/5672-1125-0x00000000028D0000-0x00000000028E0000-memory.dmp
memory/5672-1129-0x00000000028D0000-0x00000000028E0000-memory.dmp
memory/5904-1130-0x0000000006460000-0x000000000647E000-memory.dmp
memory/4552-1151-0x0000000000400000-0x0000000000760000-memory.dmp
memory/5316-1156-0x0000000000B10000-0x0000000001457000-memory.dmp
memory/5180-1157-0x0000000000DD0000-0x00000000012B3000-memory.dmp
C:\Windows\System32\GroupPolicy\GPT.INI
| MD5 | 93b3886bce89b59632cb37c0590af8a6 |
| SHA1 | 04d3201fe6f36dc29947c0ca13cd3d8d2d6f5137 |
| SHA256 | 851dd2bb0f555afaef368f1f761154da17360aeea4c01b72e43bf83264762c9f |
| SHA512 | fc7baef346b827c3a1338819baa01af63d2d4c31f3f7e17b6f6b72adab70de81872a67e8f3c1a28453abb595dbac01819a9bcff0710e9651a45deaf2f89e65fb |
memory/460-1167-0x0000000000620000-0x0000000000621000-memory.dmp
memory/3372-1168-0x0000000077620000-0x0000000077710000-memory.dmp
C:\Users\Admin\Documents\GuardFox\I83iBmq9EgyXyJ9zYjKJQxp_.exe
| MD5 | 8d7af3b5204b805ad9dbf3df3ceaa8f6 |
| SHA1 | ddd116ff4874114d578e345e3781edf3990d38c0 |
| SHA256 | fdb2b210edae72c2f1c0e6c7b1c198928b2c431c30e0f7d7f5c3c763782b356a |
| SHA512 | f9a9559b3bd138a978db27eb36ab0361fa55974532debba323e31353ee8d64e24edc1b18fb865c86cd9efb969aae6cbc79618eb4203efbbda2ce0d07f3f0c9c3 |
memory/5904-1190-0x0000000008C40000-0x000000000916C000-memory.dmp
memory/4416-1195-0x0000000000400000-0x0000000000830000-memory.dmp
memory/5456-1200-0x0000000000820000-0x0000000000826000-memory.dmp
C:\Users\Admin\Documents\GuardFox\FQRE4NwXxutprrPJS0zwfFuh.exe
| MD5 | 0099a99f5ffb3c3ae78af0084136fab3 |
| SHA1 | 0205a065728a9ec1133e8a372b1e3864df776e8c |
| SHA256 | 919ae827ff59fcbe3dbaea9e62855a4d27690818189f696cfb5916a88c823226 |
| SHA512 | 5ac4f3265c7dd7d172284fb28c94f8fc6428c27853e70989f4ec4208f9897be91720e8eee1906d8e843ab05798f3279a12492a32e8a118f5621ac5e1be2031b6 |
C:\Users\Admin\Documents\GuardFox\FQRE4NwXxutprrPJS0zwfFuh.exe
| MD5 | 773f0fe5c9f89d9914c61721885cc9b3 |
| SHA1 | 2bfc6a9e8995c99da68a98718b2ddde9aa262048 |
| SHA256 | 460f361e5c82bf12d1042ac08cc941d4e24967df53fef2d43980abf3e00823dc |
| SHA512 | 2046f77438c05c39edc1e7634bac3f1842b62a3291043b182979aba0244dad6df9695da1ea6d6d6bb3760e37c04b00da0a79ebc898f7b8446ba4698e208ca517 |
memory/3372-1189-0x00000000779B4000-0x00000000779B6000-memory.dmp
memory/5904-1180-0x0000000008540000-0x0000000008702000-memory.dmp
memory/3372-1178-0x0000000077620000-0x0000000077710000-memory.dmp
memory/5904-1169-0x00000000067C0000-0x0000000006810000-memory.dmp
C:\Windows\System32\GroupPolicy\Machine\Registry.pol
| MD5 | cdfd60e717a44c2349b553e011958b85 |
| SHA1 | 431136102a6fb52a00e416964d4c27089155f73b |
| SHA256 | 0ee08da4da3e4133e1809099fc646468e7156644c9a772f704b80e338015211f |
| SHA512 | dfea0d0b3779059e64088ea9a13cd6b076d76c64db99fa82e6612386cae5cda94a790318207470045ef51f0a410b400726ba28cb6ecb6972f081c532e558d6a8 |
memory/5584-1148-0x0000000000D90000-0x0000000000D91000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A65DBECD82A40019E873CE4ED0A79570
| MD5 | 17027fd5d7e7638d9c68ca247acd9586 |
| SHA1 | 606074c4c2657becdf928f5e78740132b6bb7ce1 |
| SHA256 | ad21470a6f93a2e2eb61be69a3587493875164bbff3d7df2c306a23b05642aa9 |
| SHA512 | 81ba26bdf46e6a6d40fb2572cbc1f6567b2ab222ea7d87a9c2346f0fd252ae4d6a9d6c48cc4bb5d5f312d82a9ac4716ecbc55ac46352d6e48fd98a19804cfa48 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A65DBECD82A40019E873CE4ED0A79570
| MD5 | 99f9b347a9bf77601830a5ea1253a7fd |
| SHA1 | a4651d0522190cfac82c949f5f57e335e0a15081 |
| SHA256 | 85bdc8ce75fa0ab0b114dcb676762e103def02d460564621479b7f1065a834df |
| SHA512 | edcd4059f04eeffbf82361926829b90e0b1d780f40566d2f7c685cbc9c7267d25b207d4e87945635f24951b4f393b7df732f3607e74adc915a2d6996ec438ca7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C
| MD5 | a292e0b3f462499a2ccc00990eb95034 |
| SHA1 | fbcf04749a1bc044a0d53ad75479d3708c188c99 |
| SHA256 | faf286efe43fdc8889d70e9a71591b8ccd070f1e2f9894ac8381952ef85a439b |
| SHA512 | 1912971039fe63f10401895c29b92068897ffae2e1fe7f26cdb6fec79d938962888dccdbc3bb98d8506fb84e71b2fef1c7f74403595c51012ff1b2fcefdda130 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C
| MD5 | 9f67ec0ca6f1b4593529b2b6e7bfc231 |
| SHA1 | dc513d6ab75e9e39a06ef87e22c9c24e2d338746 |
| SHA256 | c83163286c57e14690edd4ed5c5a0a4e5c7ce0c2dd4c75043362694f56b5e7eb |
| SHA512 | de30c0adfa0d5ed76d22c3c4b713794511409f4d0f5903e80d15e811b57782169dc65ae5e8b3df05c6acdda0e163d0fd9a2dd34a70ceb56311a346cb8632b879 |
memory/5584-1141-0x0000000000400000-0x0000000000D40000-memory.dmp
C:\Users\Admin\Documents\GuardFox\FQRE4NwXxutprrPJS0zwfFuh.exe
| MD5 | ae0c1f9af3fc218b2fb3da72f13a5da7 |
| SHA1 | e5d870506df3f6d9a4e0da4f01434a25cdff4674 |
| SHA256 | af2b87c2a98132e48c17a03304a8531d73a288f7c2aae4380ef9b2b3ba1933ea |
| SHA512 | 16631b66dc7828b9f55469edcb9d509a71be702cf1621872449bb53c83f9b353d05d3bc50a445cfc5e5dea4f367b3516fb54ffb419592b262912c34b7cfe7456 |
memory/3372-1042-0x0000000077620000-0x0000000077710000-memory.dmp
memory/5672-1044-0x0000000005280000-0x00000000052E7000-memory.dmp
memory/3372-1037-0x0000000077620000-0x0000000077710000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\msvcp_win\UniversalInstaller.exe
| MD5 | 9942d2c8845d5c8c8236d2d5f2dc98c1 |
| SHA1 | c077b4446fcbbb89a6cd2cb4567a8bbbba80b06c |
| SHA256 | 18da065c42b694368c7dbe5d7414c7bf2e73a988ac7364f2062781048ccabb3f |
| SHA512 | 5f05b2788dad85761cd6916535c39654aec172422f9abb2d8db50afeac2107122e4ce82eb476b5aa0345e9e2f33500740607def980fbfdc243c8617125a2838d |
memory/3372-1035-0x0000000077620000-0x0000000077710000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\msvcp_win\relay.dll
| MD5 | d9f69c2af119cc6e9a4fc34be6751b9e |
| SHA1 | 3b3208f41c6d65ce57d14c0ee33755dcef7b39f6 |
| SHA256 | c258f5b026f4f665de35b1bacca13b6323acf88946504881e46c79ca7b3272ba |
| SHA512 | 84c5544c88a045d7925c2147c0c475dc6dc1c936320401446c52abddcf621099070fdaf7dbb3d509ae0cfd6d4a27cae18dea5ae22c89ccac7f1cea6083be8e28 |
C:\Users\Admin\Documents\GuardFox\qemu-ga.exe
| MD5 | a5ce3aba68bdb438e98b1d0c70a3d95c |
| SHA1 | 013f5aa9057bf0b3c0c24824de9d075434501354 |
| SHA256 | 9b860be98a046ea97a7f67b006e0b1bc9ab7731dd2a0f3a9fd3d710f6c43278a |
| SHA512 | 7446f1256873b51a59b9d2d3498cef5a41dbce55864c2a5fb8cb7d25f7d6e6d8ea249d551a45b75d99b1ad0d6fb4b5e4544e5ca77bcd627717d6598b5f566a79 |
C:\Users\Admin\AppData\Local\Temp\msvcp_win\sanitarium.ai
| MD5 | 25baff1beb9cd049ec573d10f42196c8 |
| SHA1 | 1e613b189a22b0ed3255596cfe16761ea9d9b5fb |
| SHA256 | c2dab0db01b46b07faba3844500d710caeb0c1c13c8a72566d3b7db2f00fb557 |
| SHA512 | eda17e94deea7f020a6c384b90d5ebab3d729de7fee4ba04ebcf054e73bc08bc08b1d6a3db095836d89fd40ff781500c51137043707dca50fff2d1fa0ec61826 |
C:\Users\Admin\AppData\Local\Temp\msvcp_win\grille.eps
| MD5 | 3b6a0b14dc8831e3b426cec742e90059 |
| SHA1 | 75ef923554485165a5cee04910e550164e15c51c |
| SHA256 | ed0a03950e1e3857fcc0623d57b7d5c3694762e1b999f8be0568bafb90209c3a |
| SHA512 | f10bd3afb2dfb2b682f299579c58c0418835faa1e06ab352fd6621f9187b8a05a138434a67bcfce752d6dd96832a33013b3dc6a4a1260983b77ecb4914e41eb8 |
C:\Users\Admin\AppData\Local\Temp\msvcp_win\relay.dll
| MD5 | d84fcf3d62b4533c4db9cb1834b431bd |
| SHA1 | 353f14fd15ef177a15a4497a9b99f31fbf406ff6 |
| SHA256 | c558b57a01186ddccf743735717a956e3cd59cc6d8db84528c38a0b050490d9b |
| SHA512 | 7976864c8037d4ad1a9718e1c77687c8acdc079a504b1c61f9f581c6902bd2b1a01b1d133601c858daebd94989b2764b0869f01605c81dd2f7d45de8c534619d |
C:\Users\Admin\AppData\Local\Temp\msvcp_win\UniversalInstaller.exe
| MD5 | 9fb4770ced09aae3b437c1c6eb6d7334 |
| SHA1 | fe54b31b0db8665aa5b22bed147e8295afc88a03 |
| SHA256 | a05b592a971fe5011554013bcfe9a4aaf9cfc633bdd1fe3a8197f213d557b8d3 |
| SHA512 | 140fee6daf23fe8b7e441b3b4de83554af804f00ecedc421907a385ac79a63164bd9f28b4be061c2ea2262755d85e14d3a8e7dc910547837b664d78d93667256 |
memory/2180-1031-0x0000000072150000-0x0000000072900000-memory.dmp
memory/5904-1029-0x0000000005690000-0x00000000056F6000-memory.dmp
memory/3372-1028-0x0000000005CD0000-0x0000000005CDA000-memory.dmp
memory/4416-1027-0x0000000000400000-0x0000000000830000-memory.dmp
memory/5672-1026-0x0000000005280000-0x00000000052E7000-memory.dmp
memory/5672-1017-0x0000000005280000-0x00000000052E7000-memory.dmp
memory/3408-1013-0x00000000015B0000-0x00000000015C6000-memory.dmp
memory/5316-1012-0x0000000000B10000-0x0000000001457000-memory.dmp
memory/5672-1000-0x0000000005280000-0x00000000052E7000-memory.dmp
memory/5316-999-0x00000000005F0000-0x00000000005F1000-memory.dmp
memory/2020-998-0x00007FF7630E0000-0x00007FF763DB3000-memory.dmp
memory/5896-991-0x0000000000E00000-0x0000000001DB3000-memory.dmp
memory/4888-989-0x00000000024E0000-0x00000000025FB000-memory.dmp
memory/1296-986-0x0000000002BE0000-0x0000000002CE0000-memory.dmp
memory/5904-985-0x0000000005320000-0x000000000536C000-memory.dmp
memory/5728-984-0x0000000000400000-0x0000000000537000-memory.dmp
memory/5672-983-0x0000000005280000-0x00000000052E7000-memory.dmp
C:\Users\Admin\Documents\GuardFox\MqgEKze8_FBCUvVdaibGMwDq.exe
| MD5 | e651dd01afe4ec829f1e53da6a317d8a |
| SHA1 | c46cd55b46ec760945d267bf95c0b620f32303ce |
| SHA256 | 0cad94acc2d8d6451e1c30c0322470e1c4c3c534666e9b1f671d4f44e1e95393 |
| SHA512 | c1823f3e1cf0f90d3cac4c662c246c778857b1788b677b10fdf391f8d859610ab0b71cec7bbca5f5fdfe4de9281c7d85a6b049e99f145d58193668d9a327a20a |
memory/4888-982-0x0000000000A8B000-0x0000000000B1D000-memory.dmp
memory/5904-978-0x00000000052C0000-0x00000000052FC000-memory.dmp
memory/5672-977-0x0000000005280000-0x00000000052EC000-memory.dmp
memory/5728-976-0x0000000000400000-0x0000000000537000-memory.dmp
memory/5136-971-0x0000000000400000-0x0000000002B13000-memory.dmp
memory/5904-970-0x0000000005390000-0x000000000549A000-memory.dmp
memory/5728-969-0x0000000000400000-0x0000000000537000-memory.dmp
C:\ProgramData\IPTV Channel Browser 6.6\IPTV Channel Browser 6.6.exe
| MD5 | 94b58655af254604a38c1ae7d6aff9eb |
| SHA1 | b20d8c8e70c193c5a9a38533e98472a61b83c83b |
| SHA256 | 2a35cbdb311694216792071fb48717badb03fcecea69589114af6c009918208f |
| SHA512 | 9dc94e321e2f1fa7a1a723dd8f2959f6b03db9ae97b4171cff8f917c67c354a52e3225c8e43521c8bd737f21e6eb4febb02adf83c19dd1e571f41aa07b9f4e06 |
memory/336-967-0x0000000140000000-0x0000000140876000-memory.dmp
memory/5672-965-0x0000000002830000-0x000000000289E000-memory.dmp
memory/5960-964-0x0000000000400000-0x0000000000760000-memory.dmp
memory/336-963-0x00007FFDE8EB0000-0x00007FFDE8EB2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000114001\InstallSetup8.exe
| MD5 | 38c4f7802f73faa6c967fb06c58f3702 |
| SHA1 | 1fb8b9bacf0fd0981714e8559c115ad4f5584ebf |
| SHA256 | ab540e776e7ec418e7f1bcb5fe6a5e232212abf8cef3a92c6ef3f2ecb45d20d8 |
| SHA512 | 5e7cb0ed64b5679d34432160c1b0cfa119cd314f18fd89b5a0442fcb24c885b2b76be820fc184e365d34764aac831464bb445717438559337faa65a08c71ff83 |
C:\Users\Admin\AppData\Local\UUID Code Generator\uuidcodegenerator.exe
| MD5 | 68c8fbecf011bd96e8cd81695f2ed1e3 |
| SHA1 | 3a9452af0e127111387a32723a7a42bf04f6b616 |
| SHA256 | 46a9a073b3e6fb286cf46826519cc667a918aff007c9315d15f08d81283ec270 |
| SHA512 | e3adf1991997d02542acb36b63fda34a11f88a1062dd3d337ba3337797d8b6cd85c300d55a2b2b28052b55af47b92c2201400b1f4fb1842a913922d44a2abdd8 |
memory/2180-961-0x0000000005C80000-0x0000000005D1C000-memory.dmp
memory/4892-960-0x0000000005A70000-0x0000000005CBE000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
| MD5 | 60fe01df86be2e5331b0cdbe86165686 |
| SHA1 | 2a79f9713c3f192862ff80508062e64e8e0b29bd |
| SHA256 | c08ccbc876cd5a7cdfa9670f9637da57f6a1282198a9bc71fc7d7247a6e5b7a8 |
| SHA512 | ef9f9a4dedcbfe339f4f3d07fb614645596c6f2b15608bdccdad492578b735f7cb075bdaa07178c764582ee345857ec4665f90342694e6a60786bb3d9b3a3d23 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
| MD5 | 97831155684ead55993afbdd801689c3 |
| SHA1 | a6332b889042467bc4c217e5a0e7d4ede56b4aad |
| SHA256 | 6d781aec543e0fe536432203477af9201430cebb3c1535b9970f2c42be10465a |
| SHA512 | 1e6911f65f0373a22da9ec0357d2004e493caab6d084687fb4bc0e06b65d0e8481304634cee95b10fc90f89d5004b097dc92f0dd91900d55ba5b46bd1d0e3044 |
memory/2180-954-0x0000000000EA0000-0x0000000001372000-memory.dmp
memory/5904-958-0x0000000005880000-0x0000000005E98000-memory.dmp
C:\Users\Admin\Documents\GuardFox\3_OhiSAmwwThCvnW5Rd_YQ0F.exe
| MD5 | a9d4ce111cc2cdc4a6f6aa170938e464 |
| SHA1 | 0f8ad05500e9b70240b0c56276bc6690b7db95f3 |
| SHA256 | 97019a06adf0fbf3e903df8fc0ce375b99faf19f1aa226b3a50b7ed6b568bc9a |
| SHA512 | 70baad00358dcb756a8d6afdf3554d7b994e5f0dbf283152ce54e130b6bf807d9e564ed5977d17784edc023acc09f251085b47bf8a0166345236050f5c0858fe |
C:\Users\Admin\Documents\GuardFox\mM1gK9oagKaOPZ6FsYOqnxvz.exe
| MD5 | 00f9177aaeac6a500b76c2b878f7ce28 |
| SHA1 | a611e9080e9e3d9de81c5f4de9c41e8164e191cb |
| SHA256 | da0ddabb9ca859813f0d3e2f3daf4675bff5d51e6e061f2f16a1afc744c1ed65 |
| SHA512 | 726f29c65c3237fbcf39eafca70b19db9725baa8ecbe8f58d01b2adfbd8c6cc39cbc4a941a3d28c79757828672ff1e9b0afd35531f717c6d6ca28b9fcf7c2732 |
memory/5136-951-0x0000000002D90000-0x0000000002DAC000-memory.dmp
memory/5136-942-0x0000000002C90000-0x0000000002D90000-memory.dmp
C:\ProgramData\mozglue.dll
| MD5 | b8916f445195adf0ccd5396d55a4e005 |
| SHA1 | 5ca47e0ed1a8ae5e39baa4565fa8fe50d6b7251a |
| SHA256 | e3710bfe6fbebcc17d70424f3e6ab5684a5b2856382fecb3a5a6690a9f33039f |
| SHA512 | 002014a5b1e2fbd0076782df2125be42d41eb0a1d8241ccfbbd7a0819d0205813053aedfa60854f8d90553bc098e6fb0d88a6e8b32859ba87243fbc9411f44bc |
C:\Users\Admin\Documents\GuardFox\3_OhiSAmwwThCvnW5Rd_YQ0F.exe
| MD5 | 74624061f1e59cd7602641118772b724 |
| SHA1 | 856ecd2702f6749319be7c67e81e68dcb59a474f |
| SHA256 | 05a163acb1f99bc407e04f6078c8a6fd101a0c5209b9d2c6e3f373a261c467b9 |
| SHA512 | c64eda559dfe760112a815cc51ce1e2ec3d525043db0831687ea0fe59b609493c3cb7e8cb0ed2cbcecafc8bbee11749817e72f80ac28e933b55a37d039039ce8 |
C:\Users\Admin\Documents\GuardFox\uvFmaHyGgsN7k8ts6ek6mPXs.exe
| MD5 | 5fa878455587d484dba37e41a46b9343 |
| SHA1 | 82f4dd3a18554bda4425a897433b31f2d783587a |
| SHA256 | e63841c08999245e9c424161cca81afbecb2c9e20b53aa2eb988a923cddbe6a4 |
| SHA512 | 60e23805e4a72ed423a65d2a3b19c2f6f4c16587f74499f78478180e0964dc9a80a584fb3a607c7a61ddf8085cd3ae23a5bf6a0d25aff78b96b808007d7e1654 |
C:\Users\Admin\Documents\GuardFox\uvFmaHyGgsN7k8ts6ek6mPXs.exe
| MD5 | 11c4485d467b2c6e44197dc564c25456 |
| SHA1 | 0c15d2a9926e0b7cdde36eb07bef853b3465afc5 |
| SHA256 | 3e2729839882217e39125114951a9945bce7746f5e6f0c234d2049e888ebba19 |
| SHA512 | b5ee425683ee5c6144558208d6f959dcef0e225d8fc8caf3f3b0f51d30708e2b253cdf0119c3a63544c72e54c8d266e288a5736ba8ec9c956d2083733cd193b4 |
C:\Users\Admin\Documents\GuardFox\XRa8WzCQ1_dVNAvzlHwg0HOx.exe
| MD5 | fd4cdddb7d9953261bc02122eb0ca3ff |
| SHA1 | 6730bee4bde4e7204f41ebb6e57029a5dab27f87 |
| SHA256 | 17ebd5d1bd3956fe824bf0d32ac6570bef08d828ab733e4c2a468b3316a1f8e5 |
| SHA512 | 3a1e927b9803fd26c41a083e04b9c29a796cbad1c21a8f6d29fe2ee500847c523028668e0b31e6874d32a6e8a9af072aa9a2225af655a73648d413538cb8a4f6 |
C:\Users\Admin\Documents\GuardFox\XRa8WzCQ1_dVNAvzlHwg0HOx.exe
| MD5 | f08594c587659205581a35e2076d41ef |
| SHA1 | b5d74a9b8d9e6573f801e93805adb9d2192ddc43 |
| SHA256 | 16777ca783f757442820e2350a3d992ede677086378a23999d4bfe176798cc32 |
| SHA512 | 4ef968823e581e48d0cc303ce0021ffdc60159dcf9297897301483499c04ca59394048c3c313b6cf802b4a02fe60368b680d95b1e3cd7fcbf2cea2c61d99e55b |
C:\Users\Admin\Documents\GuardFox\n0HpP0iKzD4Lj3OCgKc5tQwA.exe
| MD5 | 57e50c1232628b4cd23f02d42737f899 |
| SHA1 | aea975d3338108d683722f2794dc6184971172e8 |
| SHA256 | c9ef4a2f38622280e51c0fbe4a042d9979d4f2e714672992c8f032592a139861 |
| SHA512 | 33bcc3baf323ffd9bc23ee6311dc524258e8a0be879cf34986034314e97d5321d9151e2f36b8a581894a082820cb6c04084004d0e3ee6e424acac8efaac37b86 |
C:\Users\Admin\Documents\GuardFox\n0HpP0iKzD4Lj3OCgKc5tQwA.exe
| MD5 | d2e0b180607d797259b51a95975d21d0 |
| SHA1 | bf51e66e60880aecf5e240c792e16d723651f92b |
| SHA256 | e27247c46a94c8fe49eb5886ee5b1c6eb0d31560dfc30f3a829e939a973dd370 |
| SHA512 | a042e7a4fdcf6dbffa70258a591c2f402b3c8fe049d0ab6bfaee70f5869a60ce7cd4a37e1c37364a276ae202bfeaaafb862e2c5968d5b68edf49fbdf7336be4d |
C:\Users\Admin\Documents\GuardFox\MqgEKze8_FBCUvVdaibGMwDq.exe
| MD5 | 8297a0a066295efd76e6d0fe06c59ac2 |
| SHA1 | c6cd90030df3fb298910827c56e7f2822e42d3ea |
| SHA256 | 353db6d5785a58bd0d53eb751d845373a18136dddff0cacd135109e7e6df49f0 |
| SHA512 | e6517c569d42363ee0aa4260134a79a9989e1d001d21e4f17a2e8f86b5c7e61df0e81d28e3dbc868639ca9c55aa5b3675e75274cde1d5a3450fd8b2d1a8273e2 |
C:\Users\Admin\Documents\GuardFox\mM1gK9oagKaOPZ6FsYOqnxvz.exe
| MD5 | d551eeef5484d73fa83300249b8c738b |
| SHA1 | a7d47788ecfe0baf56f6b46b077e7f9f991633ba |
| SHA256 | affcd9e437ebc1b206050038b2e31c30777d73210036ffad5b985832dfcea028 |
| SHA512 | 919669cde3fe40c85f5b1ed3ccd3b77ccf9a1f6346ecbef5b2a3c4d0c663c2866888a660dbe1d2e86a0e2f856fbdfd4f2e6624a280caf42f394eabe29a74afa5 |
C:\Users\Admin\Documents\GuardFox\L8QOEhc0yzF4YCsvrmbtoUJq.exe
| MD5 | 86887a42fcd43a61cded1add1c1e5cc7 |
| SHA1 | 5149a28711209d7955a4dd05c53cc387f3004bd5 |
| SHA256 | 4473d1a86f17f1beff1a50355c815bde4304475d5e27c053429c739ac0c04a88 |
| SHA512 | 463acc3db5869d607a8850036ae02ffe44753a708761fef92f8a01cb9709688ba22737ed9fcd8315c48ae143f5b955dff6cd7d77a8b4782b831265d138b75140 |
C:\Users\Admin\Documents\GuardFox\ux87w6G5ryaxJZ7hW1nIqyyv.exe
| MD5 | 1b51a908e6e1ed539af2a2010c8aad2b |
| SHA1 | aa322f8bcae50da8b65f8087b01b41240240549e |
| SHA256 | 3369aac4c0e915913a5ff924fa715b3326ae45afe8f8ea020f438e8385de1c5e |
| SHA512 | ca86c067dcd809738c8960bb2b3792fe1dbe841f25b88b7d6624426a8e9e11286defca50fd388852bbabe2c266119bcfd2b6828b02fa80c159c7792c8939acf1 |
C:\Users\Admin\Documents\GuardFox\MqgEKze8_FBCUvVdaibGMwDq.exe
| MD5 | 1042e5098f713142849551349a44dc80 |
| SHA1 | 51af1eadaedf9732e36972be27bc818b205414e3 |
| SHA256 | 4bae1b4d93dc4e8d72cab11675aca572b6860212cafe5557fd0fa5dbb59a0921 |
| SHA512 | 3b33a8c5f0914317db6e52bb519f4977f2cfa6e4afc8bd7c9a266d70ad87c4e401068d0eaefcea1666c89f14fd24621c6ce7e2703e469fd4c8e2418e1b58c8e0 |
C:\Users\Admin\Documents\GuardFox\bfsRWO_r1Q4cpN4Z5XW65UAC.exe
| MD5 | 1118cab0723942d856710848b2df0519 |
| SHA1 | a3f52383519f024d11f39dac15923cc046306969 |
| SHA256 | aaa926e12a6476b0617f0015b4fcf5d989de79fdd692f94fde717f17acc3def1 |
| SHA512 | b11412008044bac78e83358075877be9dbeeb3b0f6795274c0f1418fb65c0b4468bbcd08e9fcd5ad0d080c117d81d9e46af1b4143ccfcd002f19410b19809aba |
memory/5124-752-0x0000000000400000-0x0000000002B13000-memory.dmp
C:\Users\Admin\Documents\GuardFox\m5W8JZPrsOJy8OpyMuPjKKdQ.exe
| MD5 | 5e7312e0cdbad88ab75b0b3bfa51b3cb |
| SHA1 | 8c5882bc0828f74fe021218c39988f92a3d8868c |
| SHA256 | f04199f07b33f70cff9fbbb18447156403fa6f2b6acf4b986ebe00d2579b8688 |
| SHA512 | b49c69853f3b226318b9d030859b0bff5c23a7ae6f0242111d64bb92097ed87aecc045995fc43bb82ba9c621484943e62c794e4cb696b0fd9de2fd8a126394cd |
C:\Users\Admin\Documents\GuardFox\us0OF5kRFjjCHL_Pdc4m6fsq.exe
| MD5 | f740608b4fc3a10a4526f0c2db5fc67d |
| SHA1 | 91a6a17d5a90be772997021532d6d0615d550fed |
| SHA256 | 35e87fae499edf23f25bfc5be34be901c0dcef34851db88b7d96eeeb6733860d |
| SHA512 | 2d45013aa54d29977eb173ef873ee2464081ee650c3df04fd381f9e8aaaca4bbc58de61228cbf365439ad05a81de4bed8cdafbf4a3762eb489da23d65010fe3c |
C:\Users\Admin\Documents\GuardFox\dB97ZTf5xW0sPbrc3gKOpjik.exe
| MD5 | b982a1886afa6dc5d429f1d9fa631cf6 |
| SHA1 | 59695508f14578530305bedb8a6196aed68d18ae |
| SHA256 | 34d25a6f3925f6ac52da525a74a45bfc284f5815fd3a18a6691a87932a02f451 |
| SHA512 | 201cf1a8ac28298c37e9d7f23a18b14b2343c23082d11912065f8f512fdb461fe7236baf8d508a9ea1e7079e08e2531b781699603db5c7216f1979b338b37157 |
C:\Users\Admin\Documents\GuardFox\bfsRWO_r1Q4cpN4Z5XW65UAC.exe
| MD5 | 5dec72a67dba845b71914531de61e6e1 |
| SHA1 | 4c1177095204d4590ef30b07db0b52cbdbf465d8 |
| SHA256 | ce555ad133872473390512ce638baba6fbbc2e4d98b8c46bad188c0a19f11c40 |
| SHA512 | 32a6e4b25a54a3a3ed03b8e11556f7cbb31c01a33a6820fc8d407456ab47c326b35f2ca5be5fb50636e4af424f0385b36b3c380113fc5367e74d5e2cedcccd25 |
C:\Users\Admin\Documents\GuardFox\ux87w6G5ryaxJZ7hW1nIqyyv.exe
| MD5 | a4506f35e0a162adee527b747717c6db |
| SHA1 | b323ec8f9f585957a4ecdc95bc0f4dc357f93c43 |
| SHA256 | 2451f06bdab14ecf3bd8e4c85237738faae5cefd39d24e710652b5618f2be929 |
| SHA512 | 843028253679b4c9a9068fa83432c22645ecf860db8422554173d52ab7c55f56e76dacf60952dc4c8bf4247d2f8cd199fba22b36e4f9664dc60fd190a9587890 |
C:\Users\Admin\Documents\GuardFox\wxH2JcIj8haDyTEooYqvLo4p.exe
| MD5 | 47367776129775ff7c382a0f1a6adf65 |
| SHA1 | bf14ecd55a0bc0d29a23a1e1b3270ff4deedf77f |
| SHA256 | 49c616bf0f452c60b770d3c2856f0ae7b99be5655596d6b4d76321168966959a |
| SHA512 | 8490683679e6bde2196855592cea0dba3906fe92edd952bf27ef939f09873910ee974b8ca3648cb6e0002fcdce83a50c5931c72b1c5efb76c2fbe7fc95cd6aae |
C:\Users\Admin\Documents\GuardFox\WdMfqOZIFj2GNZNeewRO76dx.exe
| MD5 | 93d27211879f8ce50b4588e879104213 |
| SHA1 | 66606a241408031dbc8c74082d189b6cae21ca1e |
| SHA256 | 7ee0979e735adccd1f4a0abf6869b368dff67d0b1638c6176eeb42a309c82cdd |
| SHA512 | cf125b91cea7cef618b2b54b84fe7c66ea9e75cba71bfce5e45a262064824f64c8e8a4d7a8831cde7130fef95043560b5f11ca0e798ad4d92fd3973710b7f9c2 |
C:\Users\Admin\Documents\GuardFox\n0HpP0iKzD4Lj3OCgKc5tQwA.exe
| MD5 | 63fcf56e899c818cec597ff1d610c627 |
| SHA1 | 1522a397ff04b93732224136a2f928044e056966 |
| SHA256 | d30b232aa155fb5d895edc266d7b0f9cae4478be2ee0f369e2137aad6554cbe2 |
| SHA512 | 3dd1d86eabe9fe66479f090b39d7d638c3e9e7b04838dbb85bc2f76636f6a723cf2eef154485dd713ecaf11209a77e40c91e9b229bfccb0fb9fde27af37b1770 |
C:\Users\Admin\Documents\GuardFox\L8QOEhc0yzF4YCsvrmbtoUJq.exe
| MD5 | 338cf99950cc562f896425d5a5e19c2c |
| SHA1 | 289b9487e9096ad8fa78d14e903f0001b65405fa |
| SHA256 | c37493470f63a0bce847b17af3bbf63503e1571f6f46fb61bad7e4405791e2df |
| SHA512 | 6860450d50b1b9fc9b24b9004b2f3b2948152fd68767cf2ea1ac828031b0b645fec0f94ecd6d2159cc0b90397a1571621929674a9789b76177125d810a6c5a31 |
C:\Users\Admin\Documents\GuardFox\XRa8WzCQ1_dVNAvzlHwg0HOx.exe
| MD5 | 91fdd790801f314e7ef8801d8835f11a |
| SHA1 | a5a38c9e9df9b1df19cf80faa8fa78bd425d7c79 |
| SHA256 | 1e93a6c06568559bcf8d20320b43c56d6272e95605a99583e2578dc424f0c055 |
| SHA512 | 44ff8041facd3882fbea49584211a3ded59e6395946e4d830960703fe4a56568c822e674b55421340e8fbd82274a7118d17a3480a2af045b33fa3f18dfcb891e |
C:\Users\Admin\Documents\GuardFox\MqgEKze8_FBCUvVdaibGMwDq.exe
| MD5 | 5edbf505df4213193b620bb362aa7952 |
| SHA1 | 965706578c034aaae58372d278ca3e106c7b50a5 |
| SHA256 | 539aaa6c24c46ddcfc6379451bdca7eea440397e01d644120158c6f3b66455c6 |
| SHA512 | f55ec9f39aecb337c2395f3787605108b6a9dab8992c3f626b6da1a4d9670b9f64c61a4a9692102dc3c8a5b91721b2f746bce856cb2f47c8ee2a85c7d57963f4 |
C:\Users\Admin\AppData\Local\Temp\nsaF9A3.tmp\INetC.dll
| MD5 | 40d7eca32b2f4d29db98715dd45bfac5 |
| SHA1 | 124df3f617f562e46095776454e1c0c7bb791cc7 |
| SHA256 | 85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9 |
| SHA512 | 5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ceoajhiemdnnjfbilpkblfjghmmbhbda\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Temp\1000115001\toolspub1.exe
| MD5 | 974da0e05f02ed6ea76f662c10aef9a0 |
| SHA1 | e4c6971736758b9fa2ed52763a681677f3d9f356 |
| SHA256 | 014124987a12e87b87f263c32a243e119b449f62fe8ff71339a14b5f4f9de0a6 |
| SHA512 | 4cb8280bf6249740a1c6c10aec8b027d054abf6a364069e6d011356054c84d31b70ccc8e99dcbc214de6070b6728fbf342fb211fba34a11c6da727f47e0076a6 |
C:\ProgramData\Are.docx
| MD5 | a33e5b189842c5867f46566bdbf7a095 |
| SHA1 | e1c06359f6a76da90d19e8fd95e79c832edb3196 |
| SHA256 | 5abf8e3d1f78de7b09d7f6fb87f9e80e60caacf13ef3c1289665653dacd7c454 |
| SHA512 | f2ad3812ec9b915e9618539b0f103f2e9acaad25fbbacd84941c954ce070af231324e83a4621e951c1dbae8d40d50410954e40dd52bbd46e34c54b0d1957407b |
C:\Users\Admin\AppData\Local\Temp\1000119001\FirstZ.exe
| MD5 | 995befe843c615b7d3e2b7006baa1aa3 |
| SHA1 | 07d4dc2b0db965e40efdd571bcfd07663c9d302f |
| SHA256 | 257c1f48795ef97d85703e0ce3872860ae14f4b56efec3481eefa11d94bad938 |
| SHA512 | e69cc164251d9174ea8779e6a43330c53e857eb657f2b598cd698f501a31f1bf4779644ad0756d7915e79db46dc9af6de23e9530ce4fb548c6c0b606d5be27a4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\e7753ae9af50cdc37f5883bf8d31eb5f
| MD5 | c9ff7748d8fcef4cf84a5501e996a641 |
| SHA1 | 02867e5010f62f97ebb0cfb32cb3ede9449fe0c9 |
| SHA256 | 4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988 |
| SHA512 | d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | d953520eef04a7f704dfe97db53f6a7f |
| SHA1 | 55e37085e46991e0aeb58b2cc0dbc1a3c3c04e39 |
| SHA256 | 7b14abffd2823cb808b20be179788d4ae316533eaeb954fb0c0fbee8f9fe0f47 |
| SHA512 | 630b0cf4ba960966d41b512868e6ec54db4e270fe936a2ad8ff80ab7b7cc9b021c6b7eeda83744602edcccaeb3893f87a2b2270b8ca8ba9c409e98036d5b0b85 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | fa298bd8d59d575559dbed9b9033529b |
| SHA1 | 160e80e66d3a7959655a01576890ce058f81790c |
| SHA256 | 590b62e56fcfdcd8d0c8fc5617f5e24f824632bb3caa6015d2e7e718b305a7d5 |
| SHA512 | 0db02980dd3480db65ae2aec0f2cd57556d02c809f7244fc83c604039f41f94e3a72a631e3f985d38f9ea360729392cef02ff986654d7792b5d337f413250658 |
C:\ProgramData\EGDGCGCF
| MD5 | 9ee121eb3c3fd32b6e8099be160790fb |
| SHA1 | a325e02e1f026c04667a7869b69742398213d44f |
| SHA256 | 86d5d803aaf6cf27bf876342026fd54aa7a7efca2052ee88e1ea7fcfd465585e |
| SHA512 | 77c9fcad43535cabb0ba0ffa27c40103f80f53921a03cc343103aa3d097f84b00f90540764c6519c37919da25b2fc00ef5741f4141fca84d8d284a9afe6815e5 |
C:\ProgramData\FIIEGDBA
| MD5 | b95cec18731f38a50955d20c700b0f78 |
| SHA1 | 67181b34be1d6cfac1341ce00ef12374bce0b32d |
| SHA256 | 7e3afdd751cbd367bff57c87b9ea396ea81da92bff78f57e62751ca7e0834dd2 |
| SHA512 | 569f632a72fca5dd19f5d4be5bb642688101f541cb5f106f81ebba23db055bc946698846c0605dd8061dfe46cafd5f40bfaea515605bf8c5efc9219cabca15c4 |
C:\Users\Admin\AppData\Local\Temp\jobA4YdhQ2r8P00rkZ\Ei8DrAmaYu9KLogin Data
| MD5 | 751ad4db4a4d99eb092e795ae6ff1970 |
| SHA1 | 7130c2d613b907f48ff5db7356dd2be41759c373 |
| SHA256 | 5bea8165811383941bfc5073a18860ce2d4b0e2d890d992265d95a75243931db |
| SHA512 | a162e3869a2d1dc9b0e4276e7f1931bb2672d82d5a150bf77e9cd8ff3cd722340e8b329a647f1426aa21206df998c62ad57d13a1d14b8a36d770bfcac8bdf80f |
C:\Users\Admin\AppData\Local\Temp\jobA4YdhQ2r8P00rkZ\KvHrxJ77cmUgLogin Data
| MD5 | 349e6eb110e34a08924d92f6b334801d |
| SHA1 | bdfb289daff51890cc71697b6322aa4b35ec9169 |
| SHA256 | c9fd7be4579e4aa942e8c2b44ab10115fa6c2fe6afd0c584865413d9d53f3b2a |
| SHA512 | 2a635b815a5e117ea181ee79305ee1baf591459427acc5210d8c6c7e447be3513ead871c605eb3d32e4ab4111b2a335f26520d0ef8c1245a4af44e1faec44574 |
C:\Users\Admin\AppData\Local\Temp\jobA4YdhQ2r8P00rkZ\3b6N2Xdh3CYwplaces.sqlite
| MD5 | 9c291a79f45a61fbbeb48f6ad39c5af0 |
| SHA1 | db6d7887507b8d73c175ea94784982415d3eb04c |
| SHA256 | 986ce11b1ed772ca40a489ba30d2c829c597c8f1c7b885ed9b16a4d99316257d |
| SHA512 | b262d3d04b8d59f14f99f1bd3ce3fd113dfd0ecb0a05ab9191112192d29d7f4f564f7085056aff6245392ceba834f88c32d4adee96853cc222f4b2f2cd8bf4b1 |
C:\Users\Admin\AppData\Local\Temp\jobA4YdhQ2r8P00rkZ\l6w3NVXsgpmDCookies
| MD5 | 49693267e0adbcd119f9f5e02adf3a80 |
| SHA1 | 3ba3d7f89b8ad195ca82c92737e960e1f2b349df |
| SHA256 | d76e7512e496b7c8d9fcd3010a55e2e566881dc6dacaf0343652a4915d47829f |
| SHA512 | b4b9fcecf8d277bb0ccbb25e08f3559e3fc519d85d8761d8ad5bca983d04eb55a20d3b742b15b9b31a7c9187da40ad5c48baa7a54664cae4c40aa253165cbaa2 |
C:\Users\Admin\AppData\Local\Temp\jobA4YdhQ2r8P00rkZ\02zdBXl47cvzHistory
| MD5 | 7489ac5acae3c035cfbea547f5c66b20 |
| SHA1 | 3418f9a6cdb369aea1967c311e553e86f0a4686d |
| SHA256 | 25ff97b2e168086b24ad48b66a70cb969b3dedb6df1a1af8e594fed248869100 |
| SHA512 | 020289d11c21c3a26c797258f806e401ca61da2404a823bd82c2b7159c7e1c7209c8cf459bb1bb94aac0d3fb4a378ce0a569b2016e38cad5fbc6468a138c54c7 |
C:\Users\Admin\AppData\Local\Temp\jobA4YdhQ2r8P00rkZ\o0qT3dWYBP7ZHistory
| MD5 | 9618e15b04a4ddb39ed6c496575f6f95 |
| SHA1 | 1c28f8750e5555776b3c80b187c5d15a443a7412 |
| SHA256 | a4cd72e529e60b5f74c50e4e5b159efaf80625f23534dd15a28203760b8b28ab |
| SHA512 | f802582aa7510f6b950e3343b0560ffa9037c6d22373a6a33513637ab0f8e60ed23294a13ad8890935b02c64830b5232ba9f60d0c0fe90df02b5da30ecd7fa26 |
C:\Users\Admin\AppData\Local\Temp\jobA4YdhQ2r8P00rkZ\02zdBXl47cvzcookies.sqlite
| MD5 | d367ddfda80fdcf578726bc3b0bc3e3c |
| SHA1 | 23fcd5e4e0e5e296bee7e5224a8404ecd92cf671 |
| SHA256 | 0b8607fdf72f3e651a2a8b0ac7be171b4cb44909d76bb8d6c47393b8ea3d84a0 |
| SHA512 | 40e9239e3f084b4b981431817ca282feb986cf49227911bf3d68845baf2ee626b564c8fabe6e13b97e6eb214da1c02ca09a62bcf5e837900160cf479c104bf77 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 01cf9fd982d5a3224d0d82db419e3b29 |
| SHA1 | da9267ab0572ed4cc3e7f16d5d34f5a8f24671cf |
| SHA256 | a3f37707843140611d77c776ca053a530e9b25a225e46ab185727ea854bc86f7 |
| SHA512 | 02c1bb49a390b5d9b8266a5477c752861f1d03977c8770f6b0e5e9455e487496dfea7a12c78b2379d00c37867476d2918e619a403cf21713d3480992811ba620 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0368b01c5a6d31031a367ece7ab638c8 |
| SHA1 | 61f061bdc6945945f2ebb61b46975a7dd91be80e |
| SHA256 | 570ff1176f04fd5504b3a2c00f048b1dff80483ca19a58d9f49ca938b57cb314 |
| SHA512 | 3ad29bf7cab194a8b8170320df59bcec99be0e3b918e071d301151da2728a8294535e90b5f22f2144c706499c03437148b58ddc1fa135f897fb597afa13a8c76 |
C:\Users\Admin\AppData\Local\Temp\jobA3YdhQ2r8P00rkZ\information.txt
| MD5 | 9e059d2e71d94b1ada3feeaa5dfa1382 |
| SHA1 | a586ec8b5d7399ce240a1393b1779204f732a9fe |
| SHA256 | 450a023ac4b6b550c34f2c8581bc38150aeae0b9f647bfa56357336bb91a6974 |
| SHA512 | fbbba65eef5b83a470fab678a7ce43928af42b724bf32c4e044b74e45b3aad5b612c9740f7a4bb308f990ba6a6d9191bf1065baff6c6816bc7b430cf333a406e |
C:\ProgramData\nss3.dll
| MD5 | 2c13488615d608752e134324a2db75e2 |
| SHA1 | 744b15e2f948c7eb768979fde1e814139d067d7f |
| SHA256 | e35099e2b69a4627b4dfb289833b995affa8e61d2869c48dea13e892d8ffa1bc |
| SHA512 | 2d2313775d31e53ab6c31b37a585f9822f35afdf75eb7d977bcd742dc3aa9158c78b985e910055394ec65f579c4b833db4d0b35cad44f50bb2543cf926a2d3e0 |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_3eikjyse.etp.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
C:\Users\Admin\AppData\Local\Temp\jobA4YdhQ2r8P00rkZ\1uMVCRFptcIIlY17MXAG.exe
| MD5 | de28f25c1bf043185e7622ef29cbdc6b |
| SHA1 | 6a770316ec271045db65679913929b0b532967cd |
| SHA256 | 01229ce5be5018af6e701215638f175273b9499bfa3ee27a56e043bcc6f8b683 |
| SHA512 | 69c1f067f981f454b62b342c138b826110f3105bad4c2411a8a83f6092f566f441bcc393673e2a9813e9303a404813945f9f01c81543e504721a3010d37b20f5 |
C:\ProgramData\ResumeRegister.txt
| MD5 | 28a21f49fe904d13751a21f18acdc66b |
| SHA1 | ab414de4ffed0ed849d888519e969777334901ff |
| SHA256 | 3cf4db7f9f9bac9ab5207beb4f24b328da4de6697dffdf3249e192f5a7ecd3ec |
| SHA512 | 3cd705a707d2c10bf1c1c635f3172194b0f87fbb3076a6b7edf3d0b4f4f2728cc8e8f3f3635def0cdad2dc38caecd9055761d6114c52f7f5797917a4dc346676 |
C:\Users\Admin\AppData\Local\Temp\jobA4YdhQ2r8P00rkZ\7qSs68sESccfonx45Ne4.exe
| MD5 | 1ae6bdc10d082606d64b6735a6faa034 |
| SHA1 | efc7270206cf46818ef162847ea446d2c920f0d1 |
| SHA256 | 80c89f3a6180b0e669ee275db31a5e29bdda1c4367fa7b602bbdc2f10e8732f8 |
| SHA512 | f1d7a650e5110f2dbd2893dce10cb7c8480932923a9f8944e4606a1671cde84264250686068b3b0c9042efa5d5c0e7ae3ece6b794611bd5fd1c409d0c71b7f5e |
C:\Users\Admin\AppData\Local\Temp\jobA4YdhQ2r8P00rkZ\NaE0wSEn8rF34rphC0Fe.exe
| MD5 | 83cf89789d794465eb9147221a71e30a |
| SHA1 | 2d7bf30a79bbd3e8613d6ecb6b1cad673d6c98cf |
| SHA256 | 0580273a7aa335423bcf05c2c0a18636406f165c6034065baa42c6e145fc3897 |
| SHA512 | 9f6a51d8a9fb2d6225345ff4df43c7a55513f3878336447f9f69b28dd4f0154186ead34ae436908e290f79ff78d5959a20f024aff118d360c3f743433a26af15 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f246cc2c0e84109806d24fcf52bd0672 |
| SHA1 | 8725d2b2477efe4f66c60e0f2028bf79d8b88e4e |
| SHA256 | 0c1014ae07c2077dd55d7386cc9cf9e0551be1d67fe05a6006957427ae09fec5 |
| SHA512 | dcf31357eb39a05213550a879941e2c039ec0ba41e4867d5d630807420f070289552d56d9f16c6d11edcdb0f9448bf51e7d2e460e88aa9c55a5bfe5d8d331640 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 59b3ca3b1577ad4d179f6c58695b6af7 |
| SHA1 | 334b5abf353ec91d8a39e51f16a0b0a109ad9f1f |
| SHA256 | 74ed6670806a8fb874857b2f47beded36159cd88fbc34f555d80971349118402 |
| SHA512 | 56af68aff56890da5cd7450e62486e2a625cc31107d33f3b69fdd243b1222b7853e1787845266ed0ba9f59e5802b77d3aa2f2366cc1e1e7fec4d1de296e07c3b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe588066.TMP
| MD5 | 9181656ecaceafcfa5d63d4e4fcd0094 |
| SHA1 | 9c8f358ca055e037f9c00b510482bb770a2ed0eb |
| SHA256 | 3f4b910bee6b54cc69ea636fb9f79e27305e1c822fd06b2d97f8645250a58069 |
| SHA512 | 51e48692c2f6860477b187066c380da2fef546df5048673b38d30bbe9d3c172a4292632f739a8ac95080e79fd168a2c85a14d8ba0770b581ec599f7bfc1d4b68 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a4f13be30bac77ded7a39b65525e5b3f |
| SHA1 | 43245f05cc3a585e08ab52e2d601852bedb8b6e3 |
| SHA256 | 10959b4449111876e1e5df21e54f5a509d1b1da61274d99932931249927ad3be |
| SHA512 | a378d59a9ef58cc7e96041e42d8845fc7828fb9b0e2f3064fc58850a3989b55474d4f5fc005ddfeeac41cb7c9aa41a1be16f1a8bd6027bbe3fb7ec726a303c26 |
C:\Users\Admin\AppData\Local\Temp\jobA4YdhQ2r8P00rkZ\Zf7Zfr8wjeEHCf8UU6BJ.exe
| MD5 | 0a2de73d7376fb513879f58ea3e9451a |
| SHA1 | 87b87cf3e4e16b4607e271409813390cf9c2ff9e |
| SHA256 | 83e239d48a2380b45b2fc8fc6d667ea24318824d765e6345d1d5e199d5ee54fb |
| SHA512 | b8b691b276ebdef6adb4bad0c0f48e84dd654eb0088f59b10b4add78053cb405f264baa962bb7b247d2ccc6d6e235e2db6753ecb96df46d29ad7e30f1fac4a9d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0316a6a5-1e63-4179-bc2c-d0ee81199fea.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cc282870c07fb26b58245c0cf42c84d3 |
| SHA1 | b1b2143c924036792d59f03e4ae39479f6e26a5e |
| SHA256 | 5e9b49e01a4f4154d771752b51b39c69f2bf5ddb2fdea13a387012d2e3ed1b12 |
| SHA512 | dafb0ad7e6007945f67f5390aea27004d2563a2111e03cba397595e182a61dde93f35de732c1c90e0749893bd1eed7935815ba3c3e8d6647d3a4e0baa2d941b5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 085b301c7730017e80235ff8d35d3b54 |
| SHA1 | 507f26eb5a7b9828b02657b4eafc7964f3ec0691 |
| SHA256 | 13c7c968e95bd4bd718054a3b3a5675d2cc701bba37d6f6725bfed1526c431e1 |
| SHA512 | 0bf515fc31a7265deaafba4a966f48415ddf8bd4f192aa90c80d2b370959bef390d2585f097560f7e461e545b4c20bafaeeb0e23d9a41eca917cb71380bf3f6b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dbba83276b8d088f17ca58697fc5d14b |
| SHA1 | cd1a219d2c14e478ce113791a9566ba4ad57e231 |
| SHA256 | 41e1ed21172315d04fed94d09d3d84130edd9334a23cad51ddb5e16e7f58de99 |
| SHA512 | 7a87d519a36db68cc7b1dd507eab71d87269438051375755b294464027886a6669b409ece3d2154d872fdf959e092558f967e1a273aea64a55f09b1bfdb626fd |
C:\Users\Admin\AppData\Local\Temp\jobA4YdhQ2r8P00rkZ\bkZFmjGd0fHWFibWRWJY.exe
| MD5 | 7efd7da9c6306f71b9f97cd9ef40807f |
| SHA1 | 7f53f11c75985a6c06f0ef75379c2eece0c7059c |
| SHA256 | 4cd53323320d4a98ec59130ecea046c811a12482e09b6c5f819fa51ddaab0f67 |
| SHA512 | 8f4895cc00667ae866f1190314991b80d815f35ebc8e084578e165141b1e697f20eed3961cdf9a240c8f5bd2eda7db343e319d1fee0b024704adb517e35dc181 |
C:\Users\Admin\AppData\Local\Temp\1000544001\Zjqkz.exe
| MD5 | c570cfa222084ccb76f366d00d39e15c |
| SHA1 | e4820b6b4759ed2ab9d1056938b36bdfb04cd123 |
| SHA256 | 40b70a80525232a58832dac990664738d78b597d2759a2a15525b0cb233894fd |
| SHA512 | d07b38ea18688506644180f0c55e2be27ffc47dcd4c36b561212a0162d27aaaf6d570abdb21e3d02ccd03f1dba868087cd14929225ebd597f8b481bdfdbef022 |
C:\Users\Admin\AppData\Local\Temp\1000545001\gold1234.exe
| MD5 | 937b8a7c3f5e8a2e338317af078c38ba |
| SHA1 | 13efcea0c342ed385f07a285cd62a3786d21fea6 |
| SHA256 | 8e4ebd7d717849d047914bf560846c49d5670709eb2e73afd9728a801c4711f3 |
| SHA512 | 52dc616ee4aee12d9a7e2a274e7f4a131aec1fa657aa0c741c9ffb4917a9553d7d841882c643ee34cbb16e06f58e084f614dc88f19ab1d12799089cf2badf8d8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\datareporting\glean\pending_pings\39ff7e45-2320-4f96-9d0f-d83ff2e3c571
| MD5 | 185c9c5d4031fdd6adcf2aa87acc9112 |
| SHA1 | 960dbd1903c958f15d4583ece77d1d0435a08bcd |
| SHA256 | 3932eeda05f889b6adbddf95c14b203eabb6490b1eedde9319b0afab58513fbc |
| SHA512 | 61965de338c9106513e5fdea67ede421d9b63a9ec8e5e0ae8ffccfad32a396738787eaf48b8acdf8bd1b84977bff85472ada4fe53d792318c84322f4e0bade06 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\prefs-1.js
| MD5 | 9ceed372e565f10142d94518c8b78e8a |
| SHA1 | 3b98546aabea3fba1ac8d8c21e013fd3af4a730e |
| SHA256 | ba5c5f455207f54a74cf43893f3145e02359f3b68cfe8ac150a841a35907d69b |
| SHA512 | 10ccd5c1a6ff6a356e159e4ce5accdd961214cd0e52c63394825a992dfd04278c5e369f6524d609e128a0f63c6026e0fe6fa854b3c5e91e0e4f961e5e47a99ee |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 9d3ae693c5705417954d29dff633e870 |
| SHA1 | 087c0881babcf994ff10de56bec9706cb9efd108 |
| SHA256 | 24c82c9a1ed44a6a2302c4f4bb785514d784119ea6ad846c041de1b12de1944a |
| SHA512 | f98d9df4424ed14799b8afd4b9c65e1a43a4ab9cdfe56fc9356a6e3cf8c609bd80edeaaff3e2fac99192fc404d8576a2756f710e35c0d52a5f34690b704d7eb3 |
C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll
| MD5 | 1b7c22a214949975556626d7217e9a39 |
| SHA1 | d01c97e2944166ed23e47e4a62ff471ab8fa031f |
| SHA256 | 340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87 |
| SHA512 | ba64847cf1d4157d50abe4f4a1e5c1996fe387c5808e2f758c7fb3213bfefe1f3712d343f0c30a16819749840954654a70611d2250fd0f7b032429db7afd2cc5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 1af0543da99c9e01bfc50392e3562555 |
| SHA1 | e063dd6052e5f60409e7a68cc1f60d636cc4809e |
| SHA256 | f7aafc69bcd457e47013032814425b9816afb36005f64c2b542ea97b9bfcbd34 |
| SHA512 | 39ce976e5733b9473470465ffbf670b50f4dbcf98e5eaa15d909ecac1cce636f2122ee755dbeae5e6c0a414a0eb6b09355787333f309cac605a95f9b9bfc4b2f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3f84856d83a8187aa05a30983f3cf577 |
| SHA1 | 8f0fa7918d327b81297fc3887acbfb729b094626 |
| SHA256 | e215a83adbfce93dc7f0e2bd21e0eb2a6b31745717f62c27e53f466127bffd87 |
| SHA512 | 55ad4e62c1c5dd4239194302b3c8d5556d68fca91fd689151a3049a0ee69fe940e2633eafbf22fdb347ea4385a3424e2e4576272237a571d0810a02682ab3255 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c1e531e3768d778d69713bdf9c967e84 |
| SHA1 | 8c78fa83cd91710ca81a767cfc9eb94f35384896 |
| SHA256 | 9ca29c18014639bd3e1a6e905ec7fc33951b5717258ebb6f79a815fc2e311d85 |
| SHA512 | ff73458d1221a93a4b4a653393023e720a1b5b7cfc776faf5734e5fda9ae08063a4adff74c28908bedf9d6d7fd74a96f7e2b79573f9e6aca8850103b86a1a844 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\prefs-1.js
| MD5 | 0ddaf644ca8032ec1f45a357dfe6aaf2 |
| SHA1 | 5e74cda54bf4912a50f0ae54e8d87bfcf0106602 |
| SHA256 | 3160e2fca35d92049436c9ef6740873c54781c34f0cf7371e18cc6782ee34b92 |
| SHA512 | 36b08832ab1ff54de67ab6c2b50e9ecf5aaa95816a45cfc7b43dc8c6e2a18a7b5c38fbcc31455b415fb203ab3dc68cfc8d36bec375bef450ceb52cddca46b4fb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 78dc589281e33cbae5927dce3603f077 |
| SHA1 | 5a5321518c25124fb4873fdf23940a83ba513e12 |
| SHA256 | f14f86b16e0fa275077d44903c1e17435a4ab0ae726eccdae2d66e07a70179c7 |
| SHA512 | 950b53ffc0751fb3c9606bcf719a0fc7efe7a80559b0203ac02b35893260c38ce05022963da35e4f314e9312586aa4cf0505849f4d1915878ed63f91317a5b72 |
C:\Users\Admin\AppData\Local\Temp\1000546001\rdx1122.exe
| MD5 | 927fa2810d057f5b7740f9fd3d0af3c9 |
| SHA1 | b75d4c86d3b4fd9d6ecf4be05d9ebcf4d7fd7ec8 |
| SHA256 | 9285f56d3f84131e78d09d2b85dad48a871eec4702cb6494e9c46a24f70e50f9 |
| SHA512 | 54af68949da4520c87e24d613817003705e8e50d3006e81dcf5d924003c1a1b8185ba89f6878c0abac61f34efbe7a9233f28ba3e678a35983c1e74216a5ac1a8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9069a7fdb9ea273525fe091f67b79982 |
| SHA1 | 94e07feb173f97fc4da7eb949f55c552b0554c4f |
| SHA256 | 02f27176787583d13ff21e9f14223429bee7c5246fd570f271582b0a8fb0c8a2 |
| SHA512 | 9057ca13bb03b47938de89287c3cbaf6f9cd34b715d231985cb1f44cd4696500c3a096e3aaa4f37016978c1b18f2783e35782ce00b47b96859e0e7bef93af431 |
C:\Users\Admin\AppData\Local\Temp\jobA4YdhQ2r8P00rkZ\gjo0n8gyoaT0wn8F70iV.exe
| MD5 | 64a289c08fe43f8854843be967bd4bfa |
| SHA1 | 1cb2e9699a6c7207bb4741071991db720c473b96 |
| SHA256 | 9be9a4ebd010626b362f8ff99236671fdd34bc5210fc546e707e6636bfdcffc1 |
| SHA512 | 1117b82094a1194bd6774b1adf84bf98e07ed00ace8c08f9f562c7c3c7b1160b5a06481ba8031546d3a23111618216318e4df656ed4f25a0379f1e040edb7204 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 657587fee84c92c513b18c4f57e26b9e |
| SHA1 | bdfe599e6151902cb5579064cf6982fa16874e25 |
| SHA256 | f6cc942ccdd9bf57cc449904f6eab7e83c65e40e7a052bce640f2ed1f49d210f |
| SHA512 | 480069cd3f0acaeacf32f713c82f0b7468368c7831447197222942ab25913f27766d2aa2bec412aa848b712512c3b954866e7e0d187f753cc0173028e12323d9 |
C:\Users\Admin\AppData\Local\Temp\1000548001\flesh.exe
| MD5 | 671ee08be15370735b6954078a7bd545 |
| SHA1 | bfd1be4869330227547df4f70b083b0afbd6d855 |
| SHA256 | aae630bf3977b5b0bbb1e5f838520eb77f3e441288823f961445b1f630b11e73 |
| SHA512 | ef307173bf1746b933198732f2b56a0ab5728a81b0d890d4ea3d5bf1c270a23fae15d9688f739fb0f9a8a27e8adda83a309c7faeb714e557e2e3903b2a2a8e31 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\datareporting\glean\pending_pings\2f5d8e8a-0306-4e01-a7ca-7ff3e1aa9c34
| MD5 | d61f2dd5e55263d8f5bb8a46128f431f |
| SHA1 | 4edcdcd31feae085234e95d81cf937f12421a14a |
| SHA256 | 9d020b0d62f7008e107cd3c594c32fd3d19d83d8373789b6629fbd1e0cca5c5b |
| SHA512 | 13600f693076f9d4fa1d0d3e7fd5d382380d501c1a0f3ba54af332228261f5b7c17daa8b5cb42aabe753deb75571c2be6dd5417029250b055508cf087f90a209 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\datareporting\glean\db\data.safe.bin
| MD5 | ddafab3ac63c1e6e376786762cf90dbe |
| SHA1 | e0e2ddceb3aea30ce486ec9de260ff556425ff75 |
| SHA256 | 98490903a72e18681e433c82956f15ba3486c49729b45374cbad96d2a5e7b134 |
| SHA512 | cf1eb3edc4ada659329a657dc389641f7c92d9679cfe2cd3dfd6c7831417141cac6590e1c4d4d8cb867cb39387ed4862b074d4dda9cbf44d1a7ea2d9e98ed920 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\storage\default\https+++www.youtube.com\idb\3353566542yCt7-%iCt7-%rfe2sdpdo.sqlite
| MD5 | 40bf3a4afc431a14bbe2cd49637fe988 |
| SHA1 | da5e2b1c7a7c04d83ead22e431392012cacc3dde |
| SHA256 | 49888ce1a9fb304a6c5b9d48797c4b3fb4359c98dda975ab60d49d09d51a9b6e |
| SHA512 | bc6bd8a26fd39cea122a4b5827022893c30dec559c9224e7ba568b275cfecd43d6aeecf0c0ddff489adf41f3a7bfaab3ab4a5ce0d4331ce888e5a8f2061a6429 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 28e562f0e74a397cd2c409a04c82d4d1 |
| SHA1 | d0b99821f97f85ab856614d8ef7f6616f0327e2a |
| SHA256 | d66ff5b86e06e31eb0132d33c9df5dd331745fa0a5a307148cc464c8ea5e9241 |
| SHA512 | 3be91795bae4eae575a20388a71138601ad63ba871ff3b83134cb9e3bdb31ad8c6abdbed17ba82d91a3a2c2df26b18d7a7e9beaa10876c4c8292c46b2bc4643b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\storage\default\https+++www.youtube.com\cache\morgue\149\{3062bc9d-475e-4526-a83f-52637de70c95}.final
| MD5 | 2a252393b98be6348c4ba18003cc3471 |
| SHA1 | 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598 |
| SHA256 | 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee |
| SHA512 | 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198 |
C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll
| MD5 | 85af6c99d918757171d2d280e5ac61ef |
| SHA1 | ba1426d0ecf89825f690adad0a9f3c8c528ed48e |
| SHA256 | 150fb1285c252e2b79dea84efb28722cc22d370328ceb46fb9553de1479e001e |
| SHA512 | 12c061d8ff87cdd3b1f26b84748396e4f56fc1429152e418988e042bc5362df96a2f2c17bcf826d17a8bae9045ee3ba0c063fb565d75c604e47009ff442e8c8e |
C:\Users\Admin\AppData\Local\Temp\1000552001\store.exe
| MD5 | 25dbeceee3f0bf1937850c8020f29a9f |
| SHA1 | a73dbdcc803d01ca6f0f8d26c484a3701556eba9 |
| SHA256 | 375bb1d13fbc7b2a96b60e304ef7f3569ae14edcb345e4b6ff217491992d42a0 |
| SHA512 | fadae0022eb1702d144c63a71a94c53b6269ab4a761cfa9efccbc58c1c3e8f0d6eca147f641815657607534b671fc68f139ff2ad19e6b01bfbbad8377306ea43 |
C:\Users\Admin\AppData\Local\Temp\1000556001\latestrocki.exe
| MD5 | 02d56442d0788ad67637400e592bbaec |
| SHA1 | b276d62dace9e2fa9d8d2e63548684e2d99bc7a8 |
| SHA256 | 952d181e4b3b34a73f3e2b3072dde56838322304a00356e9f261d0eacb4ba456 |
| SHA512 | 3738eecf9694e6a8a80c377cb0359260cecfa818d3c394a028170de0744f618e0b943cc2f2bca73d61ef248a883164d9b1c8ddbfd59c4b4c12d7987a2d27dd43 |
C:\Users\Admin\AppData\Local\Temp\toolspub1.exe
| MD5 | 4fe7bef521345515a1a3e94fa4a25c3a |
| SHA1 | 081fe1bedaabd9586b4c3af635814de71d41467d |
| SHA256 | c12d839dbfee42f8e45ef72d839e5723cf39db75688cd566ffbcbe8d239b57e4 |
| SHA512 | 3f4f06de530ba8d7832e6712aae3a4d3427adb7138feff4b23b0ea9b7ad0427c32f0e915bee9baba05c20b82cfc961778f765a4db473925ba17e6a9dfe7ca5ec |
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
| MD5 | d1bf822ac17ffb8764f4326d6b3c5bf8 |
| SHA1 | 4195863de02230998d5ab83b16d729722a550302 |
| SHA256 | 3941ea0ea29a1d97078821988f8f647553bb1d75f363a374e787800915560dc7 |
| SHA512 | 64f1979f21588140b7ce1e7a008e623dfcce7f385e6020d63aef24da58290b3927020891d5c1f816e7bf1f0ab04caaaf17535c2daa5a7f7f5f99721acc07101c |
C:\Users\Admin\AppData\Local\Temp\1000560001\kskskfsf.exe
| MD5 | 56abd2c5647e542b846b952ad6dd8d9d |
| SHA1 | db3b28748f694e475234edde44234ab501945b56 |
| SHA256 | 05ee70e4e6b0f204ad244eb76671dc7d2c597d0cd09e84c006d775546dbc812d |
| SHA512 | 2d933de9468800b2980ec910476007708d9d4dcefb441a89b7a2f79f08e6bfd9c80dd18270f0616ee65d8d0b7db954a1311c8aad5dc1db93e5b56e3c543cb312 |
C:\Users\Admin\AppData\Local\Temp\1000563001\pixellslsss.exe
| MD5 | 8244f65c3a732ddf4f1efd3e5fd6b518 |
| SHA1 | 1d144dd4af5bc24596da2cdf4e83d69b6cbf1b64 |
| SHA256 | 769dca9ebcfe2a0ae9060d97a9b91d159dcab16debb2dffe9b06d28ae6425f01 |
| SHA512 | 5549a81d1a85b475ef0e59b33b59b4377f07c56547c99ab35f671b76d948c70259d98dd75df4f9456814cced8f47205031579b9e6c764b5d3df15735e7b21a7e |
C:\Users\Admin\AppData\Local\Temp\1000569001\leg221.exe
| MD5 | d177caf6762f5eb7e63e33d19c854089 |
| SHA1 | f25cf817e3272302c2b319cedf075cb69e8c1670 |
| SHA256 | 4296e28124f0def71c811d4b21284c5d4e1a068484db03aeae56f536c89976c0 |
| SHA512 | 9d0e67e35dac6ad8222e7c391f75dee4e28f69c29714905b36a63cf5c067d31840aaf30e79cfc7b56187dc9817a870652113655bec465c1995d2a49aa276de25 |
C:\Users\Admin\AppData\Local\Temp\nsjC4D.tmp
| MD5 | 572e08d58cfa2070e5afffc1211da814 |
| SHA1 | 2f553d7c8166f40dc0bcb37494f58e32d5a2ca89 |
| SHA256 | 955fd85058f3c9e90e832857e012ec8439e786d3f43c8421db2d119772515f30 |
| SHA512 | 4a4ca8d39ff7e223cdbe856c45e4f5fca5decd959e25205f9e6cddb05904055c01f6f903b13ac0300219347bcf1c211a19fdf91318e6a63b7a6ef11184a558d9 |
C:\Users\Admin\AppData\Local\Temp\main\main.bat
| MD5 | 4b3a5b96f9eedd8626a8c12976765b56 |
| SHA1 | 85307e380d233c8229f9e0de16ed82821221a0be |
| SHA256 | 1651b6ed815b2128c2362ad38a7cfcdafc6c5f8705572626c872ad788c41f6ef |
| SHA512 | b274c74ebf059fa203408a120a2c6f54f769d93d34d916aad9b4f712455b3ffe396e325744d2488a090dafb1c4621f83428719c8fe20d93b10904953dcdc8790 |
C:\Users\Admin\AppData\Local\Temp\1000571001\Gzxzuhejdab.exe
| MD5 | 5eca966dd56f0189904b8240878cba81 |
| SHA1 | 770520d011c21409b93a77bf45fc858ccaaaa8af |
| SHA256 | b09dd6fd6cb440cd5263f442082effb1089961d2c1ff86dd5cc5e47e78aa350e |
| SHA512 | 99cdf082fe098418a33eeba18799b6ccf22e08de99cab546f0add72d941fec7363c0a8d073283369c7cbd66d67ebdb0803215d19944aa30db576d467a65c2953 |
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp
| MD5 | 59faed602aa13160b881c08fe827eb2f |
| SHA1 | 69ea2712c8771a2c8289668ced36211fa2a2147b |
| SHA256 | c6eb33c1056112c59af2370e2d2e605c5fa21747c7d77af5f68f29432bc78272 |
| SHA512 | 0b5ab4f15cdbd5732be1bd7bacf87eef65a7200adc7fb209a250db911daea65668a5164d381c8c7f14ab2a8650d2104d844f1c90d4c25feabfbedafc535cbd0d |
C:\Users\Admin\AppData\Local\Temp\1000572001\crypted.exe
| MD5 | 3c9da20ad78d24df53b661b7129959e0 |
| SHA1 | e7956e819cc1d2abafb2228a10cf22b9391fb611 |
| SHA256 | 2fd37ed834b6cd3747f1017ee09b3f97170245f59f9f2ed37c15b62580623319 |
| SHA512 | 1a02da1652a2c00df33eceda0706adebb5a5f1c3c05e30a09857c94d2fbb93e570f768af5d6648d3a5d11eea3b5c4b1ceb9393fc05248f1eefd96e17f3bbe1b4 |
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new
| MD5 | 22c625b8fab8caa5c3cfe34dcbff02e1 |
| SHA1 | 46e0eba7ec14e2bb462a4d5f8fd0c002aecbe9de |
| SHA256 | b6150c3d97b351675d412e45a87df300460b89686c3820dae87d761beafb9665 |
| SHA512 | 398405e53566c953141cf37f563640d2a5e52b82d820f2619b02ce1dcf58a90be642372e37da286594e3c6dde636047098e7655751937f7e281a1f361a41af90 |
C:\Users\Admin\AppData\Local\Temp\1000573001\moto.exe
| MD5 | d8a03867b1a2fc6ba432f8519aee1223 |
| SHA1 | 843b3c061a2c0bcc528411decb4b8ae407b24b83 |
| SHA256 | c4539ee1fe909be83f780fc3ca19043016e83199050cb5ac9e4c517de567306b |
| SHA512 | a34fda72f338b5e6bf0adabaf9e757839d8e109506c32b5253738a88476a1850225ef18c214e7d6e60d78b8ce20d2ff638586bbb589824c49f3f530a062a70d7 |
C:\Users\Admin\AppData\Local\Temp\1000574001\stan.exe
| MD5 | 0afe37ff0cc701b287b66f1e6ab98dd5 |
| SHA1 | 592ac2cb41dbfe2ab6ed92fba68e535c6df8aa2d |
| SHA256 | 02c9b874be2ab9824fcf7ed90d70a834ed31cb364343bbb44b426fed2fad41dc |
| SHA512 | 59f16f27321cb97296dd4eb3464b00745c6daeb1d3401cc9317d0c39bf32cbba904637e847dd01facf9c9e6f48ed34964623325c80a45913b87ac84324012ccc |
C:\Users\Admin\AppData\Local\Temp\F59E91F8
| MD5 | 5cac70fbe2fc9869397bf1989e592841 |
| SHA1 | cc522bec3c1772269465799d35268630248e801b |
| SHA256 | 17e571023337ad513deb4d436c17573b6ab3c9ebf2a3e30425c3f5fa9a638806 |
| SHA512 | f56d8d7a996401404b850b6503960ea17d68fe56acbc06de8fa9c39b20dd7f01d24837283f459655ac4efb3da10a8864623cbb041ca9ad81bc9afd1ecf9b5fb9 |
C:\Users\Admin\AppData\Local\Temp\is-I222F.tmp\_isetup\_shfoldr.dll
| MD5 | 92dc6ef532fbb4a5c3201469a5b5eb63 |
| SHA1 | 3e89ff837147c16b4e41c30d6c796374e0b8e62c |
| SHA256 | 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87 |
| SHA512 | 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3 |
C:\Users\Admin\AppData\Local\AAC Audio Converter\lang\is-1G4LL.tmp
| MD5 | 54ffd881611a92540e4c85e2759278c9 |
| SHA1 | ef0c1ec4f6efe6abdf9a23f1adcd88c4ec5b4348 |
| SHA256 | d075cbfb1b43dadcdac8cf572c18689134e59319fbe425e82c7bb7c4e7d5948c |
| SHA512 | d9f77cacb264d080e12e765cba3e1cc69a19c186526bbcb25d093e0a83b4b4b8beef37a4acf2e803a08eb76c77d4a97a21fea74475d6d9d16a63f2137ab6253b |
C:\Users\Admin\AppData\Local\AAC Audio Converter\lang\is-EVPU0.tmp
| MD5 | 8f920115a9ac5904787bc4578f161a52 |
| SHA1 | 941332d718cf5161881ca903b2fb125124cac68b |
| SHA256 | f8b63fa29af4c7cff131bf14fbdaac8e6b6945444e0f13e57417fea4a3de1a6b |
| SHA512 | b8521748d276de667e2013c697005adc45e405fee9a9970b80427cb47ba829e2f9e31fdae2bafc54cca5aeaa4c371f4d25e1ea34989eea19e732fd129abfa1c2 |
C:\Users\Admin\AppData\Local\AAC Audio Converter\lang\is-135S4.tmp
| MD5 | 613ccb3ab7bc5304da08120a11bb34f2 |
| SHA1 | 9e1231dc2ddc6deb2a66d494c45f0dfcf04b1d97 |
| SHA256 | 565efa1b0407d221b1e6bc44811f529f98fe4d9ffb6e756b56b9525acb87ce28 |
| SHA512 | d27efae6748105c343abcdc8777d2c5065bc342569af2fd3bee92544a01ad4caefe359adf69fa56bae1fbc87f86575b797c20d821a42869d0b34ab1004b0138a |
C:\ProgramData\TVTunerClassic65\TVTunerClassic65.exe
| MD5 | 6a5345097750a95fb67c78467d60d68c |
| SHA1 | 0549e59297485e54c5bf1c088ff1b6ff43a0c2cc |
| SHA256 | a132980e749b40daab86ea58e2d31c39d3ffc4cb1fd7d0ae318fbd712e46be8f |
| SHA512 | 568b4927c60de85e46cbedd055e7ddc80d1e82344a37f1820c36252488a49bc04715ed362bc6157291ac8234a33457d51075050f501554ac4991c008d14c8bf0 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-01-24 11:52
Reported
2024-01-24 12:00
Platform
win11-20231215-en
Max time kernel
10s
Max time network
157s
Command Line
Signatures
Amadey
Detect ZGRat V1
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detected Djvu ransomware
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Djvu Ransomware
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
SmokeLoader
Stealc
ZGRat
Downloads MZ/PE file
Stops running service(s)
.NET Reactor proctector
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Reads user/profile data of web browsers
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Unexpected DNS network traffic destination
| Description | Indicator | Process | Target |
| Destination IP | 141.98.234.31 | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.myip.com | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | api.myip.com | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\GroupPolicy | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy\gpt.ini | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| File created | C:\Windows\System32\GroupPolicy\Machine\Registry.pol | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy\GPT.INI | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
Program crash
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\setup.exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
C:\Users\Admin\Documents\GuardFox\Nuul_2bqLePUnMY7gnQMUs1r.exe
"C:\Users\Admin\Documents\GuardFox\Nuul_2bqLePUnMY7gnQMUs1r.exe"
C:\Users\Admin\Documents\GuardFox\HCQM9H_C1yyySyKv8SyS0YVO.exe
"C:\Users\Admin\Documents\GuardFox\HCQM9H_C1yyySyKv8SyS0YVO.exe"
C:\Users\Admin\Documents\GuardFox\paZz3tUqu5NPvISLDXukwfPt.exe
"C:\Users\Admin\Documents\GuardFox\paZz3tUqu5NPvISLDXukwfPt.exe"
C:\Users\Admin\Documents\GuardFox\rICul7qrTjhq3P5H7SzD79Yl.exe
"C:\Users\Admin\Documents\GuardFox\rICul7qrTjhq3P5H7SzD79Yl.exe"
C:\Users\Admin\Documents\GuardFox\ewPp8snuQHfRbNYLQtRt5v2f.exe
"C:\Users\Admin\Documents\GuardFox\ewPp8snuQHfRbNYLQtRt5v2f.exe"
C:\Users\Admin\Documents\GuardFox\50ALn4VmFCPh8ui6iwc4bQ4c.exe
"C:\Users\Admin\Documents\GuardFox\50ALn4VmFCPh8ui6iwc4bQ4c.exe"
C:\Users\Admin\Documents\GuardFox\OOCTptGsu2UHu9IoFXc8pGno.exe
"C:\Users\Admin\Documents\GuardFox\OOCTptGsu2UHu9IoFXc8pGno.exe"
C:\Users\Admin\Documents\GuardFox\iM6AdH2QsEURmdjixACa5aYZ.exe
"C:\Users\Admin\Documents\GuardFox\iM6AdH2QsEURmdjixACa5aYZ.exe"
C:\Users\Admin\Documents\GuardFox\4vJseCA75SLoZDxuhdqHOyj0.exe
"C:\Users\Admin\Documents\GuardFox\4vJseCA75SLoZDxuhdqHOyj0.exe"
C:\Users\Admin\AppData\Local\Temp\is-VVTF2.tmp\4vJseCA75SLoZDxuhdqHOyj0.tmp
"C:\Users\Admin\AppData\Local\Temp\is-VVTF2.tmp\4vJseCA75SLoZDxuhdqHOyj0.tmp" /SL5="$C007C,3301412,119808,C:\Users\Admin\Documents\GuardFox\4vJseCA75SLoZDxuhdqHOyj0.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 5140 -ip 5140
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5140 -s 372
C:\Users\Admin\AppData\Local\UUID Code Generator\uuidcodegenerator.exe
"C:\Users\Admin\AppData\Local\UUID Code Generator\uuidcodegenerator.exe" -i
C:\Users\Admin\Documents\GuardFox\KdS6aGKkq_aFxYsB75APfbTM.exe
"C:\Users\Admin\Documents\GuardFox\KdS6aGKkq_aFxYsB75APfbTM.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Documents\GuardFox\UlGn_TApIIJsr4mr9tsRv03p.exe
"C:\Users\Admin\Documents\GuardFox\UlGn_TApIIJsr4mr9tsRv03p.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Documents\GuardFox\20EskC9skFpVMVD5pyN0UqPk.exe
"C:\Users\Admin\Documents\GuardFox\20EskC9skFpVMVD5pyN0UqPk.exe"
C:\Users\Admin\Documents\GuardFox\ppbBb3WZSMtaPw4XUVFH_A9r.exe
"C:\Users\Admin\Documents\GuardFox\ppbBb3WZSMtaPw4XUVFH_A9r.exe"
C:\Users\Admin\Documents\GuardFox\kVoT3aWjjkvdqSg1Gvm0ebxu.exe
"C:\Users\Admin\Documents\GuardFox\kVoT3aWjjkvdqSg1Gvm0ebxu.exe"
C:\Users\Admin\Documents\GuardFox\ShfR5uWMSfPibF6_6XVB5baW.exe
"C:\Users\Admin\Documents\GuardFox\ShfR5uWMSfPibF6_6XVB5baW.exe"
C:\Users\Admin\Documents\GuardFox\lyxs9JwTflh2IH2789Bp41eo.exe
"C:\Users\Admin\Documents\GuardFox\lyxs9JwTflh2IH2789Bp41eo.exe"
C:\Users\Admin\Documents\GuardFox\2mPZ11CM7jr3ih4T7Yp7sDsO.exe
"C:\Users\Admin\Documents\GuardFox\2mPZ11CM7jr3ih4T7Yp7sDsO.exe"
C:\Users\Admin\Documents\GuardFox\z9AJkNjUvLHmoY85xUsaC8hB.exe
"C:\Users\Admin\Documents\GuardFox\z9AJkNjUvLHmoY85xUsaC8hB.exe"
C:\Windows\SysWOW64\control.exe
"C:\Windows\System32\control.exe" "C:\Users\Admin\AppData\Local\Temp\LgU0.CPl",
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Local\UUID Code Generator\uuidcodegenerator.exe
"C:\Users\Admin\AppData\Local\UUID Code Generator\uuidcodegenerator.exe" -s
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Documents\GuardFox\UlGn_TApIIJsr4mr9tsRv03p.exe
"C:\Users\Admin\Documents\GuardFox\UlGn_TApIIJsr4mr9tsRv03p.exe"
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\LgU0.CPl",
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\WinTrackerSP\WinTrackerSP.exe" /tn "WinTrackerSP HR" /sc HOURLY /rl HIGHEST
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\WinTrackerSP\WinTrackerSP.exe" /tn "WinTrackerSP LG" /sc ONLOGON /rl HIGHEST
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Users\Admin\AppData\Local\1da881f0-ef95-4cd8-b55e-95c2c9596388" /deny *S-1-1-0:(OI)(CI)(DE,DC)
C:\Users\Admin\AppData\Local\Temp\msvcp_win\UniversalInstaller.exe
C:\Users\Admin\AppData\Local\Temp\msvcp_win\UniversalInstaller.exe
C:\Users\Admin\Documents\GuardFox\o7Hwfo_uogy9uqCn1IMWTstq.exe
"C:\Users\Admin\Documents\GuardFox\o7Hwfo_uogy9uqCn1IMWTstq.exe"
C:\Users\Admin\AppData\Roaming\msvcp_win\UniversalInstaller.exe
"C:\Users\Admin\AppData\Roaming\msvcp_win\UniversalInstaller.exe"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN o7Hwfo_uogy9uqCn1IMWTstq.exe /TR "C:\Users\Admin\Documents\GuardFox\o7Hwfo_uogy9uqCn1IMWTstq.exe" /F
C:\Users\Admin\Documents\GuardFox\UlGn_TApIIJsr4mr9tsRv03p.exe
"C:\Users\Admin\Documents\GuardFox\UlGn_TApIIJsr4mr9tsRv03p.exe" --Admin IsNotAutoStart IsNotTask
C:\Users\Admin\Documents\GuardFox\UlGn_TApIIJsr4mr9tsRv03p.exe
"C:\Users\Admin\Documents\GuardFox\UlGn_TApIIJsr4mr9tsRv03p.exe" --Admin IsNotAutoStart IsNotTask
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5164 -s 604
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5164 -ip 5164
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Users\Admin\AppData\Local\Temp\jobA4_UBhXU4Hq3rac\JVvbYR2Sdm37nWg71JAX.exe
"C:\Users\Admin\AppData\Local\Temp\jobA4_UBhXU4Hq3rac\JVvbYR2Sdm37nWg71JAX.exe"
C:\Users\Admin\Documents\GuardFox\qemu-ga.exe
"C:\Users\Admin\Documents\GuardFox\qemu-ga.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0x50,0x10c,0x7fffbb759758,0x7fffbb759768,0x7fffbb759778
C:\Users\Admin\AppData\Local\Temp\jobA4_UBhXU4Hq3rac\zEIocmEFVxls8YWBR8HT.exe
"C:\Users\Admin\AppData\Local\Temp\jobA4_UBhXU4Hq3rac\zEIocmEFVxls8YWBR8HT.exe"
C:\Users\Admin\AppData\Local\Temp\1000117001\rty27.exe
"C:\Users\Admin\AppData\Local\Temp\1000117001\rty27.exe"
C:\Users\Admin\AppData\Local\Temp\jobA4_UBhXU4Hq3rac\r2rj3k2FerFWMH392m53.exe
"C:\Users\Admin\AppData\Local\Temp\jobA4_UBhXU4Hq3rac\r2rj3k2FerFWMH392m53.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffca593cb8,0x7fffca593cc8,0x7fffca593cd8
C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe
"C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffca593cb8,0x7fffca593cc8,0x7fffca593cd8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1600,i,12045815871671922268,8412323656715878987,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2696 --field-trial-handle=1600,i,12045815871671922268,8412323656715878987,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2688 --field-trial-handle=1600,i,12045815871671922268,8412323656715878987,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2028 --field-trial-handle=1600,i,12045815871671922268,8412323656715878987,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1984 --field-trial-handle=1600,i,12045815871671922268,8412323656715878987,131072 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\jobA4_UBhXU4Hq3rac\zVqgBQCPxPPq3RMThYrc.exe
"C:\Users\Admin\AppData\Local\Temp\jobA4_UBhXU4Hq3rac\zVqgBQCPxPPq3RMThYrc.exe"
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN explorhe.exe /TR "C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe" /F
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffca593cb8,0x7fffca593cc8,0x7fffca593cd8
C:\Users\Admin\AppData\Local\Temp\1000119001\FirstZ.exe
"C:\Users\Admin\AppData\Local\Temp\1000119001\FirstZ.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,12464700282875775990,7425223520576794005,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1392 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,12464700282875775990,7425223520576794005,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1864 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,12464700282875775990,7425223520576794005,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2008 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12464700282875775990,7425223520576794005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12464700282875775990,7425223520576794005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12464700282875775990,7425223520576794005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3784 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Users\Admin\AppData\Local\Temp\jobA4_UBhXU4Hq3rac\CwjKmD00H2J83qh3IOKL.exe
"C:\Users\Admin\AppData\Local\Temp\jobA4_UBhXU4Hq3rac\CwjKmD00H2J83qh3IOKL.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12464700282875775990,7425223520576794005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4552 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1816,1322205135525714413,16761514276532881200,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1988 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12464700282875775990,7425223520576794005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4560 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\1B24.exe
C:\Users\Admin\AppData\Local\Temp\1B24.exe
C:\Users\Admin\AppData\Local\Temp\1B24.exe
C:\Users\Admin\AppData\Local\Temp\1B24.exe
C:\Users\Admin\AppData\Local\Temp\220B.exe
C:\Users\Admin\AppData\Local\Temp\220B.exe
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /k cmd < Adjustments & exit
C:\Windows\SysWOW64\cmd.exe
cmd
C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\2E22.dll
C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\2E22.dll
C:\Users\Admin\AppData\Local\Temp\33DF.exe
C:\Users\Admin\AppData\Local\Temp\33DF.exe
C:\Users\Admin\AppData\Local\Temp\jobA4_UBhXU4Hq3rac\4z35P7v_AVVEPgRJajWj.exe
"C:\Users\Admin\AppData\Local\Temp\jobA4_UBhXU4Hq3rac\4z35P7v_AVVEPgRJajWj.exe"
C:\Users\Admin\AppData\Local\Temp\1000495001\SetupPowerGREPDemo.exe
"C:\Users\Admin\AppData\Local\Temp\1000495001\SetupPowerGREPDemo.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Users\Admin\AppData\Local\Temp\1000544001\Zjqkz.exe
"C:\Users\Admin\AppData\Local\Temp\1000544001\Zjqkz.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffbb759758,0x7fffbb759768,0x7fffbb759778
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\Admin\Documents\GuardFox\OOCTptGsu2UHu9IoFXc8pGno.exe" & del "C:\ProgramData\*.dll"" & exit
C:\Users\Admin\AppData\Local\Temp\4F09.exe
C:\Users\Admin\AppData\Local\Temp\4F09.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 2732 -ip 2732
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\main\main.bat" /S"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 2568
C:\Users\Admin\AppData\Local\Temp\1000545001\gold1234.exe
"C:\Users\Admin\AppData\Local\Temp\1000545001\gold1234.exe"
C:\Windows\SysWOW64\timeout.exe
timeout /t 5
C:\Users\Admin\AppData\Local\Temp\1000546001\rdx1122.exe
"C:\Users\Admin\AppData\Local\Temp\1000546001\rdx1122.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2308 --field-trial-handle=2628,i,8136274168612481047,15782030453312580425,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2300 --field-trial-handle=2628,i,8136274168612481047,15782030453312580425,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1864 --field-trial-handle=2628,i,8136274168612481047,15782030453312580425,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1712 --field-trial-handle=2628,i,8136274168612481047,15782030453312580425,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=2628,i,8136274168612481047,15782030453312580425,131072 /prefetch:2
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4056 --field-trial-handle=2628,i,8136274168612481047,15782030453312580425,131072 /prefetch:1
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\1000548001\flesh.exe
"C:\Users\Admin\AppData\Local\Temp\1000548001\flesh.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4640 --field-trial-handle=2628,i,8136274168612481047,15782030453312580425,131072 /prefetch:8
C:\Windows\SysWOW64\findstr.exe
findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4796 --field-trial-handle=2628,i,8136274168612481047,15782030453312580425,131072 /prefetch:8
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH1\MPGPH1.exe" /tn "MPGPH1 HR" /sc HOURLY /rl HIGHEST
C:\Windows\system32\mode.com
mode 65,10
C:\Users\Admin\AppData\Local\Temp\d887ceb89d\qemu-ga.exe
"C:\Users\Admin\AppData\Local\Temp\d887ceb89d\qemu-ga.exe"
C:\Users\Admin\AppData\Local\Temp\69A7.exe
C:\Users\Admin\AppData\Local\Temp\69A7.exe
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll, Main
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5136 --field-trial-handle=2628,i,8136274168612481047,15782030453312580425,131072 /prefetch:8
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH1\MPGPH1.exe" /tn "MPGPH1 LG" /sc ONLOGON /rl HIGHEST
C:\Users\Admin\AppData\Local\Temp\main\7z.exe
7z.exe e file.zip -p4632370330209207692137030328 -oextracted
C:\Users\Admin\AppData\Local\Temp\8500.exe
C:\Users\Admin\AppData\Local\Temp\8500.exe
C:\Users\Admin\Documents\GuardFox\o7Hwfo_uogy9uqCn1IMWTstq.exe
C:\Users\Admin\Documents\GuardFox\o7Hwfo_uogy9uqCn1IMWTstq.exe
C:\Users\Admin\AppData\Local\Temp\is-L9IU2.tmp\8500.tmp
"C:\Users\Admin\AppData\Local\Temp\is-L9IU2.tmp\8500.tmp" /SL5="$402F8,3460870,54272,C:\Users\Admin\AppData\Local\Temp\8500.exe"
C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe
C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe
C:\Users\Admin\AppData\Local\AAC Audio Converter\aacaudioconverter.exe
"C:\Users\Admin\AppData\Local\AAC Audio Converter\aacaudioconverter.exe" -i
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\system32\schtasks.exe" /Delete /F /TN "AACAC1241"
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Users\Admin\AppData\Local\AAC Audio Converter\aacaudioconverter.exe
"C:\Users\Admin\AppData\Local\AAC Audio Converter\aacaudioconverter.exe" -s
C:\Users\Admin\AppData\Local\Temp\1000552001\store.exe
"C:\Users\Admin\AppData\Local\Temp\1000552001\store.exe"
C:\Users\Admin\AppData\Local\Temp\9F30.exe
C:\Users\Admin\AppData\Local\Temp\9F30.exe
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 380 -p 3692 -ip 3692
C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe
"C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 1396
C:\Users\Admin\AppData\Local\Temp\B46F.exe
C:\Users\Admin\AppData\Local\Temp\B46F.exe
C:\Users\Admin\AppData\Local\Temp\1000556001\latestrocki.exe
"C:\Users\Admin\AppData\Local\Temp\1000556001\latestrocki.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 6004 -ip 6004
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6004 -s 380
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop UsoSvc
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 --field-trial-handle=2628,i,8136274168612481047,15782030453312580425,131072 /prefetch:8
C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\E5C1.dll
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 --field-trial-handle=2628,i,8136274168612481047,15782030453312580425,131072 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\1000560001\kskskfsf.exe
"C:\Users\Admin\AppData\Local\Temp\1000560001\kskskfsf.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\E5C1.dll
C:\Users\Admin\AppData\Local\Temp\InstallSetup7.exe
"C:\Users\Admin\AppData\Local\Temp\InstallSetup7.exe"
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Users\Admin\AppData\Local\Temp\20D7.exe
C:\Users\Admin\AppData\Local\Temp\20D7.exe
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop WaaSMedicSvc
C:\Users\Admin\AppData\Local\Temp\1000563001\pixellslsss.exe
"C:\Users\Admin\AppData\Local\Temp\1000563001\pixellslsss.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "
C:\Users\Admin\AppData\Local\Temp\1000564001\num.exe
"C:\Users\Admin\AppData\Local\Temp\1000564001\num.exe"
C:\Users\Admin\AppData\Local\Temp\toolspub1.exe
"C:\Users\Admin\AppData\Local\Temp\toolspub1.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Users\Admin\AppData\Roaming\jigehtw
C:\Users\Admin\AppData\Roaming\jigehtw
C:\Users\Admin\Documents\GuardFox\o7Hwfo_uogy9uqCn1IMWTstq.exe
C:\Users\Admin\Documents\GuardFox\o7Hwfo_uogy9uqCn1IMWTstq.exe
C:\Users\Admin\AppData\Local\Temp\1000569001\leg221.exe
"C:\Users\Admin\AppData\Local\Temp\1000569001\leg221.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 7124 -ip 7124
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop wuauserv
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"
Network
| Country | Destination | Domain | Proto |
| NL | 195.20.16.45:80 | 195.20.16.45 | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | api.myip.com | udp |
| US | 172.67.75.163:443 | api.myip.com | tcp |
| US | 8.8.8.8:53 | 45.16.20.195.in-addr.arpa | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| AT | 5.42.64.33:80 | 5.42.64.33 | tcp |
| FI | 109.107.182.40:80 | 109.107.182.40 | tcp |
| US | 8.8.8.8:53 | ji.alie3ksggg.com | udp |
| US | 8.8.8.8:53 | cczhk.com | udp |
| US | 8.8.8.8:53 | medfioytrkdkcodlskeej.net | udp |
| US | 8.8.8.8:53 | 294self-limited.sbs | udp |
| US | 8.8.8.8:53 | 192.186.117.34.in-addr.arpa | udp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| US | 172.67.173.86:80 | joxy.ayazprak.com | tcp |
| RU | 91.215.85.209:80 | medfioytrkdkcodlskeej.net | tcp |
| US | 104.21.10.36:80 | 294self-limited.sbs | tcp |
| US | 104.21.10.36:80 | 294self-limited.sbs | tcp |
| HK | 154.92.15.189:80 | ji.alie3ksggg.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 91.215.85.209:80 | medfioytrkdkcodlskeej.net | tcp |
| US | 104.21.10.36:443 | 294self-limited.sbs | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 91.215.85.209:443 | medfioytrkdkcodlskeej.net | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| PA | 190.218.35.224:80 | cczhk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| US | 8.8.8.8:53 | 224.35.218.190.in-addr.arpa | udp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| PA | 190.218.35.224:80 | cczhk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:443 | vk.com | tcp |
| RU | 87.240.132.72:443 | vk.com | tcp |
| RU | 87.240.132.72:443 | vk.com | tcp |
| US | 8.8.8.8:53 | sun6-21.userapi.com | udp |
| RU | 87.240.132.72:443 | vk.com | tcp |
| NL | 95.142.206.1:443 | sun6-21.userapi.com | tcp |
| NL | 95.142.206.0:443 | sun6-20.userapi.com | tcp |
| RU | 87.240.132.72:443 | vk.com | tcp |
| NL | 95.142.206.1:443 | sun6-21.userapi.com | tcp |
| RU | 87.240.190.76:443 | tcp | |
| NL | 95.142.206.3:443 | tcp | |
| RU | 87.240.132.72:443 | vk.com | tcp |
| RU | 87.240.132.72:443 | vk.com | tcp |
| RU | 87.240.132.72:443 | vk.com | tcp |
| US | 8.8.8.8:53 | 3.206.142.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.190.240.87.in-addr.arpa | udp |
| RU | 87.240.132.72:443 | vk.com | tcp |
| RU | 87.240.132.72:443 | vk.com | tcp |
| RU | 87.240.132.72:443 | vk.com | tcp |
| DE | 185.172.128.24:80 | 185.172.128.24 | tcp |
| HK | 154.92.15.189:443 | ji.alie3ksggg.com | tcp |
| NL | 195.20.16.45:80 | 195.20.16.45 | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| FR | 199.232.168.193:443 | tcp | |
| RU | 193.233.132.62:50500 | tcp | |
| FI | 109.107.182.3:80 | 109.107.182.3 | tcp |
| US | 104.21.4.208:443 | tcp | |
| DE | 185.172.128.19:80 | 185.172.128.19 | tcp |
| US | 104.21.63.150:443 | tcp | |
| NL | 91.92.245.15:80 | tcp | |
| HK | 154.92.15.189:443 | ji.alie3ksggg.com | tcp |
| DE | 77.105.147.130:80 | tcp | |
| US | 172.67.75.163:443 | api.myip.com | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| NL | 195.20.16.45:80 | tcp | |
| NL | 195.20.16.45:80 | tcp | |
| NL | 45.15.156.60:12050 | tcp | |
| RU | 91.215.85.120:80 | selebration17io.io | tcp |
| KG | 91.213.233.138:443 | tcp | |
| DK | 37.75.166.2:443 | tcp | |
| IS | 89.147.111.76:9001 | tcp | |
| US | 8.8.8.8:53 | 2.166.75.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.111.147.89.in-addr.arpa | udp |
| FI | 109.107.182.3:80 | 109.107.182.3 | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | tiny.ayazprak.com | udp |
| US | 104.21.80.24:80 | tiny.ayazprak.com | tcp |
| DE | 141.95.211.148:46011 | tcp | |
| DE | 185.172.128.19:80 | tcp | |
| DE | 185.172.128.19:80 | tcp | |
| US | 172.67.173.89:443 | tcp | |
| RU | 193.233.132.62:50500 | tcp | |
| US | 172.67.129.86:443 | carvewomanflavourwop.site | tcp |
| KR | 175.120.254.9:80 | cczhk.com | tcp |
| IS | 89.147.111.76:9001 | tcp | |
| US | 8.8.8.8:53 | mwlogin.net | udp |
| GB | 104.103.204.41:443 | tcp | |
| BD | 103.230.106.211:443 | tcp | |
| GB | 104.103.204.41:21 | tcp | |
| BD | 103.230.106.211:22 | tcp | |
| RU | 185.215.113.68:80 | 185.215.113.68 | tcp |
| BD | 103.230.106.211:21 | tcp | |
| US | 8.8.8.8:53 | 11.38.21.104.in-addr.arpa | udp |
| BD | 103.230.106.211:143 | tcp | |
| VN | 61.28.233.26:22 | tcp | |
| GB | 99.86.114.7:21 | tcp | |
| GB | 99.86.114.7:22 | tcp | |
| US | 104.21.38.11:443 | tcp | |
| GB | 99.86.114.7:443 | tcp | |
| DK | 37.75.166.2:443 | tcp | |
| VN | 61.28.233.26:21 | tcp | |
| BD | 103.230.106.211:80 | tcp | |
| BD | 103.230.106.211:465 | tcp | |
| VN | 61.28.233.26:443 | tcp | |
| GB | 99.86.114.56:21 | tcp | |
| NL | 142.250.153.26:143 | tcp | |
| BD | 103.230.106.211:995 | tcp | |
| VN | 61.28.233.26:80 | tcp | |
| VN | 61.28.233.26:465 | tcp | |
| GB | 99.86.114.7:465 | tcp | |
| VN | 61.28.233.26:143 | tcp | |
| NL | 142.250.153.26:995 | tcp | |
| GB | 99.86.114.7:80 | account.hoyoverse.com | tcp |
| US | 104.21.59.151:443 | tcp | |
| FI | 95.216.35.168:22 | tcp | |
| FI | 95.216.35.168:21 | tcp | |
| JP | 3.114.45.214:22 | tcp | |
| GB | 99.86.114.38:22 | tcp | |
| GB | 104.103.204.41:443 | tcp | |
| GB | 99.86.114.7:995 | tcp | |
| GB | 99.86.114.38:21 | tcp | |
| GB | 99.86.114.7:443 | tcp | |
| GB | 99.86.114.7:80 | tcp | |
| JP | 3.114.45.214:80 | tcp | |
| JP | 3.114.45.214:443 | tcp | |
| US | 8.8.8.8:53 | 90.128.172.185.in-addr.arpa | udp |
| GB | 99.86.114.56:995 | tcp | |
| NL | 142.250.153.26:465 | tcp | |
| DE | 185.172.128.90:80 | tcp | |
| BD | 103.230.106.211:465 | tcp | |
| GB | 104.82.235.78:21 | shop.samsung.com | tcp |
| DE | 20.113.35.45:38357 | tcp | |
| BD | 103.230.106.211:143 | tcp | |
| BD | 103.230.106.211:22 | tcp | |
| BD | 103.230.106.211:21 | tcp | |
| GB | 99.86.114.7:443 | tcp | |
| BD | 103.230.106.211:80 | tcp | |
| GB | 99.86.114.38:143 | tcp | |
| HK | 154.92.15.189:80 | ji.alie3ksggg.com | tcp |
| JP | 57.181.18.200:21 | tcp | |
| GB | 99.86.114.7:22 | tcp | |
| IE | 209.85.203.84:22 | tcp | |
| IE | 209.85.203.84:21 | tcp | |
| JP | 3.114.45.214:465 | tcp | |
| BD | 103.230.106.211:995 | tcp | |
| GB | 104.103.204.41:21 | www.catawiki.fr | tcp |
| BG | 185.176.40.129:21 | tcp | |
| BG | 185.176.40.129:22 | tcp | |
| FI | 95.216.35.168:995 | tcp | |
| US | 8.8.8.8:53 | ddtank-walker2.com | udp |
| GB | 99.86.114.56:22 | tcp | |
| US | 172.67.213.180:443 | tcp | |
| JP | 3.114.45.214:143 | tcp | |
| GB | 99.86.114.7:21 | tcp | |
| GB | 99.86.114.56:21 | tcp | |
| FI | 95.216.35.168:465 | tcp | |
| GB | 99.86.114.8:22 | tcp | |
| US | 8.8.8.8:53 | skytasks.vip | udp |
| JP | 57.181.18.200:465 | tcp | |
| GB | 99.86.114.8:21 | tcp | |
| RU | 5.42.65.31:48396 | tcp | |
| HK | 154.92.15.189:80 | ji.alie3ksggg.com | tcp |
| NL | 142.250.153.26:143 | tcp | |
| VN | 61.28.233.26:21 | tcp | |
| GB | 104.82.235.78:465 | shop.samsung.com | tcp |
| GB | 104.82.235.78:80 | shop.samsung.com | tcp |
| JP | 3.114.45.214:80 | information.enagic.com | tcp |
| BD | 103.230.106.211:80 | bnmc.teletalk.com.bd | tcp |
| GB | 99.86.114.7:143 | tcp | |
| NL | 142.251.9.14:995 | tcp | |
| GB | 99.86.114.7:995 | tcp | |
| NL | 142.250.153.26:995 | tcp | |
| GB | 99.86.114.56:465 | tcp | |
| VN | 61.28.233.26:143 | tcp | |
| NL | 142.251.9.14:465 | tcp | |
| BD | 103.230.106.211:222 | tcp | |
| BD | 103.230.106.211:990 | tcp | |
| BG | 185.176.40.129:143 | tcp | |
| FI | 95.216.35.168:22 | tcp | |
| VN | 61.28.233.26:995 | tcp | |
| GB | 99.86.114.56:143 | tcp | |
| FI | 95.216.35.168:80 | tcp | |
| JP | 3.114.45.214:21 | tcp | |
| US | 35.190.81.132:443 | www.freepik.es | tcp |
| US | 35.190.81.132:21 | www.freepik.es | tcp |
| BD | 103.230.106.211:993 | tcp | |
| GB | 104.103.204.41:80 | www.catawiki.fr | tcp |
| JP | 57.181.18.200:21 | tcp | |
| GB | 2.17.5.46:21 | tcp | |
| US | 35.190.81.132:22 | www.freepik.es | tcp |
| FI | 95.216.35.168:21 | tcp | |
| US | 8.8.8.8:53 | ddtank-walker2.com | udp |
| US | 8.8.8.8:53 | moneybox.co.ke | udp |
| BG | 185.176.40.129:22 | tcp | |
| GB | 99.86.114.56:995 | tcp | |
| BG | 185.176.40.129:465 | tcp | |
| BG | 185.176.40.129:21 | tcp | |
| BG | 185.176.40.129:80 | cp1.runhosting.com | tcp |
| GB | 2.17.5.46:143 | store.steampowered.com | tcp |
| GB | 2.17.5.46:80 | store.steampowered.com | tcp |
| JP | 3.114.45.214:80 | tcp | |
| BD | 103.230.106.211:80 | bnmc.teletalk.com.bd | tcp |
| KE | 196.61.52.35:443 | tcp | |
| KE | 196.61.52.35:143 | tcp | |
| VN | 61.28.233.26:465 | tcp | |
| GB | 142.250.187.195:443 | tcp | |
| GB | 142.250.187.195:443 | tcp | |
| BD | 103.230.106.211:587 | tcp | |
| US | 146.148.34.125:22 | tcp | |
| GB | 104.82.235.78:22 | shop.samsung.com | tcp |
| FI | 95.216.35.168:143 | tcp | |
| FI | 95.216.35.168:995 | tcp | |
| GB | 216.58.204.68:443 | tcp | |
| GB | 2.17.5.46:465 | store.steampowered.com | tcp |
| IE | 209.85.203.84:22 | tcp | |
| FI | 95.216.35.168:465 | tcp | |
| KE | 196.61.52.35:80 | itax.kra.go.ke | tcp |
| DE | 185.172.128.53:80 | tcp | |
| GB | 104.103.204.41:80 | www.catawiki.fr | tcp |
| GB | 99.86.114.7:222 | tcp | |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| JP | 3.114.45.214:143 | tcp | |
| IE | 209.85.203.84:21 | tcp | |
| GB | 99.86.114.7:990 | tcp | |
| GB | 104.82.235.78:80 | shop.samsung.com | tcp |
| GB | 99.86.114.7:443 | tcp | |
| NL | 142.250.27.26:465 | aspmx2.googlemail.com | tcp |
| GB | 99.86.114.7:80 | tcp | |
| KE | 196.61.52.35:22 | tcp | |
| GB | 99.86.114.56:222 | tcp | |
| IE | 209.85.203.84:443 | tcp | |
| BD | 103.230.106.211:110 | tcp | |
| BG | 185.176.40.129:80 | cp1.runhosting.com | tcp |
| JP | 3.114.45.214:995 | tcp | |
| BG | 185.176.40.129:995 | tcp | |
| JP | 3.114.45.214:465 | tcp | |
| GB | 142.250.179.238:443 | tcp | |
| IE | 209.85.203.84:80 | accounts.google.com | tcp |
| GB | 99.86.114.38:222 | tcp | |
| GB | 2.17.5.46:995 | store.steampowered.com | tcp |
| GB | 104.82.235.78:143 | shop.samsung.com | tcp |
| KE | 196.61.52.35:465 | tcp | |
| GB | 142.250.187.227:443 | tcp | |
| IE | 209.85.203.84:22 | tcp | |
| GB | 99.86.114.8:222 | tcp | |
| FI | 95.216.35.168:80 | cabinet.instaforex.com | tcp |
| IE | 209.85.203.84:21 | tcp | |
| GB | 104.82.235.78:80 | shop.samsung.com | tcp |
| IE | 209.85.203.84:80 | tcp | |
| GB | 142.250.187.238:443 | tcp | |
| GB | 2.17.5.46:80 | store.steampowered.com | tcp |
| US | 35.190.81.132:80 | www.freepik.es | tcp |
| VN | 61.28.233.26:222 | tcp | |
| GB | 104.82.235.78:465 | shop.samsung.com | tcp |
| GB | 2.17.5.46:22 | store.steampowered.com | tcp |
| NL | 142.251.9.14:143 | tcp | |
| BG | 185.176.40.129:443 | tcp | |
| JP | 3.114.45.214:222 | tcp | |
| KE | 196.61.52.35:995 | tcp | |
| BG | 185.176.40.129:80 | cp1.runhosting.com | tcp |
| NL | 142.251.9.14:465 | tcp | |
| IE | 209.85.203.84:443 | tcp | |
| GB | 104.82.235.78:995 | shop.samsung.com | tcp |
| GB | 99.86.114.7:80 | account.hoyoverse.com | tcp |
| US | 172.67.201.26:21 | mondowarezz.cz | tcp |
| VN | 61.28.233.26:990 | tcp | |
| FI | 95.216.35.168:80 | cabinet.instaforex.com | tcp |
| KE | 196.61.52.35:21 | tcp | |
| US | 104.21.66.46:21 | mondowarezz.cz | tcp |
| VN | 61.28.233.26:80 | tcp | |
| BR | 200.253.187.113:22 | uol.unifor.br | tcp |
| GB | 104.103.204.41:222 | www.catawiki.fr | tcp |
| NL | 142.250.27.26:995 | aspmx2.googlemail.com | tcp |
| NL | 142.250.153.26:993 | tcp | |
| VN | 61.28.233.26:80 | tcp | |
| BD | 103.230.106.211:80 | tcp | |
| JP | 3.114.45.214:80 | tcp | |
| DE | 87.251.77.166:80 | tcp | |
| GB | 99.86.114.7:587 | tcp | |
| NL | 142.250.153.26:587 | tcp | |
| KE | 196.61.52.35:80 | tcp | |
| US | 35.190.81.132:21 | www.freepik.es | tcp |
| FI | 95.216.35.168:222 | tcp | |
| GB | 99.86.114.7:993 | tcp | |
| US | 8.8.8.8:53 | moneybox.co.ke | udp |
| US | 8.8.8.8:53 | ftp.moneybox.co.ke | udp |
| US | 8.8.8.8:53 | ddtank-walker2.com | udp |
| US | 8.8.8.8:53 | ftp.mwlogin.net | udp |
| US | 8.8.8.8:53 | mwlogin.net | udp |
| US | 8.8.8.8:53 | ftp.gramtakipci.com | udp |
| US | 8.8.8.8:53 | mail.gramtakipci.com | udp |
| US | 8.8.8.8:53 | mail.mwlogin.net | udp |
| GB | 99.86.114.56:993 | tcp | |
| IE | 209.85.203.84:80 | accounts.google.com | tcp |
| VN | 61.28.233.26:587 | tcp | |
| GB | 99.86.114.38:993 | tcp | |
| GB | 99.86.114.8:993 | tcp | |
| BR | 200.253.187.113:21 | uol.unifor.br | tcp |
| BD | 103.230.106.211:80 | bnmc.teletalk.com.bd | tcp |
| GB | 99.86.114.7:222 | tcp | |
| BG | 185.176.40.129:143 | tcp | |
| BD | 103.230.106.211:990 | tcp | |
| GB | 2.17.5.46:443 | store.steampowered.com | tcp |
| GB | 104.103.204.41:80 | catawiki.fr | tcp |
| BD | 103.230.106.211:222 | tcp | |
| BG | 185.176.40.129:465 | tcp | |
| US | 172.67.201.26:443 | mondowarezz.cz | tcp |
| NL | 142.251.9.14:995 | tcp | |
| US | 146.148.34.125:80 | skytasks.vip | tcp |
| GB | 99.86.114.56:222 | tcp | |
| GB | 104.82.235.78:80 | shop.samsung.com | tcp |
| GB | 99.86.114.38:222 | tcp | |
| GB | 2.17.5.46:465 | store.steampowered.com | tcp |
| IE | 209.85.203.84:80 | accounts.google.com | tcp |
| IE | 209.85.203.84:222 | tcp | |
| BG | 185.176.40.129:990 | tcp | |
| GB | 104.103.204.41:443 | catawiki.fr | tcp |
| GB | 99.86.114.8:222 | tcp | |
| DE | 138.201.125.92:15647 | tcp | |
| JP | 3.114.45.214:80 | information.enagic.com | tcp |
| GB | 104.103.202.103:443 | help.steampowered.com | tcp |
| GB | 2.17.5.46:143 | store.steampowered.com | tcp |
| FI | 95.216.35.168:993 | tcp | |
| JP | 3.114.45.214:587 | tcp | |
| FI | 95.216.35.168:443 | tcp | |
| JP | 57.181.18.200:587 | tcp | |
| IE | 209.85.203.84:21 | tcp | |
| US | 104.21.1.205:443 | tcp | |
| US | 172.67.206.188:443 | tcp | |
| US | 188.114.96.2:443 | tcp | |
| US | 172.67.222.78:443 | tcp | |
| BG | 185.176.40.129:80 | cp1.runhosting.com | tcp |
| NL | 142.251.9.14:993 | tcp | |
| GB | 2.17.5.46:222 | store.steampowered.com | tcp |
| IE | 209.85.203.84:80 | accounts.google.com | tcp |
| US | 205.139.110.141:143 | us-smtp-inbound-2.mimecast.com | tcp |
| US | 205.139.110.242:143 | us-smtp-inbound-2.mimecast.com | tcp |
| US | 205.139.110.221:143 | us-smtp-inbound-2.mimecast.com | tcp |
| US | 207.211.30.242:143 | us-smtp-inbound-2.mimecast.com | tcp |
| US | 207.211.30.141:143 | us-smtp-inbound-2.mimecast.com | tcp |
| US | 172.67.201.26:80 | mondowarezz.cz | tcp |
| US | 207.211.30.221:143 | us-smtp-inbound-2.mimecast.com | tcp |
| US | 35.190.81.132:443 | www.freepik.es | tcp |
| GB | 99.86.114.7:80 | account.hoyoverse.com | tcp |
| US | 172.67.177.31:443 | tcp | |
| US | 205.139.110.141:465 | us-smtp-inbound-2.mimecast.com | tcp |
| IE | 209.85.203.84:443 | tcp | |
| US | 8.8.8.8:53 | mail.gramtakipci.com | udp |
| RU | 185.215.113.68:80 | tcp | |
| US | 205.139.110.242:465 | us-smtp-inbound-2.mimecast.com | tcp |
| KR | 203.252.173.147:22 | safety.kku.ac.kr | tcp |
| US | 205.139.110.221:465 | us-smtp-inbound-2.mimecast.com | tcp |
| BD | 103.230.106.211:25 | tcp | |
| JP | 3.114.45.214:990 | tcp | |
| GB | 99.86.114.7:80 | account.hoyoverse.com | tcp |
| US | 207.211.30.242:465 | us-smtp-inbound-2.mimecast.com | tcp |
| US | 207.211.30.141:465 | us-smtp-inbound-2.mimecast.com | tcp |
| US | 207.211.30.221:465 | us-smtp-inbound-2.mimecast.com | tcp |
| KE | 196.61.52.35:443 | itax.kra.go.ke | tcp |
| JP | 57.181.18.200:990 | tcp | |
| N/A | 173.222.13.40:80 | tcp | |
| RU | 87.240.132.72:80 | tcp | |
| N/A | 173.222.13.40:80 | tcp | |
| RU | 87.240.132.72:80 | tcp | |
| RU | 87.240.132.72:80 | tcp | |
| RU | 185.215.113.68:80 | tcp | |
| BR | 200.253.187.113:80 | uol.unifor.br | tcp |
| GB | 104.103.202.103:80 | help.steampowered.com | tcp |
| GB | 96.17.179.201:80 | tcp | |
| GB | 2.17.5.46:80 | store.steampowered.com | tcp |
| GB | 104.82.235.78:80 | shop.samsung.com | tcp |
| IE | 209.85.203.84:443 | tcp | |
| IE | 209.85.203.84:990 | tcp | |
| US | 172.64.149.252:22 | login.vivo.com.br | tcp |
| US | 104.18.38.4:22 | login.vivo.com.br | tcp |
| US | 104.21.35.143:443 | tcp | |
| US | 188.114.96.2:443 | tcp | |
| US | 75.2.122.238:80 | ww11.skytasks.vip | tcp |
| US | 146.148.34.125:80 | skytasks.vip | tcp |
| BG | 185.176.40.129:110 | tcp | |
| US | 172.67.188.229:80 | yourfreesurveys.com | tcp |
| US | 216.194.165.45:465 | _dc-mx.95357cfbcadb.yourfreesurveys.com | tcp |
| FI | 95.216.35.168:80 | cabinet.instaforex.com | tcp |
| VN | 61.28.233.26:21 | mail.id.mgo.vn | tcp |
| US | 104.21.55.202:443 | copyrightspareddcitwew.site | tcp |
| GB | 104.103.202.103:80 | help.steampowered.com | tcp |
| BD | 103.230.106.211:80 | bnmc.teletalk.com.bd | tcp |
| JP | 3.114.45.214:80 | information.enagic.com | tcp |
| US | 172.67.201.26:443 | mondowarezz.cz | tcp |
| VN | 61.28.233.26:2222 | mail.id.mgo.vn | tcp |
| NL | 142.250.153.26:220 | tcp | |
| GB | 104.103.204.41:2222 | catawiki.fr | tcp |
| GB | 99.86.114.7:443 | tcp | |
| KE | 196.61.52.35:443 | itax.kra.go.ke | tcp |
| DZ | 41.111.130.60:80 | sidjilcom.cnrc.dz | tcp |
| BG | 185.176.40.129:443 | tcp | |
| US | 35.190.81.132:443 | www.freepik.es | tcp |
| NL | 103.147.152.36:995 | mail.mondowarezz.cz | tcp |
| NL | 103.147.152.36:465 | mail.mondowarezz.cz | tcp |
| GB | 99.86.114.7:220 | tcp | |
| NL | 142.250.27.26:110 | aspmx2.googlemail.com | tcp |
| VN | 61.28.233.26:80 | mail.id.mgo.vn | tcp |
| BG | 185.176.40.129:80 | cp1.runhosting.com | tcp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 8.8.8.8:53 | ico.wcex.co | udp |
| US | 8.8.8.8:53 | smtpin.vvv.facebook.com | udp |
| US | 8.8.8.8:53 | ftp.cabinet.instaforex.com | udp |
| US | 8.8.8.8:53 | mail.account.hoyoverse.com | udp |
| US | 8.8.8.8:53 | ftp.moneybox.co.ke | udp |
| US | 8.8.8.8:53 | help.steampowered.com | udp |
| US | 8.8.8.8:53 | mail.fsaid.ed.gov | udp |
| US | 8.8.8.8:53 | mwlogin.net | udp |
| US | 8.8.8.8:53 | mail.moneybox.co.ke | udp |
| US | 8.8.8.8:53 | ftp.ddtank-walker2.com | udp |
| US | 8.8.8.8:53 | ssh.moneybox.co.ke | udp |
| US | 8.8.8.8:53 | moneybox.co.ke | udp |
| US | 8.8.8.8:53 | ssh.gramtakipci.com | udp |
| US | 8.8.8.8:53 | ftp.mwlogin.net | udp |
| US | 8.8.8.8:53 | ftp.gramtakipci.com | udp |
| US | 8.8.8.8:53 | mail.bnmc.teletalk.com.bd | udp |
| US | 8.8.8.8:53 | ftp.fsaid.ed.gov | udp |
| GB | 104.103.204.41:443 | www.catawiki.com | tcp |
| IE | 209.85.203.84:80 | accounts.google.com | tcp |
| US | 172.64.149.252:22 | login.vivo.com.br | tcp |
| US | 104.18.38.4:22 | login.vivo.com.br | tcp |
| DE | 185.172.128.109:80 | 185.172.128.109 | tcp |
| US | 8.8.8.8:53 | siaps-akuntansipolines.com | udp |
| US | 8.8.8.8:53 | mail.information.enagic.com | udp |
| HK | 154.92.15.189:80 | ji.alie3ksggg.com | tcp |
| KR | 203.252.173.147:80 | safety.kku.ac.kr | tcp |
| IE | 209.85.203.84:80 | accounts.google.com | tcp |
| GB | 104.82.235.78:80 | shop.samsung.com | tcp |
| GB | 163.70.147.22:80 | en-gb.facebook.com | tcp |
| US | 8.8.8.8:53 | ftp.siaps-akuntansipolines.com | udp |
| US | 8.8.8.8:53 | information.enagic.com | udp |
| US | 8.8.8.8:53 | en-gb.facebook.com | udp |
| US | 8.8.8.8:53 | scarlet-clicks.info | udp |
| US | 8.8.8.8:53 | 60.130.111.41.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.152.147.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssh.fsaid.ed.gov | udp |
| RU | 193.233.132.67:50505 | tcp | |
| GB | 2.17.5.46:443 | store.steampowered.com | tcp |
| GB | 104.103.204.41:443 | www.catawiki.com | tcp |
| GB | 104.103.202.103:443 | help.steampowered.com | tcp |
| HK | 141.98.234.31:53 | buzvabv.com | udp |
| FI | 95.216.35.168:443 | tcp | |
| VN | 61.28.233.26:80 | mail.id.mgo.vn | tcp |
| US | 172.67.188.229:80 | yourfreesurveys.com | tcp |
| US | 172.64.149.252:80 | login.vivo.com.br | tcp |
Files
memory/4232-0-0x00007FFFDDF30000-0x00007FFFDDF32000-memory.dmp
memory/4232-2-0x00007FF756F30000-0x00007FF757C03000-memory.dmp
memory/4232-1-0x00007FF756F30000-0x00007FF757C03000-memory.dmp
C:\Users\Admin\Documents\GuardFox\OOCTptGsu2UHu9IoFXc8pGno.exe
| MD5 | b982a1886afa6dc5d429f1d9fa631cf6 |
| SHA1 | 59695508f14578530305bedb8a6196aed68d18ae |
| SHA256 | 34d25a6f3925f6ac52da525a74a45bfc284f5815fd3a18a6691a87932a02f451 |
| SHA512 | 201cf1a8ac28298c37e9d7f23a18b14b2343c23082d11912065f8f512fdb461fe7236baf8d508a9ea1e7079e08e2531b781699603db5c7216f1979b338b37157 |
C:\Users\Admin\Documents\GuardFox\4vJseCA75SLoZDxuhdqHOyj0.exe
| MD5 | cbaba42d5bd7349e65ebee264068c078 |
| SHA1 | 50e8ec1c8b56889fe80b7911bc95252b3e958e6e |
| SHA256 | 0874c2f4d4c113dbce701b6c4c930125632c074f9ce2e71768ed9614dfda3acd |
| SHA512 | ad56cabc9b204257c5b3119827323edc97452a313b49f25c167f4b1df4b1c25a3272f8e23538f002094a92a3419cfb8f1e2767bfd7358842e8a646865368693d |
C:\Users\Admin\Documents\GuardFox\ewPp8snuQHfRbNYLQtRt5v2f.exe
| MD5 | 6421ef87a4e925146a13d77f8f01cce3 |
| SHA1 | 7799a623ed4b391a96e2d57033fc4a33ae92534d |
| SHA256 | 110cc78e7dba811b45751b78a926d3ce351a10998aabe3f625e9f55824eba0ba |
| SHA512 | 7f69e7f4c3bfc0638ad0b008d5fcbd6d0cf585a0b8bbe68629412ad8a29300e6ce742dae58ce5dc7ca399b5989c4791575a1c01cb3e2e967cc4563d55ef63753 |
C:\Users\Admin\Documents\GuardFox\iM6AdH2QsEURmdjixACa5aYZ.exe
| MD5 | 94bac7cfe1da94f8d664a9da385ada8b |
| SHA1 | eb1e3855621ed34630d8d3f5cfd8afc73c706da6 |
| SHA256 | 07be7d02bf5a74ab0e1345f3d95f24c3237bec6aefac746457c4b41a5f332bda |
| SHA512 | e28b545a600d59c10616aaa5a973469fee32d61462bc59b403f78fdfa4e39d621253fc07c9943334b58bd5e555a9a7b90c9e2c3965c419281474b41f1b1f1073 |
C:\Users\Admin\Documents\GuardFox\Nuul_2bqLePUnMY7gnQMUs1r.exe
| MD5 | 47367776129775ff7c382a0f1a6adf65 |
| SHA1 | bf14ecd55a0bc0d29a23a1e1b3270ff4deedf77f |
| SHA256 | 49c616bf0f452c60b770d3c2856f0ae7b99be5655596d6b4d76321168966959a |
| SHA512 | 8490683679e6bde2196855592cea0dba3906fe92edd952bf27ef939f09873910ee974b8ca3648cb6e0002fcdce83a50c5931c72b1c5efb76c2fbe7fc95cd6aae |
C:\Users\Admin\Documents\GuardFox\50ALn4VmFCPh8ui6iwc4bQ4c.exe
| MD5 | dba8d3e36098f8655698e53fb17685bb |
| SHA1 | b71de4a76166e0c52fde5e10175c9fe3b691ed02 |
| SHA256 | c634b08c10ba3e2b6fcf4d6b6b49aa3c6ebad1784bea5e421ff6e360feae7922 |
| SHA512 | ab3558e095f365e2f562565403aa103aa7bf37b6a0938fac548047e61e291f050e49b93e5d5cb0bf9aab117b6b659c4d3d5f139b9d14f2464df52f86eac98c36 |
C:\Users\Admin\Documents\GuardFox\UlGn_TApIIJsr4mr9tsRv03p.exe
| MD5 | 329787f657d28189c25519c21262fd72 |
| SHA1 | e68fa3fdca93284d9548830f9de084ce86ebc518 |
| SHA256 | c15a8e0ba4374315f911d540a717dc8eb58b7fd2d10310e7b7d72408b22c69a3 |
| SHA512 | fc0e4c19dcd377c2e770b3b85ea5d518510b4e180828a6b4d2c3224a5b2f481db2f40b42cb33125d8ddc8f6b62ccb7027a3e7ff229034c9a01ca638f55fb1690 |
C:\Users\Admin\Documents\GuardFox\z9AJkNjUvLHmoY85xUsaC8hB.exe
| MD5 | 898ca92a1a0830606f7f36d6974a57fd |
| SHA1 | 1858b49fe61a317b76dabb0284f39ebfe22df59b |
| SHA256 | eaa3c3071478144903f15aba835cb88d5da30f6e59ff81029ea37b472d5819be |
| SHA512 | 68ce2672d50ca7a32f317df677f947c2a0114ba37dacf9abe7be7c9be8e79f34000ccfd7eebab1f20a78d5cac22f538739dde663d4325b929794b985b3c74311 |
C:\Users\Admin\Documents\GuardFox\LzVc3TRfNG39udB2w5AWTaAX.exe
| MD5 | 043d7f1dbc4238e04afb368a084a9420 |
| SHA1 | 205de3c71ab3fd194a23e5da081f97ca4388232f |
| SHA256 | aa9533a44e43caf644491c5be98c0da561ddcac91743aee81ac9bb03e2e51b3b |
| SHA512 | fd6f59f818c3ed544a941aaa44603876a5d7d235e46439ec1db6ab5518370223bcba2e1dab30c921f9ffeda93d04f37dd2b975566a798a5f0647ad514506a482 |
C:\Users\Admin\Documents\GuardFox\HCQM9H_C1yyySyKv8SyS0YVO.exe
| MD5 | 933b3fc15fcba5d035d8a5eb60757f67 |
| SHA1 | fe0d784f44113dcb587de28095b9da4f3acfb8d7 |
| SHA256 | 0feeae22d27178b5f70324b14165dbeb7918993464bf96d50a227d484db14814 |
| SHA512 | 92d05af0538b27bcb992cb91a6bd3dd33d9a16792e5d722e174a60397ebe137874a31ea067bc402a55eb355f4f40302b88728c6d9502974fd1e5e75bb43ed591 |
C:\Users\Admin\Documents\GuardFox\lyxs9JwTflh2IH2789Bp41eo.exe
| MD5 | ec585f01cd4d5bb1a0e5f16f471350d2 |
| SHA1 | 6ad1dc63fe111eaf7d1bf39828de68b9935eb0ee |
| SHA256 | d992b21b5918be51b983034261c9ff6230a8e7862db2bdf494f99bd5ad45de4a |
| SHA512 | 0cdafdb992106eb42491d77f2bc44b37f1bcd76540b3ad4debd075dde66f55b8f574c86a2258f85d5237ce2c93a6548bcb5b00328a17fc8aadf1fa31b60e700a |
C:\Users\Admin\Documents\GuardFox\kVoT3aWjjkvdqSg1Gvm0ebxu.exe
| MD5 | 3e692dad602bd61d72b11ff0db80903c |
| SHA1 | ca3f95216a1fd7ba0bccdb59a952c4b5d5316a5a |
| SHA256 | 5330b96e7741b404988f6d2f261f648eebd709f40bf7bb2b59e50deb6e5c8ab5 |
| SHA512 | e3780db4be948044b2771d787e8ef12cb97d39876857c1d103239af356ace63990fd20895c08dd9fe308bc2cee79f51ea63eeead7fffd7c8e7927d6aa6e5a2b4 |
C:\Users\Admin\Documents\GuardFox\paZz3tUqu5NPvISLDXukwfPt.exe
| MD5 | f32e7f0aa6c1b764ffff83aa2e934289 |
| SHA1 | 88338755254f912d88b865e68db98935ea320d1a |
| SHA256 | 2e5d24fdcbfa5b6c9895d08c00ef22ad2c14d11139a334f6394c21613f61eec8 |
| SHA512 | cf738434cf3796daf8369cc886a7dad2dc8ad75b5bebefc34889cd8e7913f2133306d220aa28f9c7d72b51615753fa448fdc654f15044ff672ef6f73e0cb2949 |
C:\Users\Admin\Documents\GuardFox\ppbBb3WZSMtaPw4XUVFH_A9r.exe
| MD5 | 729787f1c363c4a9f52207c8c19545fd |
| SHA1 | e4d016dd229afd8261274ab4cdc670b54c3152d7 |
| SHA256 | d61c623fc0ea5b92d112dc66adbe7dfb9ac731558214f6c973d16f168cd1a8d1 |
| SHA512 | 862d0116677833188a55545a9d8001247275b5030b77946e1cba27a979d3987f8b277f1684da23e0d2275448304e0aec034d511cfab1eb014f3e063c7f3f2a97 |
C:\Users\Admin\Documents\GuardFox\il01emQCoRhiVbXxC9sgya34.exe
| MD5 | 5a3879bc05ac84adba72258231d2dcb4 |
| SHA1 | 7c0bd093a4c6b4c8ac1a4fc58f04ecdc7dd65557 |
| SHA256 | 5a1f842d047d6013bef59f2cfc2293b3de2943dbae1d2606ce424dde0f007319 |
| SHA512 | 20694d69ec816c9512e0095ff20943213714bc5efa8df9b5aaf04deae233137d191f3e838136fe7fcc98b35572979174a6d1f808f780409290f148ed6ec9c33f |
C:\Users\Admin\Documents\GuardFox\20EskC9skFpVMVD5pyN0UqPk.exe
| MD5 | 87b88dc7ca5d032966669d0db6854680 |
| SHA1 | 2527207df16dc939cd3741e7fe07bf09f93732a6 |
| SHA256 | 868b58d0cdda5740f7379da7400099fedc383bcf57884fb5b33d3de7ff7f9c43 |
| SHA512 | 9f2d09f9d750f8ca980c9b310acc2e73da31f7a51ed293455a35fe62fb3c3295472e4b02c54644dafef218b3600824f8f91f6449c57a2a2365591d8c9e055356 |
C:\Users\Admin\Documents\GuardFox\ShfR5uWMSfPibF6_6XVB5baW.exe
| MD5 | c39bf28b3d1b3d414eb8e071617a10be |
| SHA1 | fa8431aff87cbc52e627c734204975e4896f7273 |
| SHA256 | cbfa2c3642c2ab6d985b402b24d31c078e767a32a83fb0b3a1524fa20c8ad55f |
| SHA512 | 47146c941155fc9491debec3d2068519d223e1aa0c267c5e97921c3769af8e0073265df870c3a79fdb3f588325c209cb7e3b75ad3858fda43c920c1def0e7cce |
C:\Users\Admin\Documents\GuardFox\KdS6aGKkq_aFxYsB75APfbTM.exe
| MD5 | 711b2ebed9e1cb88acd06feebbc67845 |
| SHA1 | 088bf27399fedd03e8c94dfc9ddf13efdf6b1d80 |
| SHA256 | 52fda282e05cf2d1ee1d59fd4604e25d1cb7467706b9c5416c2f2b4ff1ffe575 |
| SHA512 | d7ed8dd6048945e93478e0d4748a5416d336e446f98d27ed30f148d426d778e37cfbe33d20795bb7efc47b3c58a4051f21b78a18b7d62edd93bffd0213d75903 |
C:\Users\Admin\Documents\GuardFox\2mPZ11CM7jr3ih4T7Yp7sDsO.exe
| MD5 | c62bbef3dba10a498bfa38a7b232ff7b |
| SHA1 | 332474aa1a489055985d5f3ac009627cd3e326bb |
| SHA256 | 2f4b1cf096faa101986546dd747fa9bb65efca3da25fba56315fdefcfd3206ba |
| SHA512 | 966081795e4a9a593499816c5d9683f88d642b4d4d68815667ebb5b9d2c27a4e43f9e874dc921ecb78d95842fb661f392657e4fd3b8c26b74f27f486dbcc5798 |
C:\Users\Admin\Documents\GuardFox\f4x20cNqfvSgqJkjt7Rlhr1I.exe
| MD5 | e0f0410287ae7e0efdc3c102fdb92291 |
| SHA1 | 20d51c375c115a5d166d40ff6cd4aaf6509a8576 |
| SHA256 | d46dac756e67806fb44f9e9485ac646f2dc3121b91b059fc4035d7edd86e23f5 |
| SHA512 | 326b68360c1880b40728a5c1ec6a94df237e835feca3ba9be736a57713f30817c5d6f6484625fc72c5d132ac9ae1f8e9e26370cb257afba37894c7aa0a0adc5b |
C:\Users\Admin\Documents\GuardFox\rICul7qrTjhq3P5H7SzD79Yl.exe
| MD5 | 28117b33a3dcd1d14b30e1d514991cbe |
| SHA1 | f6f38cc2c2c879352eb3d9c9ebaaa55f784a3f6e |
| SHA256 | d2fdfa2491cf2e0b6e2e6bab4452d02dd59fc2e5df563ab8884db08ea974efb2 |
| SHA512 | acc9f043491d24c2c51b63f0afe4a06da1f22e9b42cf26563f0ee4d68f70840db7dd1261f9974acfc0fb9284d2977d9a13aa7b3f1d36bf57e9becf15c3220aa0 |
C:\Users\Admin\Documents\GuardFox\ppbBb3WZSMtaPw4XUVFH_A9r.exe
| MD5 | 75672038e13ed518c63ab276e780cf40 |
| SHA1 | 7ab74250405ea8ccd2e280215f4beceaba755af2 |
| SHA256 | e0b51175a976834e6f820dc1abb76ee51209fa3f508ec0e7553e8466d600a2df |
| SHA512 | 91a670aaadcfe6ffc98faee79956ae7d32e00512b7be43054bf64d12bc03db641c26d80ddb9cb44f9b84d9c17568c03db5698eb9f14067a2c67a460fddb23b1a |
C:\Users\Admin\Documents\GuardFox\iM6AdH2QsEURmdjixACa5aYZ.exe
| MD5 | 6c4124dd135a4e9ca98748ef12ec0ad8 |
| SHA1 | 587c26aa46f7d1e9d68f71ae009e672e17f91bef |
| SHA256 | aae85ae0318de6d4b2b2cba9b1dc7f2c40840bb858366c66949bd3815df07156 |
| SHA512 | fcb74485b316e000d516432814c7e9195c1819754f950f64cfb603698f1b75aef82021bdb9fa88d2c9a4d3ea74ac63b2f40053405a65e049900b22764575da8b |
C:\Users\Admin\Documents\GuardFox\Nuul_2bqLePUnMY7gnQMUs1r.exe
| MD5 | d8d62dd58d682b99bcf8ad31effa41e9 |
| SHA1 | 8d9f481c1489a53324e61a5781528a6c03a9e84a |
| SHA256 | 3945a5f8271160575cb10edc7c5b8ea35ba48530ffa86a2927b58dff4b4eabad |
| SHA512 | 5f345794e6a056893b0d92b426e0ec033df6d44432a6fbcafbd1ca863aa623bf29148bae8e55b182bde9e8436b5f13dfeeb57407550b7f77b86268ae47f9eaa0 |
C:\Users\Admin\Documents\GuardFox\2mPZ11CM7jr3ih4T7Yp7sDsO.exe
| MD5 | f9a5667b2211b3ade344099f6da3b4d0 |
| SHA1 | c9b0d0276a24f547a1af04f4c9c9a9d489dc4308 |
| SHA256 | 78fe571e84750841af71639c925b088024a167dccdef298ede421a4a9b8e0ee0 |
| SHA512 | fd0b676f274fe9054833b906a30dc82bfcc861e591eda90101abb28e19023ab7e821d00c19eda02e54d79226be99461c987e7ef88cc394b1235b53163af6cfcf |
C:\Users\Admin\Documents\GuardFox\lyxs9JwTflh2IH2789Bp41eo.exe
| MD5 | e1a4de9e4a9f7ad459e0fc2a14b15241 |
| SHA1 | 100400b16074f016e2d4b0741b4d6b09fc972964 |
| SHA256 | a9ff66f0d379a0df01eae00559091f92bb5e4a1072923f121e6f9db9ff718bc6 |
| SHA512 | 065db0a8d7c6636342037beea39c8b6c6c85dd2c1ab04eed97d0c55748a3f24fe2cf56f2c7b6b6326f1b6d708a3e236f2133a0d6a17d3e1340e5212188f0a495 |
C:\Users\Admin\Documents\GuardFox\paZz3tUqu5NPvISLDXukwfPt.exe
| MD5 | c1cdfe75516de7f05fe095f5b311dbfa |
| SHA1 | 26e4ceb7ec558ba770a9b37c55f590fa31d1fdf8 |
| SHA256 | 4f63ecf76533d3c4c786bc7a94ec67a39f46ff1d77c7034593f20af82a9b6701 |
| SHA512 | 4f3fcddbf80d6a243265cbf6ae7d61b8b3d647b3227530042d3bc47c4af0d30d8e776e749749ae1a980e1ccee816ade5db892eea0a93ec39f6200dc2eff04895 |
C:\Users\Admin\Documents\GuardFox\z9AJkNjUvLHmoY85xUsaC8hB.exe
| MD5 | 22eab389ed9cd7d49c20cad9d9f0495c |
| SHA1 | dc0e12dd6ee9af6f6faf0303d47dab9fa22c4c8d |
| SHA256 | dcd0d46bfc0127126dc7d0edc0a5819c3e01f12a8b0f38960176affa34ca545c |
| SHA512 | 88ac617258641467eacdec3c84e65a3503a38899a2d4b2298753781a07f4b755d357eba639727b20f66f473df595ae253c70dfe0e131f3269b4e437b723d4948 |
C:\Users\Admin\Documents\GuardFox\kVoT3aWjjkvdqSg1Gvm0ebxu.exe
| MD5 | 595940a5f07e7b57b51013cc627f1d44 |
| SHA1 | 231ff4f84291dc8adbafa949411fdc88475599c1 |
| SHA256 | ffc3e1ce68b8021975c14f424afa9e206e7c5a50508920bd563e05ebe3024e6e |
| SHA512 | 47126b75567e03c28ffbc143c2ed1bd07b3f748754f4dfe9e0f5c73ef2057d742eba3c07d9543cc65e65b3186d19c5ae42c843475188d7fdebd65f56a21b1af5 |
C:\Users\Admin\Documents\GuardFox\KdS6aGKkq_aFxYsB75APfbTM.exe
| MD5 | 69fdef2aa7500e71a5503d9858dc7591 |
| SHA1 | 78897b932f9ae02577f837487d4e7a90dab39c4a |
| SHA256 | 3a46fcd85d28364e3dd5ef55acb0e74c4e15d124220bb3ebfd3a339d18b7c1a3 |
| SHA512 | 3f63f2b7855a8f106307fddbd57782bbb52a8c80a389c8514e0e72116683e5784bcc9430085abf3b20d44a5b4d402cc6179c3d7cced6728d935ab0c5398ac3e9 |
C:\Users\Admin\Documents\GuardFox\rICul7qrTjhq3P5H7SzD79Yl.exe
| MD5 | ad1d0aadd5bf9b668423eb9a216c6c70 |
| SHA1 | 01eba4a790ae5c0f497ea5ad2903fc7369677a2f |
| SHA256 | 18905e85cbe081dc0c8845d1ed46900a0d47c548f5b70c2485c0a249914f657b |
| SHA512 | 224c9639b0f6da7e136c260d4068c71861f7f3368881c4f853d4af124d236dc65a62dc86ff5cd290730019214569b26ce8f092f70dbc6dc496f46ac77bce931f |
memory/3540-707-0x0000000000400000-0x0000000000424000-memory.dmp
memory/5724-710-0x00007FF769740000-0x00007FF769796000-memory.dmp
memory/2732-718-0x0000000002C80000-0x0000000002D80000-memory.dmp
C:\Users\Admin\Documents\GuardFox\iM6AdH2QsEURmdjixACa5aYZ.exe
| MD5 | 0eb42e2bbcfc7aed16064b6186bba261 |
| SHA1 | 78ef629b1f4b8e2d65058f0eda867047c4fa98bf |
| SHA256 | adddfc7444ac9fa12b652594e6d9a9441cdbde174a664ceafc64bd849a218795 |
| SHA512 | 1e28092abdfbc2c5de7937c96500e9de9e7460cbd4e1a7993e11e52a63e8785d5b8421c69722e0e5b68e970d7dbb2e15cbc289ba2449d78ff5a66b68df95aa36 |
memory/2732-719-0x0000000002F50000-0x0000000002F6C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-VVTF2.tmp\4vJseCA75SLoZDxuhdqHOyj0.tmp
| MD5 | 6dc3b01e6856f0fb75c7b0cbe0304fc7 |
| SHA1 | d0f3ff5ca81131fbeae9d1c9d98c9d37c5b31104 |
| SHA256 | e8eeeb98bcb5f3d48f9906ddcfcb1bdde71e1027304fb2f81748b7bf381ad519 |
| SHA512 | 9ffae68da967c0575e4f4574feadf8e10d6429e7a4448063121256cdd0e78a0de0ab09fd867e0604d66a2e70608e3a2ff73c23e1963cc42b8473af4aa80e2133 |
C:\Users\Admin\Documents\GuardFox\paZz3tUqu5NPvISLDXukwfPt.exe
| MD5 | 0cf983520b111d8a9ef758f58f87fcf1 |
| SHA1 | dc6071ed2fb1aefd6889ebc3a9db6c724c41a7a1 |
| SHA256 | e91e99e9816e30eabaea7c71b563a52ecdf236713b40d1c3db7d9e5dfb47e9ff |
| SHA512 | 5523c53291870f27b16efca8ac6e406c3b8bf5c8bc5764398ef6a5a7cab5c891e3d15eb331d29e90708abd08c695a55d0733d9426ea1961508948c6b96f39d5b |
C:\Users\Admin\Documents\GuardFox\ewPp8snuQHfRbNYLQtRt5v2f.exe
| MD5 | f721a9f1eae99d0345ab7abbd63ebd03 |
| SHA1 | e77d349cd48082eef5ba145f17839450826f6245 |
| SHA256 | ad46ea1ce2d37926a85d905989118a2ef281d3b786b905ccf774ff4158eae044 |
| SHA512 | 2b358caf6bb21a0a7427ceb9e7b1377a56e1c58cba14a0bcd34268d9b6aa206bd217ab5a2a80b9449b5086d23785c47885f57c29ee2b1b8372f40618b895cccf |
C:\Users\Admin\Documents\GuardFox\ewPp8snuQHfRbNYLQtRt5v2f.exe
| MD5 | 15d7e1930607b036db8d2afc6ac2b92d |
| SHA1 | e4454d02431b54167b72a6c38b7677664921b97a |
| SHA256 | 599a61075bb380821fdff613cba715125f8d05a4ce41375864d136331cd9975e |
| SHA512 | ad8cf6f7d1aed0fa56e3c3fafb5753088980fd8021c12fa54cbe2f0656e546daefaf9520de99331fc339787c67bdd99fd3ecff4e9a5bbca9ed76c6489e64ffe6 |
C:\Users\Admin\Documents\GuardFox\rICul7qrTjhq3P5H7SzD79Yl.exe
| MD5 | c69c33a502dbd2d92ae2f7ff550e5f3f |
| SHA1 | 274c852af618fcc7f7cc5fda08b07eb6e480d508 |
| SHA256 | 28323466031009b8be0f3af6559958531c02eae90ab7c7bea671c14ff84ad82e |
| SHA512 | 3bbf0f84a79c71d7d93d3604d8856f9f52b51e06acec80b56956fd269b056fc86fe32276ee6296085a65e8b5e6ac29b2f2b0b1775d969bea75103ef23cdad6d6 |
C:\Users\Admin\Documents\GuardFox\rICul7qrTjhq3P5H7SzD79Yl.exe
| MD5 | 1df809ee883863f7d0a63b94c8034b2c |
| SHA1 | 54cb3315613250f6db7c3b0c7a3bf0d11797d114 |
| SHA256 | 804c93222a3c7f260a457c3f1ba66a20801a95eaaacba34771e2e680a309a722 |
| SHA512 | 3d1400b7807726dcb1a0ab40c5a6846dd576153e29e92754222dc5bacffc09c8ad07cbe33fe02ae8dc9bd3533cea432bf56ca61e5c6591c1dd9e43caa4300466 |
C:\Users\Admin\Documents\GuardFox\paZz3tUqu5NPvISLDXukwfPt.exe
| MD5 | aae5235e828ef469d79f253f0b8a6a48 |
| SHA1 | 238ff137c9dd1759a0b163350bda0e7b046a0efa |
| SHA256 | 4020c044f904170d8a1af04f10b2c1a5d05e9d26a620a3291a9fce6a4ce1f658 |
| SHA512 | 2da03985159ec655af90cab2d931a48f792579b59ad33098c7994936e7c8935a9ea7d3dbe52091927ff26a4584c4cfbbff2526959c15226beb5bef1774a01412 |
C:\Users\Admin\Documents\GuardFox\50ALn4VmFCPh8ui6iwc4bQ4c.exe
| MD5 | fe122ec787db1e187894440309c6de09 |
| SHA1 | a581403889926eee6d8ac70c9b34f1a98b1c1616 |
| SHA256 | d71e9e7a7484b2231331161cd0bd755d651a1b1b8d6875eacd0b34e8e586cf01 |
| SHA512 | d4e8071c8ca68253d6f06d0fd18b8c8e44a20aca9b0fb155fdde2c9d78e414346b657169e6c6d9c240e86a57bebf4cc2d40bda4245b73b8cdf6d2014d8aab593 |
C:\Users\Admin\AppData\Local\Temp\lgU0.cpl
| MD5 | ff94695d665d7f412dd21f73ec694344 |
| SHA1 | 53f2aa5dd39bb8990e2e1d0efdf0065b3437127c |
| SHA256 | d520af71c55f195b27c7a286a05d628ed973336ee64dc31b4090b5cca7313f5c |
| SHA512 | 7fa65c23cb1a6f6670eb1af1a95a637a1b6cb1ea0596c327882103c79125b76922d680e7dd103023de28e30409b9aac14b5e1762eae857dbb701d4c9b5c46ed2 |
memory/5744-735-0x0000000005430000-0x0000000005680000-memory.dmp
memory/5744-746-0x0000000005680000-0x0000000005C26000-memory.dmp
memory/2732-749-0x0000000000400000-0x0000000002B13000-memory.dmp
memory/5732-747-0x0000000000400000-0x0000000000D40000-memory.dmp
memory/5744-748-0x00000000051E0000-0x000000000542E000-memory.dmp
memory/5732-745-0x0000000000F10000-0x0000000000F11000-memory.dmp
memory/3396-759-0x0000000002DB0000-0x0000000002EB0000-memory.dmp
memory/3396-791-0x0000000002D40000-0x0000000002D4B000-memory.dmp
memory/4644-951-0x00007FF634470000-0x00007FF634751000-memory.dmp
C:\Users\Admin\Documents\GuardFox\kVoT3aWjjkvdqSg1Gvm0ebxu.exe
| MD5 | e6522b56d9efaa91fdf624f9422552da |
| SHA1 | e59f705dd58559cf2d1a06a743d3f59100730927 |
| SHA256 | 962b35dcdd56c51bf88a857f9bff150a3db05ef3f199f1c6542b4fc52a62a7aa |
| SHA512 | 8442de83d1608e54afe18aae030ac705f1c413d8cc89fa5a6a36a7abe9f1d913381479f0ce16ff29190b1bd5b6dd26bbdc7d45107b000d056910faa8bf0c5917 |
C:\Users\Admin\Documents\GuardFox\ShfR5uWMSfPibF6_6XVB5baW.exe
| MD5 | 0d684ccdf057b371a06780438de3d866 |
| SHA1 | 09060e1515c2c72338c6bf4c0b94655e57c16f05 |
| SHA256 | e2047090a5e07f61154bad7a67b71876273cc3624b09e477690f4527ca10c156 |
| SHA512 | d12a68daffc313150840cbb3e1a1f13cbf74bb0493c16315c44f1088a58ad1e8bb934f0d9d0e15624bd6214448d1a507a2441e762e97d554010e58bdc753d6d5 |
C:\Users\Admin\Documents\GuardFox\ShfR5uWMSfPibF6_6XVB5baW.exe
| MD5 | a1654a1ca978984af56b08c40cc7e63f |
| SHA1 | c434d410c37f51fcd2471514d7b3e5489bdf1aed |
| SHA256 | f47fbe6a59d453757e0e48e12ac431c0fbe6b07284d91dc52977b48e4ce96195 |
| SHA512 | 62740c347ecb36e730e6f2aaaa838866678ba8cb8643b66abc62c49c8bb5c3c1d2aa3a379ffdb1ab0b5b0669926bd6606c9b50eed11663ea8d2c428b80010630 |
C:\Users\Admin\Documents\GuardFox\z9AJkNjUvLHmoY85xUsaC8hB.exe
| MD5 | 27de0b8b6413370cdfeccb9b8dfd8228 |
| SHA1 | a43849f25b9c8de7597ea313ddb9f1fed72235dc |
| SHA256 | a9a0c514b0378e5cd9a919f08019cfea620b9d3ce78a47b8d97f378c01815805 |
| SHA512 | 4087264341637419d46376896456f5bd8e819dcedbf67cfb2f9043347e6a27adb8cb8ff259ceeadd733a63e441cec65194dc6b9b013a32a474c9a2dcd5352fc0 |
C:\Users\Admin\Documents\GuardFox\z9AJkNjUvLHmoY85xUsaC8hB.exe
| MD5 | 291288b0f914350c6150fb61db95217f |
| SHA1 | 1b9c11cb90db39f1cc60c80303bc9b8984e56d68 |
| SHA256 | dcb1f444f5c5457562c65872d53af6db90e67cc1551f6af7aa9720b062d56e57 |
| SHA512 | 8fb3475010fe4d46d82db472fd4d75ac33ca7afaaf89a7c5c1dd585afe52ed5d478ca3097d45a44e54aa3c7d1e0a43a98a94ba5d2d53c9e2219d3c6e072c3077 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
| MD5 | cdbbf548d912e3cbff42116f72a0bf1a |
| SHA1 | 34f125d4cbc85af3d23b99cbcd759d9d7e360cb0 |
| SHA256 | 5b326fd3b174378a59220dfe6bfd0edadce42afc0812e92d5cff7ca14ec63962 |
| SHA512 | 4b3d1b980949942af17c7890f1793a638a411f1fd93f59d46e80bea3821fb323c1ca939ca8b23506fbd56a7a099615cc4bc7be8efb95ed5ea4abf093aa08f251 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
| MD5 | 60fe01df86be2e5331b0cdbe86165686 |
| SHA1 | 2a79f9713c3f192862ff80508062e64e8e0b29bd |
| SHA256 | c08ccbc876cd5a7cdfa9670f9637da57f6a1282198a9bc71fc7d7247a6e5b7a8 |
| SHA512 | ef9f9a4dedcbfe339f4f3d07fb614645596c6f2b15608bdccdad492578b735f7cb075bdaa07178c764582ee345857ec4665f90342694e6a60786bb3d9b3a3d23 |
C:\Users\Admin\AppData\Local\UUID Code Generator\uuidcodegenerator.exe
| MD5 | 4fe8cc64297c514a024ec4bf8999c398 |
| SHA1 | d708ef056383814c407e536c030e0510331ee427 |
| SHA256 | c5364ed03e7b8484a05f410b277b60a6b8c28b919060876af76afe25289cc6ba |
| SHA512 | 68db30137c84556156e6592a1a9d4717129e02a86015226cb2346acb225dc305ff7f1ea74eba676c1474b7321c50c9f255a3d4dc49e0197914cb30fba8accf3e |
C:\Users\Admin\AppData\Local\Temp\is-IRERT.tmp\_isetup\_iscrypt.dll
| MD5 | a69559718ab506675e907fe49deb71e9 |
| SHA1 | bc8f404ffdb1960b50c12ff9413c893b56f2e36f |
| SHA256 | 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc |
| SHA512 | e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63 |
C:\Users\Admin\AppData\Local\Temp\is-VVTF2.tmp\4vJseCA75SLoZDxuhdqHOyj0.tmp
| MD5 | a2843590e25c04cbb17b10b47567f7fa |
| SHA1 | 00dd03c80f7269f269ecd3834ec770e69966ad6e |
| SHA256 | 8bcf0b4f9a21c560771131b593e6feb50ec12dbe9056ae5ffed539fbe4f2bd40 |
| SHA512 | 66ccace1e48c9453acb6b623195a73a21e28b4fb7ff11cfb5575d7537cb42ec6d62b81effb5a6fc4d8c04d39ba90d7c2002569f54dd1fff4e1c195621e7f5fad |
C:\Users\Admin\Documents\GuardFox\Nuul_2bqLePUnMY7gnQMUs1r.exe
| MD5 | e586c3add3db5b6bb5e0bdc20652cf64 |
| SHA1 | 73588e25f540793ce6eef843ae0c59d9419b5d57 |
| SHA256 | 2827b0efebaef0fcbabf1531a7e05b799ada7d2d896191e182e2d67d52e42bf2 |
| SHA512 | 9bcb2bed594092e1fe30bfc0e1f9d387c20d91e1b95749572846b209d4836738f84d614769aa0cbb03233cf2edc1c61d2270c68375cf1333c05008ecaae4a133 |
C:\Users\Admin\Documents\GuardFox\HCQM9H_C1yyySyKv8SyS0YVO.exe
| MD5 | 93d27211879f8ce50b4588e879104213 |
| SHA1 | 66606a241408031dbc8c74082d189b6cae21ca1e |
| SHA256 | 7ee0979e735adccd1f4a0abf6869b368dff67d0b1638c6176eeb42a309c82cdd |
| SHA512 | cf125b91cea7cef618b2b54b84fe7c66ea9e75cba71bfce5e45a262064824f64c8e8a4d7a8831cde7130fef95043560b5f11ca0e798ad4d92fd3973710b7f9c2 |
C:\Users\Admin\Documents\GuardFox\HCQM9H_C1yyySyKv8SyS0YVO.exe
| MD5 | 85e6dffb97298cc4c64dec8751f088a0 |
| SHA1 | 4733311ffa6f618bd5e6d02cfd7e59a36c86648d |
| SHA256 | 1a8188745c43d511efee9603d150c5fbf1899eadb3315e56dfe56fe70919776a |
| SHA512 | bcbecee04f6c78f9dd976e94ecec49a55398699b7bb2cf97a803ef3f17b642272895268969383c0eff71dd05c709fca75971d17392348346bcd6bb0b050da85d |
C:\Users\Admin\Documents\GuardFox\50ALn4VmFCPh8ui6iwc4bQ4c.exe
| MD5 | edcfd3004c0b3f3db0714db156507eeb |
| SHA1 | 788e7edd2d267606f1c2e1e9666d2582cf6da60e |
| SHA256 | a272874ca6f8d25afae0a2387fcf88eb88aa370c2a19030fee6b7e85a5b75c15 |
| SHA512 | f13730a97d1bf84ed0a5c99ac1a43d125e091f769bb03669f19325b313b6d796f34279daadf1312c1e3f1af17a99a3cdef641e2157d815ca9542c801d201afc1 |
C:\Users\Admin\Documents\GuardFox\4vJseCA75SLoZDxuhdqHOyj0.exe
| MD5 | 5e4050f4d3a16005b6b61dbca7b8b8f1 |
| SHA1 | 95d6c7f9bb26bc81a94f3ac2bbf6a0d98bd59d22 |
| SHA256 | 051b9954dc1497d14cb051de3b43971bfc398ca3db8f608768575c00a1af316b |
| SHA512 | 90c638e2ddb925a26743470e172a6a9ef6f63748fc57c8d1adbcd87afe45763cf8aa74adccc144974ae5c96a4e27c1ef1aac469454fe000d929fcaffed6c273d |
C:\Users\Admin\Documents\GuardFox\4vJseCA75SLoZDxuhdqHOyj0.exe
| MD5 | 66f366028d01a7c592c8089d41d90bda |
| SHA1 | 1f60f64714bd96e354b5578dfeca259895f1c69c |
| SHA256 | a6fabad4691e9eec4d8a68a3fc086c072c85d186338df15518b73a3211351313 |
| SHA512 | fe55019664468125e45916377bfaa8b200b18046d7f456d4f40dd0308bf9a1cd06fcc662e45509492be0a0a17a640590caeb9b5ecccbb037f598a26a080d6399 |
C:\Users\Admin\Documents\GuardFox\OOCTptGsu2UHu9IoFXc8pGno.exe
| MD5 | 90aaf67f662bf15d70dca06555c99fb2 |
| SHA1 | 663cb7e04bd9728724911b2168c0fb84258413cf |
| SHA256 | 5ecb8786ea6109f9fafcdceae598d0ea4567f4dd8d62d5ca862b149862790109 |
| SHA512 | 046602b61d4209d8a94b1b26608edc672e31efb3edbe414b79dce448f09e63149786bd9165ca26e04ee790d73624508a09916ac9d520c2f3ac2c803ae56870cd |
C:\Users\Admin\Documents\GuardFox\20EskC9skFpVMVD5pyN0UqPk.exe
| MD5 | 029253a595c7192f405e5ae3b0c0310d |
| SHA1 | 8185810aa79306a783b91aabe3526352a6a9d37d |
| SHA256 | 38b6aac0c4693e0d2be923b0ca8fcfa75128294bcc50b590448db53aaa4688d7 |
| SHA512 | 1ee7bc1b3748af33e005ee5128cf512efab3d267fc1c5ece7be009a92200518efa6477125a83329191fbdd05149b099f463125106904cb0c1939be376ab928a3 |
C:\Users\Admin\Documents\GuardFox\2mPZ11CM7jr3ih4T7Yp7sDsO.exe
| MD5 | fa166f699821228775c92536ae512755 |
| SHA1 | 1ff141bea5bf41018fb50fb3d81edbbe427a0677 |
| SHA256 | b79659f0172ce50efd42c454c6cb1cb8ea69cd08d65cab5564855aa2b3089784 |
| SHA512 | 13262e2da12c942f22f358a6dc92fcacd9d2fe5e6dc1020a8ae176916346ba4c8073a1601cd5b91ff9c035acbe7105c89dcfec67dddfa108e131af0a20bbaa77 |
C:\Users\Admin\Documents\GuardFox\KdS6aGKkq_aFxYsB75APfbTM.exe
| MD5 | dbbf14c5e8e9f194446ab08d8ae7a1c2 |
| SHA1 | 5cb6520d09ed31bb06f2f62ca193a01fb4be1e00 |
| SHA256 | f023616aae6204516db27d42df55fb2888626d47f052f88f8a56394db51db0a4 |
| SHA512 | ec972533993a4486cc2c378e0699d03fb59cef3c58dede3dce4e78f4eec78c023028b1ab34d569a035cce4a37710b82a29f30d2cc81d19d35a4b44ccc96ea763 |
C:\Users\Admin\Documents\GuardFox\ppbBb3WZSMtaPw4XUVFH_A9r.exe
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\Documents\GuardFox\20EskC9skFpVMVD5pyN0UqPk.exe
| MD5 | 7b0e302b0d84fb77766a4230525cbfdc |
| SHA1 | ceca09475247bcfbf59ee9298208d8aa1e988370 |
| SHA256 | cc5ac34410e81e048a58d8b293816d5144a5137b4e7011111780746f664bb643 |
| SHA512 | 3752d5d0539de2c96b7915fc22411d2c5c7dd320f6af30f64500a4056f74072020bc6be32157c3fca9616f02c78c3c7d0d609f0fe8cc378658bd5d0fa7e50600 |
C:\Users\Admin\Documents\GuardFox\ppbBb3WZSMtaPw4XUVFH_A9r.exe
| MD5 | 33e380589476b1b13d358475c26a06fa |
| SHA1 | be1f2288d3331a5869d966c9a2eee06f29c30fc7 |
| SHA256 | 59f711b4d8de03ea6adf6a0ea6161b3fd123944b0debe1ab615f7669c01951b7 |
| SHA512 | 6fd2474ebf356da7e04bf0c85862061935022b584a15cf5fcecc6777024965ceba5f75bdb470cc7d29978207ebd5ab6f2740cfdaa7016d8271e95434429c0821 |
C:\Users\Admin\Documents\GuardFox\KdS6aGKkq_aFxYsB75APfbTM.exe
| MD5 | ca93df3a6a4e756fbc06d95b19807878 |
| SHA1 | e16137960f87d5431ad2ad1df858fc95d46f306b |
| SHA256 | ed034e9647d971615f988f1e06bbfc71d2813874355c37f44dc4873ea20e5ed8 |
| SHA512 | 22c2d9b4b5056e30fa3e0311c891b8a0d79108d2e0b85d97df9b4dac0a059537b063c514a6543a7fc32b2ff2c677b82577c079fd9924cf9a017f87e745e0adf7 |
C:\Users\Admin\Documents\GuardFox\20EskC9skFpVMVD5pyN0UqPk.exe
| MD5 | 57a25d42ab1f15997178d9efb63a113f |
| SHA1 | b0c388f9b5ab0ec96cce3a0d8e17aa72a43b1946 |
| SHA256 | 7737b9dcbe2c028cd1ae9fae66910f0e1ccfb7322f634b440463f084cf140ed2 |
| SHA512 | 2c9e64c1f73ee5bfaf6c1fc7d96586c11e48762ddaecacacb9b68be430d993195666d3d41430de9c44a843566359694579fb50ac4d4e932210de0cb0ca299537 |
memory/772-953-0x0000000000FC0000-0x0000000001018000-memory.dmp
C:\Users\Admin\Documents\GuardFox\lyxs9JwTflh2IH2789Bp41eo.exe
| MD5 | e072366d74a21fd059aa1e7ce41e7212 |
| SHA1 | 8df389cb1de5ee17a29403dccf5da85ddd50993d |
| SHA256 | e3abff5553cb716be29b0ae2f21506c22c7f5aab7b66bb377e3ab4d1a701f960 |
| SHA512 | 82e42aeb84940745a9d9f45f6b0906369b3f96bf6b19b264cc851e9d2ae3552541ff28dc6c943d3c85d3ff858b71e164a6684ea5d1935a7f9595b93457a1b96c |
C:\Users\Admin\Documents\GuardFox\kVoT3aWjjkvdqSg1Gvm0ebxu.exe
| MD5 | 5a2e7f89ff64a2e874505719cdc87222 |
| SHA1 | 94a78ca2155c5b904cb5bf8b083ded86963dd032 |
| SHA256 | 2287d7d17d83278262a1c3315afe62baeaac7370b247b12b83532ca60d329443 |
| SHA512 | e2e1264b66f385990eef8f0b6b164ee0b42f7c3431a83f416c121405d6d511784acfd00bdec1a0aef711329e3214b1e6a3d115b18841963ed711d1d1acfd0718 |
memory/4616-957-0x0000000000400000-0x0000000000760000-memory.dmp
C:\Users\Admin\AppData\Local\UUID Code Generator\uuidcodegenerator.exe
| MD5 | 7a9b4f712046f92b028d3687e9b8d240 |
| SHA1 | a5522209bc7191e370410491c1b4ec5b8c257f19 |
| SHA256 | 84f3f3443e79b19134dd64e582de54a6788464306df67fd265bac26c4553ec44 |
| SHA512 | fd8d75455e89984f9476106323295db24b427bd1c0bdf9593be66520eb8b82fb233f933463b62db12a4d7d369929a60a1f3aa814a046290e2d8f72dbfa738327 |
C:\Users\Admin\Documents\GuardFox\lyxs9JwTflh2IH2789Bp41eo.exe
| MD5 | cef08c09c3ce75346231d14986128bac |
| SHA1 | c5224692889302a5dbdf45cc32725e4f8f940dae |
| SHA256 | 432099f8e3e04cd54353165b554f24946896932c409f1cdd020f79a0d06865b3 |
| SHA512 | dfbd49a7d0acbdfe6b297145d9befffb7c2b3550c59816cb2aa7136438bd091728bd94c366682f92a1711a4dcdaaa922f62e48b90777658fb13b16eb2bb5f2dc |
memory/4616-970-0x0000000000400000-0x0000000000760000-memory.dmp
memory/772-973-0x0000000005960000-0x0000000005972000-memory.dmp
memory/772-969-0x0000000006090000-0x00000000066A8000-memory.dmp
C:\Users\Admin\Documents\GuardFox\UlGn_TApIIJsr4mr9tsRv03p.exe
| MD5 | e5af6234a4abc51f580ee9f2cec4902b |
| SHA1 | b19aa73ee60c812ff2038aea923974b3d0f9beae |
| SHA256 | 5a291dc1ac659ea10e33e9c00f2c6d527d7863c62eeba783beccd070bd93bb22 |
| SHA512 | 6ea51799eac077c23b6b3a493c8f0fdc0b3fdea3e708714a7beb4547303c90ce9d42b4b77bdc6939817bef16f00627c85a825b917b5996c1edf122345074b7af |
C:\Users\Admin\Documents\GuardFox\UlGn_TApIIJsr4mr9tsRv03p.exe
| MD5 | 2574ca37b06fbcd1050f0040e1544b2c |
| SHA1 | a8b270a5aa26ad50b2a54568d59c6720a94b7a48 |
| SHA256 | 4ec2b3df962ff4bac7f018b28479d18f80f1128d9b9b5aba5b8cc69ab1ca4f10 |
| SHA512 | 049539f2781ee069a2c6dffe127a7f03ad5cc3fcc5647133776b40bc0aef85052b584f7679c63608da9e504515524c145c3b7b8027365e922cfc9062ab46731d |
memory/1844-968-0x0000000002710000-0x000000000277E000-memory.dmp
C:\ProgramData\IPTV Channel Browser 6.6\IPTV Channel Browser 6.6.exe
| MD5 | a653937795193db3bee7ced7b58677f1 |
| SHA1 | d321f822507b32865d4f00f04eb7a880f1666845 |
| SHA256 | 63ca1c9bc29e1f571cf4f0aae027e008f0077409c797732bc47351ffc7eb1b74 |
| SHA512 | 7d7f8a73e649fd83895393dd31c62494c23b2f23471f4d0d2ce374e352776f19568232e921a2b42138d4326d343fbae3fb2e48d0b7410a6f0510cbe5b341d577 |
memory/1844-978-0x0000000002910000-0x000000000297C000-memory.dmp
memory/772-977-0x0000000005B80000-0x0000000005C8A000-memory.dmp
memory/3692-975-0x0000000000400000-0x0000000000830000-memory.dmp
memory/772-985-0x0000000005A70000-0x0000000005ABC000-memory.dmp
memory/772-980-0x00000000059C0000-0x00000000059FC000-memory.dmp
memory/3400-976-0x0000000005B50000-0x0000000005BEC000-memory.dmp
memory/3400-972-0x0000000000CD0000-0x00000000011A2000-memory.dmp
memory/1844-986-0x0000000002910000-0x0000000002977000-memory.dmp
memory/5140-995-0x0000000002D40000-0x0000000002D4B000-memory.dmp
memory/5236-993-0x0000000000400000-0x0000000000537000-memory.dmp
C:\Users\Admin\Documents\GuardFox\UlGn_TApIIJsr4mr9tsRv03p.exe
| MD5 | 6a3750f6fd250f137ee782e78d2d50a6 |
| SHA1 | 8d55870a9c42853a8189cb8f9f648447d0b21e63 |
| SHA256 | f5465b1702af36168bfeaa23f09505fe471d2e2cc65bb325bd7514896ef35fce |
| SHA512 | 2af7aea02d7dac9cf16014830c685515adc22ceacdcff6aa60314e973ace6f9044bbed269013f3a1322f0d1b81526ff712a5dfb470d8f64316aa5f453e37f300 |
C:\Users\Admin\AppData\Local\UUID Code Generator\uuidcodegenerator.exe
| MD5 | 61d6811882cf7c14dd0d3dd2411444bd |
| SHA1 | e202764c2b0d74e5a97bb542e395c1744270cd79 |
| SHA256 | 3174fe7b188c4e298c6efc9a153f2b8b60707a7c6e7df87d4353fb204c654fca |
| SHA512 | 84023b36a7606c067bc861b39f983bd849c60169363a0d0c01d0d1860a5fbc21aefa182dd5b21c7573ebc95737bbda085ecaba63b3f92a05597260843755e33d |
memory/3396-982-0x0000000000400000-0x0000000002B13000-memory.dmp
memory/5236-988-0x0000000000400000-0x0000000000537000-memory.dmp
memory/2940-987-0x0000000000390000-0x0000000000B66000-memory.dmp
memory/1844-981-0x0000000002910000-0x0000000002977000-memory.dmp
memory/5236-1003-0x0000000000400000-0x0000000000537000-memory.dmp
memory/2836-1001-0x00007FFFDDF30000-0x00007FFFDDF32000-memory.dmp
memory/3044-997-0x0000000000BC2000-0x0000000000C54000-memory.dmp
memory/1844-996-0x0000000002910000-0x0000000002977000-memory.dmp
memory/2940-999-0x0000000005650000-0x00000000056E2000-memory.dmp
memory/3044-1002-0x0000000002550000-0x000000000266B000-memory.dmp
memory/1844-1005-0x0000000002910000-0x0000000002977000-memory.dmp
memory/3356-1010-0x0000000002470000-0x0000000002486000-memory.dmp
memory/3692-998-0x0000000000400000-0x0000000000830000-memory.dmp
memory/5744-1011-0x0000000072710000-0x0000000072EC1000-memory.dmp
memory/1844-1016-0x0000000002910000-0x0000000002977000-memory.dmp
memory/2940-1014-0x0000000005610000-0x000000000561A000-memory.dmp
memory/2836-1006-0x0000000140000000-0x0000000140876000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\lgU0.cpl
| MD5 | 69aa389c073c6651f6517dd327b6d3cd |
| SHA1 | f50f16913a4e5d0d9ded5ce558cc3041d872db10 |
| SHA256 | 7577b2c01e2e335166cf45173ec14c05dc1089dc00640675f9ac0d3e7e50a8f8 |
| SHA512 | 373b7749d3222b9c06094c06c12739d66f4b40ec3d7cb7e72f5fb7e46cee29e8f9461daa5b4299f899c6220167607c028dcc1902d0d5ebccc90572b005a2548d |
C:\Users\Admin\AppData\Local\Temp\LgU0.CPl
| MD5 | c7e9fec85df8fddd5c72a7044a205d68 |
| SHA1 | c96b8a4f88e046646cb805e92c7dee5aff1d925a |
| SHA256 | afca643522f565b635ba274764fa3fd79037011acad003505cc3d4a02e2bbfef |
| SHA512 | c3c91892c037911940eae4de505955d1a296f8ad4cbfdc2eb8f0496a0df186c69eadb02cc42fcaca9c8c55a882a8bbaa3acc5939ddbff842e8d9d540f1a3c1d4 |
memory/5396-1027-0x0000000010000000-0x000000001028B000-memory.dmp
memory/5396-1031-0x0000000000C50000-0x0000000000C56000-memory.dmp
memory/1136-1038-0x0000000000F50000-0x0000000000F51000-memory.dmp
memory/1844-1035-0x0000000002910000-0x0000000002977000-memory.dmp
memory/5732-1043-0x0000000000400000-0x0000000000D40000-memory.dmp
memory/1136-1041-0x0000000000F60000-0x00000000018A7000-memory.dmp
memory/3396-1022-0x0000000000400000-0x0000000002B13000-memory.dmp
memory/5140-1030-0x0000000002E23000-0x0000000002E39000-memory.dmp
memory/3988-1021-0x0000000000100000-0x00000000010B3000-memory.dmp
memory/5140-1025-0x0000000000400000-0x0000000002B13000-memory.dmp
memory/1844-1024-0x0000000002910000-0x0000000002977000-memory.dmp
C:\Windows\System32\GroupPolicy\gpt.ini
| MD5 | 7cc972a3480ca0a4792dc3379a763572 |
| SHA1 | f72eb4124d24f06678052706c542340422307317 |
| SHA256 | 02ad5d151250848f2cc4b650a351505aa58ac13c50da207cc06295c123ddf5e5 |
| SHA512 | ff5f320356e59eaf8f2b7c5a2668541252221be2d9701006fcc64ce802e66eeaf6ecf316d925258eb12ee5b8b7df4f8da075e9524badc0024b55fae639d075b7 |
C:\Windows\System32\GroupPolicy\Machine\Registry.pol
| MD5 | cdfd60e717a44c2349b553e011958b85 |
| SHA1 | 431136102a6fb52a00e416964d4c27089155f73b |
| SHA256 | 0ee08da4da3e4133e1809099fc646468e7156644c9a772f704b80e338015211f |
| SHA512 | dfea0d0b3779059e64088ea9a13cd6b076d76c64db99fa82e6612386cae5cda94a790318207470045ef51f0a410b400726ba28cb6ecb6972f081c532e558d6a8 |
memory/4232-1057-0x00007FF756F30000-0x00007FF757C03000-memory.dmp
memory/772-1054-0x0000000005D00000-0x0000000005D66000-memory.dmp
memory/1844-1059-0x0000000002910000-0x0000000002977000-memory.dmp
memory/6020-1058-0x00000000021C0000-0x00000000021C1000-memory.dmp
memory/1844-1044-0x0000000002910000-0x0000000002977000-memory.dmp
memory/1844-1066-0x0000000002910000-0x0000000002977000-memory.dmp
memory/5732-1062-0x0000000000FB0000-0x0000000000FF0000-memory.dmp
memory/3692-1063-0x0000000000400000-0x0000000000830000-memory.dmp
memory/5732-1067-0x0000000000FB0000-0x0000000000FF0000-memory.dmp
memory/5732-1070-0x0000000000FB0000-0x0000000000FF0000-memory.dmp
memory/1844-1072-0x0000000002910000-0x0000000002977000-memory.dmp
memory/772-1079-0x0000000072710000-0x0000000072EC1000-memory.dmp
memory/3988-1102-0x0000000000100000-0x00000000010B3000-memory.dmp
memory/2940-1109-0x0000000000390000-0x0000000000B66000-memory.dmp
memory/772-1111-0x0000000005A60000-0x0000000005A70000-memory.dmp
memory/3400-1117-0x0000000072710000-0x0000000072EC1000-memory.dmp
memory/5236-1120-0x0000000000400000-0x0000000000537000-memory.dmp
C:\Users\Admin\Documents\GuardFox\2mPZ11CM7jr3ih4T7Yp7sDsO.exe
| MD5 | 56b9c3ab8bc7eb5290e1834ce3bcc2ab |
| SHA1 | f340e4fc1d0fa793dc28bd05b7137e1004206687 |
| SHA256 | 4b56bb830020d94d6be10fdbb8565744915ac810074c884b617ca122d0be7a64 |
| SHA512 | 7786fa28b8ad5a3a9b888e0044d0962b73186beeb4d20dfefa9567f59e3db446d63229d92123a1a5b79c25a31cb8a7f3ebe0a8fec167d73a7420a0e110e0c713 |
memory/2940-1122-0x0000000075060000-0x0000000075150000-memory.dmp
memory/2940-1125-0x0000000075060000-0x0000000075150000-memory.dmp
memory/2940-1130-0x0000000075060000-0x0000000075150000-memory.dmp
memory/2940-1140-0x0000000077256000-0x0000000077258000-memory.dmp
memory/1844-1148-0x0000000002790000-0x00000000027A0000-memory.dmp
memory/1844-1145-0x0000000072710000-0x0000000072EC1000-memory.dmp
memory/1844-1152-0x0000000002790000-0x00000000027A0000-memory.dmp
memory/1844-1149-0x0000000002790000-0x00000000027A0000-memory.dmp
memory/1844-1154-0x0000000002790000-0x00000000027A0000-memory.dmp
memory/4852-1155-0x0000000000400000-0x0000000000454000-memory.dmp
memory/1380-1156-0x0000000000400000-0x0000000000760000-memory.dmp
memory/772-1168-0x00000000069F0000-0x0000000006A66000-memory.dmp
memory/5768-1169-0x00000000009D0000-0x0000000000EB3000-memory.dmp
memory/1844-1170-0x0000000072710000-0x0000000072EC1000-memory.dmp
memory/3692-1189-0x0000000000400000-0x0000000000830000-memory.dmp
memory/772-1188-0x0000000006920000-0x000000000693E000-memory.dmp
memory/5732-1190-0x0000000000FB0000-0x0000000000FF0000-memory.dmp
C:\Windows\System32\GroupPolicy\GPT.INI
| MD5 | 93b3886bce89b59632cb37c0590af8a6 |
| SHA1 | 04d3201fe6f36dc29947c0ca13cd3d8d2d6f5137 |
| SHA256 | 851dd2bb0f555afaef368f1f761154da17360aeea4c01b72e43bf83264762c9f |
| SHA512 | fc7baef346b827c3a1338819baa01af63d2d4c31f3f7e17b6f6b72adab70de81872a67e8f3c1a28453abb595dbac01819a9bcff0710e9651a45deaf2f89e65fb |
memory/2836-1198-0x0000000140000000-0x0000000140876000-memory.dmp
memory/772-1206-0x0000000007720000-0x0000000007770000-memory.dmp
C:\Users\Admin\Documents\GuardFox\o7Hwfo_uogy9uqCn1IMWTstq.exe
| MD5 | ee91a677bce1906e77f3d3b09c3d89a4 |
| SHA1 | f2a9b02d328bcccaf03f94e4e8c2af706bb3e2d9 |
| SHA256 | baafe12d9d5efb3ef2cc4256a7f74530cd7e34563d9a72deae19a9efb9568b0e |
| SHA512 | 5e7e6495167b802da4d0dabe3e0a329448d10ce57ebc9e25b407d743ddb98b8c17456473051b2ae165d00a805657bed8ac0157bc5d0df2ca43ef91158d57becc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A65DBECD82A40019E873CE4ED0A79570
| MD5 | 14b3811fed3ba8375ffb48102fc12b1a |
| SHA1 | 1d6731f1bfcc3ac823ffc6b0c5a3dd373bc27d3c |
| SHA256 | 87fc51ee998a2356912c6fd35c358c583fba20c326b464faceedb80bb7d8d1fe |
| SHA512 | f667c5a82b61e629c99329c72b40ef6debd0b83c716c3fb221e083c138114b6e44aa36e0d84ed165df6cffe6d8b9e2eacced3af4c36bb42618519e8b127e64bd |
C:\Users\Admin\AppData\Local\Temp\msvcp_win\UniversalInstaller.exe
| MD5 | 08263128e1a98bfc408497c8544d2024 |
| SHA1 | 0d1a63c1cc7ec2a0d0c56beaf3c91fc2fb814c44 |
| SHA256 | db44169c7e41cba614005b72223b9367444bcc31b45154d8ca802b685a83ea65 |
| SHA512 | 3d2639b7bbba7e2b7617a0d0eb6823a1e6e5c4a58513301fe8790a7ca3c9e55dce5a7888087d89cc33479b68705205506c5793ae55705de7330c8a7be4353723 |
C:\Users\Admin\AppData\Local\Temp\msvcp_win\UniversalInstaller.exe
| MD5 | 85b1b1e4979316ed0609ee37f2e18a33 |
| SHA1 | 463e30f0e0c33c0779609bb459a7e75da79cc977 |
| SHA256 | 30c0ff5f19a361a397f37b53917be051f71acb458b6f47e5cddf825da18d2bef |
| SHA512 | 353c26cf38051669ac8bb1a1a8c9b20123f1a943c589e9447bec26d840b2fd5f2f7280941f2d6a12f42503db61c72149a65d22b70f89a21f1c3befcbc0a7c66b |
C:\Users\Admin\Documents\GuardFox\BjJaTGtrHogbqluj1BYuNU0W.exe
| MD5 | 38d02ac11a1e8c3c54bf69ff4b13ea3a |
| SHA1 | b7f0dd19c8a0b1fa4ea2a87562e97cf936df075c |
| SHA256 | 3de266ecb9b19a9dbdc9d087881c731cadef635c4050633be5391669666ffadd |
| SHA512 | d3e0b1adfe4da769ac5ec4bedb1f6686e03d887189d9412be9b8b82af841b2fe00b9cd0c9d1573c244a46c910c18cd772f3d7a611d6e0441af1ff6956964e88c |
C:\Users\Admin\AppData\Local\Temp\msvcp_win\grille.eps
| MD5 | 3b6a0b14dc8831e3b426cec742e90059 |
| SHA1 | 75ef923554485165a5cee04910e550164e15c51c |
| SHA256 | ed0a03950e1e3857fcc0623d57b7d5c3694762e1b999f8be0568bafb90209c3a |
| SHA512 | f10bd3afb2dfb2b682f299579c58c0418835faa1e06ab352fd6621f9187b8a05a138434a67bcfce752d6dd96832a33013b3dc6a4a1260983b77ecb4914e41eb8 |
C:\Users\Admin\AppData\Local\Temp\msvcp_win\sanitarium.ai
| MD5 | 96721351f220aed042557c1325f17282 |
| SHA1 | 3d1eda7f35741518a55e40c706c1522203398f00 |
| SHA256 | 62a10a10de426364b5e4bfaeee31eedf650fe829cca04f5b8f6990070ff00eb5 |
| SHA512 | bbaf3d313fb3576e4983d5265e343199580d5a87170302217a20f9889023a3174f60bfbb82070331f6cfaa4b4deab58a2ebf961514a6467eb18507ffee653f07 |
C:\Users\Admin\AppData\Local\Temp\msvcp_win\relay.dll
| MD5 | 79447c236b8ff05c49b7bda01ae7594b |
| SHA1 | 445440f96276799c4d2daf9ab9ac8bec39b46c01 |
| SHA256 | a5f040efc976e85a1203bc67b805cba64ee2a0a1219e739955df5dd25424d3c5 |
| SHA512 | 9f3f4cb846246c0a2f8b00cb7523d714a2d8e958aac8ba1b1b4e2111762357a86bcde379cf1c567823cd88f81ddba41117ef0ada463a6603ccb97128db263365 |
C:\Users\Admin\AppData\Local\Temp\msvcp_win\relay.dll
| MD5 | 987baafee84056fa3ce397fa61336161 |
| SHA1 | 692ce604d40304d9f9ad2af67dce9c6c9ba2d3ff |
| SHA256 | e6e6eb86a2d42604c43f75d95f5c4143a1b6214d23041d6b8366fbf7de521688 |
| SHA512 | 60394ec67a860caeefac36af727cb77d4975846db786781faa8398d2110d85a0b30b59422314ef9c5bd68af212d3d0f0d5f48240df0661cedeaccc4f8f4d3040 |
C:\Users\Admin\AppData\Local\Temp\jobA3_UBhXU4Hq3rac\information.txt
| MD5 | cc7b8cf6462d410411ffc391cd08b4c9 |
| SHA1 | 9f5c8e6a97236d0df552516e399296e45ad1e611 |
| SHA256 | 722c13381806863e4598c16a8cd78b6ec97e7540da5ce82ceabe92c36ed81ef1 |
| SHA512 | bdd3518e842d528e10a456e60906f5a1cfb7d54e9a2d494dcd136ce054f145f9855326eb40c8ded5cae86eaba0c6af6bbf3a31d68124a8afc2b48fc4d6d7bdcd |
C:\Users\Admin\Documents\GuardFox\o7Hwfo_uogy9uqCn1IMWTstq.exe
| MD5 | 0300e763dafa74b52b47431af779ec8a |
| SHA1 | 4b288e0340606109eefbab6d014dcc3f2a0d7873 |
| SHA256 | 06fd42da0d009b56e769dfb1334c03a9ab6de97d3088f7a2de7a29634625cd36 |
| SHA512 | 4afeca8e643ed390ee280ef6910d3049653738af8126ed4bf9b8bd8ee49442bc492ed2bfb0fe9d98b3484da53b778ba5d3a60585bd622c91635456b3963530a3 |
C:\Users\Admin\AppData\Local\Temp\msvcp_win\UIxMarketPlugin.dll
| MD5 | e9b2feb2e79ed2237744112e8c382743 |
| SHA1 | 4874e5b5402f1631a1b6cb771db857594b0f9ec2 |
| SHA256 | de371f3e5184090b8e07f444250cc0a4af47ed8d2edc3fb35c1a66e07ff86287 |
| SHA512 | 525218bdc5e88c68a471e19a736e6cb17a20d5d5d029400f1cd2ac436bbf71d173300615884c6c2ed3aade29f4e9672be6fdb80bfcd71ec629cf85b24bdd909b |
C:\Users\Admin\Documents\GuardFox\o7Hwfo_uogy9uqCn1IMWTstq.exe
| MD5 | b7d086085f5a6e794509fd9d0b0d2d3e |
| SHA1 | b9ea69c2a8c101d597bf890fceb7b42877b54f64 |
| SHA256 | fd842667975e9af606e43ac37ac3ecf81880a7dd631b71150e39d0b1e95fa6e5 |
| SHA512 | b8ae4a6845ef032220fcbab585914ba6e5c48d4555187cdc937eb0db99ed09a71b757476e61e8083a308b6597d626a25db6d7f7919fed38309a24564b6b6b5cc |
C:\Users\Admin\Documents\GuardFox\qemu-ga.exe
| MD5 | a5ce3aba68bdb438e98b1d0c70a3d95c |
| SHA1 | 013f5aa9057bf0b3c0c24824de9d075434501354 |
| SHA256 | 9b860be98a046ea97a7f67b006e0b1bc9ab7731dd2a0f3a9fd3d710f6c43278a |
| SHA512 | 7446f1256873b51a59b9d2d3498cef5a41dbce55864c2a5fb8cb7d25f7d6e6d8ea249d551a45b75d99b1ad0d6fb4b5e4544e5ca77bcd627717d6598b5f566a79 |
C:\Users\Admin\AppData\Local\Temp\jobA4_UBhXU4Hq3rac\zEIocmEFVxls8YWBR8HT.exe
| MD5 | 1b6fcd3aacbce730397668781ccd2649 |
| SHA1 | 456a750a0e09496227f23930f544c7ac2da8a5fb |
| SHA256 | 3cd08f29881c8e4b57020c2c69391326c64da99c06dd26eb6f6398a2b30a9fe4 |
| SHA512 | 266fec63d40a8e300bfcf54b87460295b3e0a923df204c834e46c139fe8ad6e5f63614bb5c961b8a87b3d8349d6e09e0752ff627ffca259e8d05d21f8f6b7684 |
C:\Users\Admin\AppData\Local\Temp\jobA4_UBhXU4Hq3rac\r2rj3k2FerFWMH392m53.exe
| MD5 | 48f02d958dbdab7506b65acd2715523e |
| SHA1 | 6947f918dd43fe589360c2fabc61517d16153220 |
| SHA256 | f19dab28652d8a21b7c71088d198325e247394f3e303b014b5e914dcfe68ae3a |
| SHA512 | e9a7f17790b71bb1e7d1a56a61abbb99874515250e9cd5351d0b001e6787fe7bde6869da833d1788d8e0d0cd9331395b9dc27be458a44b95ff19e182f5fced24 |
C:\ProgramData\mozglue.dll
| MD5 | c8fd9be83bc728cc04beffafc2907fe9 |
| SHA1 | 95ab9f701e0024cedfbd312bcfe4e726744c4f2e |
| SHA256 | ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a |
| SHA512 | fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040 |
C:\ProgramData\JJECAAEHCFIEBGCBGHIEGCFIII
| MD5 | 6ae0898779e77a7e4390188d02dff82f |
| SHA1 | a4e556091602872fd0018043280879576e07af7d |
| SHA256 | a8316558538cbe5b7df469ab452466ec2e250d934893bb29326d5f3331a6caa9 |
| SHA512 | aca6c621b068c275feec7ea3ab509af1bd820ec41eb096120cd8bfbab085c70e991cd483538136e392dbac44d7c4b1e54c0d4aaf25d87c98e6befc8a555b82bd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 05ed8d7350c6abddb2413582af13b728 |
| SHA1 | 98b3e6793352038355ee54fc58828e5ca1cf0f77 |
| SHA256 | 878b0ffac96b1428cb415ab15b289258dcf9fc175ac2571622e4dc1219f32c01 |
| SHA512 | b80bf631b56588daf08570c05aac9a67cee414403149c223a005a7dd9c81b5e8d4c6f175815106f039d47c1bfef875ecbf65efba106d5107b137f2aabe446058 |
C:\Users\Admin\AppData\Local\Temp\jobA4_UBhXU4Hq3rac\zVqgBQCPxPPq3RMThYrc.exe
| MD5 | 483d444563f8e59e40a64332e51bfbb4 |
| SHA1 | c104f3f580daa5ff4030d491b44ce8a396ac0cef |
| SHA256 | 7cbc4ebb3e4f63e7b8e3e2666586bab9b593eb440f8d38fe6db8cde352039a8b |
| SHA512 | 953f09a0f0a5a1f755f01d18fbf1a61c0d86b7565a76f317190f0e85ac2fe098db42a26acffb4bc7efe1f3a7650726f123f19a8d4547ccedd3c582057a4d6669 |
C:\Users\Admin\AppData\Local\Temp\1000119001\FirstZ.exe
| MD5 | 416c86010c09fe4b9a27d9254e211a1f |
| SHA1 | ba372d9ad6715848c1cf7692ff1236c212f847ae |
| SHA256 | 22085ff3e536acded0f65127d10233a67a17452b49ce05b30d9e50b77d415ff5 |
| SHA512 | d26696d353be55d254e2efbf0d8741c9df967c2c42cc4d44b518205685d295747524ffc8ebd9dc46d99965bda6e5d48e209b90c62576398d34694e0ad67130ff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 960c40e9c0cc34f524036f14e7cdf9e0 |
| SHA1 | 3605c6064f05c5d9780dfd3769de3802f50cc234 |
| SHA256 | 8195b223758485f96a3ef00c50acd98e9b273789e39f29f69bfe40d9e62ed903 |
| SHA512 | ea20218ba998ac114890c908ed27c778728fa194bc9b90ff338adf1379e7f1a549c08c28dcd9d66b9b102c7e4db050b1ea22479eac394a3860403c2e696b70be |
C:\Users\Admin\AppData\Local\Temp\jobA4_UBhXU4Hq3rac\CwjKmD00H2J83qh3IOKL.exe
| MD5 | 9d340e9b13e5c50d7f301a0acf4fc932 |
| SHA1 | e06d466b10976a0e6e12c6060487f6a0327bc2c9 |
| SHA256 | c12be66608fdd3133b509d42c1f07a0ed9791a1cc633e57934c0e1f71e32b98a |
| SHA512 | 97824b9c09764993f43f952359e0f7e7e846cbf007e5cfce1434289cd62a95da686e2ed15a0fadc9eed201ca82cdd0b8a1b03c6c47a22d43b6018609076227f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 22400295adfc32269f5a6f036147b814 |
| SHA1 | 3bb13033e3bafb850bdfd61e7dc4dc9392d6fde9 |
| SHA256 | 4812ace08ca49425cfac8835fc3a360b27d94888e849a80eae81b1eeb86d756d |
| SHA512 | 3bd73584bb2c5ba1594315f5bb081c23ed347074266f79b55b8b974544d591ad18d23b1d501e40cff45b09b999f011236361b686c6eeebf73aa10fc6c958e5e3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ceoajhiemdnnjfbilpkblfjghmmbhbda\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4b7494680df11efffc8662aec63183ce |
| SHA1 | ee00f16ef26a5288a9e98d62f7a2e7450ed65c71 |
| SHA256 | 8f2945b1c5877b2f41fe24da66f6e7f47ac62b47a4c46c99046bb1413cfdc82a |
| SHA512 | baa47d45ddefbf7a34213860938c902f466ebb04a69e2f520f0aff752a5d8779b70dd650244ebbdb9d08edbc5ee2f10a832d8c72a887eb4d0d2421c190883387 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | acb122398fa01d5720bda427bdf6780e |
| SHA1 | b31101f4bdd366539e3428d8ccda5af4882d3578 |
| SHA256 | e4b355275d1f5207d93ad32323e0679a4e488eabcd7f06b68f640f1f4e37bd1d |
| SHA512 | 090bd7a06f656a491480eff82133cd52f51eea37b785c6843117e1f5bb89448f6caceb5a659291342f55a3ba45660d71ceb85eff8dee85919817aab88531a74a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | dfdc06f87ccee228a118ce2ba5c6048d |
| SHA1 | 59276b97a8b9133c96c0327f942ba56e5cc5cafe |
| SHA256 | 0d0e1f6c477a6531399455ee391ff376c4760da823adf72200584fa4792e41bd |
| SHA512 | 951439f72b15c2c8dcef9b3b014e09231b42df2d7ddcdc6f787183d7e526e0724695b5b331239150f0449503c1ddba24814ba9aa76724e9d5d8e40ae7de03c53 |
C:\Users\Admin\AppData\Local\Temp\220B.exe
| MD5 | 57de32de8a936f8bd9d64598b311f673 |
| SHA1 | 3a0a39804bafd1eb8a4d4644ff82fccdbfe45e8c |
| SHA256 | de40e85794fe6f654a9efcef8880620159b8754d36b702bdc7b80a55ff1b98b1 |
| SHA512 | 44097b8d928a0e4add90ed43365f4d6547f5fe615106d42bd3c63f4ccca76bcfda5f5d5173a95c9387ac62d49fa58670877e888a1b38bab63ce0f99bf0e50def |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 86442225c71dcd4c40366e14e656ee7d |
| SHA1 | 8751863cb2997a0762c7c17fbf66b039ad98acd2 |
| SHA256 | 231b17af75d1d97c25e2d04c69b7a8d514a212987e3d3a9866b254a843845a1e |
| SHA512 | f2adf96bf77ecd5a69dbf9449692782eca11b737645d9c7b574752489cca0041f80fc7564be91e3995c04184c92c66512b040b4c746c1f321fabbe4107d3aee0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | c12e7598bd631110ace2438b7b44dd30 |
| SHA1 | d634c7b4f45500fdf85a31207af6162c167fe42c |
| SHA256 | d67a67a843b392190a5a9dc407a039ba46b1998697fe4b281366bee1291e1212 |
| SHA512 | 61d355eaeeeb74d69b738dd96121e3983dce5628f8c5cfd3ece95046ab910142ccda956e5e38a8a7e3d42a53af6a3199c697aa997ffc6bedf6e371d5b60c7fa4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5823cf.TMP
| MD5 | eafa2205e1650fa196804b95b4aee628 |
| SHA1 | ea15cdb89065514230ca986157e48712505fb4c3 |
| SHA256 | 738c66a0e3837f1ccd9a9d160fdb14a3df12d1e810a47d2ac1a242df6e19043b |
| SHA512 | 1caf74b7c9eab4318c4fd986eb807f403f12ce3f479471d316f97d798d96b528456884732a99823903a7fa4c4234627ed4a9ed10a9145d0a4e6890d5533e3f84 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | b9b02d92e33d11af62fdf3675c6dcbc4 |
| SHA1 | 21cf3a6e98b17b655ca6de5888d1402e8cf54499 |
| SHA256 | dc078d0ca1a9392e42502551ef01e4a28d86455d8fceeeab5076e9f651c696f6 |
| SHA512 | 013070d10126212011d2bf729fce86c5563a3b4ec148aaf02fd9e0941b499ddcb9202fffb2298ad0e94cc0ca5d409d1d4db2c39756cbb67a38ebaef04c4ba755 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d8d81be423330430b33c725495867c49 |
| SHA1 | a1ea62a94ac139f83d8d41a448aa95a779a4cfc2 |
| SHA256 | c7def612cd8662417b47a00b498d99b091415b41818507d24cac9a6c7b801d1a |
| SHA512 | 1d999eda45fa5ea9efab33284c8f38a233825a9250019ed919897e7d0fd43b51277c719b23bc116d4fbcb8ad240596681241f668e10dad851565d30f77307cef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 3ac5af97b175ce98a7505e7041b56813 |
| SHA1 | 842c6585f724d54dfdbac73e6399ef9779fffe1e |
| SHA256 | 0c71165e29e64e6ef720a51ffe19bd3f4f2fda61dd8dd563c1a081659e917786 |
| SHA512 | 89db0d0ddbf02149aad3e14d96b565ea72ff0117c2ee8cb710e1ba698a0c40502e55a9066cb693b8df3e7f35749456ced5b1d8f6512f898c7458142f10995e93 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 165f90d989545a7a9393ba4a391f1a6e |
| SHA1 | 5e8b463aee655d7c586495e01a7f0fc385194c60 |
| SHA256 | 00e675e45e82ae879af5b1dd47c2cf13deee932ff4a0bc60f7360e3e935cb665 |
| SHA512 | e5a23e9cffb43df3482ec5cbd2e5d5bdcfa416ecf22100ccb0ffc63a1c4c0fc6592b7c80a134a5c56c94a4755bc5cc07066c5260758daf7fa5059e9a215d2043 |
C:\Users\Admin\AppData\Local\Temp\jobA4_UBhXU4Hq3rac\4z35P7v_AVVEPgRJajWj.exe
| MD5 | 1c0a3620164e45e25c22b4e08a9ffcae |
| SHA1 | 36cbbf824ddb92ed31fab48f6b33d7ba1c2d79da |
| SHA256 | 8a855d82975f9cf433f158c634f270f2c68ca5fb38771f30591ec7dd2bb9b1ab |
| SHA512 | 556df5903a1811870037c15bf380aae8c684e089b5d99e7cf4317e9036d39894fed9de3d1305d1cf45b04e19a69c83cdb3b995efd56f260c53db148472ca424f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 54144944b7819b38f8aa64c8fa386146 |
| SHA1 | 5dbd48908971b3fc43046cee3f355fe023886c23 |
| SHA256 | c5bf2223ab46044a524f973b5e3954522a6c1b6670a49e073cb9c24f721ac37c |
| SHA512 | 5f07c6950e2c3c0b87364233f300f0d9f76685739015c5d82c08ef63ce9a15dc1a8008b551d18cd34190edc54be9942829fb0aa374305844f1f7e31bffd0e5cf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | 767a825fad627dbedbd3aea5b5cff624 |
| SHA1 | 2dc97c8fd55e7482e8c53120f48d7a386ef53c40 |
| SHA256 | 5e1dc74096c7872e568f89c655d39a294e8255a2eea0d3eba537b099716e8b47 |
| SHA512 | 75cfb7d947ecd39dd35bd28bede49785a9c3e9c27776d36dc97609fab6a5a372383856ee43d7240f35a82fa7746ebe36186d7ce7b4f48dd767bb9a1be9a25f84 |
C:\ProgramData\Are.docx
| MD5 | a33e5b189842c5867f46566bdbf7a095 |
| SHA1 | e1c06359f6a76da90d19e8fd95e79c832edb3196 |
| SHA256 | 5abf8e3d1f78de7b09d7f6fb87f9e80e60caacf13ef3c1289665653dacd7c454 |
| SHA512 | f2ad3812ec9b915e9618539b0f103f2e9acaad25fbbacd84941c954ce070af231324e83a4621e951c1dbae8d40d50410954e40dd52bbd46e34c54b0d1957407b |
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus
| MD5 | b8041b468ad3056dcf6c740fe805d9f0 |
| SHA1 | c70b54a89213fe140eb9b52c7daddc25ce2492f3 |
| SHA256 | 60d23017670eb4ffa48b569a0702c008019fc348f1ec0cf6dd62931f7d5cc94b |
| SHA512 | a9633a5b9b5e3373b2820279c5ea0b3d780a3b50257415f6d555d316b3fe537ddf20f641dafb5a22082ceefc56b5a6da07adafbee1e9e01eed0fa5a42b422757 |
C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll
| MD5 | 1b7c22a214949975556626d7217e9a39 |
| SHA1 | d01c97e2944166ed23e47e4a62ff471ab8fa031f |
| SHA256 | 340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87 |
| SHA512 | ba64847cf1d4157d50abe4f4a1e5c1996fe387c5808e2f758c7fb3213bfefe1f3712d343f0c30a16819749840954654a70611d2250fd0f7b032429db7afd2cc5 |
C:\Users\Admin\AppData\Local\Temp\1000544001\Zjqkz.exe
| MD5 | 1247721f0be971fe6ddeb65918c70924 |
| SHA1 | 96b08d516c989053251f5e540b8b242bc42fb382 |
| SHA256 | 0c65ce6a5fb8aa91586993c4ce168f9993325cfc8935931ed78ef2563100dd59 |
| SHA512 | 1cc1fca379a7e5dd786582e4a0f7cc016fe56fb05dc13664c9eee662ad9b206f56e324d59d7e159757e93cc1583d8e5e52aae2f688a2ffee7d4f2a442c39f7c0 |
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new
| MD5 | 3b18ec6ba7e5c51d91009114abac57b4 |
| SHA1 | 26e46f54f3c2826405b9ae484ec2a76913d617c5 |
| SHA256 | cb686be79c5d4311c8d0cfa64fcd608486e269a0a989f8827e8419f52512f84f |
| SHA512 | 01e476b21f3a4b260cbc60e1a687b0ed220324e33f8af134c7b44c4805c49d02b4a5af8a8b24b22c16ac9eb04c1464ce97f360b00a0308da8dfe77dfe248e3e8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 2a6abd1bcd8e28ffb795d63a9b0410f3 |
| SHA1 | d448fd96d9a3fa34482bfaff7fdc6fee2ede6c56 |
| SHA256 | 0c1e03e512a1ceac87c7df93cf4a97a3605f9a17a56f72f042bca944a20b3eb5 |
| SHA512 | a61b8c634913961eb1dbbe174caa08a7a34d665de6b26726d3c94da72c035848c88ae020007b1d11097b845dd7930802a78dc74c5687bbbcfad3650761d56db5 |
C:\Users\Admin\AppData\Local\Temp\1000545001\gold1234.exe
| MD5 | ba8f16745f0978b309e5190a967eefac |
| SHA1 | b5a17b029a282962d679e0759df3919d41465cea |
| SHA256 | 6cd09e95b6ca042355ed6d3b8155cad7932341647f2a05ea5e24ca45f948f165 |
| SHA512 | c28bfd570e0af08fba2f4be4762175fc78aa6b347f701efc878cee0733bc3c4134bfd98cce701b63193825e2b98306ba1a056558c3f7eb2555852d6cd3ebfd7d |
C:\Users\Admin\AppData\Local\Temp\1000546001\rdx1122.exe
| MD5 | 4e1b305bb5c06e4006b2ffccb13e2fd0 |
| SHA1 | e5b84999b266d30469e4062066eeb448f275196d |
| SHA256 | fe758008c62d06f8ff152df059c0e428ca5dd06b9679b50b57970125b00bcd8c |
| SHA512 | 41ca97290b74c6520a13e574cc7b4eef7b4592a9b1ea68752ad1fd32f68d37c67a194bd25754fab9e12c0b991896ab85077bd5d2c016b42b04946ec7d651be72 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e1808d6b-c1ff-4e09-9518-bb37e64422ab.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Temp\1000548001\flesh.exe
| MD5 | 1d3518c5792cb53a80ff4a5385c42b26 |
| SHA1 | c6f0d3cde76d8c9831d4c2373fcdfa7b42a39a76 |
| SHA256 | 80f81151a850b62e975551a37442e085df7bd22d601799e369da6484db33d17e |
| SHA512 | 2416c3d0f80b30fd05db2e87395efaecb7cc787a6aabd9ddc639feed4a611e567a531ed0815c48f66011afe93ffbb2a2c71aaa790526dd93e7e1a35ffdd7478c |
C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll
| MD5 | 13d0884c9089d2118f3aeaa368a2c135 |
| SHA1 | 68052e28c79ceda019076eb28601696da430cca0 |
| SHA256 | e2fad8befcd09cbd6acd298e9ac424bb7fe2fe6715fc9f9daaac3031921752ef |
| SHA512 | 2ecb2d96d66b87d5315ecc7b01148b6332658dc177306e021a4d8c81410f39c4d166ef56b1fef7532bd27bb162ce91ee6a70647dc36215a11eb0e08dd939441f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b2cf01ae8545b70829face79f0a08a7a |
| SHA1 | ea360d62f83ed56aaf88dde233c900ad309d68cc |
| SHA256 | 6328c8b322e34d9e93562da1c8a67fa670bc8d8ea98c333ecda0ae0c2c659595 |
| SHA512 | 4b6e99691a3985e42aab451a652ea148f3a5fb0656500e72428cd54940c4560d62503b67f2aa7a2b6aa1589ac960738d023d9bd94853575c841ed9b4959d1f9d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 142a40e36d81ac03526a332a4104ff68 |
| SHA1 | c674823fe3a008ac3dcc25e4c2f29568b5295061 |
| SHA256 | 2d1f7a22f9baf8fdec2e58111caa3673cac40947313f20a358624c82b4a4243b |
| SHA512 | c6e34aaf9bbe761a03f783e6e75896b96960eab4b7eec753481f4ff7c304625d27b141b99fca0ef242845181043d135b61e4214d9a47538a4798e115f22f7888 |
C:\Users\Admin\AppData\Local\Temp\is-TTJOA.tmp\_isetup\_shfoldr.dll
| MD5 | 92dc6ef532fbb4a5c3201469a5b5eb63 |
| SHA1 | 3e89ff837147c16b4e41c30d6c796374e0b8e62c |
| SHA256 | 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87 |
| SHA512 | 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3 |
C:\Users\Admin\AppData\Local\AAC Audio Converter\lang\is-REDGR.tmp
| MD5 | 54ffd881611a92540e4c85e2759278c9 |
| SHA1 | ef0c1ec4f6efe6abdf9a23f1adcd88c4ec5b4348 |
| SHA256 | d075cbfb1b43dadcdac8cf572c18689134e59319fbe425e82c7bb7c4e7d5948c |
| SHA512 | d9f77cacb264d080e12e765cba3e1cc69a19c186526bbcb25d093e0a83b4b4b8beef37a4acf2e803a08eb76c77d4a97a21fea74475d6d9d16a63f2137ab6253b |
C:\Users\Admin\AppData\Local\Temp\1000552001\store.exe
| MD5 | c2a6e980dd05d40952c50d279f25ac55 |
| SHA1 | e600f30d00dba9a89dcc62b87d4748b0f81deed6 |
| SHA256 | 1626d38408644924407ec6f9a561329fa5ce7ed4faedac498bd5b9afc9bca68c |
| SHA512 | 5e0e69a91948006699710aca5087eac479281ad6e37442367374a8a89b0553de68254bbcb13c7da123f80d91d33e957e59e538b0e94713ac32d555d91dc1a1f6 |
C:\Users\Admin\AppData\Local\AAC Audio Converter\lang\is-SS6VP.tmp
| MD5 | 8f920115a9ac5904787bc4578f161a52 |
| SHA1 | 941332d718cf5161881ca903b2fb125124cac68b |
| SHA256 | f8b63fa29af4c7cff131bf14fbdaac8e6b6945444e0f13e57417fea4a3de1a6b |
| SHA512 | b8521748d276de667e2013c697005adc45e405fee9a9970b80427cb47ba829e2f9e31fdae2bafc54cca5aeaa4c371f4d25e1ea34989eea19e732fd129abfa1c2 |
C:\Users\Admin\AppData\Local\AAC Audio Converter\lang\is-7IL9Q.tmp
| MD5 | 613ccb3ab7bc5304da08120a11bb34f2 |
| SHA1 | 9e1231dc2ddc6deb2a66d494c45f0dfcf04b1d97 |
| SHA256 | 565efa1b0407d221b1e6bc44811f529f98fe4d9ffb6e756b56b9525acb87ce28 |
| SHA512 | d27efae6748105c343abcdc8777d2c5065bc342569af2fd3bee92544a01ad4caefe359adf69fa56bae1fbc87f86575b797c20d821a42869d0b34ab1004b0138a |
C:\ProgramData\TVTunerClassic65\TVTunerClassic65.exe
| MD5 | 8ef5aac43edb85e8990c0a84b17b9b6c |
| SHA1 | 199d87cf69abc4692fd8cbbd4ae2e662703e15c5 |
| SHA256 | 32f97002d2d8f2a33775d393362ed1f7aad563f0a01c6630f8e14db6abdcd85b |
| SHA512 | 2af61b049b0ce22859aa8bdb8e029a9f195d707feb01a019a89fb8887c27d26e1c60e167caab4cbc19d00a8471ecf4834a3dcd3a631790d1aea47dea1da42f2d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | bafe6366226250a0ccf3d7560ecac195 |
| SHA1 | 8a281a911f34e5b9c39c1cd3c313a1f68b162f60 |
| SHA256 | ce7f9c7ca8cdb6cfff3e740722c40eaac1db01db9813a132ff7cca7602c0156f |
| SHA512 | be4e585d2ae01ed377158232a9fbbcf1a924664b6752720fb879ddf2762b32431db06fbcae13964dd135813a4fab0164fe86ac122571f59dc001e52803739e7a |
C:\Users\Admin\AppData\Local\Temp\jobA4HiH9XL7koobFu\KvHrxJ77cmUgLogin Data
| MD5 | 14ccc9293153deacbb9a20ee8f6ff1b7 |
| SHA1 | 46b4d7b004ff4f1f40ad9f107fe7c7e3abc9a9f3 |
| SHA256 | 3195ce0f7aa2eae2b21c447f264e2bd4e1dc5208353ac72d964a750de9a83511 |
| SHA512 | 916f2178be05dc329461d2739271972238b22052b5935883da31e6c98d2697bd2435c9f6a2d1fcafb4811a1d867c761055532669aac2ea1a3a78c346cdeba765 |
C:\Users\Admin\AppData\Local\Temp\jobA4HiH9XL7koobFu\02zdBXl47cvzHistory
| MD5 | 90a1d4b55edf36fa8b4cc6974ed7d4c4 |
| SHA1 | aba1b8d0e05421e7df5982899f626211c3c4b5c1 |
| SHA256 | 7cf3e9e8619904e72ea6608cc43e9b6c9f8aa2af02476f60c2b3daf33075981c |
| SHA512 | ea0838be754e1258c230111900c5937d2b0788f90bbf7c5f82b2ceda7868e50afb86c301f313267eaa912778da45755560b5434885521bf915967a7863922ae2 |
C:\Users\Admin\AppData\Local\Temp\jobA4HiH9XL7koobFu\pSE1jchbiT9aHistory
| MD5 | 1fb36bd354356f9731b0219760ca337a |
| SHA1 | ac47129fd0b634458e50d2783c4911b283abb8b0 |
| SHA256 | 06097eaf077d4e753e6e3b87366b0b52a76ad4b82614d35fe3c31378c0e689e9 |
| SHA512 | 6e4f8b5a1b3bcdd0c2dcf6816e42344494102e5cd952c79252c78b6a8238ec21b9b9a74b556b16066793bf3959b8d748fed5268e38230fbbbe9157b6b624bc18 |
C:\Users\Admin\AppData\Local\Temp\jobA4HiH9XL7koobFu\02zdBXl47cvzcookies.sqlite
| MD5 | 91709bcc95bc37391af9de7d4f65caec |
| SHA1 | ec061060b5030c2bef258e40dfab170828e7a855 |
| SHA256 | 988ca1b3cfa46b92b802bee4112bee79261bd128f6c5f65a007b6a30c6a14598 |
| SHA512 | b3ab4fb9853e70efae2f0821ac525ceb7bfccdb0707a650c53adf17f3751f807961da02e63ee87c4ce5bba92705ced1eaa65ecb6729d33f9852b4dc5f2235780 |
C:\Users\Admin\AppData\Local\Temp\jobA3HiH9XL7koobFu\passwords.txt
| MD5 | b3e9d0e1b8207aa74cb8812baaf52eae |
| SHA1 | a2dce0fb6b0bbc955a1e72ef3d87cadcc6e3cc6b |
| SHA256 | 4993311fc913771acb526bb5ef73682eda69cd31ac14d25502e7bda578ffa37c |
| SHA512 | b17adf4aa80cadc581a09c72800da22f62e5fb32953123f2c513d2e88753c430cc996e82aae7190c8cb3340fcf2d9e0d759d99d909d2461369275fbe5c68c27a |
C:\Users\Admin\AppData\Local\Temp\jobA3HiH9XL7koobFu\information.txt
| MD5 | a75a3b39f5640a4a75ed494b2d50470e |
| SHA1 | 79d55f4afb9a5ef1435aa17e06124a46b60590bb |
| SHA256 | 1c99cead29efa6a7bbffba969f4eb01cfc03184f0ba720c075632a97d00bbe27 |
| SHA512 | ab272a1ad60fed4f7c001ce76ba282a64d5d2aaae3a72375c5c5c5f8e7825ec487d7567b18c88c1f4d3fa48d33ed944297bcc9f7d9384ea24b607d228a326b1e |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_hewdxvy3.zpe.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | b4276f86391ed7fc64b2cda7372e91c8 |
| SHA1 | 5c4f2ec4c4ac1e0420debbd95fdfa5ff8ae5054e |
| SHA256 | 329e8daf9ef543676b49e244524322957dadbec570998d0d0ab25f525f3a0790 |
| SHA512 | feae9f61d93ea6370939d2de0d046a2710126ed60837e2a5da0ac37866ebe8e6f25b86275c0e0085d6c0d3ce0a095e442c36241695993d3a1f352425cdfe212f |
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | edd4b4214f9464f023e9b169b7d9b9cd |
| SHA1 | 6c167fdf664a4bd521ebb5b469f9987950397aa0 |
| SHA256 | 03d3bb515b4cdd11af8bc7948bcd3da3a192f6709c7829cde008158a2ec0a389 |
| SHA512 | 7263c6548236bf295ca073cfe5fbff015428550c6ad7aff50a2872f4f0e016cb2492db5d7ef39380e2e5a9768a653698f75a8766c7ba503dd887aa92cefcac72 |
C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe
| MD5 | ff0b16216c0ff0710110c736e2822c4c |
| SHA1 | baef5a1e888dbb1e11c61bd912eb3ec82ca97a14 |
| SHA256 | 7e7f06e9926d3a253df8581811ed1314f89f4ef4545ad68dde2b16028334b689 |
| SHA512 | 629f5db550511a40b6cafa3afa0ad5df969e2a6181fffa82d17a42149c4392d387bcf7d4ff5feb36cc923741c3aa4d1a6d895ffda0dc1ab1aa99f838b072aa98 |
C:\Users\Admin\AppData\Local\Temp\1000556001\latestrocki.exe
| MD5 | 0ee79d0283f4b6d229f672f794e1cd85 |
| SHA1 | 50ae0034034f52772449e21772d3fd810b9ae5d8 |
| SHA256 | 03bc98eb8bc8c8c646235c2e82c5a63c624dedd6a8ae8a036e205422f9226cf7 |
| SHA512 | 2622f976bd1425859dc20cfc517bf08d20ea97f743aed09e0b77ae528ff32e1e925be2147038278efacd2eca29c6401c2e24ca0af35ebf215c400aa75f5949d2 |
C:\Users\Admin\AppData\Local\Temp\tmpC69A.tmp
| MD5 | e48629377861dac78b4b282522023b5e |
| SHA1 | 3eecf49d6179ef3b7c8f39b400056bb67b129f9d |
| SHA256 | d8bc33e38c79490fe245ceaaadd337003ab71bf60cbdc5ee63aa88077baff0b4 |
| SHA512 | 5ba1c4d80b9974c1e4a7a1c06bc16fb5de4fca8ed1819e6706eb2429df9c378bf8647f052810c629adfbf798faf69aae3903d14ccb2f3c7e9a69f728e9ad94e4 |
C:\Users\Admin\AppData\Local\Temp\1000560001\kskskfsf.exe
| MD5 | 8abff4445705723ed13db1674687301d |
| SHA1 | bee91c456db83bd639731496b3377e4ac4e80d2a |
| SHA256 | 1faf7ffb5a96db244bd7482208ffe5a8edd4f7b9111ee1b0272759c319cfd4aa |
| SHA512 | 5db55b458c759d13483980a193163d0c1d56ba63afb03acedc5fc72b98b381e240a448c57b2bfa20b31bf389a69cbb6ca4c5db4c041f4f974fdfbc0041bca925 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Temp\nsoC1C6.tmp\INetC.dll
| MD5 | c7ae096c02849c7eeb07623b18de8a59 |
| SHA1 | 9f57c75aa9f96121413a793d356d876a09f564ca |
| SHA256 | 711ce1b5b08d30470c7cb844d2dd9345ffb6c2add9392f56a86e8c515ba89ed0 |
| SHA512 | 2a070a13ed45b3cc289f8174eb313d244daf10c1ae36c837f305b450bf2f1b839850eed70f672bb94c75117fe232341b01a868824e42d4d01ddd754fa9b5670c |
C:\Users\Admin\AppData\Local\Temp\InstallSetup7.exe
| MD5 | 38c4f7802f73faa6c967fb06c58f3702 |
| SHA1 | 1fb8b9bacf0fd0981714e8559c115ad4f5584ebf |
| SHA256 | ab540e776e7ec418e7f1bcb5fe6a5e232212abf8cef3a92c6ef3f2ecb45d20d8 |
| SHA512 | 5e7cb0ed64b5679d34432160c1b0cfa119cd314f18fd89b5a0442fcb24c885b2b76be820fc184e365d34764aac831464bb445717438559337faa65a08c71ff83 |
C:\Users\Admin\AppData\Local\Temp\toolspub1.exe
| MD5 | b785e437077961aec871d6c2565402bc |
| SHA1 | dbda886c318c6ab6dd45163e3ea8a99bb5d3b8a8 |
| SHA256 | 86802cc1a5f1a878764c2b60e1b2bb51ccf604b052c3fd6cc5e5a0bcebfb3b31 |
| SHA512 | 5141ff70aa9f274cdc5be41caa41f161a6223797eb6b7bd768ce58f60317f6d6f7ac6c15ab4184734c8e4a1760c1d42e8cbea77c38e1b2d61cabaa62d29135c9 |
C:\Users\Admin\AppData\Local\Temp\F59E91F8
| MD5 | 5cac70fbe2fc9869397bf1989e592841 |
| SHA1 | cc522bec3c1772269465799d35268630248e801b |
| SHA256 | 17e571023337ad513deb4d436c17573b6ab3c9ebf2a3e30425c3f5fa9a638806 |
| SHA512 | f56d8d7a996401404b850b6503960ea17d68fe56acbc06de8fa9c39b20dd7f01d24837283f459655ac4efb3da10a8864623cbb041ca9ad81bc9afd1ecf9b5fb9 |
C:\Users\Admin\AppData\Local\Temp\1000569001\leg221.exe
| MD5 | d177caf6762f5eb7e63e33d19c854089 |
| SHA1 | f25cf817e3272302c2b319cedf075cb69e8c1670 |
| SHA256 | 4296e28124f0def71c811d4b21284c5d4e1a068484db03aeae56f536c89976c0 |
| SHA512 | 9d0e67e35dac6ad8222e7c391f75dee4e28f69c29714905b36a63cf5c067d31840aaf30e79cfc7b56187dc9817a870652113655bec465c1995d2a49aa276de25 |
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
| MD5 | beab8c9da5ff33308ba859fd13539a10 |
| SHA1 | 54fc9607d4e9ab712634804cbff392816e251526 |
| SHA256 | 67479f7f98563941052ee641c77f5f45bea85d114bbe5d2954ce45c792509e81 |
| SHA512 | 253eaf17038d1e97b0442a11e892aeb6b435748c8bd40c838bbba09b7609f4146e5385e80910e37d82adb93ff32c1a2b21b938bde1203f47fedc6206db0d14f3 |