Malware Analysis Report

2024-12-08 00:43

Sample ID 240124-n169lahfc7
Target setup.exe
SHA256 5c9ec77a657f11d8600eec7c726c1cdf618f402aa9ed1f3fa6a8f1f3380d0b29
Tags
djvu redline risepro smokeloader stealc zgrat pub3 backdoor discovery evasion infostealer persistence ransomware rat spyware stealer themida trojan amadey 24k logsdiller cloud (telegram: @logsdillabot)
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5c9ec77a657f11d8600eec7c726c1cdf618f402aa9ed1f3fa6a8f1f3380d0b29

Threat Level: Known bad

The file setup.exe was found to be: Known bad.

Malicious Activity Summary

djvu redline risepro smokeloader stealc zgrat pub3 backdoor discovery evasion infostealer persistence ransomware rat spyware stealer themida trojan amadey 24k logsdiller cloud (telegram: @logsdillabot)

RedLine

RisePro

Detect ZGRat V1

RedLine payload

Detected Djvu ransomware

Djvu Ransomware

Stealc

Amadey

SmokeLoader

ZGRat

Creates new service(s)

Downloads MZ/PE file

Stops running service(s)

Themida packer

Reads user/profile data of web browsers

Modifies file permissions

Checks computer location settings

.NET Reactor proctector

Unexpected DNS network traffic destination

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Drops file in System32 directory

AutoIT Executable

Launches sc.exe

Enumerates physical storage devices

Program crash

Kills process with taskkill

Suspicious behavior: EnumeratesProcesses

Views/modifies file attributes

Creates scheduled task(s)

Enumerates processes with tasklist

Delays execution with timeout.exe

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-01-24 11:55

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-01-24 11:52

Reported

2024-01-24 11:59

Platform

win10-20231215-en

Max time kernel

30s

Max time network

179s

Command Line

"C:\Users\Admin\AppData\Local\Temp\setup.exe"

Signatures

Detect ZGRat V1

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected Djvu ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Djvu Ransomware

ransomware djvu

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

RisePro

stealer risepro

SmokeLoader

trojan backdoor smokeloader

Stealc

stealer stealc

ZGRat

rat zgrat

Creates new service(s)

persistence

Downloads MZ/PE file

Stops running service(s)

evasion

.NET Reactor proctector

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1968775928-2924269989-3510977013-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\setup.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Reads user/profile data of web browsers

spyware stealer

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Description Indicator Process Target
N/A api.myip.com N/A N/A
N/A api.myip.com N/A N/A
N/A api.2ip.ua N/A N/A
N/A ipinfo.io N/A N/A
N/A api.2ip.ua N/A N/A
N/A api.myip.com N/A N/A
N/A ipinfo.io N/A N/A
N/A api.myip.com N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A api.2ip.ua N/A N/A
N/A ipinfo.io N/A N/A
N/A api.2ip.ua N/A N/A
N/A ipinfo.io N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\GroupPolicy C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
File opened for modification C:\Windows\System32\GroupPolicy\gpt.ini C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
File created C:\Windows\System32\GroupPolicy\Machine\Registry.pol C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
File opened for modification C:\Windows\System32\GroupPolicy\GPT.INI C:\Users\Admin\AppData\Local\Temp\setup.exe N/A

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\Documents\GuardFox\2rNhNEcNw_ySloYfdlydl5Vc.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\1000115001\toolspub1.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\Documents\GuardFox\YTox_MCSKRwJHg1SpZK8Y98k.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\toolspub1.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\attrib.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\setup.exe"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum

\??\c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s fhsvc

C:\Users\Admin\Documents\GuardFox\YTox_MCSKRwJHg1SpZK8Y98k.exe

"C:\Users\Admin\Documents\GuardFox\YTox_MCSKRwJHg1SpZK8Y98k.exe"

C:\Users\Admin\Documents\GuardFox\zQy0NOgy1Rb7OqdRZdgs_hO1.exe

"C:\Users\Admin\Documents\GuardFox\zQy0NOgy1Rb7OqdRZdgs_hO1.exe"

C:\Users\Admin\Documents\GuardFox\DFyMfvObJ8usnTwdj1GztYQE.exe

"C:\Users\Admin\Documents\GuardFox\DFyMfvObJ8usnTwdj1GztYQE.exe"

C:\Users\Admin\Documents\GuardFox\cmNy3IB9_5EvlEYHGF9GW0SQ.exe

"C:\Users\Admin\Documents\GuardFox\cmNy3IB9_5EvlEYHGF9GW0SQ.exe"

C:\Users\Admin\Documents\GuardFox\Cns1cHGKmXhz_HXdav4nLNRw.exe

"C:\Users\Admin\Documents\GuardFox\Cns1cHGKmXhz_HXdav4nLNRw.exe"

C:\Users\Admin\Documents\GuardFox\jXfmGilbDyI8ckBR530IqRzM.exe

"C:\Users\Admin\Documents\GuardFox\jXfmGilbDyI8ckBR530IqRzM.exe"

C:\Users\Admin\Documents\GuardFox\2rNhNEcNw_ySloYfdlydl5Vc.exe

"C:\Users\Admin\Documents\GuardFox\2rNhNEcNw_ySloYfdlydl5Vc.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 480

C:\Users\Admin\AppData\Local\Temp\is-7OP8H.tmp\Cns1cHGKmXhz_HXdav4nLNRw.tmp

"C:\Users\Admin\AppData\Local\Temp\is-7OP8H.tmp\Cns1cHGKmXhz_HXdav4nLNRw.tmp" /SL5="$20278,3301412,119808,C:\Users\Admin\Documents\GuardFox\Cns1cHGKmXhz_HXdav4nLNRw.exe"

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST

C:\Users\Admin\Documents\GuardFox\fFA6TKdlXa1JDaLwE3bYzWaz.exe

"C:\Users\Admin\Documents\GuardFox\fFA6TKdlXa1JDaLwE3bYzWaz.exe"

C:\Users\Admin\Documents\GuardFox\TMcIOeEwMsIWBGXFNbolMUOJ.exe

"C:\Users\Admin\Documents\GuardFox\TMcIOeEwMsIWBGXFNbolMUOJ.exe"

C:\Users\Admin\Documents\GuardFox\GROqsGl6h90I0zXqq4gFbf4x.exe

"C:\Users\Admin\Documents\GuardFox\GROqsGl6h90I0zXqq4gFbf4x.exe"

C:\Users\Admin\Documents\GuardFox\d4rpp5b1IR2uXI0gZxCsIs9A.exe

"C:\Users\Admin\Documents\GuardFox\d4rpp5b1IR2uXI0gZxCsIs9A.exe"

C:\Users\Admin\Documents\GuardFox\DhI9_2NRkwmRCsofJ3GRJ0x6.exe

"C:\Users\Admin\Documents\GuardFox\DhI9_2NRkwmRCsofJ3GRJ0x6.exe"

C:\Users\Admin\Documents\GuardFox\euCU7vfPHsacTg9i0zqHqBRD.exe

"C:\Users\Admin\Documents\GuardFox\euCU7vfPHsacTg9i0zqHqBRD.exe"

C:\Users\Admin\Documents\GuardFox\XTRA7YjGlK9Vd_LQIh5SzwaW.exe

"C:\Users\Admin\Documents\GuardFox\XTRA7YjGlK9Vd_LQIh5SzwaW.exe"

C:\Users\Admin\Documents\GuardFox\KjIIxd9k00s3liYBG782ijI5.exe

"C:\Users\Admin\Documents\GuardFox\KjIIxd9k00s3liYBG782ijI5.exe"

C:\Users\Admin\Documents\GuardFox\fFA6TKdlXa1JDaLwE3bYzWaz.exe

"C:\Users\Admin\Documents\GuardFox\fFA6TKdlXa1JDaLwE3bYzWaz.exe"

C:\Users\Admin\Documents\GuardFox\G0RX5STvE17sZf_g2LwWvby6.exe

"C:\Users\Admin\Documents\GuardFox\G0RX5STvE17sZf_g2LwWvby6.exe"

C:\Users\Admin\Documents\GuardFox\ioJ9tsr0R3KhvVCNQfnDbb4O.exe

"C:\Users\Admin\Documents\GuardFox\ioJ9tsr0R3KhvVCNQfnDbb4O.exe"

C:\Users\Admin\Documents\GuardFox\aGBF9ZWcO9LXdG3njGUruh8W.exe

"C:\Users\Admin\Documents\GuardFox\aGBF9ZWcO9LXdG3njGUruh8W.exe"

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST

C:\Users\Admin\AppData\Local\UUID Code Generator\uuidcodegenerator.exe

"C:\Users\Admin\AppData\Local\UUID Code Generator\uuidcodegenerator.exe" -i

C:\Users\Admin\AppData\Local\UUID Code Generator\uuidcodegenerator.exe

"C:\Users\Admin\AppData\Local\UUID Code Generator\uuidcodegenerator.exe" -s

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\WinTrackerSP\WinTrackerSP.exe" /tn "WinTrackerSP HR" /sc HOURLY /rl HIGHEST

\??\c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s fhsvc

C:\Windows\SysWOW64\control.exe

"C:\Windows\System32\control.exe" "C:\Users\Admin\AppData\Local\Temp\LgU0.CPl",

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\WinTrackerSP\WinTrackerSP.exe" /tn "WinTrackerSP LG" /sc ONLOGON /rl HIGHEST

C:\Users\Admin\AppData\Local\Temp\msvcp_win\UniversalInstaller.exe

C:\Users\Admin\AppData\Local\Temp\msvcp_win\UniversalInstaller.exe

C:\Users\Admin\AppData\Roaming\msvcp_win\UniversalInstaller.exe

"C:\Users\Admin\AppData\Roaming\msvcp_win\UniversalInstaller.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\LgU0.CPl",

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH1\MPGPH1.exe" /tn "MPGPH1 HR" /sc HOURLY /rl HIGHEST

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Users\Admin\AppData\Local\e4015202-61dd-4570-8a14-85fa4c607041" /deny *S-1-1-0:(OI)(CI)(DE,DC)

C:\Users\Admin\Documents\GuardFox\8dFUuPXhaghlBY9svrSYVMq9.exe

"C:\Users\Admin\Documents\GuardFox\8dFUuPXhaghlBY9svrSYVMq9.exe"

C:\Users\Admin\AppData\Local\Temp\jobA4ceFM88uXfjtJg\jTVSOKTat72Un0WaBRx0.exe

"C:\Users\Admin\AppData\Local\Temp\jobA4ceFM88uXfjtJg\jTVSOKTat72Un0WaBRx0.exe"

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH1\MPGPH1.exe" /tn "MPGPH1 LG" /sc ONLOGON /rl HIGHEST

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Users\Admin\AppData\Local\Temp\jobA4ceFM88uXfjtJg\nnX7HtMrOQ6I_QDZnwrI.exe

"C:\Users\Admin\AppData\Local\Temp\jobA4ceFM88uXfjtJg\nnX7HtMrOQ6I_QDZnwrI.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0x4c,0xd8,0x7ff9fc949758,0x7ff9fc949768,0x7ff9fc949778

C:\Users\Admin\AppData\Local\Temp\jobA4ceFM88uXfjtJg\yUm2oxq11KRJxZQ9zZ9D.exe

"C:\Users\Admin\AppData\Local\Temp\jobA4ceFM88uXfjtJg\yUm2oxq11KRJxZQ9zZ9D.exe"

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN 8dFUuPXhaghlBY9svrSYVMq9.exe /TR "C:\Users\Admin\Documents\GuardFox\8dFUuPXhaghlBY9svrSYVMq9.exe" /F

C:\Users\Admin\AppData\Local\Temp\jobA4ceFM88uXfjtJg\eXkD5E9oTVdnY4nrg9t0.exe

"C:\Users\Admin\AppData\Local\Temp\jobA4ceFM88uXfjtJg\eXkD5E9oTVdnY4nrg9t0.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\Admin\Documents\GuardFox\cmNy3IB9_5EvlEYHGF9GW0SQ.exe" & del "C:\ProgramData\*.dll"" & exit

C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe

"C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe"

C:\Windows\SysWOW64\timeout.exe

timeout /t 5

C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe

"C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe"

C:\Windows\system32\RunDll32.exe

C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\LgU0.CPl",

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\LgU0.CPl",

C:\Users\Admin\AppData\Local\Temp\jobA4ceFM88uXfjtJg\TsAYr9HGL5Mue6Ojasq1.exe

"C:\Users\Admin\AppData\Local\Temp\jobA4ceFM88uXfjtJg\TsAYr9HGL5Mue6Ojasq1.exe"

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN explorhe.exe /TR "C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe" /F

C:\Users\Admin\AppData\Local\Temp\1000114001\InstallSetup8.exe

"C:\Users\Admin\AppData\Local\Temp\1000114001\InstallSetup8.exe"

C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe

C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 1224

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Users\Admin\AppData\Local\Temp\1000115001\toolspub1.exe

"C:\Users\Admin\AppData\Local\Temp\1000115001\toolspub1.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1816 --field-trial-handle=2180,i,9792089055279853576,13313216801956571691,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1768 --field-trial-handle=2180,i,9792089055279853576,13313216801956571691,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=2180,i,9792089055279853576,13313216801956571691,131072 /prefetch:2

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 480

C:\Users\Admin\AppData\Local\Temp\nslD1B5.tmp

C:\Users\Admin\AppData\Local\Temp\nslD1B5.tmp

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2992 --field-trial-handle=2180,i,9792089055279853576,13313216801956571691,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2984 --field-trial-handle=2180,i,9792089055279853576,13313216801956571691,131072 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\jobA4ceFM88uXfjtJg\8EJqwAAKM4eiWpqUJQyt.exe

"C:\Users\Admin\AppData\Local\Temp\jobA4ceFM88uXfjtJg\8EJqwAAKM4eiWpqUJQyt.exe"

C:\Users\Admin\AppData\Local\Temp\1000495001\SetupPowerGREPDemo.exe

"C:\Users\Admin\AppData\Local\Temp\1000495001\SetupPowerGREPDemo.exe"

C:\Users\Admin\AppData\Local\Temp\1000117001\rty27.exe

"C:\Users\Admin\AppData\Local\Temp\1000117001\rty27.exe"

C:\Windows\SysWOW64\chcp.com

chcp 1251

C:\Users\Admin\AppData\Local\Temp\d887ceb89d\qemu-ga.exe

"C:\Users\Admin\AppData\Local\Temp\d887ceb89d\qemu-ga.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 2028

C:\Users\Admin\AppData\Local\Temp\1000119001\FirstZ.exe

"C:\Users\Admin\AppData\Local\Temp\1000119001\FirstZ.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4564 --field-trial-handle=2180,i,9792089055279853576,13313216801956571691,131072 /prefetch:8

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\Admin\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F

C:\Users\Admin\AppData\Local\Temp\1000544001\Zjqkz.exe

"C:\Users\Admin\AppData\Local\Temp\1000544001\Zjqkz.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\main\main.bat" /S"

C:\Users\Admin\AppData\Local\Temp\1000545001\gold1234.exe

"C:\Users\Admin\AppData\Local\Temp\1000545001\gold1234.exe"

C:\Users\Admin\Documents\GuardFox\fFA6TKdlXa1JDaLwE3bYzWaz.exe

"C:\Users\Admin\Documents\GuardFox\fFA6TKdlXa1JDaLwE3bYzWaz.exe" --Admin IsNotAutoStart IsNotTask

C:\Windows\system32\mode.com

mode 65,10

C:\Users\Admin\Documents\GuardFox\fFA6TKdlXa1JDaLwE3bYzWaz.exe

"C:\Users\Admin\Documents\GuardFox\fFA6TKdlXa1JDaLwE3bYzWaz.exe" --Admin IsNotAutoStart IsNotTask

C:\Users\Admin\AppData\Local\Temp\1000546001\rdx1122.exe

"C:\Users\Admin\AppData\Local\Temp\1000546001\rdx1122.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\1000548001\flesh.exe

"C:\Users\Admin\AppData\Local\Temp\1000548001\flesh.exe"

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

7z.exe e file.zip -p4632370330209207692137030328 -oextracted

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\46afe9c41d084a88984c315ec5cf1f3f /t 3856 /p 6132

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll, Main

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

7z.exe e extracted/file_9.zip -oextracted

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

7z.exe e extracted/file_8.zip -oextracted

C:\Users\Admin\AppData\Local\Temp\1000552001\store.exe

"C:\Users\Admin\AppData\Local\Temp\1000552001\store.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

7z.exe e extracted/file_7.zip -oextracted

C:\Users\Admin\AppData\Local\Temp\1000556001\latestrocki.exe

"C:\Users\Admin\AppData\Local\Temp\1000556001\latestrocki.exe"

C:\Users\Admin\AppData\Local\Temp\InstallSetup7.exe

"C:\Users\Admin\AppData\Local\Temp\InstallSetup7.exe"

C:\Users\Admin\AppData\Local\Temp\toolspub1.exe

"C:\Users\Admin\AppData\Local\Temp\toolspub1.exe"

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5620 -s 480

C:\Users\Admin\AppData\Local\Temp\rty25.exe

"C:\Users\Admin\AppData\Local\Temp\rty25.exe"

C:\Users\Admin\AppData\Local\Temp\1000560001\kskskfsf.exe

"C:\Users\Admin\AppData\Local\Temp\1000560001\kskskfsf.exe"

C:\Users\Admin\AppData\Local\Temp\FirstZ.exe

"C:\Users\Admin\AppData\Local\Temp\FirstZ.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 964 -s 384

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\Admin\AppData\Local\Temp\nslD1B5.tmp" & del "C:\ProgramData\*.dll"" & exit

C:\Users\Admin\AppData\Local\Temp\1000563001\pixellslsss.exe

"C:\Users\Admin\AppData\Local\Temp\1000563001\pixellslsss.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 964 -s 360

C:\Users\Admin\AppData\Local\Temp\1000564001\num.exe

"C:\Users\Admin\AppData\Local\Temp\1000564001\num.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 964 -s 436

C:\Windows\SysWOW64\timeout.exe

timeout /t 5

C:\Users\Admin\AppData\Local\Temp\1000569001\leg221.exe

"C:\Users\Admin\AppData\Local\Temp\1000569001\leg221.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 964 -s 620

C:\Users\Admin\AppData\Local\Temp\1000570001\leg221.exe

"C:\Users\Admin\AppData\Local\Temp\1000570001\leg221.exe"

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

7z.exe e extracted/file_6.zip -oextracted

C:\Users\Admin\AppData\Local\Temp\1000571001\Gzxzuhejdab.exe

"C:\Users\Admin\AppData\Local\Temp\1000571001\Gzxzuhejdab.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 964 -s 656

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

7z.exe e extracted/file_5.zip -oextracted

C:\Users\Admin\AppData\Local\Temp\1000572001\crypted.exe

"C:\Users\Admin\AppData\Local\Temp\1000572001\crypted.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 964 -s 716

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 964 -s 680

C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe

C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\Documents\GuardFox\8dFUuPXhaghlBY9svrSYVMq9.exe

C:\Users\Admin\Documents\GuardFox\8dFUuPXhaghlBY9svrSYVMq9.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 964 -s 532

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

7z.exe e extracted/file_4.zip -oextracted

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

7z.exe e extracted/file_3.zip -oextracted

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

7z.exe e extracted/file_2.zip -oextracted

C:\Users\Admin\AppData\Local\Temp\1000573001\moto.exe

"C:\Users\Admin\AppData\Local\Temp\1000573001\moto.exe"

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

7z.exe e extracted/file_1.zip -oextracted

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe delete "FLWCUERA"

C:\Users\Admin\AppData\Local\Temp\1000574001\stan.exe

"C:\Users\Admin\AppData\Local\Temp\1000574001\stan.exe"

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe create "FLWCUERA" binpath= "C:\ProgramData\eyfisgalqlbk\iojmibhyhiws.exe" start= "auto"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\1000573001\moto.exe"

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe start "FLWCUERA"

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop eventlog

C:\ProgramData\eyfisgalqlbk\iojmibhyhiws.exe

C:\ProgramData\eyfisgalqlbk\iojmibhyhiws.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\conhost.exe

conhost.exe

C:\Windows\system32\choice.exe

choice /C Y /N /D Y /T 3

C:\Windows\system32\attrib.exe

attrib +H "xfAk7rC2FeEN35Y8o.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop UsoSvc

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop WaaSMedicSvc

C:\Windows\system32\wusa.exe

wusa /uninstall /kb:890830 /quiet /norestart

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop wuauserv

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop bits

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop dosvc

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe delete "WSNKISKT"

C:\Windows\system32\powercfg.exe

C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0

C:\Windows\system32\powercfg.exe

C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0

C:\Windows\system32\powercfg.exe

C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0

C:\Windows\system32\powercfg.exe

C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe create "WSNKISKT" binpath= "C:\ProgramData\wikombernizc\reakuqnanrkn.exe" start= "auto"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 964 -s 796

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop eventlog

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe start "WSNKISKT"

C:\ProgramData\wikombernizc\reakuqnanrkn.exe

C:\ProgramData\wikombernizc\reakuqnanrkn.exe

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 964 -s 676

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe

C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "

C:\Users\Admin\AppData\Local\Temp\nss8FC.tmp

C:\Users\Admin\AppData\Local\Temp\nss8FC.tmp

C:\Windows\SysWOW64\chcp.com

chcp 1251

Network

Country Destination Domain Proto
DE 77.105.147.130:80 77.105.147.130 tcp
US 8.8.8.8:53 api.myip.com udp
US 172.67.75.163:443 api.myip.com tcp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.186.192:443 ipinfo.io tcp
US 8.8.8.8:53 130.147.105.77.in-addr.arpa udp
US 8.8.8.8:53 163.75.67.172.in-addr.arpa udp
US 8.8.8.8:53 192.186.117.34.in-addr.arpa udp
AT 5.42.64.33:80 5.42.64.33 tcp
US 8.8.8.8:53 vk.com udp
US 8.8.8.8:53 cczhk.com udp
US 8.8.8.8:53 joxy.ayazprak.com udp
FI 109.107.182.40:80 109.107.182.40 tcp
US 8.8.8.8:53 ji.alie3ksggg.com udp
US 8.8.8.8:53 294self-limited.sbs udp
US 8.8.8.8:53 medfioytrkdkcodlskeej.net udp
RU 87.240.132.67:80 vk.com tcp
RU 87.240.132.67:80 vk.com tcp
RU 91.215.85.209:80 medfioytrkdkcodlskeej.net tcp
US 172.67.173.86:80 joxy.ayazprak.com tcp
US 188.114.96.2:80 294self-limited.sbs tcp
US 188.114.96.2:80 294self-limited.sbs tcp
US 188.114.96.2:80 294self-limited.sbs tcp
US 188.114.96.2:443 294self-limited.sbs tcp
RU 87.240.132.67:80 vk.com tcp
RU 87.240.132.67:80 vk.com tcp
RU 91.215.85.209:80 medfioytrkdkcodlskeej.net tcp
HK 154.92.15.189:80 ji.alie3ksggg.com tcp
RU 87.240.132.67:80 vk.com tcp
RU 87.240.132.67:80 vk.com tcp
RU 91.215.85.209:80 medfioytrkdkcodlskeej.net tcp
RU 91.215.85.209:443 medfioytrkdkcodlskeej.net tcp
RU 87.240.132.67:80 vk.com tcp
BA 185.12.79.25:80 cczhk.com tcp
RU 87.240.132.67:80 vk.com tcp
US 8.8.8.8:53 x2.c.lencr.org udp
GB 173.222.13.40:80 x2.c.lencr.org tcp
BA 185.12.79.25:80 cczhk.com tcp
RU 87.240.132.67:80 vk.com tcp
RU 87.240.132.67:80 vk.com tcp
RU 87.240.132.67:80 vk.com tcp
RU 87.240.132.67:80 vk.com tcp
US 8.8.8.8:53 33.64.42.5.in-addr.arpa udp
US 8.8.8.8:53 86.173.67.172.in-addr.arpa udp
US 8.8.8.8:53 40.182.107.109.in-addr.arpa udp
US 8.8.8.8:53 2.96.114.188.in-addr.arpa udp
US 8.8.8.8:53 67.132.240.87.in-addr.arpa udp
US 8.8.8.8:53 209.85.215.91.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 40.13.222.173.in-addr.arpa udp
US 8.8.8.8:53 25.79.12.185.in-addr.arpa udp
US 8.8.8.8:53 189.15.92.154.in-addr.arpa udp
RU 87.240.132.67:80 vk.com tcp
RU 87.240.132.67:80 vk.com tcp
RU 87.240.132.67:80 vk.com tcp
RU 87.240.132.67:80 vk.com tcp
RU 87.240.132.67:80 vk.com tcp
RU 87.240.132.67:80 vk.com tcp
RU 87.240.132.67:80 vk.com tcp
RU 87.240.132.67:80 vk.com tcp
RU 87.240.132.67:80 vk.com tcp
RU 87.240.132.67:80 vk.com tcp
RU 87.240.132.67:80 vk.com tcp
RU 87.240.132.67:80 vk.com tcp
RU 87.240.132.67:80 vk.com tcp
RU 87.240.132.67:80 vk.com tcp
RU 87.240.132.67:80 vk.com tcp
RU 87.240.132.67:80 vk.com tcp
RU 87.240.132.67:80 vk.com tcp
RU 87.240.132.67:80 vk.com tcp
RU 87.240.132.67:80 vk.com tcp
RU 87.240.132.67:80 vk.com tcp
RU 87.240.132.67:80 vk.com tcp
RU 87.240.132.67:80 vk.com tcp
RU 87.240.132.67:80 vk.com tcp
RU 87.240.132.67:80 vk.com tcp
RU 87.240.132.67:80 vk.com tcp
RU 87.240.132.67:80 vk.com tcp
RU 87.240.132.67:80 vk.com tcp
RU 87.240.132.67:80 vk.com tcp
RU 87.240.132.67:80 vk.com tcp
RU 87.240.132.67:443 vk.com tcp
RU 87.240.132.67:80 vk.com tcp
RU 87.240.132.67:443 vk.com tcp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
RU 87.240.132.67:443 vk.com tcp
RU 87.240.132.67:443 vk.com tcp
US 8.8.8.8:53 sun6-21.userapi.com udp
NL 95.142.206.1:443 sun6-21.userapi.com tcp
NL 95.142.206.1:443 sun6-21.userapi.com tcp
RU 87.240.132.67:443 vk.com tcp
US 8.8.8.8:53 sun6-23.userapi.com udp
NL 95.142.206.3:443 sun6-23.userapi.com tcp
RU 87.240.132.67:443 vk.com tcp
NL 95.142.206.3:443 sun6-23.userapi.com tcp
RU 87.240.132.67:443 vk.com tcp
US 8.8.8.8:53 sun6-22.userapi.com udp
NL 95.142.206.2:443 sun6-22.userapi.com tcp
RU 87.240.132.67:443 vk.com tcp
US 8.8.8.8:53 psv4.userapi.com udp
US 8.8.8.8:53 1.206.142.95.in-addr.arpa udp
US 8.8.8.8:53 3.206.142.95.in-addr.arpa udp
US 8.8.8.8:53 2.206.142.95.in-addr.arpa udp
RU 87.240.190.89:443 psv4.userapi.com tcp
RU 87.240.132.67:443 vk.com tcp
US 8.8.8.8:53 sun6-20.userapi.com udp
NL 95.142.206.0:443 sun6-20.userapi.com tcp
RU 87.240.132.67:443 vk.com tcp
NL 95.142.206.2:443 sun6-22.userapi.com tcp
RU 87.240.132.67:443 vk.com tcp
RU 87.240.132.67:443 vk.com tcp
RU 87.240.132.67:443 vk.com tcp
US 8.8.8.8:53 89.190.240.87.in-addr.arpa udp
US 8.8.8.8:53 0.206.142.95.in-addr.arpa udp
RU 87.240.132.67:443 vk.com tcp
US 8.8.8.8:53 i.alie3ksgaa.com udp
HK 154.92.15.189:443 i.alie3ksgaa.com tcp
US 8.8.8.8:53 201.179.17.96.in-addr.arpa udp
DE 185.172.128.24:80 185.172.128.24 tcp
US 8.8.8.8:53 24.128.172.185.in-addr.arpa udp
RU 193.233.132.62:50500 tcp
US 8.8.8.8:53 app.alie3ksgaa.com udp
FR 194.33.191.60:44675 tcp
HK 154.92.15.189:80 app.alie3ksgaa.com tcp
RU 193.233.132.67:50505 tcp
US 8.8.8.8:53 60.191.33.194.in-addr.arpa udp
US 8.8.8.8:53 62.132.233.193.in-addr.arpa udp
NL 91.92.245.15:80 tcp
US 8.8.8.8:53 15.245.92.91.in-addr.arpa udp
US 8.8.8.8:53 67.132.233.193.in-addr.arpa udp
US 8.8.8.8:53 i.imgur.com udp
FR 199.232.168.193:443 i.imgur.com tcp
US 8.8.8.8:53 combinethemepiggerygoj.site udp
US 8.8.8.8:53 193.168.232.199.in-addr.arpa udp
US 8.8.8.8:53 qualifiedbehaviorrykej.site udp
US 172.67.175.187:443 qualifiedbehaviorrykej.site tcp
US 188.114.96.2:443 combinethemepiggerygoj.site tcp
US 8.8.8.8:53 iplis.ru udp
US 172.67.147.32:443 iplis.ru tcp
NL 45.15.156.229:80 tcp
DE 77.105.147.130:80 tcp
US 104.21.4.208:443 tcp
US 34.117.186.192:443 ipinfo.io tcp
US 8.8.8.8:53 32.147.67.172.in-addr.arpa udp
US 8.8.8.8:53 208.4.21.104.in-addr.arpa udp
US 8.8.8.8:53 96.134.221.88.in-addr.arpa udp
NL 45.15.156.229:80 45.15.156.229 tcp
NL 195.20.16.45:80 195.20.16.45 tcp
US 8.8.8.8:53 api.2ip.ua udp
US 8.8.8.8:53 api.myip.com udp
NL 45.15.156.60:12050 tcp
US 104.21.65.24:443 api.2ip.ua tcp
US 172.67.75.163:443 api.myip.com tcp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.186.192:443 ipinfo.io tcp
US 8.8.8.8:53 api.ip.sb udp
RU 87.240.132.67:80 vk.com tcp
RU 87.240.132.67:80 vk.com tcp
FI 109.107.182.3:80 tcp
US 104.26.13.31:443 api.ip.sb tcp
NL 195.20.16.45:80 tcp
RU 87.240.132.67:443 vk.com tcp
NL 45.15.156.229:80 45.15.156.229 tcp
RU 185.215.113.68:80 185.215.113.68 tcp
US 104.26.9.59:443 api.myip.com tcp
US 34.117.186.192:443 ipinfo.io tcp
DE 185.172.128.19:80 tcp
US 8.8.8.8:53 68.113.215.185.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
RU 193.233.132.67:50500 tcp
US 8.8.8.8:53 iplis.ru udp
US 104.21.63.150:443 iplis.ru tcp
US 8.8.8.8:53 iplogger.org udp
US 104.21.4.208:443 iplogger.org tcp
US 8.8.8.8:53 150.63.21.104.in-addr.arpa udp
RU 5.42.65.31:48396 tcp
DE 185.172.128.19:80 185.172.128.19 tcp
US 8.8.8.8:53 ipinfo.io udp
RU 193.233.132.62:50500 tcp
US 34.117.186.192:443 ipinfo.io tcp
US 8.8.8.8:53 shitshitshitshit.net udp
US 104.21.40.213:443 shitshitshitshit.net tcp
US 8.8.8.8:53 blackvlastelin.com udp
US 188.114.96.2:443 blackvlastelin.com tcp
US 8.8.8.8:53 31.65.42.5.in-addr.arpa udp
US 8.8.8.8:53 213.40.21.104.in-addr.arpa udp
DE 185.172.128.109:80 185.172.128.109 tcp
US 8.8.8.8:53 109.128.172.185.in-addr.arpa udp
US 34.117.186.192:443 ipinfo.io tcp
RU 185.215.113.68:80 185.215.113.68 tcp
DE 87.251.77.166:80 87.251.77.166 tcp
US 8.8.8.8:53 galandskiyher5.com udp
RU 158.160.118.17:80 galandskiyher5.com tcp
US 8.8.8.8:53 udp
DE 185.172.128.90:80 tcp
US 8.8.8.8:53 ji.alie3ksgff.com udp
AT 5.42.64.33:80 5.42.64.33 tcp
US 8.8.8.8:53 90.128.172.185.in-addr.arpa udp
HK 154.92.15.189:80 ji.alie3ksgff.com tcp
US 8.8.8.8:53 166.77.251.87.in-addr.arpa udp
FI 109.107.182.3:80 109.107.182.3 tcp
US 8.8.8.8:53 expenditureddisumilarwo.site udp
US 172.67.133.222:443 expenditureddisumilarwo.site tcp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.179.238:443 clients2.google.com tcp
US 8.8.8.8:53 222.133.67.172.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
DE 185.172.128.79:80 185.172.128.79 tcp
US 8.8.8.8:53 79.128.172.185.in-addr.arpa udp
US 8.8.8.8:53 i.alie3ksgaa.com udp
HK 154.92.15.189:443 i.alie3ksgaa.com tcp
US 8.8.8.8:53 202.178.17.96.in-addr.arpa udp
RU 5.42.65.31:48396 tcp
DE 20.113.35.45:38357 tcp
US 8.8.8.8:53 45.35.113.20.in-addr.arpa udp
US 8.8.8.8:53 api.2ip.ua udp
US 172.67.139.220:443 api.2ip.ua tcp
DE 141.95.211.148:46011 tcp
US 8.8.8.8:53 220.139.67.172.in-addr.arpa udp
US 8.8.8.8:53 148.211.95.141.in-addr.arpa udp
RU 185.215.113.68:80 185.215.113.68 tcp
US 8.8.8.8:53 habrafa.com udp
US 8.8.8.8:53 app.alie3ksgaa.com udp
KR 175.126.109.15:80 habrafa.com tcp
HK 154.92.15.189:80 app.alie3ksgaa.com tcp
US 8.8.8.8:53 15.109.126.175.in-addr.arpa udp
DE 185.172.128.19:80 185.172.128.19 tcp
US 8.8.8.8:53 gxutc2c.com udp
US 8.8.8.8:53 paperambiguonusphoterew.site udp
US 104.21.83.138:443 paperambiguonusphoterew.site tcp
BA 109.175.29.39:80 gxutc2c.com tcp
BA 109.175.29.39:80 gxutc2c.com tcp
US 8.8.8.8:53 138.83.21.104.in-addr.arpa udp
US 8.8.8.8:53 39.29.175.109.in-addr.arpa udp
BA 109.175.29.39:80 gxutc2c.com tcp
BA 109.175.29.39:80 gxutc2c.com tcp
BA 109.175.29.39:80 gxutc2c.com tcp
BA 109.175.29.39:80 gxutc2c.com tcp
BA 109.175.29.39:80 gxutc2c.com tcp
BA 109.175.29.39:80 gxutc2c.com tcp
BA 109.175.29.39:80 gxutc2c.com tcp
US 8.8.8.8:53 85.65.42.20.in-addr.arpa udp
BA 109.175.29.39:80 gxutc2c.com tcp
BA 109.175.29.39:80 gxutc2c.com tcp
BA 109.175.29.39:80 gxutc2c.com tcp
NL 94.156.67.176:13781 tcp
BA 109.175.29.39:80 gxutc2c.com tcp
BA 109.175.29.39:80 gxutc2c.com tcp
HK 154.92.15.189:443 app.alie3ksgaa.com tcp
US 8.8.8.8:53 consciouosoepewmausj.site udp
DE 138.201.125.92:15647 tcp
US 8.8.8.8:53 129.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 92.125.201.138.in-addr.arpa udp
US 104.21.71.8:443 consciouosoepewmausj.site tcp
BA 109.175.29.39:80 gxutc2c.com tcp
US 8.8.8.8:53 braidfadefriendklypk.site udp
US 8.8.8.8:53 8.71.21.104.in-addr.arpa udp
US 104.21.1.205:443 braidfadefriendklypk.site tcp
NL 80.79.4.61:18236 tcp
US 8.8.8.8:53 racerecessionrestrai.site udp
US 172.67.206.188:443 racerecessionrestrai.site tcp
US 8.8.8.8:53 205.1.21.104.in-addr.arpa udp
US 8.8.8.8:53 61.4.79.80.in-addr.arpa udp
NL 80.79.4.61:18236 tcp
US 8.8.8.8:53 cooperatecliqueobstac.site udp
US 172.67.160.12:443 cooperatecliqueobstac.site tcp
US 8.8.8.8:53 188.206.67.172.in-addr.arpa udp
US 8.8.8.8:53 12.160.67.172.in-addr.arpa udp
US 8.8.8.8:53 vesselspeedcrosswakew.site udp
US 104.21.17.48:443 vesselspeedcrosswakew.site tcp
US 8.8.8.8:53 carvewomanflavourwop.site udp
US 172.67.129.86:443 carvewomanflavourwop.site tcp
US 8.8.8.8:53 communicationinchoicer.site udp
US 8.8.8.8:53 48.17.21.104.in-addr.arpa udp
US 8.8.8.8:53 86.129.67.172.in-addr.arpa udp
US 172.67.216.203:443 communicationinchoicer.site tcp
US 8.8.8.8:53 retainfactorypunishjkw.site udp
US 188.114.97.2:443 retainfactorypunishjkw.site tcp
US 8.8.8.8:53 203.216.67.172.in-addr.arpa udp
HK 154.92.15.189:80 app.alie3ksgaa.com tcp
US 8.8.8.8:53 2.97.114.188.in-addr.arpa udp
US 8.8.8.8:53 brickabsorptiondullyi.site udp
DE 144.76.1.85:25894 tcp
US 188.114.96.2:443 brickabsorptiondullyi.site tcp
US 8.8.8.8:53 85.1.76.144.in-addr.arpa udp
US 8.8.8.8:53 pool.hashvault.pro udp
US 8.8.8.8:53 copyrightspareddcitwew.site udp
US 104.21.55.202:443 copyrightspareddcitwew.site tcp
US 8.8.8.8:53 202.55.21.104.in-addr.arpa udp
US 104.21.83.138:443 paperambiguonusphoterew.site tcp
RU 193.233.132.62:50500 tcp
NL 94.156.67.176:13781 tcp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.186.192:443 ipinfo.io tcp
DE 45.76.89.70:80 pool.hashvault.pro tcp
DE 185.172.128.90:80 185.172.128.90 tcp
US 8.8.8.8:53 70.89.76.45.in-addr.arpa udp
AT 5.42.64.33:80 5.42.64.33 tcp
US 188.114.96.2:443 brickabsorptiondullyi.site tcp
DE 185.172.128.79:80 185.172.128.79 tcp

Files

memory/4020-0-0x00007FFA17AD0000-0x00007FFA17AD2000-memory.dmp

memory/4020-2-0x00007FF7DC800000-0x00007FF7DD4D3000-memory.dmp

memory/4020-1-0x00007FF7DC800000-0x00007FF7DD4D3000-memory.dmp

C:\Users\Admin\Documents\GuardFox\cmNy3IB9_5EvlEYHGF9GW0SQ.exe

MD5 b982a1886afa6dc5d429f1d9fa631cf6
SHA1 59695508f14578530305bedb8a6196aed68d18ae
SHA256 34d25a6f3925f6ac52da525a74a45bfc284f5815fd3a18a6691a87932a02f451
SHA512 201cf1a8ac28298c37e9d7f23a18b14b2343c23082d11912065f8f512fdb461fe7236baf8d508a9ea1e7079e08e2531b781699603db5c7216f1979b338b37157

C:\Users\Admin\Documents\GuardFox\Cns1cHGKmXhz_HXdav4nLNRw.exe

MD5 8739ce46eb14e886de7eb60e81b82fbe
SHA1 993e7aa515a9b6f574702c58b70be6ca9b2006cc
SHA256 8210af8dd18c0e7dbfd76cef58ca7f5da0d03bfc4e4a541781cefd87cc2d1882
SHA512 c960a29b9236deb1010b2361a949f0611d880d6483ca35a731aea53f78b39a5cb70e85fe140866a8e64241858f87da2987114fb35659ff93e7d1a9fdfa52f05d

C:\Users\Admin\Documents\GuardFox\YTox_MCSKRwJHg1SpZK8Y98k.exe

MD5 1e4efa10727b15bd49e5af140b6a10f2
SHA1 4c286c92867ca111fbdf1a6538f1a142103361c0
SHA256 a880d9aba5ce9a19c13237d8f4af2f76329235ee94a3ed984e0564d6125f4667
SHA512 d9ba4320abb12753912e0f32787ee88889995fe7ba155f6fecbb6e4fb53ea4049d583263d9f6dc96818d3ff12e6f09e4119b88e676e195c66f69902d2760432f

C:\Users\Admin\Documents\GuardFox\2rNhNEcNw_ySloYfdlydl5Vc.exe

MD5 47367776129775ff7c382a0f1a6adf65
SHA1 bf14ecd55a0bc0d29a23a1e1b3270ff4deedf77f
SHA256 49c616bf0f452c60b770d3c2856f0ae7b99be5655596d6b4d76321168966959a
SHA512 8490683679e6bde2196855592cea0dba3906fe92edd952bf27ef939f09873910ee974b8ca3648cb6e0002fcdce83a50c5931c72b1c5efb76c2fbe7fc95cd6aae

C:\Users\Admin\Documents\GuardFox\zQy0NOgy1Rb7OqdRZdgs_hO1.exe

MD5 93d27211879f8ce50b4588e879104213
SHA1 66606a241408031dbc8c74082d189b6cae21ca1e
SHA256 7ee0979e735adccd1f4a0abf6869b368dff67d0b1638c6176eeb42a309c82cdd
SHA512 cf125b91cea7cef618b2b54b84fe7c66ea9e75cba71bfce5e45a262064824f64c8e8a4d7a8831cde7130fef95043560b5f11ca0e798ad4d92fd3973710b7f9c2

C:\Users\Admin\Documents\GuardFox\jXfmGilbDyI8ckBR530IqRzM.exe

MD5 82b69fc2505caef744a9cd0df382a455
SHA1 9b84812f1a90934011c695678ca5a55989c41428
SHA256 323a117ec41e5386e1f47e33bbdd181be0ecce58cfa87538e44697bda040ae16
SHA512 aaebbf3ab6ff8ea2bc94ba3b7aa95329427805549bc79dc4fddb0843130a4ab6dc46434dee8d9dedca76b5e6204fc5b7a8854894aa1b174bd44652a1a750b07e

C:\Users\Admin\Documents\GuardFox\DFyMfvObJ8usnTwdj1GztYQE.exe

MD5 f740608b4fc3a10a4526f0c2db5fc67d
SHA1 91a6a17d5a90be772997021532d6d0615d550fed
SHA256 35e87fae499edf23f25bfc5be34be901c0dcef34851db88b7d96eeeb6733860d
SHA512 2d45013aa54d29977eb173ef873ee2464081ee650c3df04fd381f9e8aaaca4bbc58de61228cbf365439ad05a81de4bed8cdafbf4a3762eb489da23d65010fe3c

C:\Users\Admin\Documents\GuardFox\GROqsGl6h90I0zXqq4gFbf4x.exe

MD5 63e8c181afbd60cbf5c63876546c7406
SHA1 450c10e32cc3f223b2740c075cc4861f5ea5e2fb
SHA256 67f1539e2bea3ab708d0c4dc1837e859644e19364435cd572273653465b5ae97
SHA512 4fa3fd3943a8bf9a444d3a766a7b154e858a58e989e4914f158c374be0195643a18bdb7ac4e699af2b84f4339d54a504eddc70d8f34921472cb8cf9576c78c2a

C:\Users\Admin\Documents\GuardFox\G0RX5STvE17sZf_g2LwWvby6.exe

MD5 c6fd7f30d5634f497119602279abf8a1
SHA1 d2d669618abb8848e16f68b50f38dbe9943bebd2
SHA256 e29a55dcf41a0d3a26b9c90d587ae94f24c023c49d3838c5c68386046632f1b9
SHA512 039821901cc9801b7de0ec0c08d15eed48c39d4505862a8ed4265426429d5154e8290348b7ad9e30b216ed5cd0bdad0c276c296a4350cfff7744fda231a94a75

C:\Users\Admin\Documents\GuardFox\ioJ9tsr0R3KhvVCNQfnDbb4O.exe

MD5 5fa878455587d484dba37e41a46b9343
SHA1 82f4dd3a18554bda4425a897433b31f2d783587a
SHA256 e63841c08999245e9c424161cca81afbecb2c9e20b53aa2eb988a923cddbe6a4
SHA512 60e23805e4a72ed423a65d2a3b19c2f6f4c16587f74499f78478180e0964dc9a80a584fb3a607c7a61ddf8085cd3ae23a5bf6a0d25aff78b96b808007d7e1654

C:\Users\Admin\Documents\GuardFox\TMcIOeEwMsIWBGXFNbolMUOJ.exe

MD5 7f43199533320db39934f6f4bb41ddb5
SHA1 a48830c5f6fb68b1597f04946cc75592ce602164
SHA256 3fab8343541f4395f58ce2c9a17c51e1b1691926ca4a5e1eea17c0569aa20e95
SHA512 b62aba4d6f9c105779d64ab15ba59f6bbdf403a4fac183c84ce4eef810f054341c9329f5f4d9dc8827c9a147c81e97949e71b6426bb4b85dc612a06929bbacd8

C:\Users\Admin\Documents\GuardFox\fFA6TKdlXa1JDaLwE3bYzWaz.exe

MD5 6f0e5ad311936054a33eb7287c594521
SHA1 c973d47705660081bcbce5a99832c5f035168776
SHA256 54ee98582d3733d200040666a41685a51467de8ed0f6e06bd076fb94ee7ec1a9
SHA512 a00a696feee34b30eaa3dc88878d649ea824d82abf67fbcfd058a2942d52a0092f750e3a41abc303b8b04a33b05a34b528be4e9827a272a40067e66ba8fa367d

C:\Users\Admin\Documents\GuardFox\_oEFU32KaDt0gpLmGibEz7g9.exe

MD5 bc019d498cd53649d359cf678a835779
SHA1 ada2e16d88843822d1dc70a9b03c4ad8f1e43d86
SHA256 95ab81c2a35fdc6f417f66dfbe1c9d4b4e528c755dd44f12ae369e7cb6f36fd0
SHA512 4b3e901cc6e3846174a9bde210d550b1895d078feffb1a6e46e3e615e2eef2ad9697d37fb60cb93e4e60cf7eae791a90e711540c13e9f7a5be79f6607dc61475

C:\Users\Admin\Documents\GuardFox\d4rpp5b1IR2uXI0gZxCsIs9A.exe

MD5 90ce59c5ea0288f901e2f14ee814a450
SHA1 154e1f9c7d84fe79a1d5e2012bfaae2fc359a808
SHA256 04a696d8391ad3bcd93a3b600e9459aa41d6451be79cddafecb7825bb96d95d9
SHA512 07b214722b5985b98b7c913be2dca98320290a0e9df108f1d314447b47d4b06918e75c524dbeba9946a0d58b1968c5dee4b0adfeec7a6db97850705ed106a87e

C:\Users\Admin\Documents\GuardFox\KjIIxd9k00s3liYBG782ijI5.exe

MD5 eb9d1132e0c967a623fd5d9ebd53d109
SHA1 c0f5221c4a4d1d75eb7bbb39f9f9b66bb868d615
SHA256 65a4b913f32f1c9567ec8468ae9689c5b900c54843fab84cdfab441986a5519b
SHA512 11be80eac96a6dea3a13343da8d3172cb3b57b299a0ca2cb0c6a7f772bc2b2b4f380f4e2eaa57530e83de21d46803edbf8219d176f1bffda8d931907c0cb39a1

C:\Users\Admin\Documents\GuardFox\DhI9_2NRkwmRCsofJ3GRJ0x6.exe

MD5 91c25eb944b2188db2e841749a398ee8
SHA1 be001be8b11e8e5f549af2282fdb9a171ad61c03
SHA256 0e2907bc42fd4386fa611d57d340f5d5aafcf5de0c5599d7255ffe1c0dbdc46a
SHA512 deb04153eb5d417ed20b9d5d6ebdc8b04a73d8f5bdab6d9c07b824784e9c52154d11fc7047142faef979b72601bc0792b4a13eb5dc161318b5ce607d2b16d649

C:\Users\Admin\Documents\GuardFox\euCU7vfPHsacTg9i0zqHqBRD.exe

MD5 6831bae11d01a5fa8989d0a1677a9fc7
SHA1 3a2833a59afa468adc4931513240a8362c3fbf8a
SHA256 d699e268d8f668913689aa0174d80debc04823e59b0aced6ff60dc71df1434f1
SHA512 d83f20ee64091be19465a604482c4a6162938b5ca54e54a5aed340cd8d08408274fcf1740f8a9b082fbf2748c85da6f05dd378a7af3d5cac6ea6b2dfacf52258

C:\Users\Admin\Documents\GuardFox\vCSdCOg5wlNsNQ9TEJIlred9.exe

MD5 77abdb617b0a5e18cf947bf9e283626a
SHA1 cc75c0a1cf52d50b350aebd90bbfac8ee9d6f6ab
SHA256 b35403395468fd0dacd75c85abbd223efafde98d28e3ef3fbd15c684681949ec
SHA512 57c8ced467e2e942a8c9abab978986128c6cbcb7312b2295051e0cfe1e265b331794e31fa65fc18f56737c34e2f3e85ad5c4a714ee97245de39641cffb522e21

C:\Users\Admin\Documents\GuardFox\XTRA7YjGlK9Vd_LQIh5SzwaW.exe

MD5 440de6cf05348a15bdd3e32dd2f5466c
SHA1 0e78bef43a1ee3768cf6c8e3ecbbcc7ca7ea0e7d
SHA256 4b6726dbc5d66c56480c5e231b6bea2cc5c0bc2b035c7e3b19278cdf1c65dc5d
SHA512 cc7665ee8a1a906875b9ffa0ed612ea200e32ed0b9c58d95717d983bc16dca34fede83d56b6a6fb902cac7785d54b4124c437bc152b3a44a3ebd611a39f79994

C:\Users\Admin\Documents\GuardFox\aGBF9ZWcO9LXdG3njGUruh8W.exe

MD5 bd8fa7a4c71a32db7458ddc04f91882c
SHA1 a16918f9d1c570ed2665d585980b1f442229015f
SHA256 b174ebfb9610313e80d1bf3af38619c2458e3db66db3b44026227a0590416f66
SHA512 598629ebafff93e579573d937a20c243d75b2383d466ccc5f276714dd73a9b599312790d4e95d8825ac41012fb90e614f2937a37635c5081447c0d0ea432285a

memory/2436-220-0x00007FF6556F0000-0x00007FF655746000-memory.dmp

memory/2664-227-0x00000000001F0000-0x00000000001FB000-memory.dmp

memory/4656-239-0x00000000001F0000-0x00000000001FB000-memory.dmp

memory/4656-234-0x0000000002C00000-0x0000000002D00000-memory.dmp

memory/4364-226-0x0000000000380000-0x0000000000863000-memory.dmp

memory/4524-245-0x0000000000400000-0x0000000000424000-memory.dmp

C:\Users\Admin\Documents\GuardFox\XTRA7YjGlK9Vd_LQIh5SzwaW.exe

MD5 988bb91b50cf808780955f669a760f6d
SHA1 ff3f190091cc370e45b88ab035cf59aff5027019
SHA256 0af8dbc2842be28ba2714c90fa8b1c155c16e51da7ab9f9e5e9d3323f79daac2
SHA512 e0e09ca0f89f138c0af398039351cea1648c0b050c9ad5bad792684d61d639d9f488b7ce0881ce4d887994741d2b6b90261474ef682dcf8e5d5d9f4ca6b9a4e2

C:\Users\Admin\Documents\GuardFox\aGBF9ZWcO9LXdG3njGUruh8W.exe

MD5 b6f2813d8654c0c5ef146c58151d74bb
SHA1 d61806d8e255ffcebc725d39f8079f56e267ebd6
SHA256 7d20a76e07daa79d6d09daefea54498b976da8c6a120395668656abbca8e8976
SHA512 38894204b0618c3abb4ce11bbca871e0d0134b55ce64c77afd3e50c2cd54b942b5873daaffe4e1937bcbf4438ca85b6ec236f2305f33c44fe6af24f09f668a79

C:\Users\Admin\Documents\GuardFox\GROqsGl6h90I0zXqq4gFbf4x.exe

MD5 29545ab1f03d615eb13b5525b1b51eab
SHA1 453938500602028628c694e548b06b1ebfbed8fd
SHA256 d919ba50634cefa3f08751b95957c4d861c41928da5dde71964a36dafb74dc5a
SHA512 8ae953f0c9b8034148aa50042d726efe8d8b9e9e80ad098a37e26242f6834b62a5d32e8d49d24d0a925430e8d4ee986ea1cbf1c5ab943ec05f12f21a706a0e4f

C:\Users\Admin\Documents\GuardFox\d4rpp5b1IR2uXI0gZxCsIs9A.exe

MD5 91d50a961032174eb765b286b1dcd858
SHA1 828676b17b5e94044b8338d428c3cffb1f83d2f1
SHA256 d371278f36a1d88cf428461ec3e4671ec60a1c5a0181a86fe80c75f2b169eb80
SHA512 c684e679fe0b445636ec70d912b283cf32aba7c533c5b04c61f679230b051b13778f7da670fbe66c54a603de75b1ce4dbca9d3be72852be4d33479c92ec5722a

memory/4656-729-0x0000000000400000-0x0000000002B13000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

MD5 60fe01df86be2e5331b0cdbe86165686
SHA1 2a79f9713c3f192862ff80508062e64e8e0b29bd
SHA256 c08ccbc876cd5a7cdfa9670f9637da57f6a1282198a9bc71fc7d7247a6e5b7a8
SHA512 ef9f9a4dedcbfe339f4f3d07fb614645596c6f2b15608bdccdad492578b735f7cb075bdaa07178c764582ee345857ec4665f90342694e6a60786bb3d9b3a3d23

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

MD5 6268696c28afddc78170083b5f27b432
SHA1 f6489ed281e9b1984e2540c0a5a8cd21e90593b1
SHA256 193949ad46d40bca1d9fb60578fd37478206e8621cd8dd4c5943f41643493825
SHA512 7759bfc5de02a99c040174692ea6c974d01c4a5263f500c4b1b46ef94d279cec67c96c2fbbeacc5f83b681a9baa63cc281a7aee255b74e7cf4465b1fee09bd14

memory/2284-732-0x0000000002B40000-0x0000000002B5C000-memory.dmp

memory/2284-733-0x0000000000400000-0x0000000002B13000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-7OP8H.tmp\Cns1cHGKmXhz_HXdav4nLNRw.tmp

MD5 f7a1e7ca916b5665f68f9d8559aabacf
SHA1 d35baf1d886e338beac6ec1cd77d2b1e9386cedf
SHA256 4860cc12e693259f41fc361dade9c473e3af6f2a3665b8e150b30fbc4db155d7
SHA512 341ad526bf17d6ce141cf97cf8af0342c2a8646086cb767efe806ba2ef571c6768162270e65830582399fbcaf8619f74a66fb823b5a0a224270cb7f36239bab8

C:\Users\Admin\Documents\GuardFox\euCU7vfPHsacTg9i0zqHqBRD.exe

MD5 2cac82b75529eaca2111c19d07668dd5
SHA1 25527710cce194c75dc1a87b416c000aaca06f4d
SHA256 0deb625b34248153974478c27a5ea8f21441946bd5814ce87fab41002a40de16
SHA512 927aec289f0185941e9da16769ffd6446a5e50740098a1908405ae240b5d53678b3352ee890d747bd17417866391b0d14c003bf501a1384044187a0ea165a444

C:\Users\Admin\Documents\GuardFox\XTRA7YjGlK9Vd_LQIh5SzwaW.exe

MD5 58f3475574716e62f2eb973b58f7c3e6
SHA1 89ebba01cc41c0fac5ad08bea8fa859bedaecfdd
SHA256 2fabebed0f2d9016d49425142492b0b8f83556bf4231df84a63c6e4bdb44f6e7
SHA512 9952a9a55ae56554c7f41c9885b99af35891c1602e4745b90f45611a4a8168706efb8d3c41626bd9a8714a006535f96e3961deb24701bb2bab6da0727f2238d3

C:\Users\Admin\Documents\GuardFox\d4rpp5b1IR2uXI0gZxCsIs9A.exe

MD5 38e62d574f0c1dcf16c0d0f26013c803
SHA1 67417f6957e731c20e0b960c1ec34ea8db1f6ef8
SHA256 2d92c3b1be5ffe322a405c1656e98309d88386da3193fb728e6ea10b2be2a5f2
SHA512 959cc1d146a67ac7151f93769e055efc7f4388082a30e93dc432c74bce53aceb1b8250c9f7e0c9e955196a8c93b041dc121b17e3560e9da906b5a6232dd1c64a

C:\Users\Admin\Documents\GuardFox\euCU7vfPHsacTg9i0zqHqBRD.exe

MD5 456276e639acca7ffa4ab8b477a67567
SHA1 b99c0542dd821ce622e11c4b2f742fa1ab5e53fb
SHA256 e2f322d4ae87a44b87d9941f4573701ad5ced558caffdc05d9e863ab9a53aa19
SHA512 83f0f3e4236ba59f045b8297ea4a35113c46ad0f4f673306519fe821537e52b19aeb882de8989b321303fa73f96b56bf105f54bf1f6172ddfe4568cf9fe699fb

C:\Users\Admin\Documents\GuardFox\d4rpp5b1IR2uXI0gZxCsIs9A.exe

MD5 68059a6d0d8372ccf7e5dfdb96d37f9b
SHA1 dfc948b33b9b5589ab4023f1b508d44970e3930a
SHA256 dc6c9f7bc69f31d523cad00dcc2201b561a671105366ed89adaabb8c984a05cd
SHA512 5362b8051a2795611e1584fdc64940b79ac148903b50400b01b72627365f085d955a161b62712c863bd77e49fb333ce1821429f36ab860c30bee31282ec2a777

memory/3532-779-0x00000000008A0000-0x00000000008F8000-memory.dmp

C:\Users\Admin\Documents\GuardFox\XTRA7YjGlK9Vd_LQIh5SzwaW.exe

MD5 98e9ab66e6b1a6588704cdb4289fc13b
SHA1 100cc659921c17d8b2de0f3714d5ff4dae095c9a
SHA256 3105a1c862948ea22626abc2ee17eec36756abf47c450b99e5cadc9b58f54ce6
SHA512 c2d9e3dfe826f6f8eaad658e9edde247e5d4a78d2e7637a2b1572a3ece00296a024fee25b30e6dcc6a9e26c8c92c34b624d9583a0a9f7bc437617c127aa08ce2

C:\Users\Admin\Documents\GuardFox\KjIIxd9k00s3liYBG782ijI5.exe

MD5 b566ecbaa0f08930efcddaae7acc1a53
SHA1 f9a5c92c53412aea5c687d25f00f262b8baa0559
SHA256 7717088c770b5a0aab8b48ed6fb459b1f4a63961fe849ce5cb40d88232501d7c
SHA512 90926c439c3a3e1d3da0ea1091d4f126bb8c29b9421240068b08e0c8e42340c56bb2714f7cd9a2c11f9c8252c195c0626f35c89dfa9c681de1ba6effed8d6b53

C:\Users\Admin\Documents\GuardFox\G0RX5STvE17sZf_g2LwWvby6.exe

MD5 d8d52a95b809c586afe1bbf5373edfc4
SHA1 4081f7d0211614df482969ba5af1f29e5ab2bee7
SHA256 629e031747e94b66f85f83711433a1c3d084ac0a57fbcc58f970be04de2d48cb
SHA512 ad743b537b5886ff6a685d8f9666d66aac955765c531a7d82adb72425754d762b9580491382f5e9d123e03d169f931ca91d6c6df44009a219ddcd17469b80c15

memory/2664-735-0x0000000002C30000-0x0000000002D30000-memory.dmp

memory/4524-734-0x0000000000400000-0x0000000000424000-memory.dmp

memory/2364-795-0x00007FF791A80000-0x00007FF791D61000-memory.dmp

memory/1232-792-0x0000000000400000-0x0000000000537000-memory.dmp

C:\Users\Admin\Documents\GuardFox\KjIIxd9k00s3liYBG782ijI5.exe

MD5 a6a85cf86643e192bd4c87fa4cb3a291
SHA1 d86a8874a1b9ba8aebaad50c9ece90d43d771ac1
SHA256 7bc076b665a371389cdbf336e3be5512613117af9a0df22caa462b48915b7903
SHA512 e5d1ce49328c085f5100c889a17ce9c078a26cf015b50baf800be09a8dbdfc2b507942176de47aaeda7aa438044208bd56ea73d65284b79167b8ab47e74e6a95

memory/1232-806-0x0000000000400000-0x0000000000537000-memory.dmp

memory/1232-916-0x0000000000400000-0x0000000000537000-memory.dmp

memory/3532-923-0x0000000002BD0000-0x0000000002BE2000-memory.dmp

memory/1160-920-0x0000000002680000-0x00000000026EC000-memory.dmp

memory/2772-921-0x0000000005120000-0x000000000536E000-memory.dmp

memory/3532-919-0x0000000005900000-0x0000000005F06000-memory.dmp

memory/716-918-0x00007FFA17AD0000-0x00007FFA17AD2000-memory.dmp

memory/2664-849-0x0000000000400000-0x0000000002B13000-memory.dmp

memory/2772-917-0x00000000055C0000-0x0000000005ABE000-memory.dmp

memory/3856-838-0x0000000005A60000-0x0000000005AFC000-memory.dmp

memory/1936-887-0x00000000025C0000-0x00000000026DB000-memory.dmp

memory/3344-862-0x0000000002CF0000-0x0000000002D06000-memory.dmp

memory/1936-819-0x0000000000A4F000-0x0000000000AE1000-memory.dmp

memory/2772-808-0x0000000005370000-0x00000000055C0000-memory.dmp

memory/1160-807-0x0000000002500000-0x000000000256E000-memory.dmp

\Users\Admin\AppData\Local\Temp\is-GKRRD.tmp\_isetup\_iscrypt.dll

MD5 a69559718ab506675e907fe49deb71e9
SHA1 bc8f404ffdb1960b50c12ff9413c893b56f2e36f
SHA256 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc
SHA512 e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

memory/3856-793-0x0000000000CF0000-0x00000000011C2000-memory.dmp

memory/1160-929-0x0000000002680000-0x00000000026E7000-memory.dmp

memory/1160-933-0x0000000002680000-0x00000000026E7000-memory.dmp

memory/2284-932-0x0000000002C50000-0x0000000002D50000-memory.dmp

memory/3532-928-0x00000000052F0000-0x00000000053FA000-memory.dmp

memory/716-922-0x0000000140000000-0x0000000140876000-memory.dmp

memory/1160-939-0x0000000002680000-0x00000000026E7000-memory.dmp

memory/3532-937-0x0000000005180000-0x00000000051BE000-memory.dmp

memory/3532-941-0x00000000051E0000-0x000000000522B000-memory.dmp

memory/1160-949-0x0000000002680000-0x00000000026E7000-memory.dmp

memory/4988-948-0x0000000000400000-0x0000000000D40000-memory.dmp

C:\Windows\System32\GroupPolicy\gpt.ini

MD5 7cc972a3480ca0a4792dc3379a763572
SHA1 f72eb4124d24f06678052706c542340422307317
SHA256 02ad5d151250848f2cc4b650a351505aa58ac13c50da207cc06295c123ddf5e5
SHA512 ff5f320356e59eaf8f2b7c5a2668541252221be2d9701006fcc64ce802e66eeaf6ecf316d925258eb12ee5b8b7df4f8da075e9524badc0024b55fae639d075b7

memory/1928-964-0x0000000000F50000-0x0000000000F51000-memory.dmp

memory/4676-952-0x0000000000DB0000-0x0000000001D63000-memory.dmp

memory/1160-970-0x0000000002680000-0x00000000026E7000-memory.dmp

memory/1928-967-0x00000000000D0000-0x0000000000A17000-memory.dmp

memory/4364-973-0x0000000000380000-0x0000000000863000-memory.dmp

memory/1160-975-0x0000000002680000-0x00000000026E7000-memory.dmp

memory/4780-979-0x0000000005450000-0x00000000054E2000-memory.dmp

memory/1160-980-0x0000000002680000-0x00000000026E7000-memory.dmp

memory/1160-965-0x0000000002680000-0x00000000026E7000-memory.dmp

memory/1160-985-0x0000000002680000-0x00000000026E7000-memory.dmp

memory/3532-982-0x0000000005570000-0x00000000055D6000-memory.dmp

memory/4780-981-0x0000000005390000-0x000000000539A000-memory.dmp

memory/4780-966-0x0000000000E40000-0x0000000001616000-memory.dmp

C:\Windows\System32\GroupPolicy\Machine\Registry.pol

MD5 cdfd60e717a44c2349b553e011958b85
SHA1 431136102a6fb52a00e416964d4c27089155f73b
SHA256 0ee08da4da3e4133e1809099fc646468e7156644c9a772f704b80e338015211f
SHA512 dfea0d0b3779059e64088ea9a13cd6b076d76c64db99fa82e6612386cae5cda94a790318207470045ef51f0a410b400726ba28cb6ecb6972f081c532e558d6a8

memory/4676-947-0x0000000000DB0000-0x0000000001D63000-memory.dmp

memory/4988-944-0x00000000001E0000-0x00000000001E1000-memory.dmp

memory/2664-925-0x0000000000400000-0x0000000002B13000-memory.dmp

memory/1160-989-0x0000000002680000-0x00000000026E7000-memory.dmp

memory/1160-991-0x0000000002680000-0x00000000026E7000-memory.dmp

memory/2284-988-0x0000000000400000-0x0000000002B13000-memory.dmp

memory/1160-994-0x0000000002680000-0x00000000026E7000-memory.dmp

memory/940-997-0x0000000000400000-0x00000000004BD000-memory.dmp

memory/4524-995-0x0000000000400000-0x0000000000424000-memory.dmp

memory/1232-1000-0x0000000000400000-0x0000000000537000-memory.dmp

memory/1160-999-0x0000000002680000-0x00000000026E7000-memory.dmp

memory/3532-1004-0x0000000072540000-0x0000000072C2E000-memory.dmp

memory/4780-1020-0x0000000076840000-0x0000000076A02000-memory.dmp

memory/2772-1022-0x0000000002390000-0x00000000023A0000-memory.dmp

memory/3856-1026-0x0000000072540000-0x0000000072C2E000-memory.dmp

memory/4780-1029-0x00000000778E0000-0x00000000779B0000-memory.dmp

memory/4780-1032-0x00000000778E0000-0x00000000779B0000-memory.dmp

memory/4780-1038-0x00000000778E0000-0x00000000779B0000-memory.dmp

memory/3532-1041-0x00000000052E0000-0x00000000052F0000-memory.dmp

C:\Users\Admin\AppData\Local\UUID Code Generator\uuidcodegenerator.exe

MD5 33e46616accad320995ff00c2e0e6dc1
SHA1 b14495d10ade41f0fe8db7ccae000dd563356c77
SHA256 fcd3c48b1e7b9eb7e3c2a554c0348d3b29848410ef1162ca8cbcef1c48c0cd2b
SHA512 1fa5aea3096cad2f100cb42e5fba1af18ec3cc17267f7bff92668416014675ee092f383f3b2c7acf40d02b15ac701c1c397c3da5d3370def2161902bb0351a3c

memory/1160-1052-0x0000000004D60000-0x0000000004D70000-memory.dmp

memory/1160-1049-0x0000000072540000-0x0000000072C2E000-memory.dmp

memory/2772-1058-0x0000000072540000-0x0000000072C2E000-memory.dmp

C:\Users\Admin\AppData\Local\UUID Code Generator\uuidcodegenerator.exe

MD5 aacc40d9367068ff51913143d99cecdc
SHA1 4666758729ddcecce779af6abf79488d56f053d8
SHA256 60db094d584a504e611b5ae099eaf1958341c2d8af3b7f5d16a33faa5f074df6
SHA512 be5ad9b8d19f999dfc801db7b9529333811586ac29ec19763f9e9aacd4630d100a016cf03097a9eb791d0faef795c034faf3f259e441ea940ee6132caa2bde69

memory/2772-1067-0x0000000002390000-0x00000000023A0000-memory.dmp

memory/1160-1071-0x0000000004D60000-0x0000000004D70000-memory.dmp

memory/940-1064-0x00000000001F0000-0x00000000001F1000-memory.dmp

memory/1160-1074-0x0000000004D60000-0x0000000004D70000-memory.dmp

memory/2772-1076-0x0000000002390000-0x00000000023A0000-memory.dmp

memory/3516-1057-0x0000000000400000-0x0000000000760000-memory.dmp

memory/716-1081-0x0000000140000000-0x0000000140876000-memory.dmp

memory/716-1087-0x0000000140000000-0x0000000140876000-memory.dmp

memory/4780-1089-0x0000000077BB4000-0x0000000077BB5000-memory.dmp

memory/2436-1092-0x0000024E34F30000-0x0000024E3503B000-memory.dmp

memory/1160-1091-0x0000000004D60000-0x0000000004D70000-memory.dmp

C:\Users\Admin\AppData\Local\UUID Code Generator\uuidcodegenerator.exe

MD5 0874949c8935e9cfef97e5dc043491b8
SHA1 0fbc633bca69fb8033dac5163d9dec269d19b880
SHA256 0e4692e2b01b206fa60ba89b6446fa9fbe4d7e54ee89e74788792d78f3721b1a
SHA512 fa2c338ac1a6d537bd83adf9d9bcd561d154c9da6faf49600dc23aaedcba66cb6f1a6a0be4fc068cb8855b4f9fe710a971c00f91a2bc7f59016ecb836be591cf

memory/1928-1093-0x00000000000D0000-0x0000000000A17000-memory.dmp

memory/4988-1102-0x0000000000400000-0x0000000000D40000-memory.dmp

memory/4988-1105-0x0000000000E90000-0x0000000000ED0000-memory.dmp

memory/4988-1104-0x0000000000E90000-0x0000000000ED0000-memory.dmp

memory/4988-1106-0x0000000000E90000-0x0000000000ED0000-memory.dmp

memory/4988-1108-0x0000000000E90000-0x0000000000ED0000-memory.dmp

memory/4676-1110-0x00000000778E0000-0x00000000779B0000-memory.dmp

C:\Windows\System32\GroupPolicy\GPT.INI

MD5 93b3886bce89b59632cb37c0590af8a6
SHA1 04d3201fe6f36dc29947c0ca13cd3d8d2d6f5137
SHA256 851dd2bb0f555afaef368f1f761154da17360aeea4c01b72e43bf83264762c9f
SHA512 fc7baef346b827c3a1338819baa01af63d2d4c31f3f7e17b6f6b72adab70de81872a67e8f3c1a28453abb595dbac01819a9bcff0710e9651a45deaf2f89e65fb

memory/4676-1111-0x00000000778E0000-0x00000000779B0000-memory.dmp

memory/4676-1109-0x00000000778E0000-0x00000000779B0000-memory.dmp

\ProgramData\mozglue.dll

MD5 4ee43056e01abc8e505db4ed00544414
SHA1 476ade2cc600b80437fdc314ea1c4ef8ed26e9d8
SHA256 7ecbeb442533c4f4162a4809fe42c326e58fbd580b9491c30e850714230432e8
SHA512 f432ac028ef5e94d9f8fcde50d47f2a5e74609be0fe2cb00fd4eff0c641be31decd191395eb6c043588c73fbf72a32557b1280b700b59d83418318aeaac6d358

C:\ProgramData\mozglue.dll

MD5 c8fd9be83bc728cc04beffafc2907fe9
SHA1 95ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256 ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512 fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

\ProgramData\nss3.dll

MD5 b77ea4f92089ec8cd203a99d11a1eb44
SHA1 84919087221ed91ace80e339b344e640ec29e5a3
SHA256 88299ca9b677f8135f2d04056a8c396a1eeaa69bbdb8100d868f8429887b4cdf
SHA512 a7fd5f8a30eba988b7dafdb19be529723a16568dc0d6db529506b87150038ddbaa2a476dd7e89d8726419e9594103f6d4f2f6c36d0c4ea4b8a8340f32986b259

C:\Users\Admin\Documents\GuardFox\DhI9_2NRkwmRCsofJ3GRJ0x6.exe

MD5 525597a13473c1e484b4b641d122cf35
SHA1 3eb5d96134e261f142a140cc7c0dcc4cbf17a837
SHA256 03945708d89b9bd5aa1507aa02d982f2ea67f42abad7b2d69f1093183d8e955b
SHA512 2e7fd1fc6462f332acad96c559505fbf0691f1f6feac1d3ca35c05815c9d5b640a196460bac33cadd7607e80bd20af0b643edca9af604c2fc5feef2d8fb913b7

C:\Users\Admin\AppData\Local\Temp\jobA4ceFM88uXfjtJg\oOPEmFmu_xsJCookies

MD5 c9ff7748d8fcef4cf84a5501e996a641
SHA1 02867e5010f62f97ebb0cfb32cb3ede9449fe0c9
SHA256 4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988
SHA512 d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73

C:\Users\Admin\AppData\Local\Temp\jobA4ceFM88uXfjtJg\D87fZN3R3jFeWeb Data

MD5 7540ca42e247f0856ca4d4caca7deba3
SHA1 ba696363e1c2278de858f5fd17719567a33c9ba5
SHA256 5b3ff8c5f31fa06e47538f77438a8d53aedb39e15c1a9b78a9c51031eafca09a
SHA512 4db0a137c2c4dc3f0341a437bc1783a3b186c9bb5b09ba1e53ce4786b1222c67ab77bd75e0f834a6b0472a9dc6faffbc003623d97f3879277726b8b608f5ad63

C:\Users\Admin\AppData\Local\Temp\jobA4ceFM88uXfjtJg\3b6N2Xdh3CYwplaces.sqlite

MD5 81427a4fd5d59a2abf517c219eb8c5df
SHA1 e51775f91952fd381176ffba0e2f62e63e832b51
SHA256 d25eb7e922c130102d646efa9b486d18d45fc6e50ea1574a7ebe9979880a0fd7
SHA512 3770620cd701ed118013eef5c8183d1279b09c300ab37a1c06b834796f81a9830d2f8039d7c7eef06f0ad3d833f9ff9fd218075e79834847234edf8c2e33165a

C:\Users\Admin\AppData\Local\Temp\jobA4ceFM88uXfjtJg\8ghN89CsjOW1Login Data For Account

MD5 02d2c46697e3714e49f46b680b9a6b83
SHA1 84f98b56d49f01e9b6b76a4e21accf64fd319140
SHA256 522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9
SHA512 60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

C:\Users\Admin\AppData\Local\Temp\jobA3ceFM88uXfjtJg\information.txt

MD5 5551d840c4f49a70060238c6778fe73e
SHA1 87f432a9468682682b7fed3202d02f064b907d41
SHA256 445462138281347c14b5f9b2c1ed455c7c98760818f47b7469ed2e8101416abf
SHA512 bd46174375eaef84d0c20e1f9e4b8ccbe01ec6ececc7fab59da8defac0e8591aa2ce41db2ad9be3b635f168559eadf96d72a5ce03f2b7acf7e2597e49d396fe1

C:\Users\Admin\AppData\Local\Temp\msvcp_win\UniversalInstaller.exe

MD5 efa36e95216db75fa02dc46ccd8ba719
SHA1 12bc22427c9f84c71ec100496754a1c019a42846
SHA256 031619f557dc8c5ee6cee5e50f33eccae9b76a026ed705d7f2a46c39812e0e95
SHA512 6ca47d57a38b78f6a613c43437f7d909b504b80c60b370407f87ef59fff30635fcbe4dc1b2cde4263e7ff684094206b7f80992a86e595d44708c0e77d7661b11

C:\Users\Admin\AppData\Local\Temp\msvcp_win\relay.dll

MD5 7f934fea1f932a625927625a67ee80b0
SHA1 cb8909c500bb87ed3161c9bbd7d62181f3b78a75
SHA256 b1ebb4a2697d02f3597bb720f3da86d52ef81ac53883499c52f2fcc201f546a0
SHA512 a46d9cb42edf7a6cf69ae132f2120a486719dd7e1f4b0921af3282499e785c7dad9daa582625dbb52e2890965ede7f75d1c03c94d676df8e1bae987b6e0c040e

C:\Users\Admin\AppData\Local\Temp\msvcp_win\sanitarium.ai

MD5 fbc5c73621e5f1f8807b37353903b91a
SHA1 1aaba77765231ee617dc4ed822f59d7c0efeb1a2
SHA256 1d784d2c83b31be5dcae1c7dceee0e42d2e00c150b50758826609158ebd2c591
SHA512 fd22c48c9cc1c6a9ce4f884cde7c6c3148c90687354849e82b2c9b98c9c075100b17ccd9e4a14f33186c884ad88995a5560ee77b4189febb84aab2e17ca87d50

C:\Users\Admin\AppData\Local\Temp\msvcp_win\grille.eps

MD5 2b3af3b41255b4ced8911e4e107e73b6
SHA1 f5e16f7feae0286b21fe3e4c155beaa26c14b941
SHA256 5ba877e2f7f234c2a9b41a4a8350d592ec3208ab9c3a703c464add65fda648f6
SHA512 aa42b6f11d37ac104084ada9561edaa09b931440122057cd38f82623ffb476933ebddaaf0eb37ec4a983537b22ab49f152399c289aecf24d55368fb0657ec176

\Users\Admin\AppData\Local\Temp\msvcp_win\relay.dll

MD5 832d416f778a12667d881d0132787a83
SHA1 5388489509fd613a6ea4a695e283821a37600bb5
SHA256 54641cca277fb0dfddb38e87351d0558a76691284ed87e789d272164c87d96d7
SHA512 28d34cdcf152ce66a816b91f7db7a55dc3e62b0deac7154145911e64e2ee13059040147e246488b98ccb879e849c3b2f6b329b307ec082a090a511c97ac46e69

C:\Users\Admin\AppData\Local\Temp\msvcp_win\UniversalInstaller.exe

MD5 7d8024c52ce6db404a7066a0c0c62b8a
SHA1 77a142ee7eb7d3c219c952cef7bd5dc1d19e3587
SHA256 5189f142a4d625d498672cc2502abf9ec816135050c6690fe5b9ae99fae61c44
SHA512 4203117d4c4e0036f4ce5372f2870b67c66f568dbd1d0de0ab7787b401ad6a2d1f6370596565da32982b1e728089da623cab1a0e4a93464120fa07ff734a6401

C:\Users\Admin\AppData\Local\Temp\msvcp_win\UIxMarketPlugin.dll

MD5 3e6212b58ce4c24f4bfd051af5ff2986
SHA1 5575449b264e5656a5def0d6592cf4f585b32a7c
SHA256 c1ea206bcae79173de261924168b0a1e542e0422c1af94cdb60355eda8ff617a
SHA512 909d7fb7e5c0de5bcb9ef916a591264989778e8c84a86ce47c3388901c7c764c8f16675268d85b1023e79f8b7cc971ec0c6dbd9e487f3ee20a75b96a00528898

C:\Users\Admin\AppData\Roaming\msvcp_win\UniversalInstaller.exe

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Roaming\msvcp_win\relay.dll

MD5 abe726e6443d81297253400bc44d19cf
SHA1 2626b5a42da7f7182fa392e4c69bd34e481331e5
SHA256 5bab8c40c8d7ba92d16ec4e6b20178f676e08d249cce9bce374e64a5ef8e995e
SHA512 1caccb5df50104e59f52d4f0055086b8dfb39bb948ffe67319d91304860cb789024a638bcb90858127a82d267a793d332c32c9c1b4419efb34d94c46a10a123c

C:\Users\Admin\AppData\Roaming\msvcp_win\grille.eps

MD5 3b6a0b14dc8831e3b426cec742e90059
SHA1 75ef923554485165a5cee04910e550164e15c51c
SHA256 ed0a03950e1e3857fcc0623d57b7d5c3694762e1b999f8be0568bafb90209c3a
SHA512 f10bd3afb2dfb2b682f299579c58c0418835faa1e06ab352fd6621f9187b8a05a138434a67bcfce752d6dd96832a33013b3dc6a4a1260983b77ecb4914e41eb8

C:\Users\Admin\AppData\Roaming\msvcp_win\sanitarium.ai

MD5 4cb5e6e39ee3ed9f5c3a56842bf8e31f
SHA1 662bccbb1653b4d2f37295d408f8fc4416591582
SHA256 7df0130a7bea0f4b53fc48f30bb24cba4e3dda94c1fe364a6de88ab21714e0da
SHA512 4213c87ce37435ff7f6a26d8dd63531cf164c263d8a7ff463d7e002bbc0fc987a744dcdb56d9a82c81ad000b9b7b31a187b5ca54bc392e98d6116b797671e57a

\Users\Admin\AppData\Roaming\msvcp_win\relay.dll

MD5 f9cd128bd6e0c2298eec3f3073272f1c
SHA1 fe311de425777b16c8401ddf84873025774c8168
SHA256 30b74e49121f8d20be50668ec68f17fe695943ce913bf92cdb66da1929fbf105
SHA512 6c0be9ee108a5e91fb7124817843cbfc0b775582df525f2dac408905b1b7abea1636f78217e95c9a24ef73fc7e4c5b03dbce87d1e2d76ca478837f741619be40

C:\Users\Admin\AppData\Roaming\msvcp_win\UniversalInstaller.exe

MD5 4633a3161ab0f52fef092897c0cd1b82
SHA1 1ae283bc03033fcebfff5ee991eb67b3ebcc2102
SHA256 0ec90fd536180f7572c95999d684deb6f9ec83ae413e1e9ed3e24a125913932b
SHA512 b91944964774e670631a648240f65d77c981f33559388e2140b9aaad3a77e0cf8275a7f72c3baf72df43796227a75fd086528bc22d4e59a290c6d548091a802a

C:\Users\Admin\Documents\GuardFox\8dFUuPXhaghlBY9svrSYVMq9.exe

MD5 ec9deef40935b204d36f34972a005219
SHA1 ad203754cc31517cc714413c9e90b0e2eb7340cd
SHA256 d8b146834a991a247146e059540dbe43c73e38eaf7c0acf6045d4bd984a68ae3
SHA512 a2aec6a1e5b62d574c232787d364df6dd5c860327527bde0f891171cb9b785eb694167c5ae002dd37e0a829ae7947b395fbd7031c9e30ae2c978c18cb3bea60a

C:\Users\Admin\Documents\GuardFox\9DGWd0ps_7vKTHgGezZ5yTAA.exe

MD5 75780408f6578ae91e498621aad54f41
SHA1 ffa3069168df60d9f7e4cc7bac8627eaeac895ed
SHA256 e42575c092a3a9c31325ef8cf59fad78476bb10071eb51dfd5bc922ffa1371ff
SHA512 f2c2295425f949a6aea34b86192fabd00cdcc200daa997f3b64a4d7af0d9634ea2c93457cf4d7af56d6b607c37954991b7cdb89d1fe2265a66d285321c15c1fd

C:\ProgramData\Are.docx

MD5 a33e5b189842c5867f46566bdbf7a095
SHA1 e1c06359f6a76da90d19e8fd95e79c832edb3196
SHA256 5abf8e3d1f78de7b09d7f6fb87f9e80e60caacf13ef3c1289665653dacd7c454
SHA512 f2ad3812ec9b915e9618539b0f103f2e9acaad25fbbacd84941c954ce070af231324e83a4621e951c1dbae8d40d50410954e40dd52bbd46e34c54b0d1957407b

C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe

MD5 1b6fcd3aacbce730397668781ccd2649
SHA1 456a750a0e09496227f23930f544c7ac2da8a5fb
SHA256 3cd08f29881c8e4b57020c2c69391326c64da99c06dd26eb6f6398a2b30a9fe4
SHA512 266fec63d40a8e300bfcf54b87460295b3e0a923df204c834e46c139fe8ad6e5f63614bb5c961b8a87b3d8349d6e09e0752ff627ffca259e8d05d21f8f6b7684

C:\Users\Admin\AppData\Local\Temp\jobA484PKp_EKKIobA\02zdBXl47cvzHistory

MD5 90a1d4b55edf36fa8b4cc6974ed7d4c4
SHA1 aba1b8d0e05421e7df5982899f626211c3c4b5c1
SHA256 7cf3e9e8619904e72ea6608cc43e9b6c9f8aa2af02476f60c2b3daf33075981c
SHA512 ea0838be754e1258c230111900c5937d2b0788f90bbf7c5f82b2ceda7868e50afb86c301f313267eaa912778da45755560b5434885521bf915967a7863922ae2

C:\Users\Admin\AppData\Local\Temp\jobA484PKp_EKKIobA\02zdBXl47cvzcookies.sqlite

MD5 af3f30fbb79e6851b003d2c63d0805c0
SHA1 5d13516f3af0343da0763ac1295c40d4bd5b9b0e
SHA256 ca2befd328b5107fb33ed5c00b2c4e4703e6a14759d2de7a3fa642ab4639776b
SHA512 9c04174debfb0b5867595628e79f25240886f9bdd01694caef3cef52e3207feea71a46a9f4ffbe91eef910804f7e55eebff7370eb1ae021dff14798c1d16bbfc

C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe

MD5 a13780b8ee3f9cb4e22896211bf1bb46
SHA1 05dc361ac8ca32dc130c5e575d3d3e23835fce1d
SHA256 bcfe456d4088d90bd28bca4cf8ee0991d9bc09653813a0bb73eda324d1360e8a
SHA512 58c42535b6a1debd0a7528d4ddd40b7be086386acdc97b6572736ceedcfa9245d6fbf9bd5663bc775fab1499d6988e2dd628fe645e9f412ced351cc32d6afd84

C:\Users\Admin\AppData\Local\Temp\jobA384PKp_EKKIobA\passwords.txt

MD5 cb415a199ac4c0a1c769510adcbade19
SHA1 6820fbc138ddae7291e529ab29d7050eaa9a91d9
SHA256 bae990e500fc3bbc98eddec0d4dd0b55c648cc74affc57f0ed06efa4bde79fee
SHA512 a4c967e7ba5293970450fc873bf203bf12763b9915a2f4acd9e6fa287f8e5f74887f24320ddac4769f591d7ef206f34ce041e7f7aaca615757801eb3664ba9a4

C:\Users\Admin\AppData\Local\Temp\jobA384PKp_EKKIobA\information.txt

MD5 70bcf59df9d5340ba61620f306d9ec7e
SHA1 de2f7889860885609aef9856b3d741b9a6a6aaba
SHA256 0708fff6a512bfb90b8879d9da59143eefd38cd80f63a23c91af78f28f0b4964
SHA512 070c21286ec18f1ebd78dc2bd06ba2c6079a158270a5fac0b59bdf67f287cfe01d21938c570c4b5e0f4eaccc5e4fa273759360307b56d06c41db1361afff6c7c

C:\Users\Admin\AppData\Local\Temp\jobA384PKp_EKKIobA\Files\AddUpdate.txt

MD5 303449cfdba7f615c5a1691ebcc3884b
SHA1 517240db2372d2ee1fe63f2b15ce57914f2baad0
SHA256 7d9276f7a7dede230286784f2abdb6381f727ac40600e5d26480abd46718f52e
SHA512 1a4c0a958dcc5e089d3471a0493bc0d8b16ef6d9b888814f982c68b5bd88373dacb3bc937242c6db3c64747467303fe703d62917e8672257c9491fde3455050b

C:\Users\Admin\AppData\Local\Temp\1000114001\InstallSetup8.exe

MD5 745aaf2d3831f5b1eb0132cad4ac7d4d
SHA1 4fdc0ad63ceb132abbc1643ec9fb66917dd65b4e
SHA256 92d1875bdc64d25af56e8b9a7685af6d5b22b1c147100d32ba6886d39f5fcab2
SHA512 5f7f27dae5c2f6874162a9afc4f388cdcb832ea3209b64e191c0403877a3d0281c7cfeba439150e417a07c41ef129260fe86d06e6cfcba76b1e56e0fcd2ebf44

C:\Users\Admin\AppData\Local\Temp\1000115001\toolspub1.exe

MD5 9f81fc3c21e24fec9bca3edea3701166
SHA1 21746cc141904c9e9f2c626caff7679863a5eeb8
SHA256 af8aedd6ebd48609912b724d06cab5b173b1206ef720c5a3ffcb6bac14383164
SHA512 8b64358a1d29b43ac6ca85ca8a3f09091668a0f34d250b3ff2c6fbab0017736a478a5e77588bfdb75dd499e477745eded8ac527d09c7d3ca9baeb01ddcba6f4f

C:\Users\Admin\AppData\Local\Temp\nsmC7C1.tmp\INetC.dll

MD5 40d7eca32b2f4d29db98715dd45bfac5
SHA1 124df3f617f562e46095776454e1c0c7bb791cc7
SHA256 85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9
SHA512 5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d

C:\Users\Admin\AppData\Local\Temp\1000495001\SetupPowerGREPDemo.exe

MD5 e3e85877b0cfdee5bf1bbe0e90a499da
SHA1 01b29a77741595694a65722db04a1932b8c8963b
SHA256 974fcf34f49540a975b8b3305b7f0a8f9582cc739fd421d895f9be8129c77caa
SHA512 cabfc26b5cd1c0ba04b7e9b4e048be87cd38c612c33ce8842f8ca8fe99dce834aae40158f4b7347ee8e6b5bb30c43fa557964e12e31f346f9ae530d320324f59

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 81ae5d9caa10b2183ee1b23e4da1231e
SHA1 7985d11b028f135b5896213fb4da0eddc507bff8
SHA256 46b773bfba4b414ccf26b702595d9ad56a17427c36c4d66798f47e4431f2b952
SHA512 35f33015a510052f14169dced60dafc7f65b1d44888453dcf0991165a7231cf314148f27f98c125b29b31782fa9341450127e99e1c56ff503dc1464d251aad93

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Temp\1000119001\FirstZ.exe

MD5 ffada57f998ed6a72b6ba2f072d2690a
SHA1 6857b5f0c40a1cdb0411eb34aa9fe5029bcdb84f
SHA256 677f393462e24fb6dba1a47b39e674f485450f91deee6076ccbad9fd5e05bd12
SHA512 1de77f83a89935bb3fc3772d5190c3827d76a998785d451e2c0d11a0061cfd28f1b96eccb41b012c76ddda2021e3333a0a647489ae3c6dac10cfb8302abdf33f

C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll

MD5 1b7c22a214949975556626d7217e9a39
SHA1 d01c97e2944166ed23e47e4a62ff471ab8fa031f
SHA256 340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87
SHA512 ba64847cf1d4157d50abe4f4a1e5c1996fe387c5808e2f758c7fb3213bfefe1f3712d343f0c30a16819749840954654a70611d2250fd0f7b032429db7afd2cc5

C:\Users\Admin\AppData\Local\Temp\1000544001\Zjqkz.exe

MD5 3ef515bb081e3a8546a39219bf1310a4
SHA1 65b19bc8100f6b67368c46b33d39ef441aaeaeb0
SHA256 9ae50d0f38c49c5e2a1e90d5bfa9972e551f8274f83fcf7182ab3ed38b2fd394
SHA512 22dcac861796e40936f536c3eb908d16fb33b209dcfe5ebd39318bca9134bcdf1504d01ace87b348d6fcfa3cb92f7366d47df1de6f07a64f8b9eaaecf1c2fbd1

C:\Users\Admin\AppData\Local\Temp\1000545001\gold1234.exe

MD5 4dc62aa51086843a31d87236c87f21e4
SHA1 c7cdc373668dd8f7373a433ed0f3703843b67c10
SHA256 5a1a04657de632f044fcf0f4b089686de18840fa979a8265d8f9978f4feb5d27
SHA512 a876f4404d3be84ff8c36bd1005d844b0c22630cafb34631db7b07009c95f6564864a6811bb1b45ac415a64000748cb1626aa367d3deb8b616b6633bfde06658

C:\Users\Admin\AppData\Local\Temp\1000546001\rdx1122.exe

MD5 927fa2810d057f5b7740f9fd3d0af3c9
SHA1 b75d4c86d3b4fd9d6ecf4be05d9ebcf4d7fd7ec8
SHA256 9285f56d3f84131e78d09d2b85dad48a871eec4702cb6494e9c46a24f70e50f9
SHA512 54af68949da4520c87e24d613817003705e8e50d3006e81dcf5d924003c1a1b8185ba89f6878c0abac61f34efbe7a9233f28ba3e678a35983c1e74216a5ac1a8

C:\Users\Admin\AppData\Local\Temp\1000548001\flesh.exe

MD5 d8337d7ca38eddace5472f7a274b3943
SHA1 273fc254a6051aaf13d74b6f426fd9f1a58dee19
SHA256 3ac6dde9c9dfcaed7066ea5af5121fd75a7c6c1ab9bb7bb4ca35784d50efa202
SHA512 c65082f8478a7dfae7c244e093f34b8cd67599ab20e39a7db3fc50b346039588772764a4f737ad71fff74655534d6c307338c36de6ca209c5ff8b41d0171f589

C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll

MD5 85af6c99d918757171d2d280e5ac61ef
SHA1 ba1426d0ecf89825f690adad0a9f3c8c528ed48e
SHA256 150fb1285c252e2b79dea84efb28722cc22d370328ceb46fb9553de1479e001e
SHA512 12c061d8ff87cdd3b1f26b84748396e4f56fc1429152e418988e042bc5362df96a2f2c17bcf826d17a8bae9045ee3ba0c063fb565d75c604e47009ff442e8c8e

C:\ProgramData\nss3.dll

MD5 1cc453cdf74f31e4d913ff9c10acdde2
SHA1 6e85eae544d6e965f15fa5c39700fa7202f3aafe
SHA256 ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5
SHA512 dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

MD5 619f7135621b50fd1900ff24aade1524
SHA1 6c7ea8bbd435163ae3945cbef30ef6b9872a4591
SHA256 344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2
SHA512 2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628

C:\Users\Admin\AppData\Local\Temp\1000552001\store.exe

MD5 88a1669cf7aeddae3c96cb9512ae9a7f
SHA1 d8d934b2d7eb85a744012458e742d7616d7fe63a
SHA256 5bc7282bd88dccc0ac5e1c63456078cd7a59605dfcf3dd362f36b31b6b518332
SHA512 b907f7015c851c9dd7fa7d23c6a9bc4c775c0f5c30ef8b0f99b47fdf5653009ab483da657e2a2a5834561852f60f429f32feddcb10a12df56d87f787d862db2d

C:\ProgramData\RemoveHide.txt

MD5 cf740fd5ad6be11de03a382d34ad20dc
SHA1 a0bce501865f640a766eea71111ac3fbfad59bdc
SHA256 5d764cb6081a89ec69025b81aa0798cb9defad80c735455e2000f2486cda0677
SHA512 994c4688560a63ca4197ebffed7b22719b1bb75781ec61dab6439347a5a944f7b1141a75f62b12217a86357426fcdab65c48483b0eaf32ec23911631d277648b

C:\Users\Admin\AppData\Local\Temp\1000556001\latestrocki.exe

MD5 646914a93205fc40bd9b4d0a2df46181
SHA1 15c9611ca482884a52ff76b85db6f2bccaa30101
SHA256 ae42b5bea91cc6272260817859bd22ff25a3802179f1f29b532d77bed9bb467a
SHA512 86d36c6b45a73d5c15851907c1fe6f9d71ac83e05e8c998d1aceea8f1f88458fe5d11e8d2576f4124cf2b73492850f2a42f0023c914387983ec2a7b3c2d2afc2

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ezcolmnv.3ky.ps1

MD5 c4ca4238a0b923820dcc509a6f75849b
SHA1 356a192b7913b04c54574d18c28d46e6395428ab
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA512 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

C:\Users\Admin\AppData\Local\Temp\1000560001\kskskfsf.exe

MD5 d75a38987ba68363fb67861537749274
SHA1 f0b3f8c862c01dc1d419ae9dd24b6c03e88b9969
SHA256 cfc25ec5eeba4d8b6ab70bc0ce66492119f07739ac34fbe97048d5d253547c05
SHA512 1153bbb754163200198e7355cd9e6a5362830246492b9872bd4034267910ca63f41a873839597d2c4549042baf142fcd766ba6617d0bc7e2b28582171994d324

C:\Users\Admin\AppData\Local\Temp\1000563001\pixellslsss.exe

MD5 8244f65c3a732ddf4f1efd3e5fd6b518
SHA1 1d144dd4af5bc24596da2cdf4e83d69b6cbf1b64
SHA256 769dca9ebcfe2a0ae9060d97a9b91d159dcab16debb2dffe9b06d28ae6425f01
SHA512 5549a81d1a85b475ef0e59b33b59b4377f07c56547c99ab35f671b76d948c70259d98dd75df4f9456814cced8f47205031579b9e6c764b5d3df15735e7b21a7e

C:\Users\Admin\AppData\Local\Temp\1000564001\num.exe

MD5 074b6ff06109b2b69ae7dc9a0f1cb17d
SHA1 e31114f21e636520e9945ba9ee9289c4eb3ebcee
SHA256 2aa60848673a9097f89401c1d8c3c3785a943a54fe2ffac1ee9399917a2e8c7a
SHA512 d5a2aba12e255891d7a38dd443821692ed7608bda3f699e95ed39a9a878c19af3af1fe4c3ad5ddee0896434d745299ab9053f0adf98a7312b3aba7514aa96fa4

C:\Users\Admin\AppData\Local\Temp\1000569001\leg221.exe

MD5 d177caf6762f5eb7e63e33d19c854089
SHA1 f25cf817e3272302c2b319cedf075cb69e8c1670
SHA256 4296e28124f0def71c811d4b21284c5d4e1a068484db03aeae56f536c89976c0
SHA512 9d0e67e35dac6ad8222e7c391f75dee4e28f69c29714905b36a63cf5c067d31840aaf30e79cfc7b56187dc9817a870652113655bec465c1995d2a49aa276de25

C:\Users\Admin\AppData\Local\Temp\main\main.bat

MD5 4b3a5b96f9eedd8626a8c12976765b56
SHA1 85307e380d233c8229f9e0de16ed82821221a0be
SHA256 1651b6ed815b2128c2362ad38a7cfcdafc6c5f8705572626c872ad788c41f6ef
SHA512 b274c74ebf059fa203408a120a2c6f54f769d93d34d916aad9b4f712455b3ffe396e325744d2488a090dafb1c4621f83428719c8fe20d93b10904953dcdc8790

C:\Users\Admin\AppData\Local\Temp\1000571001\Gzxzuhejdab.exe

MD5 2fadc3984b71f0fd08c832adeedf2b52
SHA1 cc1fc06a55af72364fb0a1266d3f5936577162f9
SHA256 34f47e63788cdb398c48ad06f3878ec9bce9fd0e261306b2c81b3796925f9240
SHA512 63e8127e2d44cd98cd6225eb8d1f348f5e3e7d7f86900e2f949329f6d35a943147aa1fb72061a8868cfcd9e53fde536dc870b3a9c9248b6aab067774b1654685

C:\Users\Admin\AppData\Local\Temp\1000572001\crypted.exe

MD5 3c9da20ad78d24df53b661b7129959e0
SHA1 e7956e819cc1d2abafb2228a10cf22b9391fb611
SHA256 2fd37ed834b6cd3747f1017ee09b3f97170245f59f9f2ed37c15b62580623319
SHA512 1a02da1652a2c00df33eceda0706adebb5a5f1c3c05e30a09857c94d2fbb93e570f768af5d6648d3a5d11eea3b5c4b1ceb9393fc05248f1eefd96e17f3bbe1b4

C:\Users\Admin\AppData\Local\Temp\1000573001\moto.exe

MD5 2eafb4926d78feb0b61d5b995d0fe6ee
SHA1 f6e75678f1dafcb18408452ea948b9ad51b5d83e
SHA256 50b50beee2174d403ddba91f4f0b13d8e754ed2f979ad7c60baeb6617249bb30
SHA512 1885f5874c44a6841be4d53140ad63304e8d1924bb98fe14602d884fbc289ec8913db772a9e2db93e45298d1328700e2000ddab109af3964eaf6f23af61ef78e

C:\Users\Admin\AppData\Local\Temp\1000574001\stan.exe

MD5 1a4f852a7299ed05ce883b4736b90de3
SHA1 93c8ced82ed7b29c2ee7461754352315d5eee71a
SHA256 0991757054bbece76e8b22861d217641df2be6b8902873076ed9eeaea61fb1a0
SHA512 8207206f83d6a87ad0bc6d96fb8e6b85a69f51f8570638c9bc0f001d14bb7e774721b9a0ace50d521258fac25c7546b7fcba79aabb306e642cbeb780ca212ec2

C:\Users\Admin\AppData\Local\Temp\F59E91F8

MD5 5cac70fbe2fc9869397bf1989e592841
SHA1 cc522bec3c1772269465799d35268630248e801b
SHA256 17e571023337ad513deb4d436c17573b6ab3c9ebf2a3e30425c3f5fa9a638806
SHA512 f56d8d7a996401404b850b6503960ea17d68fe56acbc06de8fa9c39b20dd7f01d24837283f459655ac4efb3da10a8864623cbb041ca9ad81bc9afd1ecf9b5fb9

C:\Users\Admin\AppData\Local\Temp\nss8FC.tmp

MD5 572e08d58cfa2070e5afffc1211da814
SHA1 2f553d7c8166f40dc0bcb37494f58e32d5a2ca89
SHA256 955fd85058f3c9e90e832857e012ec8439e786d3f43c8421db2d119772515f30
SHA512 4a4ca8d39ff7e223cdbe856c45e4f5fca5decd959e25205f9e6cddb05904055c01f6f903b13ac0300219347bcf1c211a19fdf91318e6a63b7a6ef11184a558d9

Analysis: behavioral2

Detonation Overview

Submitted

2024-01-24 11:52

Reported

2024-01-24 12:00

Platform

win10v2004-20231215-en

Max time kernel

20s

Max time network

158s

Command Line

"C:\Users\Admin\AppData\Local\Temp\setup.exe"

Signatures

Amadey

trojan amadey

Detect ZGRat V1

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected Djvu ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Djvu Ransomware

ransomware djvu

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

RisePro

stealer risepro

SmokeLoader

trojan backdoor smokeloader

Stealc

stealer stealc

ZGRat

rat zgrat

Creates new service(s)

persistence

Downloads MZ/PE file

Stops running service(s)

evasion

.NET Reactor proctector

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Reads user/profile data of web browsers

spyware stealer

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Unexpected DNS network traffic destination

Description Indicator Process Target
Destination IP 91.211.247.248 N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A api.myip.com N/A N/A
N/A api.myip.com N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\GroupPolicy\Machine\Registry.pol C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
File opened for modification C:\Windows\System32\GroupPolicy\GPT.INI C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
File opened for modification C:\Windows\System32\GroupPolicy C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
File opened for modification C:\Windows\System32\GroupPolicy\gpt.ini C:\Users\Admin\AppData\Local\Temp\setup.exe N/A

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\1000115001\toolspub1.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\Documents\GuardFox\dB97ZTf5xW0sPbrc3gKOpjik.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\Documents\GuardFox\MqgEKze8_FBCUvVdaibGMwDq.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\nscFDEA.tmp
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\toolspub1.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\nsjC4D.tmp
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\setup.exe"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc

C:\Users\Admin\Documents\GuardFox\wxH2JcIj8haDyTEooYqvLo4p.exe

"C:\Users\Admin\Documents\GuardFox\wxH2JcIj8haDyTEooYqvLo4p.exe"

C:\Users\Admin\AppData\Local\Temp\is-0K59B.tmp\m5W8JZPrsOJy8OpyMuPjKKdQ.tmp

"C:\Users\Admin\AppData\Local\Temp\is-0K59B.tmp\m5W8JZPrsOJy8OpyMuPjKKdQ.tmp" /SL5="$100066,3301412,119808,C:\Users\Admin\Documents\GuardFox\m5W8JZPrsOJy8OpyMuPjKKdQ.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 1296 -ip 1296

C:\Users\Admin\Documents\GuardFox\MqgEKze8_FBCUvVdaibGMwDq.exe

"C:\Users\Admin\Documents\GuardFox\MqgEKze8_FBCUvVdaibGMwDq.exe"

C:\Users\Admin\Documents\GuardFox\bfsRWO_r1Q4cpN4Z5XW65UAC.exe

"C:\Users\Admin\Documents\GuardFox\bfsRWO_r1Q4cpN4Z5XW65UAC.exe"

C:\Users\Admin\Documents\GuardFox\ux87w6G5ryaxJZ7hW1nIqyyv.exe

"C:\Users\Admin\Documents\GuardFox\ux87w6G5ryaxJZ7hW1nIqyyv.exe"

C:\Users\Admin\Documents\GuardFox\mM1gK9oagKaOPZ6FsYOqnxvz.exe

"C:\Users\Admin\Documents\GuardFox\mM1gK9oagKaOPZ6FsYOqnxvz.exe"

C:\Users\Admin\Documents\GuardFox\L8QOEhc0yzF4YCsvrmbtoUJq.exe

"C:\Users\Admin\Documents\GuardFox\L8QOEhc0yzF4YCsvrmbtoUJq.exe"

C:\Users\Admin\Documents\GuardFox\n0HpP0iKzD4Lj3OCgKc5tQwA.exe

"C:\Users\Admin\Documents\GuardFox\n0HpP0iKzD4Lj3OCgKc5tQwA.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 344

C:\Users\Admin\AppData\Local\UUID Code Generator\uuidcodegenerator.exe

"C:\Users\Admin\AppData\Local\UUID Code Generator\uuidcodegenerator.exe" -s

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\WinTrackerSP\WinTrackerSP.exe" /tn "WinTrackerSP HR" /sc HOURLY /rl HIGHEST

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\WinTrackerSP\WinTrackerSP.exe" /tn "WinTrackerSP LG" /sc ONLOGON /rl HIGHEST

C:\Users\Admin\Documents\GuardFox\FQRE4NwXxutprrPJS0zwfFuh.exe

"C:\Users\Admin\Documents\GuardFox\FQRE4NwXxutprrPJS0zwfFuh.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Users\Admin\AppData\Local\f8a829c5-fe8b-488f-8111-b2039125da6c" /deny *S-1-1-0:(OI)(CI)(DE,DC)

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN FQRE4NwXxutprrPJS0zwfFuh.exe /TR "C:\Users\Admin\Documents\GuardFox\FQRE4NwXxutprrPJS0zwfFuh.exe" /F

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\msvcp_win\UniversalInstaller.exe

C:\Users\Admin\AppData\Local\Temp\msvcp_win\UniversalInstaller.exe

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\LgU0.CPl",

C:\Users\Admin\Documents\GuardFox\qemu-ga.exe

"C:\Users\Admin\Documents\GuardFox\qemu-ga.exe"

C:\Users\Admin\AppData\Roaming\msvcp_win\UniversalInstaller.exe

"C:\Users\Admin\AppData\Roaming\msvcp_win\UniversalInstaller.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cmd.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc7f79758,0x7ffdc7f79768,0x7ffdc7f79778

C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe

"C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe"

C:\Users\Admin\AppData\Local\Temp\1000114001\InstallSetup8.exe

"C:\Users\Admin\AppData\Local\Temp\1000114001\InstallSetup8.exe"

C:\Users\Admin\Documents\GuardFox\MqgEKze8_FBCUvVdaibGMwDq.exe

"C:\Users\Admin\Documents\GuardFox\MqgEKze8_FBCUvVdaibGMwDq.exe"

C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe

C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1884,i,6230241022964825669,10402929922123868183,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2200 --field-trial-handle=1884,i,6230241022964825669,10402929922123868183,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1884,i,6230241022964825669,10402929922123868183,131072 /prefetch:8

C:\Users\Admin\AppData\Local\UUID Code Generator\uuidcodegenerator.exe

"C:\Users\Admin\AppData\Local\UUID Code Generator\uuidcodegenerator.exe" -i

C:\Windows\SysWOW64\control.exe

"C:\Windows\System32\control.exe" "C:\Users\Admin\AppData\Local\Temp\LgU0.CPl",

C:\Users\Admin\Documents\GuardFox\uvFmaHyGgsN7k8ts6ek6mPXs.exe

"C:\Users\Admin\Documents\GuardFox\uvFmaHyGgsN7k8ts6ek6mPXs.exe"

C:\Users\Admin\Documents\GuardFox\3_OhiSAmwwThCvnW5Rd_YQ0F.exe

"C:\Users\Admin\Documents\GuardFox\3_OhiSAmwwThCvnW5Rd_YQ0F.exe"

C:\Users\Admin\Documents\GuardFox\XaFBGKDk9KcFdKp9DwcwqG_W.exe

"C:\Users\Admin\Documents\GuardFox\XaFBGKDk9KcFdKp9DwcwqG_W.exe"

C:\Users\Admin\Documents\GuardFox\XRa8WzCQ1_dVNAvzlHwg0HOx.exe

"C:\Users\Admin\Documents\GuardFox\XRa8WzCQ1_dVNAvzlHwg0HOx.exe"

C:\Users\Admin\Documents\GuardFox\D02OA3sYPHkXl2JImJ4GRedj.exe

"C:\Users\Admin\Documents\GuardFox\D02OA3sYPHkXl2JImJ4GRedj.exe"

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3140 --field-trial-handle=1884,i,6230241022964825669,10402929922123868183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3120 --field-trial-handle=1884,i,6230241022964825669,10402929922123868183,131072 /prefetch:1

C:\Users\Admin\Documents\GuardFox\SW_MB3axMR1nzbfRPxcxP_cx.exe

"C:\Users\Admin\Documents\GuardFox\SW_MB3axMR1nzbfRPxcxP_cx.exe"

C:\Users\Admin\Documents\GuardFox\00BCflRjBlvLGR_M7jw_UMMb.exe

"C:\Users\Admin\Documents\GuardFox\00BCflRjBlvLGR_M7jw_UMMb.exe"

C:\Users\Admin\Documents\GuardFox\m5W8JZPrsOJy8OpyMuPjKKdQ.exe

"C:\Users\Admin\Documents\GuardFox\m5W8JZPrsOJy8OpyMuPjKKdQ.exe"

C:\Users\Admin\Documents\GuardFox\us0OF5kRFjjCHL_Pdc4m6fsq.exe

"C:\Users\Admin\Documents\GuardFox\us0OF5kRFjjCHL_Pdc4m6fsq.exe"

C:\Users\Admin\Documents\GuardFox\dB97ZTf5xW0sPbrc3gKOpjik.exe

"C:\Users\Admin\Documents\GuardFox\dB97ZTf5xW0sPbrc3gKOpjik.exe"

C:\Users\Admin\Documents\GuardFox\WdMfqOZIFj2GNZNeewRO76dx.exe

"C:\Users\Admin\Documents\GuardFox\WdMfqOZIFj2GNZNeewRO76dx.exe"

C:\Users\Admin\AppData\Local\Temp\nscFDEA.tmp

C:\Users\Admin\AppData\Local\Temp\nscFDEA.tmp

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "

C:\Users\Admin\AppData\Local\Temp\1000115001\toolspub1.exe

"C:\Users\Admin\AppData\Local\Temp\1000115001\toolspub1.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 1980 -ip 1980

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 340

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4860 --field-trial-handle=1884,i,6230241022964825669,10402929922123868183,131072 /prefetch:8

C:\Windows\SysWOW64\chcp.com

chcp 1251

C:\Users\Admin\AppData\Local\Temp\1000117001\rty27.exe

"C:\Users\Admin\AppData\Local\Temp\1000117001\rty27.exe"

C:\Users\Admin\AppData\Local\Temp\1000119001\FirstZ.exe

"C:\Users\Admin\AppData\Local\Temp\1000119001\FirstZ.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\Admin\Documents\GuardFox\dB97ZTf5xW0sPbrc3gKOpjik.exe" & del "C:\ProgramData\*.dll"" & exit

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 5136 -ip 5136

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5136 -s 2320

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\Admin\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc7f79758,0x7ffdc7f79768,0x7ffdc7f79778

C:\Users\Admin\Documents\GuardFox\MqgEKze8_FBCUvVdaibGMwDq.exe

"C:\Users\Admin\Documents\GuardFox\MqgEKze8_FBCUvVdaibGMwDq.exe" --Admin IsNotAutoStart IsNotTask

C:\Users\Admin\Documents\GuardFox\MqgEKze8_FBCUvVdaibGMwDq.exe

"C:\Users\Admin\Documents\GuardFox\MqgEKze8_FBCUvVdaibGMwDq.exe" --Admin IsNotAutoStart IsNotTask

C:\Windows\SysWOW64\timeout.exe

timeout /t 5

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 6124 -ip 6124

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6124 -s 572

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1948 --field-trial-handle=2380,i,7316163953626916138,6971931124314445834,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1924 --field-trial-handle=2380,i,7316163953626916138,6971931124314445834,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=2380,i,7316163953626916138,6971931124314445834,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=2380,i,7316163953626916138,6971931124314445834,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=2380,i,7316163953626916138,6971931124314445834,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4844 --field-trial-handle=2380,i,7316163953626916138,6971931124314445834,131072 /prefetch:8

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH1\MPGPH1.exe" /tn "MPGPH1 HR" /sc HOURLY /rl HIGHEST

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH1\MPGPH1.exe" /tn "MPGPH1 LG" /sc ONLOGON /rl HIGHEST

C:\Users\Admin\Documents\GuardFox\FQRE4NwXxutprrPJS0zwfFuh.exe

C:\Users\Admin\Documents\GuardFox\FQRE4NwXxutprrPJS0zwfFuh.exe

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 4416 -ip 4416

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 1400

C:\Users\Admin\AppData\Local\Temp\jobA4YdhQ2r8P00rkZ\1uMVCRFptcIIlY17MXAG.exe

"C:\Users\Admin\AppData\Local\Temp\jobA4YdhQ2r8P00rkZ\1uMVCRFptcIIlY17MXAG.exe"

C:\Users\Admin\AppData\Local\Temp\jobA4YdhQ2r8P00rkZ\7qSs68sESccfonx45Ne4.exe

"C:\Users\Admin\AppData\Local\Temp\jobA4YdhQ2r8P00rkZ\7qSs68sESccfonx45Ne4.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

C:\Users\Admin\AppData\Local\Temp\jobA4YdhQ2r8P00rkZ\NaE0wSEn8rF34rphC0Fe.exe

"C:\Users\Admin\AppData\Local\Temp\jobA4YdhQ2r8P00rkZ\NaE0wSEn8rF34rphC0Fe.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffdc55246f8,0x7ffdc5524708,0x7ffdc5524718

C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe

"C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffdc55246f8,0x7ffdc5524708,0x7ffdc5524718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc55246f8,0x7ffdc5524708,0x7ffdc5524718

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN explorhe.exe /TR "C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe" /F

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.youtube.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc55246f8,0x7ffdc5524708,0x7ffdc5524718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffdc55246f8,0x7ffdc5524708,0x7ffdc5524718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffdc55246f8,0x7ffdc5524708,0x7ffdc5524718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,1089155650766252689,4783137317579857867,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,1089155650766252689,4783137317579857867,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,1089155650766252689,4783137317579857867,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xdc,0xe0,0xd4,0xd8,0x104,0x7ffdc7f79758,0x7ffdc7f79768,0x7ffdc7f79778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdc7f79758,0x7ffdc7f79768,0x7ffdc7f79778

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1089155650766252689,4783137317579857867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1089155650766252689,4783137317579857867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5320 --field-trial-handle=2380,i,7316163953626916138,6971931124314445834,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,7905895198395250883,14266734738825635959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Users\Admin\AppData\Local\Temp\jobA4YdhQ2r8P00rkZ\Zf7Zfr8wjeEHCf8UU6BJ.exe

"C:\Users\Admin\AppData\Local\Temp\jobA4YdhQ2r8P00rkZ\Zf7Zfr8wjeEHCf8UU6BJ.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1089155650766252689,4783137317579857867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1089155650766252689,4783137317579857867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3904 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,7905895198395250883,14266734738825635959,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5612 --field-trial-handle=2380,i,7316163953626916138,6971931124314445834,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5460 --field-trial-handle=2380,i,7316163953626916138,6971931124314445834,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4904 --field-trial-handle=2380,i,7316163953626916138,6971931124314445834,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdc7f79758,0x7ffdc7f79768,0x7ffdc7f79778

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1089155650766252689,4783137317579857867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,1325265330744642417,3441461597490046211,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7324.0.1458820358\1620600769" -parentBuildID 20221007134813 -prefsHandle 1880 -prefMapHandle 1872 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {243cd5bf-3b32-4911-b222-0be67c0ad7d1} 7324 "\\.\pipe\gecko-crash-server-pipe.7324" 1976 1e6951d2758 gpu

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1089155650766252689,4783137317579857867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1089155650766252689,4783137317579857867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,1325265330744642417,3441461597490046211,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,473278863846908902,14177309908476060151,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Users\Admin\AppData\Local\Temp\jobA4YdhQ2r8P00rkZ\bkZFmjGd0fHWFibWRWJY.exe

"C:\Users\Admin\AppData\Local\Temp\jobA4YdhQ2r8P00rkZ\bkZFmjGd0fHWFibWRWJY.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1089155650766252689,4783137317579857867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1089155650766252689,4783137317579857867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7324.1.458560306\30152072" -parentBuildID 20221007134813 -prefsHandle 2408 -prefMapHandle 2248 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {289d62b0-24dd-4517-9b06-167c63a053d5} 7324 "\\.\pipe\gecko-crash-server-pipe.7324" 2420 1e694b3f858 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7324.2.458121599\2051700470" -childID 1 -isForBrowser -prefsHandle 2936 -prefMapHandle 2932 -prefsLen 21603 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {45942576-cfb6-4a2b-aaf1-68d15b807048} 7324 "\\.\pipe\gecko-crash-server-pipe.7324" 3468 1e6990c9858 tab

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 1556 -ip 1556

C:\Users\Admin\AppData\Local\Temp\1000544001\Zjqkz.exe

"C:\Users\Admin\AppData\Local\Temp\1000544001\Zjqkz.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\Admin\AppData\Local\Temp\nscFDEA.tmp" & del "C:\ProgramData\*.dll"" & exit

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 2292

C:\Users\Admin\AppData\Local\Temp\d887ceb89d\qemu-ga.exe

"C:\Users\Admin\AppData\Local\Temp\d887ceb89d\qemu-ga.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7324.3.601193515\373140699" -childID 2 -isForBrowser -prefsHandle 3348 -prefMapHandle 3336 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b9a17bb-e365-4dab-80cd-8155d1b22800} 7324 "\\.\pipe\gecko-crash-server-pipe.7324" 3384 1e688666858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7324.4.358140499\2027561127" -childID 3 -isForBrowser -prefsHandle 3192 -prefMapHandle 3188 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8173a2c5-6823-4b12-a10e-217d6b85b8e2} 7324 "\\.\pipe\gecko-crash-server-pipe.7324" 3920 1e698826258 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 --field-trial-handle=2380,i,7316163953626916138,6971931124314445834,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7324.5.2111362620\820870002" -childID 4 -isForBrowser -prefsHandle 3028 -prefMapHandle 3084 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e12b0e07-6f8c-4a9a-96e3-2c6e58c9b007} 7324 "\\.\pipe\gecko-crash-server-pipe.7324" 4144 1e69a5aed58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7324.6.854366280\255284573" -childID 5 -isForBrowser -prefsHandle 5240 -prefMapHandle 5236 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd837d1c-55e3-432d-bfac-b74556904e3e} 7324 "\\.\pipe\gecko-crash-server-pipe.7324" 5248 1e69b24ee58 tab

C:\Users\Admin\AppData\Local\Temp\jobA4YdhQ2r8P00rkZ\gjo0n8gyoaT0wn8F70iV.exe

"C:\Users\Admin\AppData\Local\Temp\jobA4YdhQ2r8P00rkZ\gjo0n8gyoaT0wn8F70iV.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\1000546001\rdx1122.exe

"C:\Users\Admin\AppData\Local\Temp\1000546001\rdx1122.exe"

C:\Windows\SysWOW64\timeout.exe

timeout /t 5

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\1000548001\flesh.exe

"C:\Users\Admin\AppData\Local\Temp\1000548001\flesh.exe"

C:\Users\Admin\AppData\Local\Temp\1000545001\gold1234.exe

"C:\Users\Admin\AppData\Local\Temp\1000545001\gold1234.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7324.7.1104102710\2001526406" -childID 6 -isForBrowser -prefsHandle 5816 -prefMapHandle 5812 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2b1e897-7de1-44dc-b177-ba3c59c07af0} 7324 "\\.\pipe\gecko-crash-server-pipe.7324" 5804 1e69cb1e958 tab

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\main\main.bat" /S"

C:\Windows\system32\RunDll32.exe

C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\LgU0.CPl",

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\LgU0.CPl",

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7324.8.1769321740\50501293" -parentBuildID 20221007134813 -prefsHandle 3224 -prefMapHandle 3220 -prefsLen 26381 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce59f53c-cbe4-46f9-8a6e-ba3619736ff3} 7324 "\\.\pipe\gecko-crash-server-pipe.7324" 6036 1e68866ab58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7324.9.628260280\1722455709" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6188 -prefMapHandle 6184 -prefsLen 26381 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {590fdcf3-d72e-4ffc-9070-9e7fa3ff7e97} 7324 "\\.\pipe\gecko-crash-server-pipe.7324" 6196 1e6985b4858 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7324.10.1652025974\464803885" -childID 7 -isForBrowser -prefsHandle 6344 -prefMapHandle 6336 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {26c99a4b-c21b-4c36-a20d-493188dc3de3} 7324 "\\.\pipe\gecko-crash-server-pipe.7324" 6352 1e698827d58 tab

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /im chrome.exe /f

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll, Main

C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe

"C:\Users\Admin\AppData\Local\Temp\1000113001\e0cbefcb1af40c7d4aff4aca26621a98.exe"

C:\Windows\system32\mode.com

mode 65,10

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Users\Admin\AppData\Local\Temp\1000556001\latestrocki.exe

"C:\Users\Admin\AppData\Local\Temp\1000556001\latestrocki.exe"

C:\Users\Admin\AppData\Local\Temp\InstallSetup7.exe

"C:\Users\Admin\AppData\Local\Temp\InstallSetup7.exe"

C:\Users\Admin\AppData\Local\Temp\toolspub1.exe

"C:\Users\Admin\AppData\Local\Temp\toolspub1.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 3372 -ip 3372

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"

C:\Users\Admin\AppData\Local\Temp\rty25.exe

"C:\Users\Admin\AppData\Local\Temp\rty25.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 348

C:\Users\Admin\AppData\Local\Temp\1000560001\kskskfsf.exe

"C:\Users\Admin\AppData\Local\Temp\1000560001\kskskfsf.exe"

C:\Users\Admin\AppData\Local\Temp\FirstZ.exe

"C:\Users\Admin\AppData\Local\Temp\FirstZ.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 10068 -ip 10068

C:\Users\Admin\AppData\Local\Temp\FECD.exe

C:\Users\Admin\AppData\Local\Temp\FECD.exe

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

7z.exe e file.zip -p4632370330209207692137030328 -oextracted

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10068 -s 376

C:\Users\Admin\AppData\Local\Temp\FECD.exe

C:\Users\Admin\AppData\Local\Temp\FECD.exe

C:\Users\Admin\AppData\Local\Temp\1EB.exe

C:\Users\Admin\AppData\Local\Temp\1EB.exe

C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe

C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 10068 -ip 10068

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop UsoSvc

C:\Users\Admin\AppData\Local\Temp\1000563001\pixellslsss.exe

"C:\Users\Admin\AppData\Local\Temp\1000563001\pixellslsss.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10068 -s 400

C:\Windows\system32\regsvr32.exe

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\95F.dll

C:\Users\Admin\AppData\Local\Temp\1000564001\num.exe

"C:\Users\Admin\AppData\Local\Temp\1000564001\num.exe"

C:\Windows\SysWOW64\regsvr32.exe

/s C:\Users\Admin\AppData\Local\Temp\95F.dll

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k cmd < Adjustments & exit

C:\Users\Admin\AppData\Local\Temp\E32.exe

C:\Users\Admin\AppData\Local\Temp\E32.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 10068 -ip 10068

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop WaaSMedicSvc

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10068 -s 440

C:\Users\Admin\AppData\Local\Temp\1000569001\leg221.exe

"C:\Users\Admin\AppData\Local\Temp\1000569001\leg221.exe"

C:\Users\Admin\AppData\Local\Temp\nsjC4D.tmp

C:\Users\Admin\AppData\Local\Temp\nsjC4D.tmp

C:\Users\Admin\AppData\Local\Temp\1000570001\leg221.exe

"C:\Users\Admin\AppData\Local\Temp\1000570001\leg221.exe"

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop wuauserv

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 10068 -ip 10068

C:\Windows\system32\wusa.exe

wusa /uninstall /kb:890830 /quiet /norestart

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10068 -s 680

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 9664 -ip 9664

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc7f79758,0x7ffdc7f79768,0x7ffdc7f79778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Users\Admin\AppData\Local\Temp\1000571001\Gzxzuhejdab.exe

"C:\Users\Admin\AppData\Local\Temp\1000571001\Gzxzuhejdab.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 9664 -s 1016

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 10068 -ip 10068

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop bits

C:\Users\Admin\AppData\Local\Temp\1000552001\store.exe

"C:\Users\Admin\AppData\Local\Temp\1000552001\store.exe"

C:\Users\Admin\AppData\Local\Temp\297B.exe

C:\Users\Admin\AppData\Local\Temp\297B.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10068 -s 720

C:\Users\Admin\AppData\Local\Temp\1000572001\crypted.exe

"C:\Users\Admin\AppData\Local\Temp\1000572001\crypted.exe"

C:\Windows\SysWOW64\cmd.exe

cmd

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 10068 -ip 10068

C:\Users\Admin\Documents\GuardFox\FQRE4NwXxutprrPJS0zwfFuh.exe

C:\Users\Admin\Documents\GuardFox\FQRE4NwXxutprrPJS0zwfFuh.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe

C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe

C:\Users\Admin\AppData\Roaming\ggrwetf

C:\Users\Admin\AppData\Roaming\ggrwetf

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop dosvc

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10068 -s 720

C:\Windows\SysWOW64\chcp.com

chcp 1251

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 10068 -ip 10068

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1868 --field-trial-handle=2008,i,18266643290457813015,7758956839543145614,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 --field-trial-handle=2008,i,18266643290457813015,7758956839543145614,131072 /prefetch:2

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10068 -s 760

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe delete "WSNKISKT"

C:\Users\Admin\AppData\Local\Temp\4419.exe

C:\Users\Admin\AppData\Local\Temp\4419.exe

C:\Users\Admin\AppData\Local\Temp\1000573001\moto.exe

"C:\Users\Admin\AppData\Local\Temp\1000573001\moto.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 10068 -ip 10068

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10068 -s 720

C:\Windows\system32\powercfg.exe

C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0

C:\Windows\system32\powercfg.exe

C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0

C:\Windows\system32\powercfg.exe

C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0

C:\Windows\system32\powercfg.exe

C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe delete "FLWCUERA"

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe create "WSNKISKT" binpath= "C:\ProgramData\wikombernizc\reakuqnanrkn.exe" start= "auto"

C:\Users\Admin\AppData\Local\Temp\1000574001\stan.exe

"C:\Users\Admin\AppData\Local\Temp\1000574001\stan.exe"

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe create "FLWCUERA" binpath= "C:\ProgramData\eyfisgalqlbk\iojmibhyhiws.exe" start= "auto"

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe start "WSNKISKT"

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop eventlog

C:\Users\Admin\AppData\Local\Temp\6185.exe

C:\Users\Admin\AppData\Local\Temp\6185.exe

C:\ProgramData\wikombernizc\reakuqnanrkn.exe

C:\ProgramData\wikombernizc\reakuqnanrkn.exe

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force

C:\Users\Admin\AppData\Local\Temp\is-G4GPR.tmp\6185.tmp

"C:\Users\Admin\AppData\Local\Temp\is-G4GPR.tmp\6185.tmp" /SL5="$60290,3460870,54272,C:\Users\Admin\AppData\Local\Temp\6185.exe"

C:\Users\Admin\AppData\Local\AAC Audio Converter\aacaudioconverter.exe

"C:\Users\Admin\AppData\Local\AAC Audio Converter\aacaudioconverter.exe" -i

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\system32\schtasks.exe" /Delete /F /TN "AACAC1241"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\1000573001\moto.exe"

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe start "FLWCUERA"

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop eventlog

C:\Users\Admin\AppData\Local\AAC Audio Converter\aacaudioconverter.exe

"C:\Users\Admin\AppData\Local\AAC Audio Converter\aacaudioconverter.exe" -s

C:\ProgramData\eyfisgalqlbk\iojmibhyhiws.exe

C:\ProgramData\eyfisgalqlbk\iojmibhyhiws.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\conhost.exe

conhost.exe

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\Admin\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F

C:\Windows\system32\choice.exe

choice /C Y /N /D Y /T 3

C:\Users\Admin\AppData\Local\Temp\91BE.exe

C:\Users\Admin\AppData\Local\Temp\91BE.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 6008 -ip 6008

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 177.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
DE 77.105.147.130:80 77.105.147.130 tcp
US 8.8.8.8:53 api.myip.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 130.147.105.77.in-addr.arpa udp
US 172.67.75.163:443 api.myip.com tcp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.186.192:443 ipinfo.io tcp
US 8.8.8.8:53 163.75.67.172.in-addr.arpa udp
US 8.8.8.8:53 192.186.117.34.in-addr.arpa udp
FI 109.107.182.40:80 109.107.182.40 tcp
US 8.8.8.8:53 cczhk.com udp
AT 5.42.64.33:80 5.42.64.33 tcp
US 8.8.8.8:53 joxy.ayazprak.com udp
US 8.8.8.8:53 ji.alie3ksggg.com udp
US 8.8.8.8:53 294self-limited.sbs udp
US 8.8.8.8:53 vk.com udp
US 8.8.8.8:53 medfioytrkdkcodlskeej.net udp
US 104.21.10.36:80 294self-limited.sbs tcp
RU 91.215.85.209:80 medfioytrkdkcodlskeej.net tcp
RU 87.240.132.67:80 vk.com tcp
RU 87.240.132.67:80 vk.com tcp
US 104.21.80.24:80 joxy.ayazprak.com tcp
US 104.21.10.36:80 294self-limited.sbs tcp
HK 154.92.15.189:80 ji.alie3ksggg.com tcp
US 104.21.10.36:80 294self-limited.sbs tcp
RU 87.240.132.67:80 vk.com tcp
RU 87.240.132.67:80 vk.com tcp
RU 91.215.85.209:80 medfioytrkdkcodlskeej.net tcp
US 104.21.10.36:443 294self-limited.sbs tcp
RU 87.240.132.67:80 vk.com tcp
RU 87.240.132.67:80 vk.com tcp
RU 91.215.85.209:80 medfioytrkdkcodlskeej.net tcp
KR 211.119.84.111:80 cczhk.com tcp
US 8.8.8.8:53 x2.c.lencr.org udp
RU 91.215.85.209:443 medfioytrkdkcodlskeej.net tcp
RU 87.240.132.67:80 vk.com tcp
RU 87.240.132.67:80 vk.com tcp
KR 211.119.84.111:80 cczhk.com tcp
RU 87.240.132.67:80 vk.com tcp
RU 87.240.132.67:80 vk.com tcp
RU 87.240.132.67:443 vk.com tcp
RU 87.240.132.67:443 vk.com tcp
RU 87.240.132.67:443 vk.com tcp
US 8.8.8.8:53 sun6-23.userapi.com udp
RU 87.240.132.67:443 vk.com tcp
NL 95.142.206.3:443 sun6-23.userapi.com tcp
NL 95.142.206.3:443 sun6-23.userapi.com tcp
RU 87.240.132.67:443 vk.com tcp
US 8.8.8.8:53 sun6-21.userapi.com udp
RU 87.240.132.67:443 vk.com tcp
DE 77.105.147.130:80 77.105.147.130 tcp
HK 154.92.15.189:443 ji.alie3ksggg.com tcp
US 8.8.8.8:53 24.128.172.185.in-addr.arpa udp
DE 185.172.128.24:80 tcp
FR 199.232.168.193:443 tcp
GB 216.58.204.67:80 tcp
DE 185.172.128.19:80 185.172.128.19 tcp
HK 154.92.15.189:443 ji.alie3ksggg.com tcp
RU 193.233.132.62:50500 tcp
RU 5.42.65.31:48396 tcp
DE 185.172.128.79:80 185.172.128.79 tcp
FI 109.107.182.3:80 tcp
IE 209.85.203.84:443 tcp
US 157.240.229.35:443 tcp
US 157.240.229.35:443 tcp
FI 109.107.182.3:80 tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.179.238:443 udp
GB 142.250.179.238:443 tcp
IE 209.85.203.84:443 udp
GB 142.250.187.227:443 udp
GB 163.70.147.23:443 udp
GB 163.70.147.35:443 udp
DE 20.113.35.45:38357 tcp
RU 185.215.113.68:80 185.215.113.68 tcp
DE 141.95.211.148:46011 tcp
GB 142.250.200.35:443 tcp
GB 142.250.179.238:443 tcp
GB 142.250.179.238:443 tcp
GB 142.250.187.202:443 tcp
GB 142.250.179.238:443 tcp
GB 142.250.187.246:443 i.ytimg.com tcp
GB 142.250.187.195:443 tcp
GB 142.250.179.238:443 udp
GB 142.250.200.35:443 udp
RU 185.215.113.68:80 185.215.113.68 tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 ipinfo.io udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 34.117.186.192:443 ipinfo.io tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 31.177.67.172.in-addr.arpa udp
RU 193.233.132.62:50500 tcp
HK 154.92.15.189:80 ji.alie3ksggg.com tcp
RU 5.42.65.31:48396 tcp
DE 185.172.128.19:80 tcp
US 8.8.8.8:53 selebration17io.io udp
RU 91.215.85.120:80 selebration17io.io tcp
HK 154.92.15.189:80 ji.alie3ksggg.com tcp
US 8.8.8.8:53 120.85.215.91.in-addr.arpa udp
HK 154.92.15.189:443 ji.alie3ksggg.com tcp
DE 185.172.128.90:80 185.172.128.90 tcp
AT 5.42.64.33:80 5.42.64.33 tcp
GB 163.70.147.23:443 tcp
NL 94.156.67.176:13781 tcp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 consciouosoepewmausj.site udp
US 104.21.71.8:443 consciouosoepewmausj.site tcp
PL 145.239.84.172:80 tcp
FR 51.15.246.170:443 tcp
US 8.8.8.8:53 8.71.21.104.in-addr.arpa udp
US 8.8.8.8:53 braidfadefriendklypk.site udp
US 188.114.96.2:443 braidfadefriendklypk.site tcp
DE 185.172.128.79:80 185.172.128.79 tcp
US 8.8.8.8:53 172.84.239.145.in-addr.arpa udp
US 8.8.8.8:53 170.246.15.51.in-addr.arpa udp
NL 80.79.4.61:18236 tcp
US 8.8.8.8:53 racerecessionrestrai.site udp
US 188.114.96.2:443 racerecessionrestrai.site tcp
HK 154.92.15.189:80 ji.alie3ksggg.com tcp
DE 5.104.111.208:443 tcp
FI 95.216.13.55:9030 tcp
HK 154.92.15.189:80 ji.alie3ksggg.com tcp
NL 80.79.4.61:18236 tcp
US 8.8.8.8:53 61.4.79.80.in-addr.arpa udp
US 8.8.8.8:53 208.111.104.5.in-addr.arpa udp
US 8.8.8.8:53 55.13.216.95.in-addr.arpa udp
US 8.8.8.8:53 cooperatecliqueobstac.site udp
US 188.114.96.2:443 cooperatecliqueobstac.site tcp
US 8.8.8.8:53 vesselspeedcrosswakew.site udp
US 172.67.222.78:443 vesselspeedcrosswakew.site tcp
US 8.8.8.8:53 78.222.67.172.in-addr.arpa udp
US 8.8.8.8:53 carvewomanflavourwop.site udp
US 172.67.129.86:443 carvewomanflavourwop.site tcp
US 8.8.8.8:53 udp
DE 185.172.128.19:80 tcp
US 8.8.8.8:53 communicationinchoicer.site udp
DE 144.76.1.85:25894 tcp
US 104.21.38.11:443 communicationinchoicer.site tcp
US 8.8.8.8:53 85.1.76.144.in-addr.arpa udp
US 8.8.8.8:53 11.38.21.104.in-addr.arpa udp
DE 5.104.111.208:443 tcp
US 8.8.8.8:53 retainfactorypunishjkw.site udp
US 188.114.96.2:443 retainfactorypunishjkw.site tcp
FI 95.216.13.55:9030 tcp
US 8.8.8.8:53 brickabsorptiondullyi.site udp
US 104.21.93.182:443 brickabsorptiondullyi.site tcp
US 172.67.177.31:443 tcp
US 8.8.8.8:53 copyrightspareddcitwew.site udp
US 8.8.8.8:53 182.93.21.104.in-addr.arpa udp
US 172.67.172.166:443 copyrightspareddcitwew.site tcp
US 8.8.8.8:53 tiny.ayazprak.com udp
US 172.67.173.86:80 tiny.ayazprak.com tcp
US 8.8.8.8:53 166.172.67.172.in-addr.arpa udp
US 8.8.8.8:53 86.173.67.172.in-addr.arpa udp
DE 138.201.125.92:15647 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
RU 87.240.132.67:80 tcp
RU 87.240.132.67:80 tcp
US 8.8.8.8:53 udp
RU 87.240.132.67:80 tcp
RU 87.240.132.67:80 tcp
RU 87.240.132.67:80 tcp
RU 87.240.132.67:80 tcp
RU 87.240.132.67:80 tcp
RU 87.240.132.67:80 tcp
RU 87.240.132.67:80 tcp
RU 87.240.132.67:80 tcp
RU 87.240.132.67:80 tcp
RU 87.240.132.67:80 tcp
RU 87.240.132.67:80 tcp
RU 87.240.132.67:80 tcp
US 8.8.8.8:53 udp
RU 87.240.132.67:80 tcp
RU 87.240.132.67:80 tcp
RU 87.240.132.67:80 tcp
US 52.137.106.217:443 tcp
RU 87.240.132.67:80 tcp
RU 87.240.132.67:80 tcp
RU 87.240.132.67:80 tcp
RU 87.240.132.67:80 tcp
RU 87.240.132.67:80 tcp
RU 87.240.132.67:80 tcp
RU 87.240.132.67:80 tcp
RU 87.240.132.67:80 tcp
RU 87.240.132.67:80 tcp
RU 87.240.132.67:80 tcp
RU 87.240.132.67:80 tcp
RU 87.240.132.67:80 tcp
RU 87.240.132.67:80 tcp
RU 87.240.132.67:80 tcp
RU 87.240.132.67:80 tcp
RU 87.240.132.67:443 tcp
RU 87.240.132.67:443 tcp
US 8.8.8.8:53 udp
US 52.137.106.217:443 tcp
US 104.18.21.226:80 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 95.142.206.1:443 tcp
N/A 95.142.206.1:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
RU 87.240.132.67:443 tcp
RU 87.240.132.67:443 tcp
RU 87.240.132.67:443 tcp
RU 87.240.132.67:443 tcp
US 8.8.8.8:53 udp
N/A 87.240.190.76:443 tcp
RU 87.240.132.67:443 tcp
US 8.8.8.8:53 udp
RU 87.240.132.67:443 tcp
US 8.8.8.8:53 udp
N/A 95.142.206.0:443 tcp
US 8.8.8.8:53 udp
N/A 95.142.206.2:443 tcp
N/A 95.142.206.2:443 tcp
US 8.8.8.8:53 udp
DE 185.172.128.19:80 185.172.128.19 tcp
US 8.8.8.8:53 willpoweragreebokkskiew.site udp
US 188.114.96.2:443 willpoweragreebokkskiew.site tcp
GB 96.17.179.193:80 tcp
US 188.114.96.2:443 willpoweragreebokkskiew.site tcp
NL 94.156.67.176:13781 tcp
US 104.21.35.143:443 tcp
US 188.114.96.2:443 willpoweragreebokkskiew.site tcp
US 188.114.96.2:443 willpoweragreebokkskiew.site tcp
US 8.8.8.8:53 connect.dstv.com udp
US 8.8.8.8:53 cx.usiu.ac.ke udp
US 8.8.8.8:53 cx.usiu.ac.ke udp
US 8.8.8.8:53 connect.dstv.com udp
US 8.8.8.8:53 login.coupang.com udp
GB 18.165.227.101:22 connect.dstv.com tcp
US 8.8.8.8:53 login.coupang.com udp
US 8.8.8.8:53 accounts.kakao.com udp
US 8.8.8.8:53 accounts.kakao.com udp
KE 41.204.183.17:22 cx.usiu.ac.ke tcp
US 8.8.8.8:53 uzdevumi.lv udp
GB 18.165.227.101:21 connect.dstv.com tcp
KE 41.204.183.17:21 cx.usiu.ac.ke tcp
GB 18.165.227.101:443 connect.dstv.com tcp
US 8.8.8.8:53 uzdevumi.lv udp
US 8.8.8.8:53 clogin.nexon.com udp
KE 41.204.183.17:443 cx.usiu.ac.ke tcp
KR 110.76.142.110:21 accounts.kakao.com tcp
GB 2.22.68.13:22 login.coupang.com tcp
GB 2.22.68.13:21 login.coupang.com tcp
US 8.8.8.8:53 clogin.nexon.com udp
GB 2.22.68.13:443 login.coupang.com tcp
KR 110.76.142.110:22 accounts.kakao.com tcp
US 188.114.96.2:443 willpoweragreebokkskiew.site tcp
GB 13.224.245.9:22 uzdevumi.lv tcp
US 8.8.8.8:53 seoulrental.co.kr udp
US 8.8.8.8:53 accounts.autodesk.com udp
GB 13.224.245.9:21 uzdevumi.lv tcp
GB 2.22.68.13:143 login.coupang.com tcp
KR 110.76.142.110:443 accounts.kakao.com tcp
US 8.8.8.8:53 101.227.165.18.in-addr.arpa udp
KE 41.204.183.17:143 cx.usiu.ac.ke tcp
US 8.8.8.8:53 seoulrental.co.kr udp
US 8.8.8.8:53 accounts.autodesk.com udp
US 8.8.8.8:53 filmai.kinopavasaris.lt udp
GB 18.165.227.46:22 connect.dstv.com tcp
KR 183.110.0.26:22 clogin.nexon.com tcp
US 8.8.8.8:53 accounts.kakao.com udp
GB 13.224.245.9:443 uzdevumi.lv tcp
US 8.8.8.8:53 aspmx.l.google.com udp
GB 2.22.68.13:80 login.coupang.com tcp
GB 2.22.68.13:465 login.coupang.com tcp
GB 18.165.227.101:80 connect.dstv.com tcp
KE 41.204.183.17:465 cx.usiu.ac.ke tcp
GB 18.165.227.101:143 connect.dstv.com tcp
KE 41.204.183.17:80 cx.usiu.ac.ke tcp
KR 183.110.0.26:21 clogin.nexon.com tcp
GB 2.22.68.13:80 login.coupang.com tcp
US 8.8.8.8:53 17.183.204.41.in-addr.arpa udp
US 8.8.8.8:53 13.68.22.2.in-addr.arpa udp
US 8.8.8.8:53 filmai.kinopavasaris.lt udp
US 8.8.8.8:53 alpharacks.com udp
GB 2.22.68.13:995 login.coupang.com tcp
RU 158.160.118.17:80 tcp
US 188.114.97.2:443 willpoweragreebokkskiew.site tcp
US 188.114.96.2:443 willpoweragreebokkskiew.site tcp
KE 41.204.183.17:995 cx.usiu.ac.ke tcp
GB 18.165.227.46:21 connect.dstv.com tcp
KR 183.110.0.26:443 clogin.nexon.com tcp
GB 18.165.227.101:465 connect.dstv.com tcp
GB 18.165.227.101:80 connect.dstv.com tcp
US 8.8.8.8:53 alpharacks.com udp
US 8.8.8.8:53 cloud.digitalocean.com udp
US 8.8.8.8:53 110.142.76.110.in-addr.arpa udp
GB 18.165.227.101:995 connect.dstv.com tcp
US 8.8.8.8:53 www.uzdevumi.lv udp
GB 108.156.39.88:22 accounts.autodesk.com tcp
GB 2.22.68.13:80 login.coupang.com tcp
KR 119.205.215.209:22 seoulrental.co.kr tcp
KR 119.205.215.209:21 seoulrental.co.kr tcp
GB 108.156.39.88:21 accounts.autodesk.com tcp
GB 18.165.227.13:22 connect.dstv.com tcp
KR 211.231.99.67:143 accounts.kakao.com tcp
GB 13.224.245.27:22 uzdevumi.lv tcp
GB 13.224.245.9:80 uzdevumi.lv tcp
IE 74.125.193.26:143 aspmx.l.google.com tcp
IE 74.125.193.26:465 aspmx.l.google.com tcp
US 8.8.8.8:53 9.245.224.13.in-addr.arpa udp
GB 108.156.39.88:443 accounts.autodesk.com tcp
KR 119.205.215.209:443 seoulrental.co.kr tcp
US 8.8.8.8:53 noping.com udp
US 8.8.8.8:53 clogin.nexon.com udp
GB 18.165.227.13:21 connect.dstv.com tcp
US 172.67.203.67:21 filmai.kinopavasaris.lt tcp
US 172.67.203.67:22 filmai.kinopavasaris.lt tcp
US 8.8.8.8:53 mail.seoulrental.co.kr udp
GB 13.224.245.27:21 uzdevumi.lv tcp
KR 211.231.99.67:465 accounts.kakao.com tcp
KR 211.231.99.67:995 accounts.kakao.com tcp
KR 211.231.99.67:80 accounts.kakao.com tcp
KR 183.110.0.26:143 clogin.nexon.com tcp
US 172.67.222.78:443 vesselspeedcrosswakew.site tcp
US 8.8.8.8:53 26.0.110.183.in-addr.arpa udp
US 8.8.8.8:53 cibersity.umecit.edu.pa udp
IE 74.125.193.26:995 aspmx.l.google.com tcp
GB 18.165.227.101:443 connect.dstv.com tcp
US 8.8.8.8:53 pool.hashvault.pro udp
KR 183.110.0.154:22 clogin.nexon.com tcp
GB 18.165.227.46:143 connect.dstv.com tcp
KR 183.110.0.154:21 clogin.nexon.com tcp
GB 13.224.245.107:22 uzdevumi.lv tcp
US 104.18.154.42:22 cloud.digitalocean.com tcp
US 8.8.8.8:53 noping.com udp
US 8.8.8.8:53 cibersity.umecit.edu.pa udp
US 8.8.8.8:53 fortnite.gg udp
US 13.107.246.64:443 www.uzdevumi.lv tcp
US 172.67.203.67:443 filmai.kinopavasaris.lt tcp
KE 41.204.183.17:80 cx.usiu.ac.ke tcp
GB 2.22.68.13:80 login.coupang.com tcp
GB 18.165.227.101:443 connect.dstv.com tcp
US 104.18.154.42:21 cloud.digitalocean.com tcp
KR 183.110.0.154:465 clogin.nexon.com tcp
KR 183.110.0.154:80 clogin.nexon.com tcp
GB 108.156.39.88:143 accounts.autodesk.com tcp
LT 91.211.247.248:53 dtylsta.info udp
GB 108.156.39.113:22 accounts.autodesk.com tcp
GB 18.165.227.46:465 connect.dstv.com tcp
GB 2.22.68.13:80 login.coupang.com tcp
GB 13.224.245.107:21 uzdevumi.lv tcp
RU 193.233.132.67:50505 tcp
GB 108.156.39.88:80 accounts.autodesk.com tcp
GB 108.156.39.88:465 accounts.autodesk.com tcp
KR 183.110.0.154:995 clogin.nexon.com tcp
US 172.67.203.67:143 filmai.kinopavasaris.lt tcp

Files

memory/2020-0-0x00007FFDE8EB0000-0x00007FFDE8EB2000-memory.dmp

memory/2020-1-0x00007FF7630E0000-0x00007FF763DB3000-memory.dmp

memory/2020-2-0x00007FF7630E0000-0x00007FF763DB3000-memory.dmp

C:\Users\Admin\Documents\GuardFox\dB97ZTf5xW0sPbrc3gKOpjik.exe

MD5 24a1591780f3e9a58fd528af00060966
SHA1 ddbc52e38ce74c3099b5a100544749f554b6eabc
SHA256 00045259534221b50277320345b255434c2b7aa1c85fa2899145074f0431e3f6
SHA512 c0703325d412e121569bef22b26cf4f1e30cea0ad62a60a160acfd8b9cf104cd4d48e889f92482c8989df0f229cb422f13744b574364be72d3debccdce8b5719

C:\Users\Admin\Documents\GuardFox\m5W8JZPrsOJy8OpyMuPjKKdQ.exe

MD5 bb9c26dbffa3d1d901388681ee718aec
SHA1 92532e3f905c1c4f6a8e06d02c943c7708b21ced
SHA256 aafc488d43ff4ea9183e1bc15a58da79ae5aaddaed17ae2ca246859381d709f1
SHA512 b2e25c5706a2158c09a8e7275f85402e595cefefcdd149cf0389ac40a67043732de9f211b65649cf9adbadf99b1ef023c9148369e1ab95f373f0b84878aafd9e

C:\Users\Admin\Documents\GuardFox\SW_MB3axMR1nzbfRPxcxP_cx.exe

MD5 9cc904aad30054abf7bb4e0afc8943f2
SHA1 3c059f2e045b5e2ace8b5139359bcbbef3f8c883
SHA256 7ccffcb85bb50cbb8173d6b58b2ea6fdc54862a923a451d638822e2389e68ac7
SHA512 3d1b3fe1890fb889da7a8f25204a974d7f29b2b62083c24a467b39121d3cf90c693bf1292d3c53cbfd4335299f1526909ab18edcf194695fff59683f569412ce

C:\Users\Admin\Documents\GuardFox\us0OF5kRFjjCHL_Pdc4m6fsq.exe

MD5 0b84d480dd13e96461340089800aba17
SHA1 cefc9fccd951c95001d433fdb4e47236dc9fead5
SHA256 0c8698c7d126f240cb735b6549191251926bcd36de9d9474c834b2b555c5a846
SHA512 36e1802bc4cfd4b32c32dbf2a7c2538e6fab64b6e58b03e6242b48a1df4a04a335f8ca9654b81eaf74c24ba85aed5209d1ad81bd2e4abb3080038940c4c2d7be

C:\Users\Admin\Documents\GuardFox\wxH2JcIj8haDyTEooYqvLo4p.exe

MD5 412596cbb1287571a5b9d6dbed3d2acf
SHA1 beaccd62efc7a5edc4de1332e5b09c5db2a673e2
SHA256 39114d72ca601c5822a9c3e55636e41fbb6149341d89245694b50d7f2743ae79
SHA512 11398bcc3eb46b944a3910714abdccbbfb0a605ba054c72ebad53bf971b195b17a3a2edc31f5e6061f948d438f6519d0b17c923eafaafa70e62baef9e37fc525

C:\Users\Admin\Documents\GuardFox\00BCflRjBlvLGR_M7jw_UMMb.exe

MD5 5c3199de004a5035317f03e45fdb118f
SHA1 1548781b0a5d86a09d0c94369a5901079d8ca334
SHA256 56eac13a52e9e254dce9f9e8d8d660f866affd65315bead4ab2ac118624d3f25
SHA512 01e28e649d248d6e1f026a410842658ee91e676ff000ab6dd71ee29c76f25fa67bf9dda14bcebd32b8270a1674added638cd7e0946c6acd8084363ea9918fc0f

C:\Users\Admin\Documents\GuardFox\WdMfqOZIFj2GNZNeewRO76dx.exe

MD5 109a4ed7e70db45ba72c36243cff2c16
SHA1 42767e22334eb90658923b809b7a19a0deed51a8
SHA256 fe317371d842c790eee2fa725e5f151c8dd60229bfe7e75948e50f3e6a79e09a
SHA512 e63a02df22bfa7e4898757ac88261dc4fe0e1d3b0877f555ab6726c361bbe1193bb5617f1594459bad24c0d83c9dc8a707164e4c15948b4b3215f4d556d88609

C:\Users\Admin\Documents\GuardFox\L3jMt5b7TnZ1FuEjJN7XXSoc.exe

MD5 6b4f6b6f9f2ec191195514d75b8cf6ed
SHA1 1f5dcea7fe9cde9c96c80517cd781b3077f25a3f
SHA256 089894da1d960cbe6db1fee578c6b7a3d91a2d0c726078d5634930c0b4522ca8
SHA512 b925e42dc71d639abdee55061f38e4e8a22eb16341d71b7d8c3a2557b0cf6b0efe37317199f573119d02059138f0b0ca084ce825d3a7588dd9565c6153079999

C:\Users\Admin\Documents\GuardFox\XRa8WzCQ1_dVNAvzlHwg0HOx.exe

MD5 932da201f02bd5a3380db701330ffc29
SHA1 913ea7ae4c2074d592979339a2b146e5b1e52060
SHA256 07e05663b7ff5b4813e0fd629eab5afbe698782504601692a47a000a557efa8f
SHA512 20cba19279007a3edd24ed515fb0ce116fc80bfc4f53f488a426124db66fdf6897aec16cd51e9d1d8374bb50ef070a269be8f48a8007d3df4d413fffc46888b5

C:\Users\Admin\Documents\GuardFox\mM1gK9oagKaOPZ6FsYOqnxvz.exe

MD5 42d7e2a2930f5dbe38ee6943c9366a06
SHA1 4bcfa40c2a790723eca87b03ab1c40a7d9a0bce8
SHA256 038083d3822694f1f8bd227ad283d371efb1fdf9fa4aac0209831f31c779b656
SHA512 b6e4e241776cc4c288189af9f9010e05b99f93856480328ce1a64de96f1ca57f138c0d9e418775126a47bc84404d0fa8b9995c9fcef6952081811746519a7a07

C:\Users\Admin\Documents\GuardFox\L8QOEhc0yzF4YCsvrmbtoUJq.exe

MD5 4eb83606a33de6e1e07c2638ed677845
SHA1 464873e4d97ecdad057b4cf5e36235ce94444b85
SHA256 e26f65734d1350f563cb76a8821345e3b0313d3ad5c3b3c49447328669715f3d
SHA512 0be44df53031e2dfbf62a0a46ce2ac4df6e895f41057920a05639706b592040a8f1198b298758ac8845199f6b464c1b37213b40343d9a9d5d7e550530db01ca0

C:\Users\Admin\Documents\GuardFox\ux87w6G5ryaxJZ7hW1nIqyyv.exe

MD5 c314cf39ebcf5e087e80b688ece19ea5
SHA1 979ecf83979f55db594b9f4bfef1aa1a4bbb676e
SHA256 5ae0d8ef669f81169b0489d755676c3002bca4e5b2d8de094b77e160e198783b
SHA512 b02082aa5f6665de5e2b83643cb44ac3988c991ebda240287a27d0079ddb60a5b9940842cbe3292fa81989200fadfbeacdbe4a6192cfc29d95def0c3c2714251

C:\Users\Admin\Documents\GuardFox\D02OA3sYPHkXl2JImJ4GRedj.exe

MD5 391c48765429b000cf019c36077afb05
SHA1 c3a8e22cfb524def089de0f6b7dfe2eecc4ea4b9
SHA256 dc43eb563a769a18c1665429bdc8b1d07826e141333f50a7a2ae769f034ae375
SHA512 8ff4820c741bdc9c1e073fa145a4a9154cd35469cb5834f052b984d9a16cbc5dad329263205b061b5c0676fd4d277e24ded5061e7e5d8e194855826e2307aa3b

C:\Users\Admin\Documents\GuardFox\25P6A0l8X3m7HaqHLD_aVQfS.exe

MD5 458ac60a566de88dc92a457c3385962d
SHA1 54433ab7e3562433fb911547bbe62f8494aa97b4
SHA256 367686a0ba11913b6b8f7f49c9c3e308dfbe73f4d88ac4563470a9869a4e6c56
SHA512 85504c0696dc2d062f38a5a0df3b4a282628a291136ea370854e9780152ba59853061360a530c75e9d814eaf15a7bc7c95620d94c6075bbfd89cbc6d91007008

C:\Users\Admin\Documents\GuardFox\MqgEKze8_FBCUvVdaibGMwDq.exe

MD5 fb417504c0e6d39e903a04f5c141c38d
SHA1 bb29cc84d2357f790b61aa4262cfa2cfdfdda9a7
SHA256 76874ee872599633ed416e83fbe7e7cd3bc9636f8d3f85c926f99d19c2b7ee62
SHA512 d4f7ce39d887c4a09a3eb3bf0d7b2428d8f36dd624f68b743943cf4d56b45863617143da7520d8b83e982b6d8ed15cb0042dbc04d1fd1d7a2f6dfed73b156a21

C:\Users\Admin\Documents\GuardFox\bfsRWO_r1Q4cpN4Z5XW65UAC.exe

MD5 4cc81238fef610b16dc52ac752b3d8a3
SHA1 cc855fd6d6abac0abaecd94ed264a531e4e12413
SHA256 04e03c3dbd9c78dd6271343b33ae890feec7109fa3f3e35a42e92b94d1e4e46e
SHA512 786f842af85daf762d2febc5847341b053f2f6735546221ce8df56f2240b5f4ab8cb863d3accd6ae257c2aa85f70b90776ed3ec58bc0eba70f96ab9b34585d70

C:\Users\Admin\Documents\GuardFox\n0HpP0iKzD4Lj3OCgKc5tQwA.exe

MD5 6506695dfa969cc007027dd4f93236a1
SHA1 92592086fc76223b1c7aceac39e8d813a76f229e
SHA256 1378f45802c5092b835751f5d166ebc84a88970fdf7374251137cf3cacdf9bfe
SHA512 d4c5c21e18ff2b2c1d4e9512b28cdf5d74adf1c944025946ab53c68a7674c80045868f06ae370042ca3d42caccb518f3d9964212b9336cba48c0f2695398bde6

C:\Users\Admin\Documents\GuardFox\XaFBGKDk9KcFdKp9DwcwqG_W.exe

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\Documents\GuardFox\3_OhiSAmwwThCvnW5Rd_YQ0F.exe

MD5 33de6db0b60f94a16d58070e1bce271d
SHA1 d16583c656894ddc8b9bbfced6ab0438da14b09a
SHA256 096b8839c26850e7ec89f668502862252514e4a19474615f7ed61d8176e520cc
SHA512 1db14b886bacd4261b4161df74e54fab066d91c01947ae80c0fd10d887a84465fed542738ae93142de351b81265c45a8c9c01ddcc7768dbbd5a5468647024ec7

C:\Users\Admin\Documents\GuardFox\mM1gK9oagKaOPZ6FsYOqnxvz.exe

MD5 7773e866b1fc213ec8c923af22f15216
SHA1 f64980d2f41c62f5477a8cde438d0a5d0d53e727
SHA256 3238b7c05658aed3929f3ac7a280bc0e64005014e79430cb8eccb276bf4ffc31
SHA512 3c4c045f380725aeea5b634bc382580ee89af747de61d09073642e3b58ea95678dac9f63f47ada1551d47075e284633e2dc967b083c8007c6fc697073412743a

C:\Users\Admin\Documents\GuardFox\dB97ZTf5xW0sPbrc3gKOpjik.exe

MD5 50e2bca3931a67f5bc9ee2b296a91ae1
SHA1 5850117d607803e97718cabb2b076b6531cc8b06
SHA256 fd603baf13938b504bbbe4e02c91e231f8feea75f36c248f8c6791aa22f0b24c
SHA512 bf0a234b4ac43fc790dce6013d5c9dfcaaa10a749bb613b8084dd1a70505e266fd084da0c30544eec5344e056e029372f09572d17b4510da26949ecdbbfe34c6

C:\Users\Admin\Documents\GuardFox\00BCflRjBlvLGR_M7jw_UMMb.exe

MD5 d995cd525145ff93b770a0949db03442
SHA1 8418b50f496a26bf8c021d3338736604e8b6b6d6
SHA256 413f8fd8dfa6a41202fab3aa53f6b0330bed52f49830f61845dfedb79d3047aa
SHA512 3b5ac8173b96af5bf8cd60b0e93611a66f499c6c9278bf025d0a5bf12096579fe0f07d47b20ac7b13afd8a07be14debae6e582f963320eee1502f1f1c3a58e6e

C:\Users\Admin\Documents\GuardFox\00BCflRjBlvLGR_M7jw_UMMb.exe

MD5 4c1ecd2cb4315c62a4ec5960abb2e5c2
SHA1 47999b975e9d561ffbe0afbf32eb695cef9e8044
SHA256 f074eb22449cc476a67e2a432a037dea09de87ab14ffa230c859ad85acf61c2b
SHA512 e5658c5da0cce0482993142301822ba3e1fef43009fb7e19f4b086ace27032cd3c90a696ca623155dbfc82c2f6ff75b6c2c893ffe2f97620dc4cf3e4bfea3c71

C:\Users\Admin\Documents\GuardFox\m5W8JZPrsOJy8OpyMuPjKKdQ.exe

MD5 c8457dbba1f204c7aa7d94b35aa87893
SHA1 7cb06f4123bfe6a80014754552a387c45dae8844
SHA256 19640e29d7b27ab1f9600401b56133f49814dd1fc6d07014bcf2561cec6e0890
SHA512 3ef0120ecdf0e597444942a96a57b1031b1b2cc366af33289db90b5004fe6a1d223d23ec03c7ad787f71d67580d4a160c4595a3413c320457764844441234273

C:\Users\Admin\Documents\GuardFox\wxH2JcIj8haDyTEooYqvLo4p.exe

MD5 f65050cf8cab8bda69fb452e70e4e713
SHA1 32b44072985f56f917fe5a634463754f74093bf8
SHA256 47a6c666da7ebd3cb6e22de982f1e52f7373f6b58271ae32bdefc83354e3bfeb
SHA512 923cd28017cac90d539d34cd7a8e1d74b9b4f44ceaee02dae2f5dcd36028b5d473625b34bc5e4820a27a3afb9cd03765dbd49a7cd4f1dac4b0609e1f0be14435

C:\Users\Admin\Documents\GuardFox\D02OA3sYPHkXl2JImJ4GRedj.exe

MD5 aa3168923d538964494d618905eceb18
SHA1 52b5e040b23cfd3e6a0d55a4992e1da259e79f33
SHA256 0f41f7df4a19106e917021f6570a13e43049d4a60e410d882114b5aab019a494
SHA512 eed0abd4b1d988bca910aa27b571dee77d6d29f711fe5577e2d5456361732d56791b18e20bc8b8c3962582bd101f2b85e2e0bfdda948a5f5d672d85972861ac2

C:\Users\Admin\Documents\GuardFox\3_OhiSAmwwThCvnW5Rd_YQ0F.exe

MD5 9e8e4304a33a42f4ea32f4bf3b90ec2e
SHA1 e7c28b8bfb6b1152ce7b7a58cb5b5e374568bf40
SHA256 7a22324fdea5b5f7ccd12c061f691bd6f01a95d195e6fa78477e8d1e7eefa3c2
SHA512 043a38c41fc29aa73c8acd8988db5e468beeae0599672c7879ea1d3289677514a4eb6ecf4a77ab86a00be1a58f0129c91698562bb2b1eee6d6fe1e61b1f744a7

memory/2020-698-0x00007FF7630E0000-0x00007FF763DB3000-memory.dmp

memory/5124-700-0x0000000002B60000-0x0000000002B6B000-memory.dmp

C:\Users\Admin\Documents\GuardFox\SW_MB3axMR1nzbfRPxcxP_cx.exe

MD5 320095239d68a77d2dbe8b96f75c1803
SHA1 d66f46976874c6aaf3c05c32ba1afecb67f21407
SHA256 a049b87742cc3e515cd579f3f4d49c0a60ccde31853e1bf653e73afb33017602
SHA512 3c66296c738fec64f12f9565f20fc9b593ebcb36514665431f25a10f7af567b8f179654b544e5903ff8f1e0ef4fe0dacfd49735000bc790f3fe9789d5257a77d

C:\Users\Admin\Documents\GuardFox\WdMfqOZIFj2GNZNeewRO76dx.exe

MD5 9471ea6d5cc57f3db32596ad50d9d145
SHA1 d4c58906a7715ab90398b71d8e0bb5c200b7842a
SHA256 9bfff4de54f49ce7cc2daf51881d18df909ed8f177a91ade2ebc4b9a517b00c8
SHA512 836aebef074ffff2d07fdddccacdb04dfadf3d7ea0a993e8b6fc202c689b50f66b8f096a1704f450706ebcc3a3cb696a2733f02f7a1cee4821f3c33b73f05573

memory/5152-697-0x0000000000400000-0x0000000000424000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-0K59B.tmp\m5W8JZPrsOJy8OpyMuPjKKdQ.tmp

MD5 22e1a55799010afb6fc00a3343053467
SHA1 65e58711f09ad262992b0389fe3a102b8692b3f6
SHA256 ca8ebb828460b47825e21e1776152cc1bc09e2927d8122d3acb02fac2dfbe372
SHA512 2b4342735cd972a873b09949470a8e1c7b7e07223c165cae7a19e394bdb20988a205bfa7fbeeca3e732da7b00669adc9641bceb60ba623fdb294166dc611edea

C:\Users\Admin\AppData\Local\Temp\is-93TRH.tmp\_isetup\_iscrypt.dll

MD5 a69559718ab506675e907fe49deb71e9
SHA1 bc8f404ffdb1960b50c12ff9413c893b56f2e36f
SHA256 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc
SHA512 e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

C:\Users\Admin\AppData\Local\Temp\is-0K59B.tmp\m5W8JZPrsOJy8OpyMuPjKKdQ.tmp

MD5 61ceba2869e1ad8963e5432107cfdfbe
SHA1 e53b08f7fa4f38feaeac54b1223a064961cb3a94
SHA256 96b9b98beb899a4c12a857d47b950b02a37920a69ce6e832dbe7828cb0375195
SHA512 509639648f24bd1380888ec537fedffece3709d2b59d62a0adaf329ef8a26b503c99385331d9edde88c35ee614cd2606b9142bbe4e59ab5ca08e05ef057d9661

C:\Users\Admin\Documents\GuardFox\SW_MB3axMR1nzbfRPxcxP_cx.exe

MD5 f137120a053ab30040b23ae2f43a5de9
SHA1 02afbbad88dac18e60bda76779febb39bdccf8e3
SHA256 e549547605c3e25df1d311c1061d6ce1b3731b5a21c85259db0eaeaaf191f0e3
SHA512 35d6b426dbeefe77010af70354aab44a2305dc298fa6481de3f3c9dcdf41eece9f02ad1c486ad782dd853b536e2a9de3970006d3e864e81fff460c5e4ed27f7f

memory/5144-569-0x00007FF7089E0000-0x00007FF708A36000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\lgU0.cpl

MD5 16451a3b73bac7fbcd96563eabad3040
SHA1 7b433d58626da917fef426df218b15d1501cce49
SHA256 2e6dd793bf863d063343bbab754070b72eda036be268b447793ee4dc5d14bab0
SHA512 f1f9bb57447dddbd3a164f76dbd93f0a9a2ffbd6f8f61dae8376173bd28ed021fc7eb54ef9e6676621188b5fc135f9561fc7eec7c72f2c8a2ab33e01b834a53b

C:\Users\Admin\Documents\GuardFox\ux87w6G5ryaxJZ7hW1nIqyyv.exe

MD5 3ed9c86019ae5e814d200f2e16ee5c88
SHA1 1af037c879f8fcef1677df25462531c3540de715
SHA256 66fcfdb611d3f4f31a9e5491e67f9f5e3e90c9b5d2cdabd765d9d378bc0c6349
SHA512 170e12ca013d463be6c64cacc583fb2b432dfe353f2e4ef36f9c1db39bed3ee70da93fa180a19ecc1e3a28e1330338817aa12bcc863dc33ba46a1eb00b4a0100

C:\Users\Admin\Documents\GuardFox\L8QOEhc0yzF4YCsvrmbtoUJq.exe

MD5 15ad1bf57fa0e2193ffeab9d3c09808d
SHA1 7db5c00e990d7cad190d6432bef3f8f3160a7997
SHA256 0ca7c06c19a3eb463458af06d56dc635de1a612b980b59cf14de8e881b96357c
SHA512 4875573354fdf3a3aa58df8f6fa84cf40290d981eca8eb9d0ebd65853afef1d64f629232bdd0005435419f78498bf5a2de47ab6b2b4fdaf2fc87d502dce448f9

C:\Users\Admin\Documents\GuardFox\D02OA3sYPHkXl2JImJ4GRedj.exe

MD5 a31d19130093000de2e6221188743258
SHA1 c0024ecb46b3c5f736b6354dff901e36261f43b5
SHA256 f8e0dc08e5773e7414b2ef4d8bb7a4a20ee993f831e66bb64ae63de080718af0
SHA512 a5b2deae2e053d9ceed7c5c333e91398060d134e34027368c4dd1ffc801a7119d321a6e1a444d90bf64a803eb8c8bcc99763600bbf80014fb8d52a7331f3bb30

C:\Users\Admin\Documents\GuardFox\D02OA3sYPHkXl2JImJ4GRedj.exe

MD5 312f0a4b3f21607cf4b6ea7a061302b3
SHA1 77954b5b34c137dcb456821e2f6122e771343bce
SHA256 fde8d9fd4c294bd3e83665db3d943052593acdfa6e73b1d08fe42f9fa941d8ce
SHA512 a1ffca6cdccfa8d1dde50cf1cb03ea03b556f2646be844ecd3317de4038ad005b677b081398b00498d3c9b12f8b3cd1e5e2348fdcd3c0a4845cf92647ac779b2

C:\Users\Admin\Documents\GuardFox\XaFBGKDk9KcFdKp9DwcwqG_W.exe

MD5 7b0e302b0d84fb77766a4230525cbfdc
SHA1 ceca09475247bcfbf59ee9298208d8aa1e988370
SHA256 cc5ac34410e81e048a58d8b293816d5144a5137b4e7011111780746f664bb643
SHA512 3752d5d0539de2c96b7915fc22411d2c5c7dd320f6af30f64500a4056f74072020bc6be32157c3fca9616f02c78c3c7d0d609f0fe8cc378658bd5d0fa7e50600

C:\Users\Admin\Documents\GuardFox\XaFBGKDk9KcFdKp9DwcwqG_W.exe

MD5 de1125a1262117b1f7fdcf352dfbba5a
SHA1 6de693fcacc3b37966bfbb4622f4f22ec84341eb
SHA256 544c6456a50bbf92a08048ebed48ee6a68b83b00532704ab7502bc561fe67e67
SHA512 3566b7d3b0ef694c09e1807a72bb097138ee42b2eb4b143d4377ea6816445ec0bfa8b6addd871aba26f2672c66a531f9b1f8d3620e9cc7172f226bb5e5a9853d

memory/5628-941-0x00007FF6A1030000-0x00007FF6A1311000-memory.dmp

memory/5904-950-0x0000000000970000-0x00000000009C8000-memory.dmp

memory/4892-952-0x0000000005270000-0x00000000054C0000-memory.dmp

C:\Users\Admin\AppData\Local\UUID Code Generator\uuidcodegenerator.exe

MD5 cf612bd9955b2bddc2057e742771e055
SHA1 fc46a17eaabf6b854be866d6dd48132317ce7488
SHA256 de375ee8da00cdb5f3663a996f4e9f0a5898e53c9c5c0eba6b42724af0f312c1
SHA512 d243fb64f10892fe4941cf2d7130a71855d9620652eefd4b79c15030f75e65da460b872586290963dce84093cf152d7e31e22bee7cdbf30850293e9368b2809d

memory/4892-957-0x00000000054C0000-0x0000000005A64000-memory.dmp

memory/5904-966-0x0000000005260000-0x0000000005272000-memory.dmp

memory/5960-974-0x0000000000400000-0x0000000000760000-memory.dmp

memory/5584-979-0x0000000000D80000-0x0000000000D81000-memory.dmp

memory/5584-987-0x0000000000400000-0x0000000000D40000-memory.dmp

memory/1296-992-0x0000000002B60000-0x0000000002B6B000-memory.dmp

C:\Users\Admin\AppData\Local\UUID Code Generator\uuidcodegenerator.exe

MD5 609774f21193686d6a4c43a5c5d546b6
SHA1 f8f67e7c019502bb1f7fc76f263b8d8662cdd639
SHA256 d996f77a7aec8fa5d6dace77ce5c2c287034bc28bab7bd27273fa9916754d4f1
SHA512 5ee1dda3d9bfdc78486ef30c1ff605f71f392327512276a773d83a218ca67e65cf2498e3e82bc5a0632fc0b2742c60281c786212ed38ac25b762f7237be385c6

memory/5672-990-0x0000000005280000-0x00000000052E7000-memory.dmp

C:\Windows\System32\GroupPolicy\gpt.ini

MD5 7cc972a3480ca0a4792dc3379a763572
SHA1 f72eb4124d24f06678052706c542340422307317
SHA256 02ad5d151250848f2cc4b650a351505aa58ac13c50da207cc06295c123ddf5e5
SHA512 ff5f320356e59eaf8f2b7c5a2668541252221be2d9701006fcc64ce802e66eeaf6ecf316d925258eb12ee5b8b7df4f8da075e9524badc0024b55fae639d075b7

memory/3372-1011-0x0000000000B10000-0x00000000012E6000-memory.dmp

memory/1296-1019-0x0000000000400000-0x0000000002B13000-memory.dmp

memory/3372-1024-0x0000000000B10000-0x00000000012E6000-memory.dmp

memory/3372-1023-0x0000000005D10000-0x0000000005DA2000-memory.dmp

memory/5124-1021-0x0000000000400000-0x0000000002B13000-memory.dmp

memory/5124-1038-0x0000000002B82000-0x0000000002B97000-memory.dmp

memory/5672-1036-0x0000000005280000-0x00000000052E7000-memory.dmp

memory/4416-1043-0x0000000000400000-0x0000000000830000-memory.dmp

memory/5672-1050-0x00000000028D0000-0x00000000028E0000-memory.dmp

memory/5672-1057-0x0000000005280000-0x00000000052E7000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\lgU0.cpl

MD5 57dd1c2ae6a4dce71b251d7ae39d527e
SHA1 40158b7c32392e0865b2b524f8bd5ead2518b383
SHA256 26424a48e05dbca3106f46264a21e1ec4fe165114dd48b52a6a1a3620b724740
SHA512 4c958b0608c05c5c2cb13391044a405996b3028c5584aeb3f50aaa61e48045ba74dc00518b3a189225120b6c210e06539cc7ffbdb0cb597ca076aa933e0d14ef

memory/5672-1064-0x0000000005280000-0x00000000052E7000-memory.dmp

memory/4416-1068-0x0000000000400000-0x0000000000830000-memory.dmp

memory/5904-1073-0x0000000002CE0000-0x0000000002CF0000-memory.dmp

memory/336-1078-0x0000000140000000-0x0000000140876000-memory.dmp

C:\Users\Admin\Documents\GuardFox\bfsRWO_r1Q4cpN4Z5XW65UAC.exe

MD5 04b01c14c0bfd48852df60332347fcc4
SHA1 07bc36a90bd7aa460a90108e7b3c0da3a34e0b58
SHA256 14858c46136524b4cc572557e483578c920189ebbe73b012f1b59813f71fc9df
SHA512 c57ca7e34e1b4a5c577cc5de7ce9120db8808fd32f4d07a9d15fc2b16cf7f4effc1d075406b411fd6c2d57317d6571b9be828e1df921431c64420beed0feef2e

memory/336-1084-0x0000000140000000-0x0000000140876000-memory.dmp

memory/5672-1074-0x0000000005280000-0x00000000052E7000-memory.dmp

memory/5672-1088-0x0000000072150000-0x0000000072900000-memory.dmp

memory/3372-1065-0x0000000077620000-0x0000000077710000-memory.dmp

memory/5904-1062-0x0000000072150000-0x0000000072900000-memory.dmp

memory/5456-1063-0x0000000010000000-0x000000001028B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\LgU0.CPl

MD5 d4440d9a68d70dffb3bbde80d884b318
SHA1 8d98ef5c4e706699126e470b3b92c27d4e0e834b
SHA256 d898dcea49a4f265781115b890c8fa5ff40cfd4cb86c5293d131fba3f44dac0a
SHA512 6e837428048e31f25319ffc1b4f2e4c85c058f219d12a0a2525f3b5ec81dd2e3eed34a88a947365393322644ea1f663596d2b62e33bb6ab1edbebb631e69db6f

memory/5904-1112-0x0000000006120000-0x0000000006196000-memory.dmp

memory/5728-1055-0x0000000000400000-0x0000000000537000-memory.dmp

memory/4892-1054-0x0000000072150000-0x0000000072900000-memory.dmp

memory/5672-1125-0x00000000028D0000-0x00000000028E0000-memory.dmp

memory/5672-1129-0x00000000028D0000-0x00000000028E0000-memory.dmp

memory/5904-1130-0x0000000006460000-0x000000000647E000-memory.dmp

memory/4552-1151-0x0000000000400000-0x0000000000760000-memory.dmp

memory/5316-1156-0x0000000000B10000-0x0000000001457000-memory.dmp

memory/5180-1157-0x0000000000DD0000-0x00000000012B3000-memory.dmp

C:\Windows\System32\GroupPolicy\GPT.INI

MD5 93b3886bce89b59632cb37c0590af8a6
SHA1 04d3201fe6f36dc29947c0ca13cd3d8d2d6f5137
SHA256 851dd2bb0f555afaef368f1f761154da17360aeea4c01b72e43bf83264762c9f
SHA512 fc7baef346b827c3a1338819baa01af63d2d4c31f3f7e17b6f6b72adab70de81872a67e8f3c1a28453abb595dbac01819a9bcff0710e9651a45deaf2f89e65fb

memory/460-1167-0x0000000000620000-0x0000000000621000-memory.dmp

memory/3372-1168-0x0000000077620000-0x0000000077710000-memory.dmp

C:\Users\Admin\Documents\GuardFox\I83iBmq9EgyXyJ9zYjKJQxp_.exe

MD5 8d7af3b5204b805ad9dbf3df3ceaa8f6
SHA1 ddd116ff4874114d578e345e3781edf3990d38c0
SHA256 fdb2b210edae72c2f1c0e6c7b1c198928b2c431c30e0f7d7f5c3c763782b356a
SHA512 f9a9559b3bd138a978db27eb36ab0361fa55974532debba323e31353ee8d64e24edc1b18fb865c86cd9efb969aae6cbc79618eb4203efbbda2ce0d07f3f0c9c3

memory/5904-1190-0x0000000008C40000-0x000000000916C000-memory.dmp

memory/4416-1195-0x0000000000400000-0x0000000000830000-memory.dmp

memory/5456-1200-0x0000000000820000-0x0000000000826000-memory.dmp

C:\Users\Admin\Documents\GuardFox\FQRE4NwXxutprrPJS0zwfFuh.exe

MD5 0099a99f5ffb3c3ae78af0084136fab3
SHA1 0205a065728a9ec1133e8a372b1e3864df776e8c
SHA256 919ae827ff59fcbe3dbaea9e62855a4d27690818189f696cfb5916a88c823226
SHA512 5ac4f3265c7dd7d172284fb28c94f8fc6428c27853e70989f4ec4208f9897be91720e8eee1906d8e843ab05798f3279a12492a32e8a118f5621ac5e1be2031b6

C:\Users\Admin\Documents\GuardFox\FQRE4NwXxutprrPJS0zwfFuh.exe

MD5 773f0fe5c9f89d9914c61721885cc9b3
SHA1 2bfc6a9e8995c99da68a98718b2ddde9aa262048
SHA256 460f361e5c82bf12d1042ac08cc941d4e24967df53fef2d43980abf3e00823dc
SHA512 2046f77438c05c39edc1e7634bac3f1842b62a3291043b182979aba0244dad6df9695da1ea6d6d6bb3760e37c04b00da0a79ebc898f7b8446ba4698e208ca517

memory/3372-1189-0x00000000779B4000-0x00000000779B6000-memory.dmp

memory/5904-1180-0x0000000008540000-0x0000000008702000-memory.dmp

memory/3372-1178-0x0000000077620000-0x0000000077710000-memory.dmp

memory/5904-1169-0x00000000067C0000-0x0000000006810000-memory.dmp

C:\Windows\System32\GroupPolicy\Machine\Registry.pol

MD5 cdfd60e717a44c2349b553e011958b85
SHA1 431136102a6fb52a00e416964d4c27089155f73b
SHA256 0ee08da4da3e4133e1809099fc646468e7156644c9a772f704b80e338015211f
SHA512 dfea0d0b3779059e64088ea9a13cd6b076d76c64db99fa82e6612386cae5cda94a790318207470045ef51f0a410b400726ba28cb6ecb6972f081c532e558d6a8

memory/5584-1148-0x0000000000D90000-0x0000000000D91000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A65DBECD82A40019E873CE4ED0A79570

MD5 17027fd5d7e7638d9c68ca247acd9586
SHA1 606074c4c2657becdf928f5e78740132b6bb7ce1
SHA256 ad21470a6f93a2e2eb61be69a3587493875164bbff3d7df2c306a23b05642aa9
SHA512 81ba26bdf46e6a6d40fb2572cbc1f6567b2ab222ea7d87a9c2346f0fd252ae4d6a9d6c48cc4bb5d5f312d82a9ac4716ecbc55ac46352d6e48fd98a19804cfa48

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A65DBECD82A40019E873CE4ED0A79570

MD5 99f9b347a9bf77601830a5ea1253a7fd
SHA1 a4651d0522190cfac82c949f5f57e335e0a15081
SHA256 85bdc8ce75fa0ab0b114dcb676762e103def02d460564621479b7f1065a834df
SHA512 edcd4059f04eeffbf82361926829b90e0b1d780f40566d2f7c685cbc9c7267d25b207d4e87945635f24951b4f393b7df732f3607e74adc915a2d6996ec438ca7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C

MD5 a292e0b3f462499a2ccc00990eb95034
SHA1 fbcf04749a1bc044a0d53ad75479d3708c188c99
SHA256 faf286efe43fdc8889d70e9a71591b8ccd070f1e2f9894ac8381952ef85a439b
SHA512 1912971039fe63f10401895c29b92068897ffae2e1fe7f26cdb6fec79d938962888dccdbc3bb98d8506fb84e71b2fef1c7f74403595c51012ff1b2fcefdda130

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C

MD5 9f67ec0ca6f1b4593529b2b6e7bfc231
SHA1 dc513d6ab75e9e39a06ef87e22c9c24e2d338746
SHA256 c83163286c57e14690edd4ed5c5a0a4e5c7ce0c2dd4c75043362694f56b5e7eb
SHA512 de30c0adfa0d5ed76d22c3c4b713794511409f4d0f5903e80d15e811b57782169dc65ae5e8b3df05c6acdda0e163d0fd9a2dd34a70ceb56311a346cb8632b879

memory/5584-1141-0x0000000000400000-0x0000000000D40000-memory.dmp

C:\Users\Admin\Documents\GuardFox\FQRE4NwXxutprrPJS0zwfFuh.exe

MD5 ae0c1f9af3fc218b2fb3da72f13a5da7
SHA1 e5d870506df3f6d9a4e0da4f01434a25cdff4674
SHA256 af2b87c2a98132e48c17a03304a8531d73a288f7c2aae4380ef9b2b3ba1933ea
SHA512 16631b66dc7828b9f55469edcb9d509a71be702cf1621872449bb53c83f9b353d05d3bc50a445cfc5e5dea4f367b3516fb54ffb419592b262912c34b7cfe7456

memory/3372-1042-0x0000000077620000-0x0000000077710000-memory.dmp

memory/5672-1044-0x0000000005280000-0x00000000052E7000-memory.dmp

memory/3372-1037-0x0000000077620000-0x0000000077710000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\msvcp_win\UniversalInstaller.exe

MD5 9942d2c8845d5c8c8236d2d5f2dc98c1
SHA1 c077b4446fcbbb89a6cd2cb4567a8bbbba80b06c
SHA256 18da065c42b694368c7dbe5d7414c7bf2e73a988ac7364f2062781048ccabb3f
SHA512 5f05b2788dad85761cd6916535c39654aec172422f9abb2d8db50afeac2107122e4ce82eb476b5aa0345e9e2f33500740607def980fbfdc243c8617125a2838d

memory/3372-1035-0x0000000077620000-0x0000000077710000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\msvcp_win\relay.dll

MD5 d9f69c2af119cc6e9a4fc34be6751b9e
SHA1 3b3208f41c6d65ce57d14c0ee33755dcef7b39f6
SHA256 c258f5b026f4f665de35b1bacca13b6323acf88946504881e46c79ca7b3272ba
SHA512 84c5544c88a045d7925c2147c0c475dc6dc1c936320401446c52abddcf621099070fdaf7dbb3d509ae0cfd6d4a27cae18dea5ae22c89ccac7f1cea6083be8e28

C:\Users\Admin\Documents\GuardFox\qemu-ga.exe

MD5 a5ce3aba68bdb438e98b1d0c70a3d95c
SHA1 013f5aa9057bf0b3c0c24824de9d075434501354
SHA256 9b860be98a046ea97a7f67b006e0b1bc9ab7731dd2a0f3a9fd3d710f6c43278a
SHA512 7446f1256873b51a59b9d2d3498cef5a41dbce55864c2a5fb8cb7d25f7d6e6d8ea249d551a45b75d99b1ad0d6fb4b5e4544e5ca77bcd627717d6598b5f566a79

C:\Users\Admin\AppData\Local\Temp\msvcp_win\sanitarium.ai

MD5 25baff1beb9cd049ec573d10f42196c8
SHA1 1e613b189a22b0ed3255596cfe16761ea9d9b5fb
SHA256 c2dab0db01b46b07faba3844500d710caeb0c1c13c8a72566d3b7db2f00fb557
SHA512 eda17e94deea7f020a6c384b90d5ebab3d729de7fee4ba04ebcf054e73bc08bc08b1d6a3db095836d89fd40ff781500c51137043707dca50fff2d1fa0ec61826

C:\Users\Admin\AppData\Local\Temp\msvcp_win\grille.eps

MD5 3b6a0b14dc8831e3b426cec742e90059
SHA1 75ef923554485165a5cee04910e550164e15c51c
SHA256 ed0a03950e1e3857fcc0623d57b7d5c3694762e1b999f8be0568bafb90209c3a
SHA512 f10bd3afb2dfb2b682f299579c58c0418835faa1e06ab352fd6621f9187b8a05a138434a67bcfce752d6dd96832a33013b3dc6a4a1260983b77ecb4914e41eb8

C:\Users\Admin\AppData\Local\Temp\msvcp_win\relay.dll

MD5 d84fcf3d62b4533c4db9cb1834b431bd
SHA1 353f14fd15ef177a15a4497a9b99f31fbf406ff6
SHA256 c558b57a01186ddccf743735717a956e3cd59cc6d8db84528c38a0b050490d9b
SHA512 7976864c8037d4ad1a9718e1c77687c8acdc079a504b1c61f9f581c6902bd2b1a01b1d133601c858daebd94989b2764b0869f01605c81dd2f7d45de8c534619d

C:\Users\Admin\AppData\Local\Temp\msvcp_win\UniversalInstaller.exe

MD5 9fb4770ced09aae3b437c1c6eb6d7334
SHA1 fe54b31b0db8665aa5b22bed147e8295afc88a03
SHA256 a05b592a971fe5011554013bcfe9a4aaf9cfc633bdd1fe3a8197f213d557b8d3
SHA512 140fee6daf23fe8b7e441b3b4de83554af804f00ecedc421907a385ac79a63164bd9f28b4be061c2ea2262755d85e14d3a8e7dc910547837b664d78d93667256

memory/2180-1031-0x0000000072150000-0x0000000072900000-memory.dmp

memory/5904-1029-0x0000000005690000-0x00000000056F6000-memory.dmp

memory/3372-1028-0x0000000005CD0000-0x0000000005CDA000-memory.dmp

memory/4416-1027-0x0000000000400000-0x0000000000830000-memory.dmp

memory/5672-1026-0x0000000005280000-0x00000000052E7000-memory.dmp

memory/5672-1017-0x0000000005280000-0x00000000052E7000-memory.dmp

memory/3408-1013-0x00000000015B0000-0x00000000015C6000-memory.dmp

memory/5316-1012-0x0000000000B10000-0x0000000001457000-memory.dmp

memory/5672-1000-0x0000000005280000-0x00000000052E7000-memory.dmp

memory/5316-999-0x00000000005F0000-0x00000000005F1000-memory.dmp

memory/2020-998-0x00007FF7630E0000-0x00007FF763DB3000-memory.dmp

memory/5896-991-0x0000000000E00000-0x0000000001DB3000-memory.dmp

memory/4888-989-0x00000000024E0000-0x00000000025FB000-memory.dmp

memory/1296-986-0x0000000002BE0000-0x0000000002CE0000-memory.dmp

memory/5904-985-0x0000000005320000-0x000000000536C000-memory.dmp

memory/5728-984-0x0000000000400000-0x0000000000537000-memory.dmp

memory/5672-983-0x0000000005280000-0x00000000052E7000-memory.dmp

C:\Users\Admin\Documents\GuardFox\MqgEKze8_FBCUvVdaibGMwDq.exe

MD5 e651dd01afe4ec829f1e53da6a317d8a
SHA1 c46cd55b46ec760945d267bf95c0b620f32303ce
SHA256 0cad94acc2d8d6451e1c30c0322470e1c4c3c534666e9b1f671d4f44e1e95393
SHA512 c1823f3e1cf0f90d3cac4c662c246c778857b1788b677b10fdf391f8d859610ab0b71cec7bbca5f5fdfe4de9281c7d85a6b049e99f145d58193668d9a327a20a

memory/4888-982-0x0000000000A8B000-0x0000000000B1D000-memory.dmp

memory/5904-978-0x00000000052C0000-0x00000000052FC000-memory.dmp

memory/5672-977-0x0000000005280000-0x00000000052EC000-memory.dmp

memory/5728-976-0x0000000000400000-0x0000000000537000-memory.dmp

memory/5136-971-0x0000000000400000-0x0000000002B13000-memory.dmp

memory/5904-970-0x0000000005390000-0x000000000549A000-memory.dmp

memory/5728-969-0x0000000000400000-0x0000000000537000-memory.dmp

C:\ProgramData\IPTV Channel Browser 6.6\IPTV Channel Browser 6.6.exe

MD5 94b58655af254604a38c1ae7d6aff9eb
SHA1 b20d8c8e70c193c5a9a38533e98472a61b83c83b
SHA256 2a35cbdb311694216792071fb48717badb03fcecea69589114af6c009918208f
SHA512 9dc94e321e2f1fa7a1a723dd8f2959f6b03db9ae97b4171cff8f917c67c354a52e3225c8e43521c8bd737f21e6eb4febb02adf83c19dd1e571f41aa07b9f4e06

memory/336-967-0x0000000140000000-0x0000000140876000-memory.dmp

memory/5672-965-0x0000000002830000-0x000000000289E000-memory.dmp

memory/5960-964-0x0000000000400000-0x0000000000760000-memory.dmp

memory/336-963-0x00007FFDE8EB0000-0x00007FFDE8EB2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000114001\InstallSetup8.exe

MD5 38c4f7802f73faa6c967fb06c58f3702
SHA1 1fb8b9bacf0fd0981714e8559c115ad4f5584ebf
SHA256 ab540e776e7ec418e7f1bcb5fe6a5e232212abf8cef3a92c6ef3f2ecb45d20d8
SHA512 5e7cb0ed64b5679d34432160c1b0cfa119cd314f18fd89b5a0442fcb24c885b2b76be820fc184e365d34764aac831464bb445717438559337faa65a08c71ff83

C:\Users\Admin\AppData\Local\UUID Code Generator\uuidcodegenerator.exe

MD5 68c8fbecf011bd96e8cd81695f2ed1e3
SHA1 3a9452af0e127111387a32723a7a42bf04f6b616
SHA256 46a9a073b3e6fb286cf46826519cc667a918aff007c9315d15f08d81283ec270
SHA512 e3adf1991997d02542acb36b63fda34a11f88a1062dd3d337ba3337797d8b6cd85c300d55a2b2b28052b55af47b92c2201400b1f4fb1842a913922d44a2abdd8

memory/2180-961-0x0000000005C80000-0x0000000005D1C000-memory.dmp

memory/4892-960-0x0000000005A70000-0x0000000005CBE000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

MD5 60fe01df86be2e5331b0cdbe86165686
SHA1 2a79f9713c3f192862ff80508062e64e8e0b29bd
SHA256 c08ccbc876cd5a7cdfa9670f9637da57f6a1282198a9bc71fc7d7247a6e5b7a8
SHA512 ef9f9a4dedcbfe339f4f3d07fb614645596c6f2b15608bdccdad492578b735f7cb075bdaa07178c764582ee345857ec4665f90342694e6a60786bb3d9b3a3d23

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

MD5 97831155684ead55993afbdd801689c3
SHA1 a6332b889042467bc4c217e5a0e7d4ede56b4aad
SHA256 6d781aec543e0fe536432203477af9201430cebb3c1535b9970f2c42be10465a
SHA512 1e6911f65f0373a22da9ec0357d2004e493caab6d084687fb4bc0e06b65d0e8481304634cee95b10fc90f89d5004b097dc92f0dd91900d55ba5b46bd1d0e3044

memory/2180-954-0x0000000000EA0000-0x0000000001372000-memory.dmp

memory/5904-958-0x0000000005880000-0x0000000005E98000-memory.dmp

C:\Users\Admin\Documents\GuardFox\3_OhiSAmwwThCvnW5Rd_YQ0F.exe

MD5 a9d4ce111cc2cdc4a6f6aa170938e464
SHA1 0f8ad05500e9b70240b0c56276bc6690b7db95f3
SHA256 97019a06adf0fbf3e903df8fc0ce375b99faf19f1aa226b3a50b7ed6b568bc9a
SHA512 70baad00358dcb756a8d6afdf3554d7b994e5f0dbf283152ce54e130b6bf807d9e564ed5977d17784edc023acc09f251085b47bf8a0166345236050f5c0858fe

C:\Users\Admin\Documents\GuardFox\mM1gK9oagKaOPZ6FsYOqnxvz.exe

MD5 00f9177aaeac6a500b76c2b878f7ce28
SHA1 a611e9080e9e3d9de81c5f4de9c41e8164e191cb
SHA256 da0ddabb9ca859813f0d3e2f3daf4675bff5d51e6e061f2f16a1afc744c1ed65
SHA512 726f29c65c3237fbcf39eafca70b19db9725baa8ecbe8f58d01b2adfbd8c6cc39cbc4a941a3d28c79757828672ff1e9b0afd35531f717c6d6ca28b9fcf7c2732

memory/5136-951-0x0000000002D90000-0x0000000002DAC000-memory.dmp

memory/5136-942-0x0000000002C90000-0x0000000002D90000-memory.dmp

C:\ProgramData\mozglue.dll

MD5 b8916f445195adf0ccd5396d55a4e005
SHA1 5ca47e0ed1a8ae5e39baa4565fa8fe50d6b7251a
SHA256 e3710bfe6fbebcc17d70424f3e6ab5684a5b2856382fecb3a5a6690a9f33039f
SHA512 002014a5b1e2fbd0076782df2125be42d41eb0a1d8241ccfbbd7a0819d0205813053aedfa60854f8d90553bc098e6fb0d88a6e8b32859ba87243fbc9411f44bc

C:\Users\Admin\Documents\GuardFox\3_OhiSAmwwThCvnW5Rd_YQ0F.exe

MD5 74624061f1e59cd7602641118772b724
SHA1 856ecd2702f6749319be7c67e81e68dcb59a474f
SHA256 05a163acb1f99bc407e04f6078c8a6fd101a0c5209b9d2c6e3f373a261c467b9
SHA512 c64eda559dfe760112a815cc51ce1e2ec3d525043db0831687ea0fe59b609493c3cb7e8cb0ed2cbcecafc8bbee11749817e72f80ac28e933b55a37d039039ce8

C:\Users\Admin\Documents\GuardFox\uvFmaHyGgsN7k8ts6ek6mPXs.exe

MD5 5fa878455587d484dba37e41a46b9343
SHA1 82f4dd3a18554bda4425a897433b31f2d783587a
SHA256 e63841c08999245e9c424161cca81afbecb2c9e20b53aa2eb988a923cddbe6a4
SHA512 60e23805e4a72ed423a65d2a3b19c2f6f4c16587f74499f78478180e0964dc9a80a584fb3a607c7a61ddf8085cd3ae23a5bf6a0d25aff78b96b808007d7e1654

C:\Users\Admin\Documents\GuardFox\uvFmaHyGgsN7k8ts6ek6mPXs.exe

MD5 11c4485d467b2c6e44197dc564c25456
SHA1 0c15d2a9926e0b7cdde36eb07bef853b3465afc5
SHA256 3e2729839882217e39125114951a9945bce7746f5e6f0c234d2049e888ebba19
SHA512 b5ee425683ee5c6144558208d6f959dcef0e225d8fc8caf3f3b0f51d30708e2b253cdf0119c3a63544c72e54c8d266e288a5736ba8ec9c956d2083733cd193b4

C:\Users\Admin\Documents\GuardFox\XRa8WzCQ1_dVNAvzlHwg0HOx.exe

MD5 fd4cdddb7d9953261bc02122eb0ca3ff
SHA1 6730bee4bde4e7204f41ebb6e57029a5dab27f87
SHA256 17ebd5d1bd3956fe824bf0d32ac6570bef08d828ab733e4c2a468b3316a1f8e5
SHA512 3a1e927b9803fd26c41a083e04b9c29a796cbad1c21a8f6d29fe2ee500847c523028668e0b31e6874d32a6e8a9af072aa9a2225af655a73648d413538cb8a4f6

C:\Users\Admin\Documents\GuardFox\XRa8WzCQ1_dVNAvzlHwg0HOx.exe

MD5 f08594c587659205581a35e2076d41ef
SHA1 b5d74a9b8d9e6573f801e93805adb9d2192ddc43
SHA256 16777ca783f757442820e2350a3d992ede677086378a23999d4bfe176798cc32
SHA512 4ef968823e581e48d0cc303ce0021ffdc60159dcf9297897301483499c04ca59394048c3c313b6cf802b4a02fe60368b680d95b1e3cd7fcbf2cea2c61d99e55b

C:\Users\Admin\Documents\GuardFox\n0HpP0iKzD4Lj3OCgKc5tQwA.exe

MD5 57e50c1232628b4cd23f02d42737f899
SHA1 aea975d3338108d683722f2794dc6184971172e8
SHA256 c9ef4a2f38622280e51c0fbe4a042d9979d4f2e714672992c8f032592a139861
SHA512 33bcc3baf323ffd9bc23ee6311dc524258e8a0be879cf34986034314e97d5321d9151e2f36b8a581894a082820cb6c04084004d0e3ee6e424acac8efaac37b86

C:\Users\Admin\Documents\GuardFox\n0HpP0iKzD4Lj3OCgKc5tQwA.exe

MD5 d2e0b180607d797259b51a95975d21d0
SHA1 bf51e66e60880aecf5e240c792e16d723651f92b
SHA256 e27247c46a94c8fe49eb5886ee5b1c6eb0d31560dfc30f3a829e939a973dd370
SHA512 a042e7a4fdcf6dbffa70258a591c2f402b3c8fe049d0ab6bfaee70f5869a60ce7cd4a37e1c37364a276ae202bfeaaafb862e2c5968d5b68edf49fbdf7336be4d

C:\Users\Admin\Documents\GuardFox\MqgEKze8_FBCUvVdaibGMwDq.exe

MD5 8297a0a066295efd76e6d0fe06c59ac2
SHA1 c6cd90030df3fb298910827c56e7f2822e42d3ea
SHA256 353db6d5785a58bd0d53eb751d845373a18136dddff0cacd135109e7e6df49f0
SHA512 e6517c569d42363ee0aa4260134a79a9989e1d001d21e4f17a2e8f86b5c7e61df0e81d28e3dbc868639ca9c55aa5b3675e75274cde1d5a3450fd8b2d1a8273e2

C:\Users\Admin\Documents\GuardFox\mM1gK9oagKaOPZ6FsYOqnxvz.exe

MD5 d551eeef5484d73fa83300249b8c738b
SHA1 a7d47788ecfe0baf56f6b46b077e7f9f991633ba
SHA256 affcd9e437ebc1b206050038b2e31c30777d73210036ffad5b985832dfcea028
SHA512 919669cde3fe40c85f5b1ed3ccd3b77ccf9a1f6346ecbef5b2a3c4d0c663c2866888a660dbe1d2e86a0e2f856fbdfd4f2e6624a280caf42f394eabe29a74afa5

C:\Users\Admin\Documents\GuardFox\L8QOEhc0yzF4YCsvrmbtoUJq.exe

MD5 86887a42fcd43a61cded1add1c1e5cc7
SHA1 5149a28711209d7955a4dd05c53cc387f3004bd5
SHA256 4473d1a86f17f1beff1a50355c815bde4304475d5e27c053429c739ac0c04a88
SHA512 463acc3db5869d607a8850036ae02ffe44753a708761fef92f8a01cb9709688ba22737ed9fcd8315c48ae143f5b955dff6cd7d77a8b4782b831265d138b75140

C:\Users\Admin\Documents\GuardFox\ux87w6G5ryaxJZ7hW1nIqyyv.exe

MD5 1b51a908e6e1ed539af2a2010c8aad2b
SHA1 aa322f8bcae50da8b65f8087b01b41240240549e
SHA256 3369aac4c0e915913a5ff924fa715b3326ae45afe8f8ea020f438e8385de1c5e
SHA512 ca86c067dcd809738c8960bb2b3792fe1dbe841f25b88b7d6624426a8e9e11286defca50fd388852bbabe2c266119bcfd2b6828b02fa80c159c7792c8939acf1

C:\Users\Admin\Documents\GuardFox\MqgEKze8_FBCUvVdaibGMwDq.exe

MD5 1042e5098f713142849551349a44dc80
SHA1 51af1eadaedf9732e36972be27bc818b205414e3
SHA256 4bae1b4d93dc4e8d72cab11675aca572b6860212cafe5557fd0fa5dbb59a0921
SHA512 3b33a8c5f0914317db6e52bb519f4977f2cfa6e4afc8bd7c9a266d70ad87c4e401068d0eaefcea1666c89f14fd24621c6ce7e2703e469fd4c8e2418e1b58c8e0

C:\Users\Admin\Documents\GuardFox\bfsRWO_r1Q4cpN4Z5XW65UAC.exe

MD5 1118cab0723942d856710848b2df0519
SHA1 a3f52383519f024d11f39dac15923cc046306969
SHA256 aaa926e12a6476b0617f0015b4fcf5d989de79fdd692f94fde717f17acc3def1
SHA512 b11412008044bac78e83358075877be9dbeeb3b0f6795274c0f1418fb65c0b4468bbcd08e9fcd5ad0d080c117d81d9e46af1b4143ccfcd002f19410b19809aba

memory/5124-752-0x0000000000400000-0x0000000002B13000-memory.dmp

C:\Users\Admin\Documents\GuardFox\m5W8JZPrsOJy8OpyMuPjKKdQ.exe

MD5 5e7312e0cdbad88ab75b0b3bfa51b3cb
SHA1 8c5882bc0828f74fe021218c39988f92a3d8868c
SHA256 f04199f07b33f70cff9fbbb18447156403fa6f2b6acf4b986ebe00d2579b8688
SHA512 b49c69853f3b226318b9d030859b0bff5c23a7ae6f0242111d64bb92097ed87aecc045995fc43bb82ba9c621484943e62c794e4cb696b0fd9de2fd8a126394cd

C:\Users\Admin\Documents\GuardFox\us0OF5kRFjjCHL_Pdc4m6fsq.exe

MD5 f740608b4fc3a10a4526f0c2db5fc67d
SHA1 91a6a17d5a90be772997021532d6d0615d550fed
SHA256 35e87fae499edf23f25bfc5be34be901c0dcef34851db88b7d96eeeb6733860d
SHA512 2d45013aa54d29977eb173ef873ee2464081ee650c3df04fd381f9e8aaaca4bbc58de61228cbf365439ad05a81de4bed8cdafbf4a3762eb489da23d65010fe3c

C:\Users\Admin\Documents\GuardFox\dB97ZTf5xW0sPbrc3gKOpjik.exe

MD5 b982a1886afa6dc5d429f1d9fa631cf6
SHA1 59695508f14578530305bedb8a6196aed68d18ae
SHA256 34d25a6f3925f6ac52da525a74a45bfc284f5815fd3a18a6691a87932a02f451
SHA512 201cf1a8ac28298c37e9d7f23a18b14b2343c23082d11912065f8f512fdb461fe7236baf8d508a9ea1e7079e08e2531b781699603db5c7216f1979b338b37157

C:\Users\Admin\Documents\GuardFox\bfsRWO_r1Q4cpN4Z5XW65UAC.exe

MD5 5dec72a67dba845b71914531de61e6e1
SHA1 4c1177095204d4590ef30b07db0b52cbdbf465d8
SHA256 ce555ad133872473390512ce638baba6fbbc2e4d98b8c46bad188c0a19f11c40
SHA512 32a6e4b25a54a3a3ed03b8e11556f7cbb31c01a33a6820fc8d407456ab47c326b35f2ca5be5fb50636e4af424f0385b36b3c380113fc5367e74d5e2cedcccd25

C:\Users\Admin\Documents\GuardFox\ux87w6G5ryaxJZ7hW1nIqyyv.exe

MD5 a4506f35e0a162adee527b747717c6db
SHA1 b323ec8f9f585957a4ecdc95bc0f4dc357f93c43
SHA256 2451f06bdab14ecf3bd8e4c85237738faae5cefd39d24e710652b5618f2be929
SHA512 843028253679b4c9a9068fa83432c22645ecf860db8422554173d52ab7c55f56e76dacf60952dc4c8bf4247d2f8cd199fba22b36e4f9664dc60fd190a9587890

C:\Users\Admin\Documents\GuardFox\wxH2JcIj8haDyTEooYqvLo4p.exe

MD5 47367776129775ff7c382a0f1a6adf65
SHA1 bf14ecd55a0bc0d29a23a1e1b3270ff4deedf77f
SHA256 49c616bf0f452c60b770d3c2856f0ae7b99be5655596d6b4d76321168966959a
SHA512 8490683679e6bde2196855592cea0dba3906fe92edd952bf27ef939f09873910ee974b8ca3648cb6e0002fcdce83a50c5931c72b1c5efb76c2fbe7fc95cd6aae

C:\Users\Admin\Documents\GuardFox\WdMfqOZIFj2GNZNeewRO76dx.exe

MD5 93d27211879f8ce50b4588e879104213
SHA1 66606a241408031dbc8c74082d189b6cae21ca1e
SHA256 7ee0979e735adccd1f4a0abf6869b368dff67d0b1638c6176eeb42a309c82cdd
SHA512 cf125b91cea7cef618b2b54b84fe7c66ea9e75cba71bfce5e45a262064824f64c8e8a4d7a8831cde7130fef95043560b5f11ca0e798ad4d92fd3973710b7f9c2

C:\Users\Admin\Documents\GuardFox\n0HpP0iKzD4Lj3OCgKc5tQwA.exe

MD5 63fcf56e899c818cec597ff1d610c627
SHA1 1522a397ff04b93732224136a2f928044e056966
SHA256 d30b232aa155fb5d895edc266d7b0f9cae4478be2ee0f369e2137aad6554cbe2
SHA512 3dd1d86eabe9fe66479f090b39d7d638c3e9e7b04838dbb85bc2f76636f6a723cf2eef154485dd713ecaf11209a77e40c91e9b229bfccb0fb9fde27af37b1770

C:\Users\Admin\Documents\GuardFox\L8QOEhc0yzF4YCsvrmbtoUJq.exe

MD5 338cf99950cc562f896425d5a5e19c2c
SHA1 289b9487e9096ad8fa78d14e903f0001b65405fa
SHA256 c37493470f63a0bce847b17af3bbf63503e1571f6f46fb61bad7e4405791e2df
SHA512 6860450d50b1b9fc9b24b9004b2f3b2948152fd68767cf2ea1ac828031b0b645fec0f94ecd6d2159cc0b90397a1571621929674a9789b76177125d810a6c5a31

C:\Users\Admin\Documents\GuardFox\XRa8WzCQ1_dVNAvzlHwg0HOx.exe

MD5 91fdd790801f314e7ef8801d8835f11a
SHA1 a5a38c9e9df9b1df19cf80faa8fa78bd425d7c79
SHA256 1e93a6c06568559bcf8d20320b43c56d6272e95605a99583e2578dc424f0c055
SHA512 44ff8041facd3882fbea49584211a3ded59e6395946e4d830960703fe4a56568c822e674b55421340e8fbd82274a7118d17a3480a2af045b33fa3f18dfcb891e

C:\Users\Admin\Documents\GuardFox\MqgEKze8_FBCUvVdaibGMwDq.exe

MD5 5edbf505df4213193b620bb362aa7952
SHA1 965706578c034aaae58372d278ca3e106c7b50a5
SHA256 539aaa6c24c46ddcfc6379451bdca7eea440397e01d644120158c6f3b66455c6
SHA512 f55ec9f39aecb337c2395f3787605108b6a9dab8992c3f626b6da1a4d9670b9f64c61a4a9692102dc3c8a5b91721b2f746bce856cb2f47c8ee2a85c7d57963f4

C:\Users\Admin\AppData\Local\Temp\nsaF9A3.tmp\INetC.dll

MD5 40d7eca32b2f4d29db98715dd45bfac5
SHA1 124df3f617f562e46095776454e1c0c7bb791cc7
SHA256 85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9
SHA512 5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ceoajhiemdnnjfbilpkblfjghmmbhbda\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Temp\1000115001\toolspub1.exe

MD5 974da0e05f02ed6ea76f662c10aef9a0
SHA1 e4c6971736758b9fa2ed52763a681677f3d9f356
SHA256 014124987a12e87b87f263c32a243e119b449f62fe8ff71339a14b5f4f9de0a6
SHA512 4cb8280bf6249740a1c6c10aec8b027d054abf6a364069e6d011356054c84d31b70ccc8e99dcbc214de6070b6728fbf342fb211fba34a11c6da727f47e0076a6

C:\ProgramData\Are.docx

MD5 a33e5b189842c5867f46566bdbf7a095
SHA1 e1c06359f6a76da90d19e8fd95e79c832edb3196
SHA256 5abf8e3d1f78de7b09d7f6fb87f9e80e60caacf13ef3c1289665653dacd7c454
SHA512 f2ad3812ec9b915e9618539b0f103f2e9acaad25fbbacd84941c954ce070af231324e83a4621e951c1dbae8d40d50410954e40dd52bbd46e34c54b0d1957407b

C:\Users\Admin\AppData\Local\Temp\1000119001\FirstZ.exe

MD5 995befe843c615b7d3e2b7006baa1aa3
SHA1 07d4dc2b0db965e40efdd571bcfd07663c9d302f
SHA256 257c1f48795ef97d85703e0ce3872860ae14f4b56efec3481eefa11d94bad938
SHA512 e69cc164251d9174ea8779e6a43330c53e857eb657f2b598cd698f501a31f1bf4779644ad0756d7915e79db46dc9af6de23e9530ce4fb548c6c0b606d5be27a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\e7753ae9af50cdc37f5883bf8d31eb5f

MD5 c9ff7748d8fcef4cf84a5501e996a641
SHA1 02867e5010f62f97ebb0cfb32cb3ede9449fe0c9
SHA256 4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988
SHA512 d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 d953520eef04a7f704dfe97db53f6a7f
SHA1 55e37085e46991e0aeb58b2cc0dbc1a3c3c04e39
SHA256 7b14abffd2823cb808b20be179788d4ae316533eaeb954fb0c0fbee8f9fe0f47
SHA512 630b0cf4ba960966d41b512868e6ec54db4e270fe936a2ad8ff80ab7b7cc9b021c6b7eeda83744602edcccaeb3893f87a2b2270b8ca8ba9c409e98036d5b0b85

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 fa298bd8d59d575559dbed9b9033529b
SHA1 160e80e66d3a7959655a01576890ce058f81790c
SHA256 590b62e56fcfdcd8d0c8fc5617f5e24f824632bb3caa6015d2e7e718b305a7d5
SHA512 0db02980dd3480db65ae2aec0f2cd57556d02c809f7244fc83c604039f41f94e3a72a631e3f985d38f9ea360729392cef02ff986654d7792b5d337f413250658

C:\ProgramData\EGDGCGCF

MD5 9ee121eb3c3fd32b6e8099be160790fb
SHA1 a325e02e1f026c04667a7869b69742398213d44f
SHA256 86d5d803aaf6cf27bf876342026fd54aa7a7efca2052ee88e1ea7fcfd465585e
SHA512 77c9fcad43535cabb0ba0ffa27c40103f80f53921a03cc343103aa3d097f84b00f90540764c6519c37919da25b2fc00ef5741f4141fca84d8d284a9afe6815e5

C:\ProgramData\FIIEGDBA

MD5 b95cec18731f38a50955d20c700b0f78
SHA1 67181b34be1d6cfac1341ce00ef12374bce0b32d
SHA256 7e3afdd751cbd367bff57c87b9ea396ea81da92bff78f57e62751ca7e0834dd2
SHA512 569f632a72fca5dd19f5d4be5bb642688101f541cb5f106f81ebba23db055bc946698846c0605dd8061dfe46cafd5f40bfaea515605bf8c5efc9219cabca15c4

C:\Users\Admin\AppData\Local\Temp\jobA4YdhQ2r8P00rkZ\Ei8DrAmaYu9KLogin Data

MD5 751ad4db4a4d99eb092e795ae6ff1970
SHA1 7130c2d613b907f48ff5db7356dd2be41759c373
SHA256 5bea8165811383941bfc5073a18860ce2d4b0e2d890d992265d95a75243931db
SHA512 a162e3869a2d1dc9b0e4276e7f1931bb2672d82d5a150bf77e9cd8ff3cd722340e8b329a647f1426aa21206df998c62ad57d13a1d14b8a36d770bfcac8bdf80f

C:\Users\Admin\AppData\Local\Temp\jobA4YdhQ2r8P00rkZ\KvHrxJ77cmUgLogin Data

MD5 349e6eb110e34a08924d92f6b334801d
SHA1 bdfb289daff51890cc71697b6322aa4b35ec9169
SHA256 c9fd7be4579e4aa942e8c2b44ab10115fa6c2fe6afd0c584865413d9d53f3b2a
SHA512 2a635b815a5e117ea181ee79305ee1baf591459427acc5210d8c6c7e447be3513ead871c605eb3d32e4ab4111b2a335f26520d0ef8c1245a4af44e1faec44574

C:\Users\Admin\AppData\Local\Temp\jobA4YdhQ2r8P00rkZ\3b6N2Xdh3CYwplaces.sqlite

MD5 9c291a79f45a61fbbeb48f6ad39c5af0
SHA1 db6d7887507b8d73c175ea94784982415d3eb04c
SHA256 986ce11b1ed772ca40a489ba30d2c829c597c8f1c7b885ed9b16a4d99316257d
SHA512 b262d3d04b8d59f14f99f1bd3ce3fd113dfd0ecb0a05ab9191112192d29d7f4f564f7085056aff6245392ceba834f88c32d4adee96853cc222f4b2f2cd8bf4b1

C:\Users\Admin\AppData\Local\Temp\jobA4YdhQ2r8P00rkZ\l6w3NVXsgpmDCookies

MD5 49693267e0adbcd119f9f5e02adf3a80
SHA1 3ba3d7f89b8ad195ca82c92737e960e1f2b349df
SHA256 d76e7512e496b7c8d9fcd3010a55e2e566881dc6dacaf0343652a4915d47829f
SHA512 b4b9fcecf8d277bb0ccbb25e08f3559e3fc519d85d8761d8ad5bca983d04eb55a20d3b742b15b9b31a7c9187da40ad5c48baa7a54664cae4c40aa253165cbaa2

C:\Users\Admin\AppData\Local\Temp\jobA4YdhQ2r8P00rkZ\02zdBXl47cvzHistory

MD5 7489ac5acae3c035cfbea547f5c66b20
SHA1 3418f9a6cdb369aea1967c311e553e86f0a4686d
SHA256 25ff97b2e168086b24ad48b66a70cb969b3dedb6df1a1af8e594fed248869100
SHA512 020289d11c21c3a26c797258f806e401ca61da2404a823bd82c2b7159c7e1c7209c8cf459bb1bb94aac0d3fb4a378ce0a569b2016e38cad5fbc6468a138c54c7

C:\Users\Admin\AppData\Local\Temp\jobA4YdhQ2r8P00rkZ\o0qT3dWYBP7ZHistory

MD5 9618e15b04a4ddb39ed6c496575f6f95
SHA1 1c28f8750e5555776b3c80b187c5d15a443a7412
SHA256 a4cd72e529e60b5f74c50e4e5b159efaf80625f23534dd15a28203760b8b28ab
SHA512 f802582aa7510f6b950e3343b0560ffa9037c6d22373a6a33513637ab0f8e60ed23294a13ad8890935b02c64830b5232ba9f60d0c0fe90df02b5da30ecd7fa26

C:\Users\Admin\AppData\Local\Temp\jobA4YdhQ2r8P00rkZ\02zdBXl47cvzcookies.sqlite

MD5 d367ddfda80fdcf578726bc3b0bc3e3c
SHA1 23fcd5e4e0e5e296bee7e5224a8404ecd92cf671
SHA256 0b8607fdf72f3e651a2a8b0ac7be171b4cb44909d76bb8d6c47393b8ea3d84a0
SHA512 40e9239e3f084b4b981431817ca282feb986cf49227911bf3d68845baf2ee626b564c8fabe6e13b97e6eb214da1c02ca09a62bcf5e837900160cf479c104bf77

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 01cf9fd982d5a3224d0d82db419e3b29
SHA1 da9267ab0572ed4cc3e7f16d5d34f5a8f24671cf
SHA256 a3f37707843140611d77c776ca053a530e9b25a225e46ab185727ea854bc86f7
SHA512 02c1bb49a390b5d9b8266a5477c752861f1d03977c8770f6b0e5e9455e487496dfea7a12c78b2379d00c37867476d2918e619a403cf21713d3480992811ba620

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0368b01c5a6d31031a367ece7ab638c8
SHA1 61f061bdc6945945f2ebb61b46975a7dd91be80e
SHA256 570ff1176f04fd5504b3a2c00f048b1dff80483ca19a58d9f49ca938b57cb314
SHA512 3ad29bf7cab194a8b8170320df59bcec99be0e3b918e071d301151da2728a8294535e90b5f22f2144c706499c03437148b58ddc1fa135f897fb597afa13a8c76

C:\Users\Admin\AppData\Local\Temp\jobA3YdhQ2r8P00rkZ\information.txt

MD5 9e059d2e71d94b1ada3feeaa5dfa1382
SHA1 a586ec8b5d7399ce240a1393b1779204f732a9fe
SHA256 450a023ac4b6b550c34f2c8581bc38150aeae0b9f647bfa56357336bb91a6974
SHA512 fbbba65eef5b83a470fab678a7ce43928af42b724bf32c4e044b74e45b3aad5b612c9740f7a4bb308f990ba6a6d9191bf1065baff6c6816bc7b430cf333a406e

C:\ProgramData\nss3.dll

MD5 2c13488615d608752e134324a2db75e2
SHA1 744b15e2f948c7eb768979fde1e814139d067d7f
SHA256 e35099e2b69a4627b4dfb289833b995affa8e61d2869c48dea13e892d8ffa1bc
SHA512 2d2313775d31e53ab6c31b37a585f9822f35afdf75eb7d977bcd742dc3aa9158c78b985e910055394ec65f579c4b833db4d0b35cad44f50bb2543cf926a2d3e0

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_3eikjyse.etp.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Users\Admin\AppData\Local\Temp\jobA4YdhQ2r8P00rkZ\1uMVCRFptcIIlY17MXAG.exe

MD5 de28f25c1bf043185e7622ef29cbdc6b
SHA1 6a770316ec271045db65679913929b0b532967cd
SHA256 01229ce5be5018af6e701215638f175273b9499bfa3ee27a56e043bcc6f8b683
SHA512 69c1f067f981f454b62b342c138b826110f3105bad4c2411a8a83f6092f566f441bcc393673e2a9813e9303a404813945f9f01c81543e504721a3010d37b20f5

C:\ProgramData\ResumeRegister.txt

MD5 28a21f49fe904d13751a21f18acdc66b
SHA1 ab414de4ffed0ed849d888519e969777334901ff
SHA256 3cf4db7f9f9bac9ab5207beb4f24b328da4de6697dffdf3249e192f5a7ecd3ec
SHA512 3cd705a707d2c10bf1c1c635f3172194b0f87fbb3076a6b7edf3d0b4f4f2728cc8e8f3f3635def0cdad2dc38caecd9055761d6114c52f7f5797917a4dc346676

C:\Users\Admin\AppData\Local\Temp\jobA4YdhQ2r8P00rkZ\7qSs68sESccfonx45Ne4.exe

MD5 1ae6bdc10d082606d64b6735a6faa034
SHA1 efc7270206cf46818ef162847ea446d2c920f0d1
SHA256 80c89f3a6180b0e669ee275db31a5e29bdda1c4367fa7b602bbdc2f10e8732f8
SHA512 f1d7a650e5110f2dbd2893dce10cb7c8480932923a9f8944e4606a1671cde84264250686068b3b0c9042efa5d5c0e7ae3ece6b794611bd5fd1c409d0c71b7f5e

C:\Users\Admin\AppData\Local\Temp\jobA4YdhQ2r8P00rkZ\NaE0wSEn8rF34rphC0Fe.exe

MD5 83cf89789d794465eb9147221a71e30a
SHA1 2d7bf30a79bbd3e8613d6ecb6b1cad673d6c98cf
SHA256 0580273a7aa335423bcf05c2c0a18636406f165c6034065baa42c6e145fc3897
SHA512 9f6a51d8a9fb2d6225345ff4df43c7a55513f3878336447f9f69b28dd4f0154186ead34ae436908e290f79ff78d5959a20f024aff118d360c3f743433a26af15

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f246cc2c0e84109806d24fcf52bd0672
SHA1 8725d2b2477efe4f66c60e0f2028bf79d8b88e4e
SHA256 0c1014ae07c2077dd55d7386cc9cf9e0551be1d67fe05a6006957427ae09fec5
SHA512 dcf31357eb39a05213550a879941e2c039ec0ba41e4867d5d630807420f070289552d56d9f16c6d11edcdb0f9448bf51e7d2e460e88aa9c55a5bfe5d8d331640

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 59b3ca3b1577ad4d179f6c58695b6af7
SHA1 334b5abf353ec91d8a39e51f16a0b0a109ad9f1f
SHA256 74ed6670806a8fb874857b2f47beded36159cd88fbc34f555d80971349118402
SHA512 56af68aff56890da5cd7450e62486e2a625cc31107d33f3b69fdd243b1222b7853e1787845266ed0ba9f59e5802b77d3aa2f2366cc1e1e7fec4d1de296e07c3b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe588066.TMP

MD5 9181656ecaceafcfa5d63d4e4fcd0094
SHA1 9c8f358ca055e037f9c00b510482bb770a2ed0eb
SHA256 3f4b910bee6b54cc69ea636fb9f79e27305e1c822fd06b2d97f8645250a58069
SHA512 51e48692c2f6860477b187066c380da2fef546df5048673b38d30bbe9d3c172a4292632f739a8ac95080e79fd168a2c85a14d8ba0770b581ec599f7bfc1d4b68

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a4f13be30bac77ded7a39b65525e5b3f
SHA1 43245f05cc3a585e08ab52e2d601852bedb8b6e3
SHA256 10959b4449111876e1e5df21e54f5a509d1b1da61274d99932931249927ad3be
SHA512 a378d59a9ef58cc7e96041e42d8845fc7828fb9b0e2f3064fc58850a3989b55474d4f5fc005ddfeeac41cb7c9aa41a1be16f1a8bd6027bbe3fb7ec726a303c26

C:\Users\Admin\AppData\Local\Temp\jobA4YdhQ2r8P00rkZ\Zf7Zfr8wjeEHCf8UU6BJ.exe

MD5 0a2de73d7376fb513879f58ea3e9451a
SHA1 87b87cf3e4e16b4607e271409813390cf9c2ff9e
SHA256 83e239d48a2380b45b2fc8fc6d667ea24318824d765e6345d1d5e199d5ee54fb
SHA512 b8b691b276ebdef6adb4bad0c0f48e84dd654eb0088f59b10b4add78053cb405f264baa962bb7b247d2ccc6d6e235e2db6753ecb96df46d29ad7e30f1fac4a9d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0316a6a5-1e63-4179-bc2c-d0ee81199fea.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 cc282870c07fb26b58245c0cf42c84d3
SHA1 b1b2143c924036792d59f03e4ae39479f6e26a5e
SHA256 5e9b49e01a4f4154d771752b51b39c69f2bf5ddb2fdea13a387012d2e3ed1b12
SHA512 dafb0ad7e6007945f67f5390aea27004d2563a2111e03cba397595e182a61dde93f35de732c1c90e0749893bd1eed7935815ba3c3e8d6647d3a4e0baa2d941b5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 085b301c7730017e80235ff8d35d3b54
SHA1 507f26eb5a7b9828b02657b4eafc7964f3ec0691
SHA256 13c7c968e95bd4bd718054a3b3a5675d2cc701bba37d6f6725bfed1526c431e1
SHA512 0bf515fc31a7265deaafba4a966f48415ddf8bd4f192aa90c80d2b370959bef390d2585f097560f7e461e545b4c20bafaeeb0e23d9a41eca917cb71380bf3f6b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dbba83276b8d088f17ca58697fc5d14b
SHA1 cd1a219d2c14e478ce113791a9566ba4ad57e231
SHA256 41e1ed21172315d04fed94d09d3d84130edd9334a23cad51ddb5e16e7f58de99
SHA512 7a87d519a36db68cc7b1dd507eab71d87269438051375755b294464027886a6669b409ece3d2154d872fdf959e092558f967e1a273aea64a55f09b1bfdb626fd

C:\Users\Admin\AppData\Local\Temp\jobA4YdhQ2r8P00rkZ\bkZFmjGd0fHWFibWRWJY.exe

MD5 7efd7da9c6306f71b9f97cd9ef40807f
SHA1 7f53f11c75985a6c06f0ef75379c2eece0c7059c
SHA256 4cd53323320d4a98ec59130ecea046c811a12482e09b6c5f819fa51ddaab0f67
SHA512 8f4895cc00667ae866f1190314991b80d815f35ebc8e084578e165141b1e697f20eed3961cdf9a240c8f5bd2eda7db343e319d1fee0b024704adb517e35dc181

C:\Users\Admin\AppData\Local\Temp\1000544001\Zjqkz.exe

MD5 c570cfa222084ccb76f366d00d39e15c
SHA1 e4820b6b4759ed2ab9d1056938b36bdfb04cd123
SHA256 40b70a80525232a58832dac990664738d78b597d2759a2a15525b0cb233894fd
SHA512 d07b38ea18688506644180f0c55e2be27ffc47dcd4c36b561212a0162d27aaaf6d570abdb21e3d02ccd03f1dba868087cd14929225ebd597f8b481bdfdbef022

C:\Users\Admin\AppData\Local\Temp\1000545001\gold1234.exe

MD5 937b8a7c3f5e8a2e338317af078c38ba
SHA1 13efcea0c342ed385f07a285cd62a3786d21fea6
SHA256 8e4ebd7d717849d047914bf560846c49d5670709eb2e73afd9728a801c4711f3
SHA512 52dc616ee4aee12d9a7e2a274e7f4a131aec1fa657aa0c741c9ffb4917a9553d7d841882c643ee34cbb16e06f58e084f614dc88f19ab1d12799089cf2badf8d8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\datareporting\glean\pending_pings\39ff7e45-2320-4f96-9d0f-d83ff2e3c571

MD5 185c9c5d4031fdd6adcf2aa87acc9112
SHA1 960dbd1903c958f15d4583ece77d1d0435a08bcd
SHA256 3932eeda05f889b6adbddf95c14b203eabb6490b1eedde9319b0afab58513fbc
SHA512 61965de338c9106513e5fdea67ede421d9b63a9ec8e5e0ae8ffccfad32a396738787eaf48b8acdf8bd1b84977bff85472ada4fe53d792318c84322f4e0bade06

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\prefs-1.js

MD5 9ceed372e565f10142d94518c8b78e8a
SHA1 3b98546aabea3fba1ac8d8c21e013fd3af4a730e
SHA256 ba5c5f455207f54a74cf43893f3145e02359f3b68cfe8ac150a841a35907d69b
SHA512 10ccd5c1a6ff6a356e159e4ce5accdd961214cd0e52c63394825a992dfd04278c5e369f6524d609e128a0f63c6026e0fe6fa854b3c5e91e0e4f961e5e47a99ee

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 9d3ae693c5705417954d29dff633e870
SHA1 087c0881babcf994ff10de56bec9706cb9efd108
SHA256 24c82c9a1ed44a6a2302c4f4bb785514d784119ea6ad846c041de1b12de1944a
SHA512 f98d9df4424ed14799b8afd4b9c65e1a43a4ab9cdfe56fc9356a6e3cf8c609bd80edeaaff3e2fac99192fc404d8576a2756f710e35c0d52a5f34690b704d7eb3

C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll

MD5 1b7c22a214949975556626d7217e9a39
SHA1 d01c97e2944166ed23e47e4a62ff471ab8fa031f
SHA256 340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87
SHA512 ba64847cf1d4157d50abe4f4a1e5c1996fe387c5808e2f758c7fb3213bfefe1f3712d343f0c30a16819749840954654a70611d2250fd0f7b032429db7afd2cc5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\sessionstore-backups\recovery.jsonlz4

MD5 1af0543da99c9e01bfc50392e3562555
SHA1 e063dd6052e5f60409e7a68cc1f60d636cc4809e
SHA256 f7aafc69bcd457e47013032814425b9816afb36005f64c2b542ea97b9bfcbd34
SHA512 39ce976e5733b9473470465ffbf670b50f4dbcf98e5eaa15d909ecac1cce636f2122ee755dbeae5e6c0a414a0eb6b09355787333f309cac605a95f9b9bfc4b2f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3f84856d83a8187aa05a30983f3cf577
SHA1 8f0fa7918d327b81297fc3887acbfb729b094626
SHA256 e215a83adbfce93dc7f0e2bd21e0eb2a6b31745717f62c27e53f466127bffd87
SHA512 55ad4e62c1c5dd4239194302b3c8d5556d68fca91fd689151a3049a0ee69fe940e2633eafbf22fdb347ea4385a3424e2e4576272237a571d0810a02682ab3255

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c1e531e3768d778d69713bdf9c967e84
SHA1 8c78fa83cd91710ca81a767cfc9eb94f35384896
SHA256 9ca29c18014639bd3e1a6e905ec7fc33951b5717258ebb6f79a815fc2e311d85
SHA512 ff73458d1221a93a4b4a653393023e720a1b5b7cfc776faf5734e5fda9ae08063a4adff74c28908bedf9d6d7fd74a96f7e2b79573f9e6aca8850103b86a1a844

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\prefs-1.js

MD5 0ddaf644ca8032ec1f45a357dfe6aaf2
SHA1 5e74cda54bf4912a50f0ae54e8d87bfcf0106602
SHA256 3160e2fca35d92049436c9ef6740873c54781c34f0cf7371e18cc6782ee34b92
SHA512 36b08832ab1ff54de67ab6c2b50e9ecf5aaa95816a45cfc7b43dc8c6e2a18a7b5c38fbcc31455b415fb203ab3dc68cfc8d36bec375bef450ceb52cddca46b4fb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 78dc589281e33cbae5927dce3603f077
SHA1 5a5321518c25124fb4873fdf23940a83ba513e12
SHA256 f14f86b16e0fa275077d44903c1e17435a4ab0ae726eccdae2d66e07a70179c7
SHA512 950b53ffc0751fb3c9606bcf719a0fc7efe7a80559b0203ac02b35893260c38ce05022963da35e4f314e9312586aa4cf0505849f4d1915878ed63f91317a5b72

C:\Users\Admin\AppData\Local\Temp\1000546001\rdx1122.exe

MD5 927fa2810d057f5b7740f9fd3d0af3c9
SHA1 b75d4c86d3b4fd9d6ecf4be05d9ebcf4d7fd7ec8
SHA256 9285f56d3f84131e78d09d2b85dad48a871eec4702cb6494e9c46a24f70e50f9
SHA512 54af68949da4520c87e24d613817003705e8e50d3006e81dcf5d924003c1a1b8185ba89f6878c0abac61f34efbe7a9233f28ba3e678a35983c1e74216a5ac1a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9069a7fdb9ea273525fe091f67b79982
SHA1 94e07feb173f97fc4da7eb949f55c552b0554c4f
SHA256 02f27176787583d13ff21e9f14223429bee7c5246fd570f271582b0a8fb0c8a2
SHA512 9057ca13bb03b47938de89287c3cbaf6f9cd34b715d231985cb1f44cd4696500c3a096e3aaa4f37016978c1b18f2783e35782ce00b47b96859e0e7bef93af431

C:\Users\Admin\AppData\Local\Temp\jobA4YdhQ2r8P00rkZ\gjo0n8gyoaT0wn8F70iV.exe

MD5 64a289c08fe43f8854843be967bd4bfa
SHA1 1cb2e9699a6c7207bb4741071991db720c473b96
SHA256 9be9a4ebd010626b362f8ff99236671fdd34bc5210fc546e707e6636bfdcffc1
SHA512 1117b82094a1194bd6774b1adf84bf98e07ed00ace8c08f9f562c7c3c7b1160b5a06481ba8031546d3a23111618216318e4df656ed4f25a0379f1e040edb7204

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 657587fee84c92c513b18c4f57e26b9e
SHA1 bdfe599e6151902cb5579064cf6982fa16874e25
SHA256 f6cc942ccdd9bf57cc449904f6eab7e83c65e40e7a052bce640f2ed1f49d210f
SHA512 480069cd3f0acaeacf32f713c82f0b7468368c7831447197222942ab25913f27766d2aa2bec412aa848b712512c3b954866e7e0d187f753cc0173028e12323d9

C:\Users\Admin\AppData\Local\Temp\1000548001\flesh.exe

MD5 671ee08be15370735b6954078a7bd545
SHA1 bfd1be4869330227547df4f70b083b0afbd6d855
SHA256 aae630bf3977b5b0bbb1e5f838520eb77f3e441288823f961445b1f630b11e73
SHA512 ef307173bf1746b933198732f2b56a0ab5728a81b0d890d4ea3d5bf1c270a23fae15d9688f739fb0f9a8a27e8adda83a309c7faeb714e557e2e3903b2a2a8e31

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\datareporting\glean\pending_pings\2f5d8e8a-0306-4e01-a7ca-7ff3e1aa9c34

MD5 d61f2dd5e55263d8f5bb8a46128f431f
SHA1 4edcdcd31feae085234e95d81cf937f12421a14a
SHA256 9d020b0d62f7008e107cd3c594c32fd3d19d83d8373789b6629fbd1e0cca5c5b
SHA512 13600f693076f9d4fa1d0d3e7fd5d382380d501c1a0f3ba54af332228261f5b7c17daa8b5cb42aabe753deb75571c2be6dd5417029250b055508cf087f90a209

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\datareporting\glean\db\data.safe.bin

MD5 ddafab3ac63c1e6e376786762cf90dbe
SHA1 e0e2ddceb3aea30ce486ec9de260ff556425ff75
SHA256 98490903a72e18681e433c82956f15ba3486c49729b45374cbad96d2a5e7b134
SHA512 cf1eb3edc4ada659329a657dc389641f7c92d9679cfe2cd3dfd6c7831417141cac6590e1c4d4d8cb867cb39387ed4862b074d4dda9cbf44d1a7ea2d9e98ed920

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\storage\default\https+++www.youtube.com\idb\3353566542yCt7-%iCt7-%rfe2sdpdo.sqlite

MD5 40bf3a4afc431a14bbe2cd49637fe988
SHA1 da5e2b1c7a7c04d83ead22e431392012cacc3dde
SHA256 49888ce1a9fb304a6c5b9d48797c4b3fb4359c98dda975ab60d49d09d51a9b6e
SHA512 bc6bd8a26fd39cea122a4b5827022893c30dec559c9224e7ba568b275cfecd43d6aeecf0c0ddff489adf41f3a7bfaab3ab4a5ce0d4331ce888e5a8f2061a6429

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 28e562f0e74a397cd2c409a04c82d4d1
SHA1 d0b99821f97f85ab856614d8ef7f6616f0327e2a
SHA256 d66ff5b86e06e31eb0132d33c9df5dd331745fa0a5a307148cc464c8ea5e9241
SHA512 3be91795bae4eae575a20388a71138601ad63ba871ff3b83134cb9e3bdb31ad8c6abdbed17ba82d91a3a2c2df26b18d7a7e9beaa10876c4c8292c46b2bc4643b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\storage\default\https+++www.youtube.com\cache\morgue\149\{3062bc9d-475e-4526-a83f-52637de70c95}.final

MD5 2a252393b98be6348c4ba18003cc3471
SHA1 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA256 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA512 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll

MD5 85af6c99d918757171d2d280e5ac61ef
SHA1 ba1426d0ecf89825f690adad0a9f3c8c528ed48e
SHA256 150fb1285c252e2b79dea84efb28722cc22d370328ceb46fb9553de1479e001e
SHA512 12c061d8ff87cdd3b1f26b84748396e4f56fc1429152e418988e042bc5362df96a2f2c17bcf826d17a8bae9045ee3ba0c063fb565d75c604e47009ff442e8c8e

C:\Users\Admin\AppData\Local\Temp\1000552001\store.exe

MD5 25dbeceee3f0bf1937850c8020f29a9f
SHA1 a73dbdcc803d01ca6f0f8d26c484a3701556eba9
SHA256 375bb1d13fbc7b2a96b60e304ef7f3569ae14edcb345e4b6ff217491992d42a0
SHA512 fadae0022eb1702d144c63a71a94c53b6269ab4a761cfa9efccbc58c1c3e8f0d6eca147f641815657607534b671fc68f139ff2ad19e6b01bfbbad8377306ea43

C:\Users\Admin\AppData\Local\Temp\1000556001\latestrocki.exe

MD5 02d56442d0788ad67637400e592bbaec
SHA1 b276d62dace9e2fa9d8d2e63548684e2d99bc7a8
SHA256 952d181e4b3b34a73f3e2b3072dde56838322304a00356e9f261d0eacb4ba456
SHA512 3738eecf9694e6a8a80c377cb0359260cecfa818d3c394a028170de0744f618e0b943cc2f2bca73d61ef248a883164d9b1c8ddbfd59c4b4c12d7987a2d27dd43

C:\Users\Admin\AppData\Local\Temp\toolspub1.exe

MD5 4fe7bef521345515a1a3e94fa4a25c3a
SHA1 081fe1bedaabd9586b4c3af635814de71d41467d
SHA256 c12d839dbfee42f8e45ef72d839e5723cf39db75688cd566ffbcbe8d239b57e4
SHA512 3f4f06de530ba8d7832e6712aae3a4d3427adb7138feff4b23b0ea9b7ad0427c32f0e915bee9baba05c20b82cfc961778f765a4db473925ba17e6a9dfe7ca5ec

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

MD5 d1bf822ac17ffb8764f4326d6b3c5bf8
SHA1 4195863de02230998d5ab83b16d729722a550302
SHA256 3941ea0ea29a1d97078821988f8f647553bb1d75f363a374e787800915560dc7
SHA512 64f1979f21588140b7ce1e7a008e623dfcce7f385e6020d63aef24da58290b3927020891d5c1f816e7bf1f0ab04caaaf17535c2daa5a7f7f5f99721acc07101c

C:\Users\Admin\AppData\Local\Temp\1000560001\kskskfsf.exe

MD5 56abd2c5647e542b846b952ad6dd8d9d
SHA1 db3b28748f694e475234edde44234ab501945b56
SHA256 05ee70e4e6b0f204ad244eb76671dc7d2c597d0cd09e84c006d775546dbc812d
SHA512 2d933de9468800b2980ec910476007708d9d4dcefb441a89b7a2f79f08e6bfd9c80dd18270f0616ee65d8d0b7db954a1311c8aad5dc1db93e5b56e3c543cb312

C:\Users\Admin\AppData\Local\Temp\1000563001\pixellslsss.exe

MD5 8244f65c3a732ddf4f1efd3e5fd6b518
SHA1 1d144dd4af5bc24596da2cdf4e83d69b6cbf1b64
SHA256 769dca9ebcfe2a0ae9060d97a9b91d159dcab16debb2dffe9b06d28ae6425f01
SHA512 5549a81d1a85b475ef0e59b33b59b4377f07c56547c99ab35f671b76d948c70259d98dd75df4f9456814cced8f47205031579b9e6c764b5d3df15735e7b21a7e

C:\Users\Admin\AppData\Local\Temp\1000569001\leg221.exe

MD5 d177caf6762f5eb7e63e33d19c854089
SHA1 f25cf817e3272302c2b319cedf075cb69e8c1670
SHA256 4296e28124f0def71c811d4b21284c5d4e1a068484db03aeae56f536c89976c0
SHA512 9d0e67e35dac6ad8222e7c391f75dee4e28f69c29714905b36a63cf5c067d31840aaf30e79cfc7b56187dc9817a870652113655bec465c1995d2a49aa276de25

C:\Users\Admin\AppData\Local\Temp\nsjC4D.tmp

MD5 572e08d58cfa2070e5afffc1211da814
SHA1 2f553d7c8166f40dc0bcb37494f58e32d5a2ca89
SHA256 955fd85058f3c9e90e832857e012ec8439e786d3f43c8421db2d119772515f30
SHA512 4a4ca8d39ff7e223cdbe856c45e4f5fca5decd959e25205f9e6cddb05904055c01f6f903b13ac0300219347bcf1c211a19fdf91318e6a63b7a6ef11184a558d9

C:\Users\Admin\AppData\Local\Temp\main\main.bat

MD5 4b3a5b96f9eedd8626a8c12976765b56
SHA1 85307e380d233c8229f9e0de16ed82821221a0be
SHA256 1651b6ed815b2128c2362ad38a7cfcdafc6c5f8705572626c872ad788c41f6ef
SHA512 b274c74ebf059fa203408a120a2c6f54f769d93d34d916aad9b4f712455b3ffe396e325744d2488a090dafb1c4621f83428719c8fe20d93b10904953dcdc8790

C:\Users\Admin\AppData\Local\Temp\1000571001\Gzxzuhejdab.exe

MD5 5eca966dd56f0189904b8240878cba81
SHA1 770520d011c21409b93a77bf45fc858ccaaaa8af
SHA256 b09dd6fd6cb440cd5263f442082effb1089961d2c1ff86dd5cc5e47e78aa350e
SHA512 99cdf082fe098418a33eeba18799b6ccf22e08de99cab546f0add72d941fec7363c0a8d073283369c7cbd66d67ebdb0803215d19944aa30db576d467a65c2953

C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp

MD5 59faed602aa13160b881c08fe827eb2f
SHA1 69ea2712c8771a2c8289668ced36211fa2a2147b
SHA256 c6eb33c1056112c59af2370e2d2e605c5fa21747c7d77af5f68f29432bc78272
SHA512 0b5ab4f15cdbd5732be1bd7bacf87eef65a7200adc7fb209a250db911daea65668a5164d381c8c7f14ab2a8650d2104d844f1c90d4c25feabfbedafc535cbd0d

C:\Users\Admin\AppData\Local\Temp\1000572001\crypted.exe

MD5 3c9da20ad78d24df53b661b7129959e0
SHA1 e7956e819cc1d2abafb2228a10cf22b9391fb611
SHA256 2fd37ed834b6cd3747f1017ee09b3f97170245f59f9f2ed37c15b62580623319
SHA512 1a02da1652a2c00df33eceda0706adebb5a5f1c3c05e30a09857c94d2fbb93e570f768af5d6648d3a5d11eea3b5c4b1ceb9393fc05248f1eefd96e17f3bbe1b4

C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new

MD5 22c625b8fab8caa5c3cfe34dcbff02e1
SHA1 46e0eba7ec14e2bb462a4d5f8fd0c002aecbe9de
SHA256 b6150c3d97b351675d412e45a87df300460b89686c3820dae87d761beafb9665
SHA512 398405e53566c953141cf37f563640d2a5e52b82d820f2619b02ce1dcf58a90be642372e37da286594e3c6dde636047098e7655751937f7e281a1f361a41af90

C:\Users\Admin\AppData\Local\Temp\1000573001\moto.exe

MD5 d8a03867b1a2fc6ba432f8519aee1223
SHA1 843b3c061a2c0bcc528411decb4b8ae407b24b83
SHA256 c4539ee1fe909be83f780fc3ca19043016e83199050cb5ac9e4c517de567306b
SHA512 a34fda72f338b5e6bf0adabaf9e757839d8e109506c32b5253738a88476a1850225ef18c214e7d6e60d78b8ce20d2ff638586bbb589824c49f3f530a062a70d7

C:\Users\Admin\AppData\Local\Temp\1000574001\stan.exe

MD5 0afe37ff0cc701b287b66f1e6ab98dd5
SHA1 592ac2cb41dbfe2ab6ed92fba68e535c6df8aa2d
SHA256 02c9b874be2ab9824fcf7ed90d70a834ed31cb364343bbb44b426fed2fad41dc
SHA512 59f16f27321cb97296dd4eb3464b00745c6daeb1d3401cc9317d0c39bf32cbba904637e847dd01facf9c9e6f48ed34964623325c80a45913b87ac84324012ccc

C:\Users\Admin\AppData\Local\Temp\F59E91F8

MD5 5cac70fbe2fc9869397bf1989e592841
SHA1 cc522bec3c1772269465799d35268630248e801b
SHA256 17e571023337ad513deb4d436c17573b6ab3c9ebf2a3e30425c3f5fa9a638806
SHA512 f56d8d7a996401404b850b6503960ea17d68fe56acbc06de8fa9c39b20dd7f01d24837283f459655ac4efb3da10a8864623cbb041ca9ad81bc9afd1ecf9b5fb9

C:\Users\Admin\AppData\Local\Temp\is-I222F.tmp\_isetup\_shfoldr.dll

MD5 92dc6ef532fbb4a5c3201469a5b5eb63
SHA1 3e89ff837147c16b4e41c30d6c796374e0b8e62c
SHA256 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
SHA512 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

C:\Users\Admin\AppData\Local\AAC Audio Converter\lang\is-1G4LL.tmp

MD5 54ffd881611a92540e4c85e2759278c9
SHA1 ef0c1ec4f6efe6abdf9a23f1adcd88c4ec5b4348
SHA256 d075cbfb1b43dadcdac8cf572c18689134e59319fbe425e82c7bb7c4e7d5948c
SHA512 d9f77cacb264d080e12e765cba3e1cc69a19c186526bbcb25d093e0a83b4b4b8beef37a4acf2e803a08eb76c77d4a97a21fea74475d6d9d16a63f2137ab6253b

C:\Users\Admin\AppData\Local\AAC Audio Converter\lang\is-EVPU0.tmp

MD5 8f920115a9ac5904787bc4578f161a52
SHA1 941332d718cf5161881ca903b2fb125124cac68b
SHA256 f8b63fa29af4c7cff131bf14fbdaac8e6b6945444e0f13e57417fea4a3de1a6b
SHA512 b8521748d276de667e2013c697005adc45e405fee9a9970b80427cb47ba829e2f9e31fdae2bafc54cca5aeaa4c371f4d25e1ea34989eea19e732fd129abfa1c2

C:\Users\Admin\AppData\Local\AAC Audio Converter\lang\is-135S4.tmp

MD5 613ccb3ab7bc5304da08120a11bb34f2
SHA1 9e1231dc2ddc6deb2a66d494c45f0dfcf04b1d97
SHA256 565efa1b0407d221b1e6bc44811f529f98fe4d9ffb6e756b56b9525acb87ce28
SHA512 d27efae6748105c343abcdc8777d2c5065bc342569af2fd3bee92544a01ad4caefe359adf69fa56bae1fbc87f86575b797c20d821a42869d0b34ab1004b0138a

C:\ProgramData\TVTunerClassic65\TVTunerClassic65.exe

MD5 6a5345097750a95fb67c78467d60d68c
SHA1 0549e59297485e54c5bf1c088ff1b6ff43a0c2cc
SHA256 a132980e749b40daab86ea58e2d31c39d3ffc4cb1fd7d0ae318fbd712e46be8f
SHA512 568b4927c60de85e46cbedd055e7ddc80d1e82344a37f1820c36252488a49bc04715ed362bc6157291ac8234a33457d51075050f501554ac4991c008d14c8bf0

Analysis: behavioral3

Detonation Overview

Submitted

2024-01-24 11:52

Reported

2024-01-24 12:00

Platform

win11-20231215-en

Max time kernel

10s

Max time network

157s

Command Line

"C:\Users\Admin\AppData\Local\Temp\setup.exe"

Signatures

Amadey

trojan amadey

Detect ZGRat V1

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected Djvu ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Djvu Ransomware

ransomware djvu

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

SmokeLoader

trojan backdoor smokeloader

Stealc

stealer stealc

ZGRat

rat zgrat

Downloads MZ/PE file

Stops running service(s)

evasion

.NET Reactor proctector

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Reads user/profile data of web browsers

spyware stealer

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Unexpected DNS network traffic destination

Description Indicator Process Target
Destination IP 141.98.234.31 N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A api.myip.com N/A N/A
N/A ipinfo.io N/A N/A
N/A api.myip.com N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\GroupPolicy C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
File opened for modification C:\Windows\System32\GroupPolicy\gpt.ini C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
File created C:\Windows\System32\GroupPolicy\Machine\Registry.pol C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
File opened for modification C:\Windows\System32\GroupPolicy\GPT.INI C:\Users\Admin\AppData\Local\Temp\setup.exe N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\setup.exe"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc

C:\Users\Admin\Documents\GuardFox\Nuul_2bqLePUnMY7gnQMUs1r.exe

"C:\Users\Admin\Documents\GuardFox\Nuul_2bqLePUnMY7gnQMUs1r.exe"

C:\Users\Admin\Documents\GuardFox\HCQM9H_C1yyySyKv8SyS0YVO.exe

"C:\Users\Admin\Documents\GuardFox\HCQM9H_C1yyySyKv8SyS0YVO.exe"

C:\Users\Admin\Documents\GuardFox\paZz3tUqu5NPvISLDXukwfPt.exe

"C:\Users\Admin\Documents\GuardFox\paZz3tUqu5NPvISLDXukwfPt.exe"

C:\Users\Admin\Documents\GuardFox\rICul7qrTjhq3P5H7SzD79Yl.exe

"C:\Users\Admin\Documents\GuardFox\rICul7qrTjhq3P5H7SzD79Yl.exe"

C:\Users\Admin\Documents\GuardFox\ewPp8snuQHfRbNYLQtRt5v2f.exe

"C:\Users\Admin\Documents\GuardFox\ewPp8snuQHfRbNYLQtRt5v2f.exe"

C:\Users\Admin\Documents\GuardFox\50ALn4VmFCPh8ui6iwc4bQ4c.exe

"C:\Users\Admin\Documents\GuardFox\50ALn4VmFCPh8ui6iwc4bQ4c.exe"

C:\Users\Admin\Documents\GuardFox\OOCTptGsu2UHu9IoFXc8pGno.exe

"C:\Users\Admin\Documents\GuardFox\OOCTptGsu2UHu9IoFXc8pGno.exe"

C:\Users\Admin\Documents\GuardFox\iM6AdH2QsEURmdjixACa5aYZ.exe

"C:\Users\Admin\Documents\GuardFox\iM6AdH2QsEURmdjixACa5aYZ.exe"

C:\Users\Admin\Documents\GuardFox\4vJseCA75SLoZDxuhdqHOyj0.exe

"C:\Users\Admin\Documents\GuardFox\4vJseCA75SLoZDxuhdqHOyj0.exe"

C:\Users\Admin\AppData\Local\Temp\is-VVTF2.tmp\4vJseCA75SLoZDxuhdqHOyj0.tmp

"C:\Users\Admin\AppData\Local\Temp\is-VVTF2.tmp\4vJseCA75SLoZDxuhdqHOyj0.tmp" /SL5="$C007C,3301412,119808,C:\Users\Admin\Documents\GuardFox\4vJseCA75SLoZDxuhdqHOyj0.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 5140 -ip 5140

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5140 -s 372

C:\Users\Admin\AppData\Local\UUID Code Generator\uuidcodegenerator.exe

"C:\Users\Admin\AppData\Local\UUID Code Generator\uuidcodegenerator.exe" -i

C:\Users\Admin\Documents\GuardFox\KdS6aGKkq_aFxYsB75APfbTM.exe

"C:\Users\Admin\Documents\GuardFox\KdS6aGKkq_aFxYsB75APfbTM.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\Documents\GuardFox\UlGn_TApIIJsr4mr9tsRv03p.exe

"C:\Users\Admin\Documents\GuardFox\UlGn_TApIIJsr4mr9tsRv03p.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\Documents\GuardFox\20EskC9skFpVMVD5pyN0UqPk.exe

"C:\Users\Admin\Documents\GuardFox\20EskC9skFpVMVD5pyN0UqPk.exe"

C:\Users\Admin\Documents\GuardFox\ppbBb3WZSMtaPw4XUVFH_A9r.exe

"C:\Users\Admin\Documents\GuardFox\ppbBb3WZSMtaPw4XUVFH_A9r.exe"

C:\Users\Admin\Documents\GuardFox\kVoT3aWjjkvdqSg1Gvm0ebxu.exe

"C:\Users\Admin\Documents\GuardFox\kVoT3aWjjkvdqSg1Gvm0ebxu.exe"

C:\Users\Admin\Documents\GuardFox\ShfR5uWMSfPibF6_6XVB5baW.exe

"C:\Users\Admin\Documents\GuardFox\ShfR5uWMSfPibF6_6XVB5baW.exe"

C:\Users\Admin\Documents\GuardFox\lyxs9JwTflh2IH2789Bp41eo.exe

"C:\Users\Admin\Documents\GuardFox\lyxs9JwTflh2IH2789Bp41eo.exe"

C:\Users\Admin\Documents\GuardFox\2mPZ11CM7jr3ih4T7Yp7sDsO.exe

"C:\Users\Admin\Documents\GuardFox\2mPZ11CM7jr3ih4T7Yp7sDsO.exe"

C:\Users\Admin\Documents\GuardFox\z9AJkNjUvLHmoY85xUsaC8hB.exe

"C:\Users\Admin\Documents\GuardFox\z9AJkNjUvLHmoY85xUsaC8hB.exe"

C:\Windows\SysWOW64\control.exe

"C:\Windows\System32\control.exe" "C:\Users\Admin\AppData\Local\Temp\LgU0.CPl",

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Local\UUID Code Generator\uuidcodegenerator.exe

"C:\Users\Admin\AppData\Local\UUID Code Generator\uuidcodegenerator.exe" -s

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\Documents\GuardFox\UlGn_TApIIJsr4mr9tsRv03p.exe

"C:\Users\Admin\Documents\GuardFox\UlGn_TApIIJsr4mr9tsRv03p.exe"

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\LgU0.CPl",

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\WinTrackerSP\WinTrackerSP.exe" /tn "WinTrackerSP HR" /sc HOURLY /rl HIGHEST

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\WinTrackerSP\WinTrackerSP.exe" /tn "WinTrackerSP LG" /sc ONLOGON /rl HIGHEST

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Users\Admin\AppData\Local\1da881f0-ef95-4cd8-b55e-95c2c9596388" /deny *S-1-1-0:(OI)(CI)(DE,DC)

C:\Users\Admin\AppData\Local\Temp\msvcp_win\UniversalInstaller.exe

C:\Users\Admin\AppData\Local\Temp\msvcp_win\UniversalInstaller.exe

C:\Users\Admin\Documents\GuardFox\o7Hwfo_uogy9uqCn1IMWTstq.exe

"C:\Users\Admin\Documents\GuardFox\o7Hwfo_uogy9uqCn1IMWTstq.exe"

C:\Users\Admin\AppData\Roaming\msvcp_win\UniversalInstaller.exe

"C:\Users\Admin\AppData\Roaming\msvcp_win\UniversalInstaller.exe"

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN o7Hwfo_uogy9uqCn1IMWTstq.exe /TR "C:\Users\Admin\Documents\GuardFox\o7Hwfo_uogy9uqCn1IMWTstq.exe" /F

C:\Users\Admin\Documents\GuardFox\UlGn_TApIIJsr4mr9tsRv03p.exe

"C:\Users\Admin\Documents\GuardFox\UlGn_TApIIJsr4mr9tsRv03p.exe" --Admin IsNotAutoStart IsNotTask

C:\Users\Admin\Documents\GuardFox\UlGn_TApIIJsr4mr9tsRv03p.exe

"C:\Users\Admin\Documents\GuardFox\UlGn_TApIIJsr4mr9tsRv03p.exe" --Admin IsNotAutoStart IsNotTask

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5164 -s 604

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5164 -ip 5164

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cmd.exe

C:\Users\Admin\AppData\Local\Temp\jobA4_UBhXU4Hq3rac\JVvbYR2Sdm37nWg71JAX.exe

"C:\Users\Admin\AppData\Local\Temp\jobA4_UBhXU4Hq3rac\JVvbYR2Sdm37nWg71JAX.exe"

C:\Users\Admin\Documents\GuardFox\qemu-ga.exe

"C:\Users\Admin\Documents\GuardFox\qemu-ga.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0x50,0x10c,0x7fffbb759758,0x7fffbb759768,0x7fffbb759778

C:\Users\Admin\AppData\Local\Temp\jobA4_UBhXU4Hq3rac\zEIocmEFVxls8YWBR8HT.exe

"C:\Users\Admin\AppData\Local\Temp\jobA4_UBhXU4Hq3rac\zEIocmEFVxls8YWBR8HT.exe"

C:\Users\Admin\AppData\Local\Temp\1000117001\rty27.exe

"C:\Users\Admin\AppData\Local\Temp\1000117001\rty27.exe"

C:\Users\Admin\AppData\Local\Temp\jobA4_UBhXU4Hq3rac\r2rj3k2FerFWMH392m53.exe

"C:\Users\Admin\AppData\Local\Temp\jobA4_UBhXU4Hq3rac\r2rj3k2FerFWMH392m53.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffca593cb8,0x7fffca593cc8,0x7fffca593cd8

C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe

"C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffca593cb8,0x7fffca593cc8,0x7fffca593cd8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1600,i,12045815871671922268,8412323656715878987,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2696 --field-trial-handle=1600,i,12045815871671922268,8412323656715878987,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2688 --field-trial-handle=1600,i,12045815871671922268,8412323656715878987,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2028 --field-trial-handle=1600,i,12045815871671922268,8412323656715878987,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1984 --field-trial-handle=1600,i,12045815871671922268,8412323656715878987,131072 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\jobA4_UBhXU4Hq3rac\zVqgBQCPxPPq3RMThYrc.exe

"C:\Users\Admin\AppData\Local\Temp\jobA4_UBhXU4Hq3rac\zVqgBQCPxPPq3RMThYrc.exe"

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN explorhe.exe /TR "C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe" /F

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffca593cb8,0x7fffca593cc8,0x7fffca593cd8

C:\Users\Admin\AppData\Local\Temp\1000119001\FirstZ.exe

"C:\Users\Admin\AppData\Local\Temp\1000119001\FirstZ.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,12464700282875775990,7425223520576794005,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1392 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,12464700282875775990,7425223520576794005,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1864 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,12464700282875775990,7425223520576794005,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2008 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12464700282875775990,7425223520576794005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12464700282875775990,7425223520576794005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3152 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12464700282875775990,7425223520576794005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3784 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Users\Admin\AppData\Local\Temp\jobA4_UBhXU4Hq3rac\CwjKmD00H2J83qh3IOKL.exe

"C:\Users\Admin\AppData\Local\Temp\jobA4_UBhXU4Hq3rac\CwjKmD00H2J83qh3IOKL.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12464700282875775990,7425223520576794005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1816,1322205135525714413,16761514276532881200,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1988 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12464700282875775990,7425223520576794005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4560 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\1B24.exe

C:\Users\Admin\AppData\Local\Temp\1B24.exe

C:\Users\Admin\AppData\Local\Temp\1B24.exe

C:\Users\Admin\AppData\Local\Temp\1B24.exe

C:\Users\Admin\AppData\Local\Temp\220B.exe

C:\Users\Admin\AppData\Local\Temp\220B.exe

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k cmd < Adjustments & exit

C:\Windows\SysWOW64\cmd.exe

cmd

C:\Windows\system32\regsvr32.exe

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\2E22.dll

C:\Windows\SysWOW64\regsvr32.exe

/s C:\Users\Admin\AppData\Local\Temp\2E22.dll

C:\Users\Admin\AppData\Local\Temp\33DF.exe

C:\Users\Admin\AppData\Local\Temp\33DF.exe

C:\Users\Admin\AppData\Local\Temp\jobA4_UBhXU4Hq3rac\4z35P7v_AVVEPgRJajWj.exe

"C:\Users\Admin\AppData\Local\Temp\jobA4_UBhXU4Hq3rac\4z35P7v_AVVEPgRJajWj.exe"

C:\Users\Admin\AppData\Local\Temp\1000495001\SetupPowerGREPDemo.exe

"C:\Users\Admin\AppData\Local\Temp\1000495001\SetupPowerGREPDemo.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe

C:\Users\Admin\AppData\Local\Temp\1000544001\Zjqkz.exe

"C:\Users\Admin\AppData\Local\Temp\1000544001\Zjqkz.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffbb759758,0x7fffbb759768,0x7fffbb759778

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\Admin\Documents\GuardFox\OOCTptGsu2UHu9IoFXc8pGno.exe" & del "C:\ProgramData\*.dll"" & exit

C:\Users\Admin\AppData\Local\Temp\4F09.exe

C:\Users\Admin\AppData\Local\Temp\4F09.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 2732 -ip 2732

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\main\main.bat" /S"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 2568

C:\Users\Admin\AppData\Local\Temp\1000545001\gold1234.exe

"C:\Users\Admin\AppData\Local\Temp\1000545001\gold1234.exe"

C:\Windows\SysWOW64\timeout.exe

timeout /t 5

C:\Users\Admin\AppData\Local\Temp\1000546001\rdx1122.exe

"C:\Users\Admin\AppData\Local\Temp\1000546001\rdx1122.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2308 --field-trial-handle=2628,i,8136274168612481047,15782030453312580425,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2300 --field-trial-handle=2628,i,8136274168612481047,15782030453312580425,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1864 --field-trial-handle=2628,i,8136274168612481047,15782030453312580425,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1712 --field-trial-handle=2628,i,8136274168612481047,15782030453312580425,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=2628,i,8136274168612481047,15782030453312580425,131072 /prefetch:2

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4056 --field-trial-handle=2628,i,8136274168612481047,15782030453312580425,131072 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\1000548001\flesh.exe

"C:\Users\Admin\AppData\Local\Temp\1000548001\flesh.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4640 --field-trial-handle=2628,i,8136274168612481047,15782030453312580425,131072 /prefetch:8

C:\Windows\SysWOW64\findstr.exe

findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4796 --field-trial-handle=2628,i,8136274168612481047,15782030453312580425,131072 /prefetch:8

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH1\MPGPH1.exe" /tn "MPGPH1 HR" /sc HOURLY /rl HIGHEST

C:\Windows\system32\mode.com

mode 65,10

C:\Users\Admin\AppData\Local\Temp\d887ceb89d\qemu-ga.exe

"C:\Users\Admin\AppData\Local\Temp\d887ceb89d\qemu-ga.exe"

C:\Users\Admin\AppData\Local\Temp\69A7.exe

C:\Users\Admin\AppData\Local\Temp\69A7.exe

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll, Main

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5136 --field-trial-handle=2628,i,8136274168612481047,15782030453312580425,131072 /prefetch:8

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH1\MPGPH1.exe" /tn "MPGPH1 LG" /sc ONLOGON /rl HIGHEST

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

7z.exe e file.zip -p4632370330209207692137030328 -oextracted

C:\Users\Admin\AppData\Local\Temp\8500.exe

C:\Users\Admin\AppData\Local\Temp\8500.exe

C:\Users\Admin\Documents\GuardFox\o7Hwfo_uogy9uqCn1IMWTstq.exe

C:\Users\Admin\Documents\GuardFox\o7Hwfo_uogy9uqCn1IMWTstq.exe

C:\Users\Admin\AppData\Local\Temp\is-L9IU2.tmp\8500.tmp

"C:\Users\Admin\AppData\Local\Temp\is-L9IU2.tmp\8500.tmp" /SL5="$402F8,3460870,54272,C:\Users\Admin\AppData\Local\Temp\8500.exe"

C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe

C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe

C:\Users\Admin\AppData\Local\AAC Audio Converter\aacaudioconverter.exe

"C:\Users\Admin\AppData\Local\AAC Audio Converter\aacaudioconverter.exe" -i

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\system32\schtasks.exe" /Delete /F /TN "AACAC1241"

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force

C:\Users\Admin\AppData\Local\AAC Audio Converter\aacaudioconverter.exe

"C:\Users\Admin\AppData\Local\AAC Audio Converter\aacaudioconverter.exe" -s

C:\Users\Admin\AppData\Local\Temp\1000552001\store.exe

"C:\Users\Admin\AppData\Local\Temp\1000552001\store.exe"

C:\Users\Admin\AppData\Local\Temp\9F30.exe

C:\Users\Admin\AppData\Local\Temp\9F30.exe

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 380 -p 3692 -ip 3692

C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe

"C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 1396

C:\Users\Admin\AppData\Local\Temp\B46F.exe

C:\Users\Admin\AppData\Local\Temp\B46F.exe

C:\Users\Admin\AppData\Local\Temp\1000556001\latestrocki.exe

"C:\Users\Admin\AppData\Local\Temp\1000556001\latestrocki.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 6004 -ip 6004

C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe

C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6004 -s 380

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop UsoSvc

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 --field-trial-handle=2628,i,8136274168612481047,15782030453312580425,131072 /prefetch:8

C:\Windows\system32\regsvr32.exe

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\E5C1.dll

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 --field-trial-handle=2628,i,8136274168612481047,15782030453312580425,131072 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\1000560001\kskskfsf.exe

"C:\Users\Admin\AppData\Local\Temp\1000560001\kskskfsf.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe

C:\Windows\SysWOW64\regsvr32.exe

/s C:\Users\Admin\AppData\Local\Temp\E5C1.dll

C:\Users\Admin\AppData\Local\Temp\InstallSetup7.exe

"C:\Users\Admin\AppData\Local\Temp\InstallSetup7.exe"

C:\Windows\system32\wusa.exe

wusa /uninstall /kb:890830 /quiet /norestart

C:\Users\Admin\AppData\Local\Temp\20D7.exe

C:\Users\Admin\AppData\Local\Temp\20D7.exe

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop WaaSMedicSvc

C:\Users\Admin\AppData\Local\Temp\1000563001\pixellslsss.exe

"C:\Users\Admin\AppData\Local\Temp\1000563001\pixellslsss.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "

C:\Users\Admin\AppData\Local\Temp\1000564001\num.exe

"C:\Users\Admin\AppData\Local\Temp\1000564001\num.exe"

C:\Users\Admin\AppData\Local\Temp\toolspub1.exe

"C:\Users\Admin\AppData\Local\Temp\toolspub1.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe

C:\Users\Admin\AppData\Roaming\jigehtw

C:\Users\Admin\AppData\Roaming\jigehtw

C:\Users\Admin\Documents\GuardFox\o7Hwfo_uogy9uqCn1IMWTstq.exe

C:\Users\Admin\Documents\GuardFox\o7Hwfo_uogy9uqCn1IMWTstq.exe

C:\Users\Admin\AppData\Local\Temp\1000569001\leg221.exe

"C:\Users\Admin\AppData\Local\Temp\1000569001\leg221.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 7124 -ip 7124

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop wuauserv

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"

Network

Country Destination Domain Proto
NL 195.20.16.45:80 195.20.16.45 tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 api.myip.com udp
US 172.67.75.163:443 api.myip.com tcp
US 8.8.8.8:53 45.16.20.195.in-addr.arpa udp
US 34.117.186.192:443 ipinfo.io tcp
AT 5.42.64.33:80 5.42.64.33 tcp
FI 109.107.182.40:80 109.107.182.40 tcp
US 8.8.8.8:53 ji.alie3ksggg.com udp
US 8.8.8.8:53 cczhk.com udp
US 8.8.8.8:53 medfioytrkdkcodlskeej.net udp
US 8.8.8.8:53 294self-limited.sbs udp
US 8.8.8.8:53 192.186.117.34.in-addr.arpa udp
RU 87.240.132.72:80 vk.com tcp
RU 87.240.132.72:80 vk.com tcp
US 172.67.173.86:80 joxy.ayazprak.com tcp
RU 91.215.85.209:80 medfioytrkdkcodlskeej.net tcp
US 104.21.10.36:80 294self-limited.sbs tcp
US 104.21.10.36:80 294self-limited.sbs tcp
HK 154.92.15.189:80 ji.alie3ksggg.com tcp
RU 87.240.132.72:80 vk.com tcp
RU 87.240.132.72:80 vk.com tcp
RU 91.215.85.209:80 medfioytrkdkcodlskeej.net tcp
US 104.21.10.36:443 294self-limited.sbs tcp
RU 87.240.132.72:80 vk.com tcp
RU 87.240.132.72:80 vk.com tcp
RU 91.215.85.209:443 medfioytrkdkcodlskeej.net tcp
RU 87.240.132.72:80 vk.com tcp
RU 87.240.132.72:80 vk.com tcp
PA 190.218.35.224:80 cczhk.com tcp
RU 87.240.132.72:80 vk.com tcp
RU 87.240.132.72:80 vk.com tcp
RU 87.240.132.72:80 vk.com tcp
RU 87.240.132.72:80 vk.com tcp
RU 87.240.132.72:80 vk.com tcp
US 8.8.8.8:53 224.35.218.190.in-addr.arpa udp
RU 87.240.132.72:80 vk.com tcp
RU 87.240.132.72:80 vk.com tcp
RU 87.240.132.72:80 vk.com tcp
PA 190.218.35.224:80 cczhk.com tcp
RU 87.240.132.72:80 vk.com tcp
RU 87.240.132.72:80 vk.com tcp
RU 87.240.132.72:80 vk.com tcp
RU 87.240.132.72:80 vk.com tcp
RU 87.240.132.72:80 vk.com tcp
RU 87.240.132.72:80 vk.com tcp
RU 87.240.132.72:80 vk.com tcp
RU 87.240.132.72:80 vk.com tcp
RU 87.240.132.72:80 vk.com tcp
RU 87.240.132.72:443 vk.com tcp
RU 87.240.132.72:443 vk.com tcp
RU 87.240.132.72:443 vk.com tcp
US 8.8.8.8:53 sun6-21.userapi.com udp
RU 87.240.132.72:443 vk.com tcp
NL 95.142.206.1:443 sun6-21.userapi.com tcp
NL 95.142.206.0:443 sun6-20.userapi.com tcp
RU 87.240.132.72:443 vk.com tcp
NL 95.142.206.1:443 sun6-21.userapi.com tcp
RU 87.240.190.76:443 tcp
NL 95.142.206.3:443 tcp
RU 87.240.132.72:443 vk.com tcp
RU 87.240.132.72:443 vk.com tcp
RU 87.240.132.72:443 vk.com tcp
US 8.8.8.8:53 3.206.142.95.in-addr.arpa udp
US 8.8.8.8:53 76.190.240.87.in-addr.arpa udp
RU 87.240.132.72:443 vk.com tcp
RU 87.240.132.72:443 vk.com tcp
RU 87.240.132.72:443 vk.com tcp
DE 185.172.128.24:80 185.172.128.24 tcp
HK 154.92.15.189:443 ji.alie3ksggg.com tcp
NL 195.20.16.45:80 195.20.16.45 tcp
US 34.117.186.192:443 ipinfo.io tcp
FR 199.232.168.193:443 tcp
RU 193.233.132.62:50500 tcp
FI 109.107.182.3:80 109.107.182.3 tcp
US 104.21.4.208:443 tcp
DE 185.172.128.19:80 185.172.128.19 tcp
US 104.21.63.150:443 tcp
NL 91.92.245.15:80 tcp
HK 154.92.15.189:443 ji.alie3ksggg.com tcp
DE 77.105.147.130:80 tcp
US 172.67.75.163:443 api.myip.com tcp
US 34.117.186.192:443 ipinfo.io tcp
NL 195.20.16.45:80 tcp
NL 195.20.16.45:80 tcp
NL 45.15.156.60:12050 tcp
RU 91.215.85.120:80 selebration17io.io tcp
KG 91.213.233.138:443 tcp
DK 37.75.166.2:443 tcp
IS 89.147.111.76:9001 tcp
US 8.8.8.8:53 2.166.75.37.in-addr.arpa udp
US 8.8.8.8:53 76.111.147.89.in-addr.arpa udp
FI 109.107.182.3:80 109.107.182.3 tcp
US 34.117.186.192:443 ipinfo.io tcp
US 8.8.8.8:53 tiny.ayazprak.com udp
US 104.21.80.24:80 tiny.ayazprak.com tcp
DE 141.95.211.148:46011 tcp
DE 185.172.128.19:80 tcp
DE 185.172.128.19:80 tcp
US 172.67.173.89:443 tcp
RU 193.233.132.62:50500 tcp
US 172.67.129.86:443 carvewomanflavourwop.site tcp
KR 175.120.254.9:80 cczhk.com tcp
IS 89.147.111.76:9001 tcp
US 8.8.8.8:53 mwlogin.net udp
GB 104.103.204.41:443 tcp
BD 103.230.106.211:443 tcp
GB 104.103.204.41:21 tcp
BD 103.230.106.211:22 tcp
RU 185.215.113.68:80 185.215.113.68 tcp
BD 103.230.106.211:21 tcp
US 8.8.8.8:53 11.38.21.104.in-addr.arpa udp
BD 103.230.106.211:143 tcp
VN 61.28.233.26:22 tcp
GB 99.86.114.7:21 tcp
GB 99.86.114.7:22 tcp
US 104.21.38.11:443 tcp
GB 99.86.114.7:443 tcp
DK 37.75.166.2:443 tcp
VN 61.28.233.26:21 tcp
BD 103.230.106.211:80 tcp
BD 103.230.106.211:465 tcp
VN 61.28.233.26:443 tcp
GB 99.86.114.56:21 tcp
NL 142.250.153.26:143 tcp
BD 103.230.106.211:995 tcp
VN 61.28.233.26:80 tcp
VN 61.28.233.26:465 tcp
GB 99.86.114.7:465 tcp
VN 61.28.233.26:143 tcp
NL 142.250.153.26:995 tcp
GB 99.86.114.7:80 account.hoyoverse.com tcp
US 104.21.59.151:443 tcp
FI 95.216.35.168:22 tcp
FI 95.216.35.168:21 tcp
JP 3.114.45.214:22 tcp
GB 99.86.114.38:22 tcp
GB 104.103.204.41:443 tcp
GB 99.86.114.7:995 tcp
GB 99.86.114.38:21 tcp
GB 99.86.114.7:443 tcp
GB 99.86.114.7:80 tcp
JP 3.114.45.214:80 tcp
JP 3.114.45.214:443 tcp
US 8.8.8.8:53 90.128.172.185.in-addr.arpa udp
GB 99.86.114.56:995 tcp
NL 142.250.153.26:465 tcp
DE 185.172.128.90:80 tcp
BD 103.230.106.211:465 tcp
GB 104.82.235.78:21 shop.samsung.com tcp
DE 20.113.35.45:38357 tcp
BD 103.230.106.211:143 tcp
BD 103.230.106.211:22 tcp
BD 103.230.106.211:21 tcp
GB 99.86.114.7:443 tcp
BD 103.230.106.211:80 tcp
GB 99.86.114.38:143 tcp
HK 154.92.15.189:80 ji.alie3ksggg.com tcp
JP 57.181.18.200:21 tcp
GB 99.86.114.7:22 tcp
IE 209.85.203.84:22 tcp
IE 209.85.203.84:21 tcp
JP 3.114.45.214:465 tcp
BD 103.230.106.211:995 tcp
GB 104.103.204.41:21 www.catawiki.fr tcp
BG 185.176.40.129:21 tcp
BG 185.176.40.129:22 tcp
FI 95.216.35.168:995 tcp
US 8.8.8.8:53 ddtank-walker2.com udp
GB 99.86.114.56:22 tcp
US 172.67.213.180:443 tcp
JP 3.114.45.214:143 tcp
GB 99.86.114.7:21 tcp
GB 99.86.114.56:21 tcp
FI 95.216.35.168:465 tcp
GB 99.86.114.8:22 tcp
US 8.8.8.8:53 skytasks.vip udp
JP 57.181.18.200:465 tcp
GB 99.86.114.8:21 tcp
RU 5.42.65.31:48396 tcp
HK 154.92.15.189:80 ji.alie3ksggg.com tcp
NL 142.250.153.26:143 tcp
VN 61.28.233.26:21 tcp
GB 104.82.235.78:465 shop.samsung.com tcp
GB 104.82.235.78:80 shop.samsung.com tcp
JP 3.114.45.214:80 information.enagic.com tcp
BD 103.230.106.211:80 bnmc.teletalk.com.bd tcp
GB 99.86.114.7:143 tcp
NL 142.251.9.14:995 tcp
GB 99.86.114.7:995 tcp
NL 142.250.153.26:995 tcp
GB 99.86.114.56:465 tcp
VN 61.28.233.26:143 tcp
NL 142.251.9.14:465 tcp
BD 103.230.106.211:222 tcp
BD 103.230.106.211:990 tcp
BG 185.176.40.129:143 tcp
FI 95.216.35.168:22 tcp
VN 61.28.233.26:995 tcp
GB 99.86.114.56:143 tcp
FI 95.216.35.168:80 tcp
JP 3.114.45.214:21 tcp
US 35.190.81.132:443 www.freepik.es tcp
US 35.190.81.132:21 www.freepik.es tcp
BD 103.230.106.211:993 tcp
GB 104.103.204.41:80 www.catawiki.fr tcp
JP 57.181.18.200:21 tcp
GB 2.17.5.46:21 tcp
US 35.190.81.132:22 www.freepik.es tcp
FI 95.216.35.168:21 tcp
US 8.8.8.8:53 ddtank-walker2.com udp
US 8.8.8.8:53 moneybox.co.ke udp
BG 185.176.40.129:22 tcp
GB 99.86.114.56:995 tcp
BG 185.176.40.129:465 tcp
BG 185.176.40.129:21 tcp
BG 185.176.40.129:80 cp1.runhosting.com tcp
GB 2.17.5.46:143 store.steampowered.com tcp
GB 2.17.5.46:80 store.steampowered.com tcp
JP 3.114.45.214:80 tcp
BD 103.230.106.211:80 bnmc.teletalk.com.bd tcp
KE 196.61.52.35:443 tcp
KE 196.61.52.35:143 tcp
VN 61.28.233.26:465 tcp
GB 142.250.187.195:443 tcp
GB 142.250.187.195:443 tcp
BD 103.230.106.211:587 tcp
US 146.148.34.125:22 tcp
GB 104.82.235.78:22 shop.samsung.com tcp
FI 95.216.35.168:143 tcp
FI 95.216.35.168:995 tcp
GB 216.58.204.68:443 tcp
GB 2.17.5.46:465 store.steampowered.com tcp
IE 209.85.203.84:22 tcp
FI 95.216.35.168:465 tcp
KE 196.61.52.35:80 itax.kra.go.ke tcp
DE 185.172.128.53:80 tcp
GB 104.103.204.41:80 www.catawiki.fr tcp
GB 99.86.114.7:222 tcp
US 8.8.8.8:53 steamcommunity.com udp
JP 3.114.45.214:143 tcp
IE 209.85.203.84:21 tcp
GB 99.86.114.7:990 tcp
GB 104.82.235.78:80 shop.samsung.com tcp
GB 99.86.114.7:443 tcp
NL 142.250.27.26:465 aspmx2.googlemail.com tcp
GB 99.86.114.7:80 tcp
KE 196.61.52.35:22 tcp
GB 99.86.114.56:222 tcp
IE 209.85.203.84:443 tcp
BD 103.230.106.211:110 tcp
BG 185.176.40.129:80 cp1.runhosting.com tcp
JP 3.114.45.214:995 tcp
BG 185.176.40.129:995 tcp
JP 3.114.45.214:465 tcp
GB 142.250.179.238:443 tcp
IE 209.85.203.84:80 accounts.google.com tcp
GB 99.86.114.38:222 tcp
GB 2.17.5.46:995 store.steampowered.com tcp
GB 104.82.235.78:143 shop.samsung.com tcp
KE 196.61.52.35:465 tcp
GB 142.250.187.227:443 tcp
IE 209.85.203.84:22 tcp
GB 99.86.114.8:222 tcp
FI 95.216.35.168:80 cabinet.instaforex.com tcp
IE 209.85.203.84:21 tcp
GB 104.82.235.78:80 shop.samsung.com tcp
IE 209.85.203.84:80 tcp
GB 142.250.187.238:443 tcp
GB 2.17.5.46:80 store.steampowered.com tcp
US 35.190.81.132:80 www.freepik.es tcp
VN 61.28.233.26:222 tcp
GB 104.82.235.78:465 shop.samsung.com tcp
GB 2.17.5.46:22 store.steampowered.com tcp
NL 142.251.9.14:143 tcp
BG 185.176.40.129:443 tcp
JP 3.114.45.214:222 tcp
KE 196.61.52.35:995 tcp
BG 185.176.40.129:80 cp1.runhosting.com tcp
NL 142.251.9.14:465 tcp
IE 209.85.203.84:443 tcp
GB 104.82.235.78:995 shop.samsung.com tcp
GB 99.86.114.7:80 account.hoyoverse.com tcp
US 172.67.201.26:21 mondowarezz.cz tcp
VN 61.28.233.26:990 tcp
FI 95.216.35.168:80 cabinet.instaforex.com tcp
KE 196.61.52.35:21 tcp
US 104.21.66.46:21 mondowarezz.cz tcp
VN 61.28.233.26:80 tcp
BR 200.253.187.113:22 uol.unifor.br tcp
GB 104.103.204.41:222 www.catawiki.fr tcp
NL 142.250.27.26:995 aspmx2.googlemail.com tcp
NL 142.250.153.26:993 tcp
VN 61.28.233.26:80 tcp
BD 103.230.106.211:80 tcp
JP 3.114.45.214:80 tcp
DE 87.251.77.166:80 tcp
GB 99.86.114.7:587 tcp
NL 142.250.153.26:587 tcp
KE 196.61.52.35:80 tcp
US 35.190.81.132:21 www.freepik.es tcp
FI 95.216.35.168:222 tcp
GB 99.86.114.7:993 tcp
US 8.8.8.8:53 moneybox.co.ke udp
US 8.8.8.8:53 ftp.moneybox.co.ke udp
US 8.8.8.8:53 ddtank-walker2.com udp
US 8.8.8.8:53 ftp.mwlogin.net udp
US 8.8.8.8:53 mwlogin.net udp
US 8.8.8.8:53 ftp.gramtakipci.com udp
US 8.8.8.8:53 mail.gramtakipci.com udp
US 8.8.8.8:53 mail.mwlogin.net udp
GB 99.86.114.56:993 tcp
IE 209.85.203.84:80 accounts.google.com tcp
VN 61.28.233.26:587 tcp
GB 99.86.114.38:993 tcp
GB 99.86.114.8:993 tcp
BR 200.253.187.113:21 uol.unifor.br tcp
BD 103.230.106.211:80 bnmc.teletalk.com.bd tcp
GB 99.86.114.7:222 tcp
BG 185.176.40.129:143 tcp
BD 103.230.106.211:990 tcp
GB 2.17.5.46:443 store.steampowered.com tcp
GB 104.103.204.41:80 catawiki.fr tcp
BD 103.230.106.211:222 tcp
BG 185.176.40.129:465 tcp
US 172.67.201.26:443 mondowarezz.cz tcp
NL 142.251.9.14:995 tcp
US 146.148.34.125:80 skytasks.vip tcp
GB 99.86.114.56:222 tcp
GB 104.82.235.78:80 shop.samsung.com tcp
GB 99.86.114.38:222 tcp
GB 2.17.5.46:465 store.steampowered.com tcp
IE 209.85.203.84:80 accounts.google.com tcp
IE 209.85.203.84:222 tcp
BG 185.176.40.129:990 tcp
GB 104.103.204.41:443 catawiki.fr tcp
GB 99.86.114.8:222 tcp
DE 138.201.125.92:15647 tcp
JP 3.114.45.214:80 information.enagic.com tcp
GB 104.103.202.103:443 help.steampowered.com tcp
GB 2.17.5.46:143 store.steampowered.com tcp
FI 95.216.35.168:993 tcp
JP 3.114.45.214:587 tcp
FI 95.216.35.168:443 tcp
JP 57.181.18.200:587 tcp
IE 209.85.203.84:21 tcp
US 104.21.1.205:443 tcp
US 172.67.206.188:443 tcp
US 188.114.96.2:443 tcp
US 172.67.222.78:443 tcp
BG 185.176.40.129:80 cp1.runhosting.com tcp
NL 142.251.9.14:993 tcp
GB 2.17.5.46:222 store.steampowered.com tcp
IE 209.85.203.84:80 accounts.google.com tcp
US 205.139.110.141:143 us-smtp-inbound-2.mimecast.com tcp
US 205.139.110.242:143 us-smtp-inbound-2.mimecast.com tcp
US 205.139.110.221:143 us-smtp-inbound-2.mimecast.com tcp
US 207.211.30.242:143 us-smtp-inbound-2.mimecast.com tcp
US 207.211.30.141:143 us-smtp-inbound-2.mimecast.com tcp
US 172.67.201.26:80 mondowarezz.cz tcp
US 207.211.30.221:143 us-smtp-inbound-2.mimecast.com tcp
US 35.190.81.132:443 www.freepik.es tcp
GB 99.86.114.7:80 account.hoyoverse.com tcp
US 172.67.177.31:443 tcp
US 205.139.110.141:465 us-smtp-inbound-2.mimecast.com tcp
IE 209.85.203.84:443 tcp
US 8.8.8.8:53 mail.gramtakipci.com udp
RU 185.215.113.68:80 tcp
US 205.139.110.242:465 us-smtp-inbound-2.mimecast.com tcp
KR 203.252.173.147:22 safety.kku.ac.kr tcp
US 205.139.110.221:465 us-smtp-inbound-2.mimecast.com tcp
BD 103.230.106.211:25 tcp
JP 3.114.45.214:990 tcp
GB 99.86.114.7:80 account.hoyoverse.com tcp
US 207.211.30.242:465 us-smtp-inbound-2.mimecast.com tcp
US 207.211.30.141:465 us-smtp-inbound-2.mimecast.com tcp
US 207.211.30.221:465 us-smtp-inbound-2.mimecast.com tcp
KE 196.61.52.35:443 itax.kra.go.ke tcp
JP 57.181.18.200:990 tcp
N/A 173.222.13.40:80 tcp
RU 87.240.132.72:80 tcp
N/A 173.222.13.40:80 tcp
RU 87.240.132.72:80 tcp
RU 87.240.132.72:80 tcp
RU 185.215.113.68:80 tcp
BR 200.253.187.113:80 uol.unifor.br tcp
GB 104.103.202.103:80 help.steampowered.com tcp
GB 96.17.179.201:80 tcp
GB 2.17.5.46:80 store.steampowered.com tcp
GB 104.82.235.78:80 shop.samsung.com tcp
IE 209.85.203.84:443 tcp
IE 209.85.203.84:990 tcp
US 172.64.149.252:22 login.vivo.com.br tcp
US 104.18.38.4:22 login.vivo.com.br tcp
US 104.21.35.143:443 tcp
US 188.114.96.2:443 tcp
US 75.2.122.238:80 ww11.skytasks.vip tcp
US 146.148.34.125:80 skytasks.vip tcp
BG 185.176.40.129:110 tcp
US 172.67.188.229:80 yourfreesurveys.com tcp
US 216.194.165.45:465 _dc-mx.95357cfbcadb.yourfreesurveys.com tcp
FI 95.216.35.168:80 cabinet.instaforex.com tcp
VN 61.28.233.26:21 mail.id.mgo.vn tcp
US 104.21.55.202:443 copyrightspareddcitwew.site tcp
GB 104.103.202.103:80 help.steampowered.com tcp
BD 103.230.106.211:80 bnmc.teletalk.com.bd tcp
JP 3.114.45.214:80 information.enagic.com tcp
US 172.67.201.26:443 mondowarezz.cz tcp
VN 61.28.233.26:2222 mail.id.mgo.vn tcp
NL 142.250.153.26:220 tcp
GB 104.103.204.41:2222 catawiki.fr tcp
GB 99.86.114.7:443 tcp
KE 196.61.52.35:443 itax.kra.go.ke tcp
DZ 41.111.130.60:80 sidjilcom.cnrc.dz tcp
BG 185.176.40.129:443 tcp
US 35.190.81.132:443 www.freepik.es tcp
NL 103.147.152.36:995 mail.mondowarezz.cz tcp
NL 103.147.152.36:465 mail.mondowarezz.cz tcp
GB 99.86.114.7:220 tcp
NL 142.250.27.26:110 aspmx2.googlemail.com tcp
VN 61.28.233.26:80 mail.id.mgo.vn tcp
BG 185.176.40.129:80 cp1.runhosting.com tcp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 ico.wcex.co udp
US 8.8.8.8:53 smtpin.vvv.facebook.com udp
US 8.8.8.8:53 ftp.cabinet.instaforex.com udp
US 8.8.8.8:53 mail.account.hoyoverse.com udp
US 8.8.8.8:53 ftp.moneybox.co.ke udp
US 8.8.8.8:53 help.steampowered.com udp
US 8.8.8.8:53 mail.fsaid.ed.gov udp
US 8.8.8.8:53 mwlogin.net udp
US 8.8.8.8:53 mail.moneybox.co.ke udp
US 8.8.8.8:53 ftp.ddtank-walker2.com udp
US 8.8.8.8:53 ssh.moneybox.co.ke udp
US 8.8.8.8:53 moneybox.co.ke udp
US 8.8.8.8:53 ssh.gramtakipci.com udp
US 8.8.8.8:53 ftp.mwlogin.net udp
US 8.8.8.8:53 ftp.gramtakipci.com udp
US 8.8.8.8:53 mail.bnmc.teletalk.com.bd udp
US 8.8.8.8:53 ftp.fsaid.ed.gov udp
GB 104.103.204.41:443 www.catawiki.com tcp
IE 209.85.203.84:80 accounts.google.com tcp
US 172.64.149.252:22 login.vivo.com.br tcp
US 104.18.38.4:22 login.vivo.com.br tcp
DE 185.172.128.109:80 185.172.128.109 tcp
US 8.8.8.8:53 siaps-akuntansipolines.com udp
US 8.8.8.8:53 mail.information.enagic.com udp
HK 154.92.15.189:80 ji.alie3ksggg.com tcp
KR 203.252.173.147:80 safety.kku.ac.kr tcp
IE 209.85.203.84:80 accounts.google.com tcp
GB 104.82.235.78:80 shop.samsung.com tcp
GB 163.70.147.22:80 en-gb.facebook.com tcp
US 8.8.8.8:53 ftp.siaps-akuntansipolines.com udp
US 8.8.8.8:53 information.enagic.com udp
US 8.8.8.8:53 en-gb.facebook.com udp
US 8.8.8.8:53 scarlet-clicks.info udp
US 8.8.8.8:53 60.130.111.41.in-addr.arpa udp
US 8.8.8.8:53 36.152.147.103.in-addr.arpa udp
US 8.8.8.8:53 ssh.fsaid.ed.gov udp
RU 193.233.132.67:50505 tcp
GB 2.17.5.46:443 store.steampowered.com tcp
GB 104.103.204.41:443 www.catawiki.com tcp
GB 104.103.202.103:443 help.steampowered.com tcp
HK 141.98.234.31:53 buzvabv.com udp
FI 95.216.35.168:443 tcp
VN 61.28.233.26:80 mail.id.mgo.vn tcp
US 172.67.188.229:80 yourfreesurveys.com tcp
US 172.64.149.252:80 login.vivo.com.br tcp

Files

memory/4232-0-0x00007FFFDDF30000-0x00007FFFDDF32000-memory.dmp

memory/4232-2-0x00007FF756F30000-0x00007FF757C03000-memory.dmp

memory/4232-1-0x00007FF756F30000-0x00007FF757C03000-memory.dmp

C:\Users\Admin\Documents\GuardFox\OOCTptGsu2UHu9IoFXc8pGno.exe

MD5 b982a1886afa6dc5d429f1d9fa631cf6
SHA1 59695508f14578530305bedb8a6196aed68d18ae
SHA256 34d25a6f3925f6ac52da525a74a45bfc284f5815fd3a18a6691a87932a02f451
SHA512 201cf1a8ac28298c37e9d7f23a18b14b2343c23082d11912065f8f512fdb461fe7236baf8d508a9ea1e7079e08e2531b781699603db5c7216f1979b338b37157

C:\Users\Admin\Documents\GuardFox\4vJseCA75SLoZDxuhdqHOyj0.exe

MD5 cbaba42d5bd7349e65ebee264068c078
SHA1 50e8ec1c8b56889fe80b7911bc95252b3e958e6e
SHA256 0874c2f4d4c113dbce701b6c4c930125632c074f9ce2e71768ed9614dfda3acd
SHA512 ad56cabc9b204257c5b3119827323edc97452a313b49f25c167f4b1df4b1c25a3272f8e23538f002094a92a3419cfb8f1e2767bfd7358842e8a646865368693d

C:\Users\Admin\Documents\GuardFox\ewPp8snuQHfRbNYLQtRt5v2f.exe

MD5 6421ef87a4e925146a13d77f8f01cce3
SHA1 7799a623ed4b391a96e2d57033fc4a33ae92534d
SHA256 110cc78e7dba811b45751b78a926d3ce351a10998aabe3f625e9f55824eba0ba
SHA512 7f69e7f4c3bfc0638ad0b008d5fcbd6d0cf585a0b8bbe68629412ad8a29300e6ce742dae58ce5dc7ca399b5989c4791575a1c01cb3e2e967cc4563d55ef63753

C:\Users\Admin\Documents\GuardFox\iM6AdH2QsEURmdjixACa5aYZ.exe

MD5 94bac7cfe1da94f8d664a9da385ada8b
SHA1 eb1e3855621ed34630d8d3f5cfd8afc73c706da6
SHA256 07be7d02bf5a74ab0e1345f3d95f24c3237bec6aefac746457c4b41a5f332bda
SHA512 e28b545a600d59c10616aaa5a973469fee32d61462bc59b403f78fdfa4e39d621253fc07c9943334b58bd5e555a9a7b90c9e2c3965c419281474b41f1b1f1073

C:\Users\Admin\Documents\GuardFox\Nuul_2bqLePUnMY7gnQMUs1r.exe

MD5 47367776129775ff7c382a0f1a6adf65
SHA1 bf14ecd55a0bc0d29a23a1e1b3270ff4deedf77f
SHA256 49c616bf0f452c60b770d3c2856f0ae7b99be5655596d6b4d76321168966959a
SHA512 8490683679e6bde2196855592cea0dba3906fe92edd952bf27ef939f09873910ee974b8ca3648cb6e0002fcdce83a50c5931c72b1c5efb76c2fbe7fc95cd6aae

C:\Users\Admin\Documents\GuardFox\50ALn4VmFCPh8ui6iwc4bQ4c.exe

MD5 dba8d3e36098f8655698e53fb17685bb
SHA1 b71de4a76166e0c52fde5e10175c9fe3b691ed02
SHA256 c634b08c10ba3e2b6fcf4d6b6b49aa3c6ebad1784bea5e421ff6e360feae7922
SHA512 ab3558e095f365e2f562565403aa103aa7bf37b6a0938fac548047e61e291f050e49b93e5d5cb0bf9aab117b6b659c4d3d5f139b9d14f2464df52f86eac98c36

C:\Users\Admin\Documents\GuardFox\UlGn_TApIIJsr4mr9tsRv03p.exe

MD5 329787f657d28189c25519c21262fd72
SHA1 e68fa3fdca93284d9548830f9de084ce86ebc518
SHA256 c15a8e0ba4374315f911d540a717dc8eb58b7fd2d10310e7b7d72408b22c69a3
SHA512 fc0e4c19dcd377c2e770b3b85ea5d518510b4e180828a6b4d2c3224a5b2f481db2f40b42cb33125d8ddc8f6b62ccb7027a3e7ff229034c9a01ca638f55fb1690

C:\Users\Admin\Documents\GuardFox\z9AJkNjUvLHmoY85xUsaC8hB.exe

MD5 898ca92a1a0830606f7f36d6974a57fd
SHA1 1858b49fe61a317b76dabb0284f39ebfe22df59b
SHA256 eaa3c3071478144903f15aba835cb88d5da30f6e59ff81029ea37b472d5819be
SHA512 68ce2672d50ca7a32f317df677f947c2a0114ba37dacf9abe7be7c9be8e79f34000ccfd7eebab1f20a78d5cac22f538739dde663d4325b929794b985b3c74311

C:\Users\Admin\Documents\GuardFox\LzVc3TRfNG39udB2w5AWTaAX.exe

MD5 043d7f1dbc4238e04afb368a084a9420
SHA1 205de3c71ab3fd194a23e5da081f97ca4388232f
SHA256 aa9533a44e43caf644491c5be98c0da561ddcac91743aee81ac9bb03e2e51b3b
SHA512 fd6f59f818c3ed544a941aaa44603876a5d7d235e46439ec1db6ab5518370223bcba2e1dab30c921f9ffeda93d04f37dd2b975566a798a5f0647ad514506a482

C:\Users\Admin\Documents\GuardFox\HCQM9H_C1yyySyKv8SyS0YVO.exe

MD5 933b3fc15fcba5d035d8a5eb60757f67
SHA1 fe0d784f44113dcb587de28095b9da4f3acfb8d7
SHA256 0feeae22d27178b5f70324b14165dbeb7918993464bf96d50a227d484db14814
SHA512 92d05af0538b27bcb992cb91a6bd3dd33d9a16792e5d722e174a60397ebe137874a31ea067bc402a55eb355f4f40302b88728c6d9502974fd1e5e75bb43ed591

C:\Users\Admin\Documents\GuardFox\lyxs9JwTflh2IH2789Bp41eo.exe

MD5 ec585f01cd4d5bb1a0e5f16f471350d2
SHA1 6ad1dc63fe111eaf7d1bf39828de68b9935eb0ee
SHA256 d992b21b5918be51b983034261c9ff6230a8e7862db2bdf494f99bd5ad45de4a
SHA512 0cdafdb992106eb42491d77f2bc44b37f1bcd76540b3ad4debd075dde66f55b8f574c86a2258f85d5237ce2c93a6548bcb5b00328a17fc8aadf1fa31b60e700a

C:\Users\Admin\Documents\GuardFox\kVoT3aWjjkvdqSg1Gvm0ebxu.exe

MD5 3e692dad602bd61d72b11ff0db80903c
SHA1 ca3f95216a1fd7ba0bccdb59a952c4b5d5316a5a
SHA256 5330b96e7741b404988f6d2f261f648eebd709f40bf7bb2b59e50deb6e5c8ab5
SHA512 e3780db4be948044b2771d787e8ef12cb97d39876857c1d103239af356ace63990fd20895c08dd9fe308bc2cee79f51ea63eeead7fffd7c8e7927d6aa6e5a2b4

C:\Users\Admin\Documents\GuardFox\paZz3tUqu5NPvISLDXukwfPt.exe

MD5 f32e7f0aa6c1b764ffff83aa2e934289
SHA1 88338755254f912d88b865e68db98935ea320d1a
SHA256 2e5d24fdcbfa5b6c9895d08c00ef22ad2c14d11139a334f6394c21613f61eec8
SHA512 cf738434cf3796daf8369cc886a7dad2dc8ad75b5bebefc34889cd8e7913f2133306d220aa28f9c7d72b51615753fa448fdc654f15044ff672ef6f73e0cb2949

C:\Users\Admin\Documents\GuardFox\ppbBb3WZSMtaPw4XUVFH_A9r.exe

MD5 729787f1c363c4a9f52207c8c19545fd
SHA1 e4d016dd229afd8261274ab4cdc670b54c3152d7
SHA256 d61c623fc0ea5b92d112dc66adbe7dfb9ac731558214f6c973d16f168cd1a8d1
SHA512 862d0116677833188a55545a9d8001247275b5030b77946e1cba27a979d3987f8b277f1684da23e0d2275448304e0aec034d511cfab1eb014f3e063c7f3f2a97

C:\Users\Admin\Documents\GuardFox\il01emQCoRhiVbXxC9sgya34.exe

MD5 5a3879bc05ac84adba72258231d2dcb4
SHA1 7c0bd093a4c6b4c8ac1a4fc58f04ecdc7dd65557
SHA256 5a1f842d047d6013bef59f2cfc2293b3de2943dbae1d2606ce424dde0f007319
SHA512 20694d69ec816c9512e0095ff20943213714bc5efa8df9b5aaf04deae233137d191f3e838136fe7fcc98b35572979174a6d1f808f780409290f148ed6ec9c33f

C:\Users\Admin\Documents\GuardFox\20EskC9skFpVMVD5pyN0UqPk.exe

MD5 87b88dc7ca5d032966669d0db6854680
SHA1 2527207df16dc939cd3741e7fe07bf09f93732a6
SHA256 868b58d0cdda5740f7379da7400099fedc383bcf57884fb5b33d3de7ff7f9c43
SHA512 9f2d09f9d750f8ca980c9b310acc2e73da31f7a51ed293455a35fe62fb3c3295472e4b02c54644dafef218b3600824f8f91f6449c57a2a2365591d8c9e055356

C:\Users\Admin\Documents\GuardFox\ShfR5uWMSfPibF6_6XVB5baW.exe

MD5 c39bf28b3d1b3d414eb8e071617a10be
SHA1 fa8431aff87cbc52e627c734204975e4896f7273
SHA256 cbfa2c3642c2ab6d985b402b24d31c078e767a32a83fb0b3a1524fa20c8ad55f
SHA512 47146c941155fc9491debec3d2068519d223e1aa0c267c5e97921c3769af8e0073265df870c3a79fdb3f588325c209cb7e3b75ad3858fda43c920c1def0e7cce

C:\Users\Admin\Documents\GuardFox\KdS6aGKkq_aFxYsB75APfbTM.exe

MD5 711b2ebed9e1cb88acd06feebbc67845
SHA1 088bf27399fedd03e8c94dfc9ddf13efdf6b1d80
SHA256 52fda282e05cf2d1ee1d59fd4604e25d1cb7467706b9c5416c2f2b4ff1ffe575
SHA512 d7ed8dd6048945e93478e0d4748a5416d336e446f98d27ed30f148d426d778e37cfbe33d20795bb7efc47b3c58a4051f21b78a18b7d62edd93bffd0213d75903

C:\Users\Admin\Documents\GuardFox\2mPZ11CM7jr3ih4T7Yp7sDsO.exe

MD5 c62bbef3dba10a498bfa38a7b232ff7b
SHA1 332474aa1a489055985d5f3ac009627cd3e326bb
SHA256 2f4b1cf096faa101986546dd747fa9bb65efca3da25fba56315fdefcfd3206ba
SHA512 966081795e4a9a593499816c5d9683f88d642b4d4d68815667ebb5b9d2c27a4e43f9e874dc921ecb78d95842fb661f392657e4fd3b8c26b74f27f486dbcc5798

C:\Users\Admin\Documents\GuardFox\f4x20cNqfvSgqJkjt7Rlhr1I.exe

MD5 e0f0410287ae7e0efdc3c102fdb92291
SHA1 20d51c375c115a5d166d40ff6cd4aaf6509a8576
SHA256 d46dac756e67806fb44f9e9485ac646f2dc3121b91b059fc4035d7edd86e23f5
SHA512 326b68360c1880b40728a5c1ec6a94df237e835feca3ba9be736a57713f30817c5d6f6484625fc72c5d132ac9ae1f8e9e26370cb257afba37894c7aa0a0adc5b

C:\Users\Admin\Documents\GuardFox\rICul7qrTjhq3P5H7SzD79Yl.exe

MD5 28117b33a3dcd1d14b30e1d514991cbe
SHA1 f6f38cc2c2c879352eb3d9c9ebaaa55f784a3f6e
SHA256 d2fdfa2491cf2e0b6e2e6bab4452d02dd59fc2e5df563ab8884db08ea974efb2
SHA512 acc9f043491d24c2c51b63f0afe4a06da1f22e9b42cf26563f0ee4d68f70840db7dd1261f9974acfc0fb9284d2977d9a13aa7b3f1d36bf57e9becf15c3220aa0

C:\Users\Admin\Documents\GuardFox\ppbBb3WZSMtaPw4XUVFH_A9r.exe

MD5 75672038e13ed518c63ab276e780cf40
SHA1 7ab74250405ea8ccd2e280215f4beceaba755af2
SHA256 e0b51175a976834e6f820dc1abb76ee51209fa3f508ec0e7553e8466d600a2df
SHA512 91a670aaadcfe6ffc98faee79956ae7d32e00512b7be43054bf64d12bc03db641c26d80ddb9cb44f9b84d9c17568c03db5698eb9f14067a2c67a460fddb23b1a

C:\Users\Admin\Documents\GuardFox\iM6AdH2QsEURmdjixACa5aYZ.exe

MD5 6c4124dd135a4e9ca98748ef12ec0ad8
SHA1 587c26aa46f7d1e9d68f71ae009e672e17f91bef
SHA256 aae85ae0318de6d4b2b2cba9b1dc7f2c40840bb858366c66949bd3815df07156
SHA512 fcb74485b316e000d516432814c7e9195c1819754f950f64cfb603698f1b75aef82021bdb9fa88d2c9a4d3ea74ac63b2f40053405a65e049900b22764575da8b

C:\Users\Admin\Documents\GuardFox\Nuul_2bqLePUnMY7gnQMUs1r.exe

MD5 d8d62dd58d682b99bcf8ad31effa41e9
SHA1 8d9f481c1489a53324e61a5781528a6c03a9e84a
SHA256 3945a5f8271160575cb10edc7c5b8ea35ba48530ffa86a2927b58dff4b4eabad
SHA512 5f345794e6a056893b0d92b426e0ec033df6d44432a6fbcafbd1ca863aa623bf29148bae8e55b182bde9e8436b5f13dfeeb57407550b7f77b86268ae47f9eaa0

C:\Users\Admin\Documents\GuardFox\2mPZ11CM7jr3ih4T7Yp7sDsO.exe

MD5 f9a5667b2211b3ade344099f6da3b4d0
SHA1 c9b0d0276a24f547a1af04f4c9c9a9d489dc4308
SHA256 78fe571e84750841af71639c925b088024a167dccdef298ede421a4a9b8e0ee0
SHA512 fd0b676f274fe9054833b906a30dc82bfcc861e591eda90101abb28e19023ab7e821d00c19eda02e54d79226be99461c987e7ef88cc394b1235b53163af6cfcf

C:\Users\Admin\Documents\GuardFox\lyxs9JwTflh2IH2789Bp41eo.exe

MD5 e1a4de9e4a9f7ad459e0fc2a14b15241
SHA1 100400b16074f016e2d4b0741b4d6b09fc972964
SHA256 a9ff66f0d379a0df01eae00559091f92bb5e4a1072923f121e6f9db9ff718bc6
SHA512 065db0a8d7c6636342037beea39c8b6c6c85dd2c1ab04eed97d0c55748a3f24fe2cf56f2c7b6b6326f1b6d708a3e236f2133a0d6a17d3e1340e5212188f0a495

C:\Users\Admin\Documents\GuardFox\paZz3tUqu5NPvISLDXukwfPt.exe

MD5 c1cdfe75516de7f05fe095f5b311dbfa
SHA1 26e4ceb7ec558ba770a9b37c55f590fa31d1fdf8
SHA256 4f63ecf76533d3c4c786bc7a94ec67a39f46ff1d77c7034593f20af82a9b6701
SHA512 4f3fcddbf80d6a243265cbf6ae7d61b8b3d647b3227530042d3bc47c4af0d30d8e776e749749ae1a980e1ccee816ade5db892eea0a93ec39f6200dc2eff04895

C:\Users\Admin\Documents\GuardFox\z9AJkNjUvLHmoY85xUsaC8hB.exe

MD5 22eab389ed9cd7d49c20cad9d9f0495c
SHA1 dc0e12dd6ee9af6f6faf0303d47dab9fa22c4c8d
SHA256 dcd0d46bfc0127126dc7d0edc0a5819c3e01f12a8b0f38960176affa34ca545c
SHA512 88ac617258641467eacdec3c84e65a3503a38899a2d4b2298753781a07f4b755d357eba639727b20f66f473df595ae253c70dfe0e131f3269b4e437b723d4948

C:\Users\Admin\Documents\GuardFox\kVoT3aWjjkvdqSg1Gvm0ebxu.exe

MD5 595940a5f07e7b57b51013cc627f1d44
SHA1 231ff4f84291dc8adbafa949411fdc88475599c1
SHA256 ffc3e1ce68b8021975c14f424afa9e206e7c5a50508920bd563e05ebe3024e6e
SHA512 47126b75567e03c28ffbc143c2ed1bd07b3f748754f4dfe9e0f5c73ef2057d742eba3c07d9543cc65e65b3186d19c5ae42c843475188d7fdebd65f56a21b1af5

C:\Users\Admin\Documents\GuardFox\KdS6aGKkq_aFxYsB75APfbTM.exe

MD5 69fdef2aa7500e71a5503d9858dc7591
SHA1 78897b932f9ae02577f837487d4e7a90dab39c4a
SHA256 3a46fcd85d28364e3dd5ef55acb0e74c4e15d124220bb3ebfd3a339d18b7c1a3
SHA512 3f63f2b7855a8f106307fddbd57782bbb52a8c80a389c8514e0e72116683e5784bcc9430085abf3b20d44a5b4d402cc6179c3d7cced6728d935ab0c5398ac3e9

C:\Users\Admin\Documents\GuardFox\rICul7qrTjhq3P5H7SzD79Yl.exe

MD5 ad1d0aadd5bf9b668423eb9a216c6c70
SHA1 01eba4a790ae5c0f497ea5ad2903fc7369677a2f
SHA256 18905e85cbe081dc0c8845d1ed46900a0d47c548f5b70c2485c0a249914f657b
SHA512 224c9639b0f6da7e136c260d4068c71861f7f3368881c4f853d4af124d236dc65a62dc86ff5cd290730019214569b26ce8f092f70dbc6dc496f46ac77bce931f

memory/3540-707-0x0000000000400000-0x0000000000424000-memory.dmp

memory/5724-710-0x00007FF769740000-0x00007FF769796000-memory.dmp

memory/2732-718-0x0000000002C80000-0x0000000002D80000-memory.dmp

C:\Users\Admin\Documents\GuardFox\iM6AdH2QsEURmdjixACa5aYZ.exe

MD5 0eb42e2bbcfc7aed16064b6186bba261
SHA1 78ef629b1f4b8e2d65058f0eda867047c4fa98bf
SHA256 adddfc7444ac9fa12b652594e6d9a9441cdbde174a664ceafc64bd849a218795
SHA512 1e28092abdfbc2c5de7937c96500e9de9e7460cbd4e1a7993e11e52a63e8785d5b8421c69722e0e5b68e970d7dbb2e15cbc289ba2449d78ff5a66b68df95aa36

memory/2732-719-0x0000000002F50000-0x0000000002F6C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-VVTF2.tmp\4vJseCA75SLoZDxuhdqHOyj0.tmp

MD5 6dc3b01e6856f0fb75c7b0cbe0304fc7
SHA1 d0f3ff5ca81131fbeae9d1c9d98c9d37c5b31104
SHA256 e8eeeb98bcb5f3d48f9906ddcfcb1bdde71e1027304fb2f81748b7bf381ad519
SHA512 9ffae68da967c0575e4f4574feadf8e10d6429e7a4448063121256cdd0e78a0de0ab09fd867e0604d66a2e70608e3a2ff73c23e1963cc42b8473af4aa80e2133

C:\Users\Admin\Documents\GuardFox\paZz3tUqu5NPvISLDXukwfPt.exe

MD5 0cf983520b111d8a9ef758f58f87fcf1
SHA1 dc6071ed2fb1aefd6889ebc3a9db6c724c41a7a1
SHA256 e91e99e9816e30eabaea7c71b563a52ecdf236713b40d1c3db7d9e5dfb47e9ff
SHA512 5523c53291870f27b16efca8ac6e406c3b8bf5c8bc5764398ef6a5a7cab5c891e3d15eb331d29e90708abd08c695a55d0733d9426ea1961508948c6b96f39d5b

C:\Users\Admin\Documents\GuardFox\ewPp8snuQHfRbNYLQtRt5v2f.exe

MD5 f721a9f1eae99d0345ab7abbd63ebd03
SHA1 e77d349cd48082eef5ba145f17839450826f6245
SHA256 ad46ea1ce2d37926a85d905989118a2ef281d3b786b905ccf774ff4158eae044
SHA512 2b358caf6bb21a0a7427ceb9e7b1377a56e1c58cba14a0bcd34268d9b6aa206bd217ab5a2a80b9449b5086d23785c47885f57c29ee2b1b8372f40618b895cccf

C:\Users\Admin\Documents\GuardFox\ewPp8snuQHfRbNYLQtRt5v2f.exe

MD5 15d7e1930607b036db8d2afc6ac2b92d
SHA1 e4454d02431b54167b72a6c38b7677664921b97a
SHA256 599a61075bb380821fdff613cba715125f8d05a4ce41375864d136331cd9975e
SHA512 ad8cf6f7d1aed0fa56e3c3fafb5753088980fd8021c12fa54cbe2f0656e546daefaf9520de99331fc339787c67bdd99fd3ecff4e9a5bbca9ed76c6489e64ffe6

C:\Users\Admin\Documents\GuardFox\rICul7qrTjhq3P5H7SzD79Yl.exe

MD5 c69c33a502dbd2d92ae2f7ff550e5f3f
SHA1 274c852af618fcc7f7cc5fda08b07eb6e480d508
SHA256 28323466031009b8be0f3af6559958531c02eae90ab7c7bea671c14ff84ad82e
SHA512 3bbf0f84a79c71d7d93d3604d8856f9f52b51e06acec80b56956fd269b056fc86fe32276ee6296085a65e8b5e6ac29b2f2b0b1775d969bea75103ef23cdad6d6

C:\Users\Admin\Documents\GuardFox\rICul7qrTjhq3P5H7SzD79Yl.exe

MD5 1df809ee883863f7d0a63b94c8034b2c
SHA1 54cb3315613250f6db7c3b0c7a3bf0d11797d114
SHA256 804c93222a3c7f260a457c3f1ba66a20801a95eaaacba34771e2e680a309a722
SHA512 3d1400b7807726dcb1a0ab40c5a6846dd576153e29e92754222dc5bacffc09c8ad07cbe33fe02ae8dc9bd3533cea432bf56ca61e5c6591c1dd9e43caa4300466

C:\Users\Admin\Documents\GuardFox\paZz3tUqu5NPvISLDXukwfPt.exe

MD5 aae5235e828ef469d79f253f0b8a6a48
SHA1 238ff137c9dd1759a0b163350bda0e7b046a0efa
SHA256 4020c044f904170d8a1af04f10b2c1a5d05e9d26a620a3291a9fce6a4ce1f658
SHA512 2da03985159ec655af90cab2d931a48f792579b59ad33098c7994936e7c8935a9ea7d3dbe52091927ff26a4584c4cfbbff2526959c15226beb5bef1774a01412

C:\Users\Admin\Documents\GuardFox\50ALn4VmFCPh8ui6iwc4bQ4c.exe

MD5 fe122ec787db1e187894440309c6de09
SHA1 a581403889926eee6d8ac70c9b34f1a98b1c1616
SHA256 d71e9e7a7484b2231331161cd0bd755d651a1b1b8d6875eacd0b34e8e586cf01
SHA512 d4e8071c8ca68253d6f06d0fd18b8c8e44a20aca9b0fb155fdde2c9d78e414346b657169e6c6d9c240e86a57bebf4cc2d40bda4245b73b8cdf6d2014d8aab593

C:\Users\Admin\AppData\Local\Temp\lgU0.cpl

MD5 ff94695d665d7f412dd21f73ec694344
SHA1 53f2aa5dd39bb8990e2e1d0efdf0065b3437127c
SHA256 d520af71c55f195b27c7a286a05d628ed973336ee64dc31b4090b5cca7313f5c
SHA512 7fa65c23cb1a6f6670eb1af1a95a637a1b6cb1ea0596c327882103c79125b76922d680e7dd103023de28e30409b9aac14b5e1762eae857dbb701d4c9b5c46ed2

memory/5744-735-0x0000000005430000-0x0000000005680000-memory.dmp

memory/5744-746-0x0000000005680000-0x0000000005C26000-memory.dmp

memory/2732-749-0x0000000000400000-0x0000000002B13000-memory.dmp

memory/5732-747-0x0000000000400000-0x0000000000D40000-memory.dmp

memory/5744-748-0x00000000051E0000-0x000000000542E000-memory.dmp

memory/5732-745-0x0000000000F10000-0x0000000000F11000-memory.dmp

memory/3396-759-0x0000000002DB0000-0x0000000002EB0000-memory.dmp

memory/3396-791-0x0000000002D40000-0x0000000002D4B000-memory.dmp

memory/4644-951-0x00007FF634470000-0x00007FF634751000-memory.dmp

C:\Users\Admin\Documents\GuardFox\kVoT3aWjjkvdqSg1Gvm0ebxu.exe

MD5 e6522b56d9efaa91fdf624f9422552da
SHA1 e59f705dd58559cf2d1a06a743d3f59100730927
SHA256 962b35dcdd56c51bf88a857f9bff150a3db05ef3f199f1c6542b4fc52a62a7aa
SHA512 8442de83d1608e54afe18aae030ac705f1c413d8cc89fa5a6a36a7abe9f1d913381479f0ce16ff29190b1bd5b6dd26bbdc7d45107b000d056910faa8bf0c5917

C:\Users\Admin\Documents\GuardFox\ShfR5uWMSfPibF6_6XVB5baW.exe

MD5 0d684ccdf057b371a06780438de3d866
SHA1 09060e1515c2c72338c6bf4c0b94655e57c16f05
SHA256 e2047090a5e07f61154bad7a67b71876273cc3624b09e477690f4527ca10c156
SHA512 d12a68daffc313150840cbb3e1a1f13cbf74bb0493c16315c44f1088a58ad1e8bb934f0d9d0e15624bd6214448d1a507a2441e762e97d554010e58bdc753d6d5

C:\Users\Admin\Documents\GuardFox\ShfR5uWMSfPibF6_6XVB5baW.exe

MD5 a1654a1ca978984af56b08c40cc7e63f
SHA1 c434d410c37f51fcd2471514d7b3e5489bdf1aed
SHA256 f47fbe6a59d453757e0e48e12ac431c0fbe6b07284d91dc52977b48e4ce96195
SHA512 62740c347ecb36e730e6f2aaaa838866678ba8cb8643b66abc62c49c8bb5c3c1d2aa3a379ffdb1ab0b5b0669926bd6606c9b50eed11663ea8d2c428b80010630

C:\Users\Admin\Documents\GuardFox\z9AJkNjUvLHmoY85xUsaC8hB.exe

MD5 27de0b8b6413370cdfeccb9b8dfd8228
SHA1 a43849f25b9c8de7597ea313ddb9f1fed72235dc
SHA256 a9a0c514b0378e5cd9a919f08019cfea620b9d3ce78a47b8d97f378c01815805
SHA512 4087264341637419d46376896456f5bd8e819dcedbf67cfb2f9043347e6a27adb8cb8ff259ceeadd733a63e441cec65194dc6b9b013a32a474c9a2dcd5352fc0

C:\Users\Admin\Documents\GuardFox\z9AJkNjUvLHmoY85xUsaC8hB.exe

MD5 291288b0f914350c6150fb61db95217f
SHA1 1b9c11cb90db39f1cc60c80303bc9b8984e56d68
SHA256 dcb1f444f5c5457562c65872d53af6db90e67cc1551f6af7aa9720b062d56e57
SHA512 8fb3475010fe4d46d82db472fd4d75ac33ca7afaaf89a7c5c1dd585afe52ed5d478ca3097d45a44e54aa3c7d1e0a43a98a94ba5d2d53c9e2219d3c6e072c3077

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

MD5 cdbbf548d912e3cbff42116f72a0bf1a
SHA1 34f125d4cbc85af3d23b99cbcd759d9d7e360cb0
SHA256 5b326fd3b174378a59220dfe6bfd0edadce42afc0812e92d5cff7ca14ec63962
SHA512 4b3d1b980949942af17c7890f1793a638a411f1fd93f59d46e80bea3821fb323c1ca939ca8b23506fbd56a7a099615cc4bc7be8efb95ed5ea4abf093aa08f251

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

MD5 60fe01df86be2e5331b0cdbe86165686
SHA1 2a79f9713c3f192862ff80508062e64e8e0b29bd
SHA256 c08ccbc876cd5a7cdfa9670f9637da57f6a1282198a9bc71fc7d7247a6e5b7a8
SHA512 ef9f9a4dedcbfe339f4f3d07fb614645596c6f2b15608bdccdad492578b735f7cb075bdaa07178c764582ee345857ec4665f90342694e6a60786bb3d9b3a3d23

C:\Users\Admin\AppData\Local\UUID Code Generator\uuidcodegenerator.exe

MD5 4fe8cc64297c514a024ec4bf8999c398
SHA1 d708ef056383814c407e536c030e0510331ee427
SHA256 c5364ed03e7b8484a05f410b277b60a6b8c28b919060876af76afe25289cc6ba
SHA512 68db30137c84556156e6592a1a9d4717129e02a86015226cb2346acb225dc305ff7f1ea74eba676c1474b7321c50c9f255a3d4dc49e0197914cb30fba8accf3e

C:\Users\Admin\AppData\Local\Temp\is-IRERT.tmp\_isetup\_iscrypt.dll

MD5 a69559718ab506675e907fe49deb71e9
SHA1 bc8f404ffdb1960b50c12ff9413c893b56f2e36f
SHA256 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc
SHA512 e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

C:\Users\Admin\AppData\Local\Temp\is-VVTF2.tmp\4vJseCA75SLoZDxuhdqHOyj0.tmp

MD5 a2843590e25c04cbb17b10b47567f7fa
SHA1 00dd03c80f7269f269ecd3834ec770e69966ad6e
SHA256 8bcf0b4f9a21c560771131b593e6feb50ec12dbe9056ae5ffed539fbe4f2bd40
SHA512 66ccace1e48c9453acb6b623195a73a21e28b4fb7ff11cfb5575d7537cb42ec6d62b81effb5a6fc4d8c04d39ba90d7c2002569f54dd1fff4e1c195621e7f5fad

C:\Users\Admin\Documents\GuardFox\Nuul_2bqLePUnMY7gnQMUs1r.exe

MD5 e586c3add3db5b6bb5e0bdc20652cf64
SHA1 73588e25f540793ce6eef843ae0c59d9419b5d57
SHA256 2827b0efebaef0fcbabf1531a7e05b799ada7d2d896191e182e2d67d52e42bf2
SHA512 9bcb2bed594092e1fe30bfc0e1f9d387c20d91e1b95749572846b209d4836738f84d614769aa0cbb03233cf2edc1c61d2270c68375cf1333c05008ecaae4a133

C:\Users\Admin\Documents\GuardFox\HCQM9H_C1yyySyKv8SyS0YVO.exe

MD5 93d27211879f8ce50b4588e879104213
SHA1 66606a241408031dbc8c74082d189b6cae21ca1e
SHA256 7ee0979e735adccd1f4a0abf6869b368dff67d0b1638c6176eeb42a309c82cdd
SHA512 cf125b91cea7cef618b2b54b84fe7c66ea9e75cba71bfce5e45a262064824f64c8e8a4d7a8831cde7130fef95043560b5f11ca0e798ad4d92fd3973710b7f9c2

C:\Users\Admin\Documents\GuardFox\HCQM9H_C1yyySyKv8SyS0YVO.exe

MD5 85e6dffb97298cc4c64dec8751f088a0
SHA1 4733311ffa6f618bd5e6d02cfd7e59a36c86648d
SHA256 1a8188745c43d511efee9603d150c5fbf1899eadb3315e56dfe56fe70919776a
SHA512 bcbecee04f6c78f9dd976e94ecec49a55398699b7bb2cf97a803ef3f17b642272895268969383c0eff71dd05c709fca75971d17392348346bcd6bb0b050da85d

C:\Users\Admin\Documents\GuardFox\50ALn4VmFCPh8ui6iwc4bQ4c.exe

MD5 edcfd3004c0b3f3db0714db156507eeb
SHA1 788e7edd2d267606f1c2e1e9666d2582cf6da60e
SHA256 a272874ca6f8d25afae0a2387fcf88eb88aa370c2a19030fee6b7e85a5b75c15
SHA512 f13730a97d1bf84ed0a5c99ac1a43d125e091f769bb03669f19325b313b6d796f34279daadf1312c1e3f1af17a99a3cdef641e2157d815ca9542c801d201afc1

C:\Users\Admin\Documents\GuardFox\4vJseCA75SLoZDxuhdqHOyj0.exe

MD5 5e4050f4d3a16005b6b61dbca7b8b8f1
SHA1 95d6c7f9bb26bc81a94f3ac2bbf6a0d98bd59d22
SHA256 051b9954dc1497d14cb051de3b43971bfc398ca3db8f608768575c00a1af316b
SHA512 90c638e2ddb925a26743470e172a6a9ef6f63748fc57c8d1adbcd87afe45763cf8aa74adccc144974ae5c96a4e27c1ef1aac469454fe000d929fcaffed6c273d

C:\Users\Admin\Documents\GuardFox\4vJseCA75SLoZDxuhdqHOyj0.exe

MD5 66f366028d01a7c592c8089d41d90bda
SHA1 1f60f64714bd96e354b5578dfeca259895f1c69c
SHA256 a6fabad4691e9eec4d8a68a3fc086c072c85d186338df15518b73a3211351313
SHA512 fe55019664468125e45916377bfaa8b200b18046d7f456d4f40dd0308bf9a1cd06fcc662e45509492be0a0a17a640590caeb9b5ecccbb037f598a26a080d6399

C:\Users\Admin\Documents\GuardFox\OOCTptGsu2UHu9IoFXc8pGno.exe

MD5 90aaf67f662bf15d70dca06555c99fb2
SHA1 663cb7e04bd9728724911b2168c0fb84258413cf
SHA256 5ecb8786ea6109f9fafcdceae598d0ea4567f4dd8d62d5ca862b149862790109
SHA512 046602b61d4209d8a94b1b26608edc672e31efb3edbe414b79dce448f09e63149786bd9165ca26e04ee790d73624508a09916ac9d520c2f3ac2c803ae56870cd

C:\Users\Admin\Documents\GuardFox\20EskC9skFpVMVD5pyN0UqPk.exe

MD5 029253a595c7192f405e5ae3b0c0310d
SHA1 8185810aa79306a783b91aabe3526352a6a9d37d
SHA256 38b6aac0c4693e0d2be923b0ca8fcfa75128294bcc50b590448db53aaa4688d7
SHA512 1ee7bc1b3748af33e005ee5128cf512efab3d267fc1c5ece7be009a92200518efa6477125a83329191fbdd05149b099f463125106904cb0c1939be376ab928a3

C:\Users\Admin\Documents\GuardFox\2mPZ11CM7jr3ih4T7Yp7sDsO.exe

MD5 fa166f699821228775c92536ae512755
SHA1 1ff141bea5bf41018fb50fb3d81edbbe427a0677
SHA256 b79659f0172ce50efd42c454c6cb1cb8ea69cd08d65cab5564855aa2b3089784
SHA512 13262e2da12c942f22f358a6dc92fcacd9d2fe5e6dc1020a8ae176916346ba4c8073a1601cd5b91ff9c035acbe7105c89dcfec67dddfa108e131af0a20bbaa77

C:\Users\Admin\Documents\GuardFox\KdS6aGKkq_aFxYsB75APfbTM.exe

MD5 dbbf14c5e8e9f194446ab08d8ae7a1c2
SHA1 5cb6520d09ed31bb06f2f62ca193a01fb4be1e00
SHA256 f023616aae6204516db27d42df55fb2888626d47f052f88f8a56394db51db0a4
SHA512 ec972533993a4486cc2c378e0699d03fb59cef3c58dede3dce4e78f4eec78c023028b1ab34d569a035cce4a37710b82a29f30d2cc81d19d35a4b44ccc96ea763

C:\Users\Admin\Documents\GuardFox\ppbBb3WZSMtaPw4XUVFH_A9r.exe

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\Documents\GuardFox\20EskC9skFpVMVD5pyN0UqPk.exe

MD5 7b0e302b0d84fb77766a4230525cbfdc
SHA1 ceca09475247bcfbf59ee9298208d8aa1e988370
SHA256 cc5ac34410e81e048a58d8b293816d5144a5137b4e7011111780746f664bb643
SHA512 3752d5d0539de2c96b7915fc22411d2c5c7dd320f6af30f64500a4056f74072020bc6be32157c3fca9616f02c78c3c7d0d609f0fe8cc378658bd5d0fa7e50600

C:\Users\Admin\Documents\GuardFox\ppbBb3WZSMtaPw4XUVFH_A9r.exe

MD5 33e380589476b1b13d358475c26a06fa
SHA1 be1f2288d3331a5869d966c9a2eee06f29c30fc7
SHA256 59f711b4d8de03ea6adf6a0ea6161b3fd123944b0debe1ab615f7669c01951b7
SHA512 6fd2474ebf356da7e04bf0c85862061935022b584a15cf5fcecc6777024965ceba5f75bdb470cc7d29978207ebd5ab6f2740cfdaa7016d8271e95434429c0821

C:\Users\Admin\Documents\GuardFox\KdS6aGKkq_aFxYsB75APfbTM.exe

MD5 ca93df3a6a4e756fbc06d95b19807878
SHA1 e16137960f87d5431ad2ad1df858fc95d46f306b
SHA256 ed034e9647d971615f988f1e06bbfc71d2813874355c37f44dc4873ea20e5ed8
SHA512 22c2d9b4b5056e30fa3e0311c891b8a0d79108d2e0b85d97df9b4dac0a059537b063c514a6543a7fc32b2ff2c677b82577c079fd9924cf9a017f87e745e0adf7

C:\Users\Admin\Documents\GuardFox\20EskC9skFpVMVD5pyN0UqPk.exe

MD5 57a25d42ab1f15997178d9efb63a113f
SHA1 b0c388f9b5ab0ec96cce3a0d8e17aa72a43b1946
SHA256 7737b9dcbe2c028cd1ae9fae66910f0e1ccfb7322f634b440463f084cf140ed2
SHA512 2c9e64c1f73ee5bfaf6c1fc7d96586c11e48762ddaecacacb9b68be430d993195666d3d41430de9c44a843566359694579fb50ac4d4e932210de0cb0ca299537

memory/772-953-0x0000000000FC0000-0x0000000001018000-memory.dmp

C:\Users\Admin\Documents\GuardFox\lyxs9JwTflh2IH2789Bp41eo.exe

MD5 e072366d74a21fd059aa1e7ce41e7212
SHA1 8df389cb1de5ee17a29403dccf5da85ddd50993d
SHA256 e3abff5553cb716be29b0ae2f21506c22c7f5aab7b66bb377e3ab4d1a701f960
SHA512 82e42aeb84940745a9d9f45f6b0906369b3f96bf6b19b264cc851e9d2ae3552541ff28dc6c943d3c85d3ff858b71e164a6684ea5d1935a7f9595b93457a1b96c

C:\Users\Admin\Documents\GuardFox\kVoT3aWjjkvdqSg1Gvm0ebxu.exe

MD5 5a2e7f89ff64a2e874505719cdc87222
SHA1 94a78ca2155c5b904cb5bf8b083ded86963dd032
SHA256 2287d7d17d83278262a1c3315afe62baeaac7370b247b12b83532ca60d329443
SHA512 e2e1264b66f385990eef8f0b6b164ee0b42f7c3431a83f416c121405d6d511784acfd00bdec1a0aef711329e3214b1e6a3d115b18841963ed711d1d1acfd0718

memory/4616-957-0x0000000000400000-0x0000000000760000-memory.dmp

C:\Users\Admin\AppData\Local\UUID Code Generator\uuidcodegenerator.exe

MD5 7a9b4f712046f92b028d3687e9b8d240
SHA1 a5522209bc7191e370410491c1b4ec5b8c257f19
SHA256 84f3f3443e79b19134dd64e582de54a6788464306df67fd265bac26c4553ec44
SHA512 fd8d75455e89984f9476106323295db24b427bd1c0bdf9593be66520eb8b82fb233f933463b62db12a4d7d369929a60a1f3aa814a046290e2d8f72dbfa738327

C:\Users\Admin\Documents\GuardFox\lyxs9JwTflh2IH2789Bp41eo.exe

MD5 cef08c09c3ce75346231d14986128bac
SHA1 c5224692889302a5dbdf45cc32725e4f8f940dae
SHA256 432099f8e3e04cd54353165b554f24946896932c409f1cdd020f79a0d06865b3
SHA512 dfbd49a7d0acbdfe6b297145d9befffb7c2b3550c59816cb2aa7136438bd091728bd94c366682f92a1711a4dcdaaa922f62e48b90777658fb13b16eb2bb5f2dc

memory/4616-970-0x0000000000400000-0x0000000000760000-memory.dmp

memory/772-973-0x0000000005960000-0x0000000005972000-memory.dmp

memory/772-969-0x0000000006090000-0x00000000066A8000-memory.dmp

C:\Users\Admin\Documents\GuardFox\UlGn_TApIIJsr4mr9tsRv03p.exe

MD5 e5af6234a4abc51f580ee9f2cec4902b
SHA1 b19aa73ee60c812ff2038aea923974b3d0f9beae
SHA256 5a291dc1ac659ea10e33e9c00f2c6d527d7863c62eeba783beccd070bd93bb22
SHA512 6ea51799eac077c23b6b3a493c8f0fdc0b3fdea3e708714a7beb4547303c90ce9d42b4b77bdc6939817bef16f00627c85a825b917b5996c1edf122345074b7af

C:\Users\Admin\Documents\GuardFox\UlGn_TApIIJsr4mr9tsRv03p.exe

MD5 2574ca37b06fbcd1050f0040e1544b2c
SHA1 a8b270a5aa26ad50b2a54568d59c6720a94b7a48
SHA256 4ec2b3df962ff4bac7f018b28479d18f80f1128d9b9b5aba5b8cc69ab1ca4f10
SHA512 049539f2781ee069a2c6dffe127a7f03ad5cc3fcc5647133776b40bc0aef85052b584f7679c63608da9e504515524c145c3b7b8027365e922cfc9062ab46731d

memory/1844-968-0x0000000002710000-0x000000000277E000-memory.dmp

C:\ProgramData\IPTV Channel Browser 6.6\IPTV Channel Browser 6.6.exe

MD5 a653937795193db3bee7ced7b58677f1
SHA1 d321f822507b32865d4f00f04eb7a880f1666845
SHA256 63ca1c9bc29e1f571cf4f0aae027e008f0077409c797732bc47351ffc7eb1b74
SHA512 7d7f8a73e649fd83895393dd31c62494c23b2f23471f4d0d2ce374e352776f19568232e921a2b42138d4326d343fbae3fb2e48d0b7410a6f0510cbe5b341d577

memory/1844-978-0x0000000002910000-0x000000000297C000-memory.dmp

memory/772-977-0x0000000005B80000-0x0000000005C8A000-memory.dmp

memory/3692-975-0x0000000000400000-0x0000000000830000-memory.dmp

memory/772-985-0x0000000005A70000-0x0000000005ABC000-memory.dmp

memory/772-980-0x00000000059C0000-0x00000000059FC000-memory.dmp

memory/3400-976-0x0000000005B50000-0x0000000005BEC000-memory.dmp

memory/3400-972-0x0000000000CD0000-0x00000000011A2000-memory.dmp

memory/1844-986-0x0000000002910000-0x0000000002977000-memory.dmp

memory/5140-995-0x0000000002D40000-0x0000000002D4B000-memory.dmp

memory/5236-993-0x0000000000400000-0x0000000000537000-memory.dmp

C:\Users\Admin\Documents\GuardFox\UlGn_TApIIJsr4mr9tsRv03p.exe

MD5 6a3750f6fd250f137ee782e78d2d50a6
SHA1 8d55870a9c42853a8189cb8f9f648447d0b21e63
SHA256 f5465b1702af36168bfeaa23f09505fe471d2e2cc65bb325bd7514896ef35fce
SHA512 2af7aea02d7dac9cf16014830c685515adc22ceacdcff6aa60314e973ace6f9044bbed269013f3a1322f0d1b81526ff712a5dfb470d8f64316aa5f453e37f300

C:\Users\Admin\AppData\Local\UUID Code Generator\uuidcodegenerator.exe

MD5 61d6811882cf7c14dd0d3dd2411444bd
SHA1 e202764c2b0d74e5a97bb542e395c1744270cd79
SHA256 3174fe7b188c4e298c6efc9a153f2b8b60707a7c6e7df87d4353fb204c654fca
SHA512 84023b36a7606c067bc861b39f983bd849c60169363a0d0c01d0d1860a5fbc21aefa182dd5b21c7573ebc95737bbda085ecaba63b3f92a05597260843755e33d

memory/3396-982-0x0000000000400000-0x0000000002B13000-memory.dmp

memory/5236-988-0x0000000000400000-0x0000000000537000-memory.dmp

memory/2940-987-0x0000000000390000-0x0000000000B66000-memory.dmp

memory/1844-981-0x0000000002910000-0x0000000002977000-memory.dmp

memory/5236-1003-0x0000000000400000-0x0000000000537000-memory.dmp

memory/2836-1001-0x00007FFFDDF30000-0x00007FFFDDF32000-memory.dmp

memory/3044-997-0x0000000000BC2000-0x0000000000C54000-memory.dmp

memory/1844-996-0x0000000002910000-0x0000000002977000-memory.dmp

memory/2940-999-0x0000000005650000-0x00000000056E2000-memory.dmp

memory/3044-1002-0x0000000002550000-0x000000000266B000-memory.dmp

memory/1844-1005-0x0000000002910000-0x0000000002977000-memory.dmp

memory/3356-1010-0x0000000002470000-0x0000000002486000-memory.dmp

memory/3692-998-0x0000000000400000-0x0000000000830000-memory.dmp

memory/5744-1011-0x0000000072710000-0x0000000072EC1000-memory.dmp

memory/1844-1016-0x0000000002910000-0x0000000002977000-memory.dmp

memory/2940-1014-0x0000000005610000-0x000000000561A000-memory.dmp

memory/2836-1006-0x0000000140000000-0x0000000140876000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\lgU0.cpl

MD5 69aa389c073c6651f6517dd327b6d3cd
SHA1 f50f16913a4e5d0d9ded5ce558cc3041d872db10
SHA256 7577b2c01e2e335166cf45173ec14c05dc1089dc00640675f9ac0d3e7e50a8f8
SHA512 373b7749d3222b9c06094c06c12739d66f4b40ec3d7cb7e72f5fb7e46cee29e8f9461daa5b4299f899c6220167607c028dcc1902d0d5ebccc90572b005a2548d

C:\Users\Admin\AppData\Local\Temp\LgU0.CPl

MD5 c7e9fec85df8fddd5c72a7044a205d68
SHA1 c96b8a4f88e046646cb805e92c7dee5aff1d925a
SHA256 afca643522f565b635ba274764fa3fd79037011acad003505cc3d4a02e2bbfef
SHA512 c3c91892c037911940eae4de505955d1a296f8ad4cbfdc2eb8f0496a0df186c69eadb02cc42fcaca9c8c55a882a8bbaa3acc5939ddbff842e8d9d540f1a3c1d4

memory/5396-1027-0x0000000010000000-0x000000001028B000-memory.dmp

memory/5396-1031-0x0000000000C50000-0x0000000000C56000-memory.dmp

memory/1136-1038-0x0000000000F50000-0x0000000000F51000-memory.dmp

memory/1844-1035-0x0000000002910000-0x0000000002977000-memory.dmp

memory/5732-1043-0x0000000000400000-0x0000000000D40000-memory.dmp

memory/1136-1041-0x0000000000F60000-0x00000000018A7000-memory.dmp

memory/3396-1022-0x0000000000400000-0x0000000002B13000-memory.dmp

memory/5140-1030-0x0000000002E23000-0x0000000002E39000-memory.dmp

memory/3988-1021-0x0000000000100000-0x00000000010B3000-memory.dmp

memory/5140-1025-0x0000000000400000-0x0000000002B13000-memory.dmp

memory/1844-1024-0x0000000002910000-0x0000000002977000-memory.dmp

C:\Windows\System32\GroupPolicy\gpt.ini

MD5 7cc972a3480ca0a4792dc3379a763572
SHA1 f72eb4124d24f06678052706c542340422307317
SHA256 02ad5d151250848f2cc4b650a351505aa58ac13c50da207cc06295c123ddf5e5
SHA512 ff5f320356e59eaf8f2b7c5a2668541252221be2d9701006fcc64ce802e66eeaf6ecf316d925258eb12ee5b8b7df4f8da075e9524badc0024b55fae639d075b7

C:\Windows\System32\GroupPolicy\Machine\Registry.pol

MD5 cdfd60e717a44c2349b553e011958b85
SHA1 431136102a6fb52a00e416964d4c27089155f73b
SHA256 0ee08da4da3e4133e1809099fc646468e7156644c9a772f704b80e338015211f
SHA512 dfea0d0b3779059e64088ea9a13cd6b076d76c64db99fa82e6612386cae5cda94a790318207470045ef51f0a410b400726ba28cb6ecb6972f081c532e558d6a8

memory/4232-1057-0x00007FF756F30000-0x00007FF757C03000-memory.dmp

memory/772-1054-0x0000000005D00000-0x0000000005D66000-memory.dmp

memory/1844-1059-0x0000000002910000-0x0000000002977000-memory.dmp

memory/6020-1058-0x00000000021C0000-0x00000000021C1000-memory.dmp

memory/1844-1044-0x0000000002910000-0x0000000002977000-memory.dmp

memory/1844-1066-0x0000000002910000-0x0000000002977000-memory.dmp

memory/5732-1062-0x0000000000FB0000-0x0000000000FF0000-memory.dmp

memory/3692-1063-0x0000000000400000-0x0000000000830000-memory.dmp

memory/5732-1067-0x0000000000FB0000-0x0000000000FF0000-memory.dmp

memory/5732-1070-0x0000000000FB0000-0x0000000000FF0000-memory.dmp

memory/1844-1072-0x0000000002910000-0x0000000002977000-memory.dmp

memory/772-1079-0x0000000072710000-0x0000000072EC1000-memory.dmp

memory/3988-1102-0x0000000000100000-0x00000000010B3000-memory.dmp

memory/2940-1109-0x0000000000390000-0x0000000000B66000-memory.dmp

memory/772-1111-0x0000000005A60000-0x0000000005A70000-memory.dmp

memory/3400-1117-0x0000000072710000-0x0000000072EC1000-memory.dmp

memory/5236-1120-0x0000000000400000-0x0000000000537000-memory.dmp

C:\Users\Admin\Documents\GuardFox\2mPZ11CM7jr3ih4T7Yp7sDsO.exe

MD5 56b9c3ab8bc7eb5290e1834ce3bcc2ab
SHA1 f340e4fc1d0fa793dc28bd05b7137e1004206687
SHA256 4b56bb830020d94d6be10fdbb8565744915ac810074c884b617ca122d0be7a64
SHA512 7786fa28b8ad5a3a9b888e0044d0962b73186beeb4d20dfefa9567f59e3db446d63229d92123a1a5b79c25a31cb8a7f3ebe0a8fec167d73a7420a0e110e0c713

memory/2940-1122-0x0000000075060000-0x0000000075150000-memory.dmp

memory/2940-1125-0x0000000075060000-0x0000000075150000-memory.dmp

memory/2940-1130-0x0000000075060000-0x0000000075150000-memory.dmp

memory/2940-1140-0x0000000077256000-0x0000000077258000-memory.dmp

memory/1844-1148-0x0000000002790000-0x00000000027A0000-memory.dmp

memory/1844-1145-0x0000000072710000-0x0000000072EC1000-memory.dmp

memory/1844-1152-0x0000000002790000-0x00000000027A0000-memory.dmp

memory/1844-1149-0x0000000002790000-0x00000000027A0000-memory.dmp

memory/1844-1154-0x0000000002790000-0x00000000027A0000-memory.dmp

memory/4852-1155-0x0000000000400000-0x0000000000454000-memory.dmp

memory/1380-1156-0x0000000000400000-0x0000000000760000-memory.dmp

memory/772-1168-0x00000000069F0000-0x0000000006A66000-memory.dmp

memory/5768-1169-0x00000000009D0000-0x0000000000EB3000-memory.dmp

memory/1844-1170-0x0000000072710000-0x0000000072EC1000-memory.dmp

memory/3692-1189-0x0000000000400000-0x0000000000830000-memory.dmp

memory/772-1188-0x0000000006920000-0x000000000693E000-memory.dmp

memory/5732-1190-0x0000000000FB0000-0x0000000000FF0000-memory.dmp

C:\Windows\System32\GroupPolicy\GPT.INI

MD5 93b3886bce89b59632cb37c0590af8a6
SHA1 04d3201fe6f36dc29947c0ca13cd3d8d2d6f5137
SHA256 851dd2bb0f555afaef368f1f761154da17360aeea4c01b72e43bf83264762c9f
SHA512 fc7baef346b827c3a1338819baa01af63d2d4c31f3f7e17b6f6b72adab70de81872a67e8f3c1a28453abb595dbac01819a9bcff0710e9651a45deaf2f89e65fb

memory/2836-1198-0x0000000140000000-0x0000000140876000-memory.dmp

memory/772-1206-0x0000000007720000-0x0000000007770000-memory.dmp

C:\Users\Admin\Documents\GuardFox\o7Hwfo_uogy9uqCn1IMWTstq.exe

MD5 ee91a677bce1906e77f3d3b09c3d89a4
SHA1 f2a9b02d328bcccaf03f94e4e8c2af706bb3e2d9
SHA256 baafe12d9d5efb3ef2cc4256a7f74530cd7e34563d9a72deae19a9efb9568b0e
SHA512 5e7e6495167b802da4d0dabe3e0a329448d10ce57ebc9e25b407d743ddb98b8c17456473051b2ae165d00a805657bed8ac0157bc5d0df2ca43ef91158d57becc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A65DBECD82A40019E873CE4ED0A79570

MD5 14b3811fed3ba8375ffb48102fc12b1a
SHA1 1d6731f1bfcc3ac823ffc6b0c5a3dd373bc27d3c
SHA256 87fc51ee998a2356912c6fd35c358c583fba20c326b464faceedb80bb7d8d1fe
SHA512 f667c5a82b61e629c99329c72b40ef6debd0b83c716c3fb221e083c138114b6e44aa36e0d84ed165df6cffe6d8b9e2eacced3af4c36bb42618519e8b127e64bd

C:\Users\Admin\AppData\Local\Temp\msvcp_win\UniversalInstaller.exe

MD5 08263128e1a98bfc408497c8544d2024
SHA1 0d1a63c1cc7ec2a0d0c56beaf3c91fc2fb814c44
SHA256 db44169c7e41cba614005b72223b9367444bcc31b45154d8ca802b685a83ea65
SHA512 3d2639b7bbba7e2b7617a0d0eb6823a1e6e5c4a58513301fe8790a7ca3c9e55dce5a7888087d89cc33479b68705205506c5793ae55705de7330c8a7be4353723

C:\Users\Admin\AppData\Local\Temp\msvcp_win\UniversalInstaller.exe

MD5 85b1b1e4979316ed0609ee37f2e18a33
SHA1 463e30f0e0c33c0779609bb459a7e75da79cc977
SHA256 30c0ff5f19a361a397f37b53917be051f71acb458b6f47e5cddf825da18d2bef
SHA512 353c26cf38051669ac8bb1a1a8c9b20123f1a943c589e9447bec26d840b2fd5f2f7280941f2d6a12f42503db61c72149a65d22b70f89a21f1c3befcbc0a7c66b

C:\Users\Admin\Documents\GuardFox\BjJaTGtrHogbqluj1BYuNU0W.exe

MD5 38d02ac11a1e8c3c54bf69ff4b13ea3a
SHA1 b7f0dd19c8a0b1fa4ea2a87562e97cf936df075c
SHA256 3de266ecb9b19a9dbdc9d087881c731cadef635c4050633be5391669666ffadd
SHA512 d3e0b1adfe4da769ac5ec4bedb1f6686e03d887189d9412be9b8b82af841b2fe00b9cd0c9d1573c244a46c910c18cd772f3d7a611d6e0441af1ff6956964e88c

C:\Users\Admin\AppData\Local\Temp\msvcp_win\grille.eps

MD5 3b6a0b14dc8831e3b426cec742e90059
SHA1 75ef923554485165a5cee04910e550164e15c51c
SHA256 ed0a03950e1e3857fcc0623d57b7d5c3694762e1b999f8be0568bafb90209c3a
SHA512 f10bd3afb2dfb2b682f299579c58c0418835faa1e06ab352fd6621f9187b8a05a138434a67bcfce752d6dd96832a33013b3dc6a4a1260983b77ecb4914e41eb8

C:\Users\Admin\AppData\Local\Temp\msvcp_win\sanitarium.ai

MD5 96721351f220aed042557c1325f17282
SHA1 3d1eda7f35741518a55e40c706c1522203398f00
SHA256 62a10a10de426364b5e4bfaeee31eedf650fe829cca04f5b8f6990070ff00eb5
SHA512 bbaf3d313fb3576e4983d5265e343199580d5a87170302217a20f9889023a3174f60bfbb82070331f6cfaa4b4deab58a2ebf961514a6467eb18507ffee653f07

C:\Users\Admin\AppData\Local\Temp\msvcp_win\relay.dll

MD5 79447c236b8ff05c49b7bda01ae7594b
SHA1 445440f96276799c4d2daf9ab9ac8bec39b46c01
SHA256 a5f040efc976e85a1203bc67b805cba64ee2a0a1219e739955df5dd25424d3c5
SHA512 9f3f4cb846246c0a2f8b00cb7523d714a2d8e958aac8ba1b1b4e2111762357a86bcde379cf1c567823cd88f81ddba41117ef0ada463a6603ccb97128db263365

C:\Users\Admin\AppData\Local\Temp\msvcp_win\relay.dll

MD5 987baafee84056fa3ce397fa61336161
SHA1 692ce604d40304d9f9ad2af67dce9c6c9ba2d3ff
SHA256 e6e6eb86a2d42604c43f75d95f5c4143a1b6214d23041d6b8366fbf7de521688
SHA512 60394ec67a860caeefac36af727cb77d4975846db786781faa8398d2110d85a0b30b59422314ef9c5bd68af212d3d0f0d5f48240df0661cedeaccc4f8f4d3040

C:\Users\Admin\AppData\Local\Temp\jobA3_UBhXU4Hq3rac\information.txt

MD5 cc7b8cf6462d410411ffc391cd08b4c9
SHA1 9f5c8e6a97236d0df552516e399296e45ad1e611
SHA256 722c13381806863e4598c16a8cd78b6ec97e7540da5ce82ceabe92c36ed81ef1
SHA512 bdd3518e842d528e10a456e60906f5a1cfb7d54e9a2d494dcd136ce054f145f9855326eb40c8ded5cae86eaba0c6af6bbf3a31d68124a8afc2b48fc4d6d7bdcd

C:\Users\Admin\Documents\GuardFox\o7Hwfo_uogy9uqCn1IMWTstq.exe

MD5 0300e763dafa74b52b47431af779ec8a
SHA1 4b288e0340606109eefbab6d014dcc3f2a0d7873
SHA256 06fd42da0d009b56e769dfb1334c03a9ab6de97d3088f7a2de7a29634625cd36
SHA512 4afeca8e643ed390ee280ef6910d3049653738af8126ed4bf9b8bd8ee49442bc492ed2bfb0fe9d98b3484da53b778ba5d3a60585bd622c91635456b3963530a3

C:\Users\Admin\AppData\Local\Temp\msvcp_win\UIxMarketPlugin.dll

MD5 e9b2feb2e79ed2237744112e8c382743
SHA1 4874e5b5402f1631a1b6cb771db857594b0f9ec2
SHA256 de371f3e5184090b8e07f444250cc0a4af47ed8d2edc3fb35c1a66e07ff86287
SHA512 525218bdc5e88c68a471e19a736e6cb17a20d5d5d029400f1cd2ac436bbf71d173300615884c6c2ed3aade29f4e9672be6fdb80bfcd71ec629cf85b24bdd909b

C:\Users\Admin\Documents\GuardFox\o7Hwfo_uogy9uqCn1IMWTstq.exe

MD5 b7d086085f5a6e794509fd9d0b0d2d3e
SHA1 b9ea69c2a8c101d597bf890fceb7b42877b54f64
SHA256 fd842667975e9af606e43ac37ac3ecf81880a7dd631b71150e39d0b1e95fa6e5
SHA512 b8ae4a6845ef032220fcbab585914ba6e5c48d4555187cdc937eb0db99ed09a71b757476e61e8083a308b6597d626a25db6d7f7919fed38309a24564b6b6b5cc

C:\Users\Admin\Documents\GuardFox\qemu-ga.exe

MD5 a5ce3aba68bdb438e98b1d0c70a3d95c
SHA1 013f5aa9057bf0b3c0c24824de9d075434501354
SHA256 9b860be98a046ea97a7f67b006e0b1bc9ab7731dd2a0f3a9fd3d710f6c43278a
SHA512 7446f1256873b51a59b9d2d3498cef5a41dbce55864c2a5fb8cb7d25f7d6e6d8ea249d551a45b75d99b1ad0d6fb4b5e4544e5ca77bcd627717d6598b5f566a79

C:\Users\Admin\AppData\Local\Temp\jobA4_UBhXU4Hq3rac\zEIocmEFVxls8YWBR8HT.exe

MD5 1b6fcd3aacbce730397668781ccd2649
SHA1 456a750a0e09496227f23930f544c7ac2da8a5fb
SHA256 3cd08f29881c8e4b57020c2c69391326c64da99c06dd26eb6f6398a2b30a9fe4
SHA512 266fec63d40a8e300bfcf54b87460295b3e0a923df204c834e46c139fe8ad6e5f63614bb5c961b8a87b3d8349d6e09e0752ff627ffca259e8d05d21f8f6b7684

C:\Users\Admin\AppData\Local\Temp\jobA4_UBhXU4Hq3rac\r2rj3k2FerFWMH392m53.exe

MD5 48f02d958dbdab7506b65acd2715523e
SHA1 6947f918dd43fe589360c2fabc61517d16153220
SHA256 f19dab28652d8a21b7c71088d198325e247394f3e303b014b5e914dcfe68ae3a
SHA512 e9a7f17790b71bb1e7d1a56a61abbb99874515250e9cd5351d0b001e6787fe7bde6869da833d1788d8e0d0cd9331395b9dc27be458a44b95ff19e182f5fced24

C:\ProgramData\mozglue.dll

MD5 c8fd9be83bc728cc04beffafc2907fe9
SHA1 95ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256 ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512 fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

C:\ProgramData\JJECAAEHCFIEBGCBGHIEGCFIII

MD5 6ae0898779e77a7e4390188d02dff82f
SHA1 a4e556091602872fd0018043280879576e07af7d
SHA256 a8316558538cbe5b7df469ab452466ec2e250d934893bb29326d5f3331a6caa9
SHA512 aca6c621b068c275feec7ea3ab509af1bd820ec41eb096120cd8bfbab085c70e991cd483538136e392dbac44d7c4b1e54c0d4aaf25d87c98e6befc8a555b82bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 05ed8d7350c6abddb2413582af13b728
SHA1 98b3e6793352038355ee54fc58828e5ca1cf0f77
SHA256 878b0ffac96b1428cb415ab15b289258dcf9fc175ac2571622e4dc1219f32c01
SHA512 b80bf631b56588daf08570c05aac9a67cee414403149c223a005a7dd9c81b5e8d4c6f175815106f039d47c1bfef875ecbf65efba106d5107b137f2aabe446058

C:\Users\Admin\AppData\Local\Temp\jobA4_UBhXU4Hq3rac\zVqgBQCPxPPq3RMThYrc.exe

MD5 483d444563f8e59e40a64332e51bfbb4
SHA1 c104f3f580daa5ff4030d491b44ce8a396ac0cef
SHA256 7cbc4ebb3e4f63e7b8e3e2666586bab9b593eb440f8d38fe6db8cde352039a8b
SHA512 953f09a0f0a5a1f755f01d18fbf1a61c0d86b7565a76f317190f0e85ac2fe098db42a26acffb4bc7efe1f3a7650726f123f19a8d4547ccedd3c582057a4d6669

C:\Users\Admin\AppData\Local\Temp\1000119001\FirstZ.exe

MD5 416c86010c09fe4b9a27d9254e211a1f
SHA1 ba372d9ad6715848c1cf7692ff1236c212f847ae
SHA256 22085ff3e536acded0f65127d10233a67a17452b49ce05b30d9e50b77d415ff5
SHA512 d26696d353be55d254e2efbf0d8741c9df967c2c42cc4d44b518205685d295747524ffc8ebd9dc46d99965bda6e5d48e209b90c62576398d34694e0ad67130ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 960c40e9c0cc34f524036f14e7cdf9e0
SHA1 3605c6064f05c5d9780dfd3769de3802f50cc234
SHA256 8195b223758485f96a3ef00c50acd98e9b273789e39f29f69bfe40d9e62ed903
SHA512 ea20218ba998ac114890c908ed27c778728fa194bc9b90ff338adf1379e7f1a549c08c28dcd9d66b9b102c7e4db050b1ea22479eac394a3860403c2e696b70be

C:\Users\Admin\AppData\Local\Temp\jobA4_UBhXU4Hq3rac\CwjKmD00H2J83qh3IOKL.exe

MD5 9d340e9b13e5c50d7f301a0acf4fc932
SHA1 e06d466b10976a0e6e12c6060487f6a0327bc2c9
SHA256 c12be66608fdd3133b509d42c1f07a0ed9791a1cc633e57934c0e1f71e32b98a
SHA512 97824b9c09764993f43f952359e0f7e7e846cbf007e5cfce1434289cd62a95da686e2ed15a0fadc9eed201ca82cdd0b8a1b03c6c47a22d43b6018609076227f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 22400295adfc32269f5a6f036147b814
SHA1 3bb13033e3bafb850bdfd61e7dc4dc9392d6fde9
SHA256 4812ace08ca49425cfac8835fc3a360b27d94888e849a80eae81b1eeb86d756d
SHA512 3bd73584bb2c5ba1594315f5bb081c23ed347074266f79b55b8b974544d591ad18d23b1d501e40cff45b09b999f011236361b686c6eeebf73aa10fc6c958e5e3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ceoajhiemdnnjfbilpkblfjghmmbhbda\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 4b7494680df11efffc8662aec63183ce
SHA1 ee00f16ef26a5288a9e98d62f7a2e7450ed65c71
SHA256 8f2945b1c5877b2f41fe24da66f6e7f47ac62b47a4c46c99046bb1413cfdc82a
SHA512 baa47d45ddefbf7a34213860938c902f466ebb04a69e2f520f0aff752a5d8779b70dd650244ebbdb9d08edbc5ee2f10a832d8c72a887eb4d0d2421c190883387

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 acb122398fa01d5720bda427bdf6780e
SHA1 b31101f4bdd366539e3428d8ccda5af4882d3578
SHA256 e4b355275d1f5207d93ad32323e0679a4e488eabcd7f06b68f640f1f4e37bd1d
SHA512 090bd7a06f656a491480eff82133cd52f51eea37b785c6843117e1f5bb89448f6caceb5a659291342f55a3ba45660d71ceb85eff8dee85919817aab88531a74a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dfdc06f87ccee228a118ce2ba5c6048d
SHA1 59276b97a8b9133c96c0327f942ba56e5cc5cafe
SHA256 0d0e1f6c477a6531399455ee391ff376c4760da823adf72200584fa4792e41bd
SHA512 951439f72b15c2c8dcef9b3b014e09231b42df2d7ddcdc6f787183d7e526e0724695b5b331239150f0449503c1ddba24814ba9aa76724e9d5d8e40ae7de03c53

C:\Users\Admin\AppData\Local\Temp\220B.exe

MD5 57de32de8a936f8bd9d64598b311f673
SHA1 3a0a39804bafd1eb8a4d4644ff82fccdbfe45e8c
SHA256 de40e85794fe6f654a9efcef8880620159b8754d36b702bdc7b80a55ff1b98b1
SHA512 44097b8d928a0e4add90ed43365f4d6547f5fe615106d42bd3c63f4ccca76bcfda5f5d5173a95c9387ac62d49fa58670877e888a1b38bab63ce0f99bf0e50def

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 86442225c71dcd4c40366e14e656ee7d
SHA1 8751863cb2997a0762c7c17fbf66b039ad98acd2
SHA256 231b17af75d1d97c25e2d04c69b7a8d514a212987e3d3a9866b254a843845a1e
SHA512 f2adf96bf77ecd5a69dbf9449692782eca11b737645d9c7b574752489cca0041f80fc7564be91e3995c04184c92c66512b040b4c746c1f321fabbe4107d3aee0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 c12e7598bd631110ace2438b7b44dd30
SHA1 d634c7b4f45500fdf85a31207af6162c167fe42c
SHA256 d67a67a843b392190a5a9dc407a039ba46b1998697fe4b281366bee1291e1212
SHA512 61d355eaeeeb74d69b738dd96121e3983dce5628f8c5cfd3ece95046ab910142ccda956e5e38a8a7e3d42a53af6a3199c697aa997ffc6bedf6e371d5b60c7fa4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5823cf.TMP

MD5 eafa2205e1650fa196804b95b4aee628
SHA1 ea15cdb89065514230ca986157e48712505fb4c3
SHA256 738c66a0e3837f1ccd9a9d160fdb14a3df12d1e810a47d2ac1a242df6e19043b
SHA512 1caf74b7c9eab4318c4fd986eb807f403f12ce3f479471d316f97d798d96b528456884732a99823903a7fa4c4234627ed4a9ed10a9145d0a4e6890d5533e3f84

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 b9b02d92e33d11af62fdf3675c6dcbc4
SHA1 21cf3a6e98b17b655ca6de5888d1402e8cf54499
SHA256 dc078d0ca1a9392e42502551ef01e4a28d86455d8fceeeab5076e9f651c696f6
SHA512 013070d10126212011d2bf729fce86c5563a3b4ec148aaf02fd9e0941b499ddcb9202fffb2298ad0e94cc0ca5d409d1d4db2c39756cbb67a38ebaef04c4ba755

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d8d81be423330430b33c725495867c49
SHA1 a1ea62a94ac139f83d8d41a448aa95a779a4cfc2
SHA256 c7def612cd8662417b47a00b498d99b091415b41818507d24cac9a6c7b801d1a
SHA512 1d999eda45fa5ea9efab33284c8f38a233825a9250019ed919897e7d0fd43b51277c719b23bc116d4fbcb8ad240596681241f668e10dad851565d30f77307cef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 3ac5af97b175ce98a7505e7041b56813
SHA1 842c6585f724d54dfdbac73e6399ef9779fffe1e
SHA256 0c71165e29e64e6ef720a51ffe19bd3f4f2fda61dd8dd563c1a081659e917786
SHA512 89db0d0ddbf02149aad3e14d96b565ea72ff0117c2ee8cb710e1ba698a0c40502e55a9066cb693b8df3e7f35749456ced5b1d8f6512f898c7458142f10995e93

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 165f90d989545a7a9393ba4a391f1a6e
SHA1 5e8b463aee655d7c586495e01a7f0fc385194c60
SHA256 00e675e45e82ae879af5b1dd47c2cf13deee932ff4a0bc60f7360e3e935cb665
SHA512 e5a23e9cffb43df3482ec5cbd2e5d5bdcfa416ecf22100ccb0ffc63a1c4c0fc6592b7c80a134a5c56c94a4755bc5cc07066c5260758daf7fa5059e9a215d2043

C:\Users\Admin\AppData\Local\Temp\jobA4_UBhXU4Hq3rac\4z35P7v_AVVEPgRJajWj.exe

MD5 1c0a3620164e45e25c22b4e08a9ffcae
SHA1 36cbbf824ddb92ed31fab48f6b33d7ba1c2d79da
SHA256 8a855d82975f9cf433f158c634f270f2c68ca5fb38771f30591ec7dd2bb9b1ab
SHA512 556df5903a1811870037c15bf380aae8c684e089b5d99e7cf4317e9036d39894fed9de3d1305d1cf45b04e19a69c83cdb3b995efd56f260c53db148472ca424f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 54144944b7819b38f8aa64c8fa386146
SHA1 5dbd48908971b3fc43046cee3f355fe023886c23
SHA256 c5bf2223ab46044a524f973b5e3954522a6c1b6670a49e073cb9c24f721ac37c
SHA512 5f07c6950e2c3c0b87364233f300f0d9f76685739015c5d82c08ef63ce9a15dc1a8008b551d18cd34190edc54be9942829fb0aa374305844f1f7e31bffd0e5cf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 767a825fad627dbedbd3aea5b5cff624
SHA1 2dc97c8fd55e7482e8c53120f48d7a386ef53c40
SHA256 5e1dc74096c7872e568f89c655d39a294e8255a2eea0d3eba537b099716e8b47
SHA512 75cfb7d947ecd39dd35bd28bede49785a9c3e9c27776d36dc97609fab6a5a372383856ee43d7240f35a82fa7746ebe36186d7ce7b4f48dd767bb9a1be9a25f84

C:\ProgramData\Are.docx

MD5 a33e5b189842c5867f46566bdbf7a095
SHA1 e1c06359f6a76da90d19e8fd95e79c832edb3196
SHA256 5abf8e3d1f78de7b09d7f6fb87f9e80e60caacf13ef3c1289665653dacd7c454
SHA512 f2ad3812ec9b915e9618539b0f103f2e9acaad25fbbacd84941c954ce070af231324e83a4621e951c1dbae8d40d50410954e40dd52bbd46e34c54b0d1957407b

C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus

MD5 b8041b468ad3056dcf6c740fe805d9f0
SHA1 c70b54a89213fe140eb9b52c7daddc25ce2492f3
SHA256 60d23017670eb4ffa48b569a0702c008019fc348f1ec0cf6dd62931f7d5cc94b
SHA512 a9633a5b9b5e3373b2820279c5ea0b3d780a3b50257415f6d555d316b3fe537ddf20f641dafb5a22082ceefc56b5a6da07adafbee1e9e01eed0fa5a42b422757

C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll

MD5 1b7c22a214949975556626d7217e9a39
SHA1 d01c97e2944166ed23e47e4a62ff471ab8fa031f
SHA256 340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87
SHA512 ba64847cf1d4157d50abe4f4a1e5c1996fe387c5808e2f758c7fb3213bfefe1f3712d343f0c30a16819749840954654a70611d2250fd0f7b032429db7afd2cc5

C:\Users\Admin\AppData\Local\Temp\1000544001\Zjqkz.exe

MD5 1247721f0be971fe6ddeb65918c70924
SHA1 96b08d516c989053251f5e540b8b242bc42fb382
SHA256 0c65ce6a5fb8aa91586993c4ce168f9993325cfc8935931ed78ef2563100dd59
SHA512 1cc1fca379a7e5dd786582e4a0f7cc016fe56fb05dc13664c9eee662ad9b206f56e324d59d7e159757e93cc1583d8e5e52aae2f688a2ffee7d4f2a442c39f7c0

C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new

MD5 3b18ec6ba7e5c51d91009114abac57b4
SHA1 26e46f54f3c2826405b9ae484ec2a76913d617c5
SHA256 cb686be79c5d4311c8d0cfa64fcd608486e269a0a989f8827e8419f52512f84f
SHA512 01e476b21f3a4b260cbc60e1a687b0ed220324e33f8af134c7b44c4805c49d02b4a5af8a8b24b22c16ac9eb04c1464ce97f360b00a0308da8dfe77dfe248e3e8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 2a6abd1bcd8e28ffb795d63a9b0410f3
SHA1 d448fd96d9a3fa34482bfaff7fdc6fee2ede6c56
SHA256 0c1e03e512a1ceac87c7df93cf4a97a3605f9a17a56f72f042bca944a20b3eb5
SHA512 a61b8c634913961eb1dbbe174caa08a7a34d665de6b26726d3c94da72c035848c88ae020007b1d11097b845dd7930802a78dc74c5687bbbcfad3650761d56db5

C:\Users\Admin\AppData\Local\Temp\1000545001\gold1234.exe

MD5 ba8f16745f0978b309e5190a967eefac
SHA1 b5a17b029a282962d679e0759df3919d41465cea
SHA256 6cd09e95b6ca042355ed6d3b8155cad7932341647f2a05ea5e24ca45f948f165
SHA512 c28bfd570e0af08fba2f4be4762175fc78aa6b347f701efc878cee0733bc3c4134bfd98cce701b63193825e2b98306ba1a056558c3f7eb2555852d6cd3ebfd7d

C:\Users\Admin\AppData\Local\Temp\1000546001\rdx1122.exe

MD5 4e1b305bb5c06e4006b2ffccb13e2fd0
SHA1 e5b84999b266d30469e4062066eeb448f275196d
SHA256 fe758008c62d06f8ff152df059c0e428ca5dd06b9679b50b57970125b00bcd8c
SHA512 41ca97290b74c6520a13e574cc7b4eef7b4592a9b1ea68752ad1fd32f68d37c67a194bd25754fab9e12c0b991896ab85077bd5d2c016b42b04946ec7d651be72

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e1808d6b-c1ff-4e09-9518-bb37e64422ab.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Temp\1000548001\flesh.exe

MD5 1d3518c5792cb53a80ff4a5385c42b26
SHA1 c6f0d3cde76d8c9831d4c2373fcdfa7b42a39a76
SHA256 80f81151a850b62e975551a37442e085df7bd22d601799e369da6484db33d17e
SHA512 2416c3d0f80b30fd05db2e87395efaecb7cc787a6aabd9ddc639feed4a611e567a531ed0815c48f66011afe93ffbb2a2c71aaa790526dd93e7e1a35ffdd7478c

C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll

MD5 13d0884c9089d2118f3aeaa368a2c135
SHA1 68052e28c79ceda019076eb28601696da430cca0
SHA256 e2fad8befcd09cbd6acd298e9ac424bb7fe2fe6715fc9f9daaac3031921752ef
SHA512 2ecb2d96d66b87d5315ecc7b01148b6332658dc177306e021a4d8c81410f39c4d166ef56b1fef7532bd27bb162ce91ee6a70647dc36215a11eb0e08dd939441f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b2cf01ae8545b70829face79f0a08a7a
SHA1 ea360d62f83ed56aaf88dde233c900ad309d68cc
SHA256 6328c8b322e34d9e93562da1c8a67fa670bc8d8ea98c333ecda0ae0c2c659595
SHA512 4b6e99691a3985e42aab451a652ea148f3a5fb0656500e72428cd54940c4560d62503b67f2aa7a2b6aa1589ac960738d023d9bd94853575c841ed9b4959d1f9d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 142a40e36d81ac03526a332a4104ff68
SHA1 c674823fe3a008ac3dcc25e4c2f29568b5295061
SHA256 2d1f7a22f9baf8fdec2e58111caa3673cac40947313f20a358624c82b4a4243b
SHA512 c6e34aaf9bbe761a03f783e6e75896b96960eab4b7eec753481f4ff7c304625d27b141b99fca0ef242845181043d135b61e4214d9a47538a4798e115f22f7888

C:\Users\Admin\AppData\Local\Temp\is-TTJOA.tmp\_isetup\_shfoldr.dll

MD5 92dc6ef532fbb4a5c3201469a5b5eb63
SHA1 3e89ff837147c16b4e41c30d6c796374e0b8e62c
SHA256 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
SHA512 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

C:\Users\Admin\AppData\Local\AAC Audio Converter\lang\is-REDGR.tmp

MD5 54ffd881611a92540e4c85e2759278c9
SHA1 ef0c1ec4f6efe6abdf9a23f1adcd88c4ec5b4348
SHA256 d075cbfb1b43dadcdac8cf572c18689134e59319fbe425e82c7bb7c4e7d5948c
SHA512 d9f77cacb264d080e12e765cba3e1cc69a19c186526bbcb25d093e0a83b4b4b8beef37a4acf2e803a08eb76c77d4a97a21fea74475d6d9d16a63f2137ab6253b

C:\Users\Admin\AppData\Local\Temp\1000552001\store.exe

MD5 c2a6e980dd05d40952c50d279f25ac55
SHA1 e600f30d00dba9a89dcc62b87d4748b0f81deed6
SHA256 1626d38408644924407ec6f9a561329fa5ce7ed4faedac498bd5b9afc9bca68c
SHA512 5e0e69a91948006699710aca5087eac479281ad6e37442367374a8a89b0553de68254bbcb13c7da123f80d91d33e957e59e538b0e94713ac32d555d91dc1a1f6

C:\Users\Admin\AppData\Local\AAC Audio Converter\lang\is-SS6VP.tmp

MD5 8f920115a9ac5904787bc4578f161a52
SHA1 941332d718cf5161881ca903b2fb125124cac68b
SHA256 f8b63fa29af4c7cff131bf14fbdaac8e6b6945444e0f13e57417fea4a3de1a6b
SHA512 b8521748d276de667e2013c697005adc45e405fee9a9970b80427cb47ba829e2f9e31fdae2bafc54cca5aeaa4c371f4d25e1ea34989eea19e732fd129abfa1c2

C:\Users\Admin\AppData\Local\AAC Audio Converter\lang\is-7IL9Q.tmp

MD5 613ccb3ab7bc5304da08120a11bb34f2
SHA1 9e1231dc2ddc6deb2a66d494c45f0dfcf04b1d97
SHA256 565efa1b0407d221b1e6bc44811f529f98fe4d9ffb6e756b56b9525acb87ce28
SHA512 d27efae6748105c343abcdc8777d2c5065bc342569af2fd3bee92544a01ad4caefe359adf69fa56bae1fbc87f86575b797c20d821a42869d0b34ab1004b0138a

C:\ProgramData\TVTunerClassic65\TVTunerClassic65.exe

MD5 8ef5aac43edb85e8990c0a84b17b9b6c
SHA1 199d87cf69abc4692fd8cbbd4ae2e662703e15c5
SHA256 32f97002d2d8f2a33775d393362ed1f7aad563f0a01c6630f8e14db6abdcd85b
SHA512 2af61b049b0ce22859aa8bdb8e029a9f195d707feb01a019a89fb8887c27d26e1c60e167caab4cbc19d00a8471ecf4834a3dcd3a631790d1aea47dea1da42f2d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 bafe6366226250a0ccf3d7560ecac195
SHA1 8a281a911f34e5b9c39c1cd3c313a1f68b162f60
SHA256 ce7f9c7ca8cdb6cfff3e740722c40eaac1db01db9813a132ff7cca7602c0156f
SHA512 be4e585d2ae01ed377158232a9fbbcf1a924664b6752720fb879ddf2762b32431db06fbcae13964dd135813a4fab0164fe86ac122571f59dc001e52803739e7a

C:\Users\Admin\AppData\Local\Temp\jobA4HiH9XL7koobFu\KvHrxJ77cmUgLogin Data

MD5 14ccc9293153deacbb9a20ee8f6ff1b7
SHA1 46b4d7b004ff4f1f40ad9f107fe7c7e3abc9a9f3
SHA256 3195ce0f7aa2eae2b21c447f264e2bd4e1dc5208353ac72d964a750de9a83511
SHA512 916f2178be05dc329461d2739271972238b22052b5935883da31e6c98d2697bd2435c9f6a2d1fcafb4811a1d867c761055532669aac2ea1a3a78c346cdeba765

C:\Users\Admin\AppData\Local\Temp\jobA4HiH9XL7koobFu\02zdBXl47cvzHistory

MD5 90a1d4b55edf36fa8b4cc6974ed7d4c4
SHA1 aba1b8d0e05421e7df5982899f626211c3c4b5c1
SHA256 7cf3e9e8619904e72ea6608cc43e9b6c9f8aa2af02476f60c2b3daf33075981c
SHA512 ea0838be754e1258c230111900c5937d2b0788f90bbf7c5f82b2ceda7868e50afb86c301f313267eaa912778da45755560b5434885521bf915967a7863922ae2

C:\Users\Admin\AppData\Local\Temp\jobA4HiH9XL7koobFu\pSE1jchbiT9aHistory

MD5 1fb36bd354356f9731b0219760ca337a
SHA1 ac47129fd0b634458e50d2783c4911b283abb8b0
SHA256 06097eaf077d4e753e6e3b87366b0b52a76ad4b82614d35fe3c31378c0e689e9
SHA512 6e4f8b5a1b3bcdd0c2dcf6816e42344494102e5cd952c79252c78b6a8238ec21b9b9a74b556b16066793bf3959b8d748fed5268e38230fbbbe9157b6b624bc18

C:\Users\Admin\AppData\Local\Temp\jobA4HiH9XL7koobFu\02zdBXl47cvzcookies.sqlite

MD5 91709bcc95bc37391af9de7d4f65caec
SHA1 ec061060b5030c2bef258e40dfab170828e7a855
SHA256 988ca1b3cfa46b92b802bee4112bee79261bd128f6c5f65a007b6a30c6a14598
SHA512 b3ab4fb9853e70efae2f0821ac525ceb7bfccdb0707a650c53adf17f3751f807961da02e63ee87c4ce5bba92705ced1eaa65ecb6729d33f9852b4dc5f2235780

C:\Users\Admin\AppData\Local\Temp\jobA3HiH9XL7koobFu\passwords.txt

MD5 b3e9d0e1b8207aa74cb8812baaf52eae
SHA1 a2dce0fb6b0bbc955a1e72ef3d87cadcc6e3cc6b
SHA256 4993311fc913771acb526bb5ef73682eda69cd31ac14d25502e7bda578ffa37c
SHA512 b17adf4aa80cadc581a09c72800da22f62e5fb32953123f2c513d2e88753c430cc996e82aae7190c8cb3340fcf2d9e0d759d99d909d2461369275fbe5c68c27a

C:\Users\Admin\AppData\Local\Temp\jobA3HiH9XL7koobFu\information.txt

MD5 a75a3b39f5640a4a75ed494b2d50470e
SHA1 79d55f4afb9a5ef1435aa17e06124a46b60590bb
SHA256 1c99cead29efa6a7bbffba969f4eb01cfc03184f0ba720c075632a97d00bbe27
SHA512 ab272a1ad60fed4f7c001ce76ba282a64d5d2aaae3a72375c5c5c5f8e7825ec487d7567b18c88c1f4d3fa48d33ed944297bcc9f7d9384ea24b607d228a326b1e

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_hewdxvy3.zpe.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 b4276f86391ed7fc64b2cda7372e91c8
SHA1 5c4f2ec4c4ac1e0420debbd95fdfa5ff8ae5054e
SHA256 329e8daf9ef543676b49e244524322957dadbec570998d0d0ab25f525f3a0790
SHA512 feae9f61d93ea6370939d2de0d046a2710126ed60837e2a5da0ac37866ebe8e6f25b86275c0e0085d6c0d3ce0a095e442c36241695993d3a1f352425cdfe212f

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 edd4b4214f9464f023e9b169b7d9b9cd
SHA1 6c167fdf664a4bd521ebb5b469f9987950397aa0
SHA256 03d3bb515b4cdd11af8bc7948bcd3da3a192f6709c7829cde008158a2ec0a389
SHA512 7263c6548236bf295ca073cfe5fbff015428550c6ad7aff50a2872f4f0e016cb2492db5d7ef39380e2e5a9768a653698f75a8766c7ba503dd887aa92cefcac72

C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe

MD5 ff0b16216c0ff0710110c736e2822c4c
SHA1 baef5a1e888dbb1e11c61bd912eb3ec82ca97a14
SHA256 7e7f06e9926d3a253df8581811ed1314f89f4ef4545ad68dde2b16028334b689
SHA512 629f5db550511a40b6cafa3afa0ad5df969e2a6181fffa82d17a42149c4392d387bcf7d4ff5feb36cc923741c3aa4d1a6d895ffda0dc1ab1aa99f838b072aa98

C:\Users\Admin\AppData\Local\Temp\1000556001\latestrocki.exe

MD5 0ee79d0283f4b6d229f672f794e1cd85
SHA1 50ae0034034f52772449e21772d3fd810b9ae5d8
SHA256 03bc98eb8bc8c8c646235c2e82c5a63c624dedd6a8ae8a036e205422f9226cf7
SHA512 2622f976bd1425859dc20cfc517bf08d20ea97f743aed09e0b77ae528ff32e1e925be2147038278efacd2eca29c6401c2e24ca0af35ebf215c400aa75f5949d2

C:\Users\Admin\AppData\Local\Temp\tmpC69A.tmp

MD5 e48629377861dac78b4b282522023b5e
SHA1 3eecf49d6179ef3b7c8f39b400056bb67b129f9d
SHA256 d8bc33e38c79490fe245ceaaadd337003ab71bf60cbdc5ee63aa88077baff0b4
SHA512 5ba1c4d80b9974c1e4a7a1c06bc16fb5de4fca8ed1819e6706eb2429df9c378bf8647f052810c629adfbf798faf69aae3903d14ccb2f3c7e9a69f728e9ad94e4

C:\Users\Admin\AppData\Local\Temp\1000560001\kskskfsf.exe

MD5 8abff4445705723ed13db1674687301d
SHA1 bee91c456db83bd639731496b3377e4ac4e80d2a
SHA256 1faf7ffb5a96db244bd7482208ffe5a8edd4f7b9111ee1b0272759c319cfd4aa
SHA512 5db55b458c759d13483980a193163d0c1d56ba63afb03acedc5fc72b98b381e240a448c57b2bfa20b31bf389a69cbb6ca4c5db4c041f4f974fdfbc0041bca925

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\nsoC1C6.tmp\INetC.dll

MD5 c7ae096c02849c7eeb07623b18de8a59
SHA1 9f57c75aa9f96121413a793d356d876a09f564ca
SHA256 711ce1b5b08d30470c7cb844d2dd9345ffb6c2add9392f56a86e8c515ba89ed0
SHA512 2a070a13ed45b3cc289f8174eb313d244daf10c1ae36c837f305b450bf2f1b839850eed70f672bb94c75117fe232341b01a868824e42d4d01ddd754fa9b5670c

C:\Users\Admin\AppData\Local\Temp\InstallSetup7.exe

MD5 38c4f7802f73faa6c967fb06c58f3702
SHA1 1fb8b9bacf0fd0981714e8559c115ad4f5584ebf
SHA256 ab540e776e7ec418e7f1bcb5fe6a5e232212abf8cef3a92c6ef3f2ecb45d20d8
SHA512 5e7cb0ed64b5679d34432160c1b0cfa119cd314f18fd89b5a0442fcb24c885b2b76be820fc184e365d34764aac831464bb445717438559337faa65a08c71ff83

C:\Users\Admin\AppData\Local\Temp\toolspub1.exe

MD5 b785e437077961aec871d6c2565402bc
SHA1 dbda886c318c6ab6dd45163e3ea8a99bb5d3b8a8
SHA256 86802cc1a5f1a878764c2b60e1b2bb51ccf604b052c3fd6cc5e5a0bcebfb3b31
SHA512 5141ff70aa9f274cdc5be41caa41f161a6223797eb6b7bd768ce58f60317f6d6f7ac6c15ab4184734c8e4a1760c1d42e8cbea77c38e1b2d61cabaa62d29135c9

C:\Users\Admin\AppData\Local\Temp\F59E91F8

MD5 5cac70fbe2fc9869397bf1989e592841
SHA1 cc522bec3c1772269465799d35268630248e801b
SHA256 17e571023337ad513deb4d436c17573b6ab3c9ebf2a3e30425c3f5fa9a638806
SHA512 f56d8d7a996401404b850b6503960ea17d68fe56acbc06de8fa9c39b20dd7f01d24837283f459655ac4efb3da10a8864623cbb041ca9ad81bc9afd1ecf9b5fb9

C:\Users\Admin\AppData\Local\Temp\1000569001\leg221.exe

MD5 d177caf6762f5eb7e63e33d19c854089
SHA1 f25cf817e3272302c2b319cedf075cb69e8c1670
SHA256 4296e28124f0def71c811d4b21284c5d4e1a068484db03aeae56f536c89976c0
SHA512 9d0e67e35dac6ad8222e7c391f75dee4e28f69c29714905b36a63cf5c067d31840aaf30e79cfc7b56187dc9817a870652113655bec465c1995d2a49aa276de25

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

MD5 beab8c9da5ff33308ba859fd13539a10
SHA1 54fc9607d4e9ab712634804cbff392816e251526
SHA256 67479f7f98563941052ee641c77f5f45bea85d114bbe5d2954ce45c792509e81
SHA512 253eaf17038d1e97b0442a11e892aeb6b435748c8bd40c838bbba09b7609f4146e5385e80910e37d82adb93ff32c1a2b21b938bde1203f47fedc6206db0d14f3