Analysis Overview
SHA256
b729041a35d234ebe4f05e2d8cd5c0e591a4a114ee3f8f5375b4a5e2eade869b
Threat Level: Known bad
The file setup.exe was found to be: Known bad.
Malicious Activity Summary
ZGRat
Djvu Ransomware
RedLine
SmokeLoader
RisePro
Stealc
Detect ZGRat V1
RedLine payload
Amadey
Detected Djvu ransomware
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Creates new service(s)
Stops running service(s)
Downloads MZ/PE file
.NET Reactor proctector
Modifies file permissions
Checks computer location settings
Reads user/profile data of web browsers
Checks BIOS information in registry
Themida packer
Looks up external IP address via web service
Checks whether UAC is enabled
NSIS Integrity Check function
AutoIT Executable
Drops file in System32 directory
Suspicious use of NtSetInformationThreadHideFromDebugger
Launches sc.exe
Program crash
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Creates scheduled task(s)
Kills process with taskkill
Delays execution with timeout.exe
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-01-25 12:51
Signatures
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-01-25 12:51
Reported
2024-01-25 12:54
Platform
win10v2004-20231215-en
Max time kernel
5s
Max time network
150s
Command Line
Signatures
Amadey
Detect ZGRat V1
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detected Djvu ransomware
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Djvu Ransomware
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
RisePro
SmokeLoader
Stealc
ZGRat
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
Creates new service(s)
Downloads MZ/PE file
Stops running service(s)
.NET Reactor proctector
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Reads user/profile data of web browsers
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | api.myip.com | N/A | N/A |
| N/A | api.myip.com | N/A | N/A |
| N/A | api.2ip.ua | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | api.2ip.ua | N/A | N/A |
| N/A | api.myip.com | N/A | N/A |
NSIS Integrity Check function
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\GroupPolicy | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy\gpt.ini | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| File created | C:\Windows\System32\GroupPolicy\Machine\Registry.pol | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy\GPT.INI | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
Program crash
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\setup.exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
C:\Users\Admin\Documents\GuardFox\V1aQ4WgGmYDw4WTokypwxW0O.exe
"C:\Users\Admin\Documents\GuardFox\V1aQ4WgGmYDw4WTokypwxW0O.exe"
C:\Users\Admin\Documents\GuardFox\ebAxaGaWrmPTFikPMf2BNIV0.exe
"C:\Users\Admin\Documents\GuardFox\ebAxaGaWrmPTFikPMf2BNIV0.exe"
C:\Users\Admin\Documents\GuardFox\X_EnyONBjNVniUxjdzzaCDJx.exe
"C:\Users\Admin\Documents\GuardFox\X_EnyONBjNVniUxjdzzaCDJx.exe"
C:\Users\Admin\Documents\GuardFox\XXOA9F19qkaFn8XhoZKAzo0p.exe
"C:\Users\Admin\Documents\GuardFox\XXOA9F19qkaFn8XhoZKAzo0p.exe"
C:\Users\Admin\Documents\GuardFox\5il1F6kCyub7JoMkSaPcMygv.exe
"C:\Users\Admin\Documents\GuardFox\5il1F6kCyub7JoMkSaPcMygv.exe"
C:\Users\Admin\Documents\GuardFox\9BJtdwBE6uYtiYT3Askmjm_H.exe
"C:\Users\Admin\Documents\GuardFox\9BJtdwBE6uYtiYT3Askmjm_H.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 6168 -ip 6168
C:\Users\Admin\Documents\GuardFox\EAjZobOuZpxn1lFyXQAYd0GT.exe
"C:\Users\Admin\Documents\GuardFox\EAjZobOuZpxn1lFyXQAYd0GT.exe"
C:\Users\Admin\Documents\GuardFox\JFnaejzd3kJTyTcM3MBHgFai.exe
"C:\Users\Admin\Documents\GuardFox\JFnaejzd3kJTyTcM3MBHgFai.exe"
C:\Users\Admin\Documents\GuardFox\9nAjk7ElylJ34eBZk5HqODkt.exe
"C:\Users\Admin\Documents\GuardFox\9nAjk7ElylJ34eBZk5HqODkt.exe"
C:\Users\Admin\Documents\GuardFox\9BJtdwBE6uYtiYT3Askmjm_H.exe
"C:\Users\Admin\Documents\GuardFox\9BJtdwBE6uYtiYT3Askmjm_H.exe"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" -s zi5OPV~J.ZcZ
C:\Users\Admin\AppData\Local\XDR Encode LIB\xdrencodelib.exe
"C:\Users\Admin\AppData\Local\XDR Encode LIB\xdrencodelib.exe" -i
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST
C:\Users\Admin\AppData\Local\XDR Encode LIB\xdrencodelib.exe
"C:\Users\Admin\AppData\Local\XDR Encode LIB\xdrencodelib.exe" -s
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\WinTrackerSP\WinTrackerSP.exe" /tn "WinTrackerSP HR" /sc HOURLY /rl HIGHEST
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\WinTrackerSP\WinTrackerSP.exe" /tn "WinTrackerSP LG" /sc ONLOGON /rl HIGHEST
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Users\Admin\AppData\Local\814f385a-7c19-4988-9be9-fb7378e2b858" /deny *S-1-1-0:(OI)(CI)(DE,DC)
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH1\MPGPH1.exe" /tn "MPGPH1 HR" /sc HOURLY /rl HIGHEST
C:\Users\Admin\Documents\GuardFox\Ql5uOaERvm01yozk4imVjg8y.exe
"C:\Users\Admin\Documents\GuardFox\Ql5uOaERvm01yozk4imVjg8y.exe"
C:\Users\Admin\Documents\GuardFox\01H6aVrK5ITjQyGqEYss8eSC.exe
"C:\Users\Admin\Documents\GuardFox\01H6aVrK5ITjQyGqEYss8eSC.exe"
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe"
C:\Users\Admin\AppData\Local\Temp\msvcp_win\UniversalInstaller.exe
C:\Users\Admin\AppData\Local\Temp\msvcp_win\UniversalInstaller.exe
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN 01H6aVrK5ITjQyGqEYss8eSC.exe /TR "C:\Users\Admin\Documents\GuardFox\01H6aVrK5ITjQyGqEYss8eSC.exe" /F
C:\Users\Admin\AppData\Roaming\msvcp_win\UniversalInstaller.exe
"C:\Users\Admin\AppData\Roaming\msvcp_win\UniversalInstaller.exe"
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH1\MPGPH1.exe" /tn "MPGPH1 LG" /sc ONLOGON /rl HIGHEST
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd040d9758,0x7ffd040d9768,0x7ffd040d9778
C:\Users\Admin\AppData\Local\Temp\jobA4W48N2PKjE7S0l\BG_HewEom_yo4_0Ymqx5.exe
"C:\Users\Admin\AppData\Local\Temp\jobA4W48N2PKjE7S0l\BG_HewEom_yo4_0Ymqx5.exe"
C:\Users\Admin\Documents\GuardFox\tOwu157Mq2IKHvu7Kopa_Klj.exe
"C:\Users\Admin\Documents\GuardFox\tOwu157Mq2IKHvu7Kopa_Klj.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6168 -s 340
C:\Users\Admin\Documents\GuardFox\09KCWMn5NJWpwl11JomKZL6W.exe
"C:\Users\Admin\Documents\GuardFox\09KCWMn5NJWpwl11JomKZL6W.exe"
C:\Users\Admin\Documents\GuardFox\grSxAgZJX8EppGTk0v0tdRzD.exe
"C:\Users\Admin\Documents\GuardFox\grSxAgZJX8EppGTk0v0tdRzD.exe"
C:\Users\Admin\Documents\GuardFox\Dimu1yCf_rncQH2Q9EK34rw7.exe
"C:\Users\Admin\Documents\GuardFox\Dimu1yCf_rncQH2Q9EK34rw7.exe"
C:\Users\Admin\AppData\Local\Temp\is-3NCJE.tmp\V1aQ4WgGmYDw4WTokypwxW0O.tmp
"C:\Users\Admin\AppData\Local\Temp\is-3NCJE.tmp\V1aQ4WgGmYDw4WTokypwxW0O.tmp" /SL5="$601C6,3267177,54272,C:\Users\Admin\Documents\GuardFox\V1aQ4WgGmYDw4WTokypwxW0O.exe"
C:\Users\Admin\Documents\GuardFox\VOuudOuU1Ykz6N8RTAbw4HLv.exe
"C:\Users\Admin\Documents\GuardFox\VOuudOuU1Ykz6N8RTAbw4HLv.exe"
C:\Users\Admin\Documents\GuardFox\m5OlHZeBRqi1Mg7BuzgzMLJO.exe
"C:\Users\Admin\Documents\GuardFox\m5OlHZeBRqi1Mg7BuzgzMLJO.exe"
C:\Users\Admin\Documents\GuardFox\rhita_ubUD9ElUjVw637Qqfd.exe
"C:\Users\Admin\Documents\GuardFox\rhita_ubUD9ElUjVw637Qqfd.exe"
C:\Users\Admin\Documents\GuardFox\H2MKshX0QMUqIM1mTeXAcHVI.exe
"C:\Users\Admin\Documents\GuardFox\H2MKshX0QMUqIM1mTeXAcHVI.exe"
C:\Users\Admin\Documents\GuardFox\aec295eMcA06P4qpEdbSbnh9.exe
"C:\Users\Admin\Documents\GuardFox\aec295eMcA06P4qpEdbSbnh9.exe"
C:\Users\Admin\AppData\Local\Temp\jobA4W48N2PKjE7S0l\pwIrSZJhdSPQHIU9wnJt.exe
"C:\Users\Admin\AppData\Local\Temp\jobA4W48N2PKjE7S0l\pwIrSZJhdSPQHIU9wnJt.exe"
C:\Users\Admin\AppData\Local\Temp\jobA4W48N2PKjE7S0l\vvJw4rG2zAyTBq1J8RPQ.exe
"C:\Users\Admin\AppData\Local\Temp\jobA4W48N2PKjE7S0l\vvJw4rG2zAyTBq1J8RPQ.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1884,i,16710954634878438524,2363845882023732773,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2928 --field-trial-handle=1884,i,16710954634878438524,2363845882023732773,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2936 --field-trial-handle=1884,i,16710954634878438524,2363845882023732773,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 --field-trial-handle=1884,i,16710954634878438524,2363845882023732773,131072 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe
"C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe"
C:\Users\Admin\AppData\Local\Temp\jobA4W48N2PKjE7S0l\t7SzBAV_odeIrXbYDGZk.exe
"C:\Users\Admin\AppData\Local\Temp\jobA4W48N2PKjE7S0l\t7SzBAV_odeIrXbYDGZk.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1884,i,16710954634878438524,2363845882023732773,131072 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\2AB.exe
C:\Users\Admin\AppData\Local\Temp\2AB.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcefae46f8,0x7ffcefae4708,0x7ffcefae4718
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Users\Admin\AppData\Local\Temp\jobA4W48N2PKjE7S0l\nE5wqfSnm8O9dB7Rjmv3.exe
"C:\Users\Admin\AppData\Local\Temp\jobA4W48N2PKjE7S0l\nE5wqfSnm8O9dB7Rjmv3.exe"
C:\Users\Admin\AppData\Local\Temp\2AB.exe
C:\Users\Admin\AppData\Local\Temp\2AB.exe
C:\Users\Admin\AppData\Local\Temp\991.exe
C:\Users\Admin\AppData\Local\Temp\991.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN explorhe.exe /TR "C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe" /F
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcefae46f8,0x7ffcefae4708,0x7ffcefae4718
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.youtube.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcefae46f8,0x7ffcefae4708,0x7ffcefae4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.facebook.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffcefae46f8,0x7ffcefae4708,0x7ffcefae4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffcefae46f8,0x7ffcefae4708,0x7ffcefae4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffcefae46f8,0x7ffcefae4708,0x7ffcefae4718
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,17620963079219856816,16826920636930651884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3628 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5252 --field-trial-handle=1884,i,16710954634878438524,2363845882023732773,131072 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1496,17736807919263485849,6676997977547285210,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 /prefetch:3
C:\Users\Admin\AppData\Local\Temp\1BF2.exe
C:\Users\Admin\AppData\Local\Temp\1BF2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,17620963079219856816,16826920636930651884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,17620963079219856816,16826920636930651884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3904 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5400 --field-trial-handle=1884,i,16710954634878438524,2363845882023732773,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd040d9758,0x7ffd040d9768,0x7ffd040d9778
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,17620963079219856816,16826920636930651884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4396 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5108 --field-trial-handle=1884,i,16710954634878438524,2363845882023732773,131072 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\is-V951F.tmp\1BF2.tmp
"C:\Users\Admin\AppData\Local\Temp\is-V951F.tmp\1BF2.tmp" /SL5="$20336,3419525,54272,C:\Users\Admin\AppData\Local\Temp\1BF2.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,17620963079219856816,16826920636930651884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5900.0.687596558\545617948" -parentBuildID 20221007134813 -prefsHandle 1792 -prefMapHandle 1660 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ddd7f146-1cce-49b5-82a6-9d963341d515} 5900 "\\.\pipe\gecko-crash-server-pipe.5900" 1880 255c85d8658 gpu
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,17620963079219856816,16826920636930651884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,17620963079219856816,16826920636930651884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4904 --field-trial-handle=1884,i,16710954634878438524,2363845882023732773,131072 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5900.1.1172115614\1443460469" -parentBuildID 20221007134813 -prefsHandle 2308 -prefMapHandle 2304 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cddda39b-f425-45c2-82a2-4eb8591f6617} 5900 "\\.\pipe\gecko-crash-server-pipe.5900" 2320 255bc3d9658 socket
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd040d9758,0x7ffd040d9768,0x7ffd040d9778
C:\Users\Admin\AppData\Local\Temp\1579.exe
C:\Users\Admin\AppData\Local\Temp\1579.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 5516 -ip 5516
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,17620963079219856816,16826920636930651884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5660 --field-trial-handle=1884,i,16710954634878438524,2363845882023732773,131072 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5900.2.1015180887\381696221" -childID 1 -isForBrowser -prefsHandle 3504 -prefMapHandle 3500 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 964 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7435fecc-5d08-4a76-a635-5bf2d85d0014} 5900 "\\.\pipe\gecko-crash-server-pipe.5900" 3516 255c8562b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5900.3.2114858732\702287191" -childID 2 -isForBrowser -prefsHandle 3688 -prefMapHandle 3684 -prefsLen 21709 -prefMapSize 233444 -jsInitHandle 964 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5e958f1-f38d-4fa4-894b-5804c1fefbb8} 5900 "\\.\pipe\gecko-crash-server-pipe.5900" 3700 255cc266858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5900.5.944872052\647793367" -childID 4 -isForBrowser -prefsHandle 4832 -prefMapHandle 4828 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 964 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {23568df7-6b98-41ad-91f0-6fd961a4e7a8} 5900 "\\.\pipe\gecko-crash-server-pipe.5900" 3828 255cec94858 tab
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\Admin\Documents\GuardFox\H2MKshX0QMUqIM1mTeXAcHVI.exe" & del "C:\ProgramData\*.dll"" & exit
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 2008 -ip 2008
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5516 -s 1308
C:\Users\Admin\AppData\Local\Temp\41DB.exe
C:\Users\Admin\AppData\Local\Temp\41DB.exe
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5900.6.1396627127\760816873" -childID 5 -isForBrowser -prefsHandle 5256 -prefMapHandle 5252 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 964 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {676b9269-45ea-4e82-8010-e544fcc18c36} 5900 "\\.\pipe\gecko-crash-server-pipe.5900" 5272 255cbc8bb58 tab
C:\Users\Admin\Documents\GuardFox\9BJtdwBE6uYtiYT3Askmjm_H.exe
"C:\Users\Admin\Documents\GuardFox\9BJtdwBE6uYtiYT3Askmjm_H.exe" --Admin IsNotAutoStart IsNotTask
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 9188 -ip 9188
C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe
"C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe"
C:\Users\Admin\AppData\Local\Temp\49FB.exe
C:\Users\Admin\AppData\Local\Temp\49FB.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9188 -s 340
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 6236 -ip 6236
C:\Users\Admin\AppData\Local\Temp\1000605001\leg221.exe
"C:\Users\Admin\AppData\Local\Temp\1000605001\leg221.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6236 -s 568
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe
C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe
C:\Windows\explorer.exe
explorer.exe
C:\Users\Admin\AppData\Local\Temp\1000609001\stan.exe
"C:\Users\Admin\AppData\Local\Temp\1000609001\stan.exe"
C:\Users\Admin\AppData\Local\Temp\d887ceb89d\qemu-ga.exe
"C:\Users\Admin\AppData\Local\Temp\d887ceb89d\qemu-ga.exe"
C:\Users\Admin\AppData\Local\Temp\1000583001\store.exe
"C:\Users\Admin\AppData\Local\Temp\1000583001\store.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 2452
C:\Users\Admin\Documents\GuardFox\9BJtdwBE6uYtiYT3Askmjm_H.exe
"C:\Users\Admin\Documents\GuardFox\9BJtdwBE6uYtiYT3Askmjm_H.exe" --Admin IsNotAutoStart IsNotTask
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5900.4.64406858\1430840451" -childID 3 -isForBrowser -prefsHandle 2976 -prefMapHandle 2960 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 964 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {869c6749-5f77-4ee5-a3be-6a8ed3c59be1} 5900 "\\.\pipe\gecko-crash-server-pipe.5900" 2996 255cd283558 tab
C:\Users\Admin\AppData\Local\Temp\3586.exe
C:\Users\Admin\AppData\Local\Temp\3586.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,17620963079219856816,16826920636930651884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd040d9758,0x7ffd040d9768,0x7ffd040d9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4748 --field-trial-handle=1884,i,16710954634878438524,2363845882023732773,131072 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2252,17620963079219856816,16826920636930651884,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2476 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2252,17620963079219856816,16826920636930651884,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2252,17620963079219856816,16826920636930651884,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2256 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\1000611001\installs.exe
"C:\Users\Admin\AppData\Local\Temp\1000611001\installs.exe"
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll, Main
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 5728 -ip 5728
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5728 -s 1292
C:\Users\Admin\AppData\Local\Temp\nsh55B0.tmp
C:\Users\Admin\AppData\Local\Temp\nsh55B0.tmp
C:\Users\Admin\AppData\Local\Temp\1000616001\latestrocki.exe
"C:\Users\Admin\AppData\Local\Temp\1000616001\latestrocki.exe"
C:\Users\Admin\AppData\Local\Temp\1000615001\2024.exe
"C:\Users\Admin\AppData\Local\Temp\1000615001\2024.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd040d9758,0x7ffd040d9768,0x7ffd040d9778
C:\Users\Admin\AppData\Local\Temp\1000614001\gold1201001.exe
"C:\Users\Admin\AppData\Local\Temp\1000614001\gold1201001.exe"
C:\Users\Admin\AppData\Local\Temp\1000613001\alex.exe
"C:\Users\Admin\AppData\Local\Temp\1000613001\alex.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Users\Admin\AppData\Local\Temp\1000612001\TrueCrypt_NyNIUi.exe
"C:\Users\Admin\AppData\Local\Temp\1000612001\TrueCrypt_NyNIUi.exe"
C:\Windows\explorer.exe
explorer.exe
C:\Users\Admin\AppData\Local\Temp\InstallSetup7.exe
"C:\Users\Admin\AppData\Local\Temp\InstallSetup7.exe"
C:\Users\Admin\AppData\Local\Temp\toolspub1.exe
"C:\Users\Admin\AppData\Local\Temp\toolspub1.exe"
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 6428 -ip 6428
C:\Users\Admin\AppData\Local\Temp\rty25.exe
"C:\Users\Admin\AppData\Local\Temp\rty25.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6428 -s 348
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1664 -ip 1664
C:\Users\Admin\AppData\Local\Temp\FirstZ.exe
"C:\Users\Admin\AppData\Local\Temp\FirstZ.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 372
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 3108 -ip 3108
C:\Users\Admin\AppData\Local\Temp\nsbC735.tmp
C:\Users\Admin\AppData\Local\Temp\nsbC735.tmp
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2008 --field-trial-handle=2384,i,9421816938431777257,7135572331217421270,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1944 --field-trial-handle=2384,i,9421816938431777257,7135572331217421270,131072 /prefetch:8
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1836 --field-trial-handle=2384,i,9421816938431777257,7135572331217421270,131072 /prefetch:2
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1664 -ip 1664
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 388
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\taskkill.exe
"taskkill.exe" /im chrome.exe /f
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3140 --field-trial-handle=2384,i,9421816938431777257,7135572331217421270,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3120 --field-trial-handle=2384,i,9421816938431777257,7135572331217421270,131072 /prefetch:1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 948
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1664 -ip 1664
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 7040 -ip 7040
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7040 -s 552
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 400
C:\Users\Admin\AppData\Roaming\configurationValue\olehps.exe
"C:\Users\Admin\AppData\Roaming\configurationValue\olehps.exe"
C:\Users\Admin\AppData\Roaming\configurationValue\Logs.exe
"C:\Users\Admin\AppData\Roaming\configurationValue\Logs.exe"
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 1664 -ip 1664
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 688
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 1664 -ip 1664
C:\Windows\SysWOW64\chcp.com
chcp 1251
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 716
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 1664 -ip 1664
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 736
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 1664 -ip 1664
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 736
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 1664 -ip 1664
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 772
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\Admin\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F
C:\Users\Admin\AppData\Local\Temp\1000618001\crypted.exe
"C:\Users\Admin\AppData\Local\Temp\1000618001\crypted.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\1000619001\rdx1122.exe
"C:\Users\Admin\AppData\Local\Temp\1000619001\rdx1122.exe"
C:\Users\Admin\AppData\Local\Temp\1000617001\moto.exe
"C:\Users\Admin\AppData\Local\Temp\1000617001\moto.exe"
C:\Users\Admin\AppData\Local\Temp\1000620001\leg221.exe
"C:\Users\Admin\AppData\Local\Temp\1000620001\leg221.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 1664 -ip 1664
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 752
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe delete "FLWCUERA"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe create "FLWCUERA" binpath= "C:\ProgramData\eyfisgalqlbk\iojmibhyhiws.exe" start= "auto"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop eventlog
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\1000617001\moto.exe"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe start "FLWCUERA"
C:\ProgramData\eyfisgalqlbk\iojmibhyhiws.exe
C:\ProgramData\eyfisgalqlbk\iojmibhyhiws.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
conhost.exe
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\Admin\AppData\Local\Temp\nsh55B0.tmp" & del "C:\ProgramData\*.dll"" & exit
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 8184 -ip 8184
C:\Windows\system32\choice.exe
choice /C Y /N /D Y /T 3
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8184 -s 2504
C:\Users\Admin\Documents\GuardFox\01H6aVrK5ITjQyGqEYss8eSC.exe
C:\Users\Admin\Documents\GuardFox\01H6aVrK5ITjQyGqEYss8eSC.exe
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\SysWOW64\timeout.exe
timeout /t 5
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 7688 -ip 7688
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7688 -s 1016
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "RegAsm.exe"
C:\Windows\SysWOW64\choice.exe
choice /C Y /N /D Y /T 3
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
| DE | 77.105.147.130:80 | 77.105.147.130 | tcp |
| US | 8.8.8.8:53 | api.myip.com | udp |
| US | 172.67.75.163:443 | api.myip.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | 130.147.105.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.75.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.186.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 294self-limited.sbs | udp |
| US | 8.8.8.8:53 | vk.com | udp |
| US | 8.8.8.8:53 | medfioytrkdkcodlskeej.net | udp |
| US | 8.8.8.8:53 | ok.spartabig.com | udp |
| AT | 5.42.64.33:80 | 5.42.64.33 | tcp |
| FI | 109.107.182.40:80 | 109.107.182.40 | tcp |
| US | 8.8.8.8:53 | cczhk.com | udp |
| US | 8.8.8.8:53 | ji.alie3ksggg.com | udp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| US | 104.21.15.216:80 | ok.spartabig.com | tcp |
| RU | 91.215.85.209:80 | medfioytrkdkcodlskeej.net | tcp |
| US | 172.67.189.229:80 | 294self-limited.sbs | tcp |
| US | 172.67.189.229:80 | 294self-limited.sbs | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| US | 172.67.189.229:80 | 294self-limited.sbs | tcp |
| RU | 91.215.85.209:80 | medfioytrkdkcodlskeej.net | tcp |
| US | 172.67.189.229:443 | 294self-limited.sbs | tcp |
| HK | 154.92.15.189:80 | ji.alie3ksggg.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| KR | 211.119.84.112:80 | cczhk.com | tcp |
| RU | 91.215.85.209:80 | medfioytrkdkcodlskeej.net | tcp |
| RU | 91.215.85.209:443 | medfioytrkdkcodlskeej.net | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| US | 8.8.8.8:53 | 189.15.92.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.84.119.211.in-addr.arpa | udp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| KR | 211.119.84.112:80 | cczhk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:443 | vk.com | tcp |
| RU | 93.186.225.194:80 | vk.com | tcp |
| RU | 93.186.225.194:443 | vk.com | tcp |
| NL | 95.142.206.1:443 | tcp | |
| RU | 93.186.225.194:443 | vk.com | tcp |
| RU | 93.186.225.194:443 | vk.com | tcp |
| RU | 93.186.225.194:443 | vk.com | tcp |
| US | 8.8.8.8:53 | sun6-20.userapi.com | udp |
| RU | 93.186.225.194:443 | vk.com | tcp |
| US | 8.8.8.8:53 | sun6-23.userapi.com | udp |
| NL | 95.142.206.0:443 | sun6-20.userapi.com | tcp |
| NL | 95.142.206.3:443 | sun6-23.userapi.com | tcp |
| NL | 95.142.206.1:443 | tcp | |
| NL | 95.142.206.2:443 | tcp | |
| NL | 95.142.206.2:443 | tcp | |
| RU | 93.186.225.194:443 | vk.com | tcp |
| NL | 95.142.206.3:443 | sun6-23.userapi.com | tcp |
| RU | 93.186.225.194:443 | vk.com | tcp |
| US | 8.8.8.8:53 | i.alie3ksgaa.com | udp |
| HK | 154.92.15.189:443 | i.alie3ksgaa.com | tcp |
| DE | 185.172.128.24:80 | tcp | |
| DE | 77.105.147.130:80 | 77.105.147.130 | tcp |
| US | 8.8.8.8:53 | 24.128.172.185.in-addr.arpa | udp |
| GB | 96.16.110.114:80 | tcp | |
| US | 8.8.8.8:53 | api.2ip.ua | udp |
| RU | 93.186.225.194:443 | vk.com | tcp |
| US | 104.21.4.208:443 | tcp | |
| US | 188.114.96.2:443 | api.2ip.ua | tcp |
| RU | 93.186.225.194:443 | vk.com | tcp |
| CA | 54.39.19.153:443 | tcp | |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 104.26.8.59:443 | api.myip.com | tcp |
| US | 8.8.8.8:53 | weedpairfolkloredheryw.site | udp |
| US | 8.8.8.8:53 | 153.19.39.54.in-addr.arpa | udp |
| RU | 193.233.132.62:50500 | tcp | |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 188.114.97.2:443 | weedpairfolkloredheryw.site | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| NL | 91.92.245.15:80 | tcp | |
| NL | 195.20.16.46:80 | tcp | |
| DE | 185.172.128.19:80 | 185.172.128.19 | tcp |
| US | 8.8.8.8:53 | 3.182.107.109.in-addr.arpa | udp |
| NL | 195.20.16.46:80 | tcp | |
| FI | 109.107.182.3:80 | tcp | |
| DE | 77.105.147.130:80 | 77.105.147.130 | tcp |
| RU | 91.215.85.120:80 | selebration17io.io | tcp |
| RU | 185.215.113.68:80 | 185.215.113.68 | tcp |
| RU | 193.233.132.67:50500 | tcp | |
| DE | 146.70.169.164:2227 | tcp | |
| US | 198.98.51.189:9001 | tcp | |
| FI | 109.107.182.3:80 | tcp | |
| FR | 157.240.195.35:443 | udp | |
| IE | 209.85.203.84:443 | udp | |
| IE | 209.85.203.84:443 | tcp | |
| GB | 142.250.187.227:443 | udp | |
| FR | 51.158.67.69:443 | tcp | |
| DE | 144.76.43.199:9001 | tcp | |
| GB | 216.58.201.110:443 | udp | |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| RU | 5.42.65.31:48396 | tcp | |
| US | 172.67.173.89:443 | tcp | |
| IE | 209.85.203.84:443 | udp | |
| US | 172.67.160.12:443 | tcp | |
| DE | 185.172.128.53:80 | tcp | |
| US | 8.8.8.8:53 | expenditureddisumilarwo.site | udp |
| US | 172.67.133.222:443 | expenditureddisumilarwo.site | tcp |
| US | 172.67.129.233:443 | tcp | |
| DE | 185.172.128.90:80 | tcp | |
| US | 172.67.206.188:443 | tcp | |
| US | 188.114.96.2:443 | weedpairfolkloredheryw.site | tcp |
| RU | 193.233.132.62:50500 | tcp | |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 172.67.129.233:443 | tcp | |
| HK | 154.92.15.189:80 | i.alie3ksgaa.com | tcp |
| US | 172.67.206.188:443 | tcp | |
| RU | 185.215.113.68:80 | 185.215.113.68 | tcp |
| US | 172.67.160.12:443 | tcp | |
| US | 188.114.96.2:443 | weedpairfolkloredheryw.site | tcp |
| US | 172.67.213.180:443 | tcp | |
| DE | 185.172.128.19:80 | 185.172.128.19 | tcp |
| US | 188.114.97.2:443 | weedpairfolkloredheryw.site | tcp |
| US | 172.67.129.86:443 | tcp | |
| US | 104.21.17.48:443 | tcp | |
| US | 172.67.216.203:443 | tcp | |
| NL | 45.15.156.60:12050 | tcp | |
| NL | 195.20.16.103:20440 | tcp | |
| DE | 185.172.128.79:80 | 185.172.128.79 | tcp |
| AT | 5.42.64.33:80 | 5.42.64.33 | tcp |
| HK | 154.92.15.189:443 | i.alie3ksgaa.com | tcp |
| RU | 5.42.65.31:48396 | tcp | |
| HK | 154.92.15.189:80 | i.alie3ksgaa.com | tcp |
| DE | 185.172.128.33:8924 | tcp | |
| GB | 142.250.187.195:443 | tcp | |
| GB | 142.250.200.35:443 | tcp | |
| DE | 144.76.1.85:25894 | tcp | |
| US | 8.8.8.8:53 | 85.1.76.144.in-addr.arpa | udp |
| NL | 80.79.4.61:18236 | tcp | |
| DE | 141.95.211.148:46011 | tcp | |
| US | 8.8.8.8:53 | 61.4.79.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.211.95.141.in-addr.arpa | udp |
| DE | 138.201.125.92:15647 | tcp | |
| DE | 185.172.128.109:80 | tcp | |
| US | 8.8.8.8:53 | pool.hashvault.pro | udp |
| DE | 45.76.89.70:80 | pool.hashvault.pro | tcp |
| US | 8.8.8.8:53 | 70.89.76.45.in-addr.arpa | udp |
| GB | 96.17.178.187:80 | tcp | |
| GB | 96.17.178.187:80 | tcp | |
| US | 172.67.177.31:443 | tcp | |
| US | 8.8.8.8:53 | qualifiedbehaviorrykej.site | udp |
| US | 172.67.175.187:443 | qualifiedbehaviorrykej.site | tcp |
| US | 172.67.177.31:443 | tcp | |
| US | 8.8.8.8:53 | copyrightspareddcitwew.site | udp |
| US | 172.67.172.166:443 | copyrightspareddcitwew.site | tcp |
| US | 8.8.8.8:53 | combinethemepiggerygoj.site | udp |
| US | 172.67.137.14:443 | combinethemepiggerygoj.site | tcp |
| US | 8.8.8.8:53 | 166.172.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.137.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | weedpairfolkloredheryw.site | udp |
| US | 188.114.96.2:443 | weedpairfolkloredheryw.site | tcp |
| DE | 185.172.128.79:80 | 185.172.128.79 | tcp |
| RU | 185.215.113.68:80 | tcp | |
| DE | 185.172.128.90:80 | tcp | |
| GB | 96.17.179.201:80 | tcp | |
| US | 172.67.175.187:443 | qualifiedbehaviorrykej.site | tcp |
| US | 188.114.96.2:443 | weedpairfolkloredheryw.site | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp |
Files
memory/5040-0-0x00007FF66B850000-0x00007FF66C29D000-memory.dmp
memory/5040-1-0x00007FF66B850000-0x00007FF66C29D000-memory.dmp
memory/5040-6-0x00007FFD109D0000-0x00007FFD10C99000-memory.dmp
memory/5040-7-0x00007FFD109D0000-0x00007FFD10C99000-memory.dmp
memory/5040-8-0x00007FFD109D0000-0x00007FFD10C99000-memory.dmp
memory/5040-10-0x00007FF66B850000-0x00007FF66C29D000-memory.dmp
memory/5040-11-0x00007FF66B850000-0x00007FF66C29D000-memory.dmp
memory/5040-9-0x00007FFD109D0000-0x00007FFD10C99000-memory.dmp
memory/5040-14-0x00007FFD00030000-0x00007FFD00031000-memory.dmp
memory/5040-12-0x00007FFD11F60000-0x00007FFD1201E000-memory.dmp
memory/5040-16-0x00007FFD00000000-0x00007FFD00002000-memory.dmp
memory/5040-13-0x00007FF66B850000-0x00007FF66C29D000-memory.dmp
memory/5040-17-0x00007FF66B850000-0x00007FF66C29D000-memory.dmp
memory/5040-15-0x00007FF66B850000-0x00007FF66C29D000-memory.dmp
memory/5040-18-0x00007FF66B850000-0x00007FF66C29D000-memory.dmp
memory/5040-19-0x00007FF66B850000-0x00007FF66C29D000-memory.dmp
memory/5040-20-0x00007FF66B850000-0x00007FF66C29D000-memory.dmp
memory/5040-29-0x00007FFD12DB0000-0x00007FFD12FA5000-memory.dmp
C:\Windows\System32\GroupPolicy\gpt.ini
| MD5 | 8ef9853d1881c5fe4d681bfb31282a01 |
| SHA1 | a05609065520e4b4e553784c566430ad9736f19f |
| SHA256 | 9228f13d82c3dc96b957769f6081e5bac53cffca4ffde0ba1e102d9968f184a2 |
| SHA512 | 5ddee931a08cfea5bb9d1c36355d47155a24d617c2a11d08364ffc54e593064011dee4fea8ac5b67029cab515d3071f0ba0422bb76af492a3115272ba8feb005 |
memory/5040-21-0x00007FF66B850000-0x00007FF66C29D000-memory.dmp
C:\Users\Admin\Documents\GuardFox\H2MKshX0QMUqIM1mTeXAcHVI.exe
| MD5 | c515b257a1b382acd46bb93b1226c38b |
| SHA1 | b9731cc318ac3583d5a01862bb94aebde87c8e45 |
| SHA256 | b83bbfe4d20ba2d97bf686b4fa838b5128042e134dee89e1704028608e656c0e |
| SHA512 | d5678037c006bf9c67b0b3794d9466356779a971ca3221f301451578306ed90d64061ab53dfc478ad8879bc7adef0146a73a10d4674985ffed3d735dd9bacd47 |
C:\Users\Admin\Documents\GuardFox\V1aQ4WgGmYDw4WTokypwxW0O.exe
| MD5 | c6819be4745fa4008aec1a63c6c24b8a |
| SHA1 | d9213d44c99ffdbe5786a3495b4bad5c053abc29 |
| SHA256 | 1f70751f56b00036e7dbf8e329ddb379b17646fb6ea47e9e84d496a422bc33af |
| SHA512 | f93301fb161a60a2eab81cb7c992528109dcad610e932139f8847bcc642454a6a98689bcee2109445b6a34408eeabb60a14253108844aa957255b43770e6b522 |
C:\Users\Admin\Documents\GuardFox\m5OlHZeBRqi1Mg7BuzgzMLJO.exe
| MD5 | ce32c3ae6472e077dfeb226fd9305f65 |
| SHA1 | 52c0a92718aa4cdafbe888420e02109326a7a82b |
| SHA256 | 7f47b9b7b57b23615c64cbfa3da90331447e08d64ab62892a8d478fbe96a5f4a |
| SHA512 | fba7c2ce1695a460da971f383fcea6982ff403891f6e419f3b393bc5e19657ce31ea54781cf6e89d45d1f211a811e6b59ed9f75a34f6852470da76e1d15a1827 |
C:\Users\Admin\Documents\GuardFox\aec295eMcA06P4qpEdbSbnh9.exe
| MD5 | 333538d31f6ce081cf1d63a1f591bd20 |
| SHA1 | 8f87d52c6727d258a69d73ee95d0262d1ad94dce |
| SHA256 | 7560537d2da216da37d931fcbcb6ca05cbaa57e2e21c34456fc8577209208369 |
| SHA512 | e4242ca78d7395dd0922de9745252c2b5aa4dbf16c8366bd6c38af65f3001045dd643f37b6eebe0fa1f4d1d79cedd34dbd1c33f40406631dac32ea802186fd98 |
C:\Users\Admin\Documents\GuardFox\rhita_ubUD9ElUjVw637Qqfd.exe
| MD5 | 18794dc5cd9c72a299b1b3a489892444 |
| SHA1 | 4f9b3e49f1441685b37ca35f2f8cf60470484996 |
| SHA256 | 23782da6305681a0540af2f9652521f40984b015ba3da51fc4ef69d4f00c4158 |
| SHA512 | 85f9a6e9ed768f8a9666807d72b9163dae9437a93e3e433b674c0e2b70ef47523281e64084c013d1ae56948a74bd20247c774fdeebaa71321d0328982a045a68 |
C:\Users\Admin\Documents\GuardFox\dHd5mez3fSUI5LIwBzCzmnxy.exe
| MD5 | b85fd23b01f15c5d39828815ac86af41 |
| SHA1 | f1763a05c95615ab8d28fee28fb37fb1f2044708 |
| SHA256 | 45497df9e199612fa1aecfa09b4039a9e8545cac881a6a8a5411c99930c900ff |
| SHA512 | 559cd7b0f36f2e5865f301d3fbde0cdfe58f7b2ff6f2b478a60261175876420df0729054248a93b020cfa5897ee43c5fc6e11c16dd9e946188fddae82f2c9a67 |
C:\Users\Admin\Documents\GuardFox\EAjZobOuZpxn1lFyXQAYd0GT.exe
| MD5 | 17316f2fc5d81a6f0f7bfd63e398e314 |
| SHA1 | 743c01a4c7a1479574a1ae8a83c278c14973c668 |
| SHA256 | d4df196d04f3b429a5c35abcfa9f4d8b3d505d69868a4cd61fa7a2d8904b5ac7 |
| SHA512 | be21874b110a17396f0223fd040f8663c4f5f83e55b45a7b4dfa097fc4e1aa282a3c09bbfee59ad05ea6e8d7941af8205ffe84e7c33f007ae49fbb48e539bfd8 |
C:\Users\Admin\Documents\GuardFox\5il1F6kCyub7JoMkSaPcMygv.exe
| MD5 | 83a18f1f6a2c524aad9d4c9a1dfba465 |
| SHA1 | f80dca5317ab65ef2b99cb547eaa75e756b417de |
| SHA256 | 360a1ee851561a0db2b6a2c294db52c6316d79f0394576871c32a3cb62341f61 |
| SHA512 | b84cc96e2453238fd060922b815712b4bc43f2ab4b456e445248496cb4e65180dd1bba30f07584caa95a83c616e4769ffd7cf9ee4d8fa610c43b81a758d9041f |
C:\Users\Admin\Documents\GuardFox\9BJtdwBE6uYtiYT3Askmjm_H.exe
| MD5 | e7727ff441cb3d78086ffa1ef0e3ddd2 |
| SHA1 | 41b2d7bbc4de92060d735b521db7365c67ba1ed3 |
| SHA256 | efa4ef948ce3c0597661a9dbcd167f751d0d7432ce26f8dfc5f033cbb48752a7 |
| SHA512 | 2057f7be01e0bebb6b6569cfbedf1533ebe1a5f663a1b2d74913d4205372e4584b8ef0dea82df6d70e6804911a23df7b911ca7157948d8c77355f2ef8c1982e0 |
C:\Users\Admin\Documents\GuardFox\grSxAgZJX8EppGTk0v0tdRzD.exe
| MD5 | 3576558e6c5b98c1ac6d1cef391a7ffe |
| SHA1 | 1eed3e51ad45256f7afaa502282b8c1962faa936 |
| SHA256 | eefb0abb8fc4f94c52638aee5903850114815da709847d2e17fa51e056c4ad12 |
| SHA512 | 8cfa6520aeb35e7baeb1a806772d748d321b24c028d3180068ae3e4754d63f19954cf3017f2041b6d4c59b32eaa06df97403a44bf530b441d282097427fb121e |
C:\Users\Admin\Documents\GuardFox\X_EnyONBjNVniUxjdzzaCDJx.exe
| MD5 | 772bccd006de8277ae9b8c64f356ad90 |
| SHA1 | feeb0aa603edbaebcedb99eb0aa19363340e06bc |
| SHA256 | c2aef92efdf5b86832e3636a8bc072a9965eccadc94e587ec42e60842ef1ca42 |
| SHA512 | e5d08d32efe1be0c9ad6e42ae5cba14d753939535446383c3b381db06584a0f56ed6b76e3f03f83cff768f53e942374272f29b2968eea640f620f784182b1e3a |
C:\Users\Admin\Documents\GuardFox\09KCWMn5NJWpwl11JomKZL6W.exe
| MD5 | 8c70462cd4fd591ac4c386cbc91685e2 |
| SHA1 | 8511ab46ddd029973413704d3433f76d67039166 |
| SHA256 | 82efd7ba1760db6656ddba547bd16c3f92236c8b97c07d85ce10af7f69402217 |
| SHA512 | 889232a22f57d31aeca7c41eb6dc33bfe1ae5963d59facaeba213d5d569af134dead49d7b2ecad6719fcc69a44bff290d3730386e9bc6d47acc95cf5f2c7960e |
memory/5040-122-0x00007FF66B850000-0x00007FF66C29D000-memory.dmp
C:\Users\Admin\Documents\GuardFox\9nAjk7ElylJ34eBZk5HqODkt.exe
| MD5 | 5918d7cd1e1da27f03b8749bf731f845 |
| SHA1 | 070a65d39733bca373c12938fecbeaa85baf1e65 |
| SHA256 | b1a771b16327455bcaf36e5e503e53fe5420a86612e69210a8739aea5a673e59 |
| SHA512 | 7685aa6d09e2cfd2c4e30422c406acbc9cb371df12fdf1725bf3784c9b4ee61159e1f9d895c8682306cea85dcce76f049af68f9080439f7bdd4bff981a949f71 |
C:\Users\Admin\Documents\GuardFox\jEJVgKSWIZRhch5k_nl5JGx8.exe
| MD5 | 9aa8cee67e2078d5e7c624e4c1811c0f |
| SHA1 | 6ddb0b210b681c8ccee31569c17a36f3c023dac6 |
| SHA256 | 3eb5a9b520e2b620200616703e0b39305f28530ca6ed291f50594797fc9ed841 |
| SHA512 | e3211adaa470a37c67b812b90a256eb8b5662139a4ea4659a16ecd1505563996ee0fe3ca152b6a58498af8675f3abb3d4a38060c789332e8ac3b1e8a32334bdb |
C:\Users\Admin\Documents\GuardFox\QZFI9F0g0r9_BEIKd4z0mN5b.exe
| MD5 | e60c139eab767bb05c2c6ea9b0547af4 |
| SHA1 | 161c2e911ea9643f4bb1f55028b66c797c3ba82b |
| SHA256 | 0f706c4691e5cfb0879ef343529473c6c55e06ed78799760bee1e07ebabc3c33 |
| SHA512 | 6f639e1cec1f8091df181cff4b8990cdbe8a758c9aea18243676cbafcadf98430b006caff5b40491012968501e1742f4f4afe69612012d6401d80deb47f254ad |
C:\Users\Admin\Documents\GuardFox\ebAxaGaWrmPTFikPMf2BNIV0.exe
| MD5 | 998499d3f20b446cbede7b57512c8928 |
| SHA1 | 7d6bfd198309871b758cea866338e26b9e657441 |
| SHA256 | 4b3f261ba72943c09ab868fc2610948bbace61d5a1fc9131a2a45d58bead4dfd |
| SHA512 | ef309a06f7662c2751a2c5b5619a20a0f2a82ee54d2b617cc5cda9995591c9466e20b589ae32aa2f322580767563dc9855ebd411ef371816edf159401649ab06 |
C:\Users\Admin\Documents\GuardFox\JFnaejzd3kJTyTcM3MBHgFai.exe
| MD5 | 106eaef9810cb18f0e18362f078a33c0 |
| SHA1 | 5b997aae8187f9e172e2eb469014ef90b86d2bd2 |
| SHA256 | 79dce3e8d44dbdde540df0cc8453b10caf692149ff0c3ff4858c0c947310d236 |
| SHA512 | 767ccc10627ad07b220cd65d5ce216df55038857d6a6a16d0ff6d366db2dc2c2f37f8ae36602918b7aa3e716c4f18c84a9e6ef8560bb805fae88f4f4d67e1deb |
C:\Users\Admin\Documents\GuardFox\tOwu157Mq2IKHvu7Kopa_Klj.exe
| MD5 | a2b7d126ddf8f95e2e360b1469a3fc23 |
| SHA1 | 8404d4c078fd979d78712173367ad39b462251f1 |
| SHA256 | af6c0c82f9e84ccd91fd32db29923a8bb3fd76aa8539e69b8fb7bebd6044879e |
| SHA512 | 44a0155e4488951c1418ea6cfe41113544ae293f15e2ff343cc6bbb0e043df5dfad0fdbc5802d0a8f20aa4046dbbed905c222e0da35cd1b52bd1afbab2f9b053 |
C:\Users\Admin\Documents\GuardFox\Dimu1yCf_rncQH2Q9EK34rw7.exe
| MD5 | 842937bed196f1660587aa793428282f |
| SHA1 | 4c2e15f9cb4cd7e66738ccf5647434ec08bbc6d1 |
| SHA256 | 76d636a18c9db8a1016e7b75b5c8ced5e3987eb01ff6a02f992051af7d404fba |
| SHA512 | 8b5d6da8ae0ef6e40ff592db21c74f1e8037bd3864d5255dd34e1753d9fd3b2901a0eae8fe6e47c15b80bf69986fe46aed45478df4efb075ef29bf6e72b48426 |
C:\Users\Admin\Documents\GuardFox\XXOA9F19qkaFn8XhoZKAzo0p.exe
| MD5 | d2bcc0663e833438eb95580f1d0833ab |
| SHA1 | 797fe4be6741a48edaa05775b67066e1012883ca |
| SHA256 | 2f9520501fdb02eedaebe96bbb99332715df42f85d2d1cce8eb4eb0ac1eaee86 |
| SHA512 | a3af0246c9dbe96486619ed3defd3b97648289d8dc9d4d63fcd03504a93345801ef1ba277955bd202f8b735100723f88b6df15093596d91cda6c500cb3a9f43d |
memory/5040-174-0x00007FFD109D0000-0x00007FFD10C99000-memory.dmp
C:\Users\Admin\Documents\GuardFox\VOuudOuU1Ykz6N8RTAbw4HLv.exe
| MD5 | ff5cdd929999acc0741de426b150472e |
| SHA1 | ca07d4c239e1a40d254c9b2a4d1ceecc13a7e56e |
| SHA256 | bc25050eb45cbc43a8f7795aec051fd566525533c521bdc7cbd930fab3fa8b51 |
| SHA512 | 563a61c26624df56d95579c9b1b8ec36f21375ae1081d26499b51ebab2d6189f2e9a807d230026e3a7302e730b4f62344bbe54194d14ca5b46f495122669dd3e |
C:\Users\Admin\Documents\GuardFox\XXOA9F19qkaFn8XhoZKAzo0p.exe
| MD5 | f5f441e6091d332bbd1de28cfb2944cf |
| SHA1 | 31160ca91a4c31e60becf405e3aafe8fcf8539f5 |
| SHA256 | 126756ec81ccc54470874ed683892d6ff25e6894ec63b8f49efa78b3bfdcef22 |
| SHA512 | 6de7be032623ff8ae16aa73f738add80f84d1f038022c1f8dd277042040156838ed552c1f2ba8e381106c24584f6dc7e68db652243ac0f7a23b24f8b32f331da |
memory/5040-557-0x00007FFD00010000-0x00007FFD00011000-memory.dmp
C:\Users\Admin\Documents\GuardFox\aec295eMcA06P4qpEdbSbnh9.exe
| MD5 | 320095239d68a77d2dbe8b96f75c1803 |
| SHA1 | d66f46976874c6aaf3c05c32ba1afecb67f21407 |
| SHA256 | a049b87742cc3e515cd579f3f4d49c0a60ccde31853e1bf653e73afb33017602 |
| SHA512 | 3c66296c738fec64f12f9565f20fc9b593ebcb36514665431f25a10f7af567b8f179654b544e5903ff8f1e0ef4fe0dacfd49735000bc790f3fe9789d5257a77d |
C:\Users\Admin\Documents\GuardFox\H2MKshX0QMUqIM1mTeXAcHVI.exe
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\Documents\GuardFox\ebAxaGaWrmPTFikPMf2BNIV0.exe
| MD5 | 3d59f5a8f390f216b8cc139d724f6d35 |
| SHA1 | e3af0945c436e46f5890ef80b18b1add57dcc2bd |
| SHA256 | a38a438b8239a65444d8319fa6f8b16883be0f77ed492925f66bb4d2e5c80279 |
| SHA512 | aee0d56fd5669cfbd1c221c39aee385b107e2fe93dd80a17d1565a7d92ecb2a91f1dfd1c50ff87c0a5bb593ed7ac62a1709557747516da9c1a47111a32fed3a0 |
C:\Users\Admin\Documents\GuardFox\X_EnyONBjNVniUxjdzzaCDJx.exe
| MD5 | b90a5ceac5be8bf5f4dac59ae4a0a6c5 |
| SHA1 | fc906ce708d1e89db485fec50e9897dfcab3956d |
| SHA256 | f025426bd515f06c4e31e298a0694a305c633e0ec6ba0a2addfcfd60b15ff680 |
| SHA512 | 739562a946c07b9ccf4aa0d3cff9fb074a211a11d7d4206166906e1cb4d6dc72c68f3c6ca3310ee442de1cf9a97e7d32889f82b8ed46191765b2c87f89d172d2 |
C:\Users\Admin\Documents\GuardFox\grSxAgZJX8EppGTk0v0tdRzD.exe
| MD5 | 3a3e1d7ca4217498663721855b4a3a2c |
| SHA1 | 804f07c26e067322f41dd1a94d5d20de81e7fcb6 |
| SHA256 | a63f4ef3d7584a485363c3e018a1febed0821240619d36250a7b9a4b2fae4315 |
| SHA512 | b29f648024f11b3d7dd64368ae1caec45e0c79e250a5ca0691b01e67dc179ee518598eb645d583cfa04cbc4bf56bbcbb116dd7799aa89548b2c2dc1ae547c72f |
C:\Users\Admin\Documents\GuardFox\VOuudOuU1Ykz6N8RTAbw4HLv.exe
| MD5 | aebe66c88f66f7b77e746584aca4c831 |
| SHA1 | 3ad8f4a261a765b4c435e297a05264b68f9eea87 |
| SHA256 | b554ff6d288661d5294dcc4a3d0273ef04f100abd80fe3ba47568dda9320594f |
| SHA512 | 842db44dca1efcb74f04487ab9f39a8ae7814aa5a911a1b2d2f0c4c9beef95a8589903bbf938dc2a547ae472d5eb1ee059ba229021f495dd2ab29372f017e9a6 |
C:\Users\Admin\Documents\GuardFox\H2MKshX0QMUqIM1mTeXAcHVI.exe
| MD5 | 7043290092eae5c46395ca909ae83d49 |
| SHA1 | c5f55e5de8865adf754a7024dcf6e0d30f87b60b |
| SHA256 | 7f811fb2f5580b0f4499831bcd988cc8b430cc99e8069e8f392a99a5d38b72bc |
| SHA512 | 56fb9914836169e1b7fa5e56e99d1d4161f3a728da3fa82d1e20e49817339ce9bce7dd8436ded4e2266a6249064d95d47c254d1f233cd218870ba3489db6df3a |
memory/4156-712-0x0000000000400000-0x0000000000414000-memory.dmp
memory/5040-718-0x00007FFD11F60000-0x00007FFD1201E000-memory.dmp
C:\Users\Admin\Documents\GuardFox\ebAxaGaWrmPTFikPMf2BNIV0.exe
| MD5 | 82a4981dc81da2ed656bfe009c99fc02 |
| SHA1 | c01ab9b8a86959f8dae9879053305564ca62c0b5 |
| SHA256 | f77c782ee58209a2a78ca1dbca1ceb16fbda1581e7e422f71519058aecc735ba |
| SHA512 | 3c124450378d399ec1d03759afa8941f91cf5e330a0d9c69f07be32e910b21765339c308f32c5188c688d0bad0c7e85b098f07179578a18537f39ff05a770eb7 |
C:\Users\Admin\Documents\GuardFox\V1aQ4WgGmYDw4WTokypwxW0O.exe
| MD5 | 3a329891088a7c44ae41b86ac86ed175 |
| SHA1 | ed3cdd83e5fdc24453c1e9e8143316360ab32784 |
| SHA256 | 412670434b87245ae0ef077c9571a376f8d15ec8e2cfd59427cf6c52d2ec0fd6 |
| SHA512 | 495d42e347ba1249b36646585f27141886edb816989c80910ab70f505b42cb412c8b3d419d568ecc2d911c9987da28fc8e408a4c4248b9b7a0eab72ed2fea8d1 |
memory/5040-714-0x00007FFD109D0000-0x00007FFD10C99000-memory.dmp
memory/6156-722-0x0000000000C20000-0x0000000001103000-memory.dmp
memory/4156-723-0x0000000000400000-0x0000000000414000-memory.dmp
memory/6148-726-0x0000000000560000-0x000000000056B000-memory.dmp
memory/6148-730-0x0000000000400000-0x0000000000448000-memory.dmp
memory/2008-731-0x0000000000680000-0x000000000069C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-B0E5B.tmp\_isetup\_iscrypt.dll
| MD5 | a69559718ab506675e907fe49deb71e9 |
| SHA1 | bc8f404ffdb1960b50c12ff9413c893b56f2e36f |
| SHA256 | 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc |
| SHA512 | e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63 |
C:\Users\Admin\AppData\Local\Temp\is-B0E5B.tmp\_isetup\_isdecmp.dll
| MD5 | b6f11a0ab7715f570f45900a1fe84732 |
| SHA1 | 77b1201e535445af5ea94c1b03c0a1c34d67a77b |
| SHA256 | e47dd306a9854599f02bc1b07ca6dfbd5220f8a1352faa9616d1a327de0bbf67 |
| SHA512 | 78a757e67d21eb7cc95954df15e3eeff56113d6b40fb73f0c5f53304265cc52c79125d6f1b3655b64f9a411711b5b70f746080d708d7c222f4e65bad64b1b771 |
C:\Users\Admin\Documents\GuardFox\9BJtdwBE6uYtiYT3Askmjm_H.exe
| MD5 | b9caddfba2938a10e9b17b29322aa953 |
| SHA1 | 846f6bf6960872d93267d798e215adaf3a692606 |
| SHA256 | f0ab25a7306dc19a65fff8a384c445cd7a2842feb3c89cfd9357ee2919c8a70e |
| SHA512 | ae46ab8a671f35d072b2aece1a6c11993e866765b90daca884ea3b018a85f0fea059e508eb3e1c77baad399ba60eb1c944a72d1c99cc584682cb5cfd4521869b |
C:\Users\Admin\Documents\GuardFox\JFnaejzd3kJTyTcM3MBHgFai.exe
| MD5 | 4ddbf05ddc7819a6dbd9c1fbc569c7b8 |
| SHA1 | 72b742012260334397f11553966cdd8b980d9a45 |
| SHA256 | f846175ed1cf3b93022ac7bd5dd02996b77558706fe29582a685baae7a3436ff |
| SHA512 | 24c623a0a3a445d8f5dca8ec68bf17af8c5e15fde933735a0378d299069e2298c48f83e386e0d7b5f034fede31b7fab75ce2f3c2b3db6a437d689c15fef6b52a |
C:\Users\Admin\Documents\GuardFox\09KCWMn5NJWpwl11JomKZL6W.exe
| MD5 | f7d2f4428f94dc57965fb7f67e164f61 |
| SHA1 | 987794996f2e18dcc6e17ee9387e1a73300839a7 |
| SHA256 | a95450f9498d3247475f2e70b3d2aca20f32520aeeb1a7d71e66a508d07ff88a |
| SHA512 | 07a51619815b9ca59b5b642d39d154ef292fbdcf3019f317f6658d739e8327945ddeb2c7663acc3fe0618f6a213526518d09dd4b50e8bd7b45e6ea6d63ee28eb |
memory/6168-845-0x00000000004A0000-0x00000000004AB000-memory.dmp
C:\Users\Admin\Documents\GuardFox\9nAjk7ElylJ34eBZk5HqODkt.exe
| MD5 | a496f9c5d278450d0badce1e42abac86 |
| SHA1 | 8c221dac46108a0a75c24e938480d9b8723b5f5f |
| SHA256 | 0e1eb8cc8eedd917f293e0264636224c44e2f4db47843bc56f6af5b10b67b4f2 |
| SHA512 | db12fd16015d10af0659b19098cf24115e0e31c59b3715a913868b51c8ca7a0cdea2d8e3e80f3429aa2715f2b40b27d45770e15087ef9a1e33a9912fd1a83595 |
C:\Users\Admin\Documents\GuardFox\9nAjk7ElylJ34eBZk5HqODkt.exe
| MD5 | 9a463dd800a86aaf4e7656cc32d1b12d |
| SHA1 | 4ee361f93305bae2aedc1449b61d9ec738361a2c |
| SHA256 | fbf52b2200a27c04cc91c0301c418a6aa6b31ed738e3251f8cf4132a340806a1 |
| SHA512 | 3b897496b0f510e890713a9de285b8eb0a1b62fd9a6a4f9a9e263060a49b5b5fa00f2b2dc4febd7d210e8c54146ff95cf6aa044c7c9470061444faf4d541d360 |
memory/6960-886-0x0000000004D70000-0x0000000005314000-memory.dmp
memory/6960-895-0x0000000004C70000-0x0000000004CDC000-memory.dmp
memory/7152-906-0x0000000000BC0000-0x0000000001B73000-memory.dmp
memory/2364-901-0x0000000005050000-0x00000000050EC000-memory.dmp
memory/5504-911-0x0000000000400000-0x0000000000537000-memory.dmp
memory/2364-918-0x0000000072030000-0x00000000727E0000-memory.dmp
memory/6960-928-0x0000000004D60000-0x0000000004D70000-memory.dmp
memory/3712-938-0x0000000000400000-0x00000000008B0000-memory.dmp
memory/6960-937-0x0000000004D60000-0x0000000004D70000-memory.dmp
memory/6960-939-0x0000000004C70000-0x0000000004CD7000-memory.dmp
C:\ProgramData\IPTV Channel Browser 6.6\IPTV Channel Browser 6.6.exe
| MD5 | d732f07b15951ca19e4bf87361ce05ba |
| SHA1 | 883c73317c095a2ed0f509e02e5e7fdea009720f |
| SHA256 | d91b145def4dfee0baa0f6f1aa66832359e1c55cb220a2b6ebcacb9befac4ab4 |
| SHA512 | bead6c5ce8408bc16c3f764dff15bd833fa6649e9660c3af8b2259d2d51f8918db9da831255f88f6e20845e970747e750ba165064f09517fe5e0645a42b0308d |
memory/6960-951-0x0000000004C70000-0x0000000004CD7000-memory.dmp
memory/2624-955-0x0000000075E50000-0x0000000075F40000-memory.dmp
memory/6924-953-0x0000000005D10000-0x0000000005D76000-memory.dmp
memory/2624-959-0x0000000075E50000-0x0000000075F40000-memory.dmp
memory/5040-958-0x00007FFD109D0000-0x00007FFD10C99000-memory.dmp
memory/5040-963-0x00007FFD12DB0000-0x00007FFD12FA5000-memory.dmp
memory/4156-973-0x0000000000400000-0x0000000000414000-memory.dmp
C:\Windows\System32\GroupPolicy\gpt.ini
| MD5 | 7cc972a3480ca0a4792dc3379a763572 |
| SHA1 | f72eb4124d24f06678052706c542340422307317 |
| SHA256 | 02ad5d151250848f2cc4b650a351505aa58ac13c50da207cc06295c123ddf5e5 |
| SHA512 | ff5f320356e59eaf8f2b7c5a2668541252221be2d9701006fcc64ce802e66eeaf6ecf316d925258eb12ee5b8b7df4f8da075e9524badc0024b55fae639d075b7 |
C:\Windows\System32\GroupPolicy\Machine\Registry.pol
| MD5 | cdfd60e717a44c2349b553e011958b85 |
| SHA1 | 431136102a6fb52a00e416964d4c27089155f73b |
| SHA256 | 0ee08da4da3e4133e1809099fc646468e7156644c9a772f704b80e338015211f |
| SHA512 | dfea0d0b3779059e64088ea9a13cd6b076d76c64db99fa82e6612386cae5cda94a790318207470045ef51f0a410b400726ba28cb6ecb6972f081c532e558d6a8 |
memory/2624-997-0x0000000005280000-0x0000000005312000-memory.dmp
memory/2624-1007-0x0000000005250000-0x000000000525A000-memory.dmp
memory/2808-1015-0x0000000072030000-0x00000000727E0000-memory.dmp
memory/2624-1017-0x0000000075E50000-0x0000000075F40000-memory.dmp
memory/1968-1029-0x0000000140000000-0x0000000140876000-memory.dmp
memory/2624-1037-0x0000000076F94000-0x0000000076F96000-memory.dmp
memory/556-1049-0x0000000001170000-0x0000000001176000-memory.dmp
memory/6948-1052-0x0000000000EB0000-0x0000000000EB1000-memory.dmp
memory/6948-1044-0x0000000000400000-0x0000000000D40000-memory.dmp
C:\Users\Admin\Documents\GuardFox\tOwu157Mq2IKHvu7Kopa_Klj.exe
| MD5 | d422e54f79b3ac2abbc55c422b9ae90f |
| SHA1 | 409323657376ac891324e8e2722ccde7a986d60a |
| SHA256 | 7cadcc8e3382a904a096708b8a90cde39b43ff60eb2a29cbb412b010371a7394 |
| SHA512 | d103cdddac8119479b435e3ed651c8f8a3f9ce38f4696f240c3c886489d1ea250ddce49898b8daa8ca8fc9e71a501a9abb9cebe794f8e0c984789fc9293f7c55 |
memory/5504-1034-0x0000000000400000-0x0000000000537000-memory.dmp
memory/2624-1025-0x0000000075E50000-0x0000000075F40000-memory.dmp
memory/2624-1022-0x0000000075E50000-0x0000000075F40000-memory.dmp
memory/6960-981-0x0000000004C70000-0x0000000004CD7000-memory.dmp
C:\Users\Admin\AppData\Local\XDR Encode LIB\xdrencodelib.exe
| MD5 | 05b4cc9b095cc851fcf724e862070ddf |
| SHA1 | 8ae5a67102b7445e29b787b658bc0089e716c676 |
| SHA256 | bcb29a36920b7631ae1e8db66ef86be4ee70c6b5c89c31f9d3bd7dc9514b5734 |
| SHA512 | 8d597a2d68f83785748de495a0e223ec7316b908a113d500eba968f2107dfa95cc15603e64252391ecc7ce91c6314597dc2f6900fe30dd3cf626a3765070e526 |
memory/6156-980-0x0000000000C20000-0x0000000001103000-memory.dmp
memory/5516-990-0x0000000000400000-0x0000000000830000-memory.dmp
memory/2008-977-0x0000000000400000-0x000000000062E000-memory.dmp
memory/5108-979-0x0000000000D80000-0x00000000016C7000-memory.dmp
memory/5108-975-0x00000000034D0000-0x00000000034D1000-memory.dmp
memory/6960-974-0x0000000004C70000-0x0000000004CD7000-memory.dmp
C:\Windows\System32\GroupPolicy\GPT.INI
| MD5 | 93b3886bce89b59632cb37c0590af8a6 |
| SHA1 | 04d3201fe6f36dc29947c0ca13cd3d8d2d6f5137 |
| SHA256 | 851dd2bb0f555afaef368f1f761154da17360aeea4c01b72e43bf83264762c9f |
| SHA512 | fc7baef346b827c3a1338819baa01af63d2d4c31f3f7e17b6f6b72adab70de81872a67e8f3c1a28453abb595dbac01819a9bcff0710e9651a45deaf2f89e65fb |
C:\Users\Admin\Documents\GuardFox\01H6aVrK5ITjQyGqEYss8eSC.exe
| MD5 | 7367594121aa591d4da7e7ee8559b688 |
| SHA1 | 2b72b15d2f62a3ca99ce69f7129d967fa6ac8f41 |
| SHA256 | 126994dd77fe38424ef1ddec0d0e8c0ca3291a2187d1a8a65788c45547de8cb5 |
| SHA512 | 5fa8d082ffad6260119f2abb5dbd6699dca952bf0952eda569f37a17f6a3a8780877f4fc7e2f4625b345ddb08348e58e8f7563bcc1f0b50962406dee269fc110 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A65DBECD82A40019E873CE4ED0A79570
| MD5 | a562f4cd301f2b2dbb9e2ea6b4cf3626 |
| SHA1 | 53ae0b9afddabd1451aab4079dd5155fb7637029 |
| SHA256 | 5bbfb660ebe736a3f09bc2559d1560af8b46e95eb2ab5a3d77de510eb3515f94 |
| SHA512 | 29b84c883ab671b810f3507eff6dc0c9dcdc1cfcb09f234d6b74453e29c6d9746519036fccab355834633b9162319c01ee173eebc97d5eeb97f42749d4e4683c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A65DBECD82A40019E873CE4ED0A79570
| MD5 | 6543791e52074c33097d50ccb1753002 |
| SHA1 | 721e5d49d6222b74902b6c1df40155309df66e61 |
| SHA256 | 344fabfdeebc02cfb1b0b4f3e89f7308aa22651c029ec58b8bba1b59388cd4da |
| SHA512 | e074c3ce82fbe73bdba5ace16ce4f9ba512510905b0e857c82351c84091d5ee071ad9c72bd57777e4685b095913dc8a3cd10755a0e799b47dcffca4e3adfaa75 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C
| MD5 | 0b38551b1d56621ec4c4591e3cca378b |
| SHA1 | 467d862cfa9d954c591d5d7ec040c2b4f3d25bbe |
| SHA256 | 1592f1d97f92d6c613ddbd8b65b9f1fe999e2d4ac060ea6fa8251f2e9b90760e |
| SHA512 | caa28c6858d4efaf1cd8046a3f7cda7369c7c685a58d27393abc645b3b7cc6a7b7369d0fa5373b7913532d40ab1b6f0e3f72ecd7e1d93e0b193507144ea447f8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C
| MD5 | 1c9d92933742f6c36966c4583f46bd08 |
| SHA1 | ec4b491f184e0dbc3dceb3c0437f9273b5bc2f84 |
| SHA256 | 5e233f71e9de6a7091923f21537b0e13470130eabc594173cf52e879f7849c66 |
| SHA512 | db29601b2ac260d45446820d52d2c692e129db619eba9135d6ec7fa9f61f8abb98c319bb1f67aac8f2929d96189961766adaa70f116948d11f7dae3a6391c467 |
memory/2624-971-0x0000000000B10000-0x00000000012E6000-memory.dmp
memory/5040-970-0x00007FFD11F60000-0x00007FFD1201E000-memory.dmp
C:\Users\Admin\Documents\GuardFox\FVlbmekZudhON4gzIqOnpuqU.exe
| MD5 | ac48f5ba13e20795eb303e258834028a |
| SHA1 | 9c3e13989244a593bf35fdd720e122d0c2ac711f |
| SHA256 | f98404d91213253125de7edfc57034e7d9a2cea39a7bf8851062cffc856af3d9 |
| SHA512 | 50433c5d7eb54b5b40d0978ac162b84fd46922e76519d4b8c39e01a35e996e1bea650efad7eafde7e94d936a5196f5b3ff7d6a22a873dbe719931006d8ff8f53 |
memory/6148-969-0x0000000000703000-0x0000000000711000-memory.dmp
memory/6148-962-0x0000000000400000-0x0000000000448000-memory.dmp
memory/6960-960-0x0000000004C70000-0x0000000004CD7000-memory.dmp
memory/5040-947-0x00007FF66B850000-0x00007FF66C29D000-memory.dmp
memory/3480-952-0x0000000002D70000-0x0000000002D86000-memory.dmp
memory/2624-950-0x0000000000B10000-0x00000000012E6000-memory.dmp
memory/3712-949-0x0000000000400000-0x00000000008B0000-memory.dmp
memory/7152-942-0x0000000000BC0000-0x0000000001B73000-memory.dmp
memory/6960-943-0x0000000004D60000-0x0000000004D70000-memory.dmp
memory/2808-931-0x00000000051D0000-0x000000000541E000-memory.dmp
C:\Users\Admin\Documents\GuardFox\Ql5uOaERvm01yozk4imVjg8y.exe
| MD5 | 2bbde77b165fc88f467357e3012b7fb6 |
| SHA1 | f06fdc361f1804a938c957db6aab253c7497f765 |
| SHA256 | a35fd21aebc58bf9f6e969d39b3dd013f29deba4bfbd6700da6b779d96a8131d |
| SHA512 | 7587fa82cbb2dde1d95f0a6052fed7902beb34dd85319c4330b7d1868a36d5b14a80458e7473beaeaeb95990f5d74947909d611cb1526c920060f9b9595df8ef |
memory/6948-930-0x0000000000400000-0x0000000000D40000-memory.dmp
C:\Users\Admin\Documents\GuardFox\01H6aVrK5ITjQyGqEYss8eSC.exe
| MD5 | 7e92175703a8105c2ea0b8e5642e3e18 |
| SHA1 | 571d40361144b3bfe19a51db18c5c51df55add83 |
| SHA256 | 99843ab7c6b0b8f8537be6cffa32103649d37234d850e0d6ead7095a6b09275e |
| SHA512 | 6b47301f5d4d7062bd6b787681d95ebd0f06ca620e2b88c279a1b51024f30fdd5ceb30fa78cff7c5fbe7bada1940c02283cbfc46bf3849d80b188b0484ff1c3d |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe
| MD5 | a5ce3aba68bdb438e98b1d0c70a3d95c |
| SHA1 | 013f5aa9057bf0b3c0c24824de9d075434501354 |
| SHA256 | 9b860be98a046ea97a7f67b006e0b1bc9ab7731dd2a0f3a9fd3d710f6c43278a |
| SHA512 | 7446f1256873b51a59b9d2d3498cef5a41dbce55864c2a5fb8cb7d25f7d6e6d8ea249d551a45b75d99b1ad0d6fb4b5e4544e5ca77bcd627717d6598b5f566a79 |
C:\Users\Admin\Documents\GuardFox\Ql5uOaERvm01yozk4imVjg8y.exe
| MD5 | 58ceb593c521e59fb870175411c5f266 |
| SHA1 | cd1dbf7a21798372572e476df49bd862a8fec273 |
| SHA256 | c99e20696e257cb20b21c57f7645360c16058fcb11059fd43ecfedcc6bd9039e |
| SHA512 | c4d1debfc0ba4e5385fa6dd850010f6d37bfd5923eb7c676befaf7c88b3fa66202bed9d907ab3f86ea27f1c8272ae187880eee311236e05ead478a3f8c7e3376 |
C:\Users\Admin\AppData\Local\XDR Encode LIB\xdrencodelib.exe
| MD5 | 35145d387402c18ce56cbc2a4a926022 |
| SHA1 | fcbd86369605c792050a92744c51c7be34dc6c96 |
| SHA256 | 1d3bec54cea78afc770661284803829a50785389b1e28108efcc26d26782d0a0 |
| SHA512 | 880b05b56021cdf76b6b015d7c873442247a46d0a78cb16062bedeebd4b670728623b6cf1bdfe00812bb39565b7f69b6ed740f9859cf5f6129ec423300be163f |
C:\Users\Admin\AppData\Local\XDR Encode LIB\xdrencodelib.exe
| MD5 | 6c3c7e3766ef2b8718c4b5202aa4d45e |
| SHA1 | 3a1a221c564f8e18735750039ea2e2e9837aa212 |
| SHA256 | f5b0a9b15848cb7d950eb6e95dcbc7bc9507d86dd2999eaa9124ab05fca05f38 |
| SHA512 | 9d8f93532d8fbd7d88a603fd9014e84ffd737ac45f90f7d01e9b654a5d91fbede03c726463c250e434cb89937f060c6c10451e6a9bef40e091d4f8202371acd7 |
memory/556-924-0x0000000010000000-0x0000000010298000-memory.dmp
C:\Users\Admin\Documents\GuardFox\01H6aVrK5ITjQyGqEYss8eSC.exe
| MD5 | 9fc22dfb91a5a3e9a924ec23de9705c4 |
| SHA1 | 8ab4c1dcffe85fc13eda7a35f4889f6054f039ba |
| SHA256 | e4dc9db7d0d24a3e79cb2c3c5a727f779697ee2fe660e5f290c56177cc648735 |
| SHA512 | f444d75be47992485c93f6f5d08c7a4ed9b73dda74124266dfcdacf22bb7cbd7e2c9228f6a6add380d486edf948df1217f3df28de02490c57e078ba7b2994b16 |
C:\Users\Admin\AppData\Local\Temp\zi5OPV~J.ZcZ
| MD5 | 61886ed498beb2f750bc244d2ef2e477 |
| SHA1 | 80166a4d8ac2159e81d06f0e888c6486f1bac961 |
| SHA256 | 9f9ca4d6184f5ff33ab72452b3b37706bda1f6c1b546c8b9d5296387b3248902 |
| SHA512 | 9404fe541ba09ba9c7d6ad7c1d2d12ecb3ac105fd16ff3244ff095a521ecb6c9a6a01fb1fca44c3a986efe400647ab800193246f3ace82d07a61b6d37b2dfb3b |
C:\Users\Admin\AppData\Local\Temp\msvcp_win\UniversalInstaller.exe
| MD5 | b1a0a073cc8f01006b056009b302e397 |
| SHA1 | dd47dbb928cdd3608c7106a659844cc7d63c9f03 |
| SHA256 | 30c7ae7ab62f3794418548111c59f2fb6dd146607a4db846fd370a0a13c17aa6 |
| SHA512 | 42ed0f2430b98817e9b75c1caec71332854ab7a102110c799ba812550713d8c9c299bbf3ec976b9517eff8abd6a48e81e3688300879223c71ab9b03b69dbe9da |
C:\Users\Admin\AppData\Local\Temp\zi5OPV~J.ZcZ
| MD5 | 4f281476f30536b81b7877d3f16dfb09 |
| SHA1 | c3ee095f61704379a4bc575e818db996e592e4ad |
| SHA256 | 74068b9e413d0f7da17314906cb5f34f84e6ac6cb1f80ec92bb547e0e16bc506 |
| SHA512 | 278acfe0ac048248419d2e9d384d88008be0d864c402a9bb31d976f1625a69e0d133c034f268e61b2b805ea475897939d3835c2177d1ed73f138e71cc6809bcd |
C:\Users\Admin\AppData\Local\Temp\msvcp_win\UniversalInstaller.exe
| MD5 | f258cbb66954ea02c6d0e758a9065b2c |
| SHA1 | 94196422416127b3f0a7e539ff899a17c0ad5dd5 |
| SHA256 | dec8dc1bbcefaf05d30c2e9f41e4f8ab2460361d348401fdb9cba6891626e39f |
| SHA512 | ae1acc629a86adc96c87c8c4d29997a2689ff165d9c2c4db888ea53cf6f83a63bcf7fc0a157a0314b772e6e10b3ac3e6c781154ec79fd0c7a64465666c1d44d8 |
memory/1968-921-0x0000000140000000-0x0000000140876000-memory.dmp
memory/6948-920-0x0000000000E50000-0x0000000000E51000-memory.dmp
memory/6960-919-0x0000000004C70000-0x0000000004CD7000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\jobA4W48N2PKjE7S0l\8ghN89CsjOW1Login Data For Account
| MD5 | 02d2c46697e3714e49f46b680b9a6b83 |
| SHA1 | 84f98b56d49f01e9b6b76a4e21accf64fd319140 |
| SHA256 | 522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9 |
| SHA512 | 60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac |
C:\Users\Admin\AppData\Local\Temp\jobA4W48N2PKjE7S0l\UPG2LoPXwc7OWeb Data
| MD5 | ebd88e1094ec35b2f00b96a8e95ef4d4 |
| SHA1 | 6d7d8b7b1b66a43894c3ccaa15091e894df42f88 |
| SHA256 | c510896327fd95ac5c63064095b0e826675d8eb2fee1acb45c390e2acdb98354 |
| SHA512 | f95470c8d1176134883119576fef988bab33a1e758d6b253fd9ff18e1ecd6d2e749d14a742911199b7933ca8a20046be2d623241c8f9e22a838b3403707be3f7 |
C:\Users\Admin\AppData\Local\Temp\jobA4W48N2PKjE7S0l\D87fZN3R3jFeWeb Data
| MD5 | 02687bdd724237480b7a9065aa27a3ce |
| SHA1 | 585f0b1772fdab19ff1c669ff71cb33ed4e5589c |
| SHA256 | 9a535a05e405b789e9fdaf7eaf38e8673e4d0a8bd83768e72992282a69327d89 |
| SHA512 | f8ce4f6ad7211cbd17ba0cb574ac8f292727709479e059f4429a818d3b74dbe75d6e6f8cb5576b6bc7e3c1bd0b471127f0ddb38e816fad8aa44a77c15de7e6df |
memory/1968-913-0x00007FFD12FB0000-0x00007FFD12FB2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\jobA3W48N2PKjE7S0l\information.txt
| MD5 | 6945491153c681ccac99097c77eef818 |
| SHA1 | d13f8db94e5c8b48fcb0237a2dca3e3e7b47718e |
| SHA256 | ffe3801014bc82b0104c83f9401ea497d9a386133e661d7a8cb3df9ce0feda50 |
| SHA512 | b0ca1ac48e0794b27774155d160a4800c43c660a5e87216f4ac80e34600ef207db646dadd5f62f669a8e5326a88cb11baec9431d70bf8f243db13b5031ea6c22 |
memory/6924-910-0x0000000005990000-0x00000000059DC000-memory.dmp
memory/2808-905-0x0000000005430000-0x0000000005680000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
| MD5 | 60fe01df86be2e5331b0cdbe86165686 |
| SHA1 | 2a79f9713c3f192862ff80508062e64e8e0b29bd |
| SHA256 | c08ccbc876cd5a7cdfa9670f9637da57f6a1282198a9bc71fc7d7247a6e5b7a8 |
| SHA512 | ef9f9a4dedcbfe339f4f3d07fb614645596c6f2b15608bdccdad492578b735f7cb075bdaa07178c764582ee345857ec4665f90342694e6a60786bb3d9b3a3d23 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
| MD5 | 45dac7ae1b02ef06e60ee280eefe8256 |
| SHA1 | 118dbc7dacb5ee83ed6643829fc6bd5c45851296 |
| SHA256 | 20c480b38fd4cdebbd5684a37bd5716f44b891e7ff35ae8c66b350cc69f7924c |
| SHA512 | f9889a371e1d29e13f54318ad41e0abb1752fcf9510d11648aeca1fc5702c151456d8f2fd052d758214519fa6f64582fa238ede3ae555fc27e33c24e8a668f85 |
memory/6960-907-0x0000000004C70000-0x0000000004CD7000-memory.dmp
memory/6960-903-0x0000000004C70000-0x0000000004CD7000-memory.dmp
memory/6924-902-0x0000000005930000-0x000000000596C000-memory.dmp
memory/5504-899-0x0000000000400000-0x0000000000537000-memory.dmp
C:\Users\Admin\Documents\GuardFox\9BJtdwBE6uYtiYT3Askmjm_H.exe
| MD5 | 6f0e5ad311936054a33eb7287c594521 |
| SHA1 | c973d47705660081bcbce5a99832c5f035168776 |
| SHA256 | 54ee98582d3733d200040666a41685a51467de8ed0f6e06bd076fb94ee7ec1a9 |
| SHA512 | a00a696feee34b30eaa3dc88878d649ea824d82abf67fbcfd058a2942d52a0092f750e3a41abc303b8b04a33b05a34b528be4e9827a272a40067e66ba8fa367d |
memory/6872-904-0x0000000000A2A000-0x0000000000ABC000-memory.dmp
memory/6924-897-0x0000000005B00000-0x0000000005C0A000-memory.dmp
memory/6924-891-0x00000000058D0000-0x00000000058E2000-memory.dmp
C:\Users\Admin\Documents\GuardFox\grSxAgZJX8EppGTk0v0tdRzD.exe
| MD5 | c717e4a1d52e8ed9eeea03163ff09c12 |
| SHA1 | 8d83f50ea02ded7830c6a7cce70fc9ef23b19ee4 |
| SHA256 | fcfb528221e2578b93e6759ed3aa2060a82681388179c6da677f37437362d9a0 |
| SHA512 | 7ba151de4018698e7d8b09da0f2d69c03ccc6c10bce7434b6862b7824918700ee46d6a7598e98c36255984de05f708962342e6e210d8d1c0f6438f2d525a9653 |
memory/6872-894-0x0000000002550000-0x000000000266B000-memory.dmp
C:\Users\Admin\Documents\GuardFox\tOwu157Mq2IKHvu7Kopa_Klj.exe
| MD5 | 70c282ef5f1a6bc58df6a4c95826908b |
| SHA1 | 8e52c3c34513738c5a9b65cb49364cd1fd66d7b4 |
| SHA256 | 2b9a434b5c54aef76e461091d65144605c7f5128c926e448053b89c465236376 |
| SHA512 | 97b81874b9d5197d25593e3f35d7b236b017163cca30e5716cd0485ae925c86f1f6a4ea21feef7295a7b0a0d6e2c1f466cc1f77c94fb57408b4e7b59032c5f95 |
memory/5504-892-0x0000000000400000-0x0000000000537000-memory.dmp
memory/3768-867-0x00007FF75E010000-0x00007FF75E2F1000-memory.dmp
C:\Users\Admin\Documents\GuardFox\JFnaejzd3kJTyTcM3MBHgFai.exe
| MD5 | f0d7132d79d27534a67442b43650c56d |
| SHA1 | e837f7a6984787388bc33eb15a096dfb48c28fe5 |
| SHA256 | ce81b0c4b36063f2997f529b969053dd914ffae890b433e71d2241c2246e499f |
| SHA512 | 8474c798cee44e6eea1e47cbcb0f058b27ed708839af2686c6dfe7b47ddcca71ea92f7dcf070850c5bc370900305afdab83bcfd30280eb6db27def88d7b8beb1 |
memory/6960-862-0x0000000004B80000-0x0000000004BEE000-memory.dmp
memory/2364-873-0x00000000001A0000-0x0000000000672000-memory.dmp
memory/5040-872-0x00007FF66B850000-0x00007FF66C29D000-memory.dmp
memory/6924-871-0x0000000006010000-0x0000000006628000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\jobA4W48N2PKjE7S0l\BG_HewEom_yo4_0Ymqx5.exe
| MD5 | 798e2dd53a29056c42d58314be41c526 |
| SHA1 | 89de34aec5d3e9a0c8ee09c86b2be01a465a1f40 |
| SHA256 | f092a3aa44c33843a579f6b18792bb4689bc8526b9da13094185efa16a4977e0 |
| SHA512 | c582f6fbca6e4afdb5315a91ba1fb3c83fee15fc6d9d6faa424db51f880a1e91a610feec212029db89c0679d8c3c0d975fd7bf63056e28726524e20a124c8674 |
memory/6168-861-0x0000000000400000-0x0000000000448000-memory.dmp
C:\Users\Admin\Documents\GuardFox\EAjZobOuZpxn1lFyXQAYd0GT.exe
| MD5 | cec2a426d01ff297fdae3761d08d74a0 |
| SHA1 | 69f152d1b7ec68261ba77e0aa961d965dfb9aeaf |
| SHA256 | 0894974e5e13e47114411055550983d25c80aeddcf603ea9b933c9e15ca81615 |
| SHA512 | 9c4b723fa6c9b335d32c78653aa78e4e3864d9b92e90e58b14616cdd53243433950b552d69f60be1ab284a6dd19296b18ee8c5f5cb48e42086653eafef0a9bb4 |
C:\Users\Admin\Documents\GuardFox\EAjZobOuZpxn1lFyXQAYd0GT.exe
| MD5 | 8d0e343b7859e2e8b01ba27b785fb6d9 |
| SHA1 | 07db9988e7a46d240d240bf68ac2214915fc7a29 |
| SHA256 | b630d2258805d7a9fdc68938776ff3dc0b82b18b1e05c6c766ac65d35b813eea |
| SHA512 | 29d559384c821e69f4bb4351cbb110b1d721d6628682133a1c12120e5ac645248484914ed38449666e80a8a36f13a8653b517c5d0d9a3aab5698828fdf569509 |
C:\Users\Admin\Documents\GuardFox\Dimu1yCf_rncQH2Q9EK34rw7.exe
| MD5 | 2af82d48438b92042e69e9f781086c16 |
| SHA1 | 4f90d3f52f4a301a0c2ac12377adbdfff7be438e |
| SHA256 | 7c9214806eeb5059b9611d6fe0cd6055742749caba6f1f8f8011aa67e3961da7 |
| SHA512 | cb8318e52dd50decbb8ac3cd6c1fd7faa6e33c726c08947658637115fb796ebfb2834171ba15e93d7eba736de0e20c5b07cb5f25262285ef46df6365fbcc1a1a |
C:\Users\Admin\Documents\GuardFox\Dimu1yCf_rncQH2Q9EK34rw7.exe
| MD5 | 3d8499bba63c053408c3b3c367c03e81 |
| SHA1 | 1000d6acaac36293590d62be2d1a4f53e3a716f2 |
| SHA256 | f37c11a91f57c17b8ef6f256c855e9103eb493e344986bad9ad177e1a07f0782 |
| SHA512 | 2b9161d6e19c4822be8f103c2fe2c385582850fd55492e8b0e3a65b811d01107bc053a312bb121cc6ba2cdd99a351a3c131d3ebaf1eeb1e845e0909acf673623 |
C:\Users\Admin\Documents\GuardFox\09KCWMn5NJWpwl11JomKZL6W.exe
| MD5 | 99f3ce9562711629364aad75e991001f |
| SHA1 | 19e48dd85a5bcedc0d092d73bf631ac2cb598041 |
| SHA256 | 813eb2c76ffb2b37f71e0f7be077590c628bc4ff3b02953eb41754f71ac820f9 |
| SHA512 | 10ab001f7480ffaa62ae48daa25eb881b0555ffcb68880ac4582ac463ca7bbf984688ea16c14ce90e5477875755889e3c54f79ea7e3a70484defc28ca7155f9f |
C:\Users\Admin\Documents\GuardFox\XXOA9F19qkaFn8XhoZKAzo0p.exe
| MD5 | 288548c4ca6af432e08311454ca4ac35 |
| SHA1 | 69602d7b2c45e6df5e373d3adf0944dfc754a725 |
| SHA256 | a524bf30609a9cecee703ed46171fedb7d950942934af5562a9e3d39a7cea637 |
| SHA512 | 4053d34122e9f922c8957bf8dc871c9e9e03061f5e4ecdb78b6f2fbc0a6a6cae4d1838992460bebb7936022b6ac7ba33a95537cb9f7b6377f4db366cadb3111a |
memory/6924-813-0x0000000000FC0000-0x0000000001042000-memory.dmp
memory/6168-812-0x00000000004C0000-0x00000000005C0000-memory.dmp
C:\Users\Admin\Documents\GuardFox\XXOA9F19qkaFn8XhoZKAzo0p.exe
| MD5 | b44f2bada8770838c324db7c8ffe08cb |
| SHA1 | 16e19d6e55e35764798887e8f5d0f37fdc6e8c9d |
| SHA256 | a72793f83e7be0e9ef4a4df600f259e78cde7c99895d2f9134bbd01501fb6e13 |
| SHA512 | b348c0474d90548947d22a3886cf8fbc2ac3a800e3dea4b60a17f8b3cd019aa6a541fe619e69d77b9780a809092614284f70da1d16ecfc3dc375d94ab52e1b9b |
C:\Users\Admin\Documents\GuardFox\X_EnyONBjNVniUxjdzzaCDJx.exe
| MD5 | b6f2813d8654c0c5ef146c58151d74bb |
| SHA1 | d61806d8e255ffcebc725d39f8079f56e267ebd6 |
| SHA256 | 7d20a76e07daa79d6d09daefea54498b976da8c6a120395668656abbca8e8976 |
| SHA512 | 38894204b0618c3abb4ce11bbca871e0d0134b55ce64c77afd3e50c2cd54b942b5873daaffe4e1937bcbf4438ca85b6ec236f2305f33c44fe6af24f09f668a79 |
C:\Users\Admin\Documents\GuardFox\5il1F6kCyub7JoMkSaPcMygv.exe
| MD5 | 1e08a53974fad84a8d48ff83df815497 |
| SHA1 | 2848ba2b873b38a3eadd71bc7718906ae63e84a8 |
| SHA256 | acb180f3e117197da1a3d6efff32d5399bdb3b23f5131b28b734338f739fc9cc |
| SHA512 | f79d4da043166b3df2d1be52dfb2842381064bf6e8bb63bc653c288d606e648ec85d569a60526c7ac87e959f581cfb7dfe38d6b9495af16299aaf3108c7f89af |
memory/2008-776-0x0000000000400000-0x000000000062E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-3NCJE.tmp\V1aQ4WgGmYDw4WTokypwxW0O.tmp
| MD5 | 30bb4d9a28c346356dd7f14df10bacec |
| SHA1 | 6e0834108e2774cddae9ee05cec92c25438040a0 |
| SHA256 | 7011b4bb6d09d13ac1a951d304f7ca9938392b3d3fe0d7216c2a902eb4fded06 |
| SHA512 | 6d5311a05c30e7132df12fbd4f482a20bc57122c6a65f977ddfbddc2383e0427e6a8499f3fae812eb7a9f34beb90f31869b5edaacd4050f19db146dde3a226fd |
C:\Users\Admin\Documents\GuardFox\aec295eMcA06P4qpEdbSbnh9.exe
| MD5 | a5cd8dce77318005a1bbe1aaebbd3e78 |
| SHA1 | f70e225c4998a039aff85fe1643f23b4a7ad4e51 |
| SHA256 | 8deccc5a421a583368d3e9c30974b9d0b5729e100f95d3b7dc4692d3f04cb6f8 |
| SHA512 | 936a4dc25ccc18f16dfb3c14402b1b343ee1a03772b359b7d178954d0bc5072e42a8d152421e4005ea9e78ea09c1ad570155644221b03bacc4d84a973e1c8488 |
memory/6200-721-0x00007FF772EE0000-0x00007FF772F32000-memory.dmp
C:\Users\Admin\Documents\GuardFox\m5OlHZeBRqi1Mg7BuzgzMLJO.exe
| MD5 | 4525fb814a65a198592d4ec7825aefe4 |
| SHA1 | 029f14d83152e03a47d5414949aa2ee71b38ac92 |
| SHA256 | fee8ca8362543b4f6c986b3ece121ec08778799fe9b705657e486559b4c345d1 |
| SHA512 | 44f491f65763e631dde9e274aa2380f97eb7275925ed490fe5cddbe44c9713799588c257010c3b48b4c3d66b7b8e8a7ceea8724631229e84bb12ca0050b95060 |
C:\Users\Admin\Documents\GuardFox\JFnaejzd3kJTyTcM3MBHgFai.exe
| MD5 | f9d09437c62f41b74daef7d84826092a |
| SHA1 | 1b57c3275727de14a3b812fcba3c919de84e6f80 |
| SHA256 | 40b83d0d043d496ddbaf0b53df117cf7598d9f66253be53bd9bfda3955f5d824 |
| SHA512 | f065ab4275c2c7d05563131fd25e97e38b1f32e77b2811a7ac29d20ee4e5a1532383042f104633f8a2df8dfc55a526827d84cc5fa50e103d36d165015f7f8d82 |
C:\Users\Admin\Documents\GuardFox\rhita_ubUD9ElUjVw637Qqfd.exe
| MD5 | 4f0e1e80aaf8e1d79511750816de3b52 |
| SHA1 | f3d4823d4d4c9b5f6a2a4a5e25032be27b62bd90 |
| SHA256 | 9dcd3c77f1a8e1d4b9f7dd9391d9fa78ee13440e66bcf528e99bb7f9efdf0fa4 |
| SHA512 | 9559127d866911d0cccb6ed84e806b16550c4164fc8e090c480029344d6180f306776950f0eeb1bc2d05ab06aaf8776d0588307c0a740ca44c688b3e1972301c |
C:\Users\Admin\Documents\GuardFox\VOuudOuU1Ykz6N8RTAbw4HLv.exe
| MD5 | 986ccd4c8b2686a84219b37eb940807c |
| SHA1 | 7782d7ba1f8b7e98fdb625fd9143b9df7b6c0bb9 |
| SHA256 | 3c384c46b050af0d75ac6c85ea0d038075b27900dd5bc8da737286f131224a80 |
| SHA512 | b61330247587443a8a690caeca66d7109a621e09fafcd622ce1f20b41a903b9ea1cf69c9f8dc50206f91b49386d60f77f63ed0c416df7df6b1970fe8dcab028b |
C:\Users\Admin\Documents\GuardFox\Dimu1yCf_rncQH2Q9EK34rw7.exe
| MD5 | d85d296a35f61087ffd5452cc866d91b |
| SHA1 | d62b4ae093812736879c736dfaed9d3c3c8c42b8 |
| SHA256 | 6129bf1d9abc23a3cb0439b905e782e6ea7a8522527e265cd127fa8ac5a46473 |
| SHA512 | 4339b7f8fe57e80b35b8bb67eb9fc92c5393af16346e38fd1d16157cfe46a9a438d1c9c337226157aed6bb499a492f899acdbe89a7d3b1241eee8db197ef77ac |
C:\Users\Admin\Documents\GuardFox\EAjZobOuZpxn1lFyXQAYd0GT.exe
| MD5 | b2e470a4632d30d5cd78f3ed09b12715 |
| SHA1 | da31bd46ed968a323dc9623e1dbb0d841be93c91 |
| SHA256 | 6427f355242f671cf4f786f1105cdfbb2fc349b144fc3c9df227cb0d88a1eae0 |
| SHA512 | 4eba91fbe5663d89fe2ca63a549185da685724d0ea2a44418294c1facdeba69f97b571902ab92afc49176eda820efdeb99d8cc75f7570443adad5a6897f38fae |
C:\Users\Admin\Documents\GuardFox\09KCWMn5NJWpwl11JomKZL6W.exe
| MD5 | 6d0f35858c7300ce2f711f88d2c2339e |
| SHA1 | 008da13bfb29a43ee01a21cf2dac5a0341551746 |
| SHA256 | 7b532959f8ea1e2181131f5a00bc2fc0bdc6a4b22a2d8ee70fb7bb6e114a4362 |
| SHA512 | 25a20ca0d65b8e2e20bf4482ab8b051c9978c37f0022ce76d6f11747ad677ea40545f8096a46e429f9abb065f9d616807eedc8e7d01a74e7f93a2eba2ca283b3 |
C:\Users\Admin\Documents\GuardFox\9nAjk7ElylJ34eBZk5HqODkt.exe
| MD5 | f26c4ac2165a66f34a2f8c76d676db7f |
| SHA1 | cd004f10f8cafdf3d76916f65b5e5b47864c46a8 |
| SHA256 | 799f896e509edf7affe1f685cbbb68d6569e5b42c4036697d344453ad94638db |
| SHA512 | 9f5a970b479f414ef16acfa18ecc3dc9dc86329baad5f83e33f734c6c8d5578e5192776ea32f90723e51013c17874b6c9ae03e71437d687a1c08c6415a269df0 |
C:\Users\Admin\AppData\Local\Temp\jobA4W48N2PKjE7S0l\pwIrSZJhdSPQHIU9wnJt.exe
| MD5 | 00e8a3b970a27f797a04f0aab4db32f3 |
| SHA1 | 8f46fa7862cfac57f8ccc0b5d0983e07ef69c409 |
| SHA256 | d29b41e58acb132fa88aae87c469560978f0d4038e38154739d472551ee2863a |
| SHA512 | 7f0f86ef90fb368ae82f3510991335c4cbd267a1a82fb36efcec9373719047d3c17372d71c67af662ce3a14597427819db7ffda2ed91d55b7750edfa728a8d35 |
C:\Users\Admin\AppData\Local\Temp\jobA4W48N2PKjE7S0l\vvJw4rG2zAyTBq1J8RPQ.exe
| MD5 | 06d154795459a867e247efd197c4890e |
| SHA1 | 41cf822fd9084bcdaaf09fc19a890847df1fc09b |
| SHA256 | 645b701858c7548cb3d83ca438775d59ad0adb63ec7935d60b23fbc2e78f07b3 |
| SHA512 | dc783e8de71c6992e904e7757ddc407091a8d62a2ec557a7482672eac8621437d509f3483ac0089a1890759564dc3596fd8d28582c2ceb3019b75fe7dd4ade57 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 041500a075f2e1eb9c7501ba41d5217c |
| SHA1 | dd929c601aca095c94346e6f05148c02c00f084f |
| SHA256 | 953987573e7057415c5fbd430abef648f2dc8124de01773a457f0365e46e648e |
| SHA512 | be8776a46c07a659f1e28e039b880a37101a4bba5ed513a799767450ce09babb4e9740f2ada56383287e337e13e73d4b936be6f4b23d5ca16ef41c21e134946b |
C:\Users\Admin\AppData\Local\Temp\jobA4W48N2PKjE7S0l\t7SzBAV_odeIrXbYDGZk.exe
| MD5 | 5d37d8a89cde483d2445091f4eb1053c |
| SHA1 | 771861a55d3e312861d0397befaa9cf3e9f44d59 |
| SHA256 | 92faa095cfbc7abd655a37c425f57e9f265873874de2707f34ccee5854d41ce5 |
| SHA512 | 8d27870ac9b6c699895a9e6a92616ec442227c21dcd9669a64edae3d587025c61846e8c22797c1c1984ae9e15db8b2b8713da760c3ef4ee0a4a9983c4e6667a2 |
C:\ProgramData\mozglue.dll
| MD5 | d2131cc1ca85b9e42c855af646462414 |
| SHA1 | 7f67df852fe5fba5ad64d3d43d2a86ce03fafc8f |
| SHA256 | ec1b54ef526d602111bec7e8c41c3d7298b32f508100dd42ac9b1f220fbecea1 |
| SHA512 | 2a4705b444c76e529ec1c105777a968fbfa09ba3f9b6f8aa9dbb81dbdc22830c997cd8627ec755aba2bfebfd84a1f674076cc5c533d4163db0bd61bade7b9a26 |
C:\ProgramData\CGDHDHJEBGHJKFIECBGCBGCAFI
| MD5 | 6160fe47f9358bd1024bc07097901f38 |
| SHA1 | 82d0696f752cab7a8070a4837c65ade2d873127c |
| SHA256 | bea1f6bef3cf1b55e23c2a3e8802d58de4789521a860b8c4f090aeb7ba0b8ff7 |
| SHA512 | 7f21defb2448d7b063332afa17761015aaff6b406a07a08035aa52c573ae49d1197405d10f9d0ac6bd3c0fdb09a0f627ca061d50d4ab1f4727b7cbe865b37ea7 |
C:\Users\Admin\AppData\Local\Temp\jobA4W48N2PKjE7S0l\nE5wqfSnm8O9dB7Rjmv3.exe
| MD5 | ef613b032f91dd8b50d31a60073b1ddb |
| SHA1 | cc34f0801c5dd5a38eea4702871aedb6c3ca47f0 |
| SHA256 | ef7be84b685fd97cf3f4257a64d3b2c65f7f382d3a7ac59b6f13175b6e11bf4c |
| SHA512 | d2c0ec938974f20a5357250238b854c54bee0e9f0707751bdd0fda88b6fafa3a0ca986b5290f82f602928e970ff1e24cbd4bcf7cbb8d7d598d1c6d0e938d871a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 5e77545b7e1c504b2f5ce7c5cc2ce1fe |
| SHA1 | d81a6af13cf31fa410b85471e4509124ebeaff7e |
| SHA256 | cbb617cd6cde793f367df016b200d35ce3c521ab901bbcb52928576bb180bc11 |
| SHA512 | cbc65c61334a8b18ece79acdb30a4af80aa9448c3edc3902b00eb48fd5038bf6013d1f3f6436c1bcb637e78c485ae8e352839ca3c9ddf7e45b3b82d23b0e6e37 |
C:\Users\Admin\AppData\Local\Temp\jobA4ZMtckb_gkjUzK\oOPEmFmu_xsJCookies
| MD5 | c9ff7748d8fcef4cf84a5501e996a641 |
| SHA1 | 02867e5010f62f97ebb0cfb32cb3ede9449fe0c9 |
| SHA256 | 4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988 |
| SHA512 | d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73 |
C:\Users\Admin\AppData\Local\Temp\jobA4ZMtckb_gkjUzK\l6w3NVXsgpmDCookies
| MD5 | 55f6abc8955b59465b3010241d2bca1c |
| SHA1 | 2cf5eb8a98b782b86695b2044aee53612e4c2ddc |
| SHA256 | b666d00bfab1ab963ca5aca59afb9a9c2dbb983cacc64272b846209a2d407236 |
| SHA512 | 2fa6ee9a974bde52cc022418acacd84317cb29c833ae4bea00cbf82cae24a1b3765b87f1633510f3b5592ef700790d071ff0fdcdd8c8f752b638b26e0c93baac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8c53701df5fc303c664235399e077a07 |
| SHA1 | 1b8fc6c68de8f34338762f45451b72a515726295 |
| SHA256 | 7edd95b8dd11f8d94d46818076e3cc2d52acad1e65000b55ab01f83eba2a1eac |
| SHA512 | ea282314e17d1c5dc5aee787a83eac31e865bba760a40e9f8530e30c7354de85b4bf394e86238081ac3812eeb559e64466b1e882b99dfd9e6ac820f619c1cea9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | da720017583df8212fd69f8fcd7b6b6e |
| SHA1 | 0ea9e35cd6c6dd27a9601b0ec3a30cc8283dd738 |
| SHA256 | 7ae143ff4808674a468026efd4944dc2007b3f6424ad789d88c0a3d31a625e1a |
| SHA512 | 4f526d979a5e772bc7cc8692fec922332ab8aa932573f93225dcb7908b55f42daeddf3f9d4b54ee47b042843d82483caee91a0273bdded58dc2a41b60b4ce0d4 |
C:\Users\Admin\AppData\Local\Temp\jobA3ZMtckb_gkjUzK\passwords.txt
| MD5 | cb415a199ac4c0a1c769510adcbade19 |
| SHA1 | 6820fbc138ddae7291e529ab29d7050eaa9a91d9 |
| SHA256 | bae990e500fc3bbc98eddec0d4dd0b55c648cc74affc57f0ed06efa4bde79fee |
| SHA512 | a4c967e7ba5293970450fc873bf203bf12763b9915a2f4acd9e6fa287f8e5f74887f24320ddac4769f591d7ef206f34ce041e7f7aaca615757801eb3664ba9a4 |
C:\Users\Admin\AppData\Local\Temp\jobA3ZMtckb_gkjUzK\information.txt
| MD5 | 373e2f00fb837a2c725b59261fc2b73c |
| SHA1 | 86218ed004bbdc71f92d6d52701c343437cd0ece |
| SHA256 | fe45e2780a7ef6264d4de41b0a7f233e601b63fd8008e4e29345fb003aeecc68 |
| SHA512 | 2ab87d76db65c26436428be388ab74f2c23e753da8068aede0a74bf5343f1e65826a8d6bcc773940c4dbfe96974184a8b40e3e1d52ea920c55cae895a7f7c95d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 32724c5abc2815317926a9488a750e80 |
| SHA1 | f6c53ca13770c224beeedac6e79aa7ca843ef3f0 |
| SHA256 | 5b1d47f452f04f840801fb7af435d4dded3354a7f2396125f0473b5150a35e78 |
| SHA512 | 0b5deb7acc41111f90654df3b76792c1557d534a94302bfdb999c8f48d686a25e665d95ce8f7e88f73b32d1bbd7de581cb49d7e73e62f4edd04270569642e38e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 244373298f2eb3a12370ff941bdbc50b |
| SHA1 | bde8745fd0d563cc40e9777664fd760e388341f3 |
| SHA256 | 3c960c446b249794b5d1a951084471c866bf2a56073f80e0deb4aa3f449b02b1 |
| SHA512 | 1f71ff3f708f88cbbe0ae29024fb4e9e0b579f7d12d4b50e58afe6858012f82d4065b6c61f5e1134ccfd88c0fe4e83ff23165e77072faee533631cf206c037d9 |
C:\ProgramData\Are.docx
| MD5 | a33e5b189842c5867f46566bdbf7a095 |
| SHA1 | e1c06359f6a76da90d19e8fd95e79c832edb3196 |
| SHA256 | 5abf8e3d1f78de7b09d7f6fb87f9e80e60caacf13ef3c1289665653dacd7c454 |
| SHA512 | f2ad3812ec9b915e9618539b0f103f2e9acaad25fbbacd84941c954ce070af231324e83a4621e951c1dbae8d40d50410954e40dd52bbd46e34c54b0d1957407b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 41f05c6a84473bfa5481cbd545a85a28 |
| SHA1 | b4f478bb726be08d76355e9ba289a93f0e701619 |
| SHA256 | 973f402b740b9a3293c59b9a772c1bc39825c05692c98960cd9deb0e969daa76 |
| SHA512 | 83963c2eeaa2126800184b6ba071ec354e5512a1e65b6ee55b09524754a1d40ba1f1b177497d1a23995bfa5778f47fd7d532a9a677cb752876d64c5d96300cbb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 7021719e6539bcbf44236519c39d295f |
| SHA1 | 81accd8363787ae6bef34c5f4435faf012649075 |
| SHA256 | 82e9f19826a49ed72be1e0f916e28b15e87b0939070b6d626f1f72fcf791d49d |
| SHA512 | 28ba34bd90e14541eda5fb9a53e8eca6fdba01b4dadfbffa2f87eb285a06fd86045b08fa760e14ed349a7c2531eb26952c1033a6c24bde2d92d10940b2ab6e61 |
C:\Users\Admin\AppData\Local\Temp\is-1CFI9.tmp\_isetup\_shfoldr.dll
| MD5 | 92dc6ef532fbb4a5c3201469a5b5eb63 |
| SHA1 | 3e89ff837147c16b4e41c30d6c796374e0b8e62c |
| SHA256 | 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87 |
| SHA512 | 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3 |
C:\Users\Admin\AppData\Local\Temp\jobA4ZMtckb_gkjUzK\o0qT3dWYBP7ZHistory
| MD5 | 9618e15b04a4ddb39ed6c496575f6f95 |
| SHA1 | 1c28f8750e5555776b3c80b187c5d15a443a7412 |
| SHA256 | a4cd72e529e60b5f74c50e4e5b159efaf80625f23534dd15a28203760b8b28ab |
| SHA512 | f802582aa7510f6b950e3343b0560ffa9037c6d22373a6a33513637ab0f8e60ed23294a13ad8890935b02c64830b5232ba9f60d0c0fe90df02b5da30ecd7fa26 |
C:\Users\Admin\AppData\Local\Temp\jobA4ZMtckb_gkjUzK\KvHrxJ77cmUgLogin Data
| MD5 | 349e6eb110e34a08924d92f6b334801d |
| SHA1 | bdfb289daff51890cc71697b6322aa4b35ec9169 |
| SHA256 | c9fd7be4579e4aa942e8c2b44ab10115fa6c2fe6afd0c584865413d9d53f3b2a |
| SHA512 | 2a635b815a5e117ea181ee79305ee1baf591459427acc5210d8c6c7e447be3513ead871c605eb3d32e4ab4111b2a335f26520d0ef8c1245a4af44e1faec44574 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 289175ba8b879b9fbe54d29657bd33a2 |
| SHA1 | 43fdc1bedbd95244bc9a24edf0d3c5f176415cab |
| SHA256 | 41a756a6187660b5c012a039113cd284324760f46bf02b7ae9cea4b91efd58cf |
| SHA512 | 2a27a5c2daa81adf81d68321f260dd5c367f26ebc855b8458da73ece8e5175720fc25dcc4fec2affbac97d99c179dfab8e10be08a248ac7d87851693e8e160cf |
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp
| MD5 | d62dd40b78db230e8b0d7ebcfdccb36f |
| SHA1 | 1b75a75fe9a3f8d43399b980ce468fe928b10ea5 |
| SHA256 | c4ae9cdc5cee8b5ca8c127c10f16d0c3d8a9c8738dc05cc1f65bfb56b803beda |
| SHA512 | 339016a894bcc842cf5bbedd0b90f76bc74be029a660a394c28ad0a8bd17d439aacc35e8a6b77065ad6401310bb7afe63e320abe9fb7247dceb22ffc4c19196f |
C:\Users\Admin\AppData\Local\Temp\jobA4ZMtckb_gkjUzK\02zdBXl47cvzcookies.sqlite
| MD5 | d367ddfda80fdcf578726bc3b0bc3e3c |
| SHA1 | 23fcd5e4e0e5e296bee7e5224a8404ecd92cf671 |
| SHA256 | 0b8607fdf72f3e651a2a8b0ac7be171b4cb44909d76bb8d6c47393b8ea3d84a0 |
| SHA512 | 40e9239e3f084b4b981431817ca282feb986cf49227911bf3d68845baf2ee626b564c8fabe6e13b97e6eb214da1c02ca09a62bcf5e837900160cf479c104bf77 |
C:\Users\Admin\AppData\Local\Temp\jobA4ZMtckb_gkjUzK\02zdBXl47cvzHistory
| MD5 | 90a1d4b55edf36fa8b4cc6974ed7d4c4 |
| SHA1 | aba1b8d0e05421e7df5982899f626211c3c4b5c1 |
| SHA256 | 7cf3e9e8619904e72ea6608cc43e9b6c9f8aa2af02476f60c2b3daf33075981c |
| SHA512 | ea0838be754e1258c230111900c5937d2b0788f90bbf7c5f82b2ceda7868e50afb86c301f313267eaa912778da45755560b5434885521bf915967a7863922ae2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\datareporting\glean\pending_pings\34c5ba35-bb53-403d-92a0-cc455c6b9f6b
| MD5 | d61ba49f4505ddd582f7d6d183ad5a53 |
| SHA1 | 16f7063d05e1537e08967e11968a323d36bd689f |
| SHA256 | e4675476a90063ea42dde6089264abe2e70754e7ad6d19a74a7c3569ea8b994f |
| SHA512 | 8b8d76de187dd38b5a58792875a8b0b47a2e058f932ae3b5fcadd1524ecc4686957b172f141c5f1e5cc8ab3efd3bcbf72df2795bc46a028b8c6b6bd1cff1418f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\datareporting\glean\pending_pings\df050895-2c89-413b-9e16-55f0a67df017
| MD5 | b1459caf9ee07dab906a74a593b9791e |
| SHA1 | 42ba1fe4ea7877173c5e17607560317c5322b1e8 |
| SHA256 | 18f5e6dfe267913213a73360efb0d2c0e534fa44b2212cfc1e248b7f1c45afce |
| SHA512 | 9e491f3879500c60d7f5d1098986b053b3c320bb42bb1031c3c63c265cc831cc7ec83df7602a240e9026f90080562ef6606dd05667673737ed52d7126efb1a18 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\datareporting\glean\db\data.safe.bin
| MD5 | c299b9da09be17bd0eb324f789c5e2fc |
| SHA1 | f78aff8d92ef4050f540785ff9adc2f573464592 |
| SHA256 | f75cda32b53b9480712a2f07768497112952a93d05d175d290f886a6489ef463 |
| SHA512 | 2c6b55024c039e97030395463a52cd134e28f7392b036ee152eba1d5b3879ecbd3075b116384c16eacb9ee7724c21ddb497a6bde68fb1f983ba7221c4aa2c72f |
C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll
| MD5 | 1b7c22a214949975556626d7217e9a39 |
| SHA1 | d01c97e2944166ed23e47e4a62ff471ab8fa031f |
| SHA256 | 340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87 |
| SHA512 | ba64847cf1d4157d50abe4f4a1e5c1996fe387c5808e2f758c7fb3213bfefe1f3712d343f0c30a16819749840954654a70611d2250fd0f7b032429db7afd2cc5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\prefs.js
| MD5 | 280d7c4b0e810c74332a17f35aa14e8a |
| SHA1 | 6014290ff5b688ad9e43baed358fd6b87406507e |
| SHA256 | f9ce22678ad23fcad2257366f465821b7f87e396aa3121c16534a62fadc9fe80 |
| SHA512 | 2e8071923db39782251fa6a57069b3a07510a411eb11fd16a8f0d971257c951402a561b74f839e533925c6c55c94b2212a3e0f5c87d75db33621b55412d44156 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 62a58e22600e058ae31f710f6605a311 |
| SHA1 | 7050a69cd04a8c0e4ef5a49c3ef4a5b099704863 |
| SHA256 | c4ce716bb251f5fada008a682b2b19ffd578692911f1d6a897596ffc2706da60 |
| SHA512 | 614736d1df77da0124ed223ef186832fa26fe642715f86df448e456d57e2c96b71888001278c86f4bd572789541d9dccca0caba064eeb6d0a90799a5ff913957 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\prefs-1.js
| MD5 | 10c0cbf852a31cf19e36b13f1010e064 |
| SHA1 | 6a73f54bd2f978aa39097b1aad248942b0d4b1c1 |
| SHA256 | 4d9146245890bc81ba89235f13c2c8d7b1fea49817f942abc08154cf2ad237a7 |
| SHA512 | 571fa6c43784b75cd9a66831b003e7c4da462b09011d193b84bc24741c3d837dce7f7f80df29e96a28e2495931a5ceef996dbb3d4d86e7a7ac1bcface85e5f17 |
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new
| MD5 | ef6cff71f52e8cc172113e372afe9fbb |
| SHA1 | 6536e8b06f9159c87ef42b93af53dcb0dc8549d8 |
| SHA256 | 4645f34899326b6722ef11636ba8fe5bbca59967b4b79da092415afb3050f0ab |
| SHA512 | 37e17d93979829065685d7f27cda74bdbea5561af21d6f7199e6f428551ee2d95a2795548c28f9f76b3911e9adecc99d9c0a6659ada1892a0155934a7bb915da |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | e3ad2391fac4ac375867668cf4ec7103 |
| SHA1 | 1014b18f448e3bdf266b29658e610285f68cbf30 |
| SHA256 | 22ee542377ff8cfc9b42efd165ef328e3d1f06aa7dd12e19229c73d210474b56 |
| SHA512 | d43f9b0c7081f43745772bdfbca19442fbc24a21cc80ccca610326818838d0d14a3d9d51f41e3081c75ce6ce206e1017d29ca06ef369e0e437818a53a28c706e |
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | 5bfc5bbd1f282adfd4977dc2ffdfb09e |
| SHA1 | c5c145a4b1119b381a813d3e5548638f89b8bda0 |
| SHA256 | 95f5a0d092dd63cfc59b8fade3a4986ca56c5b2b4aec4e961f01706dbf48208e |
| SHA512 | 8a474b8c7901f109308614b3fbab9a216d27e5c86cdcf751ae35eac3e0d0203256c92ee7a4ca3fb236334ca6fc1046e4632253d3b57e61ee27a758c1e4dc47af |
C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe
| MD5 | 4160a49a7ab6b3bf145933fe2434f489 |
| SHA1 | e792d7539215f0b052e5b898649983f0f2bc3ebd |
| SHA256 | cc12bfcdddf67932cffc8563a3ea2c2d642d47284cc7d316b851cf5f6249e9fb |
| SHA512 | 7bf57937f5b13ca948d8963e28ae2cc37e70c26f7f2f5ecf13c3e2250257a65cb7a8fd701dbc4313a780b81bae8574c77db75d25eb22da71e4dabfdd773515fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e14ec86cfb3b1ecb4793ce6759aeb10d |
| SHA1 | babdaf38f1eceaaa4694ff50529be9923fd8e2e1 |
| SHA256 | b18da522d05772f5efc5f23cc5da5c5f3e357fbae2b4142abc408043a6541c7e |
| SHA512 | b3bc0331ed75d84ec2e5567ff8fa8a8df12bce268563cef17abb2b385d51bb3634539c06aff510d60e713756c66213caf4dcc23ca69a3a162dfd5e196b9d9e77 |
C:\Users\Admin\AppData\Local\Temp\1000605001\leg221.exe
| MD5 | bd8b2a79e58adac2ff18365dcb6e223e |
| SHA1 | bfac6c417a93aec8f288096ae54ac988026aff4d |
| SHA256 | b544658b575af359582e55d05560dcd334583801514dacc685a81e957cb708f8 |
| SHA512 | 0aec33b681839e67bdee29d8b12977401e9467c6e51e171f4cd582f80f01b5eec2783e66a3f0208f13f70a3c3462f80c14c4551f230a66e6a8e71186308eb74a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 81bf3234d5964b4698c0747b22e9ddd0 |
| SHA1 | 4fbf6b8ade4a65dcd16e88827d84b206f6c02956 |
| SHA256 | d70f8b3df244757252407523e26b8e39b04dca7055f33211368b2747740ebc02 |
| SHA512 | 7e49f26d7a6820cb0ea5f3946c053aea45b61cd5741cc0dc42cdd43404b64ff0b6f8a594c9ffa671effd7c5dbdff85297a1579ed0b66bd13712d29f02765a4fb |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | d6aa0a1407ab174c4e1878b5d1478fd6 |
| SHA1 | 4d5a7c0ed70e991a090961d061d9033b7b3c20a7 |
| SHA256 | f11a703fb402f087570e21845493dd366bfac0dd962b5b6cd044e9681d5a3fad |
| SHA512 | ceb3a4136cfb9727496ba8b19d0de51f3867c32a1db264b5957be45f04d0f5126396a4c4fd881abc1c28a4f62cbd2ef7ec04a7ca0db746f54dfb6852e0cdb857 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\prefs-1.js
| MD5 | 39a545731a8fe44a1b3495a48d77ac7d |
| SHA1 | 7210a41df1026de1075cd6cf01fb52325802b1ea |
| SHA256 | 943a03cf2fdbbecda9ef3367184a47ce13403257460dadbb349d9e001fcb84a1 |
| SHA512 | dabb7dffec0b8fad07d567ec14458ec0e74d275889e59d91a52f6a26bb83cd23b59f6372fe504744b1fda08658554967d4d185b6bec35483e8a59d649c8c6bb8 |
C:\Users\Admin\AppData\Local\Temp\1000609001\stan.exe
| MD5 | d5647c22cb48b35ae458dc03ed36d0b6 |
| SHA1 | 766c7b5013fab8d189083e8309dfaaf3279e8d62 |
| SHA256 | 3aa28c20b8cd664287334c5a69bd064914b7042020199aaac261933fb61f96d9 |
| SHA512 | 463ea920ecbd631bed4ec8d16de5048270d00e06bf1a167865c038e901d64f2713260f9d9b9c8cee7279f957fb61880af418f11ef1b2515cc69da90f5d143613 |
C:\Users\Admin\AppData\Local\Temp\F59E91F8
| MD5 | f69c58fccf7f1ef9513990da11b43d74 |
| SHA1 | e1ae0390fe3fcb46f59115a58ba6a66a1bbdfdfd |
| SHA256 | 37f223546cc6632dd8a42b6e9f74468bc188fa6735e14bf802257430b9ab9ee2 |
| SHA512 | aab8b3a4bcb73ec304b54e7ec9412513d28045a98e4714403345eada50876fa0d7005a222271c5d91eecb2e2c63c1b5c9c7ef7efb41e0d642ff5bb46100863c1 |
C:\Users\Admin\AppData\Local\Temp\nsy4E3C.tmp\INetC.dll
| MD5 | 443333a0de1d2d36b3cdff2e8908df72 |
| SHA1 | bf0eec09e7f3819e50261e5cef5671623fe66510 |
| SHA256 | d1465b58942d3b85c5b6bdd891ba050d1d39aa60be254da5d81606559dc68df3 |
| SHA512 | 3531b0bb41094aaa16d4a56eb9a94e13ab1c951321878d4d84aec72c1d687be7bfa21c4ffa5e410fc193adfba63e91f7c62fc341efd4b87ed79c03a097b48c28 |
C:\Users\Admin\AppData\Local\Temp\1000583001\store.exe
| MD5 | 9ab6171ca736c845d7cc8cae0601d078 |
| SHA1 | 8623cc29eecaafdd6d3c565e684d0c8d57344098 |
| SHA256 | 96ad2b0a54a7bdd4a4611434f51acafe0a3ec4b2ba4b0bddf2a36a130986ad5a |
| SHA512 | 4b9890458c82cc3f137b32cae4b148c252af4f975810c6b7e693e2b235ba68f13fbf5878e9b4730134db09d6c781be01a11101cb24cb42d653ea48997f136291 |
C:\Users\Admin\AppData\Local\Temp\1000611001\installs.exe
| MD5 | ed55d2191f2a1490ebf9166fe37c8d9e |
| SHA1 | 812db3e1942b2a040016a542f6e473a715e03c64 |
| SHA256 | b9597fb32c6b653ea2287adcfcc0849177e728c486dc11904d11a5a63525c5d0 |
| SHA512 | 5c69f35af1a45b858cdfc315c0de4869c2a18e7723735bfcaf51af960b7f8dbbc9cfddd8bb17f4fb771cbdbf09306acea8bff366e5a5b1dd069fc52778c6b69f |
C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll
| MD5 | 7b480e9fd54f1ce74bf8d2dc065f9837 |
| SHA1 | 7d497bad7e3f4b56171e5b26bd0d1f295c280606 |
| SHA256 | b930a5a94eb83d923d6a671e1833b08807c0b2aaa673d562574abbac61628c78 |
| SHA512 | c04a1f1df7ece5b0ff46ed108bed35adae71330d298974931fa8517488bc5cd8d70d53b607ea5e72fe521096cef8ac35db07472022e02b54a5864329b4cf8cb1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Local\Temp\1000612001\TrueCrypt_NyNIUi.exe
| MD5 | 4ba39749b947ce951185fe7eadf493fa |
| SHA1 | c0d839899d8ed8fbc5ccd6ff2f8ee84339cb49a8 |
| SHA256 | d160adb2c74f38d78080dd09b59b324935bfde35f3240c0d02cd0887c74997c2 |
| SHA512 | 87a20e83bd76e3b9be4ac1dbae7212db9c18b4a87b3f2882705b6bd9b1155fc417f50ff0fb5ca0392d207e929caf21da8b7f657df0a09afb0331851152419c72 |
C:\Users\Admin\AppData\Local\Temp\1000613001\alex.exe
| MD5 | e7fee76a5bd24ac1bbbb6ba4a4af05e4 |
| SHA1 | 63cef7c302f80da21dbc67a1733bd288a7088d25 |
| SHA256 | 0d59e022a4477d86c657b11dac473a4c8a6fd2ca0bcf7ee5630ff040f8a4baa9 |
| SHA512 | c15c65b8640e14a4427e56c717c0a388213205db28454de7fe41fa0e573a53e2d9dbdfbbd4dba75a6d0906d7d1f8ac8273f15de4b0c9fa2646be40a28b44456c |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_u2uqzahe.ys5.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
C:\Users\Admin\AppData\Local\Temp\1000614001\gold1201001.exe
| MD5 | f1e2fcd6d8997986f81eb3f7a5613965 |
| SHA1 | 4a2e241e8f92aa80a1a30c640efe4493eb51088a |
| SHA256 | ffd50796127441417b293e456f8e76a306c06c7d7311574a52b4de5f499ccc47 |
| SHA512 | ec6968e93bf2d7254d66add44a335583a6db027f7bf49ca1a512e9fda987acbfcda85a9e659816259fdac54269844559760a98d1feaa7e70c494d7c3c1b184da |
C:\Users\Admin\AppData\Local\Temp\1000615001\2024.exe
| MD5 | 879cc2cd2b436324c8a55234800c8b20 |
| SHA1 | eb7f9cc63698f7213c26522f8286a8c61b101ae2 |
| SHA256 | 46b09453ee7649e19d432c2eff91cd8b1440ba3bf4ed491504a74b8895bfd84a |
| SHA512 | e9354df95b92e093808569232bb660ec09ee2a924c604a832c828f52f03b156ae3174f0108bbbb8cd272546b1d973090c707e4b5df8f57fe35dff582e7d1c212 |
C:\Users\Admin\AppData\Local\Temp\1000616001\latestrocki.exe
| MD5 | cefd5fed3b74614e8eced81f78aa3729 |
| SHA1 | dd8124e6cd91e67bb99ce10074ff783339948dfb |
| SHA256 | 09dc5a4896944d40d2081e7aa2c52403d6270de0c766e44ab42cef84352ac84c |
| SHA512 | 54e5d5018a1baf57d0f4a7f9d2401652babb9a7991aef5086e6df6b4382dc3749575d71824d5bec707173dbf512809700fb09dcd6d122d82091f08e9c65a5084 |
C:\Users\Admin\AppData\Local\Temp\InstallSetup7.exe
| MD5 | 5b20b4a882892a03e82f8e30c40ddd6b |
| SHA1 | 681538478f034c820a5842b3c6ee8498b57e005d |
| SHA256 | ede128e2f2a1d020c5c13f97971710748b771ad6a0681b37c17454d540583331 |
| SHA512 | 9b73254be0a1b212f2f3c67f6bf93f9eb413f883b8147ebf8708f5909bd1d1a57702cfcccd0340407d71c0598fa0f851395df15aea1ffe3c7c8a116c62d914b4 |
C:\Users\Admin\AppData\Local\Temp\toolspub1.exe
| MD5 | a717be4ba7d1ebc200810ab156ab6069 |
| SHA1 | 3e3c705a0d4d0a660c9d2eb0b7b5f9a61c62ef18 |
| SHA256 | 73e15acfde92b8a282aecc0b949e4770c65fedb029a0421c22bd47576527169c |
| SHA512 | 0320fd08e8516fb4cf1caf51a65b1edd763d6877770ac61d487db2d9ba782363adde0e601516c4fa9531269933eba91963748b0c1b01c1e5710e9fb93b86eb6b |
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
| MD5 | 3692613ae5185a66fa683aa579056e03 |
| SHA1 | 106d5140604ca24ac0d61c556c7ec6a676f2125b |
| SHA256 | 58a5322d50116cf99f3265181a4056d493ea7da90f5d4bf1b23ac23b988c28d6 |
| SHA512 | 600b25a4d9b858fd5f4328d5866a0a4dfd8c47b7ca76e367bfadbcf1fecb756e278c1c55ff60d38a839d090734061e0fb9f813ea0a5e31cdf57e5541fe8e75d4 |
C:\Users\Admin\AppData\Local\Temp\rty25.exe
| MD5 | 23c054fdec0f8672b9dfc8fec37c3ead |
| SHA1 | 1f6050135e5a5c2966eb38212397efec1d6e9142 |
| SHA256 | 64b092015581148f650a0c13826d06c33146147eaff7aaf7058f48c632003b96 |
| SHA512 | 962e63bb3d503fea505957095886a7e2075731c7bf089fb4e476be6c6b537d909807e9eb188d824434638172ab32832e0b2bd5a7450dbafce4690c1e79c6f6f9 |
C:\Users\Admin\AppData\Local\Temp\FirstZ.exe
| MD5 | 27fd92a15da2d6b9bb6f93a6dbc9a3dd |
| SHA1 | 7dfb9880c2720571e859ca2295607a27cfebccaa |
| SHA256 | c72dae3390bb342058e0b25077bd061cd36cba92120fc43d6e5205e5b114f3cf |
| SHA512 | d0ba823b6644a599e2c3e1ef1f36f8d1427ab421570318d5ded0499b93f8397af3766209ecdfe4c43cca00f71752eaa92b554f515c07cd4497c4e1bde9985aa3 |
C:\Users\Admin\AppData\Local\Temp\nsbC735.tmp
| MD5 | 2ea29f5d078a945f06929eaa1cce736f |
| SHA1 | ad4af50677dcd9488b06426a3217644113e296bc |
| SHA256 | c73c3b818446743a18b0d6d86431768e36879f1b83a0ba7e4db59ddfea473903 |
| SHA512 | 78c74c2919b5575314c4c174847ba9da7bdd8871dbb2de93b7a0caa753a6de15fd92e36b6b830cde61d8633f5e472703fa45e7b451ec6b583048ed250c128b27 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\7cc2c25c-aaef-441b-87d5-f72dbbbdabb3.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Roaming\configurationValue\olehps.exe
| MD5 | cb9e8a97a88adb6e0d35e33a559f56cd |
| SHA1 | 1771237602a1a5ddd4b110198c3ff0d5b15368e1 |
| SHA256 | 2cd6c97d28acdc797aacaa0dc67e23defd630509b3fc02e3d1740e4b372ebbca |
| SHA512 | 70a8d61eabd952efa07e529a56c3a7e579b3d32d0768dea50b78cfbb14d7afb5c1c262a77b83920242e4617dee328382f7387ab40a2ef2f27307ab389d72b03d |
C:\Users\Admin\AppData\Roaming\configurationValue\Logs.exe
| MD5 | 6d9577d251fb56eeabf4631d197d6da4 |
| SHA1 | 388499f42f52a67f3f58a1e01d032da9378aa210 |
| SHA256 | 0fd26f0697d08336965eacbf858f759363e4c2dede99d180ecfe1cdc1ab8ed08 |
| SHA512 | a825fa6fadc06b3e4ff31e168221b400b869cac6eb6637a7543e17affa6759066dda373f063f5c619409d6c6b1173e85cb98d6c2365023a75a098e3a5d545afc |
C:\ProgramData\nss3.dll
| MD5 | 17672d1e38a3cafc74481567f8d68cf3 |
| SHA1 | e71e39d320c6354773654afa9c281dc0de2a145d |
| SHA256 | 0b427437a0d902f05a685b35186f351ef2d1ba0d0005309df1d05fe9b1d32a6d |
| SHA512 | 27766e3d976fafad7b18543dec7024b48d3f18e8e7a10284e3e79aecd3dccfd9d92826eedcd931151525949cf3a30a515654e74fbf9dab4b35f16c279c677eb3 |
C:\Users\Admin\AppData\Local\Temp\1000617001\moto.exe
| MD5 | 561d8814597693f8c3186acfadbe36c3 |
| SHA1 | b6a599a3dfa17fb715a6e8b3e521fcebb05bb12a |
| SHA256 | a0bf2012f828a8fc4f8e389e5c28e9ae01cc8bfe1a399a663b2f712de0f0d829 |
| SHA512 | c0531143ce0e3695d74358d55287de6c7025ef7d8c32ad8f846c8744ef0f801803f816f2ab1207a5c50fba580740adf64504a9f68cd2352e1d14fe4d36ede8bf |
C:\Users\Admin\AppData\Local\Temp\1000618001\crypted.exe
| MD5 | 05ce0544fbe1ed4d5cbf002d88a9e351 |
| SHA1 | ef5b4afe56af7ddb8fc8718dedcf20eca6865825 |
| SHA256 | 8109acb44e7b3e2bb59955c1fb0ce116cd276f2cf80bdc86e1ebcb9b11600e9c |
| SHA512 | 92773d27a1fca3ac99db03f6c64434cf9368d8a12a0e05bfcab3ae599797159412385693fb5fe9d1e873258e7e3e3b0e70b5f67dbaa45a134da09570b59d10b9 |
C:\ProgramData\MountWatch.txt
| MD5 | 26ea18f69a59e70f0900a1e86a3877ad |
| SHA1 | 120f4e74ea9dff60937edf35613ba526b648a1da |
| SHA256 | dfea5c095e0afbce553364bb710263530c853dd69f5f2407093f89f4e8986fa2 |
| SHA512 | 724db78931c1a49602f61f66105509f02f748d05c8d7ce5071103023507d4ff59a8fb28de85542e7571534a815dc511b82a322f18b84820b1f0269298b7d3b60 |
C:\Users\Admin\AppData\Local\Temp\1000619001\rdx1122.exe
| MD5 | 927fa2810d057f5b7740f9fd3d0af3c9 |
| SHA1 | b75d4c86d3b4fd9d6ecf4be05d9ebcf4d7fd7ec8 |
| SHA256 | 9285f56d3f84131e78d09d2b85dad48a871eec4702cb6494e9c46a24f70e50f9 |
| SHA512 | 54af68949da4520c87e24d613817003705e8e50d3006e81dcf5d924003c1a1b8185ba89f6878c0abac61f34efbe7a9233f28ba3e678a35983c1e74216a5ac1a8 |
C:\ProgramData\UndoOut.xlsx
| MD5 | 4895904438fcaba5b287a498d584feec |
| SHA1 | d5d71634ce953397e21f16522bfb1ba8d9028172 |
| SHA256 | 5169dbff7cc51d32fc76e61331447fa79920f6ad775c456e4db017e1569ceb98 |
| SHA512 | 6a8982d9a9878a59297c7a7f192679aaaa3de07cc45650e6c093b4f8c74a76780acd5868c36ed49258338e46bd52d2eb0b4fce61ca69aace7e25ba69a86ed46f |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\UA6WZR2N\microsoft.windows[1].xml
| MD5 | b97f6e2cc1520a2e8426851cb68f3b0f |
| SHA1 | 33a930fe90facb202ec3cd87ca0275af9dd20155 |
| SHA256 | a3546f0c8e475abc90346821be3c3d67f522161ea876c3d14247ba6d79a2b5aa |
| SHA512 | 9b3771942ffce17a52d4c0598bd0d4bb8f196c8731e5b129524b3d9507d411895e4c43d84479f06e5fb28c3403d6b0ec63b97f3a3cdb598873d17fd637abd06a |