Malware Analysis Report

2024-12-08 00:42

Sample ID 240128-vwtk9sedg6
Target archive-280124-05_01_00.7z
SHA256 74abfba529aa0e50cf6e9d6ac5a5b6010be3ba2a2da93e25295e4f9719560b25
Tags
djvu glupteba redline smokeloader stealc tofsee zgrat logsdiller cloud (telegram: @logsdillabot) pub3 backdoor discovery dropper evasion infostealer loader persistence ransomware rat spyware stealer themida trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

74abfba529aa0e50cf6e9d6ac5a5b6010be3ba2a2da93e25295e4f9719560b25

Threat Level: Known bad

The file archive-280124-05_01_00.7z was found to be: Known bad.

Malicious Activity Summary

djvu glupteba redline smokeloader stealc tofsee zgrat logsdiller cloud (telegram: @logsdillabot) pub3 backdoor discovery dropper evasion infostealer loader persistence ransomware rat spyware stealer themida trojan

Djvu Ransomware

Tofsee

Stealc

Glupteba

Detect ZGRat V1

Glupteba payload

SmokeLoader

Detected Djvu ransomware

RedLine

RedLine payload

ZGRat

Creates new service(s)

Modifies Windows Firewall

Stops running service(s)

Downloads MZ/PE file

Modifies file permissions

Executes dropped EXE

Reads user/profile data of web browsers

Themida packer

Checks computer location settings

Unexpected DNS network traffic destination

.NET Reactor proctector

Looks up external IP address via web service

Drops file in System32 directory

AutoIT Executable

Launches sc.exe

Program crash

Enumerates physical storage devices

NSIS installer

Suspicious use of FindShellTrayWindow

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Kills process with taskkill

Suspicious use of WriteProcessMemory

Creates scheduled task(s)

Suspicious behavior: EnumeratesProcesses

Delays execution with timeout.exe

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-01-28 17:22

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-01-28 17:20

Reported

2024-01-28 17:29

Platform

win10v2004-20231215-en

Max time kernel

41s

Max time network

298s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\archive-280124-05_01_00.7z

Signatures

Detect ZGRat V1

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected Djvu ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Djvu Ransomware

ransomware djvu

Glupteba

loader dropper glupteba

Glupteba payload

Description Indicator Process Target
N/A N/A N/A N/A

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

SmokeLoader

trojan backdoor smokeloader

Stealc

stealer stealc

Tofsee

trojan tofsee

ZGRat

rat zgrat

Creates new service(s)

persistence

Downloads MZ/PE file

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A

Stops running service(s)

evasion

.NET Reactor proctector

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation C:\Windows\system32\cmd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\7zO0DB42A47\setup.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0DB42A47\setup.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Reads user/profile data of web browsers

spyware stealer

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Unexpected DNS network traffic destination

Description Indicator Process Target
Destination IP 152.89.198.214 N/A N/A
Destination IP 141.98.234.31 N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A api.myip.com N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A
N/A api.myip.com N/A N/A
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\GroupPolicy C:\Users\Admin\AppData\Local\Temp\7zO0DB42A47\setup.exe N/A
File opened for modification C:\Windows\System32\GroupPolicy\gpt.ini C:\Users\Admin\AppData\Local\Temp\7zO0DB42A47\setup.exe N/A
File created C:\Windows\System32\GroupPolicy\Machine\Registry.pol C:\Users\Admin\AppData\Local\Temp\7zO0DB42A47\setup.exe N/A
File opened for modification C:\Windows\System32\GroupPolicy\GPT.INI C:\Users\Admin\AppData\Local\Temp\7zO0DB42A47\setup.exe N/A

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\ynfmrpum.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\Documents\GuardFox\gQ2khq2oPm8UNuN0BE1mObhE.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\Documents\GuardFox\N4ByHol1aP1zRDPKXYfopFb1.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\toolspub1.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\5ABC.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\1000708001\installs.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\1000708001\installs.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\8131.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\8131.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\8131.exe

NSIS installer

installer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\AppData\Local\Temp\7zO0DB42A47\setup.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1464 wrote to memory of 3024 N/A C:\Windows\system32\cmd.exe C:\Program Files\7-Zip\7zFM.exe
PID 1464 wrote to memory of 3024 N/A C:\Windows\system32\cmd.exe C:\Program Files\7-Zip\7zFM.exe
PID 3024 wrote to memory of 3848 N/A C:\Program Files\7-Zip\7zFM.exe C:\Users\Admin\AppData\Local\Temp\7zO0DB42A47\setup.exe
PID 3024 wrote to memory of 3848 N/A C:\Program Files\7-Zip\7zFM.exe C:\Users\Admin\AppData\Local\Temp\7zO0DB42A47\setup.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\archive-280124-05_01_00.7z

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\archive-280124-05_01_00.7z"

C:\Users\Admin\AppData\Local\Temp\7zO0DB42A47\setup.exe

"C:\Users\Admin\AppData\Local\Temp\7zO0DB42A47\setup.exe"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum

C:\Users\Admin\Documents\GuardFox\wpBdomuVmkxPB7iC7VtqvewN.exe

"C:\Users\Admin\Documents\GuardFox\wpBdomuVmkxPB7iC7VtqvewN.exe"

C:\Users\Admin\Documents\GuardFox\FeOLmNQZhbd9Tfw46pqtxvsp.exe

"C:\Users\Admin\Documents\GuardFox\FeOLmNQZhbd9Tfw46pqtxvsp.exe"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" GP0TrIML.0 /s

C:\Users\Admin\Documents\GuardFox\D_APImN5oy5eJP9uKhRg0TsY.exe

"C:\Users\Admin\Documents\GuardFox\D_APImN5oy5eJP9uKhRg0TsY.exe"

C:\Users\Admin\Documents\GuardFox\1eyuFYYQj7cnGYLLsH0H9pge.exe

"C:\Users\Admin\Documents\GuardFox\1eyuFYYQj7cnGYLLsH0H9pge.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C move /Y "C:\Users\Admin\AppData\Local\Temp\wdgbauuo.exe" C:\Windows\SysWOW64\mipkaxs\

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\WinTrackerSP\WinTrackerSP.exe" /tn "WinTrackerSP HR" /sc HOURLY /rl HIGHEST

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 748

C:\Users\Admin\ynfmrpum.exe

"C:\Users\Admin\ynfmrpum.exe" /d"C:\Users\Admin\Documents\GuardFox\V3f0NFyI6FWfmr5AV__xlqop.exe"

C:\Windows\SysWOW64\netsh.exe

"C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="Host-process for services of Windows" dir=in action=allow program="C:\Windows\SysWOW64\svchost.exe" enable=yes>nul

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Users\Admin\AppData\Local\00eaf5c2-4b46-4b3b-90ff-de8a0d92e4ff" /deny *S-1-1-0:(OI)(CI)(DE,DC)

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 6548 -ip 6548

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6548 -s 1256

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\WinTrackerSP\WinTrackerSP.exe" /tn "WinTrackerSP LG" /sc ONLOGON /rl HIGHEST

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH1\MPGPH1.exe" /tn "MPGPH1 HR" /sc HOURLY /rl HIGHEST

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 6496 -ip 6496

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 4680 -ip 4680

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 792

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 656

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH1\MPGPH1.exe" /tn "MPGPH1 LG" /sc ONLOGON /rl HIGHEST

C:\Windows\SysWOW64\sc.exe

"C:\Windows\System32\sc.exe" start mipkaxs

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN qdAe7E7fh0Zk78FmVsau491c.exe /TR "C:\Users\Admin\Documents\GuardFox\qdAe7E7fh0Zk78FmVsau491c.exe" /F

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 6496 -ip 6496

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 6608 -ip 6608

C:\Users\Admin\AppData\Local\Temp\msvcp_win\UniversalInstaller.exe

C:\Users\Admin\AppData\Local\Temp\msvcp_win\UniversalInstaller.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6608 -s 808

C:\Windows\SysWOW64\svchost.exe

svchost.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 800

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 6168 -ip 6168

C:\Users\Admin\AppData\Roaming\msvcp_win\UniversalInstaller.exe

"C:\Users\Admin\AppData\Roaming\msvcp_win\UniversalInstaller.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6168 -s 516

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 6496 -ip 6496

C:\Users\Admin\Documents\GuardFox\qemu-ga.exe

"C:\Users\Admin\Documents\GuardFox\qemu-ga.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 960

C:\Windows\SysWOW64\mipkaxs\wdkncqjt.exe

C:\Windows\SysWOW64\mipkaxs\wdkncqjt.exe /d"C:\Users\Admin\ynfmrpum.exe"

C:\Users\Admin\AppData\Local\Temp\1000120001\e0cbefcb1af40c7d4aff4aca26621a98.exe

"C:\Users\Admin\AppData\Local\Temp\1000120001\e0cbefcb1af40c7d4aff4aca26621a98.exe"

C:\Windows\SysWOW64\netsh.exe

"C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="Host-process for services of Windows" dir=in action=allow program="C:\Windows\SysWOW64\svchost.exe" enable=yes>nul

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 6044 -ip 6044

C:\Users\Admin\Documents\GuardFox\qdAe7E7fh0Zk78FmVsau491c.exe

"C:\Users\Admin\Documents\GuardFox\qdAe7E7fh0Zk78FmVsau491c.exe"

C:\Windows\SysWOW64\sc.exe

"C:\Windows\System32\sc.exe" config mipkaxs binPath= "C:\Windows\SysWOW64\mipkaxs\wdkncqjt.exe /d\"C:\Users\Admin\ynfmrpum.exe\""

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6044 -s 1332

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 6496 -ip 6496

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 988

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C move /Y "C:\Users\Admin\AppData\Local\Temp\wdkncqjt.exe" C:\Windows\SysWOW64\mipkaxs\

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffec3ab9758,0x7ffec3ab9768,0x7ffec3ab9778

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc

C:\Users\Admin\AppData\Local\Temp\jobA4cMlmaw5ZNYuw5\XWd9qvVELZMjwcqOZjmU.exe

"C:\Users\Admin\AppData\Local\Temp\jobA4cMlmaw5ZNYuw5\XWd9qvVELZMjwcqOZjmU.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 6496 -ip 6496

C:\Windows\SysWOW64\sc.exe

"C:\Windows\System32\sc.exe" start mipkaxs

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 1324

C:\Users\Admin\Documents\GuardFox\1eyuFYYQj7cnGYLLsH0H9pge.exe

"C:\Users\Admin\Documents\GuardFox\1eyuFYYQj7cnGYLLsH0H9pge.exe" --Admin IsNotAutoStart IsNotTask

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 6496 -ip 6496

C:\Users\Admin\Documents\GuardFox\1eyuFYYQj7cnGYLLsH0H9pge.exe

"C:\Users\Admin\Documents\GuardFox\1eyuFYYQj7cnGYLLsH0H9pge.exe" --Admin IsNotAutoStart IsNotTask

C:\Users\Admin\AppData\Local\Temp\jobA4cMlmaw5ZNYuw5\9gJfevlMlkJeKeieYMHt.exe

"C:\Users\Admin\AppData\Local\Temp\jobA4cMlmaw5ZNYuw5\9gJfevlMlkJeKeieYMHt.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 3428 -ip 3428

C:\Users\Admin\AppData\Local\Temp\jobA4cMlmaw5ZNYuw5\F_3lM0k79M3sSHmsynlU.exe

"C:\Users\Admin\AppData\Local\Temp\jobA4cMlmaw5ZNYuw5\F_3lM0k79M3sSHmsynlU.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 6496 -ip 6496

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 1288

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3092 --field-trial-handle=1892,i,9815747590521206419,14855573673272367244,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2192 --field-trial-handle=1892,i,9815747590521206419,14855573673272367244,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1892,i,9815747590521206419,14855573673272367244,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1892,i,9815747590521206419,14855573673272367244,131072 /prefetch:2

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c taskkill /im "mI_gvNqioq4annwcD9ysemiw.exe" /f & erase "C:\Users\Admin\Documents\GuardFox\mI_gvNqioq4annwcD9ysemiw.exe" & exit

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 1336

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3100 --field-trial-handle=1892,i,9815747590521206419,14855573673272367244,131072 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\jobA4cMlmaw5ZNYuw5\Iz_S403Fm2bKTLLXx7tw.exe

"C:\Users\Admin\AppData\Local\Temp\jobA4cMlmaw5ZNYuw5\Iz_S403Fm2bKTLLXx7tw.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffebf6046f8,0x7ffebf604708,0x7ffebf604718

C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe

"C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\sc.exe

"C:\Windows\System32\sc.exe" description mipkaxs "wifi internet conection"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\sc.exe

"C:\Windows\System32\sc.exe" create mipkaxs binPath= "C:\Windows\SysWOW64\mipkaxs\wdgbauuo.exe /d\"C:\Users\Admin\Documents\GuardFox\V3f0NFyI6FWfmr5AV__xlqop.exe\"" type= own start= auto DisplayName= "wifi support"

C:\Users\Admin\AppData\Local\JS Base Classes\jsbaseclasses.exe

"C:\Users\Admin\AppData\Local\JS Base Classes\jsbaseclasses.exe" -s

C:\Users\Admin\AppData\Local\JS Base Classes\jsbaseclasses.exe

"C:\Users\Admin\AppData\Local\JS Base Classes\jsbaseclasses.exe" -i

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C mkdir C:\Windows\SysWOW64\mipkaxs\

C:\Users\Admin\Documents\GuardFox\1eyuFYYQj7cnGYLLsH0H9pge.exe

"C:\Users\Admin\Documents\GuardFox\1eyuFYYQj7cnGYLLsH0H9pge.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 740

C:\Users\Admin\Documents\GuardFox\RJZ7Z8sIhTloxR_kycCku9hk.exe

"C:\Users\Admin\Documents\GuardFox\RJZ7Z8sIhTloxR_kycCku9hk.exe"

C:\Users\Admin\Documents\GuardFox\5snyhZVV6wq1cxUPVxHWNW4H.exe

"C:\Users\Admin\Documents\GuardFox\5snyhZVV6wq1cxUPVxHWNW4H.exe"

C:\Users\Admin\Documents\GuardFox\LUcpuDviI64eDPmwlrqUNtp6.exe

"C:\Users\Admin\Documents\GuardFox\LUcpuDviI64eDPmwlrqUNtp6.exe"

C:\Users\Admin\Documents\GuardFox\Qf6_IzA3ir_PmstIbYl157jb.exe

"C:\Users\Admin\Documents\GuardFox\Qf6_IzA3ir_PmstIbYl157jb.exe"

C:\Users\Admin\Documents\GuardFox\3fd4KLJSuPPDFDaUVCt0Uaa8.exe

"C:\Users\Admin\Documents\GuardFox\3fd4KLJSuPPDFDaUVCt0Uaa8.exe"

C:\Users\Admin\Documents\GuardFox\OuXhK0r7LbBSsNBjve8QLO6v.exe

"C:\Users\Admin\Documents\GuardFox\OuXhK0r7LbBSsNBjve8QLO6v.exe"

C:\Users\Admin\Documents\GuardFox\41P6kP2rmfTbazDiQciOkORC.exe

"C:\Users\Admin\Documents\GuardFox\41P6kP2rmfTbazDiQciOkORC.exe"

C:\Users\Admin\Documents\GuardFox\bPTb1J3KBJy52lyn8N6bFjgj.exe

"C:\Users\Admin\Documents\GuardFox\bPTb1J3KBJy52lyn8N6bFjgj.exe"

C:\Users\Admin\Documents\GuardFox\oDdsh9E66ABPDxB_XRS_18jC.exe

"C:\Users\Admin\Documents\GuardFox\oDdsh9E66ABPDxB_XRS_18jC.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6520 -s 340

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 6496 -ip 6496

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 6520 -ip 6520

C:\Users\Admin\AppData\Local\Temp\is-SK8VJ.tmp\vkLsFF8wTUqMOFpIP8eRUtlj.tmp

"C:\Users\Admin\AppData\Local\Temp\is-SK8VJ.tmp\vkLsFF8wTUqMOFpIP8eRUtlj.tmp" /SL5="$10256,4689466,54272,C:\Users\Admin\Documents\GuardFox\vkLsFF8wTUqMOFpIP8eRUtlj.exe"

C:\Users\Admin\Documents\GuardFox\2xCliBfeVZZKIGfGU0a9VL2i.exe

"C:\Users\Admin\Documents\GuardFox\2xCliBfeVZZKIGfGU0a9VL2i.exe"

C:\Users\Admin\Documents\GuardFox\V3f0NFyI6FWfmr5AV__xlqop.exe

"C:\Users\Admin\Documents\GuardFox\V3f0NFyI6FWfmr5AV__xlqop.exe"

C:\Users\Admin\Documents\GuardFox\N4ByHol1aP1zRDPKXYfopFb1.exe

"C:\Users\Admin\Documents\GuardFox\N4ByHol1aP1zRDPKXYfopFb1.exe"

C:\Users\Admin\Documents\GuardFox\Tfi6c0zK846pscd_QiVC_sCK.exe

"C:\Users\Admin\Documents\GuardFox\Tfi6c0zK846pscd_QiVC_sCK.exe"

C:\Users\Admin\Documents\GuardFox\s7jXHzWFkgxu3AD1IzxgGDBu.exe

"C:\Users\Admin\Documents\GuardFox\s7jXHzWFkgxu3AD1IzxgGDBu.exe"

C:\Users\Admin\Documents\GuardFox\vkLsFF8wTUqMOFpIP8eRUtlj.exe

"C:\Users\Admin\Documents\GuardFox\vkLsFF8wTUqMOFpIP8eRUtlj.exe"

C:\Users\Admin\Documents\GuardFox\gQ2khq2oPm8UNuN0BE1mObhE.exe

"C:\Users\Admin\Documents\GuardFox\gQ2khq2oPm8UNuN0BE1mObhE.exe"

C:\Users\Admin\Documents\GuardFox\mI_gvNqioq4annwcD9ysemiw.exe

"C:\Users\Admin\Documents\GuardFox\mI_gvNqioq4annwcD9ysemiw.exe"

C:\Users\Admin\AppData\Local\Temp\jobA4cMlmaw5ZNYuw5\yGltYkiNd1rGP6ZjRR4q.exe

"C:\Users\Admin\AppData\Local\Temp\jobA4cMlmaw5ZNYuw5\yGltYkiNd1rGP6ZjRR4q.exe"

C:\Users\Admin\Documents\GuardFox\qdAe7E7fh0Zk78FmVsau491c.exe

C:\Users\Admin\Documents\GuardFox\qdAe7E7fh0Zk78FmVsau491c.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /im "mI_gvNqioq4annwcD9ysemiw.exe" /f

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN explorhe.exe /TR "C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe" /F

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffebf6046f8,0x7ffebf604708,0x7ffebf604718

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe

C:\Users\Admin\AppData\Local\Temp\jobA4cMlmaw5ZNYuw5\7KnBAxqSWXTTk3KpLn8G.exe

"C:\Users\Admin\AppData\Local\Temp\jobA4cMlmaw5ZNYuw5\7KnBAxqSWXTTk3KpLn8G.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffebf6046f8,0x7ffebf604708,0x7ffebf604718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,14554283792779283689,11229572636416185113,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,14554283792779283689,11229572636416185113,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,14554283792779283689,11229572636416185113,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4008 --field-trial-handle=1892,i,9815747590521206419,14855573673272367244,131072 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,14554283792779283689,11229572636416185113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,14554283792779283689,11229572636416185113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.facebook.com/login

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffebf6046f8,0x7ffebf604708,0x7ffebf604718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffebf6046f8,0x7ffebf604708,0x7ffebf604718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\Admin\Documents\GuardFox\N4ByHol1aP1zRDPKXYfopFb1.exe" & del "C:\ProgramData\*.dll"" & exit

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 6504 -ip 6504

C:\Users\Admin\AppData\Local\Temp\1000674001\plata.exe

"C:\Users\Admin\AppData\Local\Temp\1000674001\plata.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 6536 -ip 6536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,13689860283146935309,1482785733646899542,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffebf6046f8,0x7ffebf604708,0x7ffebf604718

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffec3ab9758,0x7ffec3ab9768,0x7ffec3ab9778

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,14554283792779283689,11229572636416185113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,14554283792779283689,11229572636416185113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/login

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6504 -s 2272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,14554283792779283689,11229572636416185113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4352 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffec3ab9758,0x7ffec3ab9768,0x7ffec3ab9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4940 --field-trial-handle=1892,i,9815747590521206419,14855573673272367244,131072 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\1000700001\lada.exe

"C:\Users\Admin\AppData\Local\Temp\1000700001\lada.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffec3ab9758,0x7ffec3ab9768,0x7ffec3ab9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5108 --field-trial-handle=1892,i,9815747590521206419,14855573673272367244,131072 /prefetch:1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6536 -s 2256

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,14554283792779283689,11229572636416185113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4516 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5212 --field-trial-handle=1892,i,9815747590521206419,14855573673272367244,131072 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\A08.exe

C:\Users\Admin\AppData\Local\Temp\A08.exe

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login

C:\Users\Admin\AppData\Local\Temp\A08.exe

C:\Users\Admin\AppData\Local\Temp\A08.exe

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,14554283792779283689,11229572636416185113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="8060.0.1550269357\214362432" -parentBuildID 20221007134813 -prefsHandle 1856 -prefMapHandle 1824 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b0d8ac2-19a0-434d-917d-b560ee9ca203} 8060 "\\.\pipe\gecko-crash-server-pipe.8060" 1960 1ebdd0d1e58 gpu

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,14554283792779283689,11229572636416185113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,14554283792779283689,11229572636416185113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1

C:\Windows\SysWOW64\timeout.exe

timeout /t 5

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="8060.1.1520574520\244067380" -parentBuildID 20221007134813 -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e603ff1d-63a6-41d3-bdc4-ab292a75081f} 8060 "\\.\pipe\gecko-crash-server-pipe.8060" 2440 1ebd06e5d58 socket

C:\Users\Admin\AppData\Local\Temp\1D05.exe

C:\Users\Admin\AppData\Local\Temp\1D05.exe

C:\Users\Admin\AppData\Local\Temp\is-I6KJA.tmp\is-MLS88.tmp

"C:\Users\Admin\AppData\Local\Temp\is-I6KJA.tmp\is-MLS88.tmp" /SL4 $103AA "C:\Users\Admin\AppData\Local\Temp\1D05.exe" 4841809 209408

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="8060.2.1009755638\1375490556" -childID 1 -isForBrowser -prefsHandle 3248 -prefMapHandle 3244 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {520b66b9-de54-4221-9adc-404c97ae2c23} 8060 "\\.\pipe\gecko-crash-server-pipe.8060" 3260 1ebe11f3b58 tab

C:\Users\Admin\AppData\Local\Temp\1000705001\latestroc.exe

"C:\Users\Admin\AppData\Local\Temp\1000705001\latestroc.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="8060.3.1537405789\146377936" -childID 2 -isForBrowser -prefsHandle 3648 -prefMapHandle 3644 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f816da3c-58ee-45d0-9912-95f153f5f73b} 8060 "\\.\pipe\gecko-crash-server-pipe.8060" 3660 1ebe2106858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="8060.4.925028091\1879312894" -childID 3 -isForBrowser -prefsHandle 4348 -prefMapHandle 4340 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {12e7a891-40a6-4750-948a-7bf48ae9b9fd} 8060 "\\.\pipe\gecko-crash-server-pipe.8060" 1684 1ebe2322858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="8060.5.702941967\208159663" -childID 4 -isForBrowser -prefsHandle 4348 -prefMapHandle 4340 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1286cbde-707d-4eb0-a066-8d92d48d6f35} 8060 "\\.\pipe\gecko-crash-server-pipe.8060" 3932 1ebe2a28d58 tab

C:\Users\Admin\AppData\Local\Temp\d887ceb89d\qemu-ga.exe

"C:\Users\Admin\AppData\Local\Temp\d887ceb89d\qemu-ga.exe"

C:\Users\Admin\AppData\Local\Temp\1000706001\2024.exe

"C:\Users\Admin\AppData\Local\Temp\1000706001\2024.exe"

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\system32\schtasks.exe" /Query

C:\Users\Admin\AppData\Local\Abstract base classes\abstractbaseclasses.exe

"C:\Users\Admin\AppData\Local\Abstract base classes\abstractbaseclasses.exe" -i

C:\Users\Admin\AppData\Local\Temp\toolspub1.exe

"C:\Users\Admin\AppData\Local\Temp\toolspub1.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 8932 -ip 8932

C:\Users\Admin\AppData\Local\Temp\1000707001\MRK.exe

"C:\Users\Admin\AppData\Local\Temp\1000707001\MRK.exe"

C:\Users\Admin\AppData\Local\Abstract base classes\abstractbaseclasses.exe

"C:\Users\Admin\AppData\Local\Abstract base classes\abstractbaseclasses.exe" -s

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8932 -s 340

C:\Users\Admin\AppData\Local\Temp\rty25.exe

"C:\Users\Admin\AppData\Local\Temp\rty25.exe"

C:\Users\Admin\AppData\Local\Temp\7b0d48dbbf50fe239f1097f5d01c2a6d.exe

"C:\Users\Admin\AppData\Local\Temp\7b0d48dbbf50fe239f1097f5d01c2a6d.exe"

C:\Users\Admin\AppData\Local\Temp\FirstZ.exe

"C:\Users\Admin\AppData\Local\Temp\FirstZ.exe"

C:\Users\Admin\AppData\Local\Temp\1000708001\installs.exe

"C:\Users\Admin\AppData\Local\Temp\1000708001\installs.exe"

C:\Users\Admin\AppData\Local\Temp\1000709001\alex.exe

"C:\Users\Admin\AppData\Local\Temp\1000709001\alex.exe"

C:\Windows\SysWOW64\rundll32.exe

"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll, Main

C:\Users\Admin\AppData\Local\Temp\458D.exe

C:\Users\Admin\AppData\Local\Temp\458D.exe

C:\Users\Admin\AppData\Local\Temp\1000710001\fsdfsfsfs.exe

"C:\Users\Admin\AppData\Local\Temp\1000710001\fsdfsfsfs.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"

C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe

"C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe"

C:\Users\Admin\AppData\Local\Temp\1000711001\sadsadsadsa.exe

"C:\Users\Admin\AppData\Local\Temp\1000711001\sadsadsadsa.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe

C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe

C:\Users\Admin\AppData\Local\Temp\5ABC.exe

C:\Users\Admin\AppData\Local\Temp\5ABC.exe

C:\Users\Admin\AppData\Local\Temp\1000712001\leg221.exe

"C:\Users\Admin\AppData\Local\Temp\1000712001\leg221.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 10220 -ip 10220

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 10220 -s 340

C:\Users\Admin\AppData\Local\Temp\623F.exe

C:\Users\Admin\AppData\Local\Temp\623F.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\1000713001\rdxx1.exe

"C:\Users\Admin\AppData\Local\Temp\1000713001\rdxx1.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 8732 -ip 8732

C:\Users\Admin\AppData\Local\Temp\1000714001\crypted.exe

"C:\Users\Admin\AppData\Local\Temp\1000714001\crypted.exe"

C:\Users\Admin\AppData\Roaming\configurationValue\olehps.exe

"C:\Users\Admin\AppData\Roaming\configurationValue\olehps.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 8732 -s 1204

C:\Users\Admin\AppData\Roaming\configurationValue\Logs.exe

"C:\Users\Admin\AppData\Roaming\configurationValue\Logs.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\1000716001\redline1234.exe

"C:\Users\Admin\AppData\Local\Temp\1000716001\redline1234.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\8131.exe

C:\Users\Admin\AppData\Local\Temp\8131.exe

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="8060.6.1244060439\805847618" -parentBuildID 20221007134813 -prefsHandle 5520 -prefMapHandle 5508 -prefsLen 26381 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {17b0b69b-aa78-4eba-a559-5faf69e32160} 8060 "\\.\pipe\gecko-crash-server-pipe.8060" 5532 1ebe11f1d58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="8060.7.2088433804\991688299" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5668 -prefMapHandle 5664 -prefsLen 26381 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {add03400-400f-44c5-b455-61c9a5b7d4ef} 8060 "\\.\pipe\gecko-crash-server-pipe.8060" 5676 1ebe438a958 utility

C:\Windows\SysWOW64\chcp.com

chcp 1251

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe delete "ACULXOBT"

C:\Windows\system32\regsvr32.exe

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\9343.dll

C:\Windows\SysWOW64\regsvr32.exe

/s C:\Users\Admin\AppData\Local\Temp\9343.dll

C:\Users\Admin\AppData\Local\Temp\1000717001\moto.exe

"C:\Users\Admin\AppData\Local\Temp\1000717001\moto.exe"

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe create "ACULXOBT" binpath= "C:\ProgramData\hlkwogclqprr\uwgxswmtctao.exe" start= "auto"

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe delete "FLWCUERA"

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe start "ACULXOBT"

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop eventlog

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe create "FLWCUERA" binpath= "C:\ProgramData\eyfisgalqlbk\iojmibhyhiws.exe" start= "auto"

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /im chrome.exe /f

C:\ProgramData\hlkwogclqprr\uwgxswmtctao.exe

C:\ProgramData\hlkwogclqprr\uwgxswmtctao.exe

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\Admin\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\1000717001\moto.exe"

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe start "FLWCUERA"

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop eventlog

C:\Users\Admin\Documents\GuardFox\qdAe7E7fh0Zk78FmVsau491c.exe

C:\Users\Admin\Documents\GuardFox\qdAe7E7fh0Zk78FmVsau491c.exe

C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe

C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 868 -ip 868

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 868 -ip 868

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 868 -s 664

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 868 -s 1120

C:\ProgramData\eyfisgalqlbk\iojmibhyhiws.exe

C:\ProgramData\eyfisgalqlbk\iojmibhyhiws.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Windows\system32\conhost.exe

conhost.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffec3ab9758,0x7ffec3ab9768,0x7ffec3ab9778

C:\ProgramData\eyfisgalqlbk\iojmibhyhiws.exe

"C:\ProgramData\eyfisgalqlbk\iojmibhyhiws.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 6792 -ip 6792

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 6792 -ip 6792

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6792 -s 984

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop UsoSvc

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6792 -s 1032

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 6792 -ip 6792

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 868 -ip 868

C:\Windows\system32\choice.exe

choice /C Y /N /D Y /T 3

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop WaaSMedicSvc

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6792 -s 1060

C:\Windows\system32\wusa.exe

wusa /uninstall /kb:890830 /quiet /norestart

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop wuauserv

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=2356,i,18192566622104304371,4758718074427952265,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2916 --field-trial-handle=2356,i,18192566622104304371,4758718074427952265,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2900 --field-trial-handle=2356,i,18192566622104304371,4758718074427952265,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1964 --field-trial-handle=2356,i,18192566622104304371,4758718074427952265,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1932 --field-trial-handle=2356,i,18192566622104304371,4758718074427952265,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3916 --field-trial-handle=2356,i,18192566622104304371,4758718074427952265,131072 /prefetch:1

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop bits

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5072 --field-trial-handle=2356,i,18192566622104304371,4758718074427952265,131072 /prefetch:8

C:\Users\Admin\Documents\GuardFox\qdAe7E7fh0Zk78FmVsau491c.exe

C:\Users\Admin\Documents\GuardFox\qdAe7E7fh0Zk78FmVsau491c.exe

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop dosvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffec3ab9758,0x7ffec3ab9768,0x7ffec3ab9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffec3ab9758,0x7ffec3ab9768,0x7ffec3ab9778

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe delete "WSNKISKT"

C:\Windows\system32\powercfg.exe

C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0

C:\Windows\system32\powercfg.exe

C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0

C:\Windows\system32\powercfg.exe

C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0

C:\Windows\system32\powercfg.exe

C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe create "WSNKISKT" binpath= "C:\ProgramData\wikombernizc\reakuqnanrkn.exe" start= "auto"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1968 --field-trial-handle=2392,i,16330053265010961132,8475317298258092419,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1952 --field-trial-handle=2392,i,16330053265010961132,8475317298258092419,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3156 --field-trial-handle=2392,i,16330053265010961132,8475317298258092419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3136 --field-trial-handle=2392,i,16330053265010961132,8475317298258092419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 --field-trial-handle=2392,i,16330053265010961132,8475317298258092419,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1940 --field-trial-handle=2000,i,5112602560727985011,4642646693908310067,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=2000,i,5112602560727985011,4642646693908310067,131072 /prefetch:2

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe start "WSNKISKT"

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop eventlog

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4100 --field-trial-handle=2392,i,16330053265010961132,8475317298258092419,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5104 --field-trial-handle=2392,i,16330053265010961132,8475317298258092419,131072 /prefetch:8

C:\ProgramData\wikombernizc\reakuqnanrkn.exe

C:\ProgramData\wikombernizc\reakuqnanrkn.exe

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 --field-trial-handle=2392,i,16330053265010961132,8475317298258092419,131072 /prefetch:8

C:\Users\Admin\Documents\GuardFox\qdAe7E7fh0Zk78FmVsau491c.exe

C:\Users\Admin\Documents\GuardFox\qdAe7E7fh0Zk78FmVsau491c.exe

C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe

C:\Users\Admin\AppData\Local\Temp\d887ceb89d\explorhe.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 9932 -ip 9932

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
NL 195.20.16.45:80 tcp
N/A 224.0.0.251:5353 udp
DE 77.105.147.130:80 77.105.147.130 tcp
US 8.8.8.8:53 api.myip.com udp
US 104.26.9.59:443 api.myip.com tcp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.186.192:443 ipinfo.io tcp
US 8.8.8.8:53 130.147.105.77.in-addr.arpa udp
US 8.8.8.8:53 59.9.26.104.in-addr.arpa udp
US 8.8.8.8:53 192.186.117.34.in-addr.arpa udp
US 8.8.8.8:53 ok.spartabig.com udp
US 8.8.8.8:53 ji.alie3ksggg.com udp
RU 83.97.73.44:80 tcp
FI 109.107.182.40:80 109.107.182.40 tcp
RU 5.42.65.85:80 5.42.65.85 tcp
US 8.8.8.8:53 cczhk.com udp
AT 5.42.64.33:80 5.42.64.33 tcp
US 8.8.8.8:53 vk.com udp
US 8.8.8.8:53 294seminonconformist.sbs udp
US 8.8.8.8:53 medfioytrkdkcodlskeej.net udp
SG 47.236.140.86:80 47.236.140.86 tcp
RU 87.240.129.133:80 vk.com tcp
RU 87.240.129.133:80 vk.com tcp
US 104.21.15.216:80 ok.spartabig.com tcp
RU 91.215.85.209:80 medfioytrkdkcodlskeej.net tcp
US 188.114.96.2:80 294seminonconformist.sbs tcp
US 188.114.96.2:80 294seminonconformist.sbs tcp
RU 87.240.129.133:80 vk.com tcp
RU 87.240.129.133:80 vk.com tcp
RU 91.215.85.209:80 medfioytrkdkcodlskeej.net tcp
US 188.114.96.2:80 294seminonconformist.sbs tcp
US 188.114.96.2:443 294seminonconformist.sbs tcp
HK 154.92.15.189:80 ji.alie3ksggg.com tcp
RU 87.240.129.133:80 vk.com tcp
RU 87.240.129.133:80 vk.com tcp
RU 91.215.85.209:80 medfioytrkdkcodlskeej.net tcp
PA 190.218.32.25:80 cczhk.com tcp
RU 91.215.85.209:443 medfioytrkdkcodlskeej.net tcp
RU 87.240.129.133:80 vk.com tcp
RU 87.240.129.133:80 vk.com tcp
US 8.8.8.8:53 85.65.42.5.in-addr.arpa udp
US 8.8.8.8:53 33.64.42.5.in-addr.arpa udp
US 8.8.8.8:53 40.182.107.109.in-addr.arpa udp
US 8.8.8.8:53 216.15.21.104.in-addr.arpa udp
US 8.8.8.8:53 2.96.114.188.in-addr.arpa udp
US 8.8.8.8:53 133.129.240.87.in-addr.arpa udp
US 8.8.8.8:53 209.85.215.91.in-addr.arpa udp
US 8.8.8.8:53 86.140.236.47.in-addr.arpa udp
US 8.8.8.8:53 67.214.58.216.in-addr.arpa udp
RU 87.240.129.133:80 vk.com tcp
RU 87.240.129.133:80 vk.com tcp
US 8.8.8.8:53 udp
RU 87.240.129.133:80 vk.com tcp
RU 87.240.129.133:80 vk.com tcp
RU 87.240.129.133:80 vk.com tcp
PA 190.218.32.25:80 cczhk.com tcp
US 8.8.8.8:53 udp
RU 87.240.129.133:80 vk.com tcp
RU 87.240.129.133:80 vk.com tcp
RU 87.240.129.133:80 vk.com tcp
RU 87.240.129.133:80 vk.com tcp
RU 87.240.129.133:80 vk.com tcp
RU 87.240.129.133:80 vk.com tcp
RU 87.240.129.133:80 vk.com tcp
RU 87.240.129.133:80 vk.com tcp
RU 87.240.129.133:80 vk.com tcp
RU 87.240.129.133:80 vk.com tcp
RU 83.97.73.44:8080 tcp
RU 87.240.129.133:80 vk.com tcp
RU 87.240.129.133:80 vk.com tcp
RU 87.240.129.133:80 vk.com tcp
RU 87.240.129.133:80 vk.com tcp
RU 87.240.129.133:80 vk.com tcp
RU 87.240.129.133:80 vk.com tcp
RU 87.240.129.133:80 vk.com tcp
RU 87.240.129.133:80 vk.com tcp
RU 87.240.129.133:80 vk.com tcp
RU 87.240.129.133:80 vk.com tcp
RU 87.240.129.133:80 vk.com tcp
RU 87.240.129.133:80 vk.com tcp
RU 87.240.129.133:80 vk.com tcp
RU 87.240.129.133:443 vk.com tcp
RU 87.240.129.133:80 vk.com tcp
RU 87.240.129.133:443 vk.com tcp
US 8.8.8.8:53 44.73.97.83.in-addr.arpa udp
RU 87.240.129.133:443 vk.com tcp
US 8.8.8.8:53 sun6-23.userapi.com udp
RU 87.240.129.133:443 vk.com tcp
NL 95.142.206.3:443 sun6-23.userapi.com tcp
NL 95.142.206.3:443 sun6-23.userapi.com tcp
RU 87.240.129.133:443 vk.com tcp
US 8.8.8.8:53 sun6-22.userapi.com udp
NL 95.142.206.2:443 sun6-22.userapi.com tcp
NL 95.142.206.0:443 tcp
RU 87.240.129.133:443 vk.com tcp
NL 95.142.206.1:443 tcp
RU 87.240.129.133:443 vk.com tcp
RU 87.240.129.133:443 vk.com tcp
RU 87.240.129.133:443 vk.com tcp
RU 87.240.129.133:443 vk.com tcp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
RU 87.240.129.133:443 vk.com tcp
RU 87.240.129.133:443 vk.com tcp
RU 87.240.129.133:443 vk.com tcp
US 8.8.8.8:53 i.alie3ksgaa.com udp
DE 185.172.128.24:80 185.172.128.24 tcp
DE 77.105.147.130:80 77.105.147.130 tcp
US 8.8.8.8:53 24.128.172.185.in-addr.arpa udp
HK 154.92.15.189:443 i.alie3ksgaa.com tcp
US 34.117.186.192:443 ipinfo.io tcp
FR 199.232.168.193:443 tcp
FI 109.107.182.26:50500 tcp
US 8.8.8.8:53 udp
HK 154.92.15.189:80 app.alie3ksgaa.com tcp
DE 77.105.147.130:80 77.105.147.130 tcp
US 34.117.186.192:443 ipinfo.io tcp
US 8.8.8.8:53 somerandomshit.org udp
US 104.21.19.150:443 somerandomshit.org tcp
US 34.117.186.192:443 ipinfo.io tcp
NL 45.15.156.60:12050 tcp
US 8.8.8.8:53 microsoft.com udp
RU 193.233.132.67:50500 tcp
US 20.112.250.133:80 microsoft.com tcp
US 8.8.8.8:53 microsoft.com udp
RU 193.233.132.62:50500 tcp
NL 195.20.16.46:80 tcp
RU 185.215.113.68:80 185.215.113.68 tcp
FI 109.107.182.3:80 109.107.182.3 tcp
RU 62.122.184.58:486 tcp
US 8.8.8.8:53 yahoo.com udp
US 8.8.8.8:53 mta7.am0.yahoodns.net udp
US 8.8.8.8:53 habrafa.com udp
US 98.136.96.91:25 mta7.am0.yahoodns.net tcp
US 8.8.8.8:53 99.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 58.184.122.62.in-addr.arpa udp
PE 190.12.87.61:80 habrafa.com tcp
RU 193.233.132.62:50500 tcp
DE 185.172.128.90:80 tcp
US 8.8.8.8:53 61.87.12.190.in-addr.arpa udp
US 8.8.8.8:53 selebration17io.io udp
RU 91.215.85.120:80 selebration17io.io tcp
RU 185.215.113.68:80 tcp
US 8.8.8.8:53 udp
RU 5.42.65.31:48396 tcp
US 8.8.8.8:53 31.65.42.5.in-addr.arpa udp
US 8.8.8.8:53 174.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 163.70.147.35:443 tcp
FR 142.250.179.78:443 www.youtube.com tcp
FR 142.250.179.78:443 www.youtube.com tcp
US 34.117.186.192:443 ipinfo.io tcp
US 8.8.8.8:53 59.23.149.89.sbl-xbl.spamhaus.org udp
US 8.8.8.8:53 78.179.250.142.in-addr.arpa udp
FR 216.58.214.174:443 www.youtube.com tcp
GB 163.70.147.35:443 tcp
NL 142.250.27.84:443 tcp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
NL 142.250.27.84:443 udp
DE 185.172.128.19:80 185.172.128.19 tcp
US 8.8.8.8:53 pay.ayazprak.com udp
US 104.21.80.24:80 pay.ayazprak.com tcp
FR 142.250.179.78:443 www.youtube.com tcp
NL 142.250.27.84:443 tcp
FR 142.250.179.78:443 www.youtube.com udp
NL 142.250.27.84:443 udp
FR 172.217.20.214:443 tcp
US 8.8.8.8:53 214.20.217.172.in-addr.arpa udp
FR 172.217.20.214:443 udp
US 8.8.8.8:53 178.223.142.52.in-addr.arpa udp
DE 185.220.101.145:10145 tcp
DE 185.172.128.19:80 185.172.128.19 tcp
FR 51.15.246.170:443 tcp
US 8.8.8.8:53 145.101.220.185.in-addr.arpa udp
FI 109.107.182.3:80 109.107.182.3 tcp
US 8.8.8.8:53 170.246.15.51.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
FR 142.250.179.78:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
FR 142.250.179.78:443 youtube-ui.l.google.com udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
RU 62.122.184.92:422 tcp
UA 45.143.201.238:422 tcp
RU 176.113.115.84:422 tcp
RU 80.66.75.4:422 tcp
RU 176.113.115.135:422 tcp
RU 176.113.115.136:422 tcp
RU 83.97.73.44:422 tcp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.216.128.175:443 shavar.services.mozilla.com tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
FR 142.250.74.228:80 www.google.com tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
FR 142.250.74.228:80 www.google.com tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
FR 142.250.74.228:80 www.google.com tcp
FR 142.250.74.228:80 www.google.com tcp
FR 142.250.74.228:80 www.google.com tcp
FR 142.250.74.228:80 www.google.com tcp
FR 142.250.74.228:80 www.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 92.184.122.62.in-addr.arpa udp
US 8.8.8.8:53 136.115.113.176.in-addr.arpa udp
US 8.8.8.8:53 84.115.113.176.in-addr.arpa udp
US 8.8.8.8:53 135.115.113.176.in-addr.arpa udp
US 8.8.8.8:53 238.201.143.45.in-addr.arpa udp
US 8.8.8.8:53 4.75.66.80.in-addr.arpa udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 157.240.221.35:443 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 175.128.216.34.in-addr.arpa udp
US 8.8.8.8:53 228.74.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
NL 195.20.16.103:20440 tcp
FI 65.21.110.38:9001 tcp
DE 173.212.231.228:9001 tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 i.alie3ksgaa.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 smtp.google.com udp
NL 142.250.27.27:25 smtp.google.com tcp
US 8.8.8.8:53 103.16.20.195.in-addr.arpa udp
US 8.8.8.8:53 228.231.212.173.in-addr.arpa udp
US 8.8.8.8:53 38.110.21.65.in-addr.arpa udp
HK 154.92.15.189:443 i.alie3ksgaa.com tcp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 i.instagram.com udp
US 157.240.229.63:443 i.instagram.com tcp
US 8.8.8.8:53 63.229.240.157.in-addr.arpa udp
RU 185.215.113.68:80 tcp
FR 142.250.179.78:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 udp
FR 172.217.20.214:443 tcp
US 104.21.71.8:443 consciouosoepewmausj.site tcp
US 8.8.8.8:53 trmpc.com udp
KR 211.181.24.133:80 cczhk.com tcp
US 8.8.8.8:53 devloop.com.br udp
US 192.185.216.180:443 tcp
US 8.8.8.8:53 180.216.185.192.in-addr.arpa udp
DE 20.79.30.95:33223 tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 willpoweragreebokkskiew.site udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 172.67.173.89:443 willpoweragreebokkskiew.site tcp
NL 94.156.67.230:13781 tcp
DE 185.172.128.90:80 tcp
US 8.8.8.8:53 95.30.79.20.in-addr.arpa udp
US 8.8.8.8:53 35.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 89.173.67.172.in-addr.arpa udp
US 8.8.8.8:53 app.alie3ksgaa.com udp
HK 154.92.15.189:80 app.alie3ksgaa.com tcp
SE 132.245.230.0:993 tcp
US 8.8.8.8:53 braidfadefriendklypk.site udp
US 188.114.97.2:443 braidfadefriendklypk.site tcp
US 8.8.8.8:53 0.230.245.132.in-addr.arpa udp
DE 185.172.128.53:80 185.172.128.53 tcp
NL 80.79.4.61:18236 tcp
US 8.8.8.8:53 accounts.youtube.com udp
FR 172.217.18.206:443 accounts.youtube.com tcp
US 8.8.8.8:53 www3.l.google.com udp
FR 172.217.18.206:443 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
DE 185.172.128.19:80 tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 53.128.172.185.in-addr.arpa udp
US 8.8.8.8:53 61.4.79.80.in-addr.arpa udp
US 8.8.8.8:53 206.18.217.172.in-addr.arpa udp
FR 172.217.20.214:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
FR 172.217.20.214:443 i.ytimg.com udp
US 8.8.8.8:53 www.google.com udp
FR 142.250.74.228:443 www.google.com tcp
FR 142.250.74.228:443 www.google.com udp
US 8.8.8.8:53 www.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
FR 142.250.74.228:443 www.google.com tcp
FR 142.250.74.228:443 www.google.com udp
DE 141.95.211.148:46011 tcp
DE 185.172.128.33:8924 tcp
US 8.8.8.8:53 148.211.95.141.in-addr.arpa udp
US 8.8.8.8:53 33.128.172.185.in-addr.arpa udp
RU 5.42.65.31:48396 tcp
DE 144.76.1.85:25894 tcp
RU 193.233.132.62:50500 tcp
DE 138.201.125.92:15647 tcp
RU 193.233.132.62:50500 tcp
RU 193.233.132.62:50500 tcp
US 8.8.8.8:53 85.1.76.144.in-addr.arpa udp
US 8.8.8.8:53 92.125.201.138.in-addr.arpa udp
US 34.117.186.192:443 ipinfo.io tcp
US 34.117.186.192:443 ipinfo.io tcp
US 8.8.8.8:53 mail.ru udp
US 8.8.8.8:53 mxs.mail.ru udp
RU 94.100.180.31:25 mxs.mail.ru tcp
US 34.117.186.192:443 ipinfo.io tcp
US 8.8.8.8:53 auth.simperium.com udp
US 192.0.84.247:443 auth.simperium.com tcp
US 8.8.8.8:53 play.google.com udp
FR 216.58.214.174:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
FR 216.58.214.174:443 play.google.com tcp
US 8.8.8.8:53 247.84.0.192.in-addr.arpa udp
US 192.0.84.247:443 auth.simperium.com tcp
US 192.0.84.247:443 auth.simperium.com tcp
US 8.8.8.8:53 mealroomrallpassiveer.shop udp
US 172.67.149.126:443 mealroomrallpassiveer.shop tcp
US 192.0.84.247:443 auth.simperium.com tcp
US 8.8.8.8:53 126.149.67.172.in-addr.arpa udp
US 192.0.84.247:443 auth.simperium.com tcp
US 192.0.84.247:443 auth.simperium.com tcp
US 8.8.8.8:53 udp
RU 87.240.129.133:80 tcp
RU 87.240.129.133:80 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 pool.hashvault.pro udp
DE 95.179.241.203:80 pool.hashvault.pro tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 13.95.31.18:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 203.241.179.95.in-addr.arpa udp
GB 96.17.179.191:80 tcp
NL 94.156.67.230:13781 tcp
US 188.114.97.2:443 braidfadefriendklypk.site tcp
US 8.8.8.8:53 59.23.149.89.in-addr.arpa udp
US 104.21.47.48:443 tcp
RU 193.233.132.67:50505 tcp
US 8.8.8.8:53 ustawienia.poczta.onet.pl udp
US 99.83.253.192:443 ustawienia.poczta.onet.pl tcp
US 8.8.8.8:53 authorisation.grupaonet.pl udp
US 13.248.151.185:443 authorisation.grupaonet.pl tcp
US 8.8.8.8:53 192.253.83.99.in-addr.arpa udp
US 8.8.8.8:53 konto.onet.pl udp
GB 54.230.10.36:443 konto.onet.pl tcp
US 8.8.8.8:53 185.151.248.13.in-addr.arpa udp
GB 54.230.10.36:443 konto.onet.pl tcp
US 8.8.8.8:53 36.10.230.54.in-addr.arpa udp
US 188.114.97.2:443 braidfadefriendklypk.site tcp
RU 62.122.184.58:486 tcp
GB 54.230.10.36:443 konto.onet.pl tcp
US 8.8.8.8:53 content.evernote.com udp
US 34.120.241.214:443 content.evernote.com tcp
NL 94.156.67.230:13781 tcp
US 34.120.241.214:443 content.evernote.com tcp
US 8.8.8.8:53 214.241.120.34.in-addr.arpa udp
RU 185.215.113.68:80 tcp
DE 95.179.241.203:80 pool.hashvault.pro tcp
RU 152.89.198.214:53 buiwoib.com udp
US 8.8.8.8:53 214.198.89.152.in-addr.arpa udp
IT 185.196.8.22:80 buiwoib.com tcp
NL 94.156.67.230:13781 tcp
DE 176.9.47.240:2023 tcp
US 8.8.8.8:53 22.8.196.185.in-addr.arpa udp
US 8.8.8.8:53 240.47.9.176.in-addr.arpa udp
FR 216.58.214.174:443 play.google.com udp
NL 94.156.67.230:13781 tcp
DE 185.172.128.19:80 185.172.128.19 tcp
HK 141.98.234.31:53 dtnnogd.info udp
RU 62.122.184.58:486 tcp
US 8.8.8.8:53 31.234.98.141.in-addr.arpa udp
FR 216.58.214.174:443 play.google.com udp
IT 185.196.8.22:80 dtnnogd.info tcp
FR 216.58.214.174:443 play.google.com tcp
NL 94.156.67.230:13781 tcp
US 8.8.8.8:53 idmsa.apple.com udp
US 17.32.194.38:443 idmsa.apple.com tcp
US 8.8.8.8:53 38.194.32.17.in-addr.arpa udp
US 8.8.8.8:53 mynorthwest.com udp
US 141.193.213.11:443 mynorthwest.com tcp
IT 185.196.8.22:80 dtnnogd.info tcp
US 8.8.8.8:53 11.213.193.141.in-addr.arpa udp
NL 94.156.67.230:13781 tcp

Files

C:\Users\Admin\AppData\Local\Temp\7zO0DB42A47\setup.exe

MD5 d12036992a5732a9666345b22416b180
SHA1 65aa06ec70ba6d9221b72ebde4b51230f1240bb9
SHA256 bb85e29524d5805a65f2403efddf8c5d7b1ebfa52f4fdc89cff5135ea9457c52
SHA512 6481b233aa9999b1a0ebb7683c2d490827f9fad50ec557629876e180ffb84d9b1905fede49fa20f794dad549e2d872da8101764ee6aeb8e2e800bd8378ce078a

C:\Users\Admin\AppData\Local\Temp\7zO0DB42A47\setup.exe

MD5 3a72d39e15d480c1755fcf660d9e0098
SHA1 cdc823467edcf0e257041edecf0a7a3e83d1968e
SHA256 b2fb653f55c90e472311104ee2fc24e9587ef79db7ee68f254356d6cdbd42aaf
SHA512 99b68686586ebe9c294cea85bd4097129f0c1a34e7c92ba901b434f91566f685892b34fcf4b089e124b936ba83e55baae7f21bd0ce3aa48fd4e4fc0bca630264

C:\Users\Admin\AppData\Local\Temp\7zO0DB42A47\setup.exe

MD5 7f7ad430fd59ca0bd1596c6075e0faf1
SHA1 be3276968eb9bc19d72683793e34394c99945c4f
SHA256 dff1513052fa13da558cc3dc711a2b0220a0c1d3fe6dc01e540909a12ed69ac4
SHA512 39bba52dbf05d684ebdef7ad8f94ec09749de7f329b02bfc343c30b7d9470d64f8b40ee3dc60c64fc49bad3b93fd6d0252042b47bc9d66b041dbff643024ccd7

memory/3848-12-0x00007FFEE1F50000-0x00007FFEE1F52000-memory.dmp

memory/3848-13-0x00007FF672B70000-0x00007FF673843000-memory.dmp

memory/3848-14-0x00007FF672B70000-0x00007FF673843000-memory.dmp

C:\Users\Admin\Documents\GuardFox\mI_gvNqioq4annwcD9ysemiw.exe

MD5 47672f302c228aa3bf0cb40381be2d95
SHA1 6e0b2942a56a468be0808b0e4dce1e7929d5a9f2
SHA256 ab2614304db6c6e2de1d2165d4d3494089aa3ad6eff53013f5ecbb6ea8114921
SHA512 d424b708b185374b130348d1227243c4424d8f2c64369fed7ab2181517ddfc8bee2436667c6b848400afd0a4f09516f7b455f6b76bca9e391e0c53584c1fb979

C:\Users\Admin\Documents\GuardFox\N4ByHol1aP1zRDPKXYfopFb1.exe

MD5 39f8160822d91b38e7cfad71c10419c5
SHA1 4c148703ac69f7f5c7be344566482dca8b8415ed
SHA256 c352ea3be10e598294c717e7e967ecce09bfaff897c13e8c53fe7ddd90a7bead
SHA512 9e712abbb76cc8515ecd59cbfad730256a40db535b867b5ebc0d3abf389c8bdad785fd02f3e0a2eb880a2629e0909bb223a889e5738f934086923a56fa18c318

C:\Users\Admin\Documents\GuardFox\vkLsFF8wTUqMOFpIP8eRUtlj.exe

MD5 c4d96a980e9e2a027b15cbad482064b4
SHA1 aaf0401e73ce637bb85ef8c07473f158f120be05
SHA256 971bce6de729b23f977951b6af0e72d7981ad23b4d38c5b79362c0fde02dd34a
SHA512 1bad8c94ae245e361f89e442893d456db7f2da5c50a2d8cddeec1c2e15ce7a0015b0927632286e2fc989f05a235aebcf857f6c792df1882c8168e73714b17664

C:\Users\Admin\Documents\GuardFox\2xCliBfeVZZKIGfGU0a9VL2i.exe

MD5 dd91319658adb0446eb09eefb79ea04e
SHA1 7a059798673ab2e49aa0bfcb226a4c1c4d0ab305
SHA256 f672719366741948c5c2894956b2fc6110efa36d0064e55afbf9ae5bf7a5a485
SHA512 dc57b7d947ceac25e896fb8ae7d0f5a202eb3643357840204696b973a3e2bf148582f7c76cf1eb7074582bac03b4f2c5d8b5d71da7c16c7093e72b822903eec5

C:\Users\Admin\Documents\GuardFox\gQ2khq2oPm8UNuN0BE1mObhE.exe

MD5 f4928008236081f2fd8336600c49053e
SHA1 7223b99bd212e96376c31828f8475e21d2f6a38f
SHA256 cf9f3d3e379d2d4d2448ec4eac659fa1b3ade336d8fc42466bb8094c01f3e7eb
SHA512 afb3ee0d352dc4fa786acf8ccf6a572235fd1c53da786677fa8d6e16293cdda9d1e3c4a79d53eb8411d557721db058e5e4c8fbd89450959670d5bfc42ad9e987

C:\Users\Admin\Documents\GuardFox\Tfi6c0zK846pscd_QiVC_sCK.exe

MD5 9ed61954837b921dd4350a1571227abc
SHA1 68f2fa934a035aad58a71182019a88a3605fdd71
SHA256 01aa188a1c51f53512543a761903a7dd35aabeacb8d30feede6d040d9bf2eb5c
SHA512 4fba215137b3b79f0814b355f357571742503345977496fa8821eae87519e228c341d23c50f07e96cc1abd2b8c153f6c50a1adef0223657e0482a60b07ab60f8

C:\Users\Admin\Documents\GuardFox\V3f0NFyI6FWfmr5AV__xlqop.exe

MD5 706881d8d165b1a4d9a3ab0d67c3e4e6
SHA1 f61a151dd45847504c57fdd67bda7b953f64d63a
SHA256 168f9eadbce4c601407f7d6470527160a118b2e06661d0ee8a67fa2b05f932fc
SHA512 1e3952961a2285270914a2f70f49075a1c911b1bde2af9c5dcdf18f6f78773ad113d1cc71f3e2ffabc0c6f909cd2d2b16a5d8868d6b1a7e9a0c0108035e6db4c

C:\Users\Admin\Documents\GuardFox\s7jXHzWFkgxu3AD1IzxgGDBu.exe

MD5 a9c6da8c1387f3d4cf04d1d838736a58
SHA1 8e18cdf6be418a8fdea14846eada54ca3c0b7b0c
SHA256 70fb5c3397e7ce4ff71afffc0c1031396f90c81b4c44ea168778e18e2aa06662
SHA512 2a4b7e0aa25f3075cc2dee96fbf05b55e38df8a93377f1a72f4c07599380ac15c1137dedf767d956171bebee495241638865f95a123686686bac922c1ca5f4d7

C:\Users\Admin\Documents\GuardFox\wpBdomuVmkxPB7iC7VtqvewN.exe

MD5 d7c215d443e28dc0fe78c36909d1356a
SHA1 eceedf94f82d252f20ad8eb3dd64fcb9a6c09495
SHA256 d9cba8aea678e19b497b36f3d5f9869dbd042e45759039444581a5234c59ee7f
SHA512 ac66fb796d4025b5b3afc34f4329a6f8bda4688613582543d9b3ae96430ad925152bc2854129cb6070587b7e69a8260f2c84954f55476772296b3e5a4cc247af

C:\Users\Admin\Documents\GuardFox\Qf6_IzA3ir_PmstIbYl157jb.exe

MD5 e3a208ea7940f33acf984bbf7d7b780a
SHA1 a0721f4244a5136833d53ff270f4370507c0e59f
SHA256 4c2a883f4d0a6063239afa3e895c104f07754956567b74a3333d36e7b5ff73fd
SHA512 3088cb403004e3c9cb12aea016a3b9b2cd527e2f321966b2ee027259bdd58fa4a5e4f3efd36299a4349f5fe65e6c21f439c9c2a980f393b0bc2babe95de69574

C:\Users\Admin\Documents\GuardFox\oDdsh9E66ABPDxB_XRS_18jC.exe

MD5 f72302726bb309e7b7d1e39332a1e35b
SHA1 04d46da9d575a7a9b23c15b5f03c50ed92676819
SHA256 384dbb2a17b4060433b8963ef4241472e83018459e0beb644a908c677ba55dd1
SHA512 3f9e1c41f552991aa46543afc30e83821aa00eb06d1baacacfd717d0cb77f5f0a8fbde186f073640a7834a413d3ad394f4cbca1d1f49435f46be6ea460e6c7c9

C:\Users\Admin\Documents\GuardFox\D_APImN5oy5eJP9uKhRg0TsY.exe

MD5 4b180285584530feb2e760122d1c8575
SHA1 5ad21f959302a49262c44e816400a23a0c00abc1
SHA256 d8b8a4186530efd1128695f53f9b82168205147c22f5f80621fba714b9cd745e
SHA512 c937c6aa4ee39e4fc90e80bd59450b869b6282ae41e4cd81e3e5f880ba21b6cdc3e29ddd4de92e8c1316e275a34a1c11e18fa1b25711d856069be65df7341d9c

C:\Users\Admin\Documents\GuardFox\RJZ7Z8sIhTloxR_kycCku9hk.exe

MD5 f9064ad1633b51a8fa2031f8324d24c5
SHA1 6122cc575282f51b591f64d23d5b18bf10845cc4
SHA256 b5db212b3ec16758d8a052b896ffe5413b9b72c429a89fc7bd57d66c6407d34b
SHA512 59fba02c70a007897c03e71baf294fbe01f74fa3afb616a40140642ae255cf53be531c98852e45f047e53e5ad003d8301409ad3a554024fbdb4805696717319c

C:\Users\Admin\Documents\GuardFox\bPTb1J3KBJy52lyn8N6bFjgj.exe

MD5 1d41e3517fa3a0ff72bcb53b6f5dffd8
SHA1 a9afcb4818e18ea01a67a40260155d8b1f2448b7
SHA256 bb7cc7e5c51006e0df2587339b8e889b2cc0c544eebd7a7a95ab4f0c7db500e8
SHA512 fe2d3b77e60ecdd5d69131be2ffdac8a218009dd1dfea3b496e64d0e08058369c6fe2d99ef1e837859a4d71736241e60be4df9cb1a20ea860ce133f63121c412

C:\Users\Admin\Documents\GuardFox\5snyhZVV6wq1cxUPVxHWNW4H.exe

MD5 2b669c0308c23693aff9fee14d5fcd5e
SHA1 fada36d7d38eaf096b7ff571606b0a47d82f7fcb
SHA256 63a9cc494a0970d50a06f4427e2979a7e537fd1240225320da8a407973eba65e
SHA512 6a9925c4ce30f6d0e90ddcc4d46cb3ebcc0ac92f7e83385398662ed9ff3b725642cd757974941b48e1c643bd8fb75b3fa14b5ff754ade335c06d560cd3987fc9

C:\Users\Admin\Documents\GuardFox\OuXhK0r7LbBSsNBjve8QLO6v.exe

MD5 b1b661429951047d8431bddb45b60725
SHA1 f79ef08db0321af472a601b36370f542e9bae66c
SHA256 be7930e5ec13ce85e4080295dc491eded65e60549133cf3cdfd9477f926ca482
SHA512 bef26187b69bdc04d58baef9a4fafcfdd6e5a9d433942797b1f8c5912ddd8d01d8ed1f2caba08609f8aa2bc4c09fa89f7638afcd5c8c7a0388fd22c1bfd8faaa

C:\Users\Admin\Documents\GuardFox\LUcpuDviI64eDPmwlrqUNtp6.exe

MD5 fcc835fc2cfa2f2211e69d6895cbfc4a
SHA1 6ea2c61fc8c6eae9c27b7cf8e4f350b6abd30988
SHA256 6bb166b471cacc9e45d8596daf30d94acc2672fca8320324f762bebd1f1677c0
SHA512 6f803622fbbf33e23eddccd4af12464adf9a2b85cb4c256b714bf214390159abf87b5ddf441699196152e4804c1e8c4b64839eb2bc8c752521cc9cb0b5671d1f

C:\Users\Admin\Documents\GuardFox\mIUOu2UkJZOTEYlKTi63Cco1.exe

MD5 12eb02836348005abbb6567cfd3a29e3
SHA1 65947f4907f3eb421abd3f08044f788c93eeb821
SHA256 8147f977a920ee24e4ed2c088df65b3f8a57f033b042a31881f688b10eae2fed
SHA512 c8db4029b77373950d21a5fc44bbe5b05d1378f49fefb354d20b8272b3950d714f785d06061a8898a52bc8b16348bc7c99972a2946cd5a900987b71c46670905

C:\Users\Admin\Documents\GuardFox\1eyuFYYQj7cnGYLLsH0H9pge.exe

MD5 130eeab55a2245cc1c2d850d71652b3b
SHA1 c4ae4b0fe442381fc59f041361f2e24b90071cf2
SHA256 19814b9c35221a1bec5d5663f98a446ed552a3513e0d5c7336bad36656178f87
SHA512 5989efdef6b53563eb21b35bdb91e3500c99341cf97cdd19a0252e8189c901bb84215db311a06c0d1698553c81a3da2626425e413fadf30d3fa67251cf9f19ea

C:\Users\Admin\Documents\GuardFox\41P6kP2rmfTbazDiQciOkORC.exe

MD5 a8ff0c5dc167919fdf4c48e1b40505e2
SHA1 f0afcb53731164d49827f500d3fc34d0a4dbb7f2
SHA256 9c11e2dd8b842d15d8b88067482dc58f17f367312bf915bb1b8432bcea016e81
SHA512 20cf3749eedfbb362547f946c61c1e7d5a2a9930809caaeb48e314e7e67680052c8587ca4a347c996d89c870fe9c14eb0f43bb252fae6ebb1938cbcc476690c6

C:\Users\Admin\Documents\GuardFox\3fd4KLJSuPPDFDaUVCt0Uaa8.exe

MD5 e1670e696d5ca1a8f22c071d65416921
SHA1 a48621f7a300832f52d2350c334d4d71e8354f5b
SHA256 98e08fb00d9450bbd85eccc399b261ad661de4526cd53a250c64b9754663f66b
SHA512 1f13b25cde5e987b5723e32af49a4221a94dc369003a94cefc6129bdbae0197f50fd54287eaff3a5c748d8d8290b892e91d6617033e15ec2d4e282867ce4c6be

C:\Users\Admin\Documents\GuardFox\W50T5vJfwnObYgvRQ_zjePcL.exe

MD5 37b620307009672777b856e2fbbfe282
SHA1 04c3d73e9d84e735b85623ab79e6d14037885a33
SHA256 02bab340575c33cec5c26c5f47aa38abaac2cfaa50b091d565b5638af95a6b35
SHA512 07012f0f7583546987f88c0d612c73ad15722681b6954a7150e48c18f16759802d71ca4f1b42704ff1b7c8154c4254eda9479a860787af3fd1830a53bc55d11e

memory/3848-184-0x00007FF672B70000-0x00007FF673843000-memory.dmp

C:\Users\Admin\Documents\GuardFox\FeOLmNQZhbd9Tfw46pqtxvsp.exe

MD5 e4d8453dc698c38c498b46954b79d3d1
SHA1 b0a93ff6b9eca8c8182486fd25ba161e30b6f3bc
SHA256 8625c1025774ba43c3378c7d4a8aa48a3b9f691a0523cdc732a321b30e1a9b3c
SHA512 d8828a55ba3b83ef968f43dcec62c5b7bcd171f8e5dc1c3bd95baa4e01910fdfb9f2220e2fda1f6ae3d06eaeefea87003f361e8e426c073a77f290fd6f668d28

C:\Users\Admin\Documents\GuardFox\LUcpuDviI64eDPmwlrqUNtp6.exe

MD5 15cb91c3e5b85e99ebda9714493bfb60
SHA1 c37a1e9b36413ef9f7465a95490cd74dbbdedd64
SHA256 09d7bf5a2be598a7f0ce48921d0d168b11907620eb5970d29338e86ad769dc9f
SHA512 bc944d815189eb55c209b1c09ef083a722294d6c677437ccbab17e9b4c3f0893a2741700f09ec4b6d73345f2c6ce123e5c49f412950b3320b6c6a97ce893533c

C:\Users\Admin\Documents\GuardFox\3fd4KLJSuPPDFDaUVCt0Uaa8.exe

MD5 4fa9ecca444ad5bc36760e8b06d0caec
SHA1 35876b655f8b4cb90e74df09acf6247a7795431f
SHA256 3d31185b39afdd6667d03b734b9c3e3359a42e041ff43556be3c11948bf442bc
SHA512 cc1af8af764accded16d8ff9e3f675fc12f514b7b09fdfe1ebdaec6812db5e305a8d06d14a3e1ae230d7e66c00bff5cf4127497f7f7f18f4fad067294fc545f6

C:\Users\Admin\Documents\GuardFox\Qf6_IzA3ir_PmstIbYl157jb.exe

MD5 142f208665bfc89c2a7bdd12d9ef0ea9
SHA1 5c8dd16153201fd562105de001c879647e7b4aa8
SHA256 fde2466b4c7189d7bf55dee7a66106a65f6ed2840434684e1bc535c492eb088f
SHA512 4af383a3cbfafcb3f543824473d7fdbd5aef9a48470e29d7e1260dca77e4ddbc5616b7ae2f672206a9a5714520e2522ce90f94039eda195f01128a84e5285f3f

C:\Users\Admin\Documents\GuardFox\41P6kP2rmfTbazDiQciOkORC.exe

MD5 4ae61ebb596d22effc3a1e02befadd2d
SHA1 01e57d6d73fa5781e4d65f9c8974241c84e8a2fa
SHA256 f71f1a2efb7d348c28070beba1277792c9f3bd6517a279bef3490c1fea7e119b
SHA512 636b3adaa3aa1301d7646238e60ac86098f348d41f18c1c450d8b3b2b172c16a4140e447004fa80898e96e4a303ac57a13e2e77dee2503d53b5d60e8602dd086

C:\Users\Admin\Documents\GuardFox\D_APImN5oy5eJP9uKhRg0TsY.exe

MD5 e0a8dc3047c36584f8e33034305c668c
SHA1 022f7745fab24e654c07da961f970172cf734633
SHA256 161931d1dcbcb4732dc7b10a11f513378e2cbc3faa31402e717d3cf5fd7a50e4
SHA512 472d979de500cee57bc83ba891bddf2a5da8c12bb091c46950adc67e503ec85ddde6dd1722540e6533d2c1b65eee877b02cb162836c08f1aead4c2e8610af284

C:\Users\Admin\Documents\GuardFox\1eyuFYYQj7cnGYLLsH0H9pge.exe

MD5 a0c0ad77d0b52a539d412cf6f647910b
SHA1 f6c73239fabd529d1af860f0ae821ee319fcdc33
SHA256 5cebffd457ab8dc04167bc08529d625e98534620e262fc71d85c3d278d81a306
SHA512 1adfbfc74de02e49c070845e204b87446b6efe4fce3d6add4543a0165f7a0ed659e4776640a9b209448d9382d1688d93a285585b7aace4ffe202a42499e67daf

C:\Users\Admin\Documents\GuardFox\oDdsh9E66ABPDxB_XRS_18jC.exe

MD5 8e80745a15dfb5b28e54781c7a4db1d9
SHA1 22cccdf06bf069bfe589a53ebdff3a9906764b89
SHA256 c2cfc8e693a96252a4e905336ff303c83e5e32a2b897fcd205b13dccf54fd620
SHA512 7d3cf2b39705925fe529891999a41ca166a199147d109199399b09d53d5ebc11fcafca8e30a871f2ac7f692a93fe8869424aa86482a5856d16bbad1b41c1577d

C:\Users\Admin\Documents\GuardFox\bPTb1J3KBJy52lyn8N6bFjgj.exe

MD5 24e0e24c4a44b0f481fdcd3d68e79d24
SHA1 cc0cd1e8134b84e51681a6533bdfa97e36eefc85
SHA256 98e95170df14cac8af842e74e32895fabc3b1ccb632e9be3b38d3dd52208a576
SHA512 1f2659ae1fc78fb4246f33cdc0bd551728688f96955ad35ca41180b48a4ead9ea32bddae3c7c4cb303c77adad9a3321c80deb44173af65d4ffdf57e7b9e6c723

C:\Users\Admin\Documents\GuardFox\vkLsFF8wTUqMOFpIP8eRUtlj.exe

MD5 fd910c47e6ad808c09f1c2ff5151f3e2
SHA1 7b1e7204d37e6d2edf6195ad27c72de9f0e7b32d
SHA256 848853b2da72b10774fd642062ae8d5c39da6b3ddad4fd17587c7b71add0f59c
SHA512 c942cea5285745d9faf650864c756e0cd98edd7ac192c0f8a2e2636483047df91e283abe6a008a2529d8da82e2ec91f0ff4f21212d89edb3e9b6ad637c51e62d

C:\Users\Admin\Documents\GuardFox\s7jXHzWFkgxu3AD1IzxgGDBu.exe

MD5 452de4aa7e019e2083183535ba02bff6
SHA1 2b1c86f9e4724867641711e27c7d5853b84ac4aa
SHA256 b325bef0022cb631c1b34d2f2d520d255f2899e69db9eae6f8df9b1278f177b5
SHA512 fe4e3fcfa598b70c6a221c3dd38fdfb09cc593d450251ab33398f4164dfa4b5619209a0aa14ad909dd1fcf33ce6d7e7428c7e18e2d56cce6f883239d77513d87

C:\Users\Admin\Documents\GuardFox\s7jXHzWFkgxu3AD1IzxgGDBu.exe

MD5 1b57bd1756ca7eda6736d413c8ce98c3
SHA1 e96c3846299241bfef8d410fb3c8a00b4bb5700f
SHA256 dbba50c9d94e50ae187e812140bc0f831029d885f3743ee2a1dd591f1815cb50
SHA512 c80578bd441f78062c139a72df7fe5ca1baf52533965439c1d528216a0822c455b7618bf92541f121a5959227b85eb74d1206f6db94414b9b63e14bd379f0d27

C:\Users\Admin\Documents\GuardFox\FeOLmNQZhbd9Tfw46pqtxvsp.exe

MD5 0570e6779da5d31fb53c123b74683e62
SHA1 006ffa823b94c346c635b35380c966570365e073
SHA256 ce78198cc0eed040cea1f6a428c2a1ea090105768472104442681e12dfb08b21
SHA512 be36e8320871a9961f09085f89d56d8435b0c4f4a18af9ec541f029a431bdfd6030ceefe3e2402d6cf308b93fd212aa7cca90126398b818f4bf9bc195caea2ce

memory/6504-765-0x0000000000F90000-0x0000000001470000-memory.dmp

C:\Users\Admin\Documents\GuardFox\2xCliBfeVZZKIGfGU0a9VL2i.exe

MD5 b7194edee98c8493cba9548fc9f2e212
SHA1 7ffec719884d2331f421191efcc3aed7666d7371
SHA256 91106be2ba52c3a7fd4835f6b596a905720c2201ac7a6ba38a642914a6265d14
SHA512 e874a1faf44d7bb4ded562d4716675f813f8eb452d7ce9569e08b334ee8b5d6102c4aa255dbd5a3299c9f1d15a05f3b2caa6c52d5f296f4f46b9f7d798e777f0

memory/6496-767-0x0000000002B50000-0x0000000002B7D000-memory.dmp

memory/6576-784-0x0000000010000000-0x000000001001B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-SK8VJ.tmp\vkLsFF8wTUqMOFpIP8eRUtlj.tmp

MD5 fd404e281595ef86b88fb1310e4b0fd0
SHA1 f48a1e77ab44fa02be9c9fb5d445457366b40200
SHA256 656d0ff9e13e9495621d8d0e5fd8685a529738fb28f92177c14dcadb337b7bf1
SHA512 a8e0f2775ded2966b6a6f6fa980f6e3984c2e194dbb9a4e121bb168e4d1bb90f9e32a54b7991b6105eee6d5133b9f65d55c67854bdb17a098ad0ac9c993a6a9c

C:\Users\Admin\AppData\Local\Temp\is-SK8VJ.tmp\vkLsFF8wTUqMOFpIP8eRUtlj.tmp

MD5 518fa383a3ef116185ee29c8248eccbe
SHA1 8f3b867b5a81b579d4ae70ab5fa97898097ce998
SHA256 2b2f318063e60c986b638e687c785d0adac705ec3981b34a13bb53525d1006bf
SHA512 bc5e82244f2606acabe9a41dd4a063b5ecac7f35d9251cc2f8875a35738e65365d585f964d7040fbd01e3860ee3352ff8b4ed7c78f71e26caf716bb89d52189c

memory/6548-793-0x0000000002DC0000-0x0000000002EC0000-memory.dmp

memory/6496-791-0x0000000000400000-0x0000000002B09000-memory.dmp

memory/6512-847-0x0000000000400000-0x0000000000414000-memory.dmp

memory/6576-848-0x0000000004240000-0x0000000004E68000-memory.dmp

C:\Users\Admin\Documents\GuardFox\RJZ7Z8sIhTloxR_kycCku9hk.exe

MD5 8f39242b095498dafd9c4db29653079d
SHA1 6db79f004e011232fdd7888518e0f716e443e34a
SHA256 69bd4c5caea68caf35307feb95691da5158fd6adb64abb5685f324cc1874c973
SHA512 3cd0b03e585087c198530f069af55dd730a631a7191e0f30b971f8702918ff21d9e52539054fbcd2fe5ff7a5faf118ba87b155d8e1fd85cd9f8b7b6e989bad0b

C:\Users\Admin\Documents\GuardFox\RJZ7Z8sIhTloxR_kycCku9hk.exe

MD5 430165f3a243736f0ad3d9694b13ef35
SHA1 0070f72a95e6116af0b1fa4d8e7382c6bdd8670e
SHA256 848b3a84a0ba5fc9bfbfd38ba8881ccbd90bea7d324f4358cf7314da74acd639
SHA512 1768a5a607aa79a94f7e1fe16621976a1d7922258fa424544fe639815ccd120370b1224793985dc346ce4d96e8b8d09c9003895fd750601f48873175d23e6b00

C:\Users\Admin\Documents\GuardFox\LUcpuDviI64eDPmwlrqUNtp6.exe

MD5 468661765f6b3751b70aa9144d146b67
SHA1 e28b6a317efc18a3e22909683b81aefe96f84858
SHA256 914bfaf29abf3e073b9f954cc34e8881da9282fb9ee4da1cce774703efd55a11
SHA512 4e27996f10f84ed696732dfb3dbbbd2baf3ce9f232f0b5a7b803444eb9b8876e691554b6bc281727b4b45409c7651109756f690ed44d772a44fe88bda8e06cda

C:\Users\Admin\Documents\GuardFox\D_APImN5oy5eJP9uKhRg0TsY.exe

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Temp\GP0TrIML.0

MD5 2e542744e9144d53d3776f6e994a58e3
SHA1 f77628102a0dacdce23c4c7ebfee53a9d56526cd
SHA256 84e0419193a7764b678fcaf1fed73c5d6877d7981823158ffaa9207cda6b4eae
SHA512 b33a1aae3c5f20e4aac4f7b8378eb6cc920041c7b81d748886a232ab9b88467ec1107ad9b89b40351cf9e3ab2c4423bd9ec4ad832460055763deef5ef73e7848

C:\Users\Admin\AppData\Local\JS Base Classes\jsbaseclasses.exe

MD5 3a1a6823753036677867655057fa60e0
SHA1 9ce990c98d85d2808d1487e87c0292aa8c66d8e3
SHA256 b1ff49e49dc1175254f0a82eb3e3d8231790ccad521247ac05b7e1bbe57b92d9
SHA512 fbf49999e7ccc70a172abddd28e78859127484b80378daf2779067fed7d3247758066dd2b0d8c7a9090a2f00f7bb5041f9e25196d49606e6071282eaeab142da

C:\Users\Admin\AppData\Local\JS Base Classes\jsbaseclasses.exe

MD5 2e47e27a9ebe139811b2be4346e5a32d
SHA1 8eebba3b19dcbe19213075c6668ea3cf82fa9adb
SHA256 dc37799f6e99172be103dcac1c926b8190daa93dcc3bb1a79553ebcd62f42fea
SHA512 441b5bfc92e5b1c37674cca0ed8229e450804eaae3f686e4f39941ff3987012011eece7b2bd5e577c3bde1a47fd8c828b22d1a2c6913c16913377e70a65c2d26

memory/3660-957-0x00000000055B0000-0x0000000005BC8000-memory.dmp

memory/3660-964-0x0000000004F90000-0x0000000004FA2000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

MD5 60fe01df86be2e5331b0cdbe86165686
SHA1 2a79f9713c3f192862ff80508062e64e8e0b29bd
SHA256 c08ccbc876cd5a7cdfa9670f9637da57f6a1282198a9bc71fc7d7247a6e5b7a8
SHA512 ef9f9a4dedcbfe339f4f3d07fb614645596c6f2b15608bdccdad492578b735f7cb075bdaa07178c764582ee345857ec4665f90342694e6a60786bb3d9b3a3d23

memory/5328-978-0x0000000000400000-0x0000000000537000-memory.dmp

memory/6520-980-0x0000000002C40000-0x0000000002C4B000-memory.dmp

memory/3620-986-0x00000000019F0000-0x00000000019F1000-memory.dmp

memory/3620-989-0x0000000000B30000-0x0000000001477000-memory.dmp

C:\Windows\System32\GroupPolicy\gpt.ini

MD5 7cc972a3480ca0a4792dc3379a763572
SHA1 f72eb4124d24f06678052706c542340422307317
SHA256 02ad5d151250848f2cc4b650a351505aa58ac13c50da207cc06295c123ddf5e5
SHA512 ff5f320356e59eaf8f2b7c5a2668541252221be2d9701006fcc64ce802e66eeaf6ecf316d925258eb12ee5b8b7df4f8da075e9524badc0024b55fae639d075b7

C:\Users\Admin\AppData\Local\JS Base Classes\jsbaseclasses.exe

MD5 502aabb5704be5e7f2dd810bd6751a13
SHA1 ebf0f3ec80ab00fcca2c3284708a60ddfc71c0d4
SHA256 b5ecd5b1be57a0431176f1372700427dee7b1dd4781e5f9a2c6612e2fe6a92f0
SHA512 2d29c7729940dfb194803cadf7473926a9b5bc8861f2d45c5f65a8431cdf95a54a12c12d3edf5ada5132ad920af6d4b31ee7a3ca32dbb56aa5ceb7ec0cc299ee

memory/6520-1005-0x0000000000400000-0x0000000002B02000-memory.dmp

memory/6528-992-0x0000000000400000-0x0000000002B02000-memory.dmp

memory/6536-1011-0x0000000002DF0000-0x0000000002EF0000-memory.dmp

memory/6536-1015-0x0000000002C20000-0x0000000002C3C000-memory.dmp

memory/3428-1018-0x0000000000680000-0x0000000000681000-memory.dmp

memory/3428-1023-0x0000000000690000-0x0000000000691000-memory.dmp

memory/3428-1032-0x0000000000D50000-0x0000000000D51000-memory.dmp

memory/6536-1033-0x0000000000400000-0x0000000002B02000-memory.dmp

memory/3428-1036-0x0000000000F90000-0x0000000000F91000-memory.dmp

memory/3428-1043-0x0000000000FB0000-0x0000000000FB1000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

MD5 8202a1cd02e7d69597995cabbe881a12
SHA1 8858d9d934b7aa9330ee73de6c476acf19929ff6
SHA256 58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5
SHA512 97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

memory/2492-1056-0x0000000072110000-0x00000000728C0000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

MD5 91027d074638a69039763a7b526e198e
SHA1 82d54c51081bd3f686403acbfa5a2191480c1dd6
SHA256 898bc6024aeae74cf45e1d44e776c59204930caeb19d9edb3e2510ebc779e91b
SHA512 d9dd7c13472d2d7334b56a8e75c43f68c806ffb504833566424f5dba8cc3c6cf1429fb3c0a187affb6e894c52bd9bf1fa34621fa077d5cf7acf96739a61f4ba4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 6c497acfc2739658cec5893324a1d125
SHA1 5c09d24836817c95976eeea0cc484248a63d92a6
SHA256 10252cc794cde61332c13c3663447cff7ed487b0968c9f9fc2283b329ca4861d
SHA512 c49b035beb4f158edba5594caacfca51b8d9a9ef1bfc0b1e8819654c97e5e27ac4712ec58d06b7311f5315780e73eea6f6a7d15f179f3500a4454dd0912212a3

C:\Users\Admin\ynfmrpum.exe

MD5 96dfe06d7fd4110a6dfd0f24e88711a2
SHA1 61ca7aad57420ec5f60b1cb3d131d3f41bbc3eb8
SHA256 597b57e04d3c25bf6b9212ec599747827c5f926bd1da022afe3559264c3af14d
SHA512 50d48d8e077c72e6f35052b022a8fa90abcc104d065ad4dffab03f1a6a0c7f3625b2d35d65c278d1d09741e33337b651abd790a2d95bb1cf0f58570e480d2a30

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 c38a1c0a39ac533153743256d59c95f2
SHA1 d6f85b5113a731fd2b91dfc8d4f346cfba402d48
SHA256 77408e7b3f58b61a8c68ba01529f73fa813d9762a7dbf539e1689779b4a10fd3
SHA512 6e3b61f36547ac90e7fa231f6123904ba21de501cd9cef5bb56dbe21aabfc227401db276aa28a3f5642610b50384e27b4f65cf133d6012d3bdf88fc324f4726f

memory/3660-1097-0x0000000005E50000-0x0000000005EC6000-memory.dmp

C:\Users\Admin\Documents\GuardFox\qdAe7E7fh0Zk78FmVsau491c.exe

MD5 17f1c0e7c90a60598425bfc7a6acf596
SHA1 eb2629f15f9fb245ef2116455e760107a1277189
SHA256 f72faab40fb780cb7d43ac4bfed21d9d236ca3b9c551ad93da6b6f02070bd536
SHA512 f5bbb7aac3496ef7f92c0ddec08fb231eb040f392fc851f9496af3cca2dbafc4a3d772e318eafefa8938755031ab5b99813055c6074bc9f9401af643b334c534

C:\Users\Admin\AppData\Local\Temp\nseEAED.tmp\Zip.dll

MD5 bc21aba24cd758056b02b30a7a6ace35
SHA1 96b2587b9bb9ecfd049c2145c1b9fb13aa07931a
SHA256 d907c2a004c59c4b4c28619e29ea5c0c07771d18e28024fede300f32de21a247
SHA512 029069cfeef36e39c0a1c734e693bbc7ad1e48bf347f295202a6d0a2603b0b9add066f6c141d1c6941a622434bf2b6058eeb9e556db322c26c25347a267f45ea

C:\Users\Admin\AppData\Local\Temp\nseEAED.tmp\Checker.dll

MD5 2ed9465746826cebc2cc8b3ea2d88c6d
SHA1 95b990efd0320f8eeb1cf656841b557e0d494dc5
SHA256 7b88ce4e76e91f75c1d42aba6ed087b1caf240c84e3c5cb4084291682e7fe102
SHA512 31dcac16dfdf4f70a54cd59ae45483cb22facae8e61197b45a15340b72b9f7c901c3276b4057419161955e28e5165e920577b9e6b3ad86d539714fba4b5ada21

memory/3660-1158-0x0000000006D00000-0x0000000006D50000-memory.dmp

memory/3660-1171-0x0000000007B40000-0x0000000007D02000-memory.dmp

memory/3660-1172-0x0000000008760000-0x0000000008C8C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\jobA4cMlmaw5ZNYuw5\UPG2LoPXwc7OWeb Data

MD5 b5fa3d161f3242b95ba57cd3e8613f52
SHA1 59fef6f23ec33acfd225401f70d6a275cfea7974
SHA256 a97802ff95f22100815ec916c557200032b7d591dcb29a8a0f3ce6bdf56aceec
SHA512 5f403b5786834f63a2699dfe6c13e1f7111253e6242e70d7d1c17cd8d1246b9d16a9b896b509071ed93c36d393b51d969606d366cf244096b905d0143ce10959

C:\Users\Admin\AppData\Local\Temp\jobA4cMlmaw5ZNYuw5\oOPEmFmu_xsJCookies

MD5 c9ff7748d8fcef4cf84a5501e996a641
SHA1 02867e5010f62f97ebb0cfb32cb3ede9449fe0c9
SHA256 4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988
SHA512 d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73

C:\Users\Admin\AppData\Local\Temp\jobA4cMlmaw5ZNYuw5\8ghN89CsjOW1Login Data For Account

MD5 23b4775e0cfbcfb72effc68adb4e0fec
SHA1 430795acb0238d6475b83707aed398cdf63eeea9
SHA256 7d26e792cdd5e8436fdda4a13ea72ac228dbb3b10eb8a217d202beb140ff2868
SHA512 98c81b687e9f1385edefa5ef787f2ff6f2dfd9aac50794458fa937edfa51517efbeed9b149d57b435e73e1567bf75dba3242a4a70189445bdedba5a6a31039ee

C:\Users\Admin\AppData\Local\Temp\jobA4cMlmaw5ZNYuw5\D87fZN3R3jFeWeb Data

MD5 17a7df30f13c3da857d658cacd4d32b5
SHA1 a7263013b088e677410d35f4cc4df02514cb898c
SHA256 c44cbdf2dbfb3ea10d471fa39c9b63e6e2fc00f1add109d51419b208a426f4d0
SHA512 ea96cc3e2a44d2adeca4ecb4b8875a808ef041a6a5b4ae77b6bfd1600dd31f449b51b1a5997064c43e5111861ac4e3bc40a55db6a39d6323c0b00ff26d113b72

memory/2804-1283-0x0000000000140000-0x0000000000148000-memory.dmp

memory/3660-1284-0x0000000072110000-0x00000000728C0000-memory.dmp

memory/1316-1299-0x0000000140000000-0x0000000140876000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\jobA3cMlmaw5ZNYuw5\information.txt

MD5 768b5caf580bcfc32648f3954bf8c122
SHA1 dc304f5a1daf190ff1fa95726c1587bb0502b7e6
SHA256 ac90611b2968c1b78678dacb524f1ec1434af7c4c6498863206c96e16ae2963f
SHA512 73423a844d0aad9d0eaa4c2cba4e4e55dd7b0e9effa5de428adbf230670177213bb71a70d74ed2b7eb8206915347d16d69e8a79de9780816af8ab514266dbd2a

memory/6608-1301-0x0000000002BF3000-0x0000000002C09000-memory.dmp

memory/6608-1310-0x0000000000400000-0x0000000002B02000-memory.dmp

memory/6168-1320-0x0000000002E1E000-0x0000000002E33000-memory.dmp

memory/6548-1322-0x0000000000400000-0x0000000002B02000-memory.dmp

memory/6168-1326-0x0000000000400000-0x0000000002B02000-memory.dmp

memory/1636-1328-0x0000000072110000-0x00000000728C0000-memory.dmp

memory/4680-1330-0x0000000000DB0000-0x00000000018A1000-memory.dmp

C:\Users\Admin\Documents\GuardFox\qemu-ga.exe

MD5 a5ce3aba68bdb438e98b1d0c70a3d95c
SHA1 013f5aa9057bf0b3c0c24824de9d075434501354
SHA256 9b860be98a046ea97a7f67b006e0b1bc9ab7731dd2a0f3a9fd3d710f6c43278a
SHA512 7446f1256873b51a59b9d2d3498cef5a41dbce55864c2a5fb8cb7d25f7d6e6d8ea249d551a45b75d99b1ad0d6fb4b5e4544e5ca77bcd627717d6598b5f566a79

C:\Users\Admin\AppData\Local\Temp\1000120001\e0cbefcb1af40c7d4aff4aca26621a98.exe

MD5 90723e082e5feb17e171934197b10bf3
SHA1 187f5f96c9ea7e5d71e215f43e2eaa27ec4b2b19
SHA256 d62a5f615a9c35db1d649c43ac35d48e2be18f000a9f10ae76c1dd4a4c790061
SHA512 0e043a6ca1ed8c301575dc7bb4494d0395d156b64246724dc5ff56e762af3883b429e6d536cc84fc85be91a71ee15536ed26fd460e3855eb68f282f07485551a

memory/3044-1351-0x00007FFEC3960000-0x00007FFEC3AD2000-memory.dmp

C:\Users\Admin\Documents\GuardFox\LLimlFp9YK2qkzzEv1DTi0uG.exe

MD5 a0dab6293bb88372ae61e94774996db8
SHA1 75d499acc1f68e053ba383a443fdc89e1fb2ea99
SHA256 b7fabd4a3d3476d37712195837e708650701d9c619271a54c57af7bf03adc6e0
SHA512 a0421a8b2b6d6c8f3c3576f07aa68e5a9657e49523ea02ba243c0bf870a3223a296ef8d4b47cf30411d6ac28560a3a0abd3fafff7b02e3f1e5c8d08ecc37f644

memory/5636-1358-0x0000000000400000-0x0000000002EE6000-memory.dmp

memory/1976-1360-0x0000000075A90000-0x0000000075B80000-memory.dmp

memory/1976-1361-0x0000000075A90000-0x0000000075B80000-memory.dmp

memory/1488-1392-0x0000000000B90000-0x0000000000B96000-memory.dmp

memory/1976-1416-0x0000000075A90000-0x0000000075B80000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\jobA4cMlmaw5ZNYuw5\02zdBXl47cvzcookies.sqlite

MD5 d367ddfda80fdcf578726bc3b0bc3e3c
SHA1 23fcd5e4e0e5e296bee7e5224a8404ecd92cf671
SHA256 0b8607fdf72f3e651a2a8b0ac7be171b4cb44909d76bb8d6c47393b8ea3d84a0
SHA512 40e9239e3f084b4b981431817ca282feb986cf49227911bf3d68845baf2ee626b564c8fabe6e13b97e6eb214da1c02ca09a62bcf5e837900160cf479c104bf77

memory/5700-1467-0x0000000000400000-0x00000000007A3000-memory.dmp

memory/1976-1418-0x00000000776F4000-0x00000000776F6000-memory.dmp

memory/6584-1474-0x0000000002D60000-0x0000000002E68000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\jobA3cMlmaw5ZNYuw5\passwords.txt

MD5 cb415a199ac4c0a1c769510adcbade19
SHA1 6820fbc138ddae7291e529ab29d7050eaa9a91d9
SHA256 bae990e500fc3bbc98eddec0d4dd0b55c648cc74affc57f0ed06efa4bde79fee
SHA512 a4c967e7ba5293970450fc873bf203bf12763b9915a2f4acd9e6fa287f8e5f74887f24320ddac4769f591d7ef206f34ce041e7f7aaca615757801eb3664ba9a4

C:\Users\Admin\AppData\Local\Temp\jobA4cMlmaw5ZNYuw5\l6w3NVXsgpmDCookies

MD5 49693267e0adbcd119f9f5e02adf3a80
SHA1 3ba3d7f89b8ad195ca82c92737e960e1f2b349df
SHA256 d76e7512e496b7c8d9fcd3010a55e2e566881dc6dacaf0343652a4915d47829f
SHA512 b4b9fcecf8d277bb0ccbb25e08f3559e3fc519d85d8761d8ad5bca983d04eb55a20d3b742b15b9b31a7c9187da40ad5c48baa7a54664cae4c40aa253165cbaa2

C:\Users\Admin\AppData\Local\Temp\jobA4cMlmaw5ZNYuw5\o0qT3dWYBP7ZHistory

MD5 9618e15b04a4ddb39ed6c496575f6f95
SHA1 1c28f8750e5555776b3c80b187c5d15a443a7412
SHA256 a4cd72e529e60b5f74c50e4e5b159efaf80625f23534dd15a28203760b8b28ab
SHA512 f802582aa7510f6b950e3343b0560ffa9037c6d22373a6a33513637ab0f8e60ed23294a13ad8890935b02c64830b5232ba9f60d0c0fe90df02b5da30ecd7fa26

C:\Users\Admin\AppData\Local\Temp\jobA4cMlmaw5ZNYuw5\KvHrxJ77cmUgLogin Data

MD5 349e6eb110e34a08924d92f6b334801d
SHA1 bdfb289daff51890cc71697b6322aa4b35ec9169
SHA256 c9fd7be4579e4aa942e8c2b44ab10115fa6c2fe6afd0c584865413d9d53f3b2a
SHA512 2a635b815a5e117ea181ee79305ee1baf591459427acc5210d8c6c7e447be3513ead871c605eb3d32e4ab4111b2a335f26520d0ef8c1245a4af44e1faec44574

C:\Users\Admin\AppData\Local\Temp\jobA4cMlmaw5ZNYuw5\02zdBXl47cvzHistory

MD5 0037ddfb0b20ef414e4fc64f364393a6
SHA1 709d0fa57f26de533a3c51015e4736b7cf5b338d
SHA256 7c34594911e1b56b7360b9af0ceafe888e55763166580d79d80710dcd79989c2
SHA512 e7cea8454fafcbc18c475ff7b7fa94c92a160e8f351131016123a0c925de60454e36e292c599a2e5aa0426c54813263113beb49d6235a5813fc5387ca8b6a2c4

C:\Users\Admin\AppData\Local\Temp\jobA4cMlmaw5ZNYuw5\D87fZN3R3jFeplaces.sqlite

MD5 4791ef3260f351e41660632b26fef5ff
SHA1 51dc61bd0f2675d4910ce59a7dc101c71ef0718b
SHA256 49d79106127137e088a9c3c29f9f2edf3f756f476e96ff421ca9831b87381a09
SHA512 03b59853f1739daaf83bf4a24a3c45701b6f7a1acaaa8bbbe96e2b2c69f2c973103462f1add2cf754bb3a312fb829b3159eff2b5bb0b60aeeb6339f26d897eab

memory/1976-1359-0x0000000075A90000-0x0000000075B80000-memory.dmp

memory/3660-1123-0x0000000006070000-0x000000000608E000-memory.dmp

memory/3428-1039-0x0000000000FA0000-0x0000000000FA1000-memory.dmp

memory/6044-1037-0x0000000000400000-0x0000000000800000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\jobA4cMlmaw5ZNYuw5\XWd9qvVELZMjwcqOZjmU.exe

MD5 8c0edffaed20745550b326e1207e22f3
SHA1 262f9e21fd0e210db2244ea9875320fb9f15d10b
SHA256 913c82e423f13bf4fc012618a11e8edf555e46e727ee9e95b985498505d6b3d9
SHA512 c7acdc26fff8e831346610e843194b5259418f5c41da476cf3ca57da2a031ee839b4719dc0ed0575ab607ae0e0f8b6001b56f29ecf19b32df6752a04ed885b93

memory/5812-1030-0x0000000005390000-0x000000000539A000-memory.dmp

memory/6044-1029-0x0000000000400000-0x0000000000800000-memory.dmp

memory/544-1031-0x0000000072110000-0x00000000728C0000-memory.dmp

memory/3428-1027-0x00000000006A0000-0x00000000006A1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\jobA4cMlmaw5ZNYuw5\9gJfevlMlkJeKeieYMHt.exe

MD5 ef5e7927e56e9b503dc9272dce0331d6
SHA1 096b3e375da3eb8181d25272235d68a169930414
SHA256 d6a3089882ae55bd890bf5237a59dc254fd4838d75c0e1c4e088430e8779ecbf
SHA512 20632a5c936b05e8c936c2a966641e2e989c86a0075d52c8ce0d81dacc9586bcd6a09053dc63efde44973f5af48028944a6fdc920d412f61c8473922cbc11076

C:\Users\Admin\AppData\Local\Temp\jobA4cMlmaw5ZNYuw5\F_3lM0k79M3sSHmsynlU.exe

MD5 bceac5cea6999e89c9df046f42105ab1
SHA1 24c4cc83b7d0601769b5a3037ebfd402b99cd351
SHA256 da4d1b12c3ff6b5b051b1234ecaca16c3c65382c8333eb15b3fb6d9c1f30cb62
SHA512 1f7d078c53e7388f7bcaa5da5aab5883e63509909110cd0cf4ffb65911e9f1e119b88f43e548d0efebf336ecb767fe208243e91f49d2f940907d617bc2046e05

memory/5812-1021-0x00000000053C0000-0x0000000005452000-memory.dmp

memory/3848-1017-0x00007FF672B70000-0x00007FF673843000-memory.dmp

memory/4680-1016-0x0000000000DB0000-0x00000000018A1000-memory.dmp

memory/3660-1019-0x00000000052B0000-0x0000000005316000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\jobA4cMlmaw5ZNYuw5\Iz_S403Fm2bKTLLXx7tw.exe

MD5 976bfccd9b5287c28f492eeb056b4279
SHA1 839bb0807aff03462d2308667eb8d3daed27fd5e
SHA256 49cddd1e023b5d03f735f9c9d49b04ca788ca9b950317b1637d6a3e725c93a70
SHA512 a3b0c678c4073ebdb41b12f782a3508f1dfcb27caf1e529985b5713743455eb8ba820034cfb0020dcb4f6aa14a5e8d315bc33c98fef8319dbc19567b9033d7fe

memory/6528-1014-0x0000000002B53000-0x0000000002B68000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\jobA4cMlmaw5ZNYuw5\yGltYkiNd1rGP6ZjRR4q.exe

MD5 84a3d74f903037a7989743e05bc9cfe0
SHA1 6e41efef1dc9dc7190c6e14327b647f53e75d614
SHA256 0e6d050f6f7452bc49f428d8b700dce828275a419871279d99358384c88b52ca
SHA512 8b5aec1d264872dc4641c0045dc2deff21d5b1d72bb1bc278bfc4f12b87b9e9cdcc2827bd1731875f9757b4a22cc683cfbd782eb310b5d373b762bbb9925273e

C:\ProgramData\Are.docx

MD5 a33e5b189842c5867f46566bdbf7a095
SHA1 e1c06359f6a76da90d19e8fd95e79c832edb3196
SHA256 5abf8e3d1f78de7b09d7f6fb87f9e80e60caacf13ef3c1289665653dacd7c454
SHA512 f2ad3812ec9b915e9618539b0f103f2e9acaad25fbbacd84941c954ce070af231324e83a4621e951c1dbae8d40d50410954e40dd52bbd46e34c54b0d1957407b

memory/4680-1013-0x0000000000DA0000-0x0000000000DA1000-memory.dmp

memory/5812-1008-0x0000000000400000-0x0000000000454000-memory.dmp

C:\Windows\System32\GroupPolicy\Machine\Registry.pol

MD5 cdfd60e717a44c2349b553e011958b85
SHA1 431136102a6fb52a00e416964d4c27089155f73b
SHA256 0ee08da4da3e4133e1809099fc646468e7156644c9a772f704b80e338015211f
SHA512 dfea0d0b3779059e64088ea9a13cd6b076d76c64db99fa82e6612386cae5cda94a790318207470045ef51f0a410b400726ba28cb6ecb6972f081c532e558d6a8

memory/1976-985-0x00000000008F0000-0x00000000018A3000-memory.dmp

memory/3660-983-0x0000000005040000-0x000000000508C000-memory.dmp

memory/3344-984-0x0000000002FE0000-0x0000000002FF6000-memory.dmp

memory/3660-979-0x0000000004FF0000-0x000000000502C000-memory.dmp

C:\Users\Admin\Documents\GuardFox\1eyuFYYQj7cnGYLLsH0H9pge.exe

MD5 87ba288f14fbf826d4cf061d9f8e72ed
SHA1 ec1f877e40b5e8917953e54eb51834a15335aa6e
SHA256 56529b359e4c4695a3e290752d61c59ad3327a16574da95ca69a214552241a63
SHA512 200457f3c9f1120c6c97df354d7e9898e0a3dfecb6fb771985f9e28adaab29841e03e37e1100b759ae7baf89072859082aa3ddc340a8501396426441f8391f95

memory/2180-977-0x0000000004830000-0x000000000494B000-memory.dmp

memory/6520-975-0x0000000002D20000-0x0000000002E20000-memory.dmp

memory/5264-974-0x0000000000400000-0x00000000007A3000-memory.dmp

memory/3660-973-0x00000000050C0000-0x00000000051CA000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

MD5 602fd03396ffafb0010e4b9058b57f9f
SHA1 8aebe3db6a343e6d06ace6bc29c90bc60889e65a
SHA256 188b7d87eff1d005fbb6c62eb8deee5b62cd9989ab2793be5d812f23743a1d0a
SHA512 44b33b5d009b7ff56faad8ab990a9d64a7c295470b46d299611ae1e7c8a47331e8b3197181c2b9bb3724d0c7413ad7a5747036d6552f5bd9112c89e2e47b9173

memory/5328-970-0x0000000000400000-0x0000000000537000-memory.dmp

memory/5328-963-0x0000000000400000-0x0000000000537000-memory.dmp

memory/6528-967-0x0000000000400000-0x0000000002B02000-memory.dmp

C:\ProgramData\Python Config Parser 6.6\Python Config Parser 6.6.exe

MD5 f28c55851ee0ab3493428536a2289160
SHA1 5a207cb695f6ba917bebe2167b309880dceaa290
SHA256 07ce78cd9a4d08d9687361714ee8d3cc350090859b8accfb93f288b9095fcf66
SHA512 28440efdfead57758d250d1601c08a4a2f2e235ad97a7647c41bf30848a348e0777acebf0724478b8dcaeb36d061a596fa2bdcc411f87810029532377703c09b

memory/1316-962-0x0000000140000000-0x0000000140876000-memory.dmp

memory/2492-960-0x00000000050A0000-0x00000000052CC000-memory.dmp

memory/2492-953-0x0000000005500000-0x0000000005AA4000-memory.dmp

memory/5264-959-0x0000000000400000-0x00000000007A3000-memory.dmp

memory/544-958-0x0000000005000000-0x000000000505E000-memory.dmp

memory/1316-956-0x00007FFEE1F50000-0x00007FFEE1F52000-memory.dmp

memory/1636-950-0x0000000005940000-0x00000000059DC000-memory.dmp

memory/544-947-0x00000000021D0000-0x0000000002230000-memory.dmp

memory/1636-946-0x0000000000B40000-0x000000000101A000-memory.dmp

memory/1488-948-0x0000000010000000-0x00000000102B4000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Gp0trIMl.0

MD5 f7b3969560e5b00c290039813c7af589
SHA1 4449f6880f95766db0cc8378bcddc8d2d53d1f32
SHA256 df7c5f76abfd052ba478300b33f3ebf2011fbf08d08e54b168d61e6b10b623cf
SHA512 ddee7b03c1f3e463c4d50942d0d855310d3e79f97f64fd182c65734cecbb826000598c96f4b0a9d4f2fdaff6977d0cd5daf6c6ebd6a1fe59e7808b980aa51683

memory/2492-941-0x00000000052D0000-0x00000000054FC000-memory.dmp

C:\Users\Admin\Documents\GuardFox\D_APImN5oy5eJP9uKhRg0TsY.exe

MD5 290e4ccf7cb511245a733f2f3a74f32e
SHA1 3e69f8723a068b4c14e9e60d6e96c7f4b2693c3c
SHA256 5d5645d15331c5c19eb6457337411706f70ba37be0f414704586fe93aaed277c
SHA512 18f39a1eba94d12d1c0968a562a7e92159a3905ea3865a6599759889d40609ef66974bd7c53a394878cd794a9b7d9ce2eb57e5e6abd6fd8e1dc64aac2fb105f0

memory/6528-945-0x0000000002B20000-0x0000000002B2B000-memory.dmp

memory/6548-936-0x0000000000400000-0x0000000002B02000-memory.dmp

memory/6576-944-0x0000000003250000-0x000000000328A000-memory.dmp

C:\Users\Admin\Documents\GuardFox\oDdsh9E66ABPDxB_XRS_18jC.exe

MD5 d8d52a95b809c586afe1bbf5373edfc4
SHA1 4081f7d0211614df482969ba5af1f29e5ab2bee7
SHA256 629e031747e94b66f85f83711433a1c3d084ac0a57fbcc58f970be04de2d48cb
SHA512 ad743b537b5886ff6a685d8f9666d66aac955765c531a7d82adb72425754d762b9580491382f5e9d123e03d169f931ca91d6c6df44009a219ddcd17469b80c15

C:\Users\Admin\Documents\GuardFox\5snyhZVV6wq1cxUPVxHWNW4H.exe

MD5 54eaaf9b223c4b0221861a26fdfefbfd
SHA1 27a8002d7e50377d7621d3fe76ab3a7c6dff38d8
SHA256 f915170f980d0fbaf9e89b96bdfc119a9b0c12825327a6a4b0f7f5cd9ea1e933
SHA512 fce8294bc1f738850a320b3b67b2ee3d5e43f3c53eee76a10cdcb91310afe8cd3b1ce2aabfee1e08ba2024e5376c61b71b165b2ce4f5149f7b39966c7e8cc378

C:\Users\Admin\Documents\GuardFox\5snyhZVV6wq1cxUPVxHWNW4H.exe

MD5 6831bae11d01a5fa8989d0a1677a9fc7
SHA1 3a2833a59afa468adc4931513240a8362c3fbf8a
SHA256 d699e268d8f668913689aa0174d80debc04823e59b0aced6ff60dc71df1434f1
SHA512 d83f20ee64091be19465a604482c4a6162938b5ca54e54a5aed340cd8d08408274fcf1740f8a9b082fbf2748c85da6f05dd378a7af3d5cac6ea6b2dfacf52258

memory/3660-899-0x0000000000660000-0x00000000006E2000-memory.dmp

C:\Users\Admin\Documents\GuardFox\LUcpuDviI64eDPmwlrqUNtp6.exe

MD5 9a8a7265a8e5bcec13ad95b07dfa2902
SHA1 d0ffd47abb743f1bc4e8d2dcdb03e18ccc428704
SHA256 d1fa5f7703355d4eb3d718f4877f0d62d5e7650b49ec95b4f73537c81f3dadea
SHA512 29ca276bd8274f614c3060ee3b6dc34da69d7113c5ab373db1c2b63c7e5fadc72626d96cd62c775c78ba210294a5a99617c1667f41a382d25860c86dfd64f44e

C:\Users\Admin\Documents\GuardFox\Qf6_IzA3ir_PmstIbYl157jb.exe

MD5 76d4a943f3e5287c78f094237f3562b2
SHA1 33e08d867ef636a3e8f6b5d2d98e55212793e45b
SHA256 699773d2bcf852aa7bc135e626fe5a08a9b284aac090df12dd754c184c8a2063
SHA512 07f3d6c07505ac88efb74e935d0e4348c62897482bedde93ee6f0ac4d487a8952597895aae53cc77f85b9f52bd390265fd9c6a71d132e46c0515e8c166d18dad

memory/3044-894-0x00007FF7B0990000-0x00007FF7B0C71000-memory.dmp

C:\Users\Admin\Documents\GuardFox\3fd4KLJSuPPDFDaUVCt0Uaa8.exe

MD5 1e08a53974fad84a8d48ff83df815497
SHA1 2848ba2b873b38a3eadd71bc7718906ae63e84a8
SHA256 acb180f3e117197da1a3d6efff32d5399bdb3b23f5131b28b734338f739fc9cc
SHA512 f79d4da043166b3df2d1be52dfb2842381064bf6e8bb63bc653c288d606e648ec85d569a60526c7ac87e959f581cfb7dfe38d6b9495af16299aaf3108c7f89af

C:\Users\Admin\Documents\GuardFox\OuXhK0r7LbBSsNBjve8QLO6v.exe

MD5 4191c8de478c955ea6d71076490accd4
SHA1 9d7dca9709a688a5489770eaf71f71a05205c54a
SHA256 be81af520de8c71d05587b22c03f7e683b0d6798ae8cd18eac451fd6407ec9a1
SHA512 5532041becc3a0314ec8a82e8f287c586a4854710c9f12a86e7314cc29e01c6968bf6bb6cac4cf04b4149000b23991b3ca1cd6453a898d7e3628c34afd191510

C:\Users\Admin\Documents\GuardFox\bPTb1J3KBJy52lyn8N6bFjgj.exe

MD5 add78f281748d23e12687f2a363ae8dd
SHA1 bf9fbfe77e4367c0a3f8ce06964feba346c7568a
SHA256 86f277ba9bf1e95160f6b46073a06260a6dedf365f1bdc651ce8afaec666d419
SHA512 813e6b5603362ff6bfd4fd1a155250a7dc694fc2eaad091807ce4b4bac827ebad80c8ec4687c4fa1f4c996a246587b79339476c05298f42868da7d5ef8f2cd35

C:\Users\Admin\Documents\GuardFox\bPTb1J3KBJy52lyn8N6bFjgj.exe

MD5 3ff3716bff18158a4b01b6496f6aab9b
SHA1 4d6662f9deb37160cce395b7c89d2dec0d591470
SHA256 678e0eaa17c3fa68ba258de404cc6da2efcf4186019c48b1ef4ba87e2b81dd9f
SHA512 bdff130e1e41cbc13e58fad6c1a8646d6a6b5ecc6388d2e85685a480592c95945a1b4a68e2e31b45148676012e2876955a8bed1ea758ae1a128da1ac3bf4bf01

C:\Users\Admin\Documents\GuardFox\41P6kP2rmfTbazDiQciOkORC.exe

MD5 7f43199533320db39934f6f4bb41ddb5
SHA1 a48830c5f6fb68b1597f04946cc75592ce602164
SHA256 3fab8343541f4395f58ce2c9a17c51e1b1691926ca4a5e1eea17c0569aa20e95
SHA512 b62aba4d6f9c105779d64ab15ba59f6bbdf403a4fac183c84ce4eef810f054341c9329f5f4d9dc8827c9a147c81e97949e71b6426bb4b85dc612a06929bbacd8

memory/6548-803-0x0000000002C20000-0x0000000002C33000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-2OU17.tmp\_isetup\_iscrypt.dll

MD5 a69559718ab506675e907fe49deb71e9
SHA1 bc8f404ffdb1960b50c12ff9413c893b56f2e36f
SHA256 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc
SHA512 e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

C:\Users\Admin\AppData\Local\Temp\nseEAED.tmp\Zip.dll

MD5 611950a8805ff67ada879fb5edb3911c
SHA1 d60d31fa7e3c3a17725515b376547757e9b8abb6
SHA256 12da0a1c0b5600fa8167d3422201d27d4a3d4d86951cb9acbd584e5620186f1c
SHA512 e7944a12c03ea326033e5422de40fe41b1b9b2dbb1be35185c776f4e30331662ea8668170903c2f584880fdef2740d6ef1911492d1d5e07a3c76c64c477315e9

C:\Users\Admin\AppData\Local\Temp\nseEAED.tmp\Checker.dll

MD5 fafac76a10fdaa7bd83612f10e1909b6
SHA1 6b3bc1b72cf88f8d595377482c6ef4bce8c72300
SHA256 913c67dc728d2f463e0ea5371c51cb3622531ad5e432067795f67ad3f6c7e7d9
SHA512 fbb324033bfee620e29f066cb09f8dbf53c9848814e584cf3ff7c03ffd5cbb84f330bbb427de54528e3e267cc7e37f2e20b09c15cd53d65442f79d2581f269d8

C:\Users\Admin\Documents\GuardFox\FeOLmNQZhbd9Tfw46pqtxvsp.exe

MD5 8e2a14ba7a645e37e0b111c6942c1f84
SHA1 e9a61da47147c8fa4dfb40f8cc5172f67fb087c0
SHA256 0552f3053ea2b3fec272332129febf3b9fcc27e1ba7f69034cd384cbdf4264eb
SHA512 37adc768cf748756a960c94a3ab07ab6b4daf44ca8b692c48a5de717711a390b9bcb73e89fe1e807191c6b6e5cc206faa9e829db30f8fc19f86999cb385944f1

memory/6512-763-0x0000000000400000-0x0000000000414000-memory.dmp

C:\Users\Admin\Documents\GuardFox\vkLsFF8wTUqMOFpIP8eRUtlj.exe

MD5 9ca5af523679d62a964b802b3fe7d09d
SHA1 1a963b01f9798bdf96b7b00ce740db88d808cf6e
SHA256 6b6ca38649b29917be4bef47cde36dc4abe81d2dec7b78a3b19344d32fc572dc
SHA512 3f91a7796ed11378713af1c54ce6f6baa2159efc43bfdc420e6c866bc90459e7119a9cc3290accfbb47499884baea74c7eb8317f765289b23f7b1e14a97317d3

C:\Users\Admin\Documents\GuardFox\gQ2khq2oPm8UNuN0BE1mObhE.exe

MD5 691ae247cd30ee3598fdff23a128da70
SHA1 83b91223f67f22046db742895e7d76b3f2fa179c
SHA256 4cb4e4ea3f66b2199b83623e6d1e7f5ebd8608ce11b30c895d899ec434f4c81b
SHA512 33cd48b7f94143f823953de6c9e2710129cf72ada6078a24008de9da885bdb9835807f2e8f0dfca1c28ed0c0c66f21f3723a854c8842a739b0f7b698c438e9de

C:\Users\Admin\Documents\GuardFox\N4ByHol1aP1zRDPKXYfopFb1.exe

MD5 37b4b8c6d0839c302d57e299184279df
SHA1 5ad79689cf837e0474754f39f00ea2d6f427a492
SHA256 b6a6804ac7d7ba2a0d412e548f32a9ac8235fb30270cdf2df88a98f06f1449dd
SHA512 9780d2f5c12a6bbdd04bb0ca6e0b539177bf2bf344a55e08d8a4af98e870a3059e92f3a06be56e7ea2978e1403031142fb7bc7215b1b3112cd1542808d848f9e

C:\Users\Admin\Documents\GuardFox\2xCliBfeVZZKIGfGU0a9VL2i.exe

MD5 71c15f8831f41eaa8318cd085e591bf3
SHA1 200ffdd6255e010bb1827ec87c72ba3a6c89254a
SHA256 905854e242a72d210b22288dee530aead0a8c8ba1db7c569661230789ebba726
SHA512 268ab4f7dbfbe6f8f10dac958a833d9b2ae5bca43d330ddf0a28e836320c44ebd9e245118b06e83350b2493f7ece91af8728f4fd93a5bfa67ad8974b74e91dfb

memory/6584-759-0x00007FF711A80000-0x00007FF711B37000-memory.dmp

C:\Users\Admin\Documents\GuardFox\mI_gvNqioq4annwcD9ysemiw.exe

MD5 2b199c7ca6c8f03acaa4f513cf10d49a
SHA1 d0a6cd1d58438962436a3f70f48cd788b806c8b2
SHA256 6b1f0b88c05860340448e88bf357587089ab16ba429f5a2e3dde4da0a4d27284
SHA512 097831921dbd1bb9d1d008556b99a078ea503d7432bface91aee56662be036a6b4ae4ce40c87efe38922163a221ff817d53516644da9122208a29b36d5d85858

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 63fa2bf316c35e2e12bfa75882163051
SHA1 76e0698dd72a75e8fed82f83949391a9660f1bd8
SHA256 77c53aa4040d01c4feebdc70925b9ba631a1e59441575fb17fea94d4a2a6c1aa
SHA512 9d43b6854ea3387c7532df914837cc7b2f1a5345380012fbadea2aa29ba0ff9ec85f43d7e3169137c0741ebe4b088dd40857efa32d0701fffb783f4479d4a628

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2ab87bebc99db7070c061c56f7e1d5be
SHA1 e3b291af165813532960cf7ca6a9c4dfae177889
SHA256 625731b4f37561203fa05235719d477aa1ad0217b0d1928876a98440b33c28d8
SHA512 85ddfbd383706ad3a2cdd7524c9403746135e939631459d177fa8337afa71986bb28ac8060d7e7284d5072e39e6c3409ee736a9f3fcb767ac6c72c01474015bd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 2614894c8e6d7ea887d4c7fc669dd7b0
SHA1 19bad501a8591326fb5766bd897eb5eb920952fa
SHA256 f6ed26c14426991d6422dd3e12bc01d925643210e23d5663745d2145a9e65124
SHA512 9113b5cccc8cba091f2de651ca68b7789fb4bc2f49c108acdd7dec336e8e9a94643293794ac4c358960258fe4476fe22f84a568640a4958bba580460ab624a3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58af36.TMP

MD5 024c988467fb11d560b0c6e1bf3509ea
SHA1 052c252b63bc5c388ed23b3f89c3d2553e04d30e
SHA256 06178d91efd949e83c7fd3efebe1fc24ae2fb291ad503d7ae59e2ac6b4444333
SHA512 5563c6f9315571358a66b46e86cedd931cc0bc06f1a1cb11c58a39b06c7f7479388f4e80faa8649b7b17a6e7a8334870bbe38304d358dd015531ed6854e276b1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 287a8e200f450bd1236b12761726f798
SHA1 92fa2b46013e16017ef45e04b127e7f6b7906dd7
SHA256 c5d7670ee4822ac8f2dc85959972859d27db7d85c539200e3ebeb156f5d732b2
SHA512 88e5a8e6a452ba93d686cef1002250d0675651856d76ef48ad08271dc01360983cb7cb497c3aa96dd3a4cb535fd980e299b5f86fa8059c716bdb5f40a39a3f69

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4d6e17218d9a99976d1a14c6f6944c96
SHA1 9e54a19d6c61d99ac8759c5f07b2f0d5faab447f
SHA256 32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93
SHA512 3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47

C:\Users\Admin\AppData\Local\Temp\jobA4cMlmaw5ZNYuw5\7KnBAxqSWXTTk3KpLn8G.exe

MD5 58cf286077b38a487b56899cc9d3563e
SHA1 db10afbdb28c917df5a04385e6f004996254ae20
SHA256 f2a725465ff6a69c199bb71b479ea031310dd61bff5507e13c915f7ce5654e77
SHA512 fb2327b58442d26b0feee87719f85b49ac758681d99abcc4d2bfdf4eff809407be31a3b30525a9491535c74830cc93552d898d3ea08f0e391ada7fbb5e236eaa

C:\Users\Admin\AppData\Local\Temp\1000674001\plata.exe

MD5 e264cf8a04fbf288661cd608426b3418
SHA1 582fc0c7e0ed57973eda8bf27954d4fab33f6bff
SHA256 a658184ee9ba3b61bb58c177b2d2bf00bdcf537f3f3fc039e9007fe848d41b37
SHA512 5bc0a9c4f6e33df3dd5275772fb1a57fd1a98178f32eb9d1c78125091680b91835a857341e89e1d4b21bd52733f1dae5ad2c478d8b71728e9945892149c927cd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0361244fed4e14ede754e7a914730b7c
SHA1 975bef2140f467b7c555f357d55c5da61124afc5
SHA256 aecc19cdd7344b93b95ec029e56173e7bdb2f1001107eab63078913d2112949e
SHA512 38e39b49c6537a8b75665c515715a3835a5569bc2a68eedc92be101209222d118f0051e97d4804d92d40a150910ca47210379a27fd0c382e3f93148cd490e025

C:\Users\Admin\AppData\Local\Temp\F59E91F8

MD5 22e1d85a48ea5b181b35818682f8c565
SHA1 9eecb65bbf5a2ae181210ea4dfa8c54d7fa6265c
SHA256 76cc454f5996055b2e1f7c2aebe5a9aa449406381d147c00ebd439866e5149a4
SHA512 1f73bdbe50aab21c148110fe08766fb5e8da72aadb64397fac081bf260a3045bd11798211bf3903d408d2f9ead63acb1d28aa525b321d006d1f9eca04b4ccfb3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 bc16ebe41a9fc2938c4060992a92b0af
SHA1 1719af3e339b187d984a76437eb80cae5dc50e6f
SHA256 5874dbe9583546eb24cfb2b237d58f97ef186cd72866dd224df82e62817744ae
SHA512 c78d4be86a3f35ae07375b37fd39f869d317a6ec6699d7673731e6f9b255d7bcbfacf58ca71c3f51baac1e2b2bbee7da58603efa5bd51a31162c481aab7a912c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8a0a8409a1500530132f2d16d48cfff8
SHA1 639d2f67002f5356f7e0b6438dadd85fc4cf56c6
SHA256 305b11bca6b824e2df8f786fef3ea79e8cfd8ee29b3c8e5967a760053b98cf23
SHA512 11029b14903f0598490f9ba30c19c6a6e72e8088fff6b0aa372267dc6862f84a72f4a730eca77b4abff8fcbcbc87ad6db0659057dfe22b50532a3ca80894f8a5

C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll

MD5 1b7c22a214949975556626d7217e9a39
SHA1 d01c97e2944166ed23e47e4a62ff471ab8fa031f
SHA256 340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87
SHA512 ba64847cf1d4157d50abe4f4a1e5c1996fe387c5808e2f758c7fb3213bfefe1f3712d343f0c30a16819749840954654a70611d2250fd0f7b032429db7afd2cc5

C:\Users\Admin\AppData\Local\Temp\1000705001\latestroc.exe

MD5 4b39c747a8bd0b3d8685f7ac54bff05a
SHA1 78a3936d36cd2949f9b0c801f744527204e2e10f
SHA256 a0bcae080e49586d314bbae7f599c6e20c23a64d23e20e0ab4b506af73635641
SHA512 fe4d42700576f828fd24cee419dafd1747f42d76e679d164cd398102a31d8efe3da4af4440f79a76aba4e452cf1e196e89c9ce33639e6c16ecad42ade317a68f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5736bbae7993c8517637671766a725da
SHA1 92d6ee2466cff2aa5cfd689d66fd4ea69990fd7f
SHA256 6bbf768edd48bb66b1c1b3055331d50ac3a9044636653889d345a0c3da1ad3a4
SHA512 6d15d2de4ee11d36b04c488ed44340cc2273b75b4ef78ffb4d8bd41fd82bd0a90f713143442b41c4c0afdca2ce6b7ce4c57faf4eda909c97a24d2ca1d91b67df

C:\Users\Admin\AppData\Local\Temp\is-4H500.tmp\_isetup\_shfoldr.dll

MD5 92dc6ef532fbb4a5c3201469a5b5eb63
SHA1 3e89ff837147c16b4e41c30d6c796374e0b8e62c
SHA256 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
SHA512 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\datareporting\glean\pending_pings\39e40142-28cc-4934-87c6-39d01d7683b3

MD5 599f9ac4152a751b44403769c56e9058
SHA1 f0be43333f5b14dd82dc22905a2237b8fcea7d0b
SHA256 79bf9a6ec3446011e0faf25c8d054ef9e69f4f6348d71141ea312f66a0ad72d6
SHA512 458ebaf95701ed698870bb770c097c09ca3e36c2dacf87d3c807f0d272763f40c5d8c8ebd4917eddb9c2aca0a77e91323f595376633a08108ab2e03138e8a8aa

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\datareporting\glean\pending_pings\e92b4f8a-5732-40b9-b4bc-104a29dd096b

MD5 9a92338dd3efbef467b8ad5da4bd4b7d
SHA1 3c5aa82111fae542db71df3cb826e58ea8470c34
SHA256 61ddd6cd487d9cf05f3e6edfdbe6f015f8f0949c81ab1b7434a7ea3bfd46c0fe
SHA512 b931a0b34a208b380b29074738326bed3e838e0f8eef882eec04c9bda60fe5b2e9bb41a7dc03b1731d7af83f339792ff6e5d42f245514cef3eacddf6b364a6be

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\datareporting\glean\db\data.safe.bin

MD5 0ed9f5a21e0279ded6ad3c71faa6b69a
SHA1 9f1789e524b8ec235739f0eb4c4603ea3df1cf67
SHA256 464321e8bbb27fb97892159e940adb3fddbf8ef96c0449737f1ac0295b8c5f17
SHA512 63c46c60f3b427787c69523a1f605e2fb9d8ff48b355c19e3b459635f0c3601c806adbd3b4ce357fc1d344bf9026e7bcc2882967c867e3e327790bdecefa390e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs.js

MD5 8b8c3e8d71b870225deef44f9f81da85
SHA1 5f2f7a2bf1a88919b4b230c124aa1993c30da95a
SHA256 83346e164a4db1cb9bcca9f9c5f49ee8be4d87eec243db28282c27849f5fa23d
SHA512 f5b975cb9ec70b35827b6fe0159d2939bb4a5eecbf458f94a4e74bdf9e8f27378d7823c81eebd949d9bfd96f25ec9b5feffc0d763b2dd283e505e6480f08a354

C:\Users\Admin\AppData\Local\Temp\1000706001\2024.exe

MD5 2c470494b6dc68b2346e42542d80a0fd
SHA1 87ce1483571bf04d67be4c8cb12fb7dfef4ba299
SHA256 1ca8f444f95c2cd9817ce6ab789513e55629c0e0ac0d2b7b552d402517e7cfe9
SHA512 c07332228810928b01aba94119e0f93339c08e55ad656d2eaff5c7647e42bbf5ab529232163fb1bbd14af3331a49d0fb537cfb5eb83565f674155e53d4ae41b5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 c12e83bc2e55d706cf104c8c99b15b95
SHA1 68efb8c8d1e6d23bbd186629c039ad53092ef447
SHA256 8c0cbaeae51b4689ac398220a15455586fac99f3efe32d117303283fb632c9b5
SHA512 1dddb2b33f1394b977465dc8c97a474f69a22b3a7a4e260b059f4b8ed11314d33e9d4ef12bc18b2d462649e315388c8443a196068f315b1aa034bb00f8b6e6e3

C:\Users\Admin\AppData\Local\Temp\toolspub1.exe

MD5 01fb175d82c6078ebfe27f5de4d8d2aa
SHA1 ff655d5908a109af47a62670ff45008cc9e430c4
SHA256 a07112e236e0136b43294b31a43fb4456072941a135853e761680d04315841c3
SHA512 c388d632c5274aa47d605f3c49a6754d4ad581eb375c54ce82424cffa2ad86410a2ad646867a571dcf153e494b4e7ca7a7cf6952b99ddcf5940a443f7039f2fe

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs-1.js

MD5 b3d2f98bd37e67cc4b70227dae458742
SHA1 db204494029b97e00b8a7f1648518644c7a87a83
SHA256 6bc715e13637c2455c068d955d41b4c6eda0763f8ae6dce02b71a96a86c4dc63
SHA512 0ea7e751bcba0543465e3f6c47857e93a19ca6bd83823a018d7cfb10922b249aae3b3fb0ec4d8324de8dd3183291521985528a34b2e4aaecb35654247887600a

C:\Users\Admin\AppData\Local\Temp\7b0d48dbbf50fe239f1097f5d01c2a6d.exe

MD5 4686b5743710b9d641ba3956a243883f
SHA1 62856af648019453dbd0fe017f620549756c2014
SHA256 ac15be2082e7969086779bdb2551b793e6d1cc7346b1deca8d8ab44c7be7e9ed
SHA512 2b784bc493e09f8e5c97c0508ac1e858da1aafe2459fb0a7773f0df60d515931e06fdffe14cea4b587385ba4e91a628e2ddfbd88b3066e4c92a83f7cb120ede4

C:\Users\Admin\AppData\Local\Temp\1000707001\MRK.exe

MD5 59f227c2383624900c3516845ed855dd
SHA1 4b1506e3c1f0e2b51288b6833d1a164678fab5bd
SHA256 28575e670773d4d9afaad9d39c040e29953bfb57fe789b24a62476e3c2795815
SHA512 74e0c5b4eb355ce28632c50ca837b8be4aef38fa783fcaf5ddf0ac06c9b5f87cf139dc552a6dc4014627cea4999770951fb71ced35dae1cf66e2118da429918e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 cb894d8952169f8d5d2fab38f7bc0dea
SHA1 a46b2469c975ca36408cac1419d59ba7b9ee996f
SHA256 c5414e6010f600e5f53716536408748c75452a82c53933c51c0c577e7d1449fe
SHA512 3e96685b2ab8976c9abb392bb726f8956f96279bb8e2a7527b81f95f6d84fce58e083570bef5ab5329189a4471300632abaa2425223172dd51ed80d8e85ca888

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 8eff070195653e2a131a916680cd18c2
SHA1 7f5dc88fc5d5969b25d5e75cccabd37362b31a94
SHA256 61c22934bcca9275d3aa4a9548828b028aaa84a0c1d977d50daeb889e02dbfd3
SHA512 18ed6beca1a23e74571ee365b3c5e1b92686188178fa5481d41dd4c991286d5b3599613a870a8d371eb886f82b1b5e35be10ae82b0a95452a53f9cffed73f507

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4

MD5 2c4213221c895bd530a7775c2e7b68fc
SHA1 de9c681b2752f53cd30579504cbe38660e0fd8c8
SHA256 2d6458091a94f427a60d2f8eefc10347406dbcdc53eea2c9b3b31cdc000cee1b
SHA512 d1b6e01a21bb6bce8856b8252d2bdcaa98c716cdd1bcae39b8eebbcba748dc33d93ecb9bd768b085dd847fecd2384721058b98ad3ad6121b5e4c1cc2964114c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1b601804c359a3a41669aedcb85aca22
SHA1 0fe1a934e466241fabf5011fccbaf601a4e4b25d
SHA256 e86379a9af40603c101be6ff3085b17180cdc7a62352fe7655222ea33d331900
SHA512 d3c0870519f9e8b4f6c69e090ccdd9c86c17ea35d395304b2438c92891aa908fefda922c6ca76fa9e0ea12f048d9fd84273ef56d48afde6f359863e56bfa198e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 0a9cb84d17e86db91db467a22104f76e
SHA1 3a3b27c1c53d14ae561ac62288caa64a9df5c69e
SHA256 fda22c98dfc31460b16106b102fdd00c7e2037ede914677fa57b20c975b8e250
SHA512 0f4d9288aa6047bbe71da3684cc2b1343efa335361cedc28d3a04eb05be067cb84607708283225234f76ac6cf934db2e63658abc8abbb5315eadc53dce439dbe

C:\Users\Admin\AppData\Local\Temp\FirstZ.exe

MD5 da071fdd3364b38427bd7ae72668fbd1
SHA1 707dd3ecf71e6ef8df97fb6370ed4adccd8a329f
SHA256 a6bbb53feaa5ee5b580d27def2099a3b2fbcf5a9d6397da23abb50f53018e371
SHA512 a34d3470075e5d9a59799a4ee595de60141334c4a87ca6fec9065f732bf6596218156f24cb9e091c9fe835f806f536a42e020427cb15be90e70a5293f8407397

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e36e7026253a9eb0df657fd2abf8f3dc
SHA1 0c40e0a01c99d824d7cce8527e55114de0bff415
SHA256 a1c900fc2ee40ff89e40ea5dd6b43a2d571a3f15513db31d43d1c0195b521de7
SHA512 377fd8c925f45b65f5054a2642638a538e2e83cc79b6179d768bd84c023e45ce34bff7bb0ae291af39e0e478db43fe0afc9b9c3e9593a4e6823d8f7edb0bf632

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs-1.js

MD5 6a115b0fdb49ad25d6171d8f25548c9e
SHA1 d9981760ca2d66e0b269e77a434d71b0be089d94
SHA256 36256c26e7dc3890e6f9269d3b3f96ec697a511d591147a0976c85350b927c8a
SHA512 8630260b66006cf77e89885ad4aa1318518d4368b520abdec034d61acc5af066454fac01f59f57c7b5bd718d3aa3edf8b1ccaccdeb476d67781576af628e67e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 c2ef1d773c3f6f230cedf469f7e34059
SHA1 e410764405adcfead3338c8d0b29371fd1a3f292
SHA256 185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521
SHA512 2ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549

C:\Users\Admin\AppData\Local\Temp\1000708001\installs.exe

MD5 dee63473a06ba61e8c176166609f3dbc
SHA1 40d399b25974e5d969a1f97604b35e93e19b82d3
SHA256 10f299d0ae3f143ffa249eb9850cf0cb50643a691c60d80d0c82c2f3cb3fca6b
SHA512 416ca33de603b33e0ae49e292d06747e1e9fc1d8af9f1f750d8171495e6a4d6cde743b9ef6b8f79be4c171a63e3a6a932b1b6882d6e011092342fd060969774c

C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp

MD5 a7fb45e5bfcdd6801936a669e8a3316b
SHA1 3a53070b2e9a9299a240630b807483641a2ad3e4
SHA256 436f06761b4df511415e61192ae98c4e05b3d71202d126c84c629b722f7eab26
SHA512 8a82013b76ed8ddc6ac0c930fb7864c091e962c3339e5b3e8246bacc1297ac2076e79e786abe9996d017e6182d63849e926c5f3d8cf8350bf25f9677a4f42e9a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Temp\1000709001\alex.exe

MD5 f72354fa9d91b301834380e64179da6b
SHA1 b19dd68691da97eff3425ba33b0ada653b6e13cf
SHA256 35eeae8a1cc5ab58a7368c95aaaadc30585bf0a5230ea57c15eb22a376e59c31
SHA512 dc1c8b3d17dd59cce02019bc6a0d7a8a3a39fdbb911278bf02cedcae2c8e992d89d45c7fc0d2961b413ab6097c6c3568cdc0917141249ceafd559cfaa0eeee99

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs-1.js

MD5 7ab041c4d78aa7fa1a8e795772fd56cd
SHA1 2f9a802ada2038e723af1229168ac7c6b1df3150
SHA256 29c841b67237580e5f92e50f1c642a1e8a10026937ac8c654515ac496ab3797f
SHA512 befb03512d3747e961e4af81c1381dc206b2e4e2ae0fb3638c944479e26abc606bba7aa26a40264ecb47d338372ddbbf77e211c635e236e20d8f827a9fcc893d

C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll

MD5 85af6c99d918757171d2d280e5ac61ef
SHA1 ba1426d0ecf89825f690adad0a9f3c8c528ed48e
SHA256 150fb1285c252e2b79dea84efb28722cc22d370328ceb46fb9553de1479e001e
SHA512 12c061d8ff87cdd3b1f26b84748396e4f56fc1429152e418988e042bc5362df96a2f2c17bcf826d17a8bae9045ee3ba0c063fb565d75c604e47009ff442e8c8e

C:\Users\Admin\AppData\Local\Temp\1000710001\fsdfsfsfs.exe

MD5 99a53dac9029589e6cef523bae9062fb
SHA1 0fb7f9dc42e0a369ae3f0d1f286053ba17a0708c
SHA256 14559f3921e2d97eb8679cda8b563e11f1469975d53545b58cc042c89948dd93
SHA512 a3eb25f0d74b715c43be233628baa065f6d822bbb5b4ec8ebe53b69564a3912eac12d9314a6a5d644de50b8213f2335b898c66cbcbb6139c18be284b881dcd57

C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe

MD5 4521e7533d09b545b57ef1ccdeab0ddb
SHA1 95808177ecb7490496ad454b13a1b09a19cbca83
SHA256 a30aed534f94f7d46e2fc7230cab657119d1279455e9d786c9b153422d6e952a
SHA512 5a45d3e676e91f5f76cc7141bcb9d77af90342f5e75ed96c1c4f6b234702efab19971aca79a807d1804824c0640b5884fdf664bee306771076f6ac9a359c7503

C:\Users\Admin\AppData\Local\Temp\1000711001\sadsadsadsa.exe

MD5 49707427ded9db0f7a595ab91a509151
SHA1 d2355fd07d463ebd8219572d989d9f1b99a75e8f
SHA256 8a803943ac21636a5f51aef63aeafcc265c9a631dba35037c3e9760d46601c59
SHA512 b89fa7b14066c0a53db63aa3129c0f21c703c567a24cd1100ee16427a9bc9dc1cead25ff4bec42086c45993352c772dc780b10ae8d57231bae3eeacc46a967c0

C:\Users\Admin\AppData\Local\Temp\1000712001\leg221.exe

MD5 d177caf6762f5eb7e63e33d19c854089
SHA1 f25cf817e3272302c2b319cedf075cb69e8c1670
SHA256 4296e28124f0def71c811d4b21284c5d4e1a068484db03aeae56f536c89976c0
SHA512 9d0e67e35dac6ad8222e7c391f75dee4e28f69c29714905b36a63cf5c067d31840aaf30e79cfc7b56187dc9817a870652113655bec465c1995d2a49aa276de25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4ce121be714f1a0731c5d4aa797e0936
SHA1 a95806f9614c5628be6d7612206f2cb35e59532d
SHA256 3d39392a7d4d89c6ba98a631a282ce1a83989258e8dc4485abf6e6c6a086960a
SHA512 5d1bd2dc92db12f7d23739d62d246bd7d14ecbdf412f059763358720e93d4cd6bbfac378d7201d104f73e04a3273e7d81734293004838330a026d70538c96694

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c1d1755a151563248f198db8ae9005e9
SHA1 4d3902f10524a0695e858ddd8d7f4c26cde21f6b
SHA256 2327afacd57aca60881c9cbcc9fd225b5c525f066d309029cf6efb062460193e
SHA512 11bb691d00817cf1dc5e634767176e5edaf97b9c5f64dec6a8f003cda5ca1104611b3773d3861143c0ec0a91386beaee13e652258d6f2518cf9033fca6ff80d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2c8e8896706bd84e3ae9da38488e2cfc
SHA1 e9ee0a4ecb1f8907857b31db2c8a2ca6aa424bd3
SHA256 2acf79ff7e132a855de71b1a6837f5d810678c3f41de1ce25a94bdf8f560b9e0
SHA512 f99468ce150ceeeeb481c949ea84f08d547469c66375aed451ed998726133c57b96f6738126637873272cc17bc484dd728436c95cfb7514e0cf5fbe0f75ec860

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 2e67a19642d1e2604b38881184c02475
SHA1 1ce7b72717082a5480c6098240f46128ba458909
SHA256 4adaa7f570df763b2eeb280b9b58fc227570294f71a16052f8cec8b3557581c8
SHA512 9a0942a2e6093828cb50902da339d3649f69d7b3d77f830350d3d6166ece609e5cbdaabc7b77829faa1410ae22961786979d3048ceb0721682189bab14b83118

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 cb9eaba2913d6756e8ee8c353e6380e6
SHA1 3d16b74e55ffd658e0d7dc3ac5f56444d1089463
SHA256 988f87989a345eb824c269ac2ab6ad73c2ce4f3758e897663f3795a984fa3067
SHA512 a73547da64d4fdf697afd659d439064fdff709f02ba70aa7eb8b27836536733cbf148757b7f491e82dbc41f8aafda8791101d26bc8753a7ba36961b8e7d40203

C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new

MD5 b23f56a0b28ac057e8b74be7f46ba264
SHA1 60c115cd62e34fff186c5434b57fdae629c321ab
SHA256 2fa2dd0402e1dd8906225c939dc4500bfba1f4f46189556b7001507568e21813
SHA512 e085a950ef133db7134640b9e3b7ee2fdefad1dce909457ba71cf11694e57784e58ac7f1279023dc184334d09c72a91b3c2d09e9cc2fdcad535e8719538fcbd9

C:\Users\Admin\AppData\Local\Temp\1000713001\rdxx1.exe

MD5 d3ce51c8761311fd749da2ba0c5f2477
SHA1 13d4058ba624bfc0cf3a38a6a8c33458f727f15b
SHA256 7ec8660d77c9e80611e7b80d1863388c17e377f275413db2a77dd0509df861ad
SHA512 775c82011a1d2c4d38806f5fba03226451c424c433f2c0eddb5cad19571c92c83f836a1fc6623b5dde32f4d6691ccccd3ae7e5a03853cea994c997ee8bc5095d

C:\Users\Admin\AppData\Local\Temp\nsj5963.tmp\INetC.dll

MD5 40d7eca32b2f4d29db98715dd45bfac5
SHA1 124df3f617f562e46095776454e1c0c7bb791cc7
SHA256 85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9
SHA512 5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4

MD5 46d063fc89d284343a1adb782f4965c0
SHA1 84ade10d964676a17e82580e12f8be8d136ed057
SHA256 919763a535aff799aa1ca0f8cf60d222ab638ca0db6049dc4f51e9bfb6458572
SHA512 cd603e0381cec4c6b45cd0e30c361d0f572e9703f4b43276232dd6d75aba38376ab3427f5a0e62cc9b97751259f7b6e09d8668afe55faeb90aa380501a253db4

C:\Users\Admin\AppData\Local\Temp\1000714001\crypted.exe

MD5 a554a5382f441e72e95807271120425a
SHA1 4dd2ce234408c379808284209081ab48231b2c36
SHA256 dad975a129729facb71ef2d602c4db9c5ecd3c4abab3164d146691b3b3f670f5
SHA512 538af15e70a9b3826106b36aa7117ba999ace1d7ea159cd2145af5e114c9437028a679adf1d73e26762b67e2d347d3912f0c4ee19d827abc0d079393a34ab7a9

C:\Users\Admin\AppData\Roaming\configurationValue\Logs.exe

MD5 d4d99c75d2a231b070368ad99c79b328
SHA1 484b5946ec12ace3f3bf4079aa5dbe8bad416b83
SHA256 44e1729bc346bb28f1c1c6ebffa03b684d64301c7cf0f18ca6d709f4b1dc4bbf
SHA512 55ea275c3e4b096c5e0b1c4b7130b8c729cd11529b8b7476891697270af5c6547ce2d50b0294113a8ce1fa58a84bb9e4df719dd6f749f0b38ac9c0bcec9879bf

C:\Users\Admin\AppData\Roaming\configurationValue\olehps.exe

MD5 5ea776e43112b097b024104d6319b6dc
SHA1 abd48a2ec2163a85fc71be96914b73f3abef994c
SHA256 cf650d13eea100a691f7f8f64674189a9c13d7948e31468963e10a23726dc341
SHA512 83667045b7da8596fad90320880d8d7c83f71a1f043d73f7b68a0ad948ae2e530a753d5c7943a096a307e696f8d9fa433025b30078af6d4530d1a2f2a4b12ed2

C:\Users\Admin\AppData\Local\Temp\1000716001\redline1234.exe

MD5 b6b8a2db4d1decc145c0fa2c06136c64
SHA1 fe8ed9e285c2a2e58b6be77fd17d7eda2ab1dd3e
SHA256 203a50f4a1d6ba17bf85444c6ffc5ac421ee9dafb74e4a033457c3132bdb5ada
SHA512 c16e316c15d9b9f934f701e09227e99b0cbcb8853876d5242b972cf6bbbd6d7984d945046cf68d239fe7979e31b465d827d1a3a9d86b7b17b307cba222ad8ac3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 88726064be197b63d3ed35464ebec6ea
SHA1 7e4791265ae21a5fa1247673f6e68fd2c8836098
SHA256 c65cb4af5407dd704667c13e737708445ced9fef1b3489927d8e8950155c7330
SHA512 9bb5d86738144be52d544acec04565b433e36059da1c01c5a9125000b5194fceab204d80cdc40d19029673ad3a8f667f1a9a5f3c603d46783c49cce85c62b64e

C:\Users\Admin\AppData\Local\Temp\1000717001\moto.exe

MD5 be756bfa74f2a3f02110571d08686042
SHA1 135d32462f1a2f7ce3e55c27d3d7bae0cc2be2f6
SHA256 9b1eaf7640b3e790a6f14321537c21793f4cfeac2b35cdb72b49cb255a237b3a
SHA512 5365c3cf8b0bf810e275a979266095dabd6dfd150f68960c21612dc22678b4fa3c3f5132d0b76801ac2ef0007e3aaacc1e52b4ec3caa5258cdbfe5453d0d5dfe

C:\Users\Admin\AppData\Local\Temp\tmp9D01.tmp

MD5 861dc83f3c5b2ebdf11126dc039c0ebf
SHA1 26c1aad96faec41e4bcea903496bda26b0f9fef4
SHA256 426aed7dfb28ad7cd98266258af8a80df89e374b5e7f2f81aa55c9f8e405f4fc
SHA512 982e3f039ad4575ac6f9029d0795396833064f395578b861f212557b4935d199b159434b19e078033021dcab70151d252414004e02e9a4c716b5179eb482045e

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_bjpoirlb.cie.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6c4015872603af2121bb14e0065b50c6
SHA1 ce71a7368ea1cefea46c124e892abd7fc0ef6a5e
SHA256 2e1f91435f0d1cbc436098acf6dcabbfe68bb1c250002b4358f1532917ac412d
SHA512 b0134c5dd5c2ebe47282cc09e5cc7d833e30538316d90de23c5b273892275a11ccf5a189d603eb55e886443af7779bc8c351b70dd2743e2aa37136a6e2af02a7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 98448f99dcbcd5e7eae73e2881a4b79b
SHA1 571d476a03b19f8a5bbde0be55b69e933f2461a9
SHA256 e78b5325884420f9ac8c0366edb04d48f418d0d52cfeffb64c08b25b0b470d40
SHA512 1b65eebb9b4d26a7ebdd70e5c413bab8e7264cd2360ec47edbf08d04ebde0a98d1cd1fa40e5f394e9840c4d40df75fd17700f80f38d3ed7ed873dcc845d5d80c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b7245936cd4062f20c9acfd4b6e2d37b
SHA1 c22cc2e9f83986a5ddb90312cf608be71684c6f1
SHA256 05cf99c14afb698a4760a64befe60063073a2302a5a92ac0642af3aa641daf8d
SHA512 3d0f822c264b2e1bc070077e98a5a77d28c34a4f05669bc0765668692247286f88a539c0b5e64e1e07e7afdf597f98bfbca1f0332c7279779994eeab133161b2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 8b86f36a0f70ba9c757e5fb255518f24
SHA1 c63706239a6f93151d64ee291a35391dce1dc159
SHA256 ec09a347b2fdfcf7239e0c43fda0f7e251d90c4af9a56227ae3630b8dc1434dd
SHA512 f5a5e9814eb4ca5e35bec42127011c5310a71d1edd6863b19ab71376db32b04bd52d2d6ba034f3da6bf1dca6f4c5c9a3c9dc688a23ae7fc3292108becb0194d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 08f14c44a5d7eb0be304f5371afde73c
SHA1 a792d2a987d0eaae0271c4d1a7c0660146f4c768
SHA256 932f64031a22802259450c5dc6130391e63d95d6f6a6308576913340df5a8a12
SHA512 1722f4e878e5ff9a757223c626cf46869468ef8936725c1345600598fa8436a0eb8048a878b862e435d9ff82fc100fc9111e6ee18202d1c24066e5911a05f80d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f553b086263b90d528ce8a0bfcf8ba89
SHA1 aba550db384aace17fb7eeb62271d069fffdf246
SHA256 d61c7ad0fc3dd49f7f531d51635864dd6e2ad71ace09165ab02c3a4d4e98e0d9
SHA512 5e0b12e0a9e4aefd325f2680c75545ec78011f62af77cc26525e39213024958c8bc645e18e5221f02a1928d517ae3e8b07defba3676cc2f4c6507dd729b730b0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f0ec55c4830efcdf2cda030bb4bf126b
SHA1 f29db652a8ad174281934fd01e58c83f1f3e64bb
SHA256 041435bd683450f649250d5c4ca1b4f41933965b64a271e69e13cc04e08162da
SHA512 01338a9343d039958cc066396baafa4b783ee90fab6e08506f634a06df3c5d929b83c875d66bc0a1edf63f9578ada7a959136c7c80a0efbd4a144d0832e74e80

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 68884bf1dfe4cce7ca8efbf45b36e2b4
SHA1 a5f02ca0c277e4670c09ad1cd275773598468335
SHA256 ffb866ae89c304444c3cd6855ffc6b55804ca84a14001fd5b9d4c7a3d3b89627
SHA512 99ee06f7150903cb13f1b8ee8379762c03a61030108cf3411a892d3d3f07e552b19c910f46478831ca73fe103f4a977f5b6f88efd16cb8973d7c053199cf5158

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 4edc2b91dd7d2609da68b2addcf31cf6
SHA1 458c0be0748490c33bb069669ca7e50d7243e283
SHA256 4a75b88305592bc3f7312722a029e65c50bf0392d17e1a7028d508d030871683
SHA512 bf6824d94915758235992f35496d3ab8e73a42dffe45b81eb4829daa25c22395ef4a1aba9f6f736b1b6bb59f7439a7e7ebc4121b09c209e69934193d35a7d0b0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6021a3d1718ae2658e5e16dacf4b7e20
SHA1 678529cb9a43c6e121d572209fda0385bd7ba67f
SHA256 f38b56be8f90bbc1594daea74c876810bcb46221574c23d9355014077c61209a
SHA512 6cd58ce3cf855625d7bde6479b65d3c61e9e19540ea0292949d6932da04ec40b04e3f76b783662f55b52b885d62a4248e756199911d9cd1b51eeb5a4b81ef5da

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 2e023ec8407e52fce093c76cc5bbb381
SHA1 c9980511d311e4d05208fb34b47fae66c25b1c5c
SHA256 e2a3272fd6a1db34125712aa708f04dc6eecf276586621f9d5cbc32fcaf68458
SHA512 8fd456a0d52b1865d307d4c22b13c2182144d3ad2939800d16899ef2b677117cec4b17d108f996395eebb457b00fb80b521be9ad7441ace59abccc04d94dce22

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 ed8101fd9547878213df5a382a3116d3
SHA1 4310df239fab765be7e46a87ff0c21a70b477618
SHA256 74bd30533f7580720ff606d1ee862bf2ec723a09517257c9acd882e5b1b8cf8e
SHA512 b9487972267f61116e802c992ea5b51dc9c1e165a59a0b445495498e6628bfa77995b8b82d6a3294ee7dd0f33b16151581ac18b8fc78787107ede6ec355d2bd5