Analysis Overview
SHA256
afd1e42eda01ea8e039fd0293b8b297866b0966946c98e2e729f291f4ee7394d
Threat Level: Known bad
The file file_release_v3.rar was found to be: Known bad.
Malicious Activity Summary
SmokeLoader
Stealc
Glupteba payload
Glupteba
ZGRat
RedLine
Detect ZGRat V1
RedLine payload
RisePro
Downloads MZ/PE file
Reads user/profile data of web browsers
Checks computer location settings
Themida packer
Executes dropped EXE
Looks up external IP address via web service
Legitimate hosting services abused for malware hosting/C2
Drops file in System32 directory
AutoIT Executable
Enumerates physical storage devices
Program crash
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Creates scheduled task(s)
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-17 00:44
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-17 00:44
Reported
2024-02-17 00:46
Platform
win10v2004-20231215-es
Max time kernel
55s
Max time network
121s
Command Line
Signatures
Detect ZGRat V1
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Glupteba
Glupteba payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
RisePro
SmokeLoader
Stealc
ZGRat
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\setup.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\GuardFox\DsODOVOnPuowHmDQjFDEFVub.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\GuardFox\0OVxzGWbWcgRojf3Dij5_gBI.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\GuardFox\Qb6kX4zBk5PjJgz3VHZH1Jii.exe | N/A |
Reads user/profile data of web browsers
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | iplogger.org | N/A | N/A |
| N/A | iplogger.org | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | api.myip.com | N/A | N/A |
| N/A | api.myip.com | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\GroupPolicy\gpt.ini | C:\Users\Admin\Desktop\setup.exe | N/A |
| File created | C:\Windows\System32\GroupPolicy\Machine\Registry.pol | C:\Users\Admin\Desktop\setup.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy\GPT.INI | C:\Users\Admin\Desktop\setup.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy | C:\Users\Admin\Desktop\setup.exe | N/A |
Enumerates physical storage devices
Program crash
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\Desktop\setup.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\setup.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\setup.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\GuardFox\Qb6kX4zBk5PjJgz3VHZH1Jii.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\file_release_v3.rar
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\file_release_v3.rar"
C:\Users\Admin\Desktop\setup.exe
"C:\Users\Admin\Desktop\setup.exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
C:\Users\Admin\Desktop\setup.exe
"C:\Users\Admin\Desktop\setup.exe"
C:\Users\Admin\Documents\GuardFox\DsODOVOnPuowHmDQjFDEFVub.exe
"C:\Users\Admin\Documents\GuardFox\DsODOVOnPuowHmDQjFDEFVub.exe"
C:\Users\Admin\Documents\GuardFox\BV0epC5IgplkEFKJJi8dGFkU.exe
"C:\Users\Admin\Documents\GuardFox\BV0epC5IgplkEFKJJi8dGFkU.exe"
C:\Users\Admin\Documents\GuardFox\7yytbZttbtxwnQ_41mE7bEpw.exe
"C:\Users\Admin\Documents\GuardFox\7yytbZttbtxwnQ_41mE7bEpw.exe"
C:\Users\Admin\Documents\GuardFox\0oJec31EJWBGdsE8EB5m2EfS.exe
"C:\Users\Admin\Documents\GuardFox\0oJec31EJWBGdsE8EB5m2EfS.exe"
C:\Users\Admin\Documents\GuardFox\jMw9eKn4GWInWESMy8k9IGsT.exe
"C:\Users\Admin\Documents\GuardFox\jMw9eKn4GWInWESMy8k9IGsT.exe"
C:\Users\Admin\Documents\GuardFox\BuVQu_NighUML4xhBJAV4Elv.exe
"C:\Users\Admin\Documents\GuardFox\BuVQu_NighUML4xhBJAV4Elv.exe"
C:\Users\Admin\Documents\GuardFox\0OVxzGWbWcgRojf3Dij5_gBI.exe
"C:\Users\Admin\Documents\GuardFox\0OVxzGWbWcgRojf3Dij5_gBI.exe"
C:\Users\Admin\Documents\GuardFox\Qb6kX4zBk5PjJgz3VHZH1Jii.exe
"C:\Users\Admin\Documents\GuardFox\Qb6kX4zBk5PjJgz3VHZH1Jii.exe"
C:\Users\Admin\Documents\GuardFox\yjGt3ydXsCsjXyg1DDSpAbto.exe
"C:\Users\Admin\Documents\GuardFox\yjGt3ydXsCsjXyg1DDSpAbto.exe"
C:\Users\Admin\Documents\GuardFox\16wx_YIG21pqT_Xr7KZSQElC.exe
"C:\Users\Admin\Documents\GuardFox\16wx_YIG21pqT_Xr7KZSQElC.exe"
C:\Users\Admin\Documents\GuardFox\Rvfu_TBegOmlIU8aIw_TSPqC.exe
"C:\Users\Admin\Documents\GuardFox\Rvfu_TBegOmlIU8aIw_TSPqC.exe"
C:\Users\Admin\Documents\GuardFox\mhcmeio5eNjgYxd0kMhGYrcq.exe
"C:\Users\Admin\Documents\GuardFox\mhcmeio5eNjgYxd0kMhGYrcq.exe"
C:\Users\Admin\Documents\GuardFox\sgEU8uUsx5ovrqMAQC6_3ESn.exe
"C:\Users\Admin\Documents\GuardFox\sgEU8uUsx5ovrqMAQC6_3ESn.exe"
C:\Users\Admin\Documents\GuardFox\aac__x8f8YuFoXzVIAScX2Ge.exe
"C:\Users\Admin\Documents\GuardFox\aac__x8f8YuFoXzVIAScX2Ge.exe"
C:\Users\Admin\Documents\GuardFox\fawFEA2UqvJM2YXz9spElryp.exe
"C:\Users\Admin\Documents\GuardFox\fawFEA2UqvJM2YXz9spElryp.exe"
C:\Users\Admin\AppData\Local\Temp\is-L3RMG.tmp\DsODOVOnPuowHmDQjFDEFVub.tmp
"C:\Users\Admin\AppData\Local\Temp\is-L3RMG.tmp\DsODOVOnPuowHmDQjFDEFVub.tmp" /SL5="$70234,4527889,54272,C:\Users\Admin\Documents\GuardFox\DsODOVOnPuowHmDQjFDEFVub.exe"
C:\Users\Admin\Documents\GuardFox\RiJfMhqgzUh3Z5yViSx9uvxC.exe
"C:\Users\Admin\Documents\GuardFox\RiJfMhqgzUh3Z5yViSx9uvxC.exe"
C:\Users\Admin\AppData\Local\Temp\7zS1E60.tmp\Install.exe
.\Install.exe
C:\Windows\SysWOW64\control.exe
"C:\Windows\System32\control.exe" "C:\Users\Admin\AppData\Local\Temp\W33~.CpL",
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST
C:\Users\Admin\AppData\Local\Temp\7zS2E6E.tmp\Install.exe
.\Install.exe /rvkydidyu "525403" /S
C:\Users\Admin\AppData\Local\Bilisoft DVD Creator\bilisoftdvdcreator.exe
"C:\Users\Admin\AppData\Local\Bilisoft DVD Creator\bilisoftdvdcreator.exe" -i
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\W33~.CpL",
C:\Users\Admin\AppData\Local\Bilisoft DVD Creator\bilisoftdvdcreator.exe
"C:\Users\Admin\AppData\Local\Bilisoft DVD Creator\bilisoftdvdcreator.exe" -s
C:\Windows\SysWOW64\forfiles.exe
"C:\Windows\System32\forfiles.exe" /p c:\windows\system32 /m cmd.exe /c "cmd /C REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions\" /f /v \"exe\" /t REG_SZ /d 0 /reg:32® ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions\" /f /v \"exe\" /t REG_SZ /d 0 /reg:64&"
C:\Windows\SysWOW64\forfiles.exe
"C:\Windows\System32\forfiles.exe" /p c:\windows\system32 /m cmd.exe /c "cmd /C REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet\" /f /v \"SpyNetReporting\" /t REG_DWORD /d 0 /reg:32® ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet\" /f /v \"SpyNetReporting\" /t REG_DWORD /d 0 /reg:64&"
C:\Windows\SysWOW64\cmd.exe
/C REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions" /f /v "exe" /t REG_SZ /d 0 /reg:32® ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions" /f /v "exe" /t REG_SZ /d 0 /reg:64&
C:\Windows\SysWOW64\cmd.exe
/C REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /f /v "SpyNetReporting" /t REG_DWORD /d 0 /reg:32® ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /f /v "SpyNetReporting" /t REG_DWORD /d 0 /reg:64&
\??\c:\windows\SysWOW64\reg.exe
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions" /f /v "exe" /t REG_SZ /d 0 /reg:32
\??\c:\windows\SysWOW64\reg.exe
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /f /v "SpyNetReporting" /t REG_DWORD /d 0 /reg:32
C:\Users\Admin\AppData\Local\Temp\heidioFMuhWALl3h5\69tBes7MHPQlg__vJDqM.exe
"C:\Users\Admin\AppData\Local\Temp\heidioFMuhWALl3h5\69tBes7MHPQlg__vJDqM.exe"
\??\c:\windows\SysWOW64\reg.exe
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /f /v "SpyNetReporting" /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "gfkQLRcAq" /SC once /ST 00:39:41 /F /RU "Admin" /TR "powershell -WindowStyle Hidden -EncodedCommand cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA=="
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exe" /tn "MSIUpdaterV131 HR" /sc HOURLY /rl HIGHEST
\??\c:\windows\SysWOW64\reg.exe
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions" /f /v "exe" /t REG_SZ /d 0 /reg:64
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4636 -ip 4636
C:\Windows\SysWOW64\schtasks.exe
schtasks /run /I /tn "gfkQLRcAq"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4636 -s 1248
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 3500 -ip 3500
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exe" /tn "MSIUpdaterV131 LG" /sc ONLOGON /rl HIGHEST
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 584
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE -WindowStyle Hidden -EncodedCommand cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA==
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MSIUpdaterV1\MSIUpdaterV1.exe" /tn "MSIUpdaterV1 HR" /sc HOURLY /rl HIGHEST
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcfeb046f8,0x7ffcfeb04708,0x7ffcfeb04718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.linkedin.com/login
C:\Users\Admin\AppData\Local\Temp\heidioFMuhWALl3h5\Rv1GAq8Qd0adgvvVwS6D.exe
"C:\Users\Admin\AppData\Local\Temp\heidioFMuhWALl3h5\Rv1GAq8Qd0adgvvVwS6D.exe"
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MSIUpdaterV1\MSIUpdaterV1.exe" /tn "MSIUpdaterV1 LG" /sc ONLOGON /rl HIGHEST
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcfeb046f8,0x7ffcfeb04708,0x7ffcfeb04718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/video
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcfeb046f8,0x7ffcfeb04708,0x7ffcfeb04718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Users\Admin\AppData\Local\Temp\heidioFMuhWALl3h5\Dx41jSF_9DfH9NuYSJP5.exe
"C:\Users\Admin\AppData\Local\Temp\heidioFMuhWALl3h5\Dx41jSF_9DfH9NuYSJP5.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1488,8340587412303013657,3606584165057490245,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1488,8340587412303013657,3606584165057490245,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1956 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcfeb046f8,0x7ffcfeb04708,0x7ffcfeb04718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1488,8340587412303013657,3606584165057490245,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1488,8340587412303013657,3606584165057490245,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcfeb046f8,0x7ffcfeb04708,0x7ffcfeb04718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,8144959766894803320,17072518909359583635,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,8144959766894803320,17072518909359583635,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.facebook.com/video
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.youtube.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0xf8,0x130,0x7ffcfeb046f8,0x7ffcfeb04708,0x7ffcfeb04718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1488,8340587412303013657,3606584165057490245,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\heidikS9U5BJECqRe\hEnD_vsue8qWbjC9bU0U.exe
"C:\Users\Admin\AppData\Local\Temp\heidikS9U5BJECqRe\hEnD_vsue8qWbjC9bU0U.exe"
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1488,8340587412303013657,3606584165057490245,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcfeb046f8,0x7ffcfeb04708,0x7ffcfeb04718
C:\Users\Admin\AppData\Local\Temp\heidioFMuhWALl3h5\w4bqavvZtFL1zPmzJM0s.exe
"C:\Users\Admin\AppData\Local\Temp\heidioFMuhWALl3h5\w4bqavvZtFL1zPmzJM0s.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1488,8340587412303013657,3606584165057490245,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3740 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1488,8340587412303013657,3606584165057490245,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4316 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcfd429758,0x7ffcfd429768,0x7ffcfd429778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffcfd429758,0x7ffcfd429768,0x7ffcfd429778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcfd429758,0x7ffcfd429768,0x7ffcfd429778
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1480,17301859062873564705,8115614565709384381,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2076 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1488,8340587412303013657,3606584165057490245,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4456 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1488,8340587412303013657,3606584165057490245,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1488,8340587412303013657,3606584165057490245,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5220.0.1929109729\1542190630" -parentBuildID 20221007134813 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9fed9ed8-1914-43a4-afbe-f4136224e33a} 5220 "\\.\pipe\gecko-crash-server-pipe.5220" 1988 2256b7d9858 gpu
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1488,8340587412303013657,3606584165057490245,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1488,8340587412303013657,3606584165057490245,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1488,8340587412303013657,3606584165057490245,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\heidioFMuhWALl3h5\qZfCGyhKeeOAN_r2hOiq.exe
"C:\Users\Admin\AppData\Local\Temp\heidioFMuhWALl3h5\qZfCGyhKeeOAN_r2hOiq.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1488,8340587412303013657,3606584165057490245,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5220.1.1514426276\992765110" -parentBuildID 20221007134813 -prefsHandle 2428 -prefMapHandle 2424 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {54a3c26e-d51b-4f47-b4cc-5b66b831d0a8} 5220 "\\.\pipe\gecko-crash-server-pipe.5220" 2440 2255ebd8758 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5220.2.1731598280\995997957" -childID 1 -isForBrowser -prefsHandle 3168 -prefMapHandle 3120 -prefsLen 21603 -prefMapSize 233444 -jsInitHandle 1080 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d854f90e-4f50-477c-a618-51cac8d78afa} 5220 "\\.\pipe\gecko-crash-server-pipe.5220" 3252 2256f5d8658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5220.3.1357253583\736629161" -childID 2 -isForBrowser -prefsHandle 3640 -prefMapHandle 3636 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1080 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb79232d-8ab2-4304-ba2b-0d26863e1c71} 5220 "\\.\pipe\gecko-crash-server-pipe.5220" 3648 225704dbb58 tab
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2256 --field-trial-handle=2012,i,7482486292363643143,11933555074748310482,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1952 --field-trial-handle=2012,i,7482486292363643143,11933555074748310482,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3116 --field-trial-handle=2012,i,7482486292363643143,11933555074748310482,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1924 --field-trial-handle=1984,i,5355664270073011714,8373112159295329654,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3440 --field-trial-handle=2012,i,7482486292363643143,11933555074748310482,131072 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5220.6.1850728094\1899685469" -childID 5 -isForBrowser -prefsHandle 5248 -prefMapHandle 5244 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1080 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {14e982e7-e369-45ff-9653-90abc71fd98f} 5220 "\\.\pipe\gecko-crash-server-pipe.5220" 5276 22571aebe58 tab
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3904 --field-trial-handle=2012,i,7482486292363643143,11933555074748310482,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4724 --field-trial-handle=2012,i,7482486292363643143,11933555074748310482,131072 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5220.5.1010248730\1375309310" -childID 4 -isForBrowser -prefsHandle 4928 -prefMapHandle 4932 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1080 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {90c9d7fc-1ccd-49ff-88f7-c84bb1b06cc9} 5220 "\\.\pipe\gecko-crash-server-pipe.5220" 5012 22571aec758 tab
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4716 --field-trial-handle=2012,i,7482486292363643143,11933555074748310482,131072 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5220.4.1256568831\1012708822" -childID 3 -isForBrowser -prefsHandle 4800 -prefMapHandle 4796 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1080 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7532088-2870-4915-b0c2-4d7804a46a53} 5220 "\\.\pipe\gecko-crash-server-pipe.5220" 3868 22571aeb558 tab
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=1984,i,5355664270073011714,8373112159295329654,131072 /prefetch:2
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5220.8.521897957\1085958074" -childID 7 -isForBrowser -prefsHandle 5440 -prefMapHandle 5444 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1080 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a75e5159-ba93-4281-9ad1-b8fe80a78dad} 5220 "\\.\pipe\gecko-crash-server-pipe.5220" 5660 22572306b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5220.7.1744351186\1941975273" -childID 6 -isForBrowser -prefsHandle 5532 -prefMapHandle 5528 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1080 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {097e9710-bc2c-40aa-b7c4-7182f38b8ed1} 5220 "\\.\pipe\gecko-crash-server-pipe.5220" 5512 22572307458 tab
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3124 --field-trial-handle=2012,i,7482486292363643143,11933555074748310482,131072 /prefetch:1
C:\Windows\SysWOW64\schtasks.exe
schtasks /DELETE /F /TN "gfkQLRcAq"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1940 --field-trial-handle=2020,i,3534818163054574468,16718502741976783149,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 --field-trial-handle=2020,i,3534818163054574468,16718502741976783149,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1824 --field-trial-handle=2012,i,7482486292363643143,11933555074748310482,131072 /prefetch:2
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 5840 -ip 5840
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 --field-trial-handle=2012,i,7482486292363643143,11933555074748310482,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5348 --field-trial-handle=2012,i,7482486292363643143,11933555074748310482,131072 /prefetch:8
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5840 -s 2196
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "bLRSFllosNMSdmnNPq" /SC once /ST 00:47:00 /RU "SYSTEM" /TR "\"C:\Users\Admin\AppData\Local\Temp\XwOcuBTFvpBDnmfjN\NebZqxeVlkfzTHh\qyicQYI.exe\" EV /Cksite_idEfR 525403 /S" /V1 /F
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1488,8340587412303013657,3606584165057490245,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5592 --field-trial-handle=2012,i,7482486292363643143,11933555074748310482,131072 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1488,8340587412303013657,3606584165057490245,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1488,8340587412303013657,3606584165057490245,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1488,8340587412303013657,3606584165057490245,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7620 /prefetch:1
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.171.91.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| RU | 147.45.40.172:80 | 147.45.40.172 | tcp |
| US | 8.8.8.8:53 | api.myip.com | udp |
| US | 104.26.8.59:443 | api.myip.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 172.40.45.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | 59.8.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.186.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| NL | 91.92.240.75:80 | 91.92.240.75 | tcp |
| RU | 193.233.132.216:80 | tcp | |
| US | 8.8.8.8:53 | cleued.com | udp |
| US | 8.8.8.8:53 | monoblocked.com | udp |
| US | 8.8.8.8:53 | vk.com | udp |
| US | 8.8.8.8:53 | flex.sunaviat.com | udp |
| US | 8.8.8.8:53 | 294diesel-propelled.sbs | udp |
| US | 8.8.8.8:53 | cczhk.com | udp |
| DE | 185.172.128.127:80 | 185.172.128.127 | tcp |
| RU | 87.240.129.133:80 | vk.com | tcp |
| RU | 87.240.129.133:80 | vk.com | tcp |
| US | 172.67.154.10:80 | cleued.com | tcp |
| US | 104.21.45.242:80 | flex.sunaviat.com | tcp |
| US | 172.67.168.240:80 | 294diesel-propelled.sbs | tcp |
| RU | 45.130.41.108:80 | monoblocked.com | tcp |
| US | 172.67.154.10:80 | cleued.com | tcp |
| US | 172.67.154.10:80 | cleued.com | tcp |
| RU | 87.240.129.133:80 | vk.com | tcp |
| RU | 87.240.129.133:80 | vk.com | tcp |
| US | 172.67.168.240:443 | 294diesel-propelled.sbs | tcp |
| US | 172.67.154.10:443 | cleued.com | tcp |
| RU | 45.130.41.108:80 | monoblocked.com | tcp |
| RU | 87.240.129.133:80 | vk.com | tcp |
| RU | 87.240.129.133:80 | vk.com | tcp |
| KR | 211.181.24.133:80 | cczhk.com | tcp |
| RU | 45.130.41.108:80 | monoblocked.com | tcp |
| RU | 87.240.129.133:80 | vk.com | tcp |
| RU | 87.240.129.133:80 | vk.com | tcp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.240.92.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.128.172.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.154.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.45.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.168.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.129.240.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.41.130.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.24.181.211.in-addr.arpa | udp |
| RU | 87.240.129.133:80 | vk.com | tcp |
| RU | 87.240.129.133:80 | vk.com | tcp |
| RU | 87.240.129.133:80 | vk.com | tcp |
| RU | 87.240.129.133:80 | vk.com | tcp |
| RU | 87.240.129.133:80 | vk.com | tcp |
| RU | 87.240.129.133:80 | vk.com | tcp |
| RU | 87.240.129.133:80 | vk.com | tcp |
| RU | 87.240.129.133:80 | vk.com | tcp |
| RU | 45.130.41.108:443 | monoblocked.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| RU | 87.240.129.133:80 | vk.com | tcp |
| RU | 87.240.129.133:80 | vk.com | tcp |
| GB | 2.19.169.32:80 | x2.c.lencr.org | tcp |
| US | 8.8.8.8:53 | pergor.com | udp |
| RU | 87.240.129.133:80 | vk.com | tcp |
| US | 104.21.32.227:443 | pergor.com | tcp |
| US | 8.8.8.8:53 | 32.169.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 632432.site | udp |
| KR | 211.181.24.133:80 | cczhk.com | tcp |
| RU | 87.240.129.133:80 | vk.com | tcp |
| RU | 87.240.129.133:80 | vk.com | tcp |
| US | 8.8.8.8:53 | 227.32.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.179.17.96.in-addr.arpa | udp |
| RU | 87.240.129.133:80 | vk.com | tcp |
| RU | 87.240.129.133:80 | vk.com | tcp |
| RU | 87.240.129.133:80 | vk.com | tcp |
| RU | 87.240.129.133:80 | vk.com | tcp |
| RU | 87.240.129.133:80 | vk.com | tcp |
| RU | 87.240.129.133:80 | vk.com | tcp |
| RU | 87.240.129.133:80 | vk.com | tcp |
| RU | 87.240.129.133:80 | vk.com | tcp |
| RU | 87.240.129.133:443 | vk.com | tcp |
| NL | 194.104.136.64:443 | 632432.site | tcp |
| RU | 87.240.129.133:443 | vk.com | tcp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.136.104.194.in-addr.arpa | udp |
| RU | 87.240.129.133:80 | vk.com | tcp |
| US | 8.8.8.8:53 | sun6-23.userapi.com | udp |
| RU | 87.240.129.133:443 | vk.com | tcp |
| US | 8.8.8.8:53 | sun6-21.userapi.com | udp |
| NL | 95.142.206.3:443 | sun6-23.userapi.com | tcp |
| NL | 95.142.206.1:443 | sun6-21.userapi.com | tcp |
| RU | 87.240.129.133:443 | vk.com | tcp |
| RU | 87.240.129.133:443 | vk.com | tcp |
| US | 8.8.8.8:53 | sun6-20.userapi.com | udp |
| NL | 95.142.206.0:443 | sun6-20.userapi.com | tcp |
| RU | 87.240.129.133:443 | vk.com | tcp |
| US | 8.8.8.8:53 | sun6-22.userapi.com | udp |
| US | 8.8.8.8:53 | 3.206.142.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.206.142.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.206.142.95.in-addr.arpa | udp |
| RU | 87.240.129.133:443 | vk.com | tcp |
| RU | 87.240.129.133:443 | vk.com | tcp |
| NL | 95.142.206.2:443 | sun6-22.userapi.com | tcp |
| RU | 87.240.129.133:443 | vk.com | tcp |
| US | 8.8.8.8:53 | 2.206.142.95.in-addr.arpa | udp |
| RU | 87.240.129.133:443 | vk.com | tcp |
| NL | 95.142.206.2:443 | sun6-22.userapi.com | tcp |
| RU | 193.233.132.216:38324 | 193.233.132.216 | tcp |
| US | 8.8.8.8:53 | 216.132.233.193.in-addr.arpa | udp |
| RU | 147.45.40.172:80 | 147.45.40.172 | tcp |
| US | 8.8.8.8:53 | iplis.ru | udp |
| US | 172.67.147.32:443 | iplis.ru | tcp |
| US | 8.8.8.8:53 | iplogger.org | udp |
| US | 172.67.132.113:443 | iplogger.org | tcp |
| US | 8.8.8.8:53 | 32.147.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.132.67.172.in-addr.arpa | udp |
| RU | 193.233.132.67:50500 | tcp | |
| RU | 193.233.132.62:50500 | tcp | |
| US | 8.8.8.8:53 | 67.132.233.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.132.233.193.in-addr.arpa | udp |
| RU | 85.209.11.85:41140 | tcp | |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| DE | 185.172.128.24:80 | 185.172.128.24 | tcp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 8.8.8.8:53 | 85.11.209.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.128.172.185.in-addr.arpa | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | healthproline.pro | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 172.67.215.138:443 | healthproline.pro | tcp |
| RU | 193.233.132.49:50500 | tcp | |
| US | 8.8.8.8:53 | 138.215.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | theoryapparatusjuko.fun | udp |
| US | 8.8.8.8:53 | snuggleapplicationswo.fun | udp |
| US | 8.8.8.8:53 | smallrabbitcrossing.site | udp |
| US | 8.8.8.8:53 | 49.132.233.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | punchtelephoneverdi.store | udp |
| US | 172.67.154.29:443 | punchtelephoneverdi.store | tcp |
| US | 8.8.8.8:53 | 29.154.67.172.in-addr.arpa | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | telephoneverdictyow.site | udp |
| US | 8.8.8.8:53 | strainriskpropos.store | udp |
| US | 172.67.223.132:443 | strainriskpropos.store | tcp |
| RU | 185.215.113.46:80 | 185.215.113.46 | tcp |
| US | 8.8.8.8:53 | 132.223.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.113.215.185.in-addr.arpa | udp |
| NL | 195.20.16.46:80 | tcp | |
| US | 8.8.8.8:53 | snuggleapplicationswo.fun | udp |
| US | 8.8.8.8:53 | smallrabbitcrossing.site | udp |
| US | 172.67.154.29:443 | punchtelephoneverdi.store | tcp |
| US | 172.67.223.132:443 | strainriskpropos.store | tcp |
| US | 13.107.42.16:443 | tcp | |
| US | 8.8.8.8:53 | www.linkedin.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 13.107.42.14:443 | www.linkedin.com | tcp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 206.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.42.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| GB | 216.58.212.206:443 | www.youtube.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| GB | 216.58.212.206:443 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 44.227.167.82:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| GB | 216.58.212.206:443 | youtube-ui.l.google.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.167.227.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| RU | 193.233.132.67:50500 | tcp | |
| GB | 142.250.179.246:443 | i.ytimg.com | tcp |
| RU | 193.233.132.62:50500 | tcp | |
| RU | 193.233.132.62:50500 | tcp | |
| GB | 142.250.179.246:443 | i.ytimg.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | 246.179.250.142.in-addr.arpa | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | star-mini.c10r.facebook.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | star-mini.c10r.facebook.com | udp |
| US | 8.8.8.8:53 | 23.147.70.163.in-addr.arpa | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| GB | 163.70.147.35:443 | star-mini.c10r.facebook.com | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.147.70.163.in-addr.arpa | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| GB | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| GB | 163.70.147.23:443 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| GB | 163.70.147.23:443 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 163.70.147.23:443 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| GB | 172.217.16.234:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | scontent-lhr6-1.xx.fbcdn.net | udp |
| GB | 163.70.147.23:443 | scontent-lhr6-1.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | scontent-lhr6-1.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | scontent-lhr6-1.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | scontent-lhr6-1.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | scontent-lhr6-1.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | scontent-lhr6-1.xx.fbcdn.net | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | accounts.youtube.com | udp |
| GB | 216.58.212.206:443 | youtube-ui.l.google.com | udp |
| GB | 142.250.179.246:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.licdn.com | udp |
| RU | 5.42.65.31:48396 | tcp | |
| GB | 88.221.134.88:443 | static.licdn.com | tcp |
| GB | 88.221.134.88:443 | static.licdn.com | tcp |
| GB | 88.221.134.88:443 | static.licdn.com | tcp |
| US | 8.8.8.8:53 | 31.65.42.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.134.221.88.in-addr.arpa | udp |
| GB | 172.217.16.238:443 | accounts.youtube.com | tcp |
| GB | 172.217.16.238:443 | accounts.youtube.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.200.14:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.14:443 | play.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | accounts.youtube.com | udp |
| GB | 172.217.16.238:443 | accounts.youtube.com | tcp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| GB | 163.70.147.23:443 | scontent-lhr6-1.xx.fbcdn.net | udp |
| GB | 172.217.16.234:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| GB | 172.217.16.238:443 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.14:443 | play.google.com | tcp |
| GB | 142.250.200.14:443 | play.google.com | tcp |
| GB | 142.250.200.14:443 | play.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.200.14:443 | clients2.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.200.14:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.200.14:443 | play.google.com | tcp |
| GB | 142.250.200.14:443 | play.google.com | udp |
| GB | 142.250.200.14:443 | play.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| RU | 193.233.132.49:50500 | tcp |
Files
C:\Users\Admin\Desktop\setup.exe
| MD5 | da91cbb81e353e406bd9c3d363ad773e |
| SHA1 | cc4e2389dfad4a9ef5265e54e0bca4fc272dcdac |
| SHA256 | 9dbe284c0b26703bd0c4f9f3a7110378cd6eb39699d016f52362495b00d6dabd |
| SHA512 | 47024f6c1d26c601ee9867c3af0a409d0b73e031828031f8479e52ce090a8c3a331aa78f7d9b8cd9f90738b8e94136b32e4172d5292690488cdcf8825bbc7b4d |
C:\Users\Admin\Desktop\setup.exe
| MD5 | 7a7e04d50a5c190d4925e572c0b3e510 |
| SHA1 | 2bcc3c3238748cc52fe8fba29c22c17287bbdd98 |
| SHA256 | 17ea7e0aaf692c12f54a0a3083b778fc0fe49bdb1e124212e0a858fe03647691 |
| SHA512 | eacf6119180808fa54f28a3ca17ea7b4fa2da6c330871e076a653aa853bbd5bd46cd932f5b0d50b56a36bca80ded6ec075e2543008aee82623fe71b6d425a1af |
memory/3668-325-0x00007FF7BBDA0000-0x00007FF7BC610000-memory.dmp
memory/3668-324-0x00007FFD1C390000-0x00007FFD1C392000-memory.dmp
memory/3668-326-0x00007FF7BBDA0000-0x00007FF7BC610000-memory.dmp
C:\Users\Admin\Documents\GuardFox\BV0epC5IgplkEFKJJi8dGFkU.exe
| MD5 | 6cc7d20e12d6c30e63448c1a3c8f8144 |
| SHA1 | ed8c10373f9f5caba24852fa1e9e9381e62c03d4 |
| SHA256 | e11d32be0b479923cc28165f2dd3488cda58ba2368652420b5fd66605ec49f18 |
| SHA512 | dba2f0af2681b5364dd89cdd07866da18e1f395e686d69cb33c05d41cc8b51d3138564927eac627add7c7ff284a7e9257b49559d2eaf838eeeb62b08a6f30942 |
C:\Users\Admin\Documents\GuardFox\DsODOVOnPuowHmDQjFDEFVub.exe
| MD5 | 61c7c375dbfa00eee5bce20b0b5e6404 |
| SHA1 | b294a3532dab8ff2e6356c86b325f4a6d01fd2c9 |
| SHA256 | ce1adcf67501ff8cea5d2d0821b8f86560f7e52eb7817aa8b260b2cf1df45914 |
| SHA512 | 572195001cb45cab42ae79ebf1e0b93cde9dbaa2bc3c456a264368be7318a53d1ba527b996cf937f2425853f01fe25681d174e2a02f58ed44c10a7fc0b1b42ae |
C:\Users\Admin\Documents\GuardFox\BuVQu_NighUML4xhBJAV4Elv.exe
| MD5 | 344ab5f6badfc8e09e9b8384f5cb3e60 |
| SHA1 | 1213df1776390d5a9acd3395f0b806bbae13127f |
| SHA256 | 5240773ffa3a72a2d31a6a4aced652979b2662efaab2c7bcc28a1a67bd5b7696 |
| SHA512 | 523ac88b7a2eaefb30afb73e68d2ce1dc58d439d013dffa5db29031add6fc6d40727a42d9a0d2b11076dcc395604caf3ceb4017dc334345b4fccb2c6db4e0e43 |
C:\Users\Admin\Documents\GuardFox\0OVxzGWbWcgRojf3Dij5_gBI.exe
| MD5 | 331901816391cf60513c9f1cc8692d2b |
| SHA1 | f80f2ce13c9eb4a1597d0feb9c38068e1c9a35fe |
| SHA256 | 55b82f11dafe1c80f63f6ca2d1d7201e4878fd4b56c4898017e6918559ae8b3b |
| SHA512 | 5820e82a9f3c6a2425677f34a40235e559d653e5f3d060faa4ff6dff54b7f18102a7f207fafe7e7a6f0e5b1f6dca381945d24314b977490f3f9848d13a914d23 |
C:\Users\Admin\Documents\GuardFox\0oJec31EJWBGdsE8EB5m2EfS.exe
| MD5 | 63068fcf7019fbd5cdaae4016c332dda |
| SHA1 | 8b4706c0ee1d04ebd87278ed75ee88692e84fcab |
| SHA256 | 34201b2dd14568ee5704a61514d952e6552774fb655b4f0435539b670cf32c1c |
| SHA512 | e42c3f98e70dbef670340c455bc5ad8ddc965b107f64302692115024814657824d49cef6ace61b762a7e1f5457b6b7561d3ed2446efaaf04dcab8a8faebaa3ce |
C:\Users\Admin\Documents\GuardFox\16wx_YIG21pqT_Xr7KZSQElC.exe
| MD5 | 94222eb65d8e532c50b947d30e366951 |
| SHA1 | 8fb5208e5e1e86828508484f79f2b1280a8e8343 |
| SHA256 | 39e30d62f27bdeb54b9a05e31834ddc5c310a88629a2a98b3006bab7e212addf |
| SHA512 | 4ced8505ea11ee064c6a8e4c3a5d6487d367ca559f1e013ec21b5e6542935996b43075d9de3bbac3777e88876878628a0ae093440e07f0ebca8f0de6843fbe98 |
C:\Users\Admin\Documents\GuardFox\RiJfMhqgzUh3Z5yViSx9uvxC.exe
| MD5 | ccc38bfa64415a959768ec0de0bd5678 |
| SHA1 | 46261e4ca9b49cc1983246a427cb07c9f049ed36 |
| SHA256 | d063f45e27d19de4e93a4e0e00e3ec61af52b90fc410bef5c34db2d14f8d6924 |
| SHA512 | 4d227a0c41f042d53c561d057ac54aabd5507190f428b89b3f29f2d495e0cdb549dd8a5aeffba6ead7903cd561634047efc659c60e4011932d217aafa663c4fa |
C:\Users\Admin\Documents\GuardFox\256DsIF7Q4WqY5sQPQUz1GS2.exe
| MD5 | 25d0201b47d9c56f49872099b325fd91 |
| SHA1 | 4b0e03f7473f167ef66bce62722b9fb7315bb8e4 |
| SHA256 | b62ed33948ce810f0b14d7fdeababca9ca7a7929eb6bd28b0535d6e6e8660b52 |
| SHA512 | e2ba37a90c0653acda0c0df3912a6044e8afbd56f8777f26711e9dc37f4cbcc4b3f84d699ad77ea08dcda3fb0c65565d18ce5e0c9bde6d42ff0915720d28e9db |
C:\Users\Admin\Documents\GuardFox\aac__x8f8YuFoXzVIAScX2Ge.exe
| MD5 | 6565aa420a7533ec5027acf619b3a8a7 |
| SHA1 | 319511c1fab98bda69cfab980cc4ccaa49b0b87b |
| SHA256 | 43bd00543fdaab3ec0a630ab882a24800d8f155a2825b946734dc48f7c6dbb13 |
| SHA512 | b07eb6561b91970831dfe574ce794514025d43f3b7aed4648799aeb9d80e8f125c43ecccba84f76e15084020eb4a1a1a527a945b927259be8d865510ec8e6c59 |
C:\Users\Admin\Documents\GuardFox\sgEU8uUsx5ovrqMAQC6_3ESn.exe
| MD5 | 44698cc687f23a47bb734d2e19f974d9 |
| SHA1 | 7711d8a755a0937b1b12094f3dee857deb29abf4 |
| SHA256 | d2a22e2ab0fc6275c543a0d2b63bc3894c019b96058109684e8bcc6852e7a8d6 |
| SHA512 | d78f2de67cd0aaeb89af5cbed1d2df2f77c332ecc0a2fcce1daa1dd5a86e7ac70f78e6d4f12d29b42980baf74ccf03a3f39743407ea1a1770843a3c7d0e24b59 |
C:\Users\Admin\Documents\GuardFox\Rvfu_TBegOmlIU8aIw_TSPqC.exe
| MD5 | 97c20b6f6a0162231a3490d8eea90f02 |
| SHA1 | 88545d8b1e295c3d1ac2da8817e176ebf650ab33 |
| SHA256 | ae6a08693bf08c211ba5c96e23769fd9e9692f2d59ecd54e3d46199433d6c633 |
| SHA512 | b9e66ee6ed1f5a84f3b234b5e84d4e363b4bd238923c22c1ac8d6208573ce7b2e08b1521e37ad26bb1e47dcc1565eecfe58631def8fe152b6125127ba0e268d2 |
C:\Users\Admin\Documents\GuardFox\yjGt3ydXsCsjXyg1DDSpAbto.exe
| MD5 | 09badb8acf8fe1c8d35791aa2593c118 |
| SHA1 | 9c22f98c4d578b3f593b160362b10beb1a1ca901 |
| SHA256 | 8af7c3f82ad26852a76b872771b62edb87eaf52d3f38332daa06f577a2122850 |
| SHA512 | 9ace0b41912cc8b848fc619157423eb7ff118121202357c0831dbd7513a372e1c71ccb1ff8751ecb55709ed45fcec1c54583924d2555467c99823f2cbeffe955 |
C:\Users\Admin\Documents\GuardFox\mhcmeio5eNjgYxd0kMhGYrcq.exe
| MD5 | e50cb449f98133f26d9ccaf2c72edbbc |
| SHA1 | 2d0ead96186e4a857f79f6d2e5b39afb7ac4cb46 |
| SHA256 | 569aab2e998b68ff673c77c04114f65bdd1f2e17b23d4692752500aab3b1334f |
| SHA512 | 733ac4885b229655d5936200cad4dddb261b5d9982a1ffce4a61622afeb75333bb8641bc7867a4ddefada2fcab21dc68365ad45ea61e8afee6ef53bf5ee65cb5 |
C:\Users\Admin\Documents\GuardFox\lZk8uP4ULrpujUNU0PWd63Oa.exe
| MD5 | 8532544f5cbd141fc599f97b11fc2e0f |
| SHA1 | 4eecfb7f87aa41fecacf34a07e19be2be079cc22 |
| SHA256 | 12b3f714e4bec11f7bb00f68e308fd75c51115a4c86b3d12219d85e108867be3 |
| SHA512 | 89f0c25642b8313053efb308adc81e65fef342ee1ea97e3bcb7486e3a08e03667358ac7284071c73d9155069c6df315a30f1405df80fa8194a15e0da1cef5f22 |
C:\Users\Admin\Documents\GuardFox\Qb6kX4zBk5PjJgz3VHZH1Jii.exe
| MD5 | 6cb471a3b304edcb86212399fb92da0c |
| SHA1 | 47da24063319036fdbfca7d38a417131dceea20a |
| SHA256 | 223d70e9cec000a2cbb940bda1e0aa33cb5f8f0a92f2b83264a0eb2106de966f |
| SHA512 | ef95d89db2ca3d8674a2ad268110944c5381c662d2c7215953ae5e5759823a4e2afe1f15e03e9fea7160e19d8fa86bdf64044628ca40dcb85622f39d6ac52e83 |
C:\Users\Admin\Documents\GuardFox\7yytbZttbtxwnQ_41mE7bEpw.exe
| MD5 | 61340239ba37f0a15adad1d8f0360f04 |
| SHA1 | 562f5f2958d921b2cd5469c221ec7a2943311123 |
| SHA256 | 0f006d92d81b348eb571c2e8627bece3405f151bfb0f631f8b6a598c1d2f4d9d |
| SHA512 | bd27b49a155441c194a3099bc3a31f4b486a666297165fc827e51e0a78e74f39f40755c69cc85efa0f305119c380563bf0afc86fff2e3dfe775c0dc5ffdbe4a2 |
memory/3668-473-0x00007FF7BBDA0000-0x00007FF7BC610000-memory.dmp
C:\Users\Admin\Desktop\setup.exe
| MD5 | d22a4650eed58f53e98aa8fb50f9c04e |
| SHA1 | 15c1d3a33bcaa100229d111feba7799ae040723e |
| SHA256 | a42f7ed24ee1855f8bff5e965e47c326ef07437422bea38564583a7d31271291 |
| SHA512 | 15734dba72df1715cec72c9ec748472bc734893eec38ddc1c3d5862e09c0bd2e87a41cea07cd5db15d24fba8bf41a60058940546f1a54832bdbb909e87a67025 |
C:\Users\Admin\Documents\GuardFox\jMw9eKn4GWInWESMy8k9IGsT.exe
| MD5 | bd4d1caae7aa8ba7bff1082b3f4c70c7 |
| SHA1 | b668dbc890d397338af0a04ec701fc5a1197700c |
| SHA256 | 189325df1e0475c455958413864be27dce60acba07a7e5c2daafded43f0423d2 |
| SHA512 | cc18af40ec72acc728d4e8f572c84a6b3f5effea200cf245edfbe2ce6ad8fd1ee655254d83895c3bd18bbb791976544a47339a893574ec890352c896c901717e |
memory/1396-483-0x00007FF7BBDA0000-0x00007FF7BC610000-memory.dmp
memory/1396-482-0x00007FF7BBDA0000-0x00007FF7BC610000-memory.dmp
C:\Users\Admin\Documents\GuardFox\DsODOVOnPuowHmDQjFDEFVub.exe
| MD5 | c91b9f1536ba51933c9e1105223d9161 |
| SHA1 | faf4ef4a859edf75d76496ffe69751cad0642a1a |
| SHA256 | 23c6ed473921adc3ae88168a0125aa51ddd50f3b7ff62175f8babd52e55fb140 |
| SHA512 | f890cafc4d92699480ab411a0ff83284758f16f4c84e476f27f60eb04da193b80f20392a37129512ee4f4f0ede275eac9ada1cb5cc405a79266f3d1c9d3c2a44 |
C:\Users\Admin\Documents\GuardFox\Rvfu_TBegOmlIU8aIw_TSPqC.exe
| MD5 | 7210203798362f4ec3463c7c2d302d12 |
| SHA1 | cd196f38de9c30e8f663d38e4d9e4bfd2699292b |
| SHA256 | 2936a7616fa8501b8be93dafc71222698a7b4b0f0bb1241a3ee442cc262701ea |
| SHA512 | 975b3ba9430d2f9d44a0ff635d6f52d0832c79f8b825db9cd3fc1daeab06f86f2c0b11054c1123bbbcfd0a2230ecfa28ef89f2483a9b4a37a81b0c44ad61f218 |
C:\Users\Admin\Documents\GuardFox\sgEU8uUsx5ovrqMAQC6_3ESn.exe
| MD5 | 4323448b558312bccca4726d4707fe0d |
| SHA1 | cbfe83b25f52686133c6210bd0b3887478c1a586 |
| SHA256 | 2b8a66abe715becb606ca1bf7afca1c679eae6f5cc9103a5e855826e379e4858 |
| SHA512 | 78b38b454035356f716483342614d670044e9ce4e2ab2bad0b528ee264998b43571c0f14656dca5bc4762e76ae744ec62a97c47e7a7555196d50c29a32de8367 |
C:\Users\Admin\Documents\GuardFox\mhcmeio5eNjgYxd0kMhGYrcq.exe
| MD5 | c5959c9a3c4b4a81f7d9993a2589fd00 |
| SHA1 | 4887740adb18479ea7fe66206b436af8b9830410 |
| SHA256 | f8f43ba050cc7d77d1f8593353b69eaa13afedd7ef65d63843583357e421243f |
| SHA512 | 91f0270a70195f3625c3c9bb2d897df5e7943c8fd9e2725f5acb1a536ece24e591bdd86e3a2f8dff3f676ffa20df6a6f71919747ecfbe9a1e4026edb7e29c594 |
C:\Users\Admin\Documents\GuardFox\aac__x8f8YuFoXzVIAScX2Ge.exe
| MD5 | b1ed5eb5e84fb49e0adfa6c5dd74b725 |
| SHA1 | 44e20b238108fec98db714427563b4188beb608e |
| SHA256 | 15fb261092cdf2f342030cc5286763e66baadc0bb771233bcf740b851a29fc82 |
| SHA512 | 4e98b400c9a59e12647a560ae6571a7555923575cf9970d0083158c6ee029076dfa2f2eecfa8728149ee6f7fbee6cb539a9497c75a73b61984d8e1ff7a919e6a |
memory/5820-946-0x0000000000400000-0x0000000000574000-memory.dmp
C:\Users\Admin\Documents\GuardFox\0oJec31EJWBGdsE8EB5m2EfS.exe
| MD5 | 1421e5b4afd2065a4d6b3a5750cb0b33 |
| SHA1 | f1bd46effcc19056e23d7f6c21ff4cef3e30105c |
| SHA256 | fed88eee8419ccdba61c0799a2c5062286dcd96d218f637400e68d9b57ca2703 |
| SHA512 | 127309c47584dacf8747bfb263c4f48756e919b0a665d24d3bc2ccef72c43429ece6e03258cf3c5dea188815b9b2d9c355b96ccac9b9343e1a0c9dced7d39efe |
C:\Users\Admin\Documents\GuardFox\BV0epC5IgplkEFKJJi8dGFkU.exe
| MD5 | b0aa84c5b99504434a668f68c25fdd23 |
| SHA1 | cab979cea85b0c9300a0e8dd542c265da958657f |
| SHA256 | 79bbfbb0a1597a92c20e6ee1331e99d1c0e71b39c6f87783a1a62e3f81ce3055 |
| SHA512 | 762b81c31e1de696ae18d5d5fabf75843f630325fc795753de4fac0f677f804d1459ed116ea17e781caf6df5c0a8bc17d5e189973025902ef6f27e545a810ee1 |
C:\Users\Admin\Documents\GuardFox\jMw9eKn4GWInWESMy8k9IGsT.exe
| MD5 | d5cb1b786ae28aed09acdfdfc0b0d6aa |
| SHA1 | ad5b1d221ee07211987c57583926b2422648a731 |
| SHA256 | a9025976a21dfbc2f384602a26e47ab46c1bce5de7a4289575efed51a2551ebc |
| SHA512 | 1e054f12a2967fb38387489c5425d26cb037acc63398045770045f7b5e0f36577aee1aa3b21962d8db49fcdd74eea10ea6726d5a91edee8a525ac835c935e313 |
C:\Users\Admin\Documents\GuardFox\jMw9eKn4GWInWESMy8k9IGsT.exe
| MD5 | b0efc9c1199881ad6b2ba02f7ac6e276 |
| SHA1 | 0ed5f8f4a28d86d8e63b7500318554f112f9d3cc |
| SHA256 | 648d35988ee34d1aeb1ed1e13c726a38d5a748303e0955e81b4edbe11da9714c |
| SHA512 | 31d8768c153b3a21a335836d97c5aa68ff373bd4672c905e6de2f8131a8db8474a2d71c1364897218ac0b7e080f6278fda105201df72fbe038cd51ccb9f7922f |
memory/3552-948-0x0000000000400000-0x0000000000414000-memory.dmp
memory/5820-951-0x0000000002060000-0x00000000020AB000-memory.dmp
C:\Users\Admin\Documents\GuardFox\7yytbZttbtxwnQ_41mE7bEpw.exe
| MD5 | bbb715bf39b9ed5113f178091abde7c9 |
| SHA1 | e1c5c27bf5f22101fec744edb053540f320eb1ed |
| SHA256 | 1540ea9157a286e4158e4b9a81c2f74a0cfaa161f02cacd6d8e95e255125813a |
| SHA512 | 2307247374e895101605c6618b54196884c4cb8e560e2cc4d70f9000fb53ab8476584e8c5d40e96665f83415a2ab6c79543e9ef81419106a95979f55009e0234 |
memory/5820-955-0x0000000000400000-0x0000000000574000-memory.dmp
memory/5820-956-0x0000000000400000-0x0000000000574000-memory.dmp
memory/1396-952-0x00007FF7BBDA0000-0x00007FF7BC610000-memory.dmp
memory/5820-959-0x0000000000400000-0x0000000000574000-memory.dmp
memory/5820-960-0x00000000005D0000-0x00000000005D2000-memory.dmp
memory/5820-958-0x0000000002060000-0x00000000020AB000-memory.dmp
memory/5820-964-0x0000000000400000-0x0000000000574000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-L3RMG.tmp\DsODOVOnPuowHmDQjFDEFVub.tmp
| MD5 | a5c6434fd5bedcd9e1afde17fc8b48d1 |
| SHA1 | 155fcc04e1c35e242c2c35edabcf9468fd22ea15 |
| SHA256 | 1175a656a9a1ba233478cce6e5f5d82074b6179db6c62183f2191ee98616f148 |
| SHA512 | 69a71677933e6df81272d9a814c30a3dd30b8e96d06d77e248953991dc15ed90201d307c84b0389d3e39e2e99e19bd6e58c4622bd27a34aea2f27462cc3cf05f |
memory/5820-967-0x0000000000400000-0x0000000000574000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-L3RMG.tmp\DsODOVOnPuowHmDQjFDEFVub.tmp
| MD5 | a0be246384b236e6687c6f0a6aea7949 |
| SHA1 | 6e6e9cb2e769ef126665bdcfa178a5c2797ee0c5 |
| SHA256 | c3908274baf4f73ae360adc935b8969da9959cc8dc27aae10ae97369f02c5179 |
| SHA512 | f554cc2aec6d0fa4b98db29476ae76a635d70b55079afc8d280c5f8c2c88df5aded21fa405c7e928583b51ce060a4e859d8eb4f863f3a0c8cf82d665e314193e |
C:\Users\Admin\Documents\GuardFox\yjGt3ydXsCsjXyg1DDSpAbto.exe
| MD5 | e532a9f5e701497a8077fbdb94c17a99 |
| SHA1 | 89f0f809a4d5443c28ba8e085849d5c6f9e547eb |
| SHA256 | 15c8cb41c6f972c59e17e9c09fed15f9a16846e3fd3412eca798a9277b13437a |
| SHA512 | 748f94fa09055b4506664d70235054b21affa5a431bd693e87ee1df3ef8ab989318b498800fe34d27c07ab2de348344ed7ddb056d2247994cca0796f962095c4 |
C:\Users\Admin\Documents\GuardFox\16wx_YIG21pqT_Xr7KZSQElC.exe
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/5820-1008-0x0000000000400000-0x0000000000574000-memory.dmp
memory/4848-1033-0x0000000000610000-0x0000000000611000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-UPHP4.tmp\_isetup\_iscrypt.dll
| MD5 | a69559718ab506675e907fe49deb71e9 |
| SHA1 | bc8f404ffdb1960b50c12ff9413c893b56f2e36f |
| SHA256 | 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc |
| SHA512 | e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63 |
memory/5820-968-0x00000000021D0000-0x00000000021D2000-memory.dmp
C:\Users\Admin\Documents\GuardFox\Qb6kX4zBk5PjJgz3VHZH1Jii.exe
| MD5 | 637aa1eb30cb0d3ddbfb840a50814ca4 |
| SHA1 | 0f0018ed86af0bac2c545cd5d343ac6700042e44 |
| SHA256 | 72ce71b137bd10a3670080097761d8ef4ca05028a3f5f925a4396feacd5bd1da |
| SHA512 | 54f39dc5dd3839bf90d9ca90034bcdcc45c9f94cb8952d00c9cf2e72cc484042c4f826bd87921593e7377ae5c0bace6d17935c4e2bf50b219efcf2e949d34621 |
C:\Users\Admin\Documents\GuardFox\0OVxzGWbWcgRojf3Dij5_gBI.exe
| MD5 | a25ddd0b5d826527dc81832eb8e1f36b |
| SHA1 | c9cbe3ec934c4575c5c95bfc689b85b47bae366a |
| SHA256 | b799a8e28bf80804d4efce0293892fc5697481be7d231d806efa396149775715 |
| SHA512 | 5f0e0ec0279081092260f4abc74c075477023271d07833cb079b4e740fde939935b829191c512211df1bf01dc6c1a0a944b12d83905dfa1a33aa705a683c5794 |
C:\Users\Admin\Documents\GuardFox\0OVxzGWbWcgRojf3Dij5_gBI.exe
| MD5 | b9aea8abae0ebed2143be4e11208ccdd |
| SHA1 | e0ac2460d8f503f0a3baabc99f3e12bd1b0d29a9 |
| SHA256 | 8e6df49dc03bfb213e293240620b775a0de18d26e3f9587b5615d36219500534 |
| SHA512 | 0cb2a1a29875cc720ea1280bbdba9fe53843349bbaa50762de4aedf596280a20613b32febfd409dc590a3576f71ccc5f7ea069f4e389a578616a8fb1e22b9758 |
C:\Users\Admin\Documents\GuardFox\fawFEA2UqvJM2YXz9spElryp.exe
| MD5 | 488692e4f9d03a89e713f6eb29677b1b |
| SHA1 | bbc10bf9b325a395fa316662e4e498d3e4b26747 |
| SHA256 | b46b643d19669f92c6a9d2f8ad6b2ed9e0b2832fdf0ca209c76b11abf0f8b5a2 |
| SHA512 | ccc03993e4151918e2fbcf498ac8ddeec824c2a97c941fec192d7d83cd8161c75587b0964a86db5b98b2daae9de306fc87dad9137762f41ad50756c20fca2ae2 |
C:\Users\Admin\Documents\GuardFox\Qb6kX4zBk5PjJgz3VHZH1Jii.exe
| MD5 | acac0c2a2c7a1fbc7173eed8f193b436 |
| SHA1 | 04223399637e43288efb57c63bd1269729b1b37f |
| SHA256 | 826b494b8b5d04c5516a784e3b2c6f3ab0b864da9045c006606591af3a48f49e |
| SHA512 | 089cdb4844cd28822021b7f53465c819b2cbddd068f749197285ff8238dc9389c469b8ef4f0af3519c90438b533effbedbc67752640b0a1c106f15ac92fd3914 |
C:\Users\Admin\Documents\GuardFox\DsODOVOnPuowHmDQjFDEFVub.exe
| MD5 | c95cb064c5f7d189f2fe9255acccddcf |
| SHA1 | 01025b8193a1645098051c97825b5df8b7e39867 |
| SHA256 | 9351fc960109498eae3190f2e798f4af8671fd85a3de69ea4ba34a91ad6b9f85 |
| SHA512 | 516710f392059dee626396a7558045869b71b9911b94db708b7fdab3ab26e40dd7816fe407249b35e18b9bfa984868010d64e5ff96e2d835fb92981a04d6fc46 |
C:\Users\Admin\Documents\GuardFox\fawFEA2UqvJM2YXz9spElryp.exe
| MD5 | 2738957c75d4eaadc9e23964ed69bba0 |
| SHA1 | e6e610f0f2bb88ef7629547318aedf451566ed9c |
| SHA256 | aedba4eb25e2bf8ada745233d7f79cd9878e9b460f324bc4256f1a543b5d444b |
| SHA512 | 9f49045f397f0013e57ecdccb07c58e87b5988305017ef35acb21fc945864d65a5eb229f261d63a47f46059a2418c12e6bb7e77afa2fdf04e5cd64dbced3eb5d |
C:\Users\Admin\Documents\GuardFox\Rvfu_TBegOmlIU8aIw_TSPqC.exe
| MD5 | 425ce4b0572616d0bba73112fb7e7972 |
| SHA1 | 24d6c2b9cc1334d0824b8368d0315b20d1cbb6f3 |
| SHA256 | 049d982aef75bbadaf8cc1e13ca6eee7679737abc8ec4e868112436e1852d829 |
| SHA512 | 7825561af5911a971e0f4e9e8d77ae878b393c5d141ac4bce601efda78e17ff804c609551bd7fcd0814c36957c0663e675b99362ead7e223971ae0a5e181a5c6 |
C:\Users\Admin\Documents\GuardFox\Rvfu_TBegOmlIU8aIw_TSPqC.exe
| MD5 | 7ea122b5ae3fc6621d571810f529c3b0 |
| SHA1 | a3fbbd9b33549abc022db5d6581731606cbdbff5 |
| SHA256 | c2700b410fd93786f1b50357f7ac39e7e5b2adb8b9b55a62ee5b7bc2bcfe4ba4 |
| SHA512 | a64b1bdfb82600b4463ae979acc7b5bbe527e7f4342c3f0310e949d1b63a2fb000fbb565e0eefb613a3e7bfa96b942380ce9f2d4e503a97efb51c3186cb802eb |
C:\Users\Admin\Documents\GuardFox\aac__x8f8YuFoXzVIAScX2Ge.exe
| MD5 | ed3659cb516273f2a43a1065ff380ab3 |
| SHA1 | 5d1b86afdd490b5a965680300f56f8123f36b0cd |
| SHA256 | d18b6678c23223c36393dc540f976bcb4ccc2bf459c06a21fa45f8183e61f545 |
| SHA512 | d0f12b1d58979fd1462ab201f1f4093b831f909b0a1417e085242c4e6cc832ecc9bd35b39448f1f773cd2d2601a045b8461ecc364beb5221c70aa79dccbdb3df |
C:\Users\Admin\Documents\GuardFox\fawFEA2UqvJM2YXz9spElryp.exe
| MD5 | 18d956bd1b1da42c3a9a3042ff7bd470 |
| SHA1 | a44034f4f213e66c64c0958f790b8746d2c2977b |
| SHA256 | 5ef59cce891136fd3f81017e63ee1c4348c39ad4570317d72291e29dc7a737ea |
| SHA512 | 69befb381bc358c2640527081b659bce5e6162be33dfd6518ce197c1016811b95efa941d7872798ac00983d5bdab09dae4641a4c43889367da93da1d22f4b284 |
C:\Users\Admin\AppData\Local\Temp\W33~.cpl
| MD5 | 0ac7ca9d2004a76a1f7640f336c951f8 |
| SHA1 | f9661be577affdc5399c8f2e7167a24e2c5b8d48 |
| SHA256 | 4403988ff4c9443d9c0e638f545c9a71e834805d4ef5487269b0746b9dc5e538 |
| SHA512 | 2ddcd4a4dd81bc91a6a82f8b3724f8f4c887773e157526f843c8c2c09460d85a8c282d3b9d5978b15c89f981ab28cdd98dfadd69135b657b6b6c3db102722472 |
memory/3472-1106-0x00000000737F0000-0x0000000073FA0000-memory.dmp
memory/3472-1116-0x00000000062A0000-0x00000000067CC000-memory.dmp
C:\Users\Admin\AppData\Local\Bilisoft DVD Creator\bilisoftdvdcreator.exe
| MD5 | 4a717e2417b0e5fc9b59b9149115a535 |
| SHA1 | e0c857c0de950a2678e5919e8d8d1c0e53d581b5 |
| SHA256 | 0894fa6b3e3242c0cfb92fb832a95a2bf6d62ae05516b07cea48dbed443f0afc |
| SHA512 | bd53d7d7e0c9460973dad599df3615167e290861864189c3e566e2b1ac2f7edef2dff53bfb431b9bff8b7541aef5fdbabdcf1525eb8179857097b7bdb5773f2b |
memory/1908-1119-0x0000000000FC0000-0x0000000001E2B000-memory.dmp
memory/4460-1121-0x0000000005620000-0x0000000005630000-memory.dmp
memory/4460-1120-0x0000000005560000-0x000000000556A000-memory.dmp
memory/3504-1124-0x0000000000530000-0x000000000108E000-memory.dmp
memory/3076-1127-0x0000000005410000-0x0000000005420000-memory.dmp
C:\Users\Admin\AppData\Local\Bilisoft DVD Creator\bilisoftdvdcreator.exe
| MD5 | ba152cc520594f7f78c0b7d439f5d307 |
| SHA1 | 705afc8d493223f39b35564dbb873bb858986718 |
| SHA256 | bfb59957824b25f1a6c0e9a26989caa1b4d1c435ee9fc6ea2e4e257c81a7c247 |
| SHA512 | 364448b945761dec3abd793540a34a7f93246fd8712add288eccf0e8c1c571368a87b8499aba45b7f5a5828421439b36cbcfaa26c52a9d6fe16a7b7ade8d79f3 |
memory/1908-1133-0x0000000077D24000-0x0000000077D26000-memory.dmp
memory/3504-1145-0x0000000000530000-0x000000000108E000-memory.dmp
memory/5416-1141-0x0000000000400000-0x00000000006D0000-memory.dmp
C:\ProgramData\E_MountLite_66\E_MountLite_66.exe
| MD5 | 8564a7bc261b010d5b3758606b0ba925 |
| SHA1 | 88df093b6db6cba44b19faf2711e79c54036235f |
| SHA256 | bf3db12726907fffc4d0d64723ddf3abe8ca4035f0fd17d394fdb9fd4ad0c501 |
| SHA512 | 02c8e289e15c411be93e7e812a0366f799470f68aaee84761e6749318b183914a29c03633fd9645996c8b472b3f0770f1e0f7b024e8473fb47f3ebe0784052cf |
memory/5416-1136-0x0000000000400000-0x00000000006D0000-memory.dmp
C:\Users\Admin\Documents\GuardFox\mhcmeio5eNjgYxd0kMhGYrcq.exe
| MD5 | edff4dcd29b1a94b893cae07354013df |
| SHA1 | 02de7d03ff1e5ea5d37f2a1797f12f55f4325e10 |
| SHA256 | 7a8b4ecc8ee7c6e0960a6943b3e1d05a8e68bbdde3fe1ec0901c417fb5bad1c0 |
| SHA512 | c2c4b66d55174ca2fc1e96e9a255975b1150ddd154c467bebcab2f71b20087b75e348782f369778c45e6a94da31f0891ee577c1c230977c1bfffc2c68a5e1168 |
memory/5024-1125-0x00000000006C0000-0x000000000121D000-memory.dmp
memory/5416-1123-0x0000000000400000-0x00000000006D0000-memory.dmp
memory/3472-1126-0x0000000006100000-0x0000000006202000-memory.dmp
memory/3472-1122-0x0000000005D60000-0x0000000005D70000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS1E60.tmp\Install.exe
| MD5 | 79ad4c8fa76876bbe8296f241a599c8b |
| SHA1 | a412b0068287e0301738fcd28a4543f4e152edda |
| SHA256 | 6b02e6d932c3dde33db256292a735143afe7c6226192f794b4e319dd269d7df9 |
| SHA512 | 05422cb38c95d55604b867ba86de12e1a83b9bb960e413cd091cb3a95ccbf3babc548db294b08f4a812103bfe1d76d9fedb2c3f0d564bfc0eddd9b65b3a0a36b |
memory/3472-1110-0x0000000005B10000-0x0000000005BAC000-memory.dmp
memory/3076-1109-0x0000000005230000-0x00000000052C2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS1E60.tmp\Install.exe
| MD5 | 3e7bc5ea77de4a2c26d80920cd7c2601 |
| SHA1 | 8a1ec64e973f201d7e15c98921635a26f83620fd |
| SHA256 | bc162128c7a006676a41267d2ca79904d334c31007229d48cc6ba0275f6b951a |
| SHA512 | 78193f61618627a78d0cfeb46f846f9e439bcff210ba6610be3a99340b7763134612fc0d1577c92a27a2b3f8e658a9415f906334ef3c5bee35ef36e6b6e93409 |
memory/3076-1104-0x0000000005740000-0x0000000005CE4000-memory.dmp
memory/3472-1103-0x0000000000D50000-0x0000000001282000-memory.dmp
C:\Users\Admin\Documents\GuardFox\RiJfMhqgzUh3Z5yViSx9uvxC.exe
| MD5 | cf851ec71e853378793846875cfe9068 |
| SHA1 | 2fc491e9b7e15f8fcb69f78900159f3f98ccfc19 |
| SHA256 | 37f5ccf7c6ccb659be9bd6a8ae14fd47527d98373c688fab5f9f3fb6180ac3d7 |
| SHA512 | 65dad657ba32c8f3f2700f19b872e2684d67a0b97e619db2293022efc0a308f75bd3ec9670ef91f823ad2b0ad9cb8710f1d6d398ce5aeb487f2e91ca61cf4c88 |
memory/4460-1092-0x0000000000BC0000-0x0000000000BF8000-memory.dmp
memory/3076-1097-0x00000000737F0000-0x0000000073FA0000-memory.dmp
memory/4460-1091-0x00000000737F0000-0x0000000073FA0000-memory.dmp
C:\Users\Admin\Documents\GuardFox\mhcmeio5eNjgYxd0kMhGYrcq.exe
| MD5 | b8a5e97cbb8cdfaae489aa3f8baf9627 |
| SHA1 | 200cfcd07d98f62741eded190dbc761338d9530c |
| SHA256 | 72761073fe705e4d6de744dab89327dbd3a59370c9ce2b0d66636c952bd68fc0 |
| SHA512 | eaa20a787e502accdcbf99c9833edff9b48b0dcd60508418000cb803d04c100a490fbb7d1b27948732ac3cacf7d182a46819f8a662779b1823620820f9195cd0 |
C:\Users\Admin\Documents\GuardFox\aac__x8f8YuFoXzVIAScX2Ge.exe
| MD5 | e6ed480eaab92ab50b19e965db7f67e7 |
| SHA1 | 1db45d41cf9eb85bd8320d7dda5d9f5338f16592 |
| SHA256 | 91beaeb804acaa2aae8bb54516d4b616b1765373cf97900dc73160b564b66081 |
| SHA512 | f5d37628916da7083334375d2ffe2e40b1f8429894cd40074d90f15fb5bca791bf5d4a160c9ec613c715a69978c9f321587228e67f2bb5f05254071829fef498 |
C:\Users\Admin\Documents\GuardFox\sgEU8uUsx5ovrqMAQC6_3ESn.exe
| MD5 | 63dddac839c8d0e4b10271a4e6b29e96 |
| SHA1 | c4a870fa2419d3f851fed5976f0336a06ae187ae |
| SHA256 | e1f8b37ac24d27f7cccd302e5f6624a2cc227e89aac48976af158b3b0c4bd76f |
| SHA512 | b0bdb3ad77d2e909fd3932644b752f27172f9923ba105ed29d94f793846c6099a301f008a97c3ff21b5ee4f8fbaadc953edba76b1c7c0ea40906610109e7902d |
C:\Users\Admin\Documents\GuardFox\sgEU8uUsx5ovrqMAQC6_3ESn.exe
| MD5 | 83f1b2fb63b65fe734304c07d71b703d |
| SHA1 | 5a6844eb0e3379b9519b5217de6fbda5e9d8a1df |
| SHA256 | 0c569e07a2166e75a7101f9ff07921bcfd433161959fa2dfe7b36ec88d36f2ab |
| SHA512 | 303e85e966e4798a52619666e295366c37ce6c29f8dcfd7f0647b4e746a09f91b964f70e5678731c2d1309aa9d76c002d2fe9140743ff2f2fdecd7cc49219869 |
memory/3668-1151-0x00007FF7BBDA0000-0x00007FF7BC610000-memory.dmp
C:\Users\Admin\Documents\GuardFox\RiJfMhqgzUh3Z5yViSx9uvxC.exe
| MD5 | f0444b428fd0b001692a711ba02ae119 |
| SHA1 | 0e751c90fc497db7098b10d0f75154cba141b7dd |
| SHA256 | cdca860aa12a5f312d1b03a3082155426a7337e9036d7a116f93297193b0a67d |
| SHA512 | 1fd2486bc88f3541bfa11636afae398f28ab4087c1a563cb54285860c2108a0628e9376e20977702984285a43c515806cf299045dbfb1a13cfefc3755aab9a18 |
C:\Users\Admin\AppData\Local\Temp\7zS2E6E.tmp\Install.exe
| MD5 | 4ff6983374ea988c3d0731c3fdecdc41 |
| SHA1 | 71dd4e985df673e319b399686658430880a5bdd6 |
| SHA256 | 9d3abb0f8f210fbe8be36394ede30186e56d804e74adccc2643e10b8e2c80bce |
| SHA512 | a0865d37a7bc7dfda8d8091d51d7142f5e8f965a4b5c388692d270cf70bcea93eebd20a50bd303274594d20096c84f0f0f443b4d0bd805b762fe47af0928a13f |
memory/5776-1160-0x0000000010000000-0x0000000010561000-memory.dmp
memory/1056-1161-0x0000000000400000-0x00000000006D0000-memory.dmp
memory/4908-1163-0x00000000052F0000-0x000000000554E000-memory.dmp
memory/5820-1157-0x0000000000400000-0x0000000000574000-memory.dmp
C:\Users\Admin\AppData\Local\Bilisoft DVD Creator\bilisoftdvdcreator.exe
| MD5 | bd5839176877d51355546d1705ab5921 |
| SHA1 | 1c75ee5d78306886835cea0f43973b599600f516 |
| SHA256 | e040498488392f831b3ae860697efbcbca16b3e13925a3447d517b167dc1c139 |
| SHA512 | ae187de56be7b68e26e4af9bc240b80ad0e92f5be7eaffadb78a7562a28419e0134bf9fc407cb13a50591efe62ff688840ac5341fb20402433d5fa12b0e13ae6 |
C:\Users\Admin\AppData\Local\Temp\7zS2E6E.tmp\Install.exe
| MD5 | 1a1008fbd14b5fa69d0c35a5c616cbf0 |
| SHA1 | 9098788bd1ea369f59f79131fb7bc25adf467e7e |
| SHA256 | 5556a0508a633af0987de14a92b27afc185d275031c797e1c8cd5d761225e6e5 |
| SHA512 | 3e70a0bb725c7b3a8ff9e0fb4825e4b7539da6a5af14296754529a15ae7e8bce7272513aa52c904d5ec130715344a2452324c8e2356ec8f240c0afc8e0f288e0 |
memory/5208-1156-0x00000000050B0000-0x000000000526E000-memory.dmp
memory/4908-1152-0x00000000052E0000-0x00000000052F0000-memory.dmp
memory/4908-1148-0x0000000005550000-0x00000000057AE000-memory.dmp
memory/5024-1146-0x00000000006C0000-0x000000000121D000-memory.dmp
memory/4908-1149-0x00000000737F0000-0x0000000073FA0000-memory.dmp
memory/5208-1167-0x0000000004EE0000-0x0000000004EF0000-memory.dmp
memory/5208-1171-0x0000000004EF0000-0x00000000050AC000-memory.dmp
memory/4636-1172-0x00000000023C0000-0x000000000242C000-memory.dmp
memory/4636-1173-0x0000000002730000-0x0000000002784000-memory.dmp
memory/4908-1170-0x00000000052E0000-0x00000000052F0000-memory.dmp
memory/1908-1175-0x0000000000FC0000-0x0000000001E2B000-memory.dmp
memory/4636-1176-0x0000000000400000-0x000000000086B000-memory.dmp
memory/4636-1179-0x00000000055E0000-0x0000000005632000-memory.dmp
memory/1908-1180-0x0000000000FC0000-0x0000000001E2B000-memory.dmp
memory/5820-1183-0x0000000000400000-0x0000000000574000-memory.dmp
memory/4636-1185-0x0000000005630000-0x0000000005C48000-memory.dmp
memory/4636-1191-0x0000000004EF0000-0x0000000004F02000-memory.dmp
memory/5208-1192-0x0000000004EE0000-0x0000000004EF0000-memory.dmp
memory/1908-1189-0x0000000000FC0000-0x0000000001E2B000-memory.dmp
memory/5208-1188-0x0000000004EE0000-0x0000000004EF0000-memory.dmp
memory/4636-1187-0x0000000005C90000-0x0000000005D9A000-memory.dmp
memory/1908-1184-0x0000000000FC0000-0x0000000001E2B000-memory.dmp
memory/5840-1186-0x0000000000400000-0x0000000000835000-memory.dmp
memory/3552-1178-0x0000000000400000-0x0000000000414000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\W33~.cpl
| MD5 | 55d2ba97816766a6f91cd01ecd816fda |
| SHA1 | 2cb9f4449c0d4c349d07168c9b0efef2d203d4f7 |
| SHA256 | db753ee8ad7b837dc71a79d9af9b8c50e29f7290bcb241a479a4af8bdf39a6c9 |
| SHA512 | 8123c0a471089e2b8d1edbaf24ba86def8916cc4bc08209752d5651065dc7884c5416430c36b5326cd2708d5c38a71a3a35b1e4853f45b8b94788f52fe2310c6 |
memory/5208-1164-0x00000000737F0000-0x0000000073FA0000-memory.dmp
memory/4636-1196-0x0000000005E00000-0x0000000005E4C000-memory.dmp
memory/1908-1195-0x0000000000FC0000-0x0000000001E2B000-memory.dmp
memory/1908-1199-0x0000000000FC0000-0x0000000001E2B000-memory.dmp
memory/4848-1200-0x0000000000400000-0x00000000004BC000-memory.dmp
memory/5840-1201-0x00000000009A0000-0x00000000009D4000-memory.dmp
memory/5840-1202-0x0000000000400000-0x0000000000835000-memory.dmp
memory/5840-1198-0x0000000000A60000-0x0000000000B60000-memory.dmp
memory/4636-1197-0x0000000004F20000-0x0000000004F30000-memory.dmp
memory/4636-1194-0x0000000005DA0000-0x0000000005DDC000-memory.dmp
memory/2944-1203-0x0000000002B70000-0x0000000002F78000-memory.dmp
memory/4636-1193-0x0000000004F20000-0x0000000004F30000-memory.dmp
memory/2944-1204-0x0000000002F80000-0x000000000386B000-memory.dmp
memory/1908-1205-0x0000000000FC0000-0x0000000001E2B000-memory.dmp
memory/4636-1206-0x00000000062F0000-0x0000000006310000-memory.dmp
memory/4636-1209-0x0000000006350000-0x00000000063B6000-memory.dmp
memory/5908-1208-0x0000000000870000-0x000000000087B000-memory.dmp
memory/2944-1207-0x0000000000400000-0x0000000000D1C000-memory.dmp
memory/3812-1220-0x00000000027F0000-0x00000000028FC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\heidioFMuhWALl3h5\ZunTSaNJLBVfWeb Data
| MD5 | 52e56086db2ff0f3a865964897f818d4 |
| SHA1 | e26e9edfa76c99ec684665055f99454fd1268f22 |
| SHA256 | fcaf5deea010b7ca2057aeb6888b8fb1e7c991acc7faf0e8a0831461aad0df87 |
| SHA512 | d4ca512aadd699573b726d9c017d20b83babae5d8cc5530fc2207ae0d0ea688be96595d988d67a645e4cc74f387e4c83342ab493249b84f7d99c91039ea1067f |
C:\Users\Admin\AppData\Local\Temp\heidioFMuhWALl3h5\QdX9ITDLyCRBWeb Data
| MD5 | d63e3a8d4109b7212d419e17141dd862 |
| SHA1 | c9637da0763277477e60128ae2cd26fb314fa80a |
| SHA256 | 0cdd05fd9d9515c99e713a0cdf201fae20cd5db884c08a292ce16471725c521f |
| SHA512 | dfee6ccabfe03415bea0d817ac0c393e98b54a0dfff102f0eee21c8e85d903e11a073aa97b7a3e8b95d88d5f86afd4c9782e7618e3119727da1e01d4895315e2 |
memory/3432-1278-0x0000000002950000-0x0000000002966000-memory.dmp
memory/5908-1334-0x0000000000400000-0x000000000082B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\adobeoFMuhWALl3h5\information.txt
| MD5 | 2dd598062d27f34776362a43129a1d4f |
| SHA1 | dc935e69097e539c945ad9e186f7abeaffd2673f |
| SHA256 | 68b9c8ea733be2dc7a8dcd30067e3061e810b842552c661c510fce26e24f4748 |
| SHA512 | 3f5b7a6fedb858f93061ac59221ffc333b0ccc079de6c3bd22c77a363bce42f7d74f9700a7822071b048d0d515b9ffdce5dba326306f9c7fb00feba61cf63474 |
C:\Users\Admin\AppData\Local\Temp\heidikS9U5BJECqRe\Ei8DrAmaYu9KLogin Data
| MD5 | 0a9f118066fa5a2dd17e8a13a6b7bd80 |
| SHA1 | 637412b0e94520052c2fdd8d7b1efbf335d7c2be |
| SHA256 | c8662ae5a72380a0a23a5491309dc8fd39977202ed5f416138bc9a4a9d9e3506 |
| SHA512 | 336d680428972076138f82e497fa1f04d9e0b27891eb8c7bbc7674b14707aca4e730018bad1786fb63bafa717e71fc159920e1a7d396ae13dc7b10c8a0680273 |
C:\Users\Admin\AppData\Local\Temp\heidikS9U5BJECqRe\o0qT3dWYBP7ZHistory
| MD5 | 782d5861e0647a31945164efff3b871b |
| SHA1 | 7f3652de374d5b5df77e0b305343a4fabdea0b33 |
| SHA256 | ec32ccebb243117180a5b7fa48e4a9af699a962c391d3fb0258315edc42dfbe5 |
| SHA512 | 2da06add274d6afa0bca369b61ed19f6e5e17c1293460546023d5f171c71c4343e2725b330f0dd01bb7257a1a8fc8433dbc03608ec731b69af4db0475a25127b |
C:\Users\Admin\AppData\Local\Temp\heidikS9U5BJECqRe\D87fZN3R3jFeplaces.sqlite
| MD5 | 5f7f607f9b2733e49e78e9fc850a0cf0 |
| SHA1 | cdcb3e6aaff2fb9dde685744abcaea76283f4118 |
| SHA256 | 70a4582f079ba876a147847251a7575e6c310b0a780fec4251a996dc23fdaa68 |
| SHA512 | 700214051eee83e9aa853cd5b1674495b1425a61468aaaf3c492fa6803f7a9b82b48c4b2a738f2e10c8c5c49423a85ab50be8d8b821a034ed57d7bb08e472ade |
C:\Users\Admin\AppData\Local\Temp\heidikS9U5BJECqRe\02zdBXl47cvzHistory
| MD5 | d2b2cf945444800060ee6864bdd3db03 |
| SHA1 | 7931847ca8f922e18ce7d9a505847658cc9a53aa |
| SHA256 | 44365c2e9bf4b3e9dd89d88ce7e606577a0b4194f890686a4bbfb2ed57e7ecd3 |
| SHA512 | b53315e10b66bcfdd577eb3911dbbe0ccbe4c22e9296bab56610b3290a64bf4a9d0bf82b24950668058568ccb15e6672533e443532adacf176ccf54fb5b06e42 |
C:\Users\Admin\AppData\Local\Temp\adobekS9U5BJECqRe\passwords.txt
| MD5 | cb415a199ac4c0a1c769510adcbade19 |
| SHA1 | 6820fbc138ddae7291e529ab29d7050eaa9a91d9 |
| SHA256 | bae990e500fc3bbc98eddec0d4dd0b55c648cc74affc57f0ed06efa4bde79fee |
| SHA512 | a4c967e7ba5293970450fc873bf203bf12763b9915a2f4acd9e6fa287f8e5f74887f24320ddac4769f591d7ef206f34ce041e7f7aaca615757801eb3664ba9a4 |
memory/5840-1360-0x0000000061E00000-0x0000000061EF3000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\adobekS9U5BJECqRe\information.txt
| MD5 | a5b35a752e12dcaceabe6febbea719d2 |
| SHA1 | 0af15538641253a5efc63a1f9e7e2182e0e77f99 |
| SHA256 | 5f1b679b62136eb68e7e90df7930209d497a38c4cf7a28a1c2ea848fa0730f5f |
| SHA512 | 659d483fffd61b6c1cdf5100e17ab3ceea1a4418a632401692bfea5341ceebb294a6cc727b5a94fb55cab6b6520fa6e7a65229dd812cc1cf00c036da2bb27c08 |
C:\Users\Admin\AppData\Local\Temp\heidiZA2xDTPixg46\02zdBXl47cvzcookies.sqlite
| MD5 | e9cdeb0d98909a7a7f24c7dbd3fa4228 |
| SHA1 | f9a96e1ff2a0a373c345e2c7c8bcf419e310fc7c |
| SHA256 | fc7d27a86ff1a7069c68407aa48408cb80233137b34811bb4b3ea17dd20a1d7f |
| SHA512 | eb6c5a42ce5fe69e3cb450fb6662d657ded75f864c144a46b6459d1d4a0d7c472235c8d91e3cc18e77d123c9655124b2c4f80f57c606ddd29d6bb8704f48e7d4 |
C:\Users\Admin\AppData\Local\Temp\heidiZA2xDTPixg46\l6w3NVXsgpmDCookies
| MD5 | 49693267e0adbcd119f9f5e02adf3a80 |
| SHA1 | 3ba3d7f89b8ad195ca82c92737e960e1f2b349df |
| SHA256 | d76e7512e496b7c8d9fcd3010a55e2e566881dc6dacaf0343652a4915d47829f |
| SHA512 | b4b9fcecf8d277bb0ccbb25e08f3559e3fc519d85d8761d8ad5bca983d04eb55a20d3b742b15b9b31a7c9187da40ad5c48baa7a54664cae4c40aa253165cbaa2 |
C:\Users\Admin\AppData\Local\Temp\heidiZA2xDTPixg46\KvHrxJ77cmUgLogin Data
| MD5 | 349e6eb110e34a08924d92f6b334801d |
| SHA1 | bdfb289daff51890cc71697b6322aa4b35ec9169 |
| SHA256 | c9fd7be4579e4aa942e8c2b44ab10115fa6c2fe6afd0c584865413d9d53f3b2a |
| SHA512 | 2a635b815a5e117ea181ee79305ee1baf591459427acc5210d8c6c7e447be3513ead871c605eb3d32e4ab4111b2a335f26520d0ef8c1245a4af44e1faec44574 |
memory/1908-1363-0x0000000000FC0000-0x0000000001E2B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\heidiZA2xDTPixg46\oOPEmFmu_xsJCookies
| MD5 | c9ff7748d8fcef4cf84a5501e996a641 |
| SHA1 | 02867e5010f62f97ebb0cfb32cb3ede9449fe0c9 |
| SHA256 | 4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988 |
| SHA512 | d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73 |
C:\Users\Admin\AppData\Local\Temp\heidioFMuhWALl3h5\69tBes7MHPQlg__vJDqM.exe
| MD5 | 0b58cb0fc0c1f313a2b0ef2f2045a072 |
| SHA1 | 5b574b046c7eef806568b376463fff6816f90ca2 |
| SHA256 | 174251b648fa853fcbc42802e583c6ab5612012e0c68fe3022ada7003d7b34f4 |
| SHA512 | e7501597b602d45797312b271868376beb918e059772dc809d0d18f7a40388ab83072508eaca6ccefcacb9287c6bb72b3313f58ed53edc53838b836c2f91040c |
C:\Windows\system32\GroupPolicy\gpt.ini
| MD5 | a62ce44a33f1c05fc2d340ea0ca118a4 |
| SHA1 | 1f03eb4716015528f3de7f7674532c1345b2717d |
| SHA256 | 9f2cd4acf23d565bc8498c989fccccf59fd207ef8925111dc63e78649735404a |
| SHA512 | 9d9a4da2df0550afdb7b80be22c6f4ef7da5a52cc2bb4831b8ff6f30f0ee9eac8960f61cdd7cfe0b1b6534a0f9e738f7eb8ea3839d2d92abeb81660de76e7732 |
C:\Users\Admin\AppData\Local\Temp\adobeZA2xDTPixg46\screenshot.png
| MD5 | 40348141b39c7ebf608bacca472f8325 |
| SHA1 | 2d619cbab863c4f19b29d2a5964f2ea3091e595f |
| SHA256 | a2c583d05f34119e1d5f1cb88f2a2bc7e6ca80d7b7df0f7e41c87ff97a409dff |
| SHA512 | 686ef5bdd594270c3e580dee5fe679f81aa39ae95b1cd2c9ac82590b08c4489d3acc68467f5f2b74775aec58974150d9499b26d584ec539ac5f54ba512fb22a7 |
C:\Users\Admin\AppData\Local\Temp\adobeZA2xDTPixg46\information.txt
| MD5 | 4191e09542fb7ff71daab35cd5c9dbe0 |
| SHA1 | d6c2af7fed00c7c092d370da06b862c0733044ff |
| SHA256 | 2d62043bca13b7068ed94d7738648c2deb94e454ef770a5f246833e3b483f410 |
| SHA512 | d58de21c0a86cd9d796ca68db2daded4f675f7d5d2a62dbdb90139d9d64d0cdf946ad5bc657f2ede80b8dad5a8d62aa47bc24266d44323f32ae7a2558b1af183 |
C:\Users\Admin\AppData\Local\Temp\heidioFMuhWALl3h5\69tBes7MHPQlg__vJDqM.exe
| MD5 | efca8ccfaef74f399088cee80358901c |
| SHA1 | c900d24f70f7da944cea3d05da6ebaa0e68583a5 |
| SHA256 | 87275e5c06cde7c7cf5ea79b3fadcd211a7539cc2b7cf938bbef2d300a2d76f2 |
| SHA512 | fc43b551825ff573a715d97d72aefdd6465e8b2473633445ce78352a5cad08dff574d8f0c552f7b2846ac43af764409cf54442ffcaa1ef385e36cbf5cc786a19 |
C:\Users\Admin\AppData\Local\Temp\heidioFMuhWALl3h5\69tBes7MHPQlg__vJDqM.exe
| MD5 | 8c89c13405ca1a69054d6a9e4f39f883 |
| SHA1 | fe06ac96a5d0ea83ef3c6c4b49895f2cbb0ad37e |
| SHA256 | a5f24294202320d9f9c60b52a01184885f391427b368edff31e0a0b1620ba2d8 |
| SHA512 | 50047e50ebeca08bb9ea8d3d208bd4b1461e286fc1e9c0e8aa2cb261bd34fd5b5897f8d5ae27e5318751e83aa2a20211325db12966610a88e9e8781c4d8f8172 |
C:\Users\Admin\AppData\Local\Temp\heidioFMuhWALl3h5\Rv1GAq8Qd0adgvvVwS6D.exe
| MD5 | b7c4de5ff03cb880a1c2c25a6864943b |
| SHA1 | 10adee1f6578206ac6e21f6a1c53d81b80a57aee |
| SHA256 | 9d18f979e75db0bf0e44cd35bc51db9667e174b8b961b6746d500d5269a61301 |
| SHA512 | 26f6e44fcbd55e14cc8cea060a0b997d44fd941b3b5f1d16449b27106ebd193daf2fb71a7dcccd3253b1c73c7020fe8bb1427940cb94f356ad510df361cbdd9f |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe
| MD5 | a5ce3aba68bdb438e98b1d0c70a3d95c |
| SHA1 | 013f5aa9057bf0b3c0c24824de9d075434501354 |
| SHA256 | 9b860be98a046ea97a7f67b006e0b1bc9ab7731dd2a0f3a9fd3d710f6c43278a |
| SHA512 | 7446f1256873b51a59b9d2d3498cef5a41dbce55864c2a5fb8cb7d25f7d6e6d8ea249d551a45b75d99b1ad0d6fb4b5e4544e5ca77bcd627717d6598b5f566a79 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f246cc2c0e84109806d24fcf52bd0672 |
| SHA1 | 8725d2b2477efe4f66c60e0f2028bf79d8b88e4e |
| SHA256 | 0c1014ae07c2077dd55d7386cc9cf9e0551be1d67fe05a6006957427ae09fec5 |
| SHA512 | dcf31357eb39a05213550a879941e2c039ec0ba41e4867d5d630807420f070289552d56d9f16c6d11edcdb0f9448bf51e7d2e460e88aa9c55a5bfe5d8d331640 |
C:\Users\Admin\AppData\Local\Temp\heidioFMuhWALl3h5\Rv1GAq8Qd0adgvvVwS6D.exe
| MD5 | 4319f8160318bc29ed7cc08404985355 |
| SHA1 | 4c164268095568886155d7803134e5a3918d07e3 |
| SHA256 | 76171d8fd99e4132535ed5f8684991ac7782a93e593c4b531391ab22d685ba9e |
| SHA512 | 3a4ae28581f30c10ab1f6da744904ab3a8437032af9b62dbd0614d90bd2c03722dc9e54fef4bac97e641bc45bf5700e79ffaa93a5ef645111845f6f1e212f7c3 |
C:\Users\Admin\AppData\Local\Temp\heidioFMuhWALl3h5\Rv1GAq8Qd0adgvvVwS6D.exe
| MD5 | 5b5e6b1b54de43caf3556e4468e3c67d |
| SHA1 | b7b4c8f3d9c39a766374b4f12fe6e0bf60c12b10 |
| SHA256 | a5c0b3260f45b6050d0bfb5c18a2281602e66e5cbb7f76892a8611891d2fcfce |
| SHA512 | dab4b31c023a7b50693a8ee7766398d7e573fd125937b771785927da04a92b6daef133d984b90d5131be9d5021eac904ab1641ed134dc30a12461f2ba049e91d |
C:\Users\Admin\AppData\Local\Temp\heidioFMuhWALl3h5\Dx41jSF_9DfH9NuYSJP5.exe
| MD5 | 71cfc62268f778ac4c84c95c1cd16082 |
| SHA1 | 8b43f675b3868d672ce637c5003d0908b3299c65 |
| SHA256 | 0a1985354ddace67b98fb091c47362e850c25009980af98fdc80eab4c7ede95a |
| SHA512 | 3814bc122f7682abc6c65f8f7d3d839dbfc5a9e9ad498d2282ed5be6ee10bc801bc219020071e17deabca93733c8d3460d5f8b4b43af345d58b0ea9f1baad067 |
C:\Users\Admin\AppData\Local\Temp\heidikS9U5BJECqRe\hEnD_vsue8qWbjC9bU0U.exe
| MD5 | 7d45ec4b0fafdd170f9c84660973fc46 |
| SHA1 | b0535921fb301d7ed0a8f0627abc5d907933e186 |
| SHA256 | fce8ec7962c7d787d234faa077530aaf5adca1877a5cd647910b332f7adb95e0 |
| SHA512 | 0c0e45c7232ae7a96cdc45e58c16edd9f14e5a7e87ee1c602eff63ee0bc3657b012f56daae8d10805a29b75ab48fb85b049629f554cdf4afe00f64e4812c8e82 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 18c10ac3a6bea6249cdfd1a0a45216a9 |
| SHA1 | 2e1c348663f0bd8098bf0c30adfd562e26c5e82f |
| SHA256 | 7190686c0f863a978e5ce7960ed6f7aff62716e8c501dadddf4b0a5ee9f7d421 |
| SHA512 | b01a7f8b8046631cf842bc2cde6fe3ed96e7d5802da8208b4816ca5785e3ae8656c20900481e53938bbfdb62bcb7bdac0e1653ba6621d318cfd151d307b3de97 |
C:\Users\Admin\AppData\Local\Temp\heidioFMuhWALl3h5\w4bqavvZtFL1zPmzJM0s.exe
| MD5 | ea86ae26bdc4c608aa3b1e25c5d24b91 |
| SHA1 | dc2e7c332460e6c627f2afedf6b533dfd48142ad |
| SHA256 | 14b60f2d8deea91cf183898efe410fc8a7f0034573006a7337af1a3d96d6db48 |
| SHA512 | 46a43f8228cc5e77c2769a0dc938350cf0ae3218ec2b538d8a5b01eb8bc9bf044799412dc509c9cd4502b0b66cec4fd0822cc3ac9adbdd1f14392070c78face6 |
C:\Users\Admin\AppData\Local\Temp\heidioFMuhWALl3h5\Dx41jSF_9DfH9NuYSJP5.exe
| MD5 | 703340b1a106f5952958dfaed1ac0e85 |
| SHA1 | 01d0fd7f32b29afc2f81515ab4c346b25a389dba |
| SHA256 | f4398d9c9cb359c3ad5e6d15bdd3ef419a126a436962d81ac54c026474541436 |
| SHA512 | adf61d213016f7f477981b521bc63baff5c31f6df466adad8630b4782211ee8b187f556a36cecb98bee078300a438851fefd23b1800caae2f15bcb449e2f4cc5 |
C:\ProgramData\mozglue.dll
| MD5 | d9dbcea2f58fbf95c4320562b2a7537c |
| SHA1 | c49dab9b99f05d9e443c40403cfad074abbaf957 |
| SHA256 | f51a6bcef3e79e9f0dcfbea395d2d4244bac17313b568e3ec75022c00ae1bdeb |
| SHA512 | 5b94cf9d3cfa1c46b1ea060041cb40895991883063165fb9b7767445b87029928edfd6c1d1df19f0a799e3556ec14b68d40ec2c1ed8064529b95f062bf15de5c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ebf6c114b422ef0e250a0737cde988e5 |
| SHA1 | f4a9a8947f369a6cac4b9e575656417d0bbb11d1 |
| SHA256 | a5022dd14233abca278a1c23abf1c547b6b9d209d079ad347d52b1288b4863e5 |
| SHA512 | 9833d0ea4810fe8d7aa2c95374698c2eb348d03236b9d1bd4ea047479865becc000fa388f4efe850f9276c31282f6f2cb9b7f9c5b19552dc19e8af63e2efcc27 |
C:\ProgramData\an.txt
| MD5 | bf8564b2dad5d2506887f87aee169a0a |
| SHA1 | e2d6b4cf90b90e7e1c779dd16cbef4c787cbd7cf |
| SHA256 | 0e8dd119dfa6c6c1b3aca993715092cdf1560947871092876d309dbc1940a14a |
| SHA512 | d3924c9397dc998577dd8cb18cc3ea37360257d4f62dd0c1d25b4d4bf817e229768e351d7be0831c53c6c9c56593546e21fd044cf7988e762fb0a04cd2d4ec81 |
C:\Users\Admin\AppData\Local\Temp\heidioFMuhWALl3h5\qZfCGyhKeeOAN_r2hOiq.exe
| MD5 | 98072d5ea8da1a617e4b32729c64259e |
| SHA1 | 5ab7c107f80f4adbb33452e8e07653b114b1bd0d |
| SHA256 | 1915c73fabd73f8bb0b39da9a63f4704f9dbc781cdf876a0825c30fa50068c07 |
| SHA512 | 31866762456ed56579c0462313afeab5be0f1e81f3309deb9316f9e2c857011b1e7bc34742ef22d4bc301bff43efee5d967dc1d93799eba2fcf0163de3bd9c23 |
C:\ProgramData\symbol.txt
| MD5 | 31d752fa13b4d1fc7b7b4747a3f6d3f9 |
| SHA1 | eaafd280b2ea187f078674b9a1d5a8206ccf4a13 |
| SHA256 | 52dbabcdebe38f3e19e9071d6796fe49f1463f03d2d82064aab4a10bfbd4dddf |
| SHA512 | ed402d201b19c9edeeefa17d2f82a480b8d16ce3235668a91bdd0e6f3b59cbb55bc7119a272c34d1c4e88999b6fe08697d65d65e7b4de44c197e57f2ff44f079 |
C:\ProgramData\CENTEURO.TXT
| MD5 | 3ea4a9a2765040c721374ccbb8e7bd59 |
| SHA1 | bae4c79a9e9c27cbb7308bb364f69566387cce45 |
| SHA256 | ae8fdf0311fe249ee1a3e08fe36c394ca2da791c622b665ddebcb623ac248903 |
| SHA512 | 1a86665a081c73d170ac6ba9a3abfbedecd71557b274d99e254a446e852e6c62cc0bf383eeafbfc1722f63af65b4e4bc73f9e0ebc6fd790317b08ffd488be289 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\datareporting\glean\pending_pings\e4c126be-7958-4389-8cc7-233755ad8642
| MD5 | 0753a508c74de3f8ef348b111117a0b5 |
| SHA1 | 0f2ea0025149dc4c490f3163a6f8f88cdaf920c7 |
| SHA256 | 774b7cbec1ff6e41ee4242840f791b22fc7010d9f5678300630ed4c52e61203c |
| SHA512 | a04174aabe23a326af532564c6097c93b4ad2ed53e9b1fd6ee5189d5e05cb6699cce5b520e18c9284e6c6b2c8bf52e8d5a7c6fc893ba724ff802ae3d0c7da481 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 1fe5036c5de4461a7ecf8ff288fdc193 |
| SHA1 | 8baa8fda6363730ebfeb7682e3362fd44977712a |
| SHA256 | 8c96bed3f74d4b06ee76a1a09dd67b5d392212f1bc23a389d46842f91102b922 |
| SHA512 | d5df35932911caece7e1008822e0972eb0bfa83397502df82ef38e7a949bb6f027303ffdb3380a145ce0b57493496f8ba7c1b5c71baa285967eb918280e5cd53 |
C:\ProgramData\CP1250.TXT
| MD5 | 3c9476725fbfeeffb9f549d995ee2815 |
| SHA1 | 8e2502eb4fc5137ae6e776d1f1804a3afb6eae31 |
| SHA256 | cf79ba755416ae5628a9dd1f870306b5a45fd6b256efed0c2ac1cc2ccb3307f0 |
| SHA512 | ff35c0a6a878c303567d957c0e465cd9bcd0678c1be3953b3438c686b4f739fb6f47a465465119b474d468d46b19397955e688fc2b92f71abbec276be072f5c8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 9d3ae693c5705417954d29dff633e870 |
| SHA1 | 087c0881babcf994ff10de56bec9706cb9efd108 |
| SHA256 | 24c82c9a1ed44a6a2302c4f4bb785514d784119ea6ad846c041de1b12de1944a |
| SHA512 | f98d9df4424ed14799b8afd4b9c65e1a43a4ab9cdfe56fc9356a6e3cf8c609bd80edeaaff3e2fac99192fc404d8576a2756f710e35c0d52a5f34690b704d7eb3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 11989b4d522beccaf2cb5f40cf4a99da |
| SHA1 | 6df9c98b78fc8363f39662e06761a6ccf2edc5c7 |
| SHA256 | 925095982e58d85de4c88d670bbebb5cd727b94a5ca2bb16e9171dfa0d35a2d8 |
| SHA512 | d1c6f2a7b675daf6b68d6a14f217f43eed1bdc97fcc023097e647d5ce040b7c70dd3ad23232765805977e6f21b4cbdc16bad8e33781c840e2961065e6013b87b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 86f8b088e76da76e7e773ed1210b80c5 |
| SHA1 | f04508af8adfaf95233d0c79959f8ce3882a6513 |
| SHA256 | 1a670fa4ce7342a6f94cfc8ddab997bf1a01f658e53e0bb9d76dfcd97f976d55 |
| SHA512 | 4c85d4278801efa5668bd12368220d346ad6b4081805001029822f4a07504993af6e5254372e0935970ba9e2a2c6b233f9d7a3804ccba790f8e28ae1caee2b7a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\prefs-1.js
| MD5 | 959199e2608ec248fa6ed2d416943532 |
| SHA1 | 7c1726124ca341bb5b8463f7949d038428aacc97 |
| SHA256 | 7716950719ef945f50c9603765280ac2ccd0b24d225d82cdee172333927fb238 |
| SHA512 | c92a22f3074b48b929a805d6ad6c8315589ead2fa73f6df7add15c994f39b98bced2767125c6c8c09cbe7520adebcee24f6e8e4a6666338f70e932909933c6b5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7e9d7349f1813ae842c82b79415ebc45 |
| SHA1 | f9097e1e88e1e60690ccb272447b25d933bb782a |
| SHA256 | 343d701a46841898e8b401b3d96174d5d771e2db6b896b36053a6305874f8948 |
| SHA512 | 72ec2aac251e9caf4979ea4647799f7cbecbc16beb21ed5a824d677b1e80dd2dc390ae17e87e8aca6339cb335f744c41b77680becf51cb0677d8c47717177a5b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | d953520eef04a7f704dfe97db53f6a7f |
| SHA1 | 55e37085e46991e0aeb58b2cc0dbc1a3c3c04e39 |
| SHA256 | 7b14abffd2823cb808b20be179788d4ae316533eaeb954fb0c0fbee8f9fe0f47 |
| SHA512 | 630b0cf4ba960966d41b512868e6ec54db4e270fe936a2ad8ff80ab7b7cc9b021c6b7eeda83744602edcccaeb3893f87a2b2270b8ca8ba9c409e98036d5b0b85 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\prefs-1.js
| MD5 | b21c237ad1df9561e624b4b086cbde99 |
| SHA1 | 5e902e6b81297f1635d9d5a3ce02ee00b4b02f12 |
| SHA256 | b434e4638664e5a2cca408055d00bf906f40baf6241e6a5175a91c61de583a4d |
| SHA512 | 325c2ab477e322b6a5ad881235a3c3910ffcff21ab7e921b3430771c25fe3a08ef467ced556a5a3ec18acc44b8a93fc087b6e20f364076d7832bedd7b8b5e4f0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\prefs.js
| MD5 | a51ac00e563ddd97222f48033ffb65e1 |
| SHA1 | 70d276b3186dd4407c55070b693c28236a83608e |
| SHA256 | 163d23596dc4d3596d584460a0e3d68ddd0c6c165ce0ed13f7a4da8593e5208d |
| SHA512 | f24a831454fd550371f415b901ec37c9dbfd54f64c598f460e3baba8a3b7981aa6da80791e6ff15818946e802e333922f6565962d3867ec9d8cccdd985eb322f |
C:\ProgramData\Are.docx
| MD5 | a33e5b189842c5867f46566bdbf7a095 |
| SHA1 | e1c06359f6a76da90d19e8fd95e79c832edb3196 |
| SHA256 | 5abf8e3d1f78de7b09d7f6fb87f9e80e60caacf13ef3c1289665653dacd7c454 |
| SHA512 | f2ad3812ec9b915e9618539b0f103f2e9acaad25fbbacd84941c954ce070af231324e83a4621e951c1dbae8d40d50410954e40dd52bbd46e34c54b0d1957407b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 632408f0162df619d2694aecd7d7c01a |
| SHA1 | 39623a52bc3e92f7466f2e6fa3beb4e14103cd6b |
| SHA256 | fd38197fb101a8d8f0f0b171a309df09e58e8b32d46ded13c731293bdd8afaec |
| SHA512 | 4e280df472cef4fe209041f8e172cc7f5cb4727b449f7a387a6ea59c4b79f8c5e1e7c09674f0f6dc6cd2ee992ca52d9647769a7d6edf694853e36fafad55d02c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d4ab056f70e17f37e36d1c407dfcee57 |
| SHA1 | 6e64f2843e465a4b896b9e17d050ed53f59b8dc4 |
| SHA256 | a92c1cfc04e06e2c72b3fa3c50d80c5f74b1140c6057c74a2960e970ea608cd3 |
| SHA512 | df83b22cdc02796c924020411a8851ddd0d9fd9a131502382ea43a760d088c2d5c02fcb6d69864cb308a4a0da80b4794319e92588647e49f6e615729cbf5587a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\prefs-1.js
| MD5 | 65af392a2b28859e6c3f0439ce3e71b8 |
| SHA1 | 3eeaa015b43a91e494139f05f02500fc6fe170d2 |
| SHA256 | 95bfd66d4405a4b811be464209481c87b490b6341c0ee896c893014fbf4a09cc |
| SHA512 | 3d488e28b211a64cd586b18c392e8a5fcf3241a6e456a7bc57faa7b0521c4e7d404dec4eb325ae12bd6601b55ece2f4beb118e961a3290b03471add9726ee5ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 5e62a6848f50c5ca5f19380c1ea38156 |
| SHA1 | 1f5e7db8c292a93ae4a94a912dd93fe899f1ea6a |
| SHA256 | 23b683118f90c909ce86f9be9123ff6ac1355adb098ffbb09b9e5ec18fc2b488 |
| SHA512 | ce00590890ed908c18c3ec56df5f79c6c800e3bea2ad4629b9788b19bd1d9e94215fb991275e6ec5a58ac31b193e1c0b9cbaa52ff534319a5e76ec4fc8d3ba54 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6df907d630efaec02fc62e1d0a9172e6 |
| SHA1 | 634c96855ae96c59957fb05ddf85e26a303bc72d |
| SHA256 | a0c01ac70e45f11aa30212a2821a06ca4e9ee2f106bf2510d7816b598159480a |
| SHA512 | 976d3448854f2eaaf7c7e08274e46d8f42803e99a2fab794da063ab3339711f20fc66c8b195e6b1e2b6c7075bd5b86ad1c8ab1a93ee15871b66914ea71fb40c0 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qmjs2eet.default-release\cache2\entries\F96A1A8368D3C3DD1FA81D170326E6C1C65D342F
| MD5 | a074414e97d3c32159adc8497a9a685f |
| SHA1 | 10d10a710c843bac79953eda11d62b204cd23d4a |
| SHA256 | 7dce1dfb67ae428b128c12490e37f381d9dafd2c23d61ad05380ccff617bfda0 |
| SHA512 | bee386cec1a64ebb1c22de0d7a5e4678404d797038caba519172d18172d9368540843139e8717faba58400870b9908f8e81d52ffc5f73303ddcd5692252f2e16 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qmjs2eet.default-release\cache2\entries\2BB62A5F508187291BB477E79601AC81B652604E
| MD5 | d69b56b89c9275f80969fad4a201b1af |
| SHA1 | 62c9ce249ee8532b7dc39253812da1b24ddb0aa4 |
| SHA256 | 19eb088fee993713944c00734d227fd32f9e0eee54fe53737ae48e6650405336 |
| SHA512 | f4adbd52e51269e503836bc7e960489c7e7b3450c147f70835fbb13be2f12f2d4c0905e110223d1a7438ddda44a6c3ccd5f859e29145c390489d1ceade4ecd8b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 768bcd6069e1effe8160fe13450e7590 |
| SHA1 | 715976bedc26c1c32e1a9f268fc844ce5d747df6 |
| SHA256 | 9aaf82af23373ddd02f51c7e5cedd6154736ae4cf77d79c3a3d57b8cf9259fad |
| SHA512 | 130ee4a823779c0bb1b724a2dc6545b6ff06055815a8e3e895170bec9628421bb97ea55ec01d50306e1e1bf00d1fb3265535c340ebc2212797ea83ef9f8fb9d8 |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_4nmotwjk.1mu.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |