Analysis Overview
Threat Level: Known bad
The file https://cdn.discordapp.com/attachments/1208444619663089697/1208444676768669726/file_release_ver2.rar?ex=65e34ece&is=65d0d9ce&hm=3f44e9e36f0fdcd9569f7df0f58b8bb1e860291dfb086ad34f9fcb6518cebc66&?space=file.zip was found to be: Known bad.
Malicious Activity Summary
Detect ZGRat V1
ZGRat
Stealc
SmokeLoader
RisePro
Downloads MZ/PE file
Checks computer location settings
Executes dropped EXE
Reads user/profile data of web browsers
Themida packer
Looks up external IP address via web service
Legitimate hosting services abused for malware hosting/C2
Drops file in System32 directory
Program crash
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Creates scheduled task(s)
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-18 10:26
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-18 10:26
Reported
2024-02-18 10:29
Platform
win10v2004-20231215-en
Max time kernel
150s
Max time network
155s
Command Line
Signatures
Detect ZGRat V1
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
RisePro
SmokeLoader
Stealc
ZGRat
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\virus\setup.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\virus\setup.exe | N/A |
Reads user/profile data of web browsers
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | iplogger.org | N/A | N/A |
| N/A | iplogger.org | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.myip.com | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | api.myip.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\GroupPolicy | C:\Users\Admin\Desktop\virus\setup.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy\gpt.ini | C:\Users\Admin\Desktop\virus\setup.exe | N/A |
| File created | C:\Windows\System32\GroupPolicy\Machine\Registry.pol | C:\Users\Admin\Desktop\virus\setup.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy\GPT.INI | C:\Users\Admin\Desktop\virus\setup.exe | N/A |
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Documents\GuardFox\efrL7m1yzZ3LOzzGPjHl8lah.exe |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\virus\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\virus\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\virus\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\virus\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\virus\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\virus\setup.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\virus\setup.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1208444619663089697/1208444676768669726/file_release_ver2.rar?ex=65e34ece&is=65d0d9ce&hm=3f44e9e36f0fdcd9569f7df0f58b8bb1e860291dfb086ad34f9fcb6518cebc66&?space=file.zip
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc18ee46f8,0x7ffc18ee4708,0x7ffc18ee4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,12511710587840096954,15735204840950428004,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,12511710587840096954,15735204840950428004,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,12511710587840096954,15735204840950428004,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12511710587840096954,15735204840950428004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12511710587840096954,15735204840950428004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,12511710587840096954,15735204840950428004,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,12511710587840096954,15735204840950428004,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12511710587840096954,15735204840950428004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2136,12511710587840096954,15735204840950428004,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5436 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,12511710587840096954,15735204840950428004,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5764 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\file_release_ver2.rar"
C:\Users\Admin\Desktop\virus\setup.exe
"C:\Users\Admin\Desktop\virus\setup.exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
C:\Users\Admin\Documents\GuardFox\k8lcuL1IDyMDzXQcF1m7GXz9.exe
"C:\Users\Admin\Documents\GuardFox\k8lcuL1IDyMDzXQcF1m7GXz9.exe"
C:\Users\Admin\Documents\GuardFox\efrL7m1yzZ3LOzzGPjHl8lah.exe
"C:\Users\Admin\Documents\GuardFox\efrL7m1yzZ3LOzzGPjHl8lah.exe"
C:\Users\Admin\Documents\GuardFox\AMov_XjyPuWDzEUFSafO3_zp.exe
"C:\Users\Admin\Documents\GuardFox\AMov_XjyPuWDzEUFSafO3_zp.exe"
C:\Users\Admin\Documents\GuardFox\4c5oGWmByjGhpIuFpxUzXB0x.exe
"C:\Users\Admin\Documents\GuardFox\4c5oGWmByjGhpIuFpxUzXB0x.exe"
C:\Users\Admin\Documents\GuardFox\7PFTksHTc83yqPSjqy65fPDA.exe
"C:\Users\Admin\Documents\GuardFox\7PFTksHTc83yqPSjqy65fPDA.exe"
C:\Users\Admin\Documents\GuardFox\vPiqCFCtgkl0Q744H8997VED.exe
"C:\Users\Admin\Documents\GuardFox\vPiqCFCtgkl0Q744H8997VED.exe"
C:\Users\Admin\Documents\GuardFox\gpso7hLvmlZX3s1RzuizlacQ.exe
"C:\Users\Admin\Documents\GuardFox\gpso7hLvmlZX3s1RzuizlacQ.exe"
C:\Users\Admin\AppData\Local\Temp\is-O5VIP.tmp\7PFTksHTc83yqPSjqy65fPDA.tmp
"C:\Users\Admin\AppData\Local\Temp\is-O5VIP.tmp\7PFTksHTc83yqPSjqy65fPDA.tmp" /SL5="$40330,2835161,54272,C:\Users\Admin\Documents\GuardFox\7PFTksHTc83yqPSjqy65fPDA.exe"
C:\Users\Admin\Documents\GuardFox\LMXJ5Y_2qjk9nh4xqGP17Wj0.exe
"C:\Users\Admin\Documents\GuardFox\LMXJ5Y_2qjk9nh4xqGP17Wj0.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 60 -ip 60
C:\Users\Admin\Documents\GuardFox\DaxvN2uXGf04aiqVzIDIw5v6.exe
"C:\Users\Admin\Documents\GuardFox\DaxvN2uXGf04aiqVzIDIw5v6.exe"
C:\Users\Admin\Documents\GuardFox\QFQcijcn_WLqo7kgBLWc6iuB.exe
"C:\Users\Admin\Documents\GuardFox\QFQcijcn_WLqo7kgBLWc6iuB.exe"
C:\Users\Admin\Documents\GuardFox\T_nBxVA5LbSqvAmBfv_F_L2u.exe
"C:\Users\Admin\Documents\GuardFox\T_nBxVA5LbSqvAmBfv_F_L2u.exe"
C:\Users\Admin\Documents\GuardFox\UemN7VR4z3aZcgCq0XldbxiR.exe
"C:\Users\Admin\Documents\GuardFox\UemN7VR4z3aZcgCq0XldbxiR.exe"
C:\Users\Admin\Documents\GuardFox\IZwLbPG0F7dGY31oT83_94XU.exe
"C:\Users\Admin\Documents\GuardFox\IZwLbPG0F7dGY31oT83_94XU.exe"
C:\Users\Admin\Documents\GuardFox\fA3qSoZcBqD8MrIttNSRwd_5.exe
"C:\Users\Admin\Documents\GuardFox\fA3qSoZcBqD8MrIttNSRwd_5.exe"
C:\Users\Admin\Documents\GuardFox\aXyCiRW0QrDcNIp3iquGrXan.exe
"C:\Users\Admin\Documents\GuardFox\aXyCiRW0QrDcNIp3iquGrXan.exe"
C:\Users\Admin\Documents\GuardFox\y4MzC_GFFfKbk0AhDwzPPJqS.exe
"C:\Users\Admin\Documents\GuardFox\y4MzC_GFFfKbk0AhDwzPPJqS.exe"
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 60 -s 740
C:\Users\Admin\AppData\Local\Temp\7zS672C.tmp\Install.exe
.\Install.exe
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST
C:\Users\Admin\AppData\Local\Free Disk Burner\diskburner.exe
"C:\Users\Admin\AppData\Local\Free Disk Burner\diskburner.exe" -i
C:\Users\Admin\AppData\Local\Temp\7zS7882.tmp\Install.exe
.\Install.exe /Adidx "525403" /S
C:\Users\Admin\AppData\Local\Free Disk Burner\diskburner.exe
"C:\Users\Admin\AppData\Local\Free Disk Burner\diskburner.exe" -s
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 81.171.91.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| US | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.129.159.162.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | cxcs.microsoft.net | udp |
| GB | 92.123.128.169:443 | www.bing.com | tcp |
| GB | 23.214.133.66:443 | cxcs.microsoft.net | tcp |
| US | 8.8.8.8:53 | 169.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.133.214.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| DE | 77.105.147.130:80 | 77.105.147.130 | tcp |
| US | 8.8.8.8:53 | api.myip.com | udp |
| US | 104.26.8.59:443 | api.myip.com | tcp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | 130.147.105.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.8.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.186.117.34.in-addr.arpa | udp |
| RU | 193.233.132.216:80 | tcp | |
| US | 8.8.8.8:53 | flex.sunaviat.com | udp |
| RU | 5.42.65.115:80 | 5.42.65.115 | tcp |
| US | 8.8.8.8:53 | cczhk.com | udp |
| US | 8.8.8.8:53 | 294down-river.sbs | udp |
| DE | 185.172.128.127:80 | 185.172.128.127 | tcp |
| US | 8.8.8.8:53 | gugle.fun | udp |
| US | 8.8.8.8:53 | vk.com | udp |
| US | 8.8.8.8:53 | monoblocked.com | udp |
| US | 8.8.8.8:53 | cleued.com | udp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| US | 172.67.221.35:80 | flex.sunaviat.com | tcp |
| US | 172.67.178.79:80 | gugle.fun | tcp |
| US | 104.21.67.206:80 | 294down-river.sbs | tcp |
| US | 172.67.154.10:80 | cleued.com | tcp |
| RU | 45.130.41.108:80 | monoblocked.com | tcp |
| US | 172.67.154.10:80 | cleued.com | tcp |
| US | 172.67.178.79:80 | gugle.fun | tcp |
| US | 172.67.154.10:80 | cleued.com | tcp |
| US | 172.67.178.79:80 | gugle.fun | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| US | 172.67.178.79:443 | gugle.fun | tcp |
| US | 172.67.154.10:443 | cleued.com | tcp |
| US | 104.21.67.206:443 | 294down-river.sbs | tcp |
| RU | 45.130.41.108:80 | monoblocked.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| MX | 189.232.12.90:80 | cczhk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 45.130.41.108:80 | monoblocked.com | tcp |
| RU | 45.130.41.108:443 | monoblocked.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| MX | 189.232.12.90:80 | cczhk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| US | 8.8.8.8:53 | 127.128.172.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.65.42.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.221.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.67.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.178.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.154.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.137.240.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.41.130.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.12.232.189.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pergor.com | udp |
| US | 172.67.156.81:443 | pergor.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:80 | vk.com | tcp |
| RU | 87.240.137.164:443 | vk.com | tcp |
| RU | 87.240.137.164:443 | vk.com | tcp |
| US | 8.8.8.8:53 | 632432.site | udp |
| NL | 194.104.136.64:443 | 632432.site | tcp |
| US | 8.8.8.8:53 | sun6-22.userapi.com | udp |
| RU | 87.240.137.164:443 | vk.com | tcp |
| US | 8.8.8.8:53 | sun6-21.userapi.com | udp |
| RU | 87.240.137.164:443 | vk.com | tcp |
| NL | 95.142.206.2:443 | sun6-22.userapi.com | tcp |
| NL | 95.142.206.1:443 | sun6-21.userapi.com | tcp |
| US | 8.8.8.8:53 | 32.169.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.156.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.136.104.194.in-addr.arpa | udp |
| RU | 87.240.137.164:443 | vk.com | tcp |
| RU | 87.240.137.164:443 | vk.com | tcp |
| US | 8.8.8.8:53 | psv4.userapi.com | udp |
| US | 8.8.8.8:53 | sun6-20.userapi.com | udp |
| NL | 95.142.206.0:443 | sun6-20.userapi.com | tcp |
| RU | 87.240.137.140:443 | psv4.userapi.com | tcp |
| NL | 95.142.206.1:443 | sun6-21.userapi.com | tcp |
| RU | 87.240.137.164:443 | vk.com | tcp |
| NL | 95.142.206.2:443 | sun6-22.userapi.com | tcp |
| RU | 87.240.137.164:443 | vk.com | tcp |
| US | 8.8.8.8:53 | 1.206.142.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.206.142.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.137.240.87.in-addr.arpa | udp |
| RU | 87.240.137.164:443 | vk.com | tcp |
| RU | 193.233.132.216:38324 | 193.233.132.216 | tcp |
| US | 8.8.8.8:53 | 216.132.233.193.in-addr.arpa | udp |
| DE | 77.105.147.130:80 | 77.105.147.130 | tcp |
| US | 8.8.8.8:53 | iplis.ru | udp |
| US | 104.21.63.150:443 | iplis.ru | tcp |
| DE | 185.172.128.24:80 | 185.172.128.24 | tcp |
| US | 8.8.8.8:53 | iplogger.org | udp |
| US | 104.21.4.208:443 | iplogger.org | tcp |
| US | 8.8.8.8:53 | 150.63.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.128.172.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.4.21.104.in-addr.arpa | udp |
| RU | 193.233.132.62:50500 | tcp | |
| US | 8.8.8.8:53 | 62.132.233.193.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | fa070c9c9ab8d902ee4f3342d217275f |
| SHA1 | ac69818312a7eba53586295c5b04eefeb5c73903 |
| SHA256 | 245b396ed1accfae337f770d3757c932bc30a8fc8dd133b5cefe82242760c2c7 |
| SHA512 | df92ca6d405d603ef5f07dbf9516d9e11e1fdc13610bb59e6d4712e55dd661f756c8515fc2c359c1db6b8b126e7f5a15886e643d93c012ef34a11041e02cc0dc |
\??\pipe\LOCAL\crashpad_1844_HPVMVRMCLQAGTJIL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0d7d4136df3503dfaf7018b3e87ce2d1 |
| SHA1 | 45d76fc9707814724e86cabc4700899bc8cc0268 |
| SHA256 | efccdf4fd134c3a84447bc751fd17cdb5e9450c2d19f55b6714b427464646291 |
| SHA512 | 28c368e58d6d294d25aa495077751101fc2c4ca8b6373ac072a9024983609705a653f4f6ec523df6b901f48ee064fe3066aca1ec51d7e64684df8d2837fe4ca2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | be7f75a6767930eb5fb5d6c81cd6d25c |
| SHA1 | 80bcf9c164146805cdf6365d9bda03b7b4699442 |
| SHA256 | 1ad60142e6c2d73911f7522554960b66af015bf4757f6395ec522ba1eebced33 |
| SHA512 | 97ecc7b0edc3656bd713247595a3a64eab38c2c6b02d8bfb71105bfa446fa6044f007195afeebcaafead43210afad9840dcb0c779172a8e04797e5d63f25ef37 |
C:\Users\Admin\Downloads\file_release_ver2.rar
| MD5 | f06bceb552e3cd94946a8a3f0f8a2546 |
| SHA1 | 142b14cb5fb0187dca0ed31f030cd408499dd168 |
| SHA256 | 3f281052ddc5cc04bfc54b0b5b007661f096daba9f3647da9995ffd8a2ccc429 |
| SHA512 | f57d87edcdfefe0dea5686afa48ba17b7d8df10c750ed0107f116a47d140fa940ae06fb74415ca84ba49e67c01e51c7f2888efcccc8cd66b55cc3cda2709202f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | aada68858bced4e054e1a2d56ff17ca1 |
| SHA1 | 454bc31ac4318e8523def56450a679a5cdfcbfbb |
| SHA256 | 53df3176c12ce01bcebfcbbc4c4a611cb235fb751b0c17c740c55902632f5e54 |
| SHA512 | 5505b023cba33c42c766bf918d589fd7347c3ad5766e1c3cf054323624681b9007cb532899d10a4b3d9719d9a62d1224698c75d1fe5269010da607b7ece55415 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 917dedf44ae3675e549e7b7ffc2c8ccd |
| SHA1 | b7604eb16f0366e698943afbcf0c070d197271c0 |
| SHA256 | 9692162e8a88be0977395cc0704fe882b9a39b78bdfc9d579a8c961e15347a37 |
| SHA512 | 9628f7857eb88f8dceac00ffdcba2ed822fb9ebdada95e54224a0afc50bccd3e3d20c5abadbd20f61eba51dbf71c5c745b29309122d88b5cc6752a1dfc3be053 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 21f7b070b6cc503455c1bae9e81596fb |
| SHA1 | b6a8931328467b1bae49cdfad93431e940ca3022 |
| SHA256 | c7a0b7b1e48fbf8a63d11986a7126f27c6962e8faa80c94a97c3acdb0b78a60b |
| SHA512 | a7fa1cc9c9a0f2c19fcaf93fa1f1bebb85c520b0a0adc2e941387cf1a11070f7eb452a9e65301e5a363cd89a799003dfa208c947fcae4b848bc347b414c3f6a1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8b65c36d824b032da22394d32b38ea5f |
| SHA1 | 8167967535df78cf3650e4ced75a8edd2057410f |
| SHA256 | 57bc4fa6cca613deded845ee6e4099f545a6ef9f3ecc3646bd303240fb4833e7 |
| SHA512 | 38911b42fa03805513e3df40a8c47263e819e86f6ce474d846efe5410b6f70391cdf77154bb4fcb0d26081057a153a60340138931affd23298c8174ad18bab94 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ab2831c38d6414c8718ff134904b64a2 |
| SHA1 | 412021fa4891ab5a06b8439b2e93421f0779274c |
| SHA256 | 0353ed852bd4d61961ce89382af7a3d8a0ba1a91afd3d5172684b16e54b19549 |
| SHA512 | a7a390267444b738038efd6b4e42c121f8cbdafe414595ec2dfe56415e93938ddc03b07e5e246c3cfe0970ef5f0868d6fa5261b27402e8003b141512c1f52ddd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 094ab275342c45551894b7940ae9ad0d |
| SHA1 | 2e7ce26fe2eb9be641ae929d0c9cc0dfa26c018e |
| SHA256 | ef1739b833a1048ee1bd55dcbac5b1397396faca1ad771f4d6c2fe58899495a3 |
| SHA512 | 19d0c688dc1121569247111e45de732b2ab86c71aecdde34b157cfd1b25c53473ed3ade49a97f8cb2ddc4711be78fa26c9330887094e031e9a71bb5c29080b0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ecbc84a6857bb303bb36943656040022 |
| SHA1 | 2e36b52228dae2b17d96fcc470c2071839ade88b |
| SHA256 | cc418bd6d1dcf02cc2625a040e2b9a67365004952fffc2d5213bdbb8cf269ead |
| SHA512 | b499ff35c0d75d3d8452d4e966346359cd07e1ffe77fd01749827a9257ad56f8bf25d8a228d25def3f3f77bd6a7ee1041bdd6ea89c577fde624d5f0ef01ec31f |
C:\Users\Admin\Downloads\file_release_ver2.rar
| MD5 | 6d32884320a4b2c98eec150ffe36ec1d |
| SHA1 | 5f48274fb3ded58bee4c90d3500dd165e7484b0f |
| SHA256 | b7548911a94601a51f6fd364e6d80887c95a7811dbda49c2bb2d33a4f08c35c2 |
| SHA512 | 96805932ea0188617c3f4234c3d491f7dc42c9ea8defa036b9c729666f54c7fb6092d25a772f08c8a52d59283362870fdb4513846ba4c2a7399da63c94f4f299 |
C:\Users\Admin\Desktop\virus\setup.exe
| MD5 | b039df8e6c680da33dbf86828df99f16 |
| SHA1 | 1976374a5f23665c956d81fc81e5a11b873eb246 |
| SHA256 | 26fe0600603ecda1754381c88ad076939775967719616a17cbd5908b2949163b |
| SHA512 | ac8f63a40070676e87822d3e51d4d85755a3475cbd50e8066269bcc50d8445df03bd7c4e55af4611649a3f466d3642747ddb0cb57d13a1bc022b9135980b8fa0 |
C:\Users\Admin\Desktop\virus\setup.exe
| MD5 | d7bef87d980596fc609374b557dd3cce |
| SHA1 | d41eafa0cb2cee89732c8dd59eaa64d172cd1b26 |
| SHA256 | 0585e3b2e6e7bb8491a357c7003c56781b1fbffdddf3dc86e056d176671f81ef |
| SHA512 | 81211cf456982e15f4df964812d66efcb4646e4e8a07b62b3e816bf09de18e96eb56de89be5b8353fb24d859e58abb5a113d9dc4f33da134520d5cd46c16b31e |
memory/4332-523-0x00007FF72AA50000-0x00007FF72B7C1000-memory.dmp
memory/4332-530-0x00007FFC279F0000-0x00007FFC279F2000-memory.dmp
memory/4332-532-0x00007FFC27280000-0x00007FFC27282000-memory.dmp
memory/4332-531-0x00007FFC27A00000-0x00007FFC27A02000-memory.dmp
memory/4332-533-0x00007FF72AA50000-0x00007FF72B7C1000-memory.dmp
memory/4332-534-0x00007FFC27290000-0x00007FFC27292000-memory.dmp
memory/4332-535-0x00007FFC253C0000-0x00007FFC253C2000-memory.dmp
memory/4332-536-0x00007FFC253D0000-0x00007FFC253D2000-memory.dmp
C:\Windows\System32\GroupPolicy\gpt.ini
| MD5 | 8ef9853d1881c5fe4d681bfb31282a01 |
| SHA1 | a05609065520e4b4e553784c566430ad9736f19f |
| SHA256 | 9228f13d82c3dc96b957769f6081e5bac53cffca4ffde0ba1e102d9968f184a2 |
| SHA512 | 5ddee931a08cfea5bb9d1c36355d47155a24d617c2a11d08364ffc54e593064011dee4fea8ac5b67029cab515d3071f0ba0422bb76af492a3115272ba8feb005 |
C:\Users\Admin\Documents\GuardFox\gpso7hLvmlZX3s1RzuizlacQ.exe
| MD5 | 49cb2b550dce36a567adea6de136d9ed |
| SHA1 | e2934f49850a300af6e536bb298b96f4827fc3df |
| SHA256 | 50ec9dd668fa99c408f9bddfe4e42d27e0dabfcac099d354090b89c950ace775 |
| SHA512 | bdcb56762ecf6c1aa649fce898a168c5d7ede159a93ece15a262609c5bdfce8f344df9a6c34de423a9760e78b4df76fb9685bb70e336616ab34b3215dc949843 |
C:\Users\Admin\Documents\GuardFox\efrL7m1yzZ3LOzzGPjHl8lah.exe
| MD5 | e9679c8164a32327127edcdf110b785f |
| SHA1 | fcba636fc817d87f3f0a2ddd01e0491511f52619 |
| SHA256 | 685db94f8d4e299252a742ad4a23398c2c547db60aafbefcfb70771c0935f2f3 |
| SHA512 | a17a1f9211a1c0b714ec34d1fbf68aba8cfefaaa494aa5c6ea546360c71ffa8dde2a46e7c02c5ad033be9696e27b73466555bccfb8d24fa119414f420921fde5 |
C:\Users\Admin\Documents\GuardFox\7PFTksHTc83yqPSjqy65fPDA.exe
| MD5 | c1ffa72e25a8576421d40885e48fd9fc |
| SHA1 | e9463da8c2b3f7f03dcfa5c0960c76ec5712585d |
| SHA256 | b08ace70938bb5cb329faeac629fe80d507fc0dec2fc90bcc0a4f9bfc68ed47f |
| SHA512 | 65913ac763f30d9c9ccbf2f526b69bd5122ea03689df189c6b6eed740b4ff8c90f56061b6cf51fd71ed07529f6ade018f6ce2eb3cf21a2e0ed95549497254097 |
C:\Users\Admin\Documents\GuardFox\y4MzC_GFFfKbk0AhDwzPPJqS.exe
| MD5 | e08432912b484304d40617b93e0f788a |
| SHA1 | fc992f2b44e339d0e62f97ec118ca4d2fae63dc0 |
| SHA256 | 9a566aa2e8674eb0d7685afb54d72d711299a4cf716778359ea52bfb9108ee3a |
| SHA512 | 5cb9386bb250b8593315a6091be2f8ebadab4d21a8381d0a42187c6282a36c38325d3d0832ce8ae757c9f947ddfcbba199a4b717c991feec0c128788a1263248 |
C:\Users\Admin\Documents\GuardFox\vPiqCFCtgkl0Q744H8997VED.exe
| MD5 | 1c508d3b98d19deec3e1c2393a8fe1b5 |
| SHA1 | 218b74339408f92c72ca10510dcee7918d0c15c0 |
| SHA256 | d76ce17ccb915b5e9fbd3d00e21d15f65e00e80c75a8fc38f39792dcebd2922a |
| SHA512 | 567015cee3932028e6441b0914a7fb9bbd28a618c7febe95a15e7b29a57fe5aa5993d8386149004fb0732c290463ff6535cf03d8645dc0c587eb748d79500a8e |
C:\Users\Admin\Documents\GuardFox\4c5oGWmByjGhpIuFpxUzXB0x.exe
| MD5 | 97bb0c27ef1ced879110ea7a99502413 |
| SHA1 | 3550d2753ec06cb9df059e46fd9a75647bc1996b |
| SHA256 | aaf522f748bdd747170e60384189ed9d8ffed122b6bf28cb0c6c5efbf95463b4 |
| SHA512 | 494185ab01f4cd3311f8750290952fadc49da4e0d5b936c9668c6cb51fef6766bde357c4f8c4e7c2311350b880b4dc84dbedd5c3a13df2cc687259c7c146c606 |
C:\Users\Admin\Documents\GuardFox\LMXJ5Y_2qjk9nh4xqGP17Wj0.exe
| MD5 | 22dcd25b23432bbf31426e83b3c26979 |
| SHA1 | af6e6068e5bb845057c9bd96ecba400dac8503bb |
| SHA256 | 7e133bf8bec9e5fef885925242093bb325264b7172a77afc729844973f8329b5 |
| SHA512 | 581ce241850d5be38d9ac8029164d05bc2946d1c8782ae61f65526c02dbd3620e603f2f4f5d88fa02d009a55cff2acb031a0059451748e106ea52742ee2a8f34 |
C:\Users\Admin\Documents\GuardFox\fA3qSoZcBqD8MrIttNSRwd_5.exe
| MD5 | 09badb8acf8fe1c8d35791aa2593c118 |
| SHA1 | 9c22f98c4d578b3f593b160362b10beb1a1ca901 |
| SHA256 | 8af7c3f82ad26852a76b872771b62edb87eaf52d3f38332daa06f577a2122850 |
| SHA512 | 9ace0b41912cc8b848fc619157423eb7ff118121202357c0831dbd7513a372e1c71ccb1ff8751ecb55709ed45fcec1c54583924d2555467c99823f2cbeffe955 |
C:\Users\Admin\Documents\GuardFox\VJnnfU_Ut_0Ow_CdGK8mq_nw.exe
| MD5 | 7a520f1cc4ab3ca6d84a3a3987b75acc |
| SHA1 | 1a9cfca04d2827da09b8de1afe32a722c2728a3f |
| SHA256 | 3e7eff5109f9507d5dcc585c5d69ee1951d472e69e5957427389747a41355488 |
| SHA512 | c79355c81a4f1f1e233732f40fb70e96a09e5cadbb4d885ad83bace5ded8cc7be626d722b462996801d4ab783b786b9eb7486f045629408404977895177277a2 |
C:\Users\Admin\Documents\GuardFox\UemN7VR4z3aZcgCq0XldbxiR.exe
| MD5 | 0533fba35e87f83d260073021f1c6cf8 |
| SHA1 | 29791967ee60fcc5dc8bd9a71bc3bc4c8c2bfd4d |
| SHA256 | 1d85f2cf10c25b211ed42b78ffc799864278e0fcdf1828397424ab6ca703ab7b |
| SHA512 | 2dd7a7cc813a008be18bf69b3fb79624feb4e69c640e54d483dd7971cbab8d089bec45b9b41a925d6f329c67d1c3d6f70f53f021ae3f80e59804fcfbd7c645d7 |
C:\Users\Admin\Documents\GuardFox\T_nBxVA5LbSqvAmBfv_F_L2u.exe
| MD5 | 49f56065bbce650035f1b97136d1191f |
| SHA1 | d2420535c1269fa98787ace506ce0fa06b24785e |
| SHA256 | e872c627be48be741bb587d1b8553eaf1c9563684210e8c85481e5ec9ed2743e |
| SHA512 | a5657642f8a7199a73e1870af97ad2d354bad9b365868759c579665249e903f9ebe0cbcdbd3a3fc1fd43d0143c117fbff1532379e60f7d49ef571e659b993d8d |
C:\Users\Admin\Documents\GuardFox\DaxvN2uXGf04aiqVzIDIw5v6.exe
| MD5 | ff4aed5bbaf51d8596a32d5ec92d2124 |
| SHA1 | b77643a3b36cedaa4ba564a1f9565b10efdd39d2 |
| SHA256 | 738b10e8f40c02110ac8f78c9178472dd0c5e821fed6c7e57139f200768fe167 |
| SHA512 | 459bbe1a9322e32e813ae2222b2c0006702c7a1b87627be824d8b129aeb612708baedbccada67a916d8999bff10041ef56f7009154ec811b3cc93c8c32ea4321 |
C:\Users\Admin\Documents\GuardFox\QFQcijcn_WLqo7kgBLWc6iuB.exe
| MD5 | d2a88a0de5fa559b65aa7f0d13b6155d |
| SHA1 | 7287001d94d688c952852f78b8d63ea8d9913030 |
| SHA256 | 19994fae44252a34f4927e0da4893b9ffcd135674df441fa779635538e3163cd |
| SHA512 | 2dcee5a5d1cd89190295bf70f7f623cf0aae5e092e22718cd315d105a650d1823d8a51411b7e00cbd66c7c860d54853450096e227990bde282ce3008afc375a4 |
C:\Users\Admin\Documents\GuardFox\k8lcuL1IDyMDzXQcF1m7GXz9.exe
| MD5 | e62971c6a560d633f319e154e7c241f9 |
| SHA1 | 7f760542d2ae94b8d0cfee9fae551bd6e5eb493e |
| SHA256 | 0d449a44efcdcf692c48006c1a04f8886a3a1d026c40502cec38ae51262412a9 |
| SHA512 | 32041304d18bf2f146a7c86bf8dbba462f014cb4caec9c14dc45fa6b9ed434d772135892f7f81c99dc594543c036ded8bdf067d610f0f3a5bc7725c825615a98 |
C:\Users\Admin\Documents\GuardFox\AMov_XjyPuWDzEUFSafO3_zp.exe
| MD5 | a46233dfbf7cd5a7a40fe3bfbb00b73b |
| SHA1 | faf3033cc95e334f50db306eedac9074a0338753 |
| SHA256 | db2d38ad73ba1ec384b25af218ab0c53492e88a45f3d9b2a82d1a91799999648 |
| SHA512 | 9c81cd8078a75f433c903986d66dcf08d051da2541910c21671ab4139bc16013ace87044c6676b97f191c5ae4628ed0bcf83b0292965a70b7f20848647cb47db |
C:\Users\Admin\Documents\GuardFox\k8lcuL1IDyMDzXQcF1m7GXz9.exe
| MD5 | 8eef96be050da8726ab516a4d3023944 |
| SHA1 | e9bd89d23c4173307180b392fff70704d7d454f1 |
| SHA256 | f198b0162e1451dce967b1532bd43657f1dc3fa828e12114cb69e60464c212fe |
| SHA512 | 7a32e1ec2711935fe4fdff46e84852c7261160b9f66e3190ea705924be842ee7076b3d2be050b0f618676633ff65a4ebade7c440ac458379e55e40a5bdd65856 |
C:\Users\Admin\Documents\GuardFox\7PFTksHTc83yqPSjqy65fPDA.exe
| MD5 | 5d0ccd5231f645ad9e5b6a8754d0378d |
| SHA1 | fcfb99bcaabad75337ccb33884e6b2e7ce0ab7f3 |
| SHA256 | 6b6477b3e2ad9ece0c116025b4f2532fce89b5a794bf603d7ce89d1f7c42a89d |
| SHA512 | 4126469fed25426789c2f5148bdce3edd5dee62a095f889477ce2e44685a801a2fa3527ffe9b53b7564cbaae741eb26b9f8fec40b275ef6a705814d0731f70f9 |
C:\Users\Admin\Documents\GuardFox\IZwLbPG0F7dGY31oT83_94XU.exe
| MD5 | 11aa29b627558c3e636be099edb69f6b |
| SHA1 | daa21845fcb7b784364eb57e34eeaf33dbd4ea19 |
| SHA256 | ee0c827e70aa3565b45ba50dca0fbdd3323002444326a809688d380b83a28811 |
| SHA512 | 76129ec05decacc26139f53cac05ade977f927fc4b13e663139d8be1c37df42aad0a613b5939af8f69b934682d6c608b0c3d8f4bc5f506750e4df9cffaa68b5b |
C:\Users\Admin\Documents\GuardFox\k8lcuL1IDyMDzXQcF1m7GXz9.exe
| MD5 | 5990fd35af4d184abc9fa9f1af9ef758 |
| SHA1 | 79a63432103d0e8a62726e919e63c02d1603a191 |
| SHA256 | b8d48d7ae9eb83727b7f53a62d7091a814fc09bf70aabc90e24f81eefd2685f5 |
| SHA512 | c55510dbe4046a0f2919b2b61e6565ae3fdaccc6a7f00e717603e5c2e71f62dffcaa7d05aff934a05369ad01779d7da3771e61c0bd905ee937e130860643b251 |
C:\Users\Admin\Documents\GuardFox\UemN7VR4z3aZcgCq0XldbxiR.exe
| MD5 | 07f0f10935785563c0f34dc35b71f3bb |
| SHA1 | 57f488a225e5004ecc058adaee9483949307e82e |
| SHA256 | ba0d48b4d2b56ac83f273e9155a1511225d24bc7891148384a6e98ced7d7c9e5 |
| SHA512 | 43fd21eeb36c55b9c9bc0cb34b8e6b6867b531bf309769fa5f79ed0766a496a143a3486611594e2e9b70e4ac661e153fd09aafff3ae7363c074b203bc39b3ac5 |
C:\Users\Admin\Documents\GuardFox\vPiqCFCtgkl0Q744H8997VED.exe
| MD5 | 977df4f3ebde805c7936203945c6c87c |
| SHA1 | cfcb8b270cc35d74fb19d681a07d209ab30b32ef |
| SHA256 | d94f269c879b684ff805fa77d3d8d52d5658c0bfca878de9453e26da5d85a583 |
| SHA512 | e8333039177992b2c91e540137d9490830e1205bf7adfebc43e2487b43d90d707811fb4237cfa4b194917044797d6e3469a5c429968a274d715edfb72f431f4a |
C:\Users\Admin\Documents\GuardFox\y4MzC_GFFfKbk0AhDwzPPJqS.exe
| MD5 | 39dc81989ec115de6ad9afa208e418ea |
| SHA1 | cc4788386e860eed7df7a6a9d4ac9dd59150b914 |
| SHA256 | 145a9f555f1d8127f1839ddee557e585c25bd58d4cefbccdaf8697ff76cdb3dc |
| SHA512 | 34b7b43cc55fbb0aa91e5992bd4653ab505e4f231e727dbd7098d639d3517c90bd855add66470f098cbdf0071d6b24f9698e0a28f40ae241b787f0c26890ddd6 |
memory/1420-1151-0x0000000000400000-0x0000000000574000-memory.dmp
memory/1420-1154-0x00000000022B0000-0x00000000022FB000-memory.dmp
memory/1420-1153-0x0000000000400000-0x0000000000574000-memory.dmp
memory/3156-1158-0x0000000000400000-0x0000000000414000-memory.dmp
memory/1420-1174-0x0000000000660000-0x0000000000662000-memory.dmp
memory/60-1176-0x00000000020B0000-0x00000000020DD000-memory.dmp
C:\Users\Admin\Documents\GuardFox\LMXJ5Y_2qjk9nh4xqGP17Wj0.exe
| MD5 | 5ecc71f245e8a8f85a973341ededdbc1 |
| SHA1 | 4a8c2c72e0a0f3c549e153599eb373f59c8e2c66 |
| SHA256 | 820f0c5e08cfabe337e0356ce0988f0eb4d33ba9b4d4563e9d7a876244153240 |
| SHA512 | e6e309eb768dc1e668025476104f3443ab843fe0624a678af4b4f8a346d87fa4c0d1b8c62576947020d998bc275a51cb088ef5baf99b27d3b44dfc27f5b93bfb |
memory/4464-1233-0x0000000000730000-0x0000000000830000-memory.dmp
C:\Users\Admin\Documents\GuardFox\T_nBxVA5LbSqvAmBfv_F_L2u.exe
| MD5 | 72970d7e831b329fa740363bd382edb4 |
| SHA1 | 19ea5f8aed02c8fc24d912b163e639b83014dbc3 |
| SHA256 | b59274fcb2d5904499eae0f13f73855e8d6658650328ccacd915cc0526961643 |
| SHA512 | d4d73cc87dec908496f71caad0fd22bbc8273d15c4fa1d42bcf5841ece596d34ae89e7e55aa23d1b01f4ce0c1e527221249e9e7f8ca7694bb08a7fcb0e0074d0 |
memory/4464-1252-0x0000000000400000-0x0000000000647000-memory.dmp
memory/4464-1249-0x00000000006D0000-0x0000000000704000-memory.dmp
C:\Users\Admin\Documents\GuardFox\IZwLbPG0F7dGY31oT83_94XU.exe
| MD5 | fb9e012fc3201fc4b21e6c10dbd75dbb |
| SHA1 | 5850fd1d417664940ec83cdf5bd67e1ad03a5990 |
| SHA256 | 9162a251f858cd487394224b03f3c092cd2911643b9280da1d299e7e27e5448b |
| SHA512 | 1397be602f3b4f844bc671b5a5ca6974bd8bdb5b39b41542bea0d7aa72da408aca1b6f24c81d41a1067f7d3c82330b04d2ca791ed523fc6ae2cd5a3d7191ef3b |
C:\Users\Admin\Documents\GuardFox\IZwLbPG0F7dGY31oT83_94XU.exe
| MD5 | 43e3b99b9aa35dfe75a845e2792d0694 |
| SHA1 | 2885648636af0fc1fd3e763890123e51ef20f30d |
| SHA256 | 634c5e6ca56f733650042a014497ab7e2ba5af008aeb912119869806def94388 |
| SHA512 | 86fb8cf395de4c52cd85bab5feb9ab285536e12bcff65e06ba3fde1a2f4f5b29d26f5cc842657804540cb2a9ae73ec03a21824229109d0862b25b4b03f6c4416 |
memory/1420-1222-0x0000000000400000-0x0000000000574000-memory.dmp
C:\Users\Admin\Documents\GuardFox\UemN7VR4z3aZcgCq0XldbxiR.exe
| MD5 | 9d3451f43ee3d99c06fd6f7891316651 |
| SHA1 | 21200bcbfba381f570dd55610e10efb46d58ab43 |
| SHA256 | d05fcfaa9ba3133c8acc7f3d741e2e57dce83fd0cca1842820d39538e1de1791 |
| SHA512 | 83dfdea87a8977b97f6aa790188c4c39a0f94e70e2559f849bf4d3db49d8dcc4e37a26f9c2eb72ca642317f8d0ffb7955f2d1690677f71ded4fa1fb8e25712ac |
C:\Users\Admin\Documents\GuardFox\y4MzC_GFFfKbk0AhDwzPPJqS.exe
| MD5 | f3dfb6e993a12538c5b7fe158aee055b |
| SHA1 | 28c6e1219135ac9e280b730f9867635950392be7 |
| SHA256 | a692676fc0f72b07d888562a5fa72b76a9335816d756150caf97d28229002fa2 |
| SHA512 | 11e677a2758c158139e75d4956ceb53c6fe684459e453d847eacc147253fb909edf9a711a129db4927eeca75e68ba85572b6647610fa5e58cb7c01edf3f6333b |
C:\Users\Admin\AppData\Local\Temp\is-O5VIP.tmp\7PFTksHTc83yqPSjqy65fPDA.tmp
| MD5 | 8ff47cb8ebfc33882eecf7321ba2a157 |
| SHA1 | f16517909d84e51aa99ac4bcf92876fff95fb061 |
| SHA256 | 548008e1594fc3f59fff47d39b8135abdcd5bf010a7a3be85c9b980c6959675b |
| SHA512 | a53a453040b8102bcbb5f88689db484bdd9c82704a206dc41a0a1ca5597eb711dcab7042c7f477a4a93aff9ced435fbd42ecc738713514ff187a43a6ccfb20d4 |
C:\Users\Admin\AppData\Local\Temp\is-O5VIP.tmp\7PFTksHTc83yqPSjqy65fPDA.tmp
| MD5 | 6e8ddfe0644540a04075bb30e637517e |
| SHA1 | c9629ce046647f2f493de6777b557224917dca5f |
| SHA256 | f66a20f082d08e9401250385ddaa2295bda35be8c4766dd6b26d692768591ea8 |
| SHA512 | 40f2148868bbc71c18390fe6545862b37b55b7e4eee6ada982d5f014f623c873a1d7421f112abf52ad6e18d204e4e7fa4e44d3a9317b56ea26b5b6bd9963fae4 |
memory/5324-1194-0x0000000000400000-0x000000000044A000-memory.dmp
memory/60-1173-0x0000000000490000-0x0000000000590000-memory.dmp
memory/5324-1161-0x0000000001F10000-0x0000000001F1B000-memory.dmp
memory/1420-1160-0x00000000022B0000-0x00000000022FB000-memory.dmp
memory/1420-1157-0x0000000000400000-0x0000000000574000-memory.dmp
memory/3156-1149-0x0000000000400000-0x0000000000414000-memory.dmp
C:\Users\Admin\Documents\GuardFox\vPiqCFCtgkl0Q744H8997VED.exe
| MD5 | 80f17f4335747dd3a0dbf34988d7969c |
| SHA1 | a495f81db961c9457e8f8c0c5ed1565254b29658 |
| SHA256 | d8363e1be9bd57738f1ed992b35725d87a61ab601cff1e00c74fc39efa1c8b39 |
| SHA512 | 989b8e497186b08b76584041081a77319dccc551ad8c7f0c40f54e58ef793ca30e5e10ff4836ef91140ede8cee75e88d67a5c33714316865957fd19625f99516 |
C:\Users\Admin\Documents\GuardFox\7PFTksHTc83yqPSjqy65fPDA.exe
| MD5 | 6203c7ceec9441b7bdeb69425d9df1af |
| SHA1 | 59b2146a0b64ac0505ca9b50c7ecb725977b2679 |
| SHA256 | 786ac711fc61a462d03d97079f4901d27e3437d8a2cc58602268d2db562a1f5a |
| SHA512 | 91983797e72da305a1e882cc08306f96163114dbe1f3d5d2ed5fb0b69e475434de58a9cfa77d210d9a858ef79c13b47a816fe886086a15395f2ef1222fb9df3f |
memory/5184-1264-0x0000000000970000-0x00000000009A8000-memory.dmp
memory/1420-1263-0x00000000006D0000-0x00000000006D2000-memory.dmp
C:\Users\Admin\Documents\GuardFox\DaxvN2uXGf04aiqVzIDIw5v6.exe
| MD5 | 8779593e4213163c2ec0bb6fd881d894 |
| SHA1 | f121df5c2e3fbb7ae5ae037a8c03add475ffaf5f |
| SHA256 | e89a7756f643e62007af003432f2f2dc05072173e644cda3ee8c8beed4b1cfc0 |
| SHA512 | bca5a1729fa1ccc11271a4aa8e84e06490cc2981359b02275ca749b8c0a1092fe6a36a497d773b043cc5683ac93d6b586169d2a6dda48223c2d718fde8fbaff8 |
C:\Users\Admin\Documents\GuardFox\DaxvN2uXGf04aiqVzIDIw5v6.exe
| MD5 | b32c669d82cdde0e719e3bffdd973eec |
| SHA1 | 958b73d2c0b269c3b5c93de0a2bd4c2ab756ccf4 |
| SHA256 | 9dde909223edd632448e3c0395f66cae2bdf9bd5ae49686a15a4d37545a8b30c |
| SHA512 | 84d7f61b5c18daa0258469c92b1b5093166257c8e0f61ea18b53dbe136be10c04d36c93d1a5989e643401269e145bce2ba328530f08931bb46b68c2542aa0ae5 |
memory/2972-1276-0x0000000000EA0000-0x00000000013D2000-memory.dmp
memory/3616-1282-0x0000000001FC0000-0x0000000001FC1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS672C.tmp\Install.exe
| MD5 | 9327a4df8755d0ad200856b03353c227 |
| SHA1 | d4283809cc98ad3ec9e9866c8b0a20bd2b1c555f |
| SHA256 | 70410d4162ccd9b2623f3348be8b6f2505899918cb3ad8fa0d4fd13482fc1a0c |
| SHA512 | 8e97e910ad5905a3ae9540ff55c57f8217bc1fac34965630272d12410d410d08c7a97f28e8adf0dccc87a1d9e3af3ad3a857c21c254f7d9554ea4e21c6c41aa6 |
memory/60-1305-0x0000000000400000-0x0000000000451000-memory.dmp
memory/2972-1310-0x0000000005D10000-0x0000000005DAC000-memory.dmp
memory/2972-1318-0x00000000062E0000-0x000000000680C000-memory.dmp
memory/5184-1321-0x0000000005450000-0x000000000545A000-memory.dmp
memory/3408-1317-0x0000000008E70000-0x0000000008E86000-memory.dmp
memory/4344-1316-0x0000000002AE0000-0x0000000002EDF000-memory.dmp
memory/1420-1309-0x0000000000400000-0x0000000000574000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS672C.tmp\Install.exe
| MD5 | f40764acf8991d55a10630f4b6594320 |
| SHA1 | 1684bd24d8bc545d1e79ba994cc4576901d7a97e |
| SHA256 | 075de4bc44418b3b74cdb207dd61bc23a7d84f3ade1680ec525aeb5bf0e89b97 |
| SHA512 | 1859bfdea0fbd29fce66cc646b6dfde71c535dc6ded990066dc749351d0b773c31f2093fdb20d6dfe56b4ec4d57b702272478b8fddf2e8b76ba4cc3dc47ebfb8 |
memory/5324-1299-0x0000000000530000-0x0000000000630000-memory.dmp
memory/452-1290-0x0000000004B00000-0x0000000004B92000-memory.dmp
memory/452-1275-0x0000000004FD0000-0x0000000005574000-memory.dmp
memory/4344-1274-0x0000000000400000-0x0000000000D1C000-memory.dmp
C:\Users\Admin\Documents\GuardFox\QFQcijcn_WLqo7kgBLWc6iuB.exe
| MD5 | 21e7fffd329ce06e2697a4dd25ae47fc |
| SHA1 | 9eda1ec70c041d0d48f3737f3b043a99e9b4c76f |
| SHA256 | 40980d0a964c6d324b5805fab57076f46e95f02dd719c2656a7fae14b9e465df |
| SHA512 | 2d4bc3ee0db2b17740259cec7e808b7aea736b7540b66ac74ddaaeec54d287495d59891738fc50ababcf8061d89e54a15e5679aa2994931a699a58f53accb9f6 |
C:\Users\Admin\AppData\Local\Temp\is-GG397.tmp\_isetup\_iscrypt.dll
| MD5 | a69559718ab506675e907fe49deb71e9 |
| SHA1 | bc8f404ffdb1960b50c12ff9413c893b56f2e36f |
| SHA256 | 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc |
| SHA512 | e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63 |
memory/5812-1330-0x0000000000970000-0x00000000014CD000-memory.dmp
memory/4344-1326-0x0000000002EE0000-0x00000000037CB000-memory.dmp
memory/4464-1329-0x0000000000400000-0x0000000000647000-memory.dmp
memory/5324-1324-0x0000000000400000-0x000000000044A000-memory.dmp
memory/4332-1323-0x00007FF72AA50000-0x00007FF72B7C1000-memory.dmp
memory/1420-1319-0x0000000000400000-0x0000000000574000-memory.dmp
memory/4352-1333-0x00000000053B0000-0x000000000560E000-memory.dmp
memory/3144-1332-0x0000000000090000-0x0000000000BEE000-memory.dmp
memory/4344-1331-0x0000000000400000-0x0000000000D1C000-memory.dmp
memory/3156-1341-0x0000000000400000-0x0000000000414000-memory.dmp
memory/5776-1346-0x0000000000400000-0x000000000065E000-memory.dmp
C:\Users\Admin\AppData\Local\Free Disk Burner\diskburner.exe
| MD5 | a144776da6c8130bc3a09a8b91536370 |
| SHA1 | 703f3364c50866960154b3625a4409ac15b05e97 |
| SHA256 | 6288674ab0abc033144365b58051ef72a4a8dd29d21ddc42089d74aa83ea8b0c |
| SHA512 | 50456c6e4b8ac47f0c174cf02b093a81a26e010acf51b6edeadb587a720b949dfe7df595c8bbc5023cf0dbce52f88d6f85078e3adca25661fbb02a80fe2e4d95 |
memory/3616-1348-0x0000000000400000-0x00000000004BC000-memory.dmp
memory/1588-1351-0x0000000005040000-0x0000000005216000-memory.dmp
memory/5084-1354-0x00000000006B0000-0x00000000013B4000-memory.dmp
memory/5776-1365-0x0000000000400000-0x000000000065E000-memory.dmp
memory/4352-1359-0x0000000005140000-0x000000000539E000-memory.dmp
memory/4464-1369-0x0000000000400000-0x0000000000647000-memory.dmp