Analysis Overview
SHA256
e3683f1a58054c1166a94d5758848ed053777c7dc575a7af69c938b39f204eb5
Threat Level: Known bad
The file file_release_4.rar was found to be: Known bad.
Malicious Activity Summary
ZGRat
RisePro
Detected Djvu ransomware
Djvu Ransomware
Stealc
Detect ZGRat V1
SmokeLoader
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Downloads MZ/PE file
Themida packer
Modifies file permissions
Checks BIOS information in registry
Checks computer location settings
Reads user/profile data of web browsers
Unexpected DNS network traffic destination
Checks whether UAC is enabled
Looks up external IP address via web service
Legitimate hosting services abused for malware hosting/C2
Drops file in System32 directory
Suspicious use of NtSetInformationThreadHideFromDebugger
AutoIT Executable
Unsigned PE
Program crash
Suspicious use of WriteProcessMemory
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Creates scheduled task(s)
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-23 17:06
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral3
Detonation Overview
Submitted
2024-02-23 17:05
Reported
2024-02-23 17:10
Platform
win10v2004-20240221-en
Max time kernel
147s
Max time network
155s
Command Line
Signatures
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Language\WinRar.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Language\WinRar.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Language\WinRar.exe
"C:\Users\Admin\AppData\Local\Temp\Language\WinRar.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 1.181.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.178.17.96.in-addr.arpa | udp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-02-23 17:05
Reported
2024-02-23 17:10
Platform
win10v2004-20240221-en
Max time kernel
143s
Max time network
156s
Command Line
Signatures
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4764 wrote to memory of 1892 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 4764 wrote to memory of 1892 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 4764 wrote to memory of 1892 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\LiteRes.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\LiteRes.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-02-23 17:05
Reported
2024-02-23 17:10
Platform
win10v2004-20240221-en
Max time kernel
126s
Max time network
158s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2116 wrote to memory of 4272 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2116 wrote to memory of 4272 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2116 wrote to memory of 4272 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\LiteSkinUtils.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\LiteSkinUtils.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 4272 -ip 4272
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 588
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.99.105.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-02-23 17:05
Reported
2024-02-23 17:09
Platform
win10v2004-20240221-en
Max time kernel
33s
Max time network
143s
Command Line
Signatures
Detect ZGRat V1
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detected Djvu ransomware
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Djvu Ransomware
RisePro
SmokeLoader
Stealc
ZGRat
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
Downloads MZ/PE file
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Reads user/profile data of web browsers
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Unexpected DNS network traffic destination
| Description | Indicator | Process | Target |
| Destination IP | 193.233.132.49 | N/A | N/A |
| Destination IP | 193.233.132.49 | N/A | N/A |
| Destination IP | 193.233.132.49 | N/A | N/A |
| Destination IP | 193.233.132.49 | N/A | N/A |
| Destination IP | 193.233.132.49 | N/A | N/A |
| Destination IP | 193.233.132.49 | N/A | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | iplogger.org | N/A | N/A |
| N/A | iplogger.org | N/A | N/A |
| N/A | iplogger.org | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | api.2ip.ua | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | api.myip.com | N/A | N/A |
| N/A | api.myip.com | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | api.myip.com | N/A | N/A |
| N/A | api.2ip.ua | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\GroupPolicy | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy\gpt.ini | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| File created | C:\Windows\System32\GroupPolicy\Machine\Registry.pol | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy\GPT.INI | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
Program crash
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\setup.exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
C:\Users\Admin\Documents\GuardFox\oPAY0atGsFrz5J6mweTZuaDf.exe
"C:\Users\Admin\Documents\GuardFox\oPAY0atGsFrz5J6mweTZuaDf.exe"
C:\Users\Admin\Documents\GuardFox\TKKw1hmTwVBMTsgOoU3BCklJ.exe
"C:\Users\Admin\Documents\GuardFox\TKKw1hmTwVBMTsgOoU3BCklJ.exe"
C:\Users\Admin\Documents\GuardFox\ahAzs7ebC94TtCXZ451KXqOC.exe
"C:\Users\Admin\Documents\GuardFox\ahAzs7ebC94TtCXZ451KXqOC.exe"
C:\Users\Admin\Documents\GuardFox\fVLq49qtba3ytPK4Nw9io13j.exe
"C:\Users\Admin\Documents\GuardFox\fVLq49qtba3ytPK4Nw9io13j.exe"
C:\Users\Admin\Documents\GuardFox\Mi6AWN9vXRBRMcYeS_3_zVDQ.exe
"C:\Users\Admin\Documents\GuardFox\Mi6AWN9vXRBRMcYeS_3_zVDQ.exe"
C:\Users\Admin\Documents\GuardFox\pPrCgUdP2JClGnpyLmHJPscG.exe
"C:\Users\Admin\Documents\GuardFox\pPrCgUdP2JClGnpyLmHJPscG.exe"
C:\Users\Admin\Documents\GuardFox\97ctR1cufJfKYreB2JRoqsia.exe
"C:\Users\Admin\Documents\GuardFox\97ctR1cufJfKYreB2JRoqsia.exe"
C:\Users\Admin\Documents\GuardFox\eQYk_b6jz16mJKmMtyzJXk5e.exe
"C:\Users\Admin\Documents\GuardFox\eQYk_b6jz16mJKmMtyzJXk5e.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 5752 -ip 5752
C:\Users\Admin\Documents\GuardFox\RDN8aZtoyFxR0Sp8P1YPHjjm.exe
"C:\Users\Admin\Documents\GuardFox\RDN8aZtoyFxR0Sp8P1YPHjjm.exe"
C:\Users\Admin\Documents\GuardFox\Je5Umq1MWJcqIN0348bnKOfX.exe
"C:\Users\Admin\Documents\GuardFox\Je5Umq1MWJcqIN0348bnKOfX.exe"
C:\Users\Admin\Documents\GuardFox\fpvCTUbLstZ4r68szSFC59Mu.exe
"C:\Users\Admin\Documents\GuardFox\fpvCTUbLstZ4r68szSFC59Mu.exe"
C:\Users\Admin\AppData\Local\Temp\7zSCBD.tmp\Install.exe
.\Install.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Get-WmiObject -Namespace root\SecurityCenter2 -Class AntiVirusProduct
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Users\Admin\AppData\Local\22158657-fbde-415a-bad4-5bee4646aa0b" /deny *S-1-1-0:(OI)(CI)(DE,DC)
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\WinTrackerSP\WinTrackerSP.exe" /tn "WinTrackerSP HR" /sc HOURLY /rl HIGHEST
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\WinTrackerSP\WinTrackerSP.exe" /tn "WinTrackerSP LG" /sc ONLOGON /rl HIGHEST
C:\Users\Admin\AppData\Local\Temp\7zS23CF.tmp\Install.exe
.\Install.exe /MFFdidt "525403" /S
C:\Users\Admin\AppData\Local\WBICreator\wbicreator.exe
"C:\Users\Admin\AppData\Local\WBICreator\wbicreator.exe" -s
C:\Users\Admin\AppData\Local\WBICreator\wbicreator.exe
"C:\Users\Admin\AppData\Local\WBICreator\wbicreator.exe" -i
C:\Users\Admin\AppData\Local\Temp\onefile_3900_133531816951741958\WW9_64.exe
"C:\Users\Admin\Documents\GuardFox\fpvCTUbLstZ4r68szSFC59Mu.exe"
C:\Users\Admin\Documents\GuardFox\RDN8aZtoyFxR0Sp8P1YPHjjm.exe
"C:\Users\Admin\Documents\GuardFox\RDN8aZtoyFxR0Sp8P1YPHjjm.exe"
C:\Users\Admin\Documents\GuardFox\6mW5b4qOjpVvTGG_x07s4stc.exe
"C:\Users\Admin\Documents\GuardFox\6mW5b4qOjpVvTGG_x07s4stc.exe"
C:\Users\Admin\Documents\GuardFox\QoPxz2PXYbxFkd1ZtaGIY5nB.exe
"C:\Users\Admin\Documents\GuardFox\QoPxz2PXYbxFkd1ZtaGIY5nB.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5752 -s 344
C:\Users\Admin\Documents\GuardFox\Z78EaC7A1maUh2noqDPHqxE4.exe
"C:\Users\Admin\Documents\GuardFox\Z78EaC7A1maUh2noqDPHqxE4.exe"
C:\Users\Admin\Documents\GuardFox\Odt0imGpkgnE0De9TQmDwGiD.exe
"C:\Users\Admin\Documents\GuardFox\Odt0imGpkgnE0De9TQmDwGiD.exe"
C:\Users\Admin\AppData\Local\Temp\is-VM79T.tmp\eQYk_b6jz16mJKmMtyzJXk5e.tmp
"C:\Users\Admin\AppData\Local\Temp\is-VM79T.tmp\eQYk_b6jz16mJKmMtyzJXk5e.tmp" /SL5="$20272,4460890,54272,C:\Users\Admin\Documents\GuardFox\eQYk_b6jz16mJKmMtyzJXk5e.exe"
C:\Users\Admin\Documents\GuardFox\RZwYj5i1qII7mxAb7SqPKWq_.exe
"C:\Users\Admin\Documents\GuardFox\RZwYj5i1qII7mxAb7SqPKWq_.exe"
C:\Users\Admin\Documents\GuardFox\gA119GY6BxzJ20qiar2SBob6.exe
"C:\Users\Admin\Documents\GuardFox\gA119GY6BxzJ20qiar2SBob6.exe"
C:\Users\Admin\Documents\GuardFox\tICD3_G5dCLsOTlSefOYkF5v.exe
"C:\Users\Admin\Documents\GuardFox\tICD3_G5dCLsOTlSefOYkF5v.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc74599758,0x7ffc74599768,0x7ffc74599778
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Users\Admin\Documents\GuardFox\RDN8aZtoyFxR0Sp8P1YPHjjm.exe
"C:\Users\Admin\Documents\GuardFox\RDN8aZtoyFxR0Sp8P1YPHjjm.exe" --Admin IsNotAutoStart IsNotTask
C:\Users\Admin\Documents\GuardFox\RDN8aZtoyFxR0Sp8P1YPHjjm.exe
"C:\Users\Admin\Documents\GuardFox\RDN8aZtoyFxR0Sp8P1YPHjjm.exe" --Admin IsNotAutoStart IsNotTask
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 2132 -ip 2132
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 568
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2176 --field-trial-handle=1884,i,1276832457716980050,7805439732190620183,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1884,i,1276832457716980050,7805439732190620183,131072 /prefetch:8
C:\Windows\SysWOW64\forfiles.exe
"C:\Windows\System32\forfiles.exe" /p c:\windows\system32 /m cmd.exe /c "cmd /C REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions\" /f /v \"exe\" /t REG_SZ /d 0 /reg:32® ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions\" /f /v \"exe\" /t REG_SZ /d 0 /reg:64&"
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3008 --field-trial-handle=1884,i,1276832457716980050,7805439732190620183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3000 --field-trial-handle=1884,i,1276832457716980050,7805439732190620183,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1884,i,1276832457716980050,7805439732190620183,131072 /prefetch:2
C:\Windows\SysWOW64\forfiles.exe
"C:\Windows\System32\forfiles.exe" /p c:\windows\system32 /m cmd.exe /c "cmd /C REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet\" /f /v \"SpyNetReporting\" /t REG_DWORD /d 0 /reg:32® ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet\" /f /v \"SpyNetReporting\" /t REG_DWORD /d 0 /reg:64&"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4124 --field-trial-handle=1884,i,1276832457716980050,7805439732190620183,131072 /prefetch:1
C:\Windows\SysWOW64\cmd.exe
/C REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions" /f /v "exe" /t REG_SZ /d 0 /reg:32® ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions" /f /v "exe" /t REG_SZ /d 0 /reg:64&
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST
C:\Windows\SysWOW64\cmd.exe
/C REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /f /v "SpyNetReporting" /t REG_DWORD /d 0 /reg:32® ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /f /v "SpyNetReporting" /t REG_DWORD /d 0 /reg:64&
\??\c:\windows\SysWOW64\reg.exe
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /f /v "SpyNetReporting" /t REG_DWORD /d 0 /reg:32
\??\c:\windows\SysWOW64\reg.exe
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions" /f /v "exe" /t REG_SZ /d 0 /reg:32
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST
\??\c:\windows\SysWOW64\reg.exe
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /f /v "SpyNetReporting" /t REG_DWORD /d 0 /reg:64
\??\c:\windows\SysWOW64\reg.exe
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions" /f /v "exe" /t REG_SZ /d 0 /reg:64
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 6116 -ip 6116
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 5736 -ip 5736
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6116 -s 2244
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5736 -s 2368
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe"
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "gloyEKczR" /SC once /ST 10:59:06 /F /RU "Admin" /TR "powershell -WindowStyle Hidden -EncodedCommand cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA=="
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SysWOW64\schtasks.exe
schtasks /run /I /tn "gloyEKczR"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE -WindowStyle Hidden -EncodedCommand cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA==
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exe" /tn "MSIUpdaterV131 HR" /sc HOURLY /rl HIGHEST
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MSIUpdaterV131\MSIUpdaterV131.exe" /tn "MSIUpdaterV131 LG" /sc ONLOGON /rl HIGHEST
C:\Users\Admin\AppData\Local\Temp\heidip5qbJ3INLYaz\2g1j7SGm0vjI4nkHAuJW.exe
"C:\Users\Admin\AppData\Local\Temp\heidip5qbJ3INLYaz\2g1j7SGm0vjI4nkHAuJW.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc82e646f8,0x7ffc82e64708,0x7ffc82e64718
C:\Users\Admin\AppData\Local\Temp\F0B4.exe
C:\Users\Admin\AppData\Local\Temp\F0B4.exe
C:\Users\Admin\AppData\Local\Temp\F0B4.exe
C:\Users\Admin\AppData\Local\Temp\F0B4.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.linkedin.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc82e646f8,0x7ffc82e64708,0x7ffc82e64718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/video
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffc82e646f8,0x7ffc82e64708,0x7ffc82e64718
C:\Users\Admin\AppData\Local\Temp\heidip5qbJ3INLYaz\hGnIVTJbniiugaulndqv.exe
"C:\Users\Admin\AppData\Local\Temp\heidip5qbJ3INLYaz\hGnIVTJbniiugaulndqv.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc82e646f8,0x7ffc82e64708,0x7ffc82e64718
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MSIUpdaterV1\MSIUpdaterV1.exe" /tn "MSIUpdaterV1 HR" /sc HOURLY /rl HIGHEST
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2264,17364547049839875453,10625535688629497048,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc82e646f8,0x7ffc82e64708,0x7ffc82e64718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2264,17364547049839875453,10625535688629497048,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2264,17364547049839875453,10625535688629497048,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2276 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.youtube.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,17364547049839875453,10625535688629497048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://www.facebook.com/video
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,17364547049839875453,10625535688629497048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffc82e646f8,0x7ffc82e64708,0x7ffc82e64718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc82e646f8,0x7ffc82e64708,0x7ffc82e64718
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.facebook.com/video
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc6f829758,0x7ffc6f829768,0x7ffc6f829778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc6f829758,0x7ffc6f829768,0x7ffc6f829778
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\MSIUpdaterV1\MSIUpdaterV1.exe" /tn "MSIUpdaterV1 LG" /sc ONLOGON /rl HIGHEST
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,17364547049839875453,10625535688629497048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,17364547049839875453,10625535688629497048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4528 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,17364547049839875453,10625535688629497048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,17364547049839875453,10625535688629497048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1524,2525749010093275192,12174032622444560376,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffc6f829758,0x7ffc6f829768,0x7ffc6f829778
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://accounts.google.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,17364547049839875453,10625535688629497048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,10262843961557492095,15357762294570849128,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:3
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,17364547049839875453,10625535688629497048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,17364547049839875453,10625535688629497048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.facebook.com/video
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,17364547049839875453,10625535688629497048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,17364547049839875453,10625535688629497048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,17364547049839875453,10625535688629497048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6516.0.362609268\2099137141" -parentBuildID 20221007134813 -prefsHandle 1868 -prefMapHandle 1860 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a6e4828f-f9bb-4a81-8eb7-010578d8f589} 6516 "\\.\pipe\gecko-crash-server-pipe.6516" 1960 1b8b79eb758 gpu
C:\Users\Admin\AppData\Local\Temp\heidi6DbP_N64XGcl\Gt_q28K1Pij1MddE1Ptw.exe
"C:\Users\Admin\AppData\Local\Temp\heidi6DbP_N64XGcl\Gt_q28K1Pij1MddE1Ptw.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6516.1.1762859660\896436887" -parentBuildID 20221007134813 -prefsHandle 2416 -prefMapHandle 2412 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2cde6dca-4aa1-4228-b1f3-192c8fc69211} 6516 "\\.\pipe\gecko-crash-server-pipe.6516" 2452 1b8b7140b58 socket
C:\Users\Admin\AppData\Local\Temp\FF5.exe
C:\Users\Admin\AppData\Local\Temp\FF5.exe
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6516.2.1389827356\513907467" -childID 1 -isForBrowser -prefsHandle 3008 -prefMapHandle 1324 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d50720fd-0bff-4811-a940-289057a83064} 6516 "\\.\pipe\gecko-crash-server-pipe.6516" 2964 1b8bb5ead58 tab
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1996,i,10485460941861558138,4091259679817495077,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1928 --field-trial-handle=1996,i,10485460941861558138,4091259679817495077,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1996,i,10485460941861558138,4091259679817495077,131072 /prefetch:2
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6516.3.571719448\226535996" -childID 2 -isForBrowser -prefsHandle 3544 -prefMapHandle 3540 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc0a1d06-a136-4fff-b8c3-c9b93cb0c836} 6516 "\\.\pipe\gecko-crash-server-pipe.6516" 3552 1b8aad61958 tab
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3144 --field-trial-handle=1996,i,10485460941861558138,4091259679817495077,131072 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\heidip5qbJ3INLYaz\GCWEHT8K4v5SdsJZFtFi.exe
"C:\Users\Admin\AppData\Local\Temp\heidip5qbJ3INLYaz\GCWEHT8K4v5SdsJZFtFi.exe"
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4060 --field-trial-handle=1996,i,10485460941861558138,4091259679817495077,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=2992 --field-trial-handle=1996,i,10485460941861558138,4091259679817495077,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1956 --field-trial-handle=2024,i,5557749574225615445,7883934478427062869,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=2004,i,2302472976579425981,17844444468222244877,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5040 --field-trial-handle=1996,i,10485460941861558138,4091259679817495077,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=2004,i,2302472976579425981,17844444468222244877,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3624 --field-trial-handle=1996,i,10485460941861558138,4091259679817495077,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=2024,i,5557749574225615445,7883934478427062869,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4528 --field-trial-handle=1996,i,10485460941861558138,4091259679817495077,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3120 --field-trial-handle=1996,i,10485460941861558138,4091259679817495077,131072 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6516.5.100219316\362446075" -childID 4 -isForBrowser -prefsHandle 5080 -prefMapHandle 5076 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc981a1e-d3d0-42d0-aefc-68d5a07a27b4} 6516 "\\.\pipe\gecko-crash-server-pipe.6516" 5012 1b8bdbbc758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6516.4.134982506\89800635" -childID 3 -isForBrowser -prefsHandle 4856 -prefMapHandle 4852 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {23bcb338-f14e-4c48-94b9-94b81ed53430} 6516 "\\.\pipe\gecko-crash-server-pipe.6516" 4868 1b8aad66858 tab
C:\Windows\SysWOW64\schtasks.exe
schtasks /DELETE /F /TN "gloyEKczR"
C:\Users\Admin\AppData\Local\Temp\heidip5qbJ3INLYaz\V1FkYflsSuINyVwTTmob.exe
"C:\Users\Admin\AppData\Local\Temp\heidip5qbJ3INLYaz\V1FkYflsSuINyVwTTmob.exe"
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "bokvhhUgtHQNbUrNPU" /SC once /ST 17:10:00 /RU "SYSTEM" /TR "\"C:\Users\Admin\AppData\Local\Temp\fvLIfGGBBdNYLYAis\gCckOLUAyUDZmqr\FwvfrvJ.exe\" r1 /PXsite_idcxh 525403 /S" /V1 /F
C:\Users\Admin\AppData\Local\Temp\3EA7.exe
C:\Users\Admin\AppData\Local\Temp\3EA7.exe
C:\Users\Admin\AppData\Local\Temp\is-D1NJE.tmp\3EA7.tmp
"C:\Users\Admin\AppData\Local\Temp\is-D1NJE.tmp\3EA7.tmp" /SL5="$50372,4061719,54272,C:\Users\Admin\AppData\Local\Temp\3EA7.exe"
C:\Users\Admin\AppData\Local\Info Tool Extension\infotoolext.exe
"C:\Users\Admin\AppData\Local\Info Tool Extension\infotoolext.exe" -i
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4488 --field-trial-handle=1996,i,10485460941861558138,4091259679817495077,131072 /prefetch:1
C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\489B.dll
C:\Users\Admin\AppData\Local\Info Tool Extension\infotoolext.exe
"C:\Users\Admin\AppData\Local\Info Tool Extension\infotoolext.exe" -s
C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\489B.dll
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6516.8.548551733\852648684" -childID 7 -isForBrowser -prefsHandle 5280 -prefMapHandle 5504 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc3f0be8-1d6b-42f1-a229-8bf7ccaabd4b} 6516 "\\.\pipe\gecko-crash-server-pipe.6516" 5508 1b8be35f458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6516.7.11885308\1485962313" -childID 6 -isForBrowser -prefsHandle 2884 -prefMapHandle 3384 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e2693e2-3ea0-431c-9a9a-23343d9971dc} 6516 "\\.\pipe\gecko-crash-server-pipe.6516" 5280 1b8be360f58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6516.6.1702852335\1337804002" -childID 5 -isForBrowser -prefsHandle 4668 -prefMapHandle 5272 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {342d548a-ad4b-4791-9a34-c178dcae7059} 6516 "\\.\pipe\gecko-crash-server-pipe.6516" 3436 1b8be35f158 tab
C:\Users\Admin\Documents\GuardFox\TKKw1hmTwVBMTsgOoU3BCklJ.exe
"C:\Users\Admin\Documents\GuardFox\TKKw1hmTwVBMTsgOoU3BCklJ.exe"
C:\Users\Admin\Documents\GuardFox\ahAzs7ebC94TtCXZ451KXqOC.exe
"C:\Users\Admin\Documents\GuardFox\ahAzs7ebC94TtCXZ451KXqOC.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Users\Admin\AppData\Local\Temp\7B06.exe
C:\Users\Admin\AppData\Local\Temp\7B06.exe
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
"C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe"
C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe
"C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe"
C:\Users\Admin\AppData\Local\Temp\FourthX.exe
"C:\Users\Admin\AppData\Local\Temp\FourthX.exe"
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
C:\Users\Admin\AppData\Local\Temp\BroomSetup.exe
C:\Users\Admin\AppData\Local\Temp\heidiZzOs_nAUVEVs\tgDCkeEhpafr5oQRSOwS.exe
"C:\Users\Admin\AppData\Local\Temp\heidiZzOs_nAUVEVs\tgDCkeEhpafr5oQRSOwS.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 82.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 20.231.121.79:80 | tcp | |
| NL | 195.20.16.45:80 | 195.20.16.45 | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | api.myip.com | udp |
| US | 172.67.75.163:443 | api.myip.com | tcp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | 45.16.20.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.75.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.186.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | def.bestsup.su | udp |
| RU | 147.45.47.101:80 | 147.45.47.101 | tcp |
| US | 8.8.8.8:53 | 294down-river.sbs | udp |
| DE | 185.172.128.127:80 | 185.172.128.127 | tcp |
| US | 8.8.8.8:53 | vk.com | udp |
| US | 8.8.8.8:53 | acenitive.shop | udp |
| US | 8.8.8.8:53 | triedchicken.net | udp |
| US | 8.8.8.8:53 | monoblocked.com | udp |
| US | 8.8.8.8:53 | cleued.com | udp |
| US | 8.8.8.8:53 | medfioytrkdkcodlskeej.net | udp |
| US | 104.21.29.103:80 | def.bestsup.su | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| US | 104.21.91.214:80 | triedchicken.net | tcp |
| US | 104.21.67.206:80 | 294down-river.sbs | tcp |
| US | 8.8.8.8:53 | cczhk.com | udp |
| US | 188.114.96.2:80 | acenitive.shop | tcp |
| US | 172.67.154.10:80 | cleued.com | tcp |
| US | 188.114.96.2:80 | acenitive.shop | tcp |
| RU | 91.215.85.209:80 | medfioytrkdkcodlskeej.net | tcp |
| US | 104.21.91.214:80 | triedchicken.net | tcp |
| US | 188.114.96.2:80 | acenitive.shop | tcp |
| US | 188.114.96.2:80 | acenitive.shop | tcp |
| US | 172.67.154.10:80 | cleued.com | tcp |
| RU | 45.130.41.108:80 | monoblocked.com | tcp |
| US | 104.21.91.214:80 | triedchicken.net | tcp |
| US | 188.114.96.2:80 | acenitive.shop | tcp |
| US | 188.114.96.2:80 | acenitive.shop | tcp |
| US | 172.67.154.10:80 | cleued.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| US | 104.21.91.214:443 | triedchicken.net | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| US | 188.114.96.2:443 | acenitive.shop | tcp |
| US | 188.114.96.2:443 | acenitive.shop | tcp |
| US | 172.67.154.10:443 | cleued.com | tcp |
| RU | 91.215.85.209:80 | medfioytrkdkcodlskeej.net | tcp |
| US | 104.21.67.206:443 | 294down-river.sbs | tcp |
| RU | 45.130.41.108:80 | monoblocked.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 91.215.85.209:80 | medfioytrkdkcodlskeej.net | tcp |
| RU | 91.215.85.209:443 | medfioytrkdkcodlskeej.net | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| MX | 187.156.75.116:80 | cczhk.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| GB | 2.19.169.32:80 | x2.c.lencr.org | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| US | 8.8.8.8:53 | pergor.com | udp |
| US | 8.8.8.8:53 | carthewasher.net | udp |
| US | 172.67.161.113:443 | carthewasher.net | tcp |
| MX | 187.156.75.116:80 | cczhk.com | tcp |
| US | 8.8.8.8:53 | 127.128.172.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.29.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.47.45.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.91.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.67.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.96.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.154.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.132.240.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.85.215.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.41.130.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.169.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.75.156.187.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.161.67.172.in-addr.arpa | udp |
| RU | 45.130.41.108:80 | monoblocked.com | tcp |
| RU | 45.130.41.108:443 | monoblocked.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| US | 172.67.156.81:443 | pergor.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| US | 8.8.8.8:53 | 632432.site | udp |
| NL | 194.104.136.64:443 | 632432.site | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| US | 8.8.8.8:53 | 81.156.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.179.17.96.in-addr.arpa | udp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:80 | vk.com | tcp |
| RU | 87.240.132.72:443 | vk.com | tcp |
| RU | 87.240.132.72:443 | vk.com | tcp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| RU | 87.240.132.72:443 | vk.com | tcp |
| US | 8.8.8.8:53 | psv4.userapi.com | udp |
| RU | 87.240.190.89:443 | psv4.userapi.com | tcp |
| RU | 87.240.132.72:443 | vk.com | tcp |
| US | 8.8.8.8:53 | 64.136.104.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.190.240.87.in-addr.arpa | udp |
| RU | 87.240.132.72:443 | vk.com | tcp |
| US | 8.8.8.8:53 | sun6-20.userapi.com | udp |
| NL | 95.142.206.0:443 | sun6-20.userapi.com | tcp |
| RU | 87.240.132.72:443 | vk.com | tcp |
| RU | 87.240.132.72:443 | vk.com | tcp |
| US | 8.8.8.8:53 | sun6-22.userapi.com | udp |
| NL | 95.142.206.2:443 | sun6-22.userapi.com | tcp |
| RU | 87.240.132.72:443 | vk.com | tcp |
| US | 8.8.8.8:53 | sun6-21.userapi.com | udp |
| NL | 95.142.206.1:443 | sun6-21.userapi.com | tcp |
| NL | 95.142.206.1:443 | sun6-21.userapi.com | tcp |
| RU | 87.240.132.72:443 | vk.com | tcp |
| RU | 87.240.132.72:443 | vk.com | tcp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.206.142.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.206.142.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.206.142.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| NL | 195.20.16.45:80 | 195.20.16.45 | tcp |
| US | 8.8.8.8:53 | iplis.ru | udp |
| US | 104.21.63.150:443 | iplis.ru | tcp |
| US | 8.8.8.8:53 | iplogger.org | udp |
| US | 104.21.4.208:443 | iplogger.org | tcp |
| DE | 185.172.128.24:80 | 185.172.128.24 | tcp |
| US | 8.8.8.8:53 | 150.63.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.4.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.128.172.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.2ip.ua | udp |
| US | 104.21.65.24:443 | api.2ip.ua | tcp |
| US | 8.8.8.8:53 | 24.65.21.104.in-addr.arpa | udp |
| RU | 193.233.132.67:50505 | tcp | |
| DE | 77.105.147.130:80 | 77.105.147.130 | tcp |
| US | 172.67.75.163:443 | api.myip.com | tcp |
| US | 8.8.8.8:53 | villagemagneticcsa.fun | udp |
| US | 8.8.8.8:53 | chocolatedepressofw.fun | udp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | lighterepisodeheighte.fun | udp |
| US | 8.8.8.8:53 | 67.132.233.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.147.105.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | problemregardybuiwo.fun | udp |
| US | 8.8.8.8:53 | prescriptionstorageag.fun | udp |
| US | 8.8.8.8:53 | edurestunningcrackyow.fun | udp |
| US | 8.8.8.8:53 | pooreveningfuseor.pw | udp |
| US | 8.8.8.8:53 | turkeyunlikelyofw.shop | udp |
| US | 8.8.8.8:53 | healthproline.pro | udp |
| US | 104.21.76.253:443 | turkeyunlikelyofw.shop | tcp |
| US | 172.67.215.138:443 | healthproline.pro | tcp |
| US | 8.8.8.8:53 | associationokeo.shop | udp |
| US | 8.8.8.8:53 | theoryapparatusjuko.fun | udp |
| US | 172.67.147.18:443 | associationokeo.shop | tcp |
| DE | 77.105.147.130:80 | 77.105.147.130 | tcp |
| US | 8.8.8.8:53 | 253.76.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.215.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | snuggleapplicationswo.fun | udp |
| US | 8.8.8.8:53 | smallrabbitcrossing.site | udp |
| US | 8.8.8.8:53 | 18.147.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | punchtelephoneverdi.store | udp |
| US | 8.8.8.8:53 | telephoneverdictyow.site | udp |
| US | 8.8.8.8:53 | strainriskpropos.store | udp |
| NL | 195.20.16.46:80 | 195.20.16.46 | tcp |
| US | 8.8.8.8:53 | 46.16.20.195.in-addr.arpa | udp |
| NL | 195.20.16.46:80 | 195.20.16.46 | tcp |
| DE | 77.105.147.130:80 | 77.105.147.130 | tcp |
| US | 8.8.8.8:53 | 176.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | t.me | udp |
| RU | 5.42.65.31:48396 | tcp | |
| NL | 149.154.167.99:443 | t.me | tcp |
| US | 8.8.8.8:53 | 99.167.154.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.65.42.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.249.124.192.in-addr.arpa | udp |
| US | 104.21.63.150:443 | iplis.ru | tcp |
| US | 104.21.4.208:443 | iplogger.org | tcp |
| DE | 142.132.224.223:9001 | tcp | |
| US | 8.8.8.8:53 | 234.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.224.132.142.in-addr.arpa | udp |
| DE | 142.132.224.223:9001 | tcp | |
| DE | 142.132.224.223:9001 | tcp | |
| RU | 193.233.132.67:50500 | tcp | |
| RU | 193.233.132.62:50500 | tcp | |
| DE | 142.132.224.223:9001 | tcp | |
| CA | 37.120.237.196:50500 | tcp | |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | 196.237.120.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.178.17.96.in-addr.arpa | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | db-ip.com | udp |
| US | 104.26.4.15:443 | db-ip.com | tcp |
| US | 8.8.8.8:53 | 62.132.233.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.4.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 104.26.4.15:443 | db-ip.com | tcp |
| RU | 185.215.113.46:80 | 185.215.113.46 | tcp |
| RU | 193.233.132.49:53 | 46.113.215.185.in-addr.arpa | udp |
| RU | 193.233.132.49:53 | 49.132.233.193.in-addr.arpa | udp |
| RU | 193.233.132.49:53 | selebration17io.io | udp |
| RU | 91.215.85.120:80 | selebration17io.io | tcp |
| NL | 195.20.16.46:80 | 195.20.16.46 | tcp |
| US | 8.8.8.8:53 | 49.132.233.193.in-addr.arpa | udp |
| RU | 193.233.132.49:53 | 120.85.215.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| GB | 172.217.169.14:443 | www.youtube.com | tcp |
| NL | 173.194.79.84:443 | accounts.google.com | tcp |
| CA | 198.100.149.77:443 | tcp | |
| US | 8.8.8.8:53 | www.linkedin.com | udp |
| US | 13.107.42.14:443 | www.linkedin.com | tcp |
| US | 108.39.229.147:443 | tcp | |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | 14.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.79.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.42.107.13.in-addr.arpa | udp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| GB | 172.217.169.14:443 | www.youtube.com | udp |
| NL | 173.194.79.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 35.221.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.180.22:443 | i.ytimg.com | tcp |
| GB | 142.250.180.22:443 | i.ytimg.com | udp |
| DE | 185.220.101.198:10198 | tcp | |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | 22.180.250.142.in-addr.arpa | udp |
| GB | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | 23.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| GB | 172.217.169.14:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| FR | 37.187.23.232:80 | tcp | |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| GB | 172.217.169.14:443 | youtube-ui.l.google.com | udp |
| US | 52.24.144.241:443 | shavar.prod.mozaws.net | tcp |
| GB | 172.217.169.14:443 | youtube-ui.l.google.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| GB | 157.240.221.35:443 | www.facebook.com | udp |
| NL | 173.194.79.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.23.187.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| GB | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | 241.144.24.52.in-addr.arpa | udp |
| NL | 173.194.79.84:443 | accounts.google.com | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| GB | 142.250.180.22:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 135.148.100.90:443 | tcp | |
| SE | 81.230.245.67:444 | tcp | |
| RU | 193.233.132.62:50500 | tcp | |
| GB | 142.250.180.22:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| FR | 157.240.196.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | star-mini.c10r.facebook.com | udp |
| NL | 173.194.79.84:443 | accounts.google.com | tcp |
| GB | 172.217.169.14:443 | youtube-ui.l.google.com | udp |
| NL | 173.194.79.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | star-mini.c10r.facebook.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| GB | 142.250.180.22:443 | i.ytimg.com | tcp |
| GB | 142.250.180.22:443 | i.ytimg.com | tcp |
| FR | 157.240.196.35:443 | www.facebook.com | udp |
| US | 8.8.8.8:53 | 67.245.230.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.196.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| GB | 163.70.147.23:443 | static.xx.fbcdn.net | udp |
| RU | 193.233.132.67:50500 | tcp | |
| RU | 193.233.132.62:50500 | tcp | |
| US | 8.8.8.8:53 | accounts.youtube.com | udp |
| GB | 172.217.16.238:443 | accounts.youtube.com | tcp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| GB | 172.217.16.238:443 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | accounts.youtube.com | udp |
| GB | 172.217.16.238:443 | accounts.youtube.com | tcp |
| US | 8.8.8.8:53 | 228.16.217.172.in-addr.arpa | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | db-ip.com | udp |
| US | 104.26.5.15:443 | db-ip.com | tcp |
| NL | 173.194.79.84:443 | accounts.google.com | tcp |
| NL | 173.194.79.84:443 | accounts.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 15.5.26.104.in-addr.arpa | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | resergvearyinitiani.shop | udp |
| US | 188.114.96.2:443 | resergvearyinitiani.shop | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.200.14:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| DE | 185.172.128.19:80 | 185.172.128.19 | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.200.14:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| GB | 142.250.200.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| GB | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| GB | 163.70.147.23:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | technologyenterdo.shop | udp |
| US | 172.67.180.132:443 | technologyenterdo.shop | tcp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | 19.128.172.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.180.67.172.in-addr.arpa | udp |
| RU | 193.233.132.49:53 | 19.128.172.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lighterepisodeheighte.fun | udp |
| US | 104.26.5.15:443 | db-ip.com | tcp |
| US | 8.8.8.8:53 | problemregardybuiwo.fun | udp |
| CA | 37.120.237.196:50500 | tcp | |
| US | 8.8.8.8:53 | detectordiscusser.shop | udp |
| US | 172.67.195.126:443 | detectordiscusser.shop | tcp |
| US | 8.8.8.8:53 | 126.195.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edurestunningcrackyow.fun | udp |
| US | 8.8.8.8:53 | pooreveningfuseor.pw | udp |
| US | 8.8.8.8:53 | turkeyunlikelyofw.shop | udp |
| US | 188.114.97.2:443 | turkeyunlikelyofw.shop | tcp |
| US | 8.8.8.8:53 | 2.97.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | associationokeo.shop | udp |
| US | 104.21.10.242:443 | associationokeo.shop | tcp |
| US | 8.8.8.8:53 | 242.10.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | scontent-lhr6-1.xx.fbcdn.net | udp |
| NL | 195.20.16.46:80 | 195.20.16.46 | tcp |
| US | 8.8.8.8:53 | trmpc.com | udp |
| UZ | 195.158.3.162:80 | trmpc.com | tcp |
| US | 8.8.8.8:53 | 162.3.158.195.in-addr.arpa | udp |
| DE | 185.172.128.90:80 | 185.172.128.90 | tcp |
| US | 8.8.8.8:53 | 90.128.172.185.in-addr.arpa | udp |
| RU | 193.233.132.49:53 | 90.128.172.185.in-addr.arpa | udp |
Files
memory/2136-0-0x0000000140000000-0x0000000140B9C000-memory.dmp
memory/2136-1-0x0000000140000000-0x0000000140B9C000-memory.dmp
memory/2136-2-0x00007FFC8F910000-0x00007FFC8FBD9000-memory.dmp
memory/2136-4-0x00007FFC8F910000-0x00007FFC8FBD9000-memory.dmp
memory/2136-3-0x00007FFC8F910000-0x00007FFC8FBD9000-memory.dmp
memory/2136-5-0x00007FFC80030000-0x00007FFC80031000-memory.dmp
memory/2136-6-0x00007FFC90830000-0x00007FFC908EE000-memory.dmp
memory/2136-7-0x00007FFC80000000-0x00007FFC80002000-memory.dmp
memory/2136-8-0x0000000140000000-0x0000000140B9C000-memory.dmp
memory/2136-9-0x0000000140000000-0x0000000140B9C000-memory.dmp
memory/2136-10-0x0000000140000000-0x0000000140B9C000-memory.dmp
memory/2136-11-0x0000000140000000-0x0000000140B9C000-memory.dmp
memory/2136-12-0x0000000140000000-0x0000000140B9C000-memory.dmp
C:\Windows\System32\GroupPolicy\gpt.ini
| MD5 | 8ef9853d1881c5fe4d681bfb31282a01 |
| SHA1 | a05609065520e4b4e553784c566430ad9736f19f |
| SHA256 | 9228f13d82c3dc96b957769f6081e5bac53cffca4ffde0ba1e102d9968f184a2 |
| SHA512 | 5ddee931a08cfea5bb9d1c36355d47155a24d617c2a11d08364ffc54e593064011dee4fea8ac5b67029cab515d3071f0ba0422bb76af492a3115272ba8feb005 |
memory/2136-13-0x0000000140000000-0x0000000140B9C000-memory.dmp
memory/2136-21-0x0000000140000000-0x0000000140B9C000-memory.dmp
memory/2136-22-0x00007FFC91C50000-0x00007FFC91E45000-memory.dmp
C:\Users\Admin\Documents\GuardFox\pPrCgUdP2JClGnpyLmHJPscG.exe
| MD5 | 852f8672ad668dbef934f55b4d098973 |
| SHA1 | 75713a5a598e5eccb863f6670ff4e5738058a64e |
| SHA256 | 5bd8c1d6809b1605876dc47c8a04312ebbbb7fc5d443ea81b1e3665c2fc34428 |
| SHA512 | 5dadb891221cf37f451e563e775f793146c549390f1cd8524462f000b4ccc7337451997f00f089082674744ba9cd9a387615394f7428f48b69c429587ede0426 |
C:\Users\Admin\Documents\GuardFox\eQYk_b6jz16mJKmMtyzJXk5e.exe
| MD5 | d4dd3514cd270a040af7c1ef059606ff |
| SHA1 | 8c54f1de630043d22490853d93d0d237aae51db7 |
| SHA256 | a7cbec7bca69337408e138812f335d87e1b4ff900e31a05bb42619c6372e058a |
| SHA512 | 6335dec8466a4ac443f0c52cb8534e8282344280af488488b282672bd304657629138cd952201b7533b1876399fc3b61d6fd2732399d8ff246cea3018d6bb8c6 |
C:\Users\Admin\Documents\GuardFox\tICD3_G5dCLsOTlSefOYkF5v.exe
| MD5 | 3f3a4b743aed6db292b3eb9601c93d94 |
| SHA1 | 4cc5b29cc65cb7fa17bec2fd3073d943f76a5492 |
| SHA256 | 13b2db71adabd1f7ca1ec14d4a623b1cdf5250b1f6e725ad26a393b60dbe907b |
| SHA512 | f1dea75532c9d38cf4b05f2c90b77c7ac4a57bbdd979306b82eea82ab35154a6a6a7ffbd9e1b0e45b68c3f7a946fb3c43c5f0023859a484890529cdeb7451c00 |
C:\Users\Admin\Documents\GuardFox\Mi6AWN9vXRBRMcYeS_3_zVDQ.exe
| MD5 | 43abfd80cbfe8afaa65961856640efc4 |
| SHA1 | 71614b90bb167b289d6d01d3768727eb6ac61ec5 |
| SHA256 | f125414e6c33771e07ed5b186e765c5c7cbab090deee72d70af657f1b4abf691 |
| SHA512 | bf84a17d811fcd20602a49121731399517e327cf5b1af015d1967af7d741c1b1b03219da0d62b1d9f8abdd800ef7edca83acb7ca909deffdc5023853ea8b540e |
C:\Users\Admin\Documents\GuardFox\TKKw1hmTwVBMTsgOoU3BCklJ.exe
| MD5 | af3cf8176e32d7370b12331171306fc2 |
| SHA1 | c71996150ba87ffb274936366e557b77bb7baba0 |
| SHA256 | aaa196b4e73bd2601bc2db3d5d04f24bad3f037e0237565ea3e6222c84c441b3 |
| SHA512 | 232b38bbd08f6e89f3cf3be90f85e9f4bf63735b744e2988f9e54ef9ae6d926482e1153f13aa603a6be7197a4548ec0ed2fb3dc99b8872410b7d79a5bba954ff |
C:\Users\Admin\Documents\GuardFox\QoPxz2PXYbxFkd1ZtaGIY5nB.exe
| MD5 | 5b9b1de05903cf2187c6f97810d0279e |
| SHA1 | 798e1af4147a9aeac88348baef1db6091f9b72f6 |
| SHA256 | 0496f898a723997a061b9779a07c4900dfb85e697fb8c524214f87620edf9823 |
| SHA512 | 03345dc02790b8b2f7d97fda93b2e35aba2ddb184267a1bc1e6b721088caa5954b5d7a5674d4f02f3fcb107a3dff5a0eb04219f14e4733cf97fb69813b2f814d |
C:\Users\Admin\Documents\GuardFox\ahAzs7ebC94TtCXZ451KXqOC.exe
| MD5 | a2cd0ee55ac61c65ad6d4be2ef602c18 |
| SHA1 | d96591ad585284c13d277d578851ab6293d44310 |
| SHA256 | b68e8b42419bc60ff72822495bf99175506668091a58fbd1d11747e039192be7 |
| SHA512 | bfee5ab8e75ad1edd98a13bf456da9ccead22c40a518ceacf90f259026cdfc938b7da6003bc4fb79e22720b46d74b308b76fda65f638217af4148984f2aa97ec |
C:\Users\Admin\Documents\GuardFox\fVLq49qtba3ytPK4Nw9io13j.exe
| MD5 | e654823683cb9be41044f5a800be69fd |
| SHA1 | d43214c03a47f3b0c77a82eca775d702eaa025e8 |
| SHA256 | 68abca4995919db0fe3a4e9158062759b2267ebcd8e3036f7eb8e71ed6202c85 |
| SHA512 | d20b18482b8f85bfa887495275712527939b388f912eac2388b2c446d4370a87118c01482898316b943667b2525b9b089d44e8e693cc6c5a6d9355ab2d9e6bcc |
C:\Users\Admin\Documents\GuardFox\97ctR1cufJfKYreB2JRoqsia.exe
| MD5 | 631393c67cb220cf18796dec2314c118 |
| SHA1 | 751638c8a1b070b354231a2fd4283f02f303ca94 |
| SHA256 | e98c24e3639daa42b133774bce94eb385d68b2a81be6fe460c997c5be900a600 |
| SHA512 | b41105af3663da05fd2382735aede37da71a5d85ba1051a7fba03f6beeb556d842015e9977171de3285d7bbe47a41200db8de9748c3b4629d342d013593c07d6 |
C:\Users\Admin\Documents\GuardFox\qdUD6vBsa4fF5MCF7Bn6PjqC.exe
| MD5 | 9596858a78a4aaedaf4deb584b041a93 |
| SHA1 | 6debe91bd16e527e7cda7833f2548a4e3ec014b7 |
| SHA256 | 4a38c79d796ad7ac91e0e9159fd7b32a5946cbfb32d06891d4195b428bb1620b |
| SHA512 | 7b87586ab753467bcd715cdf30fe1cee0ef53036c35ba918e795b56c97ad9b51ddac905e7629cba08e2441c6f067970eead3d42f95a607bcad35aa0a93d71a44 |
C:\Users\Admin\Documents\GuardFox\Z78EaC7A1maUh2noqDPHqxE4.exe
| MD5 | 10a75c1a4d265c762a6e9a63b406fa9c |
| SHA1 | b4898ade35c9afa5ae04c7653fe790d1761349fa |
| SHA256 | 1dfa064545fa4eb9168660adb49a640cfb4c79c647adabc4d5a58daa96684946 |
| SHA512 | 3ba2896a739036d86ac6651b713e2205b996554f24eda6b90a25965adea4f62b710d965ad4fb72b2352df93a2fa98affd6501b35b6604f390390c96af4e278d3 |
C:\Users\Admin\Documents\GuardFox\Odt0imGpkgnE0De9TQmDwGiD.exe
| MD5 | 8d63cffe06f138cd0f161025e8aa5dcc |
| SHA1 | a616295743cb9f16eaddda57ecaaaec1c41d7baa |
| SHA256 | 04a4efc3610be9f32cebdf236fe89ec02944cc28e56a83455d90fc9ef0337cea |
| SHA512 | c8ba2946816b10dd4ba8a1a2eed35c111bd95c3fac6d277b580a1d50038f4c7447f0c3bb0d0eddde67e182cc2ba90b047cd2ba07a89b0ac3488718fbb8155523 |
C:\Users\Admin\Documents\GuardFox\RDN8aZtoyFxR0Sp8P1YPHjjm.exe
| MD5 | 3b770d98fb0fa9a539471b1452feac0a |
| SHA1 | 15c980534a54ce404ad256cf30f534bc58775b69 |
| SHA256 | 0c6390cf9f0519731b9a39ab40e8ac7c495d7737c3d6648c617f402473a179eb |
| SHA512 | 28d930477503145586bae522ea41f6c6b17d75778cc455f94120e7769d5dd5229dec8a005daa5e21ca9441c82615c144419b4c9624a1c0b26b8bc002ca8039a5 |
C:\Users\Admin\Documents\GuardFox\fpvCTUbLstZ4r68szSFC59Mu.exe
| MD5 | 031473e31a490fd735305083cbdf81c8 |
| SHA1 | 4382984616826d999456d79c30152fcfba8b0abc |
| SHA256 | b9a1cbbc5af9327c6852ba98985c3282652160f040f33392d856a4173365a631 |
| SHA512 | 5804d2b90eda3e9efb9f5d394eb2277bedaf14fefc447174330b71eb3bd126d25a26b431b0c7cf994af6e92af73e047c98ebc1a02814bef907e7ef7a2d9da6e8 |
C:\Users\Admin\Documents\GuardFox\gA119GY6BxzJ20qiar2SBob6.exe
| MD5 | 2117899a2ae435139133075f560e2ae2 |
| SHA1 | 17e212a4d9e9029cd65493ce4512df152f0f52da |
| SHA256 | 6c06f528548ea45c6080a37373ce9051592998b0943ddea3e41f020be225d6af |
| SHA512 | 7252bbad94df230a8a761a93d16cfadbe5ffe5c15b6bf0abefe86161b11458f729aa01eb94fec6ee6f28ea2e3032f573286ead7748e4f4640c9dd1938c158ff5 |
C:\Users\Admin\Documents\GuardFox\RZwYj5i1qII7mxAb7SqPKWq_.exe
| MD5 | 5865dc9aee095d83cd9e895512ff5cbd |
| SHA1 | 63971c17b52bdc948eb5c5f71ad5d55af105660b |
| SHA256 | 9af8347f68f0745b6cd5b223cb4ccbd6924fc02da744928d54eb079efaa0aae3 |
| SHA512 | fa95461f58520ca43a1a0e19e1bb133258e2b36bb4d3beede2350f0ffa671c543869a9dbf316a9f5249452047419b1a2e74fbb401c3602545272f87096aeb75d |
C:\Users\Admin\Documents\GuardFox\6mW5b4qOjpVvTGG_x07s4stc.exe
| MD5 | cadf3a652abcf29e5696a961f0c8722c |
| SHA1 | 8a8f03874a314e11cc8463a068934357ce37c1a3 |
| SHA256 | b1aa828f1cca97ee2d691473bd37acc92f89b0bc971020b836aaa432ebeb9f5c |
| SHA512 | 08628dcf11ce9f3a3cf2ee7b48679b08ed6563bb13e657cf2dae932cd104cc4b1a21b233626998195f7663660f9f04f485a0064e179a09488d67f8e0f7e7e0db |
memory/2136-173-0x0000000140000000-0x0000000140B9C000-memory.dmp
C:\Users\Admin\Documents\GuardFox\oPAY0atGsFrz5J6mweTZuaDf.exe
| MD5 | aea679a1da357e0ae130e352ad6663ea |
| SHA1 | e283a3144fff6b59f7751daccf5b4dc8acfa3ac2 |
| SHA256 | 6dfc163a2ba56992e74d15cb4d50bfc2cb0cc9ab23114f08542d80770b33eb8d |
| SHA512 | 0874b0d53c0a032dc732e014d972f6912b0506f8a02f0f97baa40bf5da922b99b8af59b6bdabd098f9d88835b287a71404a318ad3e5c0cf2c5e89360a52e4704 |
C:\Users\Admin\Documents\GuardFox\QoPxz2PXYbxFkd1ZtaGIY5nB.exe
| MD5 | 1e73221a5533c52e9c0d7aabfedbb606 |
| SHA1 | d3760a24067e624a1dd8bbcf8e477564a56c52b3 |
| SHA256 | 9f086d26e34fb1a68def7748203692c0089570a2c93868083b26e4bd5b9d6ca3 |
| SHA512 | 81df6b67f92b6e0c460dac5d2cbbed1b4e105d6ba9fdeffd9edb7cd1bc6f0b0c82f1095bd91bd9f7bfcfa26a7f15e7aef7a8135599cd7a456ccd0584fdd2c3c2 |
memory/2136-411-0x00007FFC80010000-0x00007FFC80011000-memory.dmp
C:\Users\Admin\Documents\GuardFox\97ctR1cufJfKYreB2JRoqsia.exe
| MD5 | e02cfc4f71fe8d091f308df8e4d4347c |
| SHA1 | 4a689fc5c2eda63562d685cc683c84f84de55f31 |
| SHA256 | ee716d6300b1faf812bf2bfa685339e8d582f20cc3bfed68170bbb539e9abf1f |
| SHA512 | 82de5e1c0657b08a7b5bebf69aed5da63d59c55eb7667662558068e03fadb2d3e1b8d183c6416d2453749a97a0b0563f1be220d97f288661df95e4c28ba19715 |
C:\Users\Admin\Documents\GuardFox\eQYk_b6jz16mJKmMtyzJXk5e.exe
| MD5 | c1cd28fec4dd4be627036cc8cc6925fd |
| SHA1 | 187ad7a23fae77fa2ceb98b379cfbc90677c80c6 |
| SHA256 | 11749a7388f8c9c1123281b99c7c82a3e5df6c3dd46ecba563498b2089c0a307 |
| SHA512 | 392d49aa65a695ef968e45c070aed963dca3649344fe3d561e46dd11824834ca4b1d9a1c0229b7be0435c2bbf9806fab6ba3b6c16064d30e62b5e611f1cef6d9 |
C:\Users\Admin\Documents\GuardFox\TKKw1hmTwVBMTsgOoU3BCklJ.exe
| MD5 | 5b022efe18c209f43ea1016914f13742 |
| SHA1 | 4ae70848fc4cc06b17879cb2f2d85a38e03ca4f6 |
| SHA256 | a01cef2df9c1c35bb0962b0df8d53fd6ac206ea0351e3f3e1bc71660a05bf08f |
| SHA512 | a9b13131a393d09a7feb3bc5fb6b0b8d348d2a2ca932af29b3c4ccde7a843474889e89074097cc8a5b6b58a014d0c37ead03b10dd90671a777a999961946e843 |
C:\Users\Admin\Documents\GuardFox\97ctR1cufJfKYreB2JRoqsia.exe
| MD5 | 4d1a7fa8b25aa1b80b9bf328c70f7439 |
| SHA1 | 85ef029f03d38cc50c68bdc6d2a557e017c0ea83 |
| SHA256 | 08b58e4ba2809f6103644477eae39ab14ae5b9eb32a9b7956449e960208e3cfd |
| SHA512 | c8c34306299c81fdd819f3182cc3f373c84b7268947378f9c1b0f4b193db42e412b959b368b2373e2f74ee535d48fa9b714f68aa394cd99d5b1cb33d7e88d9a2 |
C:\Users\Admin\Documents\GuardFox\eQYk_b6jz16mJKmMtyzJXk5e.exe
| MD5 | 8b64f6f3fc130fec52d3cc2af51e5c83 |
| SHA1 | 817984c213602c18551b50bf858e17efe3ee225a |
| SHA256 | 5b6cf1cc98c8fde91d35ceaabc48e0a9587400ed6c3eecd106a43b2d5798f983 |
| SHA512 | 04e67dfc33281c43c9687aa3deb3f9c0dfbd385f3c922f81e9741066463598d812238ea4c259840662abbd7c176ba4001d357f292ec1fd9ea5d4253714718493 |
C:\Users\Admin\Documents\GuardFox\Je5Umq1MWJcqIN0348bnKOfX.exe
| MD5 | a3c50d1f9b80c77ad895091b6e09d2ae |
| SHA1 | 46a333b26f1590466509c9da322a1e1aa8d63855 |
| SHA256 | 22282798185305c4385d84cffa720668846caed239ab0dfd7a10e3e5066faa46 |
| SHA512 | ee68b9a094f7a024f0856b3377de2c5b1095366896e66e803a40a7dccd6eb142e986db47eb64d8ae7791d43459c337ecc08d0a07290a7fcb02cd815871f4d8aa |
C:\Users\Admin\Documents\GuardFox\fpvCTUbLstZ4r68szSFC59Mu.exe
| MD5 | 0f8ce9430bc1c20bdfad650561e09b93 |
| SHA1 | 78d44519efad5244da9770a64860eabf20701cc9 |
| SHA256 | 881d807ceb5563e809cfb5920d1368180417c73940c35d0881d7033c8eb8c7d1 |
| SHA512 | 78d7b11ba9f190f103dcfa54f136acb208f9b18bf756eefd788bc42ab6a2627b2cf183eb240ece76aab90da49ad977de90a57ba97d7acf06652cbb2772b394a0 |
C:\Users\Admin\Documents\GuardFox\RZwYj5i1qII7mxAb7SqPKWq_.exe
| MD5 | c6bc17d04af45969068014c711781639 |
| SHA1 | 6d6fdda2a681dd93a7da3bad26b70c2d1fe5a668 |
| SHA256 | 766c4a1449e527e1ab7e85ceb70c0517d66d665d520c870878a16493a72a4a25 |
| SHA512 | f9ac50c8a561147abb7da38901cc08b6d9fd42943d15655712945ee0a4e767e0029a0536b08634010014a0d30a3a2e221bb3c9417a0c5e85630ec48883345492 |
C:\Users\Admin\Documents\GuardFox\Z78EaC7A1maUh2noqDPHqxE4.exe
| MD5 | 0cb6593f620acc57ffcba8c27ef072f4 |
| SHA1 | ae832ff96d6ec22d43c4cac08bb42626271ad34f |
| SHA256 | 28b7439d48cd5fa2365f2aa69a69d88f4b2d0b445d9b0d004ee62a466b8216ec |
| SHA512 | 180b796faa1397c7f26df7340ccde58224fe70bd6f5822621053513a3d462dc3b6801974b4a5b8548d2bef4de63b50c6b8f82e2ed91a28f10da136a6d96b47f9 |
memory/5632-610-0x0000000000BF0000-0x00000000011A7000-memory.dmp
memory/5736-616-0x0000000004960000-0x0000000004994000-memory.dmp
C:\Users\Admin\Documents\GuardFox\RDN8aZtoyFxR0Sp8P1YPHjjm.exe
| MD5 | 88f23a34516b0333862eb84e364feb94 |
| SHA1 | 562f52608a075400ba64dc98202aaf5924941d7a |
| SHA256 | 136ac1452a135b26c282a1527d4a239a80c272edcbb7ae1a1887f3d4779d14c1 |
| SHA512 | 3f33c5ffdcf32bd1836ce5d415ca37ab11de5726b070db1d98a1bdfc4d015f06b9ef2ea3c4857bf76190917d14317bc5e9a72bd65b4cc36309c73be0900acc6a |
C:\Users\Admin\Documents\GuardFox\RZwYj5i1qII7mxAb7SqPKWq_.exe
| MD5 | a12364f305592a93bcc7d3b2710c8cd2 |
| SHA1 | 32a6e38c0fb78245dea4a86cbc62ee25ffac982b |
| SHA256 | c7bf5802880ac420a89c2c8286c2901005c251567f70609d9c2e52eb08f0ba24 |
| SHA512 | 4791b461a17361ec0062427603241a5c3e1e74578b67a741ebf51bcdd784ff2d22a7a31fd618204cdbfb1e449fa5881a1c4ae5c7801a949f75ab15ba386c4598 |
C:\Users\Admin\Documents\GuardFox\Je5Umq1MWJcqIN0348bnKOfX.exe
| MD5 | 5870b42b93eef6c36b9cf6956865b5d8 |
| SHA1 | 97080728b5c43cfa1909422dd9706803b447ffa3 |
| SHA256 | 78028a1a73d3c6ad6cd87dedf4689bb1c5716784bdd292dbcab9771ad8ca6d50 |
| SHA512 | 5f7d38d942334c0b55f34d3a1914c69d46146c9fc8bc71c6aaec1e3c12891ee16bcf74405f24c56d985f97de15aa81b623f1859907a971b6df3929ab0be0a69f |
C:\Users\Admin\Documents\GuardFox\Z78EaC7A1maUh2noqDPHqxE4.exe
| MD5 | 76a095c622351abd8398c0ff8ac9fd0d |
| SHA1 | fa0c305d6fccbcd1dbba1dfb62f31ac14fc118c5 |
| SHA256 | 770c93aafd22f447fb2e30ac2719176447d6359ecb082b2e39541ece563340d4 |
| SHA512 | 4c624415deb8922bb5f660d2ea555aa6bcf1e9fcfd91776af288ec9599ce6bce5010f21fb0f62011aa1a46f12bc3bb42e812d579d4ca9e13f18c7cd520005b24 |
C:\Users\Admin\AppData\Local\Temp\is-VM79T.tmp\eQYk_b6jz16mJKmMtyzJXk5e.tmp
| MD5 | 1756d6fc7bf4213c8f0a521cd42d0ac6 |
| SHA1 | 871962e45061751468d940000ee536794c269532 |
| SHA256 | c4b71ffb200f4b41f95b23aa3a2b90e6f87e5cd7ca4a9234e33ed441dcde7594 |
| SHA512 | 694a8b76ffd5a1b78d63b628680e8997dbc0f06c4524804cd9da4e4d015c586c5a9145190a6dc44464592ac717df83ccce53401d68cd48703f932c6340e192ad |
memory/5736-700-0x0000000000400000-0x0000000002D3F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-MHR0A.tmp\_isetup\_iscrypt.dll
| MD5 | a69559718ab506675e907fe49deb71e9 |
| SHA1 | bc8f404ffdb1960b50c12ff9413c893b56f2e36f |
| SHA256 | 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc |
| SHA512 | e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63 |
memory/6140-731-0x000000000201E000-0x00000000020B0000-memory.dmp
memory/4376-773-0x0000000000140000-0x0000000000386000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\onefile_3900_133531816951741958\python311.dll
| MD5 | 145a16e3912bf0785b77b5648b09452b |
| SHA1 | 3dadfe65a95c01fc69052dd1375f5b7054d18531 |
| SHA256 | f8b67124cf483e32a4d689f956ab943156f9ac4ad37275ece7747f1c854fc831 |
| SHA512 | 57657e17de12940410b90bf1c1587960cf10df0d5f7e655f011dbdba7e28f94a6b81bfddced8dc103f483e14f42b1d7cd1c66320010a02b8b2473c3f72a9da42 |
C:\Users\Admin\AppData\Local\Temp\onefile_3900_133531816951741958\WW9_64.exe
| MD5 | 9bd3ca4b28a05d2d9feb9d84bf01d8c9 |
| SHA1 | 367b52d3cafdfd3fd9ce89873f48e72d751dfab0 |
| SHA256 | 400d1351050c3208f78f852baec287756286dc48ca1d71024b3e662338f3f4d5 |
| SHA512 | ce6fd0c6285eb9323fc8e94302f22b3bc64538c8aa033b984ac4cc5cb99a1364a2a8f5b687c481d3fe2eb117410ba02dc4d9abad980d17c7e217675c2ca4a32e |
C:\Users\Admin\Documents\GuardFox\Odt0imGpkgnE0De9TQmDwGiD.exe
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/5608-793-0x0000000000400000-0x00000000007A1000-memory.dmp
C:\Users\Admin\AppData\Local\WBICreator\wbicreator.exe
| MD5 | 5d4a3b2536c7939678743311e96be237 |
| SHA1 | e71b7421b84b3b3b7fd61d962a8e64101df4791d |
| SHA256 | 41d6d187c96ef8e8536e1ab6f127a4afd677823d14feab9aa837707d8857f1e4 |
| SHA512 | b3b28bec0f137a752cb451f0704a133a5599867d009320cb333f5539743ababab2ab596f5fc70f2e4fa036e66206821dfd35f322a26da51d88a6897c6916273f |
memory/5608-801-0x0000000000400000-0x00000000007A1000-memory.dmp
memory/2136-799-0x00007FFC8F910000-0x00007FFC8FBD9000-memory.dmp
memory/5632-810-0x0000000000BF0000-0x00000000011A7000-memory.dmp
memory/1448-811-0x00000000072B0000-0x000000000758C000-memory.dmp
memory/6108-809-0x0000000000490000-0x0000000001213000-memory.dmp
memory/6132-818-0x00000000010B0000-0x00000000010B1000-memory.dmp
memory/6132-820-0x00000000010E0000-0x00000000010E1000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 088fd337c5dd20af88887c935787b5b3 |
| SHA1 | 75a1afbcc3c286b59124fa9c2499a17f5dfb456c |
| SHA256 | 6adb2c40431531065c4376a04f96964fd0645c2dfbe0edf8785f8bfad55fd3d7 |
| SHA512 | 3d0007d5c7f59ff096639a9c4f892d12a8e0c5bf7ea1718238313014b69aef423b7c6095e51d91b8e38f4018e135a2d035ab806bb22315c389b07969ed17848f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | 8202a1cd02e7d69597995cabbe881a12 |
| SHA1 | 8858d9d934b7aa9330ee73de6c476acf19929ff6 |
| SHA256 | 58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5 |
| SHA512 | 97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9 |
memory/6132-840-0x0000000001120000-0x0000000001121000-memory.dmp
memory/5308-842-0x0000000010000000-0x00000000105E6000-memory.dmp
memory/4376-848-0x00000000735A0000-0x0000000073D50000-memory.dmp
memory/5212-849-0x0000000000400000-0x000000000066F000-memory.dmp
memory/6132-852-0x00000000000F0000-0x0000000000B3B000-memory.dmp
memory/6132-846-0x0000000001130000-0x0000000001131000-memory.dmp
memory/6108-862-0x0000000001730000-0x0000000001731000-memory.dmp
memory/5480-865-0x0000000000400000-0x0000000000834000-memory.dmp
memory/6108-868-0x0000000003160000-0x0000000003161000-memory.dmp
memory/5212-872-0x0000000000400000-0x000000000066F000-memory.dmp
memory/2808-874-0x00000000735A0000-0x0000000073D50000-memory.dmp
memory/6108-873-0x0000000003180000-0x0000000003181000-memory.dmp
memory/6108-870-0x0000000003170000-0x0000000003171000-memory.dmp
memory/6108-864-0x0000000001890000-0x0000000001891000-memory.dmp
memory/5212-858-0x0000000000400000-0x000000000066F000-memory.dmp
memory/5736-812-0x0000000000400000-0x0000000002D3F000-memory.dmp
C:\Windows\System32\GroupPolicy\GPT.INI
| MD5 | 7cc972a3480ca0a4792dc3379a763572 |
| SHA1 | f72eb4124d24f06678052706c542340422307317 |
| SHA256 | 02ad5d151250848f2cc4b650a351505aa58ac13c50da207cc06295c123ddf5e5 |
| SHA512 | ff5f320356e59eaf8f2b7c5a2668541252221be2d9701006fcc64ce802e66eeaf6ecf316d925258eb12ee5b8b7df4f8da075e9524badc0024b55fae639d075b7 |
C:\Windows\System32\GroupPolicy\Machine\Registry.pol
| MD5 | cdfd60e717a44c2349b553e011958b85 |
| SHA1 | 431136102a6fb52a00e416964d4c27089155f73b |
| SHA256 | 0ee08da4da3e4133e1809099fc646468e7156644c9a772f704b80e338015211f |
| SHA512 | dfea0d0b3779059e64088ea9a13cd6b076d76c64db99fa82e6612386cae5cda94a790318207470045ef51f0a410b400726ba28cb6ecb6972f081c532e558d6a8 |
memory/6132-837-0x0000000001100000-0x0000000001101000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS23CF.tmp\Install.exe
| MD5 | 0476e01c25c2c771aff612aa33e3e92b |
| SHA1 | 3a11e3063ce88c80cc340b4d54498db169ecade6 |
| SHA256 | 2ab9a721492b870ada7b6d06e9f65485b2989e92ffed880e83f09d7eb4ae5243 |
| SHA512 | 7d299d53b188de053c0ba02b60e51cca911f05a2ed7c2368dc75c61ac89582e5bcbca4661af438a8b4e1ec736acdd0d7b150ac0f9181256fecf6f1955e83ce67 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | 2f91ed59aeb73cbe8230901b9e32edd8 |
| SHA1 | 90c98fb8b9848e75e500f13dbfc0415087ab953f |
| SHA256 | b9a00c55fd4da4f822123bf19d859a7bead86b7e86b9258e9c937f53fd2f3764 |
| SHA512 | c408ca52c34a5118a76159fd31fd973db5c28d03dd86de7204f6bb6c3a6aba14754025589f87f16443da6cda29bafbc2efc5aa28cba17f9e640e3fdd0e587823 |
memory/5480-838-0x0000000000400000-0x0000000000834000-memory.dmp
memory/2348-900-0x0000000004650000-0x0000000004686000-memory.dmp
memory/6132-827-0x00000000010F0000-0x00000000010F1000-memory.dmp
C:\Users\Admin\AppData\Local\WBICreator\wbicreator.exe
| MD5 | 1ee7fca7754ddf63e554a84e5a46c867 |
| SHA1 | 831934edebefdd2a16f8663a7cec2cb091b37f45 |
| SHA256 | cb9ac027ef9e4962f5e45fdf1464ad3b7ef3c5aed3fe214fd82b076d5fafdbb1 |
| SHA512 | 596a515033c9e6353786a51f774e0f00e15344e45119c318b3f9508ee926c01951ea8c6ca048a48b8fc78bc8bf9454204017b783b041b9c5ce0fc958ad440a67 |
C:\Users\Admin\AppData\Local\Temp\7zS23CF.tmp\Install.exe
| MD5 | 936cda9a3305cdbfb2030187e1e41c2f |
| SHA1 | ee091c2ecffcb0d409bd69275f3d090f56c88f50 |
| SHA256 | 33018966f2abe989f72556d1b72d4cfcc95d0aff876c2a9d9459f2369b10d930 |
| SHA512 | 9a62255a6ec453aed464555e445fca543b235cab248b2431e685b062fe5e90d6806066341dce010ed717183c37bf94673c3c5f70f5c236981d2d47f4da546556 |
C:\Users\Admin\Documents\GuardFox\fpvCTUbLstZ4r68szSFC59Mu.exe
| MD5 | 7dc7d544c9baa56f61bffc3361ff7bcb |
| SHA1 | 8fded8d3f54cc40e284be043902586c52fe035f3 |
| SHA256 | f9609d86edac2544126f179647a6e123473deb0e95707c90089b4358738b593d |
| SHA512 | 8012597c42c3880cc8ac99336acf6690f96a21d1648c5640138bfba0f1b2ba02c9fb159f2455208011e306c1f63280bc51a5ed1ba374c33a6f0510f06a6ba3c9 |
memory/2348-909-0x0000000004CC0000-0x00000000052E8000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 0a36a24fefb82e041f59c6bd2e05618f |
| SHA1 | 0cce133657a85257d78d64e63f84811ade036452 |
| SHA256 | 26687958e209c33dd41dc96e91c68858fe7f324cc6890220b40212fe8307d69d |
| SHA512 | bbb7d297f5ae088eb69034331adaffab31a9ad1fd96054df6416b1681884491f2612eb236c0fdf44ce77fc97b6a2cf82842023d4cb952591078e62934f7e6a5b |
memory/5480-821-0x0000000000400000-0x0000000000834000-memory.dmp
memory/2348-929-0x00000000054E0000-0x0000000005546000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_jqvwvin3.05o.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/2348-930-0x00000000055C0000-0x0000000005626000-memory.dmp
memory/2348-928-0x0000000004BE0000-0x0000000004C02000-memory.dmp
memory/2348-960-0x0000000005BC0000-0x0000000005BDE000-memory.dmp
memory/2808-817-0x0000000004F80000-0x000000000512A000-memory.dmp
memory/2348-963-0x0000000005C70000-0x0000000005CBC000-memory.dmp
memory/6132-814-0x00000000010A0000-0x00000000010A1000-memory.dmp
memory/2808-813-0x00000000052E0000-0x0000000005884000-memory.dmp
memory/5212-968-0x0000000000400000-0x000000000066F000-memory.dmp
memory/5744-808-0x0000000002EB0000-0x0000000002EBB000-memory.dmp
memory/5232-807-0x0000000000400000-0x0000000000414000-memory.dmp
memory/5744-806-0x0000000002EFE000-0x0000000002F14000-memory.dmp
memory/2136-803-0x00007FFC91C50000-0x00007FFC91E45000-memory.dmp
memory/5744-785-0x0000000000400000-0x0000000002D3C000-memory.dmp
memory/5752-802-0x0000000000400000-0x0000000002D3C000-memory.dmp
memory/2136-798-0x00007FFC90830000-0x00007FFC908EE000-memory.dmp
memory/2808-797-0x0000000005130000-0x00000000052DC000-memory.dmp
C:\Users\Admin\AppData\Local\22158657-fbde-415a-bad4-5bee4646aa0b\RDN8aZtoyFxR0Sp8P1YPHjjm.exe
| MD5 | 22f47bebb55c01d532eb786e3e77fcab |
| SHA1 | 5f12f51cc0a1b0d8d00af9faaeb51dccf331c777 |
| SHA256 | 84bfc54ce235392286dde2a35d5214423b2c9753cb1eae47747986ecdf1f1cec |
| SHA512 | 11b7a29fcab9c4dae52ecf42159882a0399dd9f79a82f5f735e24560506e0b25c86fc96902bd62d85337b5d822dc7761f0478b39b04c77721b9becd36ebba297 |
memory/4068-976-0x00000000009D0000-0x0000000000FE2000-memory.dmp
memory/1448-794-0x0000000005CD0000-0x0000000006024000-memory.dmp
memory/2136-790-0x0000000140000000-0x0000000140B9C000-memory.dmp
C:\Users\Admin\AppData\Local\WBICreator\wbicreator.exe
| MD5 | 50a05eb94d9139f02a863ff916d8a9d7 |
| SHA1 | d635d7e59873ce9483d14e71d10c5626e6c43701 |
| SHA256 | 7a0f74c76783d47c21beb5be978f4cd9dd1f3db18b233e131dac56a72de5f4d2 |
| SHA512 | ac3f3ff645b2e25b3095658c7fb632bffc5543aee84532ec775c711f0521dafc095615bc72baa483907eb2f2d39a3f60a5815379bfb4313d74cb447eb8a17fd5 |
memory/1448-791-0x0000000005C30000-0x0000000005CCC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\onefile_3900_133531816951741958\vcruntime140.dll
| MD5 | 870fea4e961e2fbd00110d3783e529be |
| SHA1 | a948e65c6f73d7da4ffde4e8533c098a00cc7311 |
| SHA256 | 76fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644 |
| SHA512 | 0b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88 |
C:\Users\Admin\AppData\Local\Temp\onefile_3900_133531816951741958\python311.dll
| MD5 | 1fe47c83669491bf38a949253d7d960f |
| SHA1 | de5cc181c0e26cbcb31309fe00d9f2f5264d2b25 |
| SHA256 | 0a9f2c98f36ba8974a944127b5b7e90e638010e472f2eb6598fc55b1bda9e7ae |
| SHA512 | 05cc6f00db128fbca02a14f60f86c049855f429013f65d91e14ea292d468bf9bfdeebc00ec2d54a9fb5715743a57ae3ab48a95037016240c02aabe4bfa1a2ff4 |
C:\Users\Admin\AppData\Local\Temp\onefile_3900_133531816951741958\WW9_64.exe
| MD5 | d5069aed1a3e38091665384ef04ab686 |
| SHA1 | 047a2384005af5ef03b86ff9d1c488caa5313ac2 |
| SHA256 | 24eae9f8d1bde98d11afe4053b5bfdbfe19e01f8c379b3c0aa7df693bc1284e4 |
| SHA512 | d3c9fadc8c4b43b30aae2784049fe6af824cb42580ec4810210df49865591936c310b9033988ebb2629070d2e32a4bbc234942a282fa15e82df5b6e9645d850d |
C:\Users\Admin\AppData\Local\Temp\7zSCBD.tmp\Install.exe
| MD5 | 2ca3154c457c0fd1400bf816807f38d6 |
| SHA1 | 799f89c96feabc3815e035a5779eecc3c5b9e3f2 |
| SHA256 | 322eae909f92672c01a04f9835ac4053364580726990128ac05e7069c39001f3 |
| SHA512 | 92293321463e912347a8d8e5dc991f439f37dc56a0413bdb8679054e877450fd48b41a7ef8ee76c0859ccf93888f4d57cf169ba724a19f8d307e5712b1aea505 |
memory/3412-771-0x0000000003270000-0x0000000003286000-memory.dmp
memory/5752-768-0x0000000002DC0000-0x0000000002DCB000-memory.dmp
memory/1448-767-0x0000000000C40000-0x000000000128A000-memory.dmp
memory/6140-764-0x00000000022F0000-0x000000000240B000-memory.dmp
C:\Users\Admin\Documents\GuardFox\Z78EaC7A1maUh2noqDPHqxE4.exe
| MD5 | d370a38b2453e70f918f92a8906a9664 |
| SHA1 | 6fc39ffbf3ac2fe5b662565df769e83a6f87bec1 |
| SHA256 | 52e6ccf5cc93a9d0660b9204e7d6ae218aa83237c09797ffb5bf41f299a78506 |
| SHA512 | 4e112cc8de72b01c3498b2580c4d6f53d31022a64a9c1111fd8b166360361f62973432a05ab0badfac762c17ffa89d57b027e0b97cade69ebf2eea77522b6380 |
memory/5752-732-0x0000000002EA0000-0x0000000002FA0000-memory.dmp
memory/4344-730-0x0000000000400000-0x0000000000537000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-MHR0A.tmp\_isetup\_isdecmp.dll
| MD5 | a813d18268affd4763dde940246dc7e5 |
| SHA1 | c7366e1fd925c17cc6068001bd38eaef5b42852f |
| SHA256 | e19781aabe466dd8779cb9c8fa41bbb73375447066bb34e876cf388a6ed63c64 |
| SHA512 | b310ed4cd2e94381c00a6a370fcb7cc867ebe425d705b69caaaaffdafbab91f72d357966916053e72e68ecf712f2af7585500c58bb53ec3e1d539179fcb45fb4 |
memory/4344-714-0x0000000000400000-0x0000000000537000-memory.dmp
C:\Users\Admin\Documents\GuardFox\RDN8aZtoyFxR0Sp8P1YPHjjm.exe
| MD5 | 84e5ccdfbdfd9d92456c890e6d8641d4 |
| SHA1 | bc1f99c3a86a6a3258e6baa57c26be3a4403146e |
| SHA256 | d4b9f4354252a9c203a211d8d600113f9d236ecca6234f43b5aa02350b5b24cc |
| SHA512 | 5f57e132b811e83f167f4b624397262b83982c9781dd05cba20bd2de798fcf1fd010c268060fcdf5601d5c2af1d4a61c2ff8a3ed659a25ceb6a3ef1034b8cf4c |
memory/4344-709-0x0000000000400000-0x0000000000537000-memory.dmp
C:\Users\Admin\Documents\GuardFox\QoPxz2PXYbxFkd1ZtaGIY5nB.exe
| MD5 | f32230a1dc38cb27b47a11b56adb0969 |
| SHA1 | f3d2dab4676dda7dd6df125ef96967d3778b0726 |
| SHA256 | 92170856ae8fa372d8cb3285781a5ab79fbf88a66fff3bb0817a467d775d2121 |
| SHA512 | a901c1f5bc069e1438da71ab265b91fba678035c56644ce4b601fbdbf9603577df7340a9749c8de8ecd66b48808ccd52e56cfcefd093cd837a5718fb8239f68b |
C:\Users\Admin\Documents\GuardFox\fpvCTUbLstZ4r68szSFC59Mu.exe
| MD5 | 4dfbb07f824d4f1106cc7fba9cbcfeb0 |
| SHA1 | f225ce68bc6dbcaed82aff71d96315f692c947d4 |
| SHA256 | 03097d72e93fc715793b38011623e2d8d4f98caabb082c6c80a53f27da95a10d |
| SHA512 | 700da5bcf66429ee440864421588692344078274940e4179c958479c63471f415da181397231ad9ad6033f641cc3a1cb6075c3461f00e173197281e65c5f0dfe |
C:\Users\Admin\Documents\GuardFox\Odt0imGpkgnE0De9TQmDwGiD.exe
| MD5 | d8666ba0b58b3d01ff7ebc4af4d85bbc |
| SHA1 | bdf372e47c847132b28cdd123851b7852dd0c73e |
| SHA256 | d50b970e3d61822619b1daf789d92859003316fe97be69c3f372902b700a461e |
| SHA512 | de46227f7c8d69347ec3e63ac4fb730ce4b95730155549586dcd67b86bed2124eb083e74645cc38fbd48d8fec6a964d9a69be3282973bef35b923a4a33fd133f |
C:\Users\Admin\AppData\Local\Temp\is-VM79T.tmp\eQYk_b6jz16mJKmMtyzJXk5e.tmp
| MD5 | 40c92a8e43929c9d8f38c1cd29a33d42 |
| SHA1 | d736c68db624fdca36bd8c2b18d4a5cfad25e088 |
| SHA256 | 1bea54b564637c6ea5b30839e6a2d12c3808f5c3e09c664f3aa8a4035cb910f8 |
| SHA512 | 01bf5246ce33b09ac2a47bc0cfb103156fbee5c8e7bf8752d6a99eff83f627ba5ead8be7820b4d126cdca4f180474c069861837e8ab0837ec8037aad0b08f263 |
C:\Users\Admin\Documents\GuardFox\RZwYj5i1qII7mxAb7SqPKWq_.exe
| MD5 | a028b000e2bd8209c4f8f7f03b4b947a |
| SHA1 | fc3e0cb9ffd9342d75a72f3c705ab550e05cd2a4 |
| SHA256 | 490f627ba513a1ef51d10084676847b96e784a42120131e2f0119c32527f60d2 |
| SHA512 | de06303d4ba0af10c800fba5708ce04ed3899c1276d4a3d389eb091e6bcaa9a1cae85d1ab1d8a207d61e5aedffd5df96a9229a8dd9172a2d9108e668b37f09de |
C:\Users\Admin\Documents\GuardFox\tICD3_G5dCLsOTlSefOYkF5v.exe
| MD5 | b10029ab906949f7c344b85c3526cd66 |
| SHA1 | 23f80fef961c8db7e05d51a234485054b31b770c |
| SHA256 | e622c0fd6ff58df7d32325c74a0caf5847f26f99d258c37859ff36fd7ac42f14 |
| SHA512 | 9a0d4b653eb1ef777044d211ab2905d45f84a98bdf84c71e89cb9dd1463c220ea26281aac664953236851edc8cf2ddb87fefb20df13ac03af7b89376dfc3a1b8 |
memory/5232-611-0x0000000000400000-0x0000000000414000-memory.dmp
C:\Users\Admin\Documents\GuardFox\TKKw1hmTwVBMTsgOoU3BCklJ.exe
| MD5 | 3710a15a3365b51af36bfcf817041024 |
| SHA1 | 178a22bb487e1e8aa562bcede0239345b9a563fb |
| SHA256 | ac98fa31e27777d76b6026ba0aefc21d5f238488c4e57842740a60237301d4fb |
| SHA512 | 5e0a5c7240ea036df358a72750aa8f443cbcc29b9b357ba3fdd1964f48f2ccb467140d37deb81c6c18bc83d487a4bd6a6bb50f1b19baf8ac6765ce3eacc9f1ec |
C:\Users\Admin\Documents\GuardFox\oPAY0atGsFrz5J6mweTZuaDf.exe
| MD5 | 187dc52bc58a51b83e43579973ea5c13 |
| SHA1 | 0e205249bc9ed1b3b0e243af3c48f35b0bb61a5f |
| SHA256 | 0ba849ce4aeb710ab0df5965daad0713679285004d0e6d77116639b9153d6bcd |
| SHA512 | 33a7c46f84f64967d44788a8d422608f9e19f41eef8ae40d5858207dfc7702256db8b335c9ef3732f9268cf45e9f00d27031461b52e12103598c6fc2b57ead9f |
memory/2348-987-0x00000000735A0000-0x0000000073D50000-memory.dmp
memory/2348-1019-0x0000000006150000-0x00000000061E6000-memory.dmp
memory/1448-1020-0x00000000077D0000-0x0000000007962000-memory.dmp
memory/2348-1021-0x00000000060D0000-0x00000000060EA000-memory.dmp
memory/2348-1022-0x0000000006120000-0x0000000006142000-memory.dmp
memory/1448-1029-0x0000000003690000-0x00000000036A0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Protect544cd51a.dll
| MD5 | 544cd51a596619b78e9b54b70088307d |
| SHA1 | 4769ddd2dbc1dc44b758964ed0bd231b85880b65 |
| SHA256 | dfce2d4d06de6452998b3c5b2dc33eaa6db2bd37810d04e3d02dc931887cfddd |
| SHA512 | f56d8b81022bb132d40aa78596da39b5c212d13b84b5c7d2c576bbf403924f1d22e750de3b09d1be30aea359f1b72c5043b19685fc9bf06d8040bfee16b17719 |
memory/4208-1034-0x0000000000400000-0x0000000000494000-memory.dmp
memory/1448-1039-0x00000000735A0000-0x0000000073D50000-memory.dmp
memory/1448-1038-0x0000000005C2C000-0x0000000005C2F000-memory.dmp
memory/4208-1040-0x0000000005B20000-0x0000000006138000-memory.dmp
C:\ProgramData\mozglue.dll
| MD5 | c8fd9be83bc728cc04beffafc2907fe9 |
| SHA1 | 95ab9f701e0024cedfbd312bcfe4e726744c4f2e |
| SHA256 | ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a |
| SHA512 | fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040 |
memory/4208-1044-0x0000000005520000-0x0000000005532000-memory.dmp
memory/4208-1053-0x0000000005650000-0x000000000575A000-memory.dmp
memory/4208-1056-0x0000000005580000-0x00000000055BC000-memory.dmp
memory/4344-1061-0x0000000000400000-0x0000000000537000-memory.dmp
memory/2348-1065-0x0000000002260000-0x0000000002270000-memory.dmp
memory/5976-1069-0x000000000201A000-0x00000000020AC000-memory.dmp
memory/2348-1082-0x00000000735A0000-0x0000000073D50000-memory.dmp
memory/4208-1087-0x00000000064A0000-0x0000000006532000-memory.dmp
memory/4208-1109-0x0000000006600000-0x000000000661E000-memory.dmp
memory/5632-1107-0x0000000077904000-0x0000000077906000-memory.dmp
memory/4208-1098-0x0000000006540000-0x00000000065B6000-memory.dmp
C:\ProgramData\Are.docx
| MD5 | a33e5b189842c5867f46566bdbf7a095 |
| SHA1 | e1c06359f6a76da90d19e8fd95e79c832edb3196 |
| SHA256 | 5abf8e3d1f78de7b09d7f6fb87f9e80e60caacf13ef3c1289665653dacd7c454 |
| SHA512 | f2ad3812ec9b915e9618539b0f103f2e9acaad25fbbacd84941c954ce070af231324e83a4621e951c1dbae8d40d50410954e40dd52bbd46e34c54b0d1957407b |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe
| MD5 | a5ce3aba68bdb438e98b1d0c70a3d95c |
| SHA1 | 013f5aa9057bf0b3c0c24824de9d075434501354 |
| SHA256 | 9b860be98a046ea97a7f67b006e0b1bc9ab7731dd2a0f3a9fd3d710f6c43278a |
| SHA512 | 7446f1256873b51a59b9d2d3498cef5a41dbce55864c2a5fb8cb7d25f7d6e6d8ea249d551a45b75d99b1ad0d6fb4b5e4544e5ca77bcd627717d6598b5f566a79 |
C:\Users\Admin\AppData\Local\Temp\heidiDXCpHlGy2133\3b6N2Xdh3CYwplaces.sqlite
| MD5 | a91e5d5ad462d0a005886bd87c43eeaf |
| SHA1 | 9df6f78157fcf8b3df70e4dd9d86ca7664a007c8 |
| SHA256 | badbdd762968734e56cda20305ab455f9f0be6764ab49e7ec4f18b05cc7e1510 |
| SHA512 | 075d46b1a88c7f155d57b89d503a1c5678cfafa32919949fe39059968d0feeac6184eb8f3c59aac9633b90c8d7a28e4fa8bae23359356a89094f68ec2d9723d0 |
C:\Users\Admin\AppData\Local\Temp\heidiDXCpHlGy2133\UPG2LoPXwc7OWeb Data
| MD5 | f70aa3fa04f0536280f872ad17973c3d |
| SHA1 | 50a7b889329a92de1b272d0ecf5fce87395d3123 |
| SHA256 | 8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8 |
| SHA512 | 30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84 |
C:\Users\Admin\AppData\Local\Temp\heidiDXCpHlGy2133\D87fZN3R3jFeWeb Data
| MD5 | 36406ff49b505906ab284858657b736c |
| SHA1 | 1217382df837c39596e624cf5fe2002b23b177d3 |
| SHA256 | 5e69c5f6f9c24774b28c464a8a79aaf8ae6ef27064a7fbcbc51043e0591b2903 |
| SHA512 | 9204ed03c29281c49f01abbbd1a1c4dcc819fd375d18d5be2b535d508b24160cb4b4702d34850e3b78f1621412c8eea5612b6065b52b0fd206a8c4b26570d115 |
C:\Users\Admin\AppData\Local\Temp\heidiDXCpHlGy2133\8ghN89CsjOW1Login Data For Account
| MD5 | 02d2c46697e3714e49f46b680b9a6b83 |
| SHA1 | 84f98b56d49f01e9b6b76a4e21accf64fd319140 |
| SHA256 | 522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9 |
| SHA512 | 60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac |
C:\Users\Admin\AppData\Local\Temp\adobeDXCpHlGy2133\Browsers\Vault_IE\Passwords.txt
| MD5 | cb415a199ac4c0a1c769510adcbade19 |
| SHA1 | 6820fbc138ddae7291e529ab29d7050eaa9a91d9 |
| SHA256 | bae990e500fc3bbc98eddec0d4dd0b55c648cc74affc57f0ed06efa4bde79fee |
| SHA512 | a4c967e7ba5293970450fc873bf203bf12763b9915a2f4acd9e6fa287f8e5f74887f24320ddac4769f591d7ef206f34ce041e7f7aaca615757801eb3664ba9a4 |
C:\Users\Admin\AppData\Local\Temp\adobeDXCpHlGy2133\information.txt
| MD5 | e1ec643f5300bf8cf14e6489b9173918 |
| SHA1 | 162d5d3c0ad30e46c0aaa033119bcc288de6384f |
| SHA256 | b9e3e18358f5412ad4645d75afba1a2ef6058da3344336409f84297894c60c3a |
| SHA512 | 0fd711a37ba53aa41cd8fe77a4d0896973b536b52b8d03a911cff682c535ee71d7df18c5f9e6f12c4b929124ee0beead50e1a70ed9795f6295722790694a5bae |
C:\Users\Admin\AppData\Local\Temp\heidip5qbJ3INLYaz\KvHrxJ77cmUgLogin Data
| MD5 | 349e6eb110e34a08924d92f6b334801d |
| SHA1 | bdfb289daff51890cc71697b6322aa4b35ec9169 |
| SHA256 | c9fd7be4579e4aa942e8c2b44ab10115fa6c2fe6afd0c584865413d9d53f3b2a |
| SHA512 | 2a635b815a5e117ea181ee79305ee1baf591459427acc5210d8c6c7e447be3513ead871c605eb3d32e4ab4111b2a335f26520d0ef8c1245a4af44e1faec44574 |
C:\Users\Admin\AppData\Local\Temp\heidip5qbJ3INLYaz\oOPEmFmu_xsJCookies
| MD5 | c9ff7748d8fcef4cf84a5501e996a641 |
| SHA1 | 02867e5010f62f97ebb0cfb32cb3ede9449fe0c9 |
| SHA256 | 4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988 |
| SHA512 | d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73 |
C:\Users\Admin\AppData\Local\Temp\heidip5qbJ3INLYaz\l6w3NVXsgpmDCookies
| MD5 | 49693267e0adbcd119f9f5e02adf3a80 |
| SHA1 | 3ba3d7f89b8ad195ca82c92737e960e1f2b349df |
| SHA256 | d76e7512e496b7c8d9fcd3010a55e2e566881dc6dacaf0343652a4915d47829f |
| SHA512 | b4b9fcecf8d277bb0ccbb25e08f3559e3fc519d85d8761d8ad5bca983d04eb55a20d3b742b15b9b31a7c9187da40ad5c48baa7a54664cae4c40aa253165cbaa2 |
C:\Users\Admin\AppData\Local\Temp\heidip5qbJ3INLYaz\o0qT3dWYBP7ZHistory
| MD5 | 9618e15b04a4ddb39ed6c496575f6f95 |
| SHA1 | 1c28f8750e5555776b3c80b187c5d15a443a7412 |
| SHA256 | a4cd72e529e60b5f74c50e4e5b159efaf80625f23534dd15a28203760b8b28ab |
| SHA512 | f802582aa7510f6b950e3343b0560ffa9037c6d22373a6a33513637ab0f8e60ed23294a13ad8890935b02c64830b5232ba9f60d0c0fe90df02b5da30ecd7fa26 |
C:\Users\Admin\AppData\Local\Temp\heidip5qbJ3INLYaz\02zdBXl47cvzcookies.sqlite
| MD5 | d367ddfda80fdcf578726bc3b0bc3e3c |
| SHA1 | 23fcd5e4e0e5e296bee7e5224a8404ecd92cf671 |
| SHA256 | 0b8607fdf72f3e651a2a8b0ac7be171b4cb44909d76bb8d6c47393b8ea3d84a0 |
| SHA512 | 40e9239e3f084b4b981431817ca282feb986cf49227911bf3d68845baf2ee626b564c8fabe6e13b97e6eb214da1c02ca09a62bcf5e837900160cf479c104bf77 |
C:\Users\Admin\AppData\Local\Temp\heidip5qbJ3INLYaz\02zdBXl47cvzHistory
| MD5 | 90a1d4b55edf36fa8b4cc6974ed7d4c4 |
| SHA1 | aba1b8d0e05421e7df5982899f626211c3c4b5c1 |
| SHA256 | 7cf3e9e8619904e72ea6608cc43e9b6c9f8aa2af02476f60c2b3daf33075981c |
| SHA512 | ea0838be754e1258c230111900c5937d2b0788f90bbf7c5f82b2ceda7868e50afb86c301f313267eaa912778da45755560b5434885521bf915967a7863922ae2 |
C:\Users\Admin\AppData\Local\Temp\adobep5qbJ3INLYaz\information.txt
| MD5 | 7e96862de6c6da40cc9e36531616b13c |
| SHA1 | b10316eea6325eca58350efd06b27d05539dd022 |
| SHA256 | fe4087935b3ca659ae4057cb6976841b244c1feb892ca8f9dca95e3fabb53dc0 |
| SHA512 | 782cb4d358763edcde68b60e0a0ffcc68b240a917a6d2d16711018842a6322a6b4d50ebefaeda2c5438849460eb8ac2c524e6ef7990c4d196bd3d755113bb027 |
C:\Users\Admin\AppData\Local\Temp\heidip5qbJ3INLYaz\2g1j7SGm0vjI4nkHAuJW.exe
| MD5 | 4e7002121cc16aa56b9e4b04aefa549b |
| SHA1 | 1d942b95ef9e2f5c0a79ac8042ebf63ea8f9cd59 |
| SHA256 | 49b5fe799d89d680a925fbb7c621792b3a4ab547820e966139e3a68a9a243916 |
| SHA512 | c13e331ca1e464b8ccfa187e81f1f6e738905b53b8090f9baf715d345d7e18e2c18456e0e441afc020f072eca2177e2b30112aa00e2df6226273b1c67020cf1f |
C:\Users\Admin\AppData\Local\Temp\adobe6DbP_N64XGcl\screenshot.png
| MD5 | 00712d7ced581cf3d1e63c5955574c20 |
| SHA1 | 5c7d57a58d8fe35fcf76bfbb57ba735be002c22a |
| SHA256 | 4959feefe37498e2dd467d87dc698ea74708cf0e81f9c3a98fc2917c4128697a |
| SHA512 | 7ce7f612de7efe4a25305e8b1fd5885de08152c6e75e24ec320c400f521c1e9e4c5b6d2d88557c2fa835bd1309531aab2aff61db739125dad3ff286945d65e8f |
C:\Users\Admin\AppData\Local\Temp\adobe6DbP_N64XGcl\information.txt
| MD5 | 8164c3ba51597c4f6f8822aac1d8ca0f |
| SHA1 | 57c84e2455aff279a25075e26538e5d594bbebaf |
| SHA256 | 3327ebc0b1f7a50e20ea655b3e2621f0606024df2c6a55c576db4fdcaf49d80d |
| SHA512 | 3796b6ecd110e9c948e585c29620daa939b3ba0fe49098b1b5067756ee10694c37eabfd941f501b1b721c33a8176149727147b8f17930955d4b9c6c25f4e8f31 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9cafa4c8eee7ab605ab279aafd19cc14 |
| SHA1 | e362e5d37d1a79e7b4a8642b068934e4571a55f1 |
| SHA256 | d0817f51aa2fb8c3cae18605dbfd6ec21a6ff3f953171e7ac064648ffdee1166 |
| SHA512 | eefd65ffcfb98ac8c3738eb2b3f4933d5bc5b992a1d465b8424903c8f74382ec2c95074290ddbb1001204843bfef59a32b868808a6bee4bc41ee9571515bbac6 |
C:\Users\Admin\AppData\Local\Temp\heidip5qbJ3INLYaz\hGnIVTJbniiugaulndqv.exe
| MD5 | 182738f297c4083aa9dde3e9173c87e3 |
| SHA1 | 6514faaebace4c5c4ebddf9e829682488fec7d04 |
| SHA256 | 53a3113b2cdcf9d382621d8e43b37bf19757f204d378361a4827342aca16f796 |
| SHA512 | 203a605ad2acd05d98db55694bad93aa0a8795541b01f7f9bc9069e727e4362cf7a350057cf6d7ddacf26a15a3cb2ae8a7b1ea839de62c7f6ae74be91cfcd882 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3bde7b7b0c0c9c66bdd8e3f712bd71eb |
| SHA1 | 266bd462e249f029df05311255a15c8f42719acc |
| SHA256 | 2ccd4a1b56206faa8f6482ce7841636e7bb2192f4cf5258d47e209953a77a01a |
| SHA512 | 5fab7a83d86d65e7c369848c5a7d375d9ad132246b57653242c7c7d960123a50257c9e8c4c9a8f22ee861fce357b018236ac877b96c03990a88de4ddb9822818 |
C:\Users\Admin\AppData\Local\Temp\heidi6DbP_N64XGcl\Gt_q28K1Pij1MddE1Ptw.exe
| MD5 | 0dc582be298ea675f2338d94311a2bd5 |
| SHA1 | 2c115c8f9c394841e501ccc821c7f9dbed122c1f |
| SHA256 | cd8bfa12ce2da9682ff533d0b848f984cdc780c8c68c99ad2bde471eb0b595a5 |
| SHA512 | b132fd863b0205b5c9e9705371a235ce6950ec29572f510d3d6149b8acb70af00ec4827aa1c0f7fd91f5c1fec3be7501ceca3e51f93cb3d1044d69942aa82e51 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e085c833501b99b5b61102d456de80da |
| SHA1 | 13a099debb42da1ec286b0773e5b397b5d409607 |
| SHA256 | a66fdec66d3633bd4042b85ef23669fd4b7b684b43b6702febc598840151a784 |
| SHA512 | 1beac1ea66e8ffc755570d6a5038ede442d4cde2e2db5557ba016575622b48dd5ffecca1e51b102d0a96e4cfe72f0184cdb989baaecf8b93c9aab81dd92dd2ab |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | d73e91e1aef71539ae8364536543fcef |
| SHA1 | c36901414356606299938b1c229ceb7c99296a15 |
| SHA256 | 8828f1e89d71fa45958408577aa7b0abbf3d0a2126a93e3a394ba4058820bab2 |
| SHA512 | f59c9e35f3986072a28ba880909cd69aa61e9bec3b71db92cb462ac87d5acff7dfac29939fa8a8153b9ab97f24e9c58ac6a4f56dc50d09a60054765b46671a27 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d3d5c5acada5e39cd98339f5e4d4cf84 |
| SHA1 | 426cb02e852c88ad2a5f25ded623bd33efd9d120 |
| SHA256 | fc49c7bc14e588723538befb8308dbc02b38c01348f7ad1c5b027f3ccd9c756e |
| SHA512 | b0e07ee2bc99ee9e379730b49ff96d4d3221547321edbf0c039bea053153888f42851ec9449a73702f25cc2628d997f176cc436ef0025e5924f90c607e56ec43 |
C:\Users\Admin\AppData\Local\Temp\heidip5qbJ3INLYaz\GCWEHT8K4v5SdsJZFtFi.exe
| MD5 | 976ec7a89df25f5c2eff2e6c78cc8015 |
| SHA1 | 69ea0d23ce242b5dc864fc1acec296ebb0085ea7 |
| SHA256 | 731b4d0677c0573521479242e75a54f7f73f0b7f3ab07117a27b891da87fe372 |
| SHA512 | 35e91a3dec98245c432ed380afdb9ef0dda1e6fc0aa362bc2b1f26cf3c1e02f69d41f7c8f95b631c18afb8ab1bbdda22d5911daf8b37c6728f7384ceb91567e1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zlzu656s.default-release\datareporting\glean\pending_pings\2f6de851-1169-4582-b3af-ee5beb8ad6ca
| MD5 | 9862da49d36276f421f6e014a0990fae |
| SHA1 | e48869934240677dd3e8d018fa256bc414a30d0e |
| SHA256 | 1e211055ddd24694cdf3caf6bbabe4670b8d4f07935b67ac0a166c8157475841 |
| SHA512 | 781ff6369cd5d190cc99b908320336cb0874ba72a00992a3189bf17aa68f50bf702ca7229a0465ac14a584fcc36745b65b20e5ce476c424e5597a21eaa011875 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zlzu656s.default-release\datareporting\glean\pending_pings\eed7ddcd-2a4d-4ada-b324-f2b679d8bb2f
| MD5 | d27d6b0992c564040ac7f7f8fd9398f7 |
| SHA1 | a7d845e9d655675eb0588c2a8f137864e7481863 |
| SHA256 | d7f5ff980c9b2978606db58396e625f9d3ad3fd2c5a32a79ac297f57626a3381 |
| SHA512 | bf3647e5c13dfd8288118e7991064a6319a80921b02b9eed30b3539672ccbd308a702566a1927c88530ee83b5f9a6e7eb3ff5a2d8e022852d21842f068a50848 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zlzu656s.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 7b74dcc5b487db752652e6cd6396a87c |
| SHA1 | 52362584e7816edf2267a8b87b22c3a49bd3a851 |
| SHA256 | 97125967f6e735e38d8e5414fe40df3d778e8d702e98992150322d4d09fb6381 |
| SHA512 | 64dc8fd51d19f94a2f48c4c6b727f67cd0fe12543b2d506c3d77265bfe401a1ba42d3af0ab37ad0cc846fd92ba31dfc3227a1aa3647849e08a81d77edc825d72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zlzu656s.default-release\prefs.js
| MD5 | b95c080ea21d75b0c101ebb890c3d570 |
| SHA1 | c5401ccd155d0603e75b8df88393517c992102a0 |
| SHA256 | 045963cf6387d22a51fa6732be72556e8e67d503d9dd1027fd72895d6af0accc |
| SHA512 | f4265ee51bc97ea2d72ffa61617ba0abe37b1946a3fd5dd404a46afb80bf1af1506235e5ff3ed6cd7c88a000d7db434e21aabf93ace5592eddf21544e2bee26c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 63ba1690c248a7944dc0a780c2b8e046 |
| SHA1 | 04d7742358b9ad90b562c1479219a07d930d6bc1 |
| SHA256 | 06f1735a57f3f2a6a576dbca905f9374d0f30fac36d792325de97139cfb0360c |
| SHA512 | 0581ae49d2ba6b4cfd67e3dc85909f36a5ee60a487ce47905f18e2c7882065eda37922e472b8bc3500fc749a3d03776534e201d87e8e7b63c96d22577d37f453 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zlzu656s.default-release\prefs-1.js
| MD5 | 095281790235eae1d1c6d78e037ed9d1 |
| SHA1 | 3593fb4d786b2c491d9b26f53f006444cc400dc8 |
| SHA256 | 917dcb2b0be1891857043609168bb720ab3d6f648a13cb55cb2ed66bcbcfaedd |
| SHA512 | 93d77a221b81b369d0aae41d9f426d64507c05eaf07067eb10349f96251dacfb0e6b366b98340a0644a99de3bf49f61254e8300e0cdf970eef849e8742760645 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | f7e1da9b8c11f0f0d1023a4b32db7e30 |
| SHA1 | db07beedf461c288a51b99e7becc77faacf29226 |
| SHA256 | 98717f953402881a3c837182f8368b446056458af540e5ace1ad999bf85c8116 |
| SHA512 | d7217c6709e7f1bca25c59a21b5bde5cf7bfa217bf39136708c45bae6ade82ad6dce5a110ea35ad1abc5307a0ee4d1f904a57f3bc629f3d98a525a3b486ebbe7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\6e0a3508-a647-42df-b4a3-37856e64fd30.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdesc-consensus.tmp
| MD5 | 377091442d619676d1794a5203b3f422 |
| SHA1 | 656c4b5770747993503f3c848b5fd9c976bdb6f6 |
| SHA256 | 2bf970011667c11c524f181acae7f08a3030e4a4a1023bb31fe75472d81e06fb |
| SHA512 | e319786949c577a0faa8fdc7841889e012d844f942438de557a8d370241b2f78faa38bed207a332be4d02d23612e0a95558e8093616a9d9b657a67c008d96524 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5c797085c8989614f4b17b4691ef8a6a |
| SHA1 | 1235733aef7a6ed6fe900af22e249f9f9c7f2462 |
| SHA256 | 2f780f1acf96d2a08b067f86638133ddb62b70121fadb14594331d03e0b756da |
| SHA512 | 6ac497fd180bffdfe61ada470b05d3cf10b2e8339ecd495b30e9c5bd2ecf3ba5676bc4a6faf8a98fc149d3fcf7f9f72a0798a5e5a43ef7466defdd7077b1a75f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zlzu656s.default-release\prefs.js
| MD5 | f6802e2d427a2c51b52b44e5f6b74a46 |
| SHA1 | 412db3c94fe31ca62fd8ce35e1af35bbf9f11ed9 |
| SHA256 | 851079afdeab98dca5718b12769f838eff07c3dfc85a8799c77a20373bfdf6da |
| SHA512 | afe6ffd72bca04f8474b546f3538025c0af24ecc5a87beec0150e72761ef4a96264faa0122526234a3a9d133f16a067d69b7187e1361be6be4f039392ae6f029 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 360670aad6248a4898c6459e964d6169 |
| SHA1 | 75bd30771e5c36dcda71ee8d634a74f68ac6a0de |
| SHA256 | 3f2875634abfcd4901149e4bb646abe05ec76a6bdc96c296104fe35ae48073c2 |
| SHA512 | f3396e09236c0cb596e223f65fc496dddf684ec4f6f0fa0b8a2e0d3e3be430cec9e0e73529b0e89854f8de4fd553c3c5274c50d4ffacee035d84b00c7793e036 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 51b03b10591ce0d11f5ac4b6e2b6fbd5 |
| SHA1 | 4e08c5a122336e2483503fa210cf6ab26be40887 |
| SHA256 | e8905f3b86898fb9c0b2cda88d26b3a480a934bed9594290dfed2c63494f997d |
| SHA512 | f4301c07abe024a10adca1fb7313e7885c61b166d031bcbebd409f939f53f8b2d7eca730e302f029b2ff079a4f2755c286c104ef043fb220e4fcf33e13f2ba5c |
C:\Users\Admin\AppData\Local\Temp\heidip5qbJ3INLYaz\V1FkYflsSuINyVwTTmob.exe
| MD5 | 9d20c4affcb63af88b3b5d0812edf4e0 |
| SHA1 | 1ab2295ed59bab5a766ca9dc8ba13f2a5bf64fdf |
| SHA256 | e2b0d49dd99bcfcf51e0045bedb758269680cf6283eef3cfb0a0997b6346f929 |
| SHA512 | 345ea57e8f1a1b662995e32e19dd564d62225b79949979c064f22e7e7990673f873ba26678bfeeed7c22a6ca8894c412d4c771380bc903834cca622944b87df7 |
C:\Users\Admin\AppData\Local\Temp\4KPV6A~1\cached-microdescs.new
| MD5 | f77c53cd3770217032cc50c69759427e |
| SHA1 | ef229635c6e88f3d1b2291300a90f634237b793f |
| SHA256 | 66a2d21a11fac7886ab7bcbd20b2e46c162ed98313c85604d2dccd9ac7368948 |
| SHA512 | d46aeb2da3f766c9eae0b7bad0b4673a0cf341e1ad0e28765d8fa967942412d493d78f925ec7ab85030510bc032803dd5656622a29387832097b812cda69d8a0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c8f978f7-2092-4e7f-8850-a5c6df8bd21d.tmp
| MD5 | e52286b10ede671b0990c6c2d9d47b9f |
| SHA1 | f2be18b19a3f81555c001db285fc4d9c2d317a34 |
| SHA256 | 387070a8169a5efdc574c4797af72ee471a5c770c8c4d17dcacf41ea8e764b03 |
| SHA512 | 3a3eeeaa571f45796de711ce6b83ba7f66885ed085f4605cde31901e48bdc0a29062b7fc7c158e0f11a2c799be97b8a8a988e724586190dc7a7d2290bb61c001 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | afd4deb569e6e6ef86eecd4e41658aaf |
| SHA1 | a233465b333819b1a8816a7f9f0876684c761c5e |
| SHA256 | 704f12673a5726b4f43b035400daa594e27db0e7b7d5d5e99a2bf8b6b2d021b1 |
| SHA512 | b3b7c5864f5e553922f258ada59929ee970489490d8d9e21543377577c93ef07755072750d5181c6b7d5420c348746dc68b3551bea658284873eb3d4c14795df |
C:\Users\Admin\AppData\Local\Info Tool Extension\is-KQ77N.tmp
| MD5 | 6231b452e676ade27ca0ceb3a3cf874a |
| SHA1 | f8236dbf9fa3b2835bbb5a8d08dab3a155f310d1 |
| SHA256 | 9941eee1cafffad854ab2dfd49bf6e57b181efeb4e2d731ba7a28f5ab27e91cf |
| SHA512 | f5882a3cded0a4e498519de5679ea12a0ea275c220e318af1762855a94bdac8dc5413d1c5d1a55a7cc31cfebcf4647dcf1f653195536ce1826a3002cf01aa12c |
C:\Users\Admin\AppData\Local\Temp\is-0A1OD.tmp\_isetup\_shfoldr.dll
| MD5 | 92dc6ef532fbb4a5c3201469a5b5eb63 |
| SHA1 | 3e89ff837147c16b4e41c30d6c796374e0b8e62c |
| SHA256 | 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87 |
| SHA512 | 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 311faecad67e6297192ee535f73c5c9b |
| SHA1 | 9b1b10c23677768d378929a64ab1228f72a80af1 |
| SHA256 | 68f8eee958a570ecc7b561b3be1d961e110a3cf9266a7da9a9b951814229a6a2 |
| SHA512 | afb15f6821d792ee340dd86a16d2d8517bccf38d14b9b4d56130dcd5fb84f3edf1c4a8d5578f5b4d6459f6b6722c6cf0dd7b29ced8e8f6cbd9586c7ea48dfccd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 35f641e8646e7150d27f9c92dcd45996 |
| SHA1 | 2163956c0ca7d4d909b9b6cf7b1d6554621ce335 |
| SHA256 | e64ceeb2ce68e1f51b3959c085688e49d58e1b6d1714b6d3a4abed2bbac34e0e |
| SHA512 | 007cbd75f1d534bb7623f1b1eaebcb75c11998c043d5f95f844504a48ae779ad92ad88b642737ac66598f041a2c10542752717be560143627bd9a939b7728dc7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 2367e3684c2127d5c70788da9264146c |
| SHA1 | 07b350f7ebe583ac8392e97050bf111eb06bb710 |
| SHA256 | c7c5381021a89ee7b48e0ccd12524091ed0ab392cd361da65af31f669453e829 |
| SHA512 | 58c2c5769444fe210bfbf6b370dd91fe93eca1334e002ac98e3d5f4b44251145e81363151465708ffa84da73e26af7165286dfd47158be229af392090dbf1bc0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 83808c6a9029144a044757f7477d55b7 |
| SHA1 | 0e4d06b2a278f9f73e703d9feb857c7325be028c |
| SHA256 | d1b1d58fe7f04133731e16b519b8873ff803e0f48198fcfe61909cd074b7390b |
| SHA512 | 587542cfc712ef23f4f512cb6b1cbf156155c0940e95947a3de8d4de004083bfba56ac50ee08ce3a96dc1031e6881cb9be8a4fea341f1b9eba241bfb297adfb6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zlzu656s.default-release\prefs.js
| MD5 | 057f06f3e824db16560b5e9d6798d40b |
| SHA1 | 0993e244325dbfe2b598f30da263ca941ae8a0db |
| SHA256 | f3554ecbdf2699e76cad5de72d44b3e64e593c1ba4d6a0e69c3137c4df3ceef2 |
| SHA512 | 55c70db599e5ad1c59f41543e072ebe7ef4d88b28a8bc39a793b03287879a08be673eed72c700da05fc570f301f5aeec5fe12fce68028b9cf356e98752da04ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | 6d8e1c1513e1a4dd29486ec14be50b51 |
| SHA1 | c5a548e8c31f267c14dafaefdae0863209b04f37 |
| SHA256 | 912d895d87ea36846275108da4d9d0de918e6a30fac277443cbe49cd518c3009 |
| SHA512 | dee434ecbd1b45c48fbfe95f74d92f240bb4aed772a8eb4fd7dbcc8a8d0163ca92bb8cf0b6022b171d107a2fd84c278df60b0be7011db87f3476857df7b26897 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | d3da28a8c7d7442740a2eaf8f8ab15ae |
| SHA1 | b2f99803a303dcb897ade3cccf50c4bda84c95a3 |
| SHA256 | c85b6366a009d88bc9990e0fcc61bc7f2dd0046a8619bceb820376d46c42e356 |
| SHA512 | 733088f29216278a1cb9cb5315869198e0e491ca56f3ae2547d03fabdeadf4b733cdc48c0c673c7446e6d78fe7906d10e4c5b66fa1b0707c13874973e1222a22 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | 6e3e3a9948646c4c4b665e7503455971 |
| SHA1 | b40d64cd0b5c044a6c695a16d87433a7ddde3ca7 |
| SHA256 | 171698d1a48353dcc9d433619ea3e506504f14421654e92548ea85ec3540e4ad |
| SHA512 | 335211d0d3884bb3a557c0b6dd969a8392bc4823d133542ee6b7d22e9ed362b0d3ce1fa48abb6af1d6c3d37b10a58859df27654337e6c84d177aa05839174b62 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
| MD5 | 3149d2bb4e795a70433e87523235ae41 |
| SHA1 | 0998652a404a50fed4a41f3fb378614592b0cfb1 |
| SHA256 | 28243c0f73bf7b52b4f9869fbe6028f693eb305c54cfa84df00bc89a4039e837 |
| SHA512 | c6ecc3dbd10fd5beb3f54c587195907dcfd4a2c8e5b7c75da231f0b674eeb58d914ec968589de561070cfc9e3c608334cf19802905c75b422618c9f5495bdbbd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7f9a918f4357cd7a6be97a65354a17e0 |
| SHA1 | 14163d4497d7761a159d027d00b7bf2d9725f09e |
| SHA256 | 0ff407fde72401fd5340a0790655e0767ecc1d440799df510f7b4d15af2766a2 |
| SHA512 | 75e061f9b6671ea3ae12f4b7e3c86fdb04e7646d741f0c8cf5d556b7177b5b27f4323a25e905cd7bc96e2c1ad97b951960a573527f0e4b66f1b14181c3fdf63f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
| MD5 | fe3b4be60f507a78508180f8d47d569c |
| SHA1 | 38c9e82a1b1fbe29450485d3fb0bbede6012f018 |
| SHA256 | 45b6e978ce31bb38fd644eb9b3c6654099f5f5db499fe91753b7f91600933489 |
| SHA512 | 777904ebe9a48daccd3c43312c4ed171efc117a5747f984f7d123a95eaa4452d286d71835dc30dc52409188a801585ab56d846d84ea14cbf9f1d4c23feff6ae9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | a7b44148dc01bc87a0fa1fdcf34fd98f |
| SHA1 | faa22a9c0b0ff1615f26e4cfd07fc904429f1177 |
| SHA256 | c0319b89e29d13732194018326ac81d61d17351146caf80caeb68f065522f608 |
| SHA512 | 4e8e85ffbf5c8486a50726b95d19b5c277e54fe33d89c093d1647a5facc084b122f6dcf18af109c6ce20c88b6ea06fab714477a792f75048944843e6e4b843c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | 0922a41ae1007786f35e0a8c907fa2f2 |
| SHA1 | 0b74f8250b41bbc77731057558280d3daf26da13 |
| SHA256 | edcf33e54e3eebbcc4638b32e2c481e88fc66f137bf1e0e95ebc3c88a48d4064 |
| SHA512 | 3979846702969ff4206675d5777763e16b6dc4dc452c75a7386e04e459f3e9f416388c3734e7dade6b069ca231147566927b1973e4c17bdcf1db2a9b37231701 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | 7a5b6eb82a9453dccb924b3b7c8660f2 |
| SHA1 | 33996d3580f76851f1a74c10528e8d9ec961b8f0 |
| SHA256 | 1f445d01d54788387674b588eff30d8c78b761ea4cd2319c9ffae8c64e964951 |
| SHA512 | 05015a4de5b285db5ca00fe1814b0924d82a2056bc18882a84a79d52d2d154e103d6c334a8e684fb97a3babb826eff75921dce3bda5131f0aa955cde588f8d0b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | 5947a819c7aba7f2fe52587b27964725 |
| SHA1 | fa7819d152c5a86ff00f84c6d79390ba1d5a7d58 |
| SHA256 | 4f6c1ec0a3bd62c40f73cd5d371a751a2cfe94cb74fbfae5e51582e60c18314e |
| SHA512 | ad8dc726130753c3a743420977a976832abb8c97b74c3c2d78732554d7410a9686a6e0fc5f57c413129bfa39162cefb3561cc91fdd7f62e78200f4f5a4e1dcb4 |
C:\Users\Admin\AppData\Local\Temp\heidiZzOs_nAUVEVs\IWPfiAXUTJTSHistory
| MD5 | 8a49e4add610fc0790f1d6c81c5a5e95 |
| SHA1 | 5248fa5f4348bc7e2062751fc3041cfd67bc9466 |
| SHA256 | 7b7f2c7b9eaaeaeaec977105124020f6bb1aaada47f7bd03f05b7ba7f2cb12ee |
| SHA512 | 8cda64af3ab4aeda7d2bcc61a5b30773a0cb6051805032cd1af664a901dd85cd297b19a09036ed45edf6fa4f0b29a6c5dc0a471e4ac359b852ba5de0e83f2124 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 276b2496cb8c35dea836bbb859836f9d |
| SHA1 | d6d48fc6b9779eb2fd12897982efea6e0d54ca05 |
| SHA256 | 7b2f581a025f55c3e0c091522943e0f5a8dacec497dcd9b88073ad2b9c6814ca |
| SHA512 | f6958d0812d1b3043d12bbcb88d1e04498395289576ff6047e91ebb6a2c3cb0309b22a3fa1a3ac17529d8c8102ae0c56965c95f816bae1b9e90631d32c3eb270 |
C:\Users\Admin\AppData\Local\Temp\adobeZzOs_nAUVEVs\information.txt
| MD5 | 814236b2078e4334d720863e38c8dd8b |
| SHA1 | 75761f2b44d377c6b01bf99ce1a7bafd028edc94 |
| SHA256 | 7bc8e58a2a16755a0047800466dbe7c5e6cd2990d6369450d78ea7681f2a19c7 |
| SHA512 | 163f7eded649bb6cc4c3098e55d69a952da6633af3b8f987fe79dc7a3f56364ff10d00f201e064fc373c6e8d473e9957a98a914b378be3ddcc333eef2d23899a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8450df0e01d5d741adc38dcc0a781ac4 |
| SHA1 | 336a501cf592823458461584454b8db2ef418048 |
| SHA256 | 7b12b5c07c1b36a3e5136427ad51ce730317c691dbfd4a03b456e1de8858f1c2 |
| SHA512 | 5c9bccf6556eea4a68f4b10408a3f48be20bae9a4077068faf99a4cfb3a1d208bc18042e3867ff2a90eab5e34cabc58a55011914f1e3414180a55b8231d8b980 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zlzu656s.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 55ebe9044e9d7d3c9a626e6bc80c07f6 |
| SHA1 | 9c414f858a77b6f984aac3e0ec0dd5858114dedd |
| SHA256 | 402dae28355d407e03146ba686dcc671ed73770312a6710f3602cac15a64aaaa |
| SHA512 | b6dfc9ae53b2d74c8568658cc947aecbe39437574b2f651e5aea1124ba1d678f6f0551a3cf69d1b9ac6f386dcfc0242e36c96c0817a959404d81c67297e3ac83 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | bbc4689fa0f375b22862a94231704da4 |
| SHA1 | 62baa6b4fede6d041d96a1ea53a718ac0fe73c0c |
| SHA256 | 15b7de58400826baacc7370e1dbbc1900cc86a536f69200f06552e4d0b97c9c6 |
| SHA512 | 8f44f55f0dc281d629b6055f878caa8e261d05a5e315a0b224dd8f9395ca68b6b413213da25059a2275003ced37a4c8bdaad1acd90bd1dda796d171e9f14368d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a381cf779a51dd858ad7ea9c8bde057f |
| SHA1 | 2cff2380790c881da05389737f041fb88784d934 |
| SHA256 | 182c1f93cb72b5ecb2f07f983c593d33a221c000ea55aff38e9e632770e76b76 |
| SHA512 | 02a476a13236fee05e199a9b9ed622dad7e5b2a461a44ebba48916d9acb989e213c11cd1c31aa707c12e0c3eb2e389704693af9d0bc99392854d84f1a57f376c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 761f50516425004feead0d4054b3e3ef |
| SHA1 | 8e4349aa7dd43bea087ebc92caf17415b75f318c |
| SHA256 | 617db72d2af8af17e2a2dbca6d633d1a0378836dbf1cb61012d2efef65d7bbd9 |
| SHA512 | 78c6c5ca69a51f9109cbf5beca4f7fd623ff92aa2a0cb5013b1ab31c98667dd417f97db8de7946b8974237b945313bde71995cff3f648493c170dc1a9cf469a5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | 8445d2ea307d49d71243d9d2016bc838 |
| SHA1 | 3b88593c19c3b133cfd9a3132561a82f391da512 |
| SHA256 | e205da8708f8ddbc21d1977a11a7427de877948f2cebfbd22f4f13fdb5318664 |
| SHA512 | 485dfc7bbf2edf2eb88be28390adc0be8bb31c5fe770802efcc19587212496d1a43914a9374e7449647d9e9685fcea72845e2b7d73febc3a72fd4cb854b80354 |
C:\Users\Admin\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe
| MD5 | 8c9607a8c8359d15ec05a327be0b80a8 |
| SHA1 | 645ef703da82d57f169789d42c5c88625548bcc1 |
| SHA256 | 924f06d5c5dfa4ac57ea02f3899d9e083a61844d3e86372fc5d71e0e184df233 |
| SHA512 | 60880b8445341e3ad208977d2d328e497243dc6d5d51dc6a35923752f83cc8e621d6ca377d8638ef4415689f6e74e230bfa8a29953d639a5757bdf94a8d5dda1 |
C:\Users\Admin\AppData\Local\Temp\InstallSetup4.exe
| MD5 | 60026a97e125acc0f980a8dfbd4329a8 |
| SHA1 | 67a2c69e1f46da1ea1f9eed7bbf96473f7044ae0 |
| SHA256 | 03e839ea53665093be53ec40c14f397924e3121fc4dfe7db08307d0873c64c4c |
| SHA512 | 5c8461c9e7c5502ac16087896b813819b83f91c66b4b85e2bc426487df12c7bb3ec4aa4c2f66323d9e2470b6e6ee453b1701711aac879d64dd08e27eba99c551 |
C:\Users\Admin\AppData\Local\Temp\FourthX.exe
| MD5 | 2894bac8eef6977463a9b6b2b4ebfb45 |
| SHA1 | 24e371157c3114cd29a54cd635ddb884046a3f6b |
| SHA256 | d880568ca69cbd902df113d63331abce86cc5f454ceadac09c5cee53942a5762 |
| SHA512 | 903c63b84eb3f5c8dabe8e95388779fb50408eb58f80c8fdbfaec363fdaaff921089d00c117636304eaa2602c76ed53667472c6a983e9fcfd19d1b8b103a92a6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zlzu656s.default-release\prefs-1.js
| MD5 | bca329aa9dc70e3581697fbe0537733a |
| SHA1 | 9e318a3e3b1c62aab43a45501a62e810e9495941 |
| SHA256 | 70d7549da3d0c0bfda97da6bf8ac66334b1b01bae48788e151b7ce635a3889cb |
| SHA512 | 927137534dd1e7b42b1ae7704f1f8d0ca76ac7024b1c0d866efbfc85cded23a849f6f6f51d8ac8851c16be04738dfeb82ecda5bc98b2b1472fda1b6b2efc71e7 |
C:\Users\Admin\AppData\Local\Temp\nsp811E.tmp\INetC.dll
| MD5 | 40d7eca32b2f4d29db98715dd45bfac5 |
| SHA1 | 124df3f617f562e46095776454e1c0c7bb791cc7 |
| SHA256 | 85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9 |
| SHA512 | 5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d |
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-23 17:05
Reported
2024-02-23 17:10
Platform
win10v2004-20240221-en
Max time kernel
148s
Max time network
154s
Command Line
Signatures
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{73B24247-042E-4EF5-ADC2-42F62E6FD654}\InprocServer32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{50DF956F-CA2B-4616-83DE-4BB3AD8CF4E2}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ICQLiteShell.MCLiteShellExt.1\CLSID | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\WOW6432Node\Interface | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ICQLiteShell.MCLiteShellExt\CurVer\ = "ICQLiteShell.MCLiteShellExt.1" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3B2B86E2-601D-41A5-8FAB-CEBB3342EE8F}\NumMethods\ = "3" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ICQLiteShell.MCLiteShellExt.1\CLSID\ = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ICQLiteMenu | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ICQLiteMenu | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{50DF956F-CA2B-4616-83DE-4BB3AD8CF4E2}\InProcServer32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{50DF956F-CA2B-4616-83DE-4BB3AD8CF4E2}\ = "MIBLiteShellExt" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3B2B86E2-601D-41A5-8FAB-CEBB3342EE8F}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ICQLiteShell.MCLiteShellExt | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{73B24247-042E-4EF5-ADC2-42F62E6FD654}\ProgID | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{73B24247-042E-4EF5-ADC2-42F62E6FD654}\VersionIndependentProgID\ = "ICQLiteShell.MCLiteShellExt" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ICQLiteMenu\ = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ICQLiteMenu\ = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\WOW6432Node\CLSID | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{50DF956F-CA2B-4616-83DE-4BB3AD8CF4E2}\ProxyStubClsid32\ = "{50DF956F-CA2B-4616-83DE-4BB3AD8CF4E2}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3B2B86E2-601D-41A5-8FAB-CEBB3342EE8F}\ = "IMCLiteShellExt" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{73B24247-042E-4EF5-ADC2-42F62E6FD654}\ = "MCLiteShellExt Class" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{73B24247-042E-4EF5-ADC2-42F62E6FD654}\ProgID\ = "ICQLiteShell.MCLiteShellExt.1" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{50DF956F-CA2B-4616-83DE-4BB3AD8CF4E2}\InProcServer32\ThreadingModel = "Both" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{50DF956F-CA2B-4616-83DE-4BB3AD8CF4E2}\NumMethods | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ICQLiteShell.MCLiteShellExt\CLSID | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{50DF956F-CA2B-4616-83DE-4BB3AD8CF4E2}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ICQLiteShell.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{73B24247-042E-4EF5-ADC2-42F62E6FD654}\TypeLib | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{346F8AC1-CEB1-4E3E-944B-87D9840505C3}\1.0\HELPDIR | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3B2B86E2-601D-41A5-8FAB-CEBB3342EE8F}\ProxyStubClsid32\ = "{50DF956F-CA2B-4616-83DE-4BB3AD8CF4E2}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ICQLiteShell.MCLiteShellExt\CurVer | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{73B24247-042E-4EF5-ADC2-42F62E6FD654}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ICQLiteShell.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{73B24247-042E-4EF5-ADC2-42F62E6FD654}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ICQLiteShell.MCLiteShellExt\ = "MCLiteShellExt Class" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3B2B86E2-601D-41A5-8FAB-CEBB3342EE8F} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ICQLiteShell.MCLiteShellExt.1 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{346F8AC1-CEB1-4E3E-944B-87D9840505C3}\1.0 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{50DF956F-CA2B-4616-83DE-4BB3AD8CF4E2} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{346F8AC1-CEB1-4E3E-944B-87D9840505C3}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ICQLiteShell.MCLiteShellExt\CLSID\ = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{73B24247-042E-4EF5-ADC2-42F62E6FD654} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{73B24247-042E-4EF5-ADC2-42F62E6FD654}\VersionIndependentProgID | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{346F8AC1-CEB1-4E3E-944B-87D9840505C3}\1.0\FLAGS | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{346F8AC1-CEB1-4E3E-944B-87D9840505C3}\1.0\0 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3B2B86E2-601D-41A5-8FAB-CEBB3342EE8F}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{50DF956F-CA2B-4616-83DE-4BB3AD8CF4E2}\ = "PSFactoryBuffer" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{50DF956F-CA2B-4616-83DE-4BB3AD8CF4E2}\NumMethods\ = "7" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ICQLiteShell.MCLiteShellExt.1\ = "MCLiteShellExt Class" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{346F8AC1-CEB1-4E3E-944B-87D9840505C3} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{346F8AC1-CEB1-4E3E-944B-87D9840505C3}\1.0\ = "ICQLiteShell 1.0 Type Library" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{50DF956F-CA2B-4616-83DE-4BB3AD8CF4E2} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{346F8AC1-CEB1-4E3E-944B-87D9840505C3}\1.0\0\win32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{346F8AC1-CEB1-4E3E-944B-87D9840505C3}\1.0\FLAGS\ = "0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{346F8AC1-CEB1-4E3E-944B-87D9840505C3}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ICQLiteShell.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{73B24247-042E-4EF5-ADC2-42F62E6FD654}\TypeLib\ = "{346F8AC1-CEB1-4E3E-944B-87D9840505C3}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1436 wrote to memory of 2360 | N/A | C:\Windows\system32\regsvr32.exe | C:\Windows\SysWOW64\regsvr32.exe |
| PID 1436 wrote to memory of 2360 | N/A | C:\Windows\system32\regsvr32.exe | C:\Windows\SysWOW64\regsvr32.exe |
| PID 1436 wrote to memory of 2360 | N/A | C:\Windows\system32\regsvr32.exe | C:\Windows\SysWOW64\regsvr32.exe |
Processes
C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\ICQLiteShell.dll
C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\ICQLiteShell.dll
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 5.181.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.173.189.20.in-addr.arpa | udp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-02-23 17:05
Reported
2024-02-23 17:10
Platform
win10v2004-20240221-en
Max time kernel
90s
Max time network
121s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1956 wrote to memory of 1188 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1956 wrote to memory of 1188 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 1956 wrote to memory of 1188 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ICQRT.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ICQRT.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 1188 -ip 1188
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1188 -s 600
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 181.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |