Analysis Overview
SHA256
d765e722e295969c0a5c2d90f549db8b89ab617900bf4698db41c7cdad993bb9
Threat Level: Known bad
The file CryptoLocker.exe was found to be: Known bad.
Malicious Activity Summary
CryptoLocker
Cryptolocker family
Deletes shadow copies
Downloads MZ/PE file
Deletes itself
Checks computer location settings
Executes dropped EXE
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Subvert Trust Controls: Mark-of-the-Web Bypass
System Location Discovery: System Language Discovery
Unsigned PE
Enumerates physical storage devices
NSIS installer
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
NTFS ADS
Suspicious use of WriteProcessMemory
Checks processor information in registry
Suspicious use of AdjustPrivilegeToken
Interacts with shadow copies
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SendNotifyMessage
Uses Task Scheduler COM API
Enumerates system info in registry
Modifies registry class
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-04-21 01:20
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-04-21 01:20
Reported
2025-04-21 01:25
Platform
win10ltsc2021-20250410-en
Max time kernel
310s
Max time network
312s
Command Line
Signatures
CryptoLocker
Cryptolocker family
Deletes shadow copies
Downloads MZ/PE file
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-4260291853-3905407524-539084913-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\AdwereCleaner.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\AdwereCleaner.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\6AdwCleaner.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\6AdwCleaner.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\WinNuke.98.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\satan.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\satan.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4260291853-3905407524-539084913-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CryptoLocker = "C:\\Users\\Admin\\AppData\\Roaming\\{34184A33-0407-212E-3320-09040709E2C2}.exe" | C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4260291853-3905407524-539084913-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdwCleaner = "\"C:\\Users\\Admin\\AppData\\Local\\6AdwCleaner.exe\" -auto" | C:\Users\Admin\AppData\Local\6AdwCleaner.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 1672 set thread context of 5340 | N/A | C:\Users\Admin\Downloads\satan.exe | C:\Users\Admin\Downloads\satan.exe |
| PID 5672 set thread context of 4964 | N/A | C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe | C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\CryptoLocker.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\satan.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\AdwereCleaner.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\WinNuke.98.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\satan.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\AdwereCleaner.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WinNuke.98.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\CryptoLocker.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\satan.exe | N/A |
NSIS installer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Interacts with shadow copies
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\vssadmin.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4260291853-3905407524-539084913-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\Walker.com:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\WinNuke.98.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\CryptoLocker.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\satan.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\AdwereCleaner.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\Melissa.doc:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\6AdwCleaner.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\6AdwCleaner.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Users\Admin\AppData\Local\Temp\CryptoLocker.exe
"C:\Users\Admin\AppData\Local\Temp\CryptoLocker.exe"
C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe
"C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe" "/rC:\Users\Admin\AppData\Local\Temp\CryptoLocker.exe"
C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe
"C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe" /w00000240
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe
C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe
C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 1980 -prefsLen 27100 -prefMapHandle 1984 -prefMapSize 270279 -ipcHandle 2072 -initialChannelId {efc6e0a9-3909-4f6b-8df9-60c795d607c7} -parentPid 4156 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4156" -appDir "C:\Program Files\Mozilla Firefox\browser" - 1 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2436 -prefsLen 27136 -prefMapHandle 2440 -prefMapSize 270279 -ipcHandle 2444 -initialChannelId {a2b182f7-5d2a-44e2-abc4-0f1eb75c550b} -parentPid 4156 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4156" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 2 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3972 -prefsLen 27277 -prefMapHandle 3976 -prefMapSize 270279 -jsInitHandle 3980 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 3984 -initialChannelId {5ef19e33-d59a-41c1-9fe7-a6701bb2b133} -parentPid 4156 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4156" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 3 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 4132 -prefsLen 27277 -prefMapHandle 4136 -prefMapSize 270279 -ipcHandle 4152 -initialChannelId {065f1a51-90d1-47a4-a61d-5305c7d47408} -parentPid 4156 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4156" -appDir "C:\Program Files\Mozilla Firefox\browser" - 4 rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3256 -prefsLen 34776 -prefMapHandle 2948 -prefMapSize 270279 -jsInitHandle 1628 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 4492 -initialChannelId {40dc5a20-e4bf-47ea-80ec-1ce458352560} -parentPid 4156 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4156" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 5 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -sandboxingKind 0 -prefsHandle 3144 -prefsLen 35013 -prefMapHandle 3148 -prefMapSize 270279 -ipcHandle 3132 -initialChannelId {6786ffd1-a589-4608-adaa-8eb489bd2e7d} -parentPid 4156 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4156" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 6 utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5312 -prefsLen 32900 -prefMapHandle 5316 -prefMapSize 270279 -jsInitHandle 5320 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5328 -initialChannelId {ee938bcc-a075-4368-9806-753544bfd69e} -parentPid 4156 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4156" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 7 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5460 -prefsLen 32952 -prefMapHandle 5352 -prefMapSize 270279 -jsInitHandle 5520 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5528 -initialChannelId {4261ce28-31e4-40b9-b302-4da78718ea6e} -parentPid 4156 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4156" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 8 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5704 -prefsLen 32952 -prefMapHandle 5708 -prefMapSize 270279 -jsInitHandle 5712 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5724 -initialChannelId {afa4edb6-e919-477f-8903-04862336ac44} -parentPid 4156 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4156" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 9 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 6472 -prefsLen 33071 -prefMapHandle 6412 -prefMapSize 270279 -jsInitHandle 6248 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 3820 -initialChannelId {b42d314a-fed6-4992-9de8-54d959e8013f} -parentPid 4156 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4156" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 10 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 6816 -prefsLen 36543 -prefMapHandle 6804 -prefMapSize 270279 -jsInitHandle 6820 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 6828 -initialChannelId {ad562d3a-73c3-45c0-8bd0-c76272de8d3f} -parentPid 4156 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4156" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 11 tab
C:\Users\Admin\Downloads\AdwereCleaner.exe
"C:\Users\Admin\Downloads\AdwereCleaner.exe"
C:\Users\Admin\AppData\Local\6AdwCleaner.exe
"C:\Users\Admin\AppData\Local\6AdwCleaner.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\6AdwCleaner.exe" -auto
C:\Users\Admin\AppData\Local\6AdwCleaner.exe
C:\Users\Admin\AppData\Local\6AdwCleaner.exe -auto
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\4696bde7c2634a31a43935c5460b53d4 /t 4204 /p 4236
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\Melissa.doc" /o ""
C:\Users\Admin\Downloads\WinNuke.98.exe
"C:\Users\Admin\Downloads\WinNuke.98.exe"
C:\Users\Admin\Downloads\satan.exe
"C:\Users\Admin\Downloads\satan.exe"
C:\Users\Admin\Downloads\satan.exe
"C:\Users\Admin\Downloads\satan.exe"
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
"C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\tmp_a1977cde.bat"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
"C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe"
C:\Windows\System32\vssadmin.exe
"C:\Windows\System32\vssadmin.exe" delete shadows /all /quiet
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
Network
| Country | Destination | Domain | Proto |
| US | 184.164.136.134:80 | tcp | |
| N/A | 127.0.0.1:49788 | tcp | |
| US | 8.8.8.8:53 | checkappexec.microsoft.com | udp |
| GB | 51.140.242.104:443 | checkappexec.microsoft.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| N/A | 127.0.0.1:49801 | tcp | |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | merino.services.mozilla.com | udp |
| US | 8.8.8.8:53 | mc.prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | mc.prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.110.138.217:443 | merino.services.mozilla.com | udp |
| US | 8.8.8.8:53 | merino.services.mozilla.com | udp |
| US | 34.110.138.217:443 | merino.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | merino.services.mozilla.com | udp |
| US | 8.8.8.8:53 | example.org | udp |
| US | 8.8.8.8:53 | ipv4only.arpa | udp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 8.8.8.8:53 | prod.detectportal.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.detectportal.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.153.106:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.153.106:443 | www.google.com | udp |
| US | 8.8.8.8:53 | mtdmmtjjiuqbkji.info | udp |
| US | 8.8.8.8:53 | averslylrvbhkfq.com | udp |
| US | 8.8.8.8:53 | opnnrevvbvoodbq.net | udp |
| US | 8.8.8.8:53 | crosxvlxkwyumkq.biz | udp |
| US | 8.8.8.8:53 | sfgueafmtrqfhfm.ru | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | tshfvrstdivpysq.org | udp |
| US | 8.8.8.8:53 | ubqvjkrymsoshbd.co.uk | udp |
| US | 8.8.8.8:53 | vorgbcfgvjtdifp.info | udp |
| US | 8.8.8.8:53 | uplqqfprqkphsjq.com | udp |
| US | 8.8.8.8:53 | vdmbiwdyaburkpq.net | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | archive.mozilla.org | udp |
| US | 151.101.67.19:443 | archive.mozilla.org | tcp |
| US | 8.8.8.8:53 | mozilla-download.fastly-edge.com | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| US | 8.8.8.8:53 | mozilla-download.fastly-edge.com | udp |
| US | 34.104.35.123:443 | edgedl.me.gvt1.com | tcp |
| BR | 2.20.139.134:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | wlvrvpcejlnulmq.biz | udp |
| US | 8.8.8.8:53 | xywcnhplscsfmjy.ru | udp |
| US | 8.8.8.8:53 | tgwhajakavmjpup.org | udp |
| US | 8.8.8.8:53 | hkrgaegerjpdyvo.co.uk | udp |
| US | 8.8.8.8:53 | ubupbafwtarbrqn.info | udp |
| US | 8.8.8.8:53 | ifpobulqlnuureu.com | udp |
| US | 8.8.8.8:53 | xwcffcybokmdtyy.net | udp |
| US | 8.8.8.8:53 | lbwefwfugxpwdhc.biz | udp |
| US | 8.8.8.8:53 | yrangseniorudnn.ru | udp |
| US | 8.8.8.8:53 | mvumgnkhacuodiy.org | udp |
| US | 8.8.8.8:53 | xpfpqtjhutwdxgp.co.uk | udp |
| US | 8.8.8.8:53 | yfacbongmcesyuw.info | udp |
| US | 8.8.8.8:53 | ykdxrkotoxcuaqv.com | udp |
| US | 8.8.8.8:53 | aaxkcfssggjkrou.net | udp |
| US | 8.8.8.8:53 | cgknvmixjiwwqqr.biz | udp |
| US | 8.8.8.8:53 | dvfaghmwbqemrmd.ru | udp |
| US | 8.8.8.8:53 | dbivwdnkdmcoato.org | udp |
| US | 8.8.8.8:53 | eqdihxrjuujeryr.co.uk | udp |
| US | 8.8.8.8:53 | ekwxragglwpxoak.info | udp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| DE | 172.217.16.81:443 | csp.withgoogle.com | tcp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | ogads-pa.clients6.google.com | udp |
| NL | 173.194.69.95:443 | ogads-pa.clients6.google.com | tcp |
| NL | 173.194.69.95:443 | ogads-pa.clients6.google.com | tcp |
| US | 8.8.8.8:53 | ogads-pa.clients6.google.com | udp |
| DE | 172.217.16.81:443 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | ogads-pa.clients6.google.com | udp |
| NL | 173.194.69.95:443 | ogads-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | rorwrrvtcqonohk.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 142.251.31.101:443 | play.google.com | tcp |
| NL | 142.251.31.101:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 142.251.31.101:443 | play.google.com | udp |
| US | 8.8.8.8:53 | gcuuvqlfhjouhqy.net | udp |
| US | 8.8.8.8:53 | tgptvibsxdnkqoh.biz | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| NL | 172.217.218.138:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| NL | 172.217.218.138:443 | consent.google.com | udp |
| US | 8.8.8.8:53 | ibcvwsfwalprsbk.ru | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | vfwuwkukqfohspo.org | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.110.133:443 | user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | s3-w.us-east-1.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | s3-w.us-east-1.amazonaws.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.110.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | ksasbjkvvxoosqi.co.uk | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | xwurbbajmrnecvu.info | udp |
| US | 8.8.8.8:53 | itfgikpoguvnayw.com | udp |
| US | 8.8.8.8:53 | jjasscdkwjhhrtf.net | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| NL | 173.194.69.94:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | klddmbunchukset.biz | udp |
| US | 8.8.8.8:53 | lbxpwsijsvgetmt.ru | udp |
| US | 8.8.8.8:53 | mkkendofujvhsgp.org | udp |
| US | 8.8.8.8:53 | nafqxucblxhbkic.co.uk | udp |
| US | 8.8.8.8:53 | ocibrtteqvueskv.info | udp |
| US | 8.8.8.8:53 | prdnclhahkgxtaa.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | s3-w.us-east-1.amazonaws.com | udp |
| US | 8.8.8.8:53 | s3-w.us-east-1.amazonaws.com | udp |
| US | 8.8.8.8:53 | iitmbifpslyiucb.net | udp |
| US | 8.8.8.8:53 | vmolbdljkycceda.biz | udp |
| US | 8.8.8.8:53 | jdrucsrvpxvjedb.ru | udp |
| US | 8.8.8.8:53 | whmtcnxphlydeqi.org | udp |
| US | 8.8.8.8:53 | ksyinbctlfqlgid.co.uk | udp |
| US | 8.8.8.8:53 | xwthnvindstfpqg.info | udp |
| US | 8.8.8.8:53 | lnwqoloairnmikt.com | udp |
| US | 8.8.8.8:53 | yrrpogutafqgiff.net | udp |
| US | 8.8.8.8:53 | mrcursomnjjcdtt.biz | udp |
| US | 8.8.8.8:53 | nhwhcnslfrqreib.ru | udp |
| US | 8.8.8.8:53 | nmadsdbskvgdmjc.org | udp |
| US | 8.8.8.8:53 | ocupdxfrcensehb.co.uk | udp |
| US | 8.8.8.8:53 | ochqellqgdbfdtd.info | udp |
| US | 8.8.8.8:53 | prcdogppxliuepo.com | udp |
| US | 8.8.8.8:53 | pwfyfvxwdpxgfkc.net | udp |
| US | 8.8.8.8:53 | qmalpqcvuxfvwpf.biz | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | smtdsyloektersu.ru | udp |
| US | 8.8.8.8:53 | gqocsqbcuestrau.org | udp |
| US | 8.8.8.8:53 | uerawjxbdjbrrol.co.uk | udp |
| US | 8.8.8.8:53 | iimywbnotdahbmt.info | udp |
| US | 8.8.8.8:53 | uwyyfriswelhdvn.com | udp |
| US | 8.8.8.8:53 | ibtxfjxgnxkwdkr.net | udp |
| US | 8.8.8.8:53 | wowvjcufvdsuvyn.biz | udp |
| US | 8.8.8.8:53 | ksrujtksmwrkfea.ru | udp |
| US | 8.8.8.8:53 | wvcljjuwyiatdxa.org | udp |
| US | 8.8.8.8:53 | xlwxtbispwlnusi.co.uk | udp |
| US | 8.8.8.8:53 | ynainthjxhhhdiy.info | udp |
| US | 8.8.8.8:53 | aduuxlufovsbeqy.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | yghhvcrbrcrwdua.net | udp |
| US | 8.8.8.8:53 | avctgtfwiqdquwm.biz | udp |
| US | 8.8.8.8:53 | bxfeamenqbykvmi.ru | udp |
| US | 8.8.8.8:53 | www.vikingwebscanner.com | udp |
| US | 8.8.8.8:53 | cnaqkerjhpkewcm.org | udp |
| US | 8.8.8.8:53 | qyymelcaulqayex.co.uk | udp |
| US | 8.8.8.8:53 | ebapqgitwwttimb.info | udp |
| US | 8.8.8.8:53 | rtwufchmopvrbav.com | udp |
| US | 8.8.8.8:53 | fvxxrwngqbylbuh.net | udp |
| US | 8.8.8.8:53 | upekjqkenqjurpl.biz | udp |
| US | 8.8.8.8:53 | irfnvlqxpcmobqk.ru | udp |
| US | 8.8.8.8:53 | vkcskhpqhuombea.org | udp |
| US | 8.8.8.8:53 | www.vikingwebscanner.com | udp |
| US | 8.8.8.8:53 | jmdvwcvkjgrgbrh.co.uk | udp |
| US | 8.8.8.8:53 | yuhqivhvxqomvdm.info | udp |
| US | 8.8.8.8:53 | aiiygqluaioxwyx.com | udp |
| US | 8.8.8.8:53 | apfyjmmirutexns.net | udp |
| US | 8.8.8.8:53 | bdghhhqhtmtppsv.biz | udp |
| US | 8.8.8.8:53 | dlmonbpaqvhhaus.ru | udp |
| US | 8.8.8.8:53 | eynwlvtysnhsbja.org | udp |
| US | 8.8.8.8:53 | egkworumkamyjxp.co.uk | udp |
| US | 8.8.8.8:53 | ftlfmmylmrmkbvo.info | udp |
| US | 8.8.8.8:53 | bdydvcivafnqxwy.com | udp |
| US | 8.8.8.8:53 | ofagitxjnlycxld.net | udp |
| US | 8.8.8.8:53 | duwaasnuvrmnqnn.biz | udp |
| US | 8.8.8.8:53 | qwxdmkdijxxyasa.ru | udp |
| US | 8.8.8.8:53 | svfenygngqrwqmd.co.uk | udp |
| US | 8.8.8.8:53 | hlcxfxvyowfiqub.info | udp |
| US | 8.8.8.8:53 | undbrplmcdqtasj.com | udp |
| US | 8.8.8.8:53 | jyhhamnddktuxiw.net | udp |
| US | 8.8.8.8:53 | kmipxebyqwlopkj.biz | udp |
| US | 8.8.8.8:53 | lqfeedscywsrqnt.ru | udp |
| US | 8.8.8.8:53 | megmcugxmjklrdx.org | udp |
| US | 8.8.8.8:53 | npmffrvhvpmpcwt.co.uk | udp |
| US | 8.8.8.8:53 | odnndjjdjcejtrc.info | udp |
| US | 8.8.8.8:53 | phkcjibgrclmcba.com | udp |
| US | 8.8.8.8:53 | qulkhaocfodgdja.net | udp |
| US | 8.8.8.8:53 | fbvrfkflnwvvjoy.biz | udp |
| US | 8.8.8.8:53 | sdwurflfpiypswc.ru | udp |
| US | 8.8.8.8:53 | gvtagurrkjswspy.org | udp |
| US | 8.8.8.8:53 | txudspxlmuvqskk.co.uk | udp |
| US | 8.8.8.8:53 | hlbnrppqkpuxjcf.info | udp |
| US | 8.8.8.8:53 | uncqekvkmbxrsde.com | udp |
| US | 8.8.8.8:53 | igyvsacwhcrylev.net | udp |
| US | 8.8.8.8:53 | viayfuiqjnuslrd.biz | udp |
| US | 8.8.8.8:53 | nwevjukhqctigtg.ru | udp |
| US | 8.8.8.8:53 | okfehpogsttthpr.org | udp |
| US | 8.8.8.8:53 | orcekfwnnoqjpjo.co.uk | udp |
| US | 8.8.8.8:53 | pfdmiabmpgquhor.info | udp |
| US | 8.8.8.8:53 | phjrvaumnuskrbt.com | udp |
| US | 8.8.8.8:53 | qukatuylpmsvspb.net | udp |
| US | 8.8.8.8:53 | qchawkhskhpltrs.biz | udp |
| US | 8.8.8.8:53 | rpiiuflrmypwlpr.ru | udp |
| US | 8.8.8.8:53 | pfviwblksoktgsy.org | udp |
| US | 8.8.8.8:53 | dhwljsbxguvfghd.co.uk | udp |
| US | 8.8.8.8:53 | rwtfblxwrnrhgop.info | udp |
| US | 8.8.8.8:53 | fyuindnkftdsptc.com | udp |
| US | 8.8.8.8:53 | rpbejgvpphjvgdv.net | udp |
| US | 8.8.8.8:53 | frchvxlddnuhgkv.biz | udp |
| US | 8.8.8.8:53 | thybnqicogqjygv.ru | udp |
| US | 8.8.8.8:53 | hjaeaixpcmcuiee.org | udp |
| US | 8.8.8.8:53 | yofuydenjgirxmc.info | udp |
| US | 8.8.8.8:53 | ascjfvdeusxlguo.com | udp |
| US | 8.8.8.8:53 | bgdrdnqaifpfhks.net | udp |
| US | 8.8.8.8:53 | aljinqbwsmparot.biz | udp |
| US | 8.8.8.8:53 | bykqliosgyhtjjc.ru | udp |
| US | 8.8.8.8:53 | cdhfrbnjrlwnkgc.org | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | dqinpsbffxohloc.co.uk | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | pexrptksmrxpvp.info | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | dissjoqxikceff.com | udp |
| US | 8.8.8.8:53 | qdirckpisfgoxw.net | udp |
| US | 8.8.8.8:53 | ehdsvfvnoxkdxv.biz | udp |
| US | 8.8.8.8:53 | roaming.officeapps.live.com | udp |
| IE | 52.109.76.243:443 | roaming.officeapps.live.com | tcp |
| US | 8.8.8.8:53 | tmcytmjjodbraq.ru | udp |
| US | 8.8.8.8:53 | hqwanhpokvfgjn.org | udp |
| US | 8.8.8.8:53 | ulmygdoyuqjqjw.co.uk | udp |
| US | 8.8.8.8:53 | iphaaxueqjnfjd.info | udp |
| US | 8.8.8.8:53 | tngagfmomjdlhp.com | udp |
| US | 8.8.8.8:53 | udbokaqcinvrip.net | udp |
| US | 8.8.8.8:53 | umqasvreswlkji.biz | udp |
| US | 8.8.8.8:53 | vclowqvrobeqbu.ru | udp |
| US | 8.8.8.8:53 | xvkhkxlfougnaw.org | udp |
| US | 8.8.8.8:53 | ylfvospskyytbe.co.uk | udp |
| US | 8.8.8.8:53 | yuuhwoquuiomjo.info | udp |
| US | 8.8.8.8:53 | akpvbjuiqmhsbi.com | udp |
| US | 8.8.8.8:53 | ixaqhrkaebgkuj.net | udp |
| US | 8.8.8.8:53 | vcurbjacqysquf.biz | udp |
| US | 8.8.8.8:53 | ktknyipvmwtwnr.ru | udp |
| US | 8.8.8.8:53 | xxfosafxyugdwb.org | udp |
| US | 8.8.8.8:53 | mgexlkjqgmjmyn.co.uk | udp |
| US | 8.8.8.8:53 | akyyfcysskvsyq.info | udp |
| US | 8.8.8.8:53 | ocoudbomoiwyyo.com | udp |
| US | 8.8.8.8:53 | cgjvwseobgjfif.net | udp |
| US | 8.8.8.8:53 | mhiyxdmkestxdw.biz | udp |
| US | 8.8.8.8:53 | nwdncuarqcemud.ru | udp |
| US | 8.8.8.8:53 | odsvptrgmohkvq.org | udp |
| US | 8.8.8.8:53 | psnktlfnyxrywn.co.uk | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | qpmgcvlbgewavh.info | udp |
| US | 8.8.8.8:53 | rfhugnyisnhonu.com | udp |
| US | 8.8.8.8:53 | slwdtmqwoakmvt.net | udp |
| US | 8.8.8.8:53 | tbrrxeeebjubwx.biz | udp |
| US | 8.8.8.8:53 | upwhftyjduvsyk.ru | udp |
| US | 8.8.8.8:53 | itriyofoynahia.org | udp |
| US | 8.8.8.8:53 | vohhrelmcvvbiw.co.uk | udp |
| US | 8.8.8.8:53 | jscilyrrxoapiv.info | udp |
| US | 8.8.8.8:53 | wrbtsmvnjfdnkn.com | udp |
| US | 8.8.8.8:53 | kvvumhcsfxhctk.net | udp |
| US | 8.8.8.8:53 | xqltfwiqigdvmh.biz | udp |
| US | 8.8.8.8:53 | luguyroveyhkmn.ru | udp |
| US | 8.8.8.8:53 | yyfpvfbfdmbokq.org | udp |
| US | 8.8.8.8:53 | aoaeaafsyqtulq.co.uk | udp |
| US | 8.8.8.8:53 | axppipnicnbwto.info | udp |
| US | 8.8.8.8:53 | bnkemkrvxrtdlb.com | udp |
| US | 8.8.8.8:53 | bbjcjxxjjwijkn.net | udp |
| US | 8.8.8.8:53 | cqeqnscwfbbplu.biz | udp |
| US | 8.8.8.8:53 | catcvikmixirms.ru | udp |
| US | 8.8.8.8:53 | dpoqadoaecbxem.org | udp |
| US | 8.8.8.8:53 | njygwrynucvyas.co.uk | udp |
| US | 8.8.8.8:53 | bnthqjophaifao.info | udp |
| US | 8.8.8.8:53 | pfjdocldvprcag.com | udp |
| US | 8.8.8.8:53 | djeeitbfineijp.net | udp |
| US | 8.8.8.8:53 | pldskkvrbmdtly.biz | udp |
| US | 8.8.8.8:53 | dpxtecltnkpalc.ru | udp |
| US | 8.8.8.8:53 | rhnpcuihcaywen.org | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | fliqvmxjoxldne.co.uk | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | rshondbxutjmim.info | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | sicdruofhdtbas.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | torlfnnnvhfpil.net | udp |
| US | 8.8.8.8:53 | uemajfbuiqpeji.biz | udp |
| US | 8.8.8.8:53 | tulbbvxcbeqhim.ru | udp |
| US | 8.8.8.8:53 | ukgpfnljnnbvaa.org | udp |
| US | 8.8.8.8:53 | vqvxsgkrcrmkbm.co.uk | udp |
| US | 8.8.8.8:53 | wgqmwxxyobwycq.info | udp |
| US | 8.8.8.8:53 | mwawtvivgrxquh.com | udp |
| US | 8.8.8.8:53 | aybcaqobmymbee.net | udp |
| US | 8.8.8.8:53 | 6pi3jrqjbssfh6gu.onion.pw | udp |
| US | 8.8.8.8:53 | nvkwgmnlmfgpwo.biz | udp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 8.8.8.8:53 | bxlcmhtqsmuawu.ru | udp |
| US | 8.8.8.8:53 | r10.i.lencr.org | udp |
| GB | 2.18.27.71:80 | r10.i.lencr.org | tcp |
| US | 8.8.8.8:53 | qfeexbqaoirtnp.org | udp |
| US | 8.8.8.8:53 | r10.o.lencr.org | udp |
| DE | 184.25.51.82:80 | r10.o.lencr.org | tcp |
| US | 8.8.8.8:53 | ehfjevwfupgewf.co.uk | udp |
| US | 8.8.8.8:53 | reoekrvpuvaswv.info | udp |
| US | 8.8.8.8:53 | synlogosttloeq2pwb4w6zaibacubnedji46bmsd3mhapesyeqa4xpqd.onion | udp |
| US | 8.8.8.8:53 | fgpjqmcubdodwu.com | udp |
| US | 8.8.8.8:53 | usibxhopohbbuu.net | udp |
| US | 8.8.8.8:53 | vgjlpcsduechvc.biz | udp |
| US | 8.8.8.8:53 | vrsbkxtfuujawn.ru | udp |
| US | 8.8.8.8:53 | wftlcsxsbrkgoh.org | udp |
| US | 8.8.8.8:53 | ybmicmwtwxueyj.co.uk | udp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 8.8.8.8:53 | aonsthbhduvkaj.info | udp |
| US | 8.8.8.8:53 | synlogosttloeq2pwb4w6zaibacubnedji46bmsd3mhapesyeqa4xpqd.onion | udp |
| US | 8.8.8.8:53 | aawiodcjdlddib.com | udp |
| US | 8.8.8.8:53 | bnxsgxgwjiejan.net | udp |
| US | 8.8.8.8:53 | fqcvltidrtmjto.biz | udp |
| US | 8.8.8.8:53 | ssdbrlxfbuwptr.ru | udp |
| US | 8.8.8.8:53 | hmmsdknyapavmw.org | udp |
| US | 8.8.8.8:53 | uonxjcdbjqkcvn.co.uk | udp |
| US | 8.8.8.8:53 | jygdpyqhakgmma.info | udp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 8.8.8.8:53 | wbhivqgjjlqsmv.com | udp |
| US | 8.8.8.8:53 | synlogosttloeq2pwb4w6zaibacubnedji46bmsd3mhapesyeqa4xpqd.onion | udp |
| US | 8.8.8.8:53 | luqahpvdigtymb.net | udp |
| US | 8.8.8.8:53 | ywrfnhlfrhefvk.biz | udp |
| US | 8.8.8.8:53 | nmkapfolajlpqo.ru | udp |
| US | 8.8.8.8:53 | oalkhwcsjaqaic.org | udp |
| US | 8.8.8.8:53 | piuwhvthifycji.co.uk | udp |
| US | 8.8.8.8:53 | qvvhynhorvemkm.info | udp |
| US | 8.8.8.8:53 | ruohtkwpiafsug.com | udp |
| US | 144.202.70.158:80 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 144.202.70.158:443 | 6pi3jrqjbssfh6gu.onion.pw | tcp |
| US | 8.8.8.8:53 | siprlckwrqkdmm.net | udp |
| US | 8.8.8.8:53 | synlogosttloeq2pwb4w6zaibacubnedji46bmsd3mhapesyeqa4xpqd.onion | udp |
| US | 8.8.8.8:53 | tqyelbclqvsfus.biz | udp |
| US | 8.8.8.8:53 | ueaodspsamxpvp.ru | udp |
| US | 8.8.8.8:53 | riymjvuswymqdb.org | udp |
| US | 8.8.8.8:53 | fkarpqbxdgbbmx.co.uk | udp |
| US | 8.8.8.8:53 | shjmvghvvamymn.info | udp |
Files
C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe
| MD5 | 04fb36199787f2e3e2135611a38321eb |
| SHA1 | 65559245709fe98052eb284577f1fd61c01ad20d |
| SHA256 | d765e722e295969c0a5c2d90f549db8b89ab617900bf4698db41c7cdad993bb9 |
| SHA512 | 533d6603f6e2a77bd1b2c6591a135c4717753d53317c1be06e43774e896d9543bcd0ea6904a0688aa84b2d8424641d68994b1e7dc4aa46d66c36feecb6145444 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xagz0so7.default-release\datareporting\glean\pending_pings\f68895bb-3155-44a6-86a5-e5f0646d747d
| MD5 | ac597de264fbbfdd94b626d43cb38ca6 |
| SHA1 | b387aa9a221fcecf89e763177132d2370420389b |
| SHA256 | 2c02704ec79d24e6726bf0edf4e5365c948d1d347d60635850ff30804a9bc06a |
| SHA512 | 9405b3c51a1dca977eaaf4756960eabd7d4ab523e07a89c459c84d9e7d22e4e22f7261cf9e4caf309a40b9cf12dc8f3e776a392b28684054c70cd5410fb8d0f7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xagz0so7.default-release\datareporting\glean\pending_pings\f2c2bee5-edb8-4def-8014-2a4e2ce8aa8e
| MD5 | d671818131f1e56f5a16202a8303b656 |
| SHA1 | 47fa828b6b3b9b0aed8deb522aa1465a02b9d2e3 |
| SHA256 | 18e392c905f9d4cde00c08a2834cfb112da8b978661c55060cda55d9e2148ae8 |
| SHA512 | a3efc7f48ab07b8b6a02b2690dfa6d133e6a5213e622be519624eee5654d2ae07eb5eaf6b730ab95f8dc554d6efc1f57abe1ad150890049a9bad655957c3fc0a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xagz0so7.default-release\datareporting\glean\pending_pings\e5f68724-deb7-4b2e-9b07-8188a5cd233d
| MD5 | 0777b24a644179f03354c144ce2689ac |
| SHA1 | ad63dcbc66359f3b285f0f9f7ff375bb3e8a332c |
| SHA256 | 14edc813f62948d7b3fb733cf2e3268affab68204d711d643bc5f50013238561 |
| SHA512 | 015cca04d5e4f5131b293e45b5f74f19f5a480cc684b5664d5b262f782118c68794cca90fb0b6bc9d099188665f3a2906823d7eb0b11e85afa9bb80aeee5718b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xagz0so7.default-release\datareporting\glean\pending_pings\6923a38f-d37a-451c-88f9-24874fb47acd
| MD5 | 4e1467e59dc5c44a0c6cd07bf10ebcba |
| SHA1 | 487414cbd8353d15f60a2de1a4c9a30c7b2e55ca |
| SHA256 | 2acc904dd87d23be9cce48154419f24d2788e77723452d5a0ad66b94597c3847 |
| SHA512 | 0a3ded098a86a4813eee7ae7f9891eb084771288fd8f41ec0c123e82e8ed3df3c5b500d287135d7ee0d9218f9eb5a7a9b35b4ca5b83e384ec4c2796a0752b09c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xagz0so7.default-release\datareporting\glean\pending_pings\04307c7c-6f85-4c25-a569-b77a463ade33
| MD5 | b265f25ab045b2d008033f3e33e00375 |
| SHA1 | 4f4d59850b517c4a1419b996f4f75284c769d000 |
| SHA256 | 43b074683e6dfb31f67e89139657f7fd9b123a618b477f1f31b3e064299028a1 |
| SHA512 | 35127a6ee64ec02f0c15842439f02cd135791cfde539d376c8e9bdf2f89bfb375b63a437dfb7e05038fcccadedd30f5f5494af2639c922ba129e4c97a2bfede9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xagz0so7.default-release\datareporting\glean\events\events
| MD5 | aa61e3fb809ac45e199d7e4ea1dbec0b |
| SHA1 | b281b4cf407ea8ec5a471bf9b4356ff49feb9778 |
| SHA256 | efe5284facfe84ba7090b58e58fc00bdd598faf9bc159b4a4fc20e6c58875436 |
| SHA512 | ddf8a26652dfc3ea05a0b32b542dee0bb5e744e65d444de84e7ea7e30d9e9eaee0fbaade42c116392b6eb0c94fd94567e0807861cc5c801f1b9e864c8d604bcc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xagz0so7.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | e3febbf6a0be9745aab9c9e94647c99f |
| SHA1 | 9def7279f843f02223b781cfebf1ca0cd67a2bef |
| SHA256 | 81f6c67029fa036ed6e64262345c247ccd22adb1d849c0a0c6f7a17d2e13ee85 |
| SHA512 | 01cc0fb013646a3a407b566a499b1c28ae406b38e5023cba7d8bfefe014deee1106f013753d7aa2a9736ae7017ee14e0d001fabc20c8bc1280819c201eddd743 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xagz0so7.default-release\activity-stream.discovery_stream.json
| MD5 | aa2ec91efc57292719b20af341397b7d |
| SHA1 | 2b611f8da82b3b54590cbf527187c8d5e98c4931 |
| SHA256 | 2540442b830b629b6fe47cf858043a16385f0eed01cae35d6f7d19d820286d69 |
| SHA512 | 582bd85912ee137a8bd4361acf8821aede7badab76845857ec1986286dd16143449ffade5f0d7c06a4ca370f8da908cc3dc9bc83400b32147789d2d64813e042 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xagz0so7.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 827b3b543ce5064561360ddfc66b41b0 |
| SHA1 | 557aa2514cd92c529457efb9120c14ba3bbf150c |
| SHA256 | 33430e9fdc17f39faba8a9af3e2b0c958d8f30619e2923ace9cf0d37b83e4be0 |
| SHA512 | 4fd83d985757e6928e34a637fd050c6dd7b99f1ff72023a8705f618acb237f8de3d02fd9f94001ae376b3744e861cca88764a1a975b5fadb454d54ec0e492bda |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xagz0so7.default-release\prefs.js
| MD5 | d558e09c61c247c7a096f608f3bf5aa5 |
| SHA1 | 9aaa0abf8b87cc74efebe768591a4d2a6bb4ff0d |
| SHA256 | 65ff09723e5a3af362857a5c18830a013d17639d6347adc31833984b65d8bbab |
| SHA512 | 1288bc84cec0dfee3763013ada39422878c86eb4e9834ec469438b71fdc33dc595d30dc3732e96aa27771cba3817aa0a1073e8ab6c315be5ef955cda9715ab41 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xagz0so7.default-release\prefs.js
| MD5 | dc7ee161cba91e76007f676d5dc5bfd3 |
| SHA1 | 7515cf47a4f62131b5ebde97f6c2ac2445fd3b71 |
| SHA256 | 8c528151e113bb2443496dc6d6dc323d36498b90753a7617fe135fa32d9b949c |
| SHA512 | 43effe0d9d90175492a03e4afddb25f770eb8b1ddafb0d1b68c89a4c02fa7902fc69872ff57fe1d8ad262e4926d8f9e50005054d7c9611b16137d0f147515280 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xagz0so7.default-release\AlternateServices.bin
| MD5 | 8107dfc17c18792151ebcb129b0c448e |
| SHA1 | 9225567b19b5c0fe0f895d0ce4a203bd4b859a8e |
| SHA256 | b0d6bb6307ed88d1b1dda1825996abe9dae3ed8f66d00dcca243f1f07fe40afe |
| SHA512 | 272a246398e06b0ff2d062b5c332b8c4fd0e441533223397ab2da77d9d2d102fd405c0bc035a60c1d972a71955197f2285fe179e70395466ef848dc87796139d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xagz0so7.default-release\prefs-1.js
| MD5 | f2c0692c4c84341a7465ea16a27576af |
| SHA1 | 1d38108aa430c7fb71d0127dd864db847034ad0b |
| SHA256 | e7bfe6b0bc53262e07ff6a6cdc5528555ce2a57c371f8778c3b9703d597b74e1 |
| SHA512 | f9476a243cdd8adbfc1186f6320dc536653f5219b01f470d8e9b188319687aa3d9262fc2b353f7662615d7a6f706c72b3c8cd6ed2ccef63a562a9136eddccc91 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xagz0so7.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 219994701ae94dfad41c2e382e2129e4 |
| SHA1 | c0360bbc40db12652b31aede77f75017231fd076 |
| SHA256 | c738e15c946ce7e145f5b9daa8dea305d891ad936351d321b6f6217820cf699c |
| SHA512 | 36063a36fee95ec9b56bd09fba451668406fd8889984d6298ed533e60d9db60221914d8923f639cd3c40b5f37452dc2853e73283bfb010670c80cb52026b7c29 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xagz0so7.default-release\cache2\entries\73EC3764FB3BA737E60C1F3545992FF513570DA7
| MD5 | f0313381cabf78e6bbdb3f75781db964 |
| SHA1 | a6aeb51d4d2322d64d56f312449a94b9f7a5963f |
| SHA256 | 6b0884a2c822f6ff29795aee6c3c72568c2e13dd0dda75768357753d86fb2d79 |
| SHA512 | 46a75136689c048bb3404e0a67deb4c0128e8208cc6410ebcd92a0275677e9a326c434e03fb9508cf27e9832e64e9dda64c21aea94418000ab547a9538b9746e |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 25e8156b7f7ca8dad999ee2b93a32b71 |
| SHA1 | db587e9e9559b433cee57435cb97a83963659430 |
| SHA256 | ddf3ba4e25a622276755133e0cce5605b83719c7cab3546e09acbfed00d6a986 |
| SHA512 | 1211b2fa997ba13ff926aec58b6b35a81d7fe108b0caa8f4d6369d0a37f8481373b78a4b201651243adde9e2b2699ce929482a46226ff6299b0a0e40fe2ddc56 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xagz0so7.default-release\extensions.json
| MD5 | 67010fbb98669406aab16ce1f8697d29 |
| SHA1 | e7756f9c10d1eb9f87f486af2be91109e438eb97 |
| SHA256 | 643d5ecddbebf6339497c61c18958c40432116a602822dbc21243653de5851ae |
| SHA512 | 6f2f45432f66d7f70fe11e64aad6359db7eac64ec886492449c06be028637b0d821ce4ab5748d893b0fc3853955e8b14a81a617f5919468d4af361b8a763c8c1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xagz0so7.default-release\prefs.js
| MD5 | 40ff74b43e11a06113badb67a525ec3d |
| SHA1 | f526fa22735313f8cf2ec4eeb6a3bfa4c0519d30 |
| SHA256 | 209a8cc747dc41f8e815f9b8dfa87929e702a52d6e85818ab0866822088c141a |
| SHA512 | f914addca23e1415757efbe54f77f0f05a26827db2427e6e081ac19714182286f1e2024aa6502598536b9a6ec4a8a65a25cdb5b08965c8287ab0918b762e57c2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xagz0so7.default-release\sessionstore-backups\recovery.baklz4
| MD5 | e399d6ca4ce82324c25d56865731129d |
| SHA1 | 388f0f903ec63e1dc284ef33494d95b26feade42 |
| SHA256 | 20a907612d70533509b229fd288d6fe152a565518a8abd23198b2530a0d50f53 |
| SHA512 | 268a6725ca3ad48ab8daf4db78357791515f01aa637cb05d2d516a8efc80fee63da25336a91d09f8361d321a6f96beb094965d53397c1e8ee44879c021210900 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xagz0so7.default-release\prefs-1.js
| MD5 | 906eec503dd1ec4adc575be2170d90e9 |
| SHA1 | 911a69be799819736973037d705d6073abce8e50 |
| SHA256 | 0e99af32c7b28341c2a66032724e46757587851c48e219268e984140a1fa1f69 |
| SHA512 | 07f813881bfa57ac3c7380b0676e3c8f6b85242154dae22a2c2ee048c98d8073f8c6959f82a3dcaca917faae866917d6dcaa45f8fb476cbb4f3eca1016a20f57 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | e690f995973164fe425f76589b1be2d9 |
| SHA1 | e947c4dad203aab37a003194dddc7980c74fa712 |
| SHA256 | 87862f4bc8559fbe578389a9501dc01c4c585edb4bb03b238493327296d60171 |
| SHA512 | 77991110c1d195616e936d27151d02e4d957be6c20a4f3b3511567868b5ddffc6abbfdc668d17672f5d681f12b20237c7905f9b0daaa6d71dcdac4b38f2448b2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xagz0so7.default-release\gmp-gmpopenh264\2.6.0\gmpopenh264.info
| MD5 | ae29912407dfadf0d683982d4fb57293 |
| SHA1 | 0542053f5a6ce07dc206f69230109be4a5e25775 |
| SHA256 | fe7686a6281f0ab519c32c788ce0da0d01640425018dcffcfcb81105757f6fe6 |
| SHA512 | 6f9083152c02f93a900cb69b1ce879e0c0d69453f1046280ca549a0301ae7925facdda6329f7ccb61726addee78ba2fffc5ba3491a185f139f3155716caf0a8d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xagz0so7.default-release\gmp-gmpopenh264\2.6.0\gmpopenh264.dll
| MD5 | 626073e8dcf656ac4130e3283c51cbba |
| SHA1 | 7e3197e5792e34a67bfef9727ce1dd7dc151284c |
| SHA256 | 37c005a7789747b412d6c0a6a4c30d15732da3d857b4f94b744be1a67231b651 |
| SHA512 | eebdeef5e47aeadfeebdbab8625f4ec91e15c4c4e4db4be91ea41be4a3da1e1afeed305f6470e5d6b2a31c41cbfb5548b35a15fccd7896d3fde7cdf402d7a339 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | bcceccab13375513a6e8ab48e7b63496 |
| SHA1 | 63d8a68cf562424d3fc3be1297d83f8247e24142 |
| SHA256 | a6af95a209b2e652ed6766804b9b8ad6b6a68f2c610b8f14713cd40df0d62bf9 |
| SHA512 | d94483deaae98bf9212699f1ab0bd913f6151a63e65ebc1ea644ab98d5e3ebd74ecaa08f70aca31e11a5d2c64d1504b723817af35bbe9d7b05c758dd6945d484 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xagz0so7.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 72961f7cebb42f7b8a0c715affdf61e7 |
| SHA1 | 362bfeffbd5db83be9ba2d7030aa63ed88ee5928 |
| SHA256 | ae7d231992b1c90071a390a854191b27a56cd42bae71c9aef7e6858540a5fa9b |
| SHA512 | 11b0fc73d127f7f220baadea96bf0a174b2ca46a4a6758af4e091fad24934d56d88fce891efb4ebe970cc66149e7fa4bdb166983e69e7c97c982859434b76e14 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xagz0so7.default-release\gmp-widevinecdm\4.10.2891.0\manifest.json
| MD5 | 32aeacedce82bafbcba8d1ade9e88d5a |
| SHA1 | a9b4858d2ae0b6595705634fd024f7e076426a24 |
| SHA256 | 4ed3c6389f6f7cd94db5cd0f870c34a296fc0de3b1e707fccf01645b455790ce |
| SHA512 | 67dfe5632188714ec87f3c79dbe217a0ae4dfb784f3fac63affd20fef8b8ef1978c28b3bf7955f3daaf3004ac5316b1ffa964683b0676841bab4274c325c6e2b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xagz0so7.default-release\gmp-widevinecdm\4.10.2891.0\widevinecdm.dll
| MD5 | 1b32d1ec35a7ead1671efc0782b7edf0 |
| SHA1 | 8e3274b9f2938ff2252ed74779dd6322c601a0c8 |
| SHA256 | 3ed0dec36754402707c2ae4fbfa887fe3089945f6f7c1a8a3e6c1e64ad1c2648 |
| SHA512 | ab452caa2a529b5bf3874c291f1ffb2a30d9ea43dae5df6a6995dde4bc3506648c749317f0d8e94c31214e62f18f855d933b6d0b6b44634b01e058d3c5fcb499 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xagz0so7.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 029727d8607ef95a0e51bf3e2277ec34 |
| SHA1 | e3b8f74047eaf83671e0bb4e146ff10a38591aaa |
| SHA256 | 340ac529baead9aa4edd81985c7933c84279cffd133e8ce3a466ab1501c38069 |
| SHA512 | 5774f3d2a2529b5d3a724afbd7ec3490480c6fc965c0d92584c00c54a910d4919539154fb2bada44e3d653a97f16fe393dd07d3dada6e9b04a2e9bc13ff2720b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xagz0so7.default-release\AlternateServices.bin
| MD5 | 74e4287d9f9e526549fe8a25d24761e6 |
| SHA1 | 68ad12ea1f2387721b118a17a97f37d8679dd6d5 |
| SHA256 | 46916a5660fc1915bc78f2848fd484059ec94390e592407acd5e31e93c373f49 |
| SHA512 | 6d298edddaa41ba27e6ebdebab21dedf07119e5d23df7e84938f6e4bb903e22ed0a7c1543a0b1dbdb3caa61324e4d7f5f61868b3d3e30789148f0d556d1aefbc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xagz0so7.default-release\sessionstore-backups\recovery.baklz4
| MD5 | bbf67cac45b5952d402a3cbecb7ad4b4 |
| SHA1 | f507766fb3ddabe62fffdcbe9b78b137633271b0 |
| SHA256 | 881bfb72f12688918d45884be9de6b08fded3ea6233c0e52e8f4b94ddfed47ef |
| SHA512 | d4bf081750ea52b861bdd816b302a85db7d928e98f2886da25f215489f41d5fecc5390d4dee1309cc949964afa341cbc0481235b1ebea120040df24eeef53391 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xagz0so7.default-release\datareporting\glean\events\events
| MD5 | 53701664953d755f9020585b6471cc23 |
| SHA1 | 40fc12a58d82e41fdaed825585003ce45b9f5bc0 |
| SHA256 | 74da83021bef675ad879e013b86eee9cc6e100a8d3f3a99918e28e75578c43db |
| SHA512 | 621b407a59e0c39a10ab394576bb1d0ef9c2a0dbf6ae4630a3fdaf31b6ed7a7411b5abf00da12b98076d06af1b98d79d6e1e6c5c95c11110c10c747926206d5a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xagz0so7.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 8d9358a9a7a6b62f04bed88703d840c7 |
| SHA1 | d3375ef3579c6f9a408dda535ff6d7a19cc86ef0 |
| SHA256 | 51bb0f710851b86449e55f8ec2cf585b1bbccd40a4f17c83207cc35d69a10956 |
| SHA512 | 242029cba813793010563f85bf1ca40da0f1b288a5faf23e57f0f804808f06e17b3ee0420c45abef22757df3d7e07cbc15456ae05d6ab5cdef3eccad3d533ea2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xagz0so7.default-release\sessionstore-backups\recovery.baklz4
| MD5 | c10027558c62ad670bb16baad4c966f9 |
| SHA1 | 2b3bc9ea73a64c56abdda9e280fdfca6aa67855c |
| SHA256 | 132eaa7fe5c7251989357c4f71283f3e111adcc2cf7b6373bbf9b84bde33a320 |
| SHA512 | ed53f06581d06044c9a5ec3eb39afcf66c3e1b17d83dba7863638e572ca215e10e8a20a717f178eeb419cac0fc1857004b977fd7267ab8960d0d05ebac624ecd |
C:\Users\Admin\Downloads\AdwereCleaner.exe
| MD5 | 248aadd395ffa7ffb1670392a9398454 |
| SHA1 | c53c140bbdeb556fca33bc7f9b2e44e9061ea3e5 |
| SHA256 | 51290129cccca38c6e3b4444d0dfb8d848c8f3fc2e5291fc0d219fd642530adc |
| SHA512 | 582b917864903252731c3d0dff536d7b1e44541ee866dc20e0341cbee5450f2f0ff4d82e1eee75f770e4dad9d8b9270ab5664ffedfe21d1ad2bd7fe6bc42cf0e |
C:\Users\Admin\AppData\Local\6AdwCleaner.exe
| MD5 | 87e4959fefec297ebbf42de79b5c88f6 |
| SHA1 | eba50d6b266b527025cd624003799bdda9a6bc86 |
| SHA256 | 4f0033e811fe2497b38f0d45df958829d01933ebe7d331079eefc8e38fbeaa61 |
| SHA512 | 232fedec0180e85560a226870a244a22f54ca130ed6d6dc95dc02a1ff85f17da396925c9ff27d522067a30ee3e74a38adff375d8752161ee629df14f39cf6ba9 |
memory/4960-1083-0x0000000000DD0000-0x0000000000DFE000-memory.dmp
memory/4236-1091-0x00000000222F0000-0x0000000022A96000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xagz0so7.default-release\sessionstore-backups\recovery.baklz4
| MD5 | bae66af88a2611741323a057dfa99446 |
| SHA1 | c9ce1bb988a1a77c91f33ab9adf55d86ba17989c |
| SHA256 | a228714ce3de7ae63b989ac406ebb7c5d1f9bec31cfa2a633b6558eac21f6690 |
| SHA512 | 567346342f2b15b8efdb9167a7356005eaec773e7b8d91dbf257c00455145263850d6c56bc6d447b1a70bf06d81a5ccde0d2e068a17b969fe630ea381626d35f |
C:\Users\Admin\Downloads\E89VNdHN.doc.part
| MD5 | 4b68fdec8e89b3983ceb5190a2924003 |
| SHA1 | 45588547dc335d87ea5768512b9f3fc72ffd84a3 |
| SHA256 | 554701bc874da646285689df79e5002b3b1a1f76daf705bea9586640026697ca |
| SHA512 | b2205ad850301f179a078219c6ce29da82f8259f4ec05d980c210718551de916df52c314cb3963f3dd99dcfb9de188bd1c7c9ee310662ece426706493500036f |
memory/656-1143-0x00007FFF98230000-0x00007FFF98240000-memory.dmp
memory/656-1146-0x00007FFF98230000-0x00007FFF98240000-memory.dmp
memory/656-1145-0x00007FFF98230000-0x00007FFF98240000-memory.dmp
memory/656-1147-0x00007FFF98230000-0x00007FFF98240000-memory.dmp
memory/656-1144-0x00007FFF98230000-0x00007FFF98240000-memory.dmp
memory/656-1148-0x00007FFF95A70000-0x00007FFF95A80000-memory.dmp
memory/656-1149-0x00007FFF95A70000-0x00007FFF95A80000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
| MD5 | 1fb803f7ffcc1d7cfef74dcf9fd28e64 |
| SHA1 | eae9e565e8dff3297bd9e8061947af0327a626fd |
| SHA256 | dbdee8a238d16f7b68c8c43c17428b1d18793a46e7ce29bc8f79bddab025c31d |
| SHA512 | c00d6faf8d8723578a7480d9618bb7b445951fc3f1c991c1aa0064688de7c8ef694cf50c1b6d6db96b2d8b2f931d5c4586ea0218fb5e0b98175455fa6c9ec7fc |
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\~WRD0000.tmp
| MD5 | b16f4faf589dd87229be3ba4ae4ec75f |
| SHA1 | 8e8d4d32160808ebe5ecfd39f7ba00dc05da3bfc |
| SHA256 | 8cf6aa735959da6e07569be1d74832267b4cd8c8de8f5eeeb2288cb1f6e8554a |
| SHA512 | a626efdec0914112574867e47d71e2a0690658eebee08ea77452091af112f59363f4a80abaf37a59562ca65b99f62ef8c799e79cb8576be725d5ccab986d282a |
memory/656-1257-0x00007FFF98230000-0x00007FFF98240000-memory.dmp
memory/656-1256-0x00007FFF98230000-0x00007FFF98240000-memory.dmp
memory/656-1255-0x00007FFF98230000-0x00007FFF98240000-memory.dmp
memory/656-1254-0x00007FFF98230000-0x00007FFF98240000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xagz0so7.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 086de68df246f8dfc865d39517b7d49f |
| SHA1 | 33b68ce035a3b1fc9f9615daab25affcd9540be8 |
| SHA256 | 5f621579574f6072ed06183f886ff8b74f56612dddfd8f97d1c9d3fd0558a98c |
| SHA512 | 2e8db2517c1fd85bff4fd6bd9165d0c113d1281388721f2dcfa174ee7e42dda4b76e50ae72546bf2cf403be93d8c03543d13ac2ab881e12e7782308e74ea6ee9 |
C:\Users\Admin\Downloads\Nghwmpo0.com.part
| MD5 | 93ceffafe7bb69ec3f9b4a90908ece46 |
| SHA1 | 14c85fa8930f8bfbe1f9102a10f4b03d24a16d02 |
| SHA256 | b87b48dcbf779b06c6ca6491cd31328cf840578d29a6327b7a44f9043ce1eb07 |
| SHA512 | c1cb5f15e2487f42d57ae0fa340e29c677fe24b44c945615ef617d77c2737ce4227d5a571547714973d263ed0a69c8893b6c51e89409261cdbedff612339d144 |
C:\Users\Admin\Downloads\Walker.com:Zone.Identifier
| MD5 | dce5191790621b5e424478ca69c47f55 |
| SHA1 | ae356a67d337afa5933e3e679e84854deeace048 |
| SHA256 | 86a3e68762720abe870d1396794850220935115d3ccc8bb134ffa521244e3ef8 |
| SHA512 | a669e10b173fce667d5b369d230d5b1e89e366b05ba4e65919a7e67545dd0b1eca8bcb927f67b12fe47cbe22b0c54c54f1e03beed06379240b05b7b990c5a641 |
C:\Users\Admin\Downloads\WinNuke.98.exe
| MD5 | eb9324121994e5e41f1738b5af8944b1 |
| SHA1 | aa63c521b64602fa9c3a73dadd412fdaf181b690 |
| SHA256 | 2f1f93ede80502d153e301baf9b7f68e7c7a9344cfa90cfae396aac17e81ce5a |
| SHA512 | 7f7a702ddec8d94cb2177b4736d94ec53e575be3dd2d610410cb3154ba9ad2936c98e0e72ed7ab5ebbcbe0329be0d9b20a3bcd84670a6d1c8d7e0a9a3056edd2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xagz0so7.default-release\sessionstore-backups\recovery.baklz4
| MD5 | f774d7948359c0aabc2b4bf3d28e73bf |
| SHA1 | 64e3ae55356d69cdf01014d20103314bf18d7600 |
| SHA256 | 00cf24b76b8bfff8f29a525baa87c8425b3bf9991c9619b7dbe89b25b8fcb766 |
| SHA512 | b03e9adafe9bab8d09f643bcdea0c3890530c6ea36a31e6438ca3f78470aa8fd08d045b8bef3c9964bf73eadf719b37bacf3cf8cd9fbc517d2f8da839477a7a2 |
C:\Users\Admin\Downloads\satan.exe
| MD5 | c9c341eaf04c89933ed28cbc2739d325 |
| SHA1 | c5b7d47aef3bd33a24293138fcba3a5ff286c2a8 |
| SHA256 | 1a0a2fd546e3c05e15b2db3b531cb8e8755641f5f1c17910ce2fb7bbce2a05b7 |
| SHA512 | 7cfa6ec0be0f5ae80404c6c709a6fd00ca10a18b6def5ca746611d0d32a9552f7961ab0ebf8a336b27f7058d700205be7fcc859a30d7d185aa9457267090f99b |
memory/5340-1385-0x0000000000400000-0x0000000000412000-memory.dmp
memory/5340-1387-0x0000000000400000-0x0000000000412000-memory.dmp
memory/5340-1393-0x0000000000400000-0x0000000000412000-memory.dmp
C:\Users\Admin\AppData\Roaming\Soruo\waruy.exe
| MD5 | 091371cf4a30d31c676e0db0c061f9e8 |
| SHA1 | c2d08a982ff708e4d5c2557c063ef6289dc7a238 |
| SHA256 | a7377e6613d950ba1e9a8f4a995e6170220cd66ee18d9dd317334384dcc294bc |
| SHA512 | 3d056e01e17cd82e3d8356c7e2ec201ddc4e9774e14fc8e9db28d87eb68c2066da23ba7008bca767447cb1c0237a8844213e8f813523643a36bf263997ceaaa2 |
memory/4964-1395-0x0000000000400000-0x0000000000417000-memory.dmp
memory/5672-1397-0x0000000000410000-0x00000000004CD000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmp_a1977cde.bat
| MD5 | e47c61f6cd9589ac67595f3f16ff8368 |
| SHA1 | 40ad40af8908f5a7a0f67d43b0bda6e2e1e18212 |
| SHA256 | e869f75d110c08c1540f23a39c5858f1f412dd6d5b282afc7fef4aceec04fd66 |
| SHA512 | 8f88a23afdd35306d900f18ed0b5438ed1316d9e4d0cf6d32da92c5d47ba0b6a727956b8f8980b03e0e3fe4a6e8ff05c8cd5a4e74b474d894279d265699d5a2f |
memory/5672-1398-0x0000000000660000-0x0000000000956000-memory.dmp
memory/5672-1412-0x0000000001020000-0x0000000001137000-memory.dmp
memory/5672-1422-0x0000000003130000-0x00000000031B2000-memory.dmp
memory/5672-1415-0x0000000001410000-0x0000000001510000-memory.dmp
memory/5672-1421-0x0000000002D80000-0x0000000002D8C000-memory.dmp
memory/5672-1420-0x0000000002D40000-0x0000000002D74000-memory.dmp
memory/5672-1419-0x00000000012C0000-0x00000000012D8000-memory.dmp
memory/5672-1417-0x0000000001280000-0x00000000012B2000-memory.dmp
memory/3900-1418-0x000001D976B20000-0x000001D976B37000-memory.dmp
memory/5672-1416-0x0000000001210000-0x000000000123F000-memory.dmp
memory/5672-1414-0x0000000001170000-0x000000000120D000-memory.dmp
memory/5672-1413-0x0000000001140000-0x0000000001167000-memory.dmp
memory/5672-1411-0x0000000000EF0000-0x0000000001013000-memory.dmp
memory/5672-1410-0x0000000000E50000-0x0000000000EF0000-memory.dmp
memory/5672-1409-0x0000000000DB0000-0x0000000000E4E000-memory.dmp
memory/5672-1408-0x0000000000D80000-0x0000000000DAB000-memory.dmp
memory/5672-1405-0x0000000000BD0000-0x0000000000C80000-memory.dmp
memory/5672-1407-0x0000000000520000-0x0000000000542000-memory.dmp
memory/5672-1402-0x0000000000A30000-0x0000000000BCF000-memory.dmp
memory/2204-1406-0x0000023D33B00000-0x0000023D33B17000-memory.dmp
memory/4068-1404-0x00000215243B0000-0x00000215243C7000-memory.dmp
memory/3900-1403-0x000001D976B20000-0x000001D976B37000-memory.dmp
memory/5672-1401-0x0000000000170000-0x0000000000200000-memory.dmp
memory/4964-1399-0x0000000000400000-0x0000000000417000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xagz0so7.default-release\sessionstore-backups\recovery.baklz4
| MD5 | ae8a2ac8c19e4d61f14d30c926f55f6c |
| SHA1 | f05d0732bc7a53d6aa4f6ceb4670dc0d03a51de4 |
| SHA256 | a475f129a90242602b5b77de214e7c68d7efc3d96d8111d4c288df1d82e0fe47 |
| SHA512 | 4ecd3ff71a6658078cc58154a3f1ffc9817b5dc5b59d2a8b285a4fd2eeaab6552584dce15c45f4abf9f80b7478e7f7b4f84e7203f90e740fa9dde1e89023e8a4 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\TJ1G4ZBOT4C1FRFOO2QR.temp
| MD5 | 58d8722518f34c4d1c79b32939c0e269 |
| SHA1 | a78171f3c8c3b2c56bbaedacc54a26f5966fb1b1 |
| SHA256 | d55bef84618c117007fdeebc69fcd7eb20f7d509fdd0b49f6c04713597b803a7 |
| SHA512 | 1fea42d5cb3a0867129360fcc803e25d7473d4e7cd98d840cb47d41774924acca06401569797c82872e1c49add1122a350257ad147299aa4cc329ff611c2e412 |
memory/4964-1451-0x0000000000400000-0x0000000000417000-memory.dmp
memory/4964-1452-0x0000000000400000-0x0000000000417000-memory.dmp
memory/4964-1454-0x0000000000400000-0x0000000000417000-memory.dmp
memory/4964-1459-0x0000000000CA0000-0x0000000000CF5000-memory.dmp
memory/4964-1473-0x0000000002030000-0x0000000002153000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xagz0so7.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 11dc26cd224b24bd5b323c88ee2cd8d3 |
| SHA1 | 531c0e1b75cb9505f2d2356e271ed58105c96cf4 |
| SHA256 | b8e01a1e7448d6bd756bcf586feb2909736ecf4403b4b1132c1f8dc23afbdc34 |
| SHA512 | 10bf2bc38bf8be3a240558f099389defeb3e43abec99947959033679eceef26f40762b1cbc7d7ffb9184b19a929a32803656a1f82dbf7544e235907b3988be52 |