I've Been Ransomwared - Loads Of Files Renames .azqt. How To Decrypt?

ulrichburke · Oct 1, 2023

Dear Major Geeks.

Nope, I wasn't doing any dodgy downloads - I'll admit I have done a couple of times - literally a few, I knew the dangers - in the past, but I usually window-shop the expensive stuff and find legit. freeware/cheap equivalents and save up for them.

Left the flat with everything fine, came back and found a message telling me not to worry, all I had to do was send a ton of money to an Internet address and I'd get all my files decrypted. Got a pile of files with .azqt on the end. This includes files I THOUGHT I'd backed up safely - you're gonna facepalm - I had no idea viruses could hit external hard drives. I thought they could only hit the C: drive. So I'd backed up everything to external drives but they were plugged into the PC cos I honestly didn't know that wasn't safe.

I've gotten rid of the actual virus using 360 Total Security and Malwarebytes doing repeated scans but of course the files are still encrypted. I feel I've dodged a bullet slightly as my .dll plugin files still seem to work, most of them - I write music and my MP3s seem to be OK after batch removing the .azqt which is a DOUBLE extension - so filename.jpg.azqt for example. But I've lost all the original creation files. So two things.

Do you know what the decryption code is likely to be? And secondly - and oddly -

360 Total Security appeared from nowhere. Whilst lamenting my files, I found a little green and yellow circle with a + in the middle, checked it, Internet sites said it was safe, scanned the system repeatedly with it and Malwarebytes, it found more infections than Malwarebytes (sorry, Malwarebytes!) and cleared them. Now save for the encrypted files I THINK my computer's clean - except I keep getting a sign saying "Website blocked due to trojan", I've screenshotted it for you. Neither Malwarebytes nor 360 can get rid of it. Because 360 appeared from nowhere I've tried uninstalling it but even Total Uninstall won't touch it.

Would you trust software from HERE.... https://www.pcrisk.com/removal-guides/27879-azqt-ransomware to decrypt my files?

Yours hopefully

Chris.

Oh My! · Oct 1, 2023

Greetings and welcome to the Major Geeks Malware Forum.

I would recommend you review information provided here.

If you want us to review your system apart from the decryption issue please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------

Right click on Farbar Recover Scan Tool for 64 bit systems select Save Link As..., and save the file onto your Desktop

Right click on the icon and select Run as administrator

Note: If you receive any warning about the download it is a false positive and you can ignore it. Click on More info to get the Run anyway option

Click Yes to the disclaimer

Click Scan and allow the program to run

Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen

2 Notepad documents should now be open on your desktop.

Please attach both reports to your reply

===================================================

Things I would like to see in your next reply.

FRST.txt

Addition.txt

ulrichburke · Oct 2, 2023

Dear Gary.

I'd love to do as you say but check your download link and gimme one that works! All that happens when I right-click-save-as the one above is I get a .HTML file. Nothing runnable. I tried changing the .HTML to .EXE to see if that made it runnable - nope! I'm enclosing the download your link gave me, if I've missed something obvious and you can make it run, yell at me!

Check that. I can't enclose the actual .HTML file because your system won't let me upload it, all I can do is enclose a screenshot of the file....

I've tried right-click-save-as quite a few times now because I wanted to do what you said, each time gives me an .HTML file with a different bunch of letters/numbers followed by .htm. As I said above, renaming it to a .EXE file don't work. What do I DO with the .htm file after I've downloaded it? I want to get the files you want, I just don't know enough to know how to get the .HTM file to give them to me. My bad, sorry for my lack of knowledge. You tell me what to do with it, I'll do it.

Yours puzzledly

Chris.

ulrichburke · Oct 2, 2023

Sorry, just an addendum. You never said if the decryption site I gave you a link to was for real or not - is it OK to use it?

Yours hopefully

Chris.

Oh My! · Oct 2, 2023

My apologies for the difficulty/frustration. Just left click on FRST64 and save it that way. If it downloads some place other than the Desktop copy and paste the file onto the Desktop and run it from there.

Personally I caution against any web site that tries to both educate you and offer to resolve an issue if you spend money and use their product. Such sites have a vested interest in alarming a user in order to scare them into spending money. I say this in general, I am not specifically targeting the site in question or any other in particular. To explain how disheartening this can be, I know of one site that will scare you, allow you to download their product, produce results that indicate you are at serious risk, and after that tell you the only way to resolve the risk they have embellished is to now buy their product.

I provided the link to BleepingComputer (I assist in the Malware Forum there as well) so that you can educate yourself and receive unbiased direction regarding what is and what is not possible.

ulrichburke · Oct 3, 2023

Dear Gary.

Here come the files you requested, sorry for the delay. I can go one better than you on your opinion of websites - years ago I came across one that must've been the forerunner of ransomeware sites - it proclaimed itself to be the Only Tool that would Rid You of a Certain Virus (danged if I can remember its name) - and the actual site infected you with the virus so you had to buy it to rid yourself of the virus! Didn't last long as a site but I bet it made a bit of money for its owners!

Anyway here's the two files with a proviso. I'd never seen Farbar before and there's a lot of optional boxes to check/not check on its interface. I didn't know whether to check the unchecked ones or not so I just left it on its original settings - I'm uploading a pic. of what I mean about that tool. And the two files you wanted. Sorry for the confusion and delay, I honestly thought you wanted me to Do Something Clever with the .HTML files that kept downloading. If I was THAT smart, I wouldn't have gotten hooked by the ransomware.

Right. Your system doesn't want to upload FRST.txt. I took a screenshot of it to show you and your system doesn't want to upload the screenshot either. And it doesn't want to upload Addition.txt any more than it wants to upload FRST.text! So because your system won't upload anything, I've put them all - including screenshots of the error messages so you can see what your system's doing! - in a .RAR file on Mediafire. Here's the link.

https://www.mediafire.com/file_prem..._and_Addition_and_the_error_messages.zip/file

Thanks for all your help, I'd love to know what the uploads tell you.

Yours respectfully

Chris

Oh My! · Oct 3, 2023

Thank you for the reports and what it took to provide them.

There is quite a bit of information to sort through. Your computer is still infected and it will take me a bit of time to review everything.

ulrichburke · Oct 3, 2023

Dear Gary.

Thank you for all your help. What would us dumkopf privates do without Major Geeks to guard our backs!?! Just interested - is that why your system wouldn't let me upload any of the files you wanted, because it knew I was still infected? I THOUGHT I might be, wasn't sure though. 360 Total Security got royally dumped because it had Trojan in it - I kept getting a notice saying I had a trojan, CCleaner, Malwarebytes and 360 weren't finding it but the moment I uninstalled 360 the trojan left, never to be seen again.

Moral - only trust Malwarebytes, right?

I'd love to know if that was the reason I couldn't upload your files, though.

Yours respectfully

Chris.

Oh My! · Oct 3, 2023

Hi Chris.

No, you were not unable to upload the files because our system knew you were still infected. I am not sure why but it could have been you were attempting to upload during a hiccup on our end.

ulrichburke · Oct 4, 2023

Dear Gary.

Dunno if it really is down or not - isup.me finds it - but suddenly Firefox won't let me access Malwarebytes website any more - could that be to do with anything? I've checked Firefox Settings - the protocols - HTTP/HTTPS/DNS bit - and turned 'em all off so it's not blocking websites and it still won't let me find Malwarebytes (pic. enclosed if I can upload it!) Yup - it let me upload both of 'em.

Is the system not letting me reach Malwarebytes because it's 'frightened' of the site detecting/deleting this virus/viruses with updated software from the site? If yes, is there a way around it?

Sorry to be a nuisance. I'm trying to help, believe or not! Hola's not finding the Malwarebytes site either, maybe it really is down? (I KNOW Hola's a VPN, I don't access any dodgy sites with it, just Pandora, the radio station not the jewellers, because I like how they find me new artists to listen to.)

Yours respectfully

Chris.

Oh My! · Oct 4, 2023

Thanks for the additional information.

Have you considered the option to completely wipe your drive, reinstall the operating system and start from scratch? The reason I ask is given the successful ransomware attack and the level of compromise I am not sure we can either completely clean the system or that it could ever be trusted again even after our best efforts. I think we can safely assume your computer has been attacked by a Backdoor Trojan.

I am not done yet reviewing the reports but here is a rough cut sample of notes I have made to myself about what may need to be investigated and/or removed.

Code:

C:\WINDOWS\Temp\bsMwgdGxqrwnSkCu
C:\Users\ULRICH~1\AppData\Local\Temp\e014321378
C:\Users\ulrichburke\AppData\Local\Temp\SdHRwpKgZPxspyIlq
C:\Users\ulrichburke\AppData\sysinfotool
C:\Program Files\Hola
C:\Program Files (x86)\CgqbhrirU
C:\Users\ulrichburke\AppData\Roaming\Windows  -&gt; Folder\Windows Service.exe &lt
C:\Users\ulrichburke\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\abgdohlnibdejcajjfmngebmdanjldcc
C:\Users\ulrichburke\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\geiolieogaichbpfhcannipendgnnbkn
C:\Users\ulrichburke\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcghmjnenlfcjmnldooeaadankclolo
C:\Users\ulrichburke\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfcdbodapcbfckbfpmgeldfkkgjknceo
C:\Users\ulrichburke\Documents\Publication1.ppp.azqt
C:\Users\ulrichburke\AppData\Roaming\Windows\Windows Service.exe
Task: {48B3B90B-1D90-4DEE-9023-26AEBC18DDC0} - System32\Tasks\WindowsAppPool\AbhADFZvVCp9SWG => E:\Temp -> Files are now here\AbhADFZvVCp9SWG.exe
Task: {171899F9-CF59-4DDD-B68D-6CD927C04E80} - System32\Tasks\WindowsAppPool\D1TIuZGiIs1Rri6 => E:\Temp -> Files are now here\D1TIuZGiIs1Rri6.exe
Task: {60202325-C4FF-4951-8853-3C97029B13E3} - System32\Tasks\WindowsAppPool\xO9ZhkNJBMNrj3g => E:\Temp -> Files are now here\xO9ZhkNJBMNrj3g.exe
Task: {EE9E4796-EE3F-47AE-9EA4-86F1784A6AEF} - System32\Tasks\WindowsServiceUpload => C:\Users\ulrichburke\AppData\Roaming\Windows -> Folder\Windows Service.exe <==== ATTENTION
HKU\S-1-5-21-833455764-2610072435-2283333496-1000\...\Run: [] =&gt; [X]
S4 VBoxGuest; VBoxGuest [X]
S4 VBoxMouse; VBoxMouse [X]
S4 VBoxService; VBoxService [X]
S4 VBoxSF; VBoxSF [X]
S4 VBoxVideo; VBoxVideo [X]
S4 VBoxWddm; VBoxWddm [X]
S3 ALSysIO; \??\C:\Users\ULRICH~1\AppData\Local\Temp\ALSysIO64.sys [X] &lt;==== ATTENTION
S3 VBAudioVMVAIOMME; \SystemRoot\System32\drivers\vbaudio_vmvaio64_win10.sys [X]
HKU\S-1-5-21-833455764-2610072435-2283333496-1000\...\Run: [com.messenger] =&gt; "C:\Users\ulrichburke\AppData\Local\Programs\Messenger\Messenger.exe" messenger://openAtLogin (No File)
Task: {D12B6F05-3185-4253-9C34-58073FAD3822} - System32\Tasks\CCleanerUpdateTaskMachineCore =&gt; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe  /c (No File)
Task: {CA4AD03F-52E1-496E-BE37-6BA7E39405AF} - System32\Tasks\CCleanerUpdateTaskMachineUA =&gt; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe  /ua /installsource scheduler (No File)
Task: {92D74469-A508-470F-90EA-5DF8C98E3602} - System32\Tasks\FNmmdByUIWCoGhfBf =&gt; C:\WINDOWS\Temp\bsMwgdGxqrwnSkCu\aVDTEXthVzMdqDM\lPTchys.exe  uR /site_id 525403 /S (No File) &lt;==== ATTENTION
Task: {E17C7AE4-52F9-4F93-A6F4-AE930E0F01EB} - System32\Tasks\ftewk.exe =&gt; C:\Users\ULRICH~1\AppData\Local\Temp\e014321378\ftewk.exe  (No File) &lt;==== ATTENTION
Task: {99C171A9-08FF-4031-B52D-712559B6EDC8} - System32\Tasks\IyqYKvfnImUysBONu =&gt; C:\Users\ulrichburke\AppData\Local\Temp\SdHRwpKgZPxspyIlq\QcJrYyEBXNBsBxj\snqgiME.exe  NH /wdsite_idxcV 385118 /S (No File) &lt;==== ATTENTION
Task: {98503C60-B88F-4C1B-BBF2-EE43CA6E6D48} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\SystemInfo =&gt; %appdata%\\sysinfotool\\sitool.exe  -st -tu 3 (No File)
Task: {2B80F5D5-63C2-4C78-BE60-C3FD01142F26} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-833455764-2610072435-2283333496-1003 =&gt; %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe  (No File)
Task: {8C9D294A-AF66-4F54-924D-57655B3518F3} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-833455764-2610072435-2283333496-500 =&gt; %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe  (No File)
FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=3 -&gt; C:\Program Files (x86)\CCleaner Browser\Update\1.8.1583.3\npCCleanerBrowserUpdate3.dll [No File]
FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=9 -&gt; C:\Program Files (x86)\CCleaner Browser\Update\1.8.1583.3\npCCleanerBrowserUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-833455764-2610072435-2283333496-1000: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=3 -&gt; C:\Users\ulrichburke\AppData\Local\Epic Privacy Browser\Installer\1.3.29.13\npEpicUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-833455764-2610072435-2283333496-1000: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=9 -&gt; C:\Users\ulrichburke\AppData\Local\Epic Privacy Browser\Installer\1.3.29.13\npEpicUpdate3.dll [No File]
ShellIconOverlayIdentifiers: [      .WorkspaceExt0] -&gt; {C568C78A-652C-425B-8E6B-FFA73043302D} =&gt;  -&gt; No File
ShellIconOverlayIdentifiers: [      .WorkspaceExt1] -&gt; {2A6FE247-5DA3-4732-9626-77820518FD77} =&gt;  -&gt; No File
ShellIconOverlayIdentifiers: [      .WorkspaceExt2] -&gt; {FF895810-293B-464A-93F2-82D11E07EEC8} =&gt;  -&gt; No File
ContextMenuHandlers1: [B1ShellEx] -&gt; {76CF52AF-2B2D-4999-8CE8-495187BB11CD} =&gt;  -&gt; No File
ContextMenuHandlers6: [B1ShellEx] -&gt; {76CF52AF-2B2D-4999-8CE8-495187BB11CD} =&gt;  -&gt; No File
FirewallRules: [{384AFA74-3702-4F3B-826D-49D42E906B00}] =&gt; (Allow) C:5\Omnisphere is here\Steam is Installed Here\steam.exe =&gt; No File
FirewallRules: [{D18F95B7-2DB2-42E9-BA08-77A7839C8D02}] =&gt; (Allow) C:5\Omnisphere is here\Steam is Installed Here\steam.exe =&gt; No File
FirewallRules: [{1C48F15A-2F31-4B29-8E2F-99FEFB2DB447}] =&gt; (Allow) C:5\Omnisphere is here\Steam is Installed Here\bin\cef\cef.win7x64\steamwebhelper.exe =&gt; No File
FirewallRules: [{3FACF052-CE51-4B00-A53E-C91BDDFD7549}] =&gt; (Allow) C:5\Omnisphere is here\Steam is Installed Here\bin\cef\cef.win7x64\steamwebhelper.exe =&gt; No File
FirewallRules: [{0759C1EB-10C7-4222-8580-81DA18F94AC4}] =&gt; (Allow) C:\Program Files (x86)\360\Total Security\360TsLiveUpd.exe =&gt; No File
FirewallRules: [{9B32164D-AA7E-474A-87D3-6748602BD36F}] =&gt; (Allow) C:\Program Files (x86)\360\Total Security\360TsLiveUpd.exe =&gt; No File
FirewallRules: [{5EC84D73-6703-4F83-B76C-FBF58BB7E9B4}] =&gt; (Allow) C:\Program Files (x86)\360\Total Security\360TsLiveUpd.exe =&gt; No File
U1 aswbdisk; no ImagePath
U1 avgbdisk; no ImagePath
U3 idsvc; no ImagePath
FF HKLM-x32\...\Firefox\Extensions: [eagleget_ffext@eagleget.com] - C:\Program Files (x86)\EagleGet\addon\eagleget_ffext@eagleget.com.xpi =&gt; not found
CHR HKLM\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\eagleget_cext@eagleget.com.crx &lt;not found&gt;
CHR HKU\S-1-5-21-833455764-2610072435-2283333496-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hdkdmoacnkphoadmfidlhfdobieblphn] - C:\Program Files (x86)\EagleGet\addon\eagleget_newtab.crx &lt;not found&gt;
CHR HKLM-x32\...\Chrome\Extension: [hdkdmoacnkphoadmfidlhfdobieblphn] - C:\Program Files (x86)\EagleGet\addon\eagleget_newtab.crx &lt;not found&gt;
HKLM\...\Run: [hola] =&gt; C:\Program Files\Hola\app\hola.exe [2634464 2023-09-28] (HOLA VPN LTD -&gt; Hola Networks Ltd.) &lt;==== ATTENTION
HKLM\...\Run: [hola] => C:\Program Files\Hola\app\hola.exe [2634464 2023-09-28] (HOLA VPN LTD -> Hola Networks Ltd.) <==== ATTENTION
Task: {4483778C-4480-453B-AA2F-6C604BA95D9A} - System32\Tasks\GoogleUpdateTaskMachineQC =&gt; C:\Program Files\Google\Chrome\updater.exe [0 2023-10-02] () &lt;==== ATTENTION [zero byte File/Folder] &lt;==== ATTENTION
Task: {ED076B37-E8C8-4B27-AC65-AB76314E3497} - System32\Tasks\NYfziUdouSArZkj2 =&gt; C:\WINDOWS\system32\rundll32.exe [71680 2021-03-25] (Microsoft Windows -&gt; Microsoft Corporation) -&gt; "C:\Program Files (x86)\CgqbhrirU\JsYCly.dll",#1 &lt;==== ATTENTION
Task: {EE9E4796-EE3F-47AE-9EA4-86F1784A6AEF} - System32\Tasks\WindowsServiceUpload =&gt; C:\Users\ulrichburke\AppData\Roaming\Windows  -&gt; Folder\Windows Service.exe &lt;==== ATTENTION
Task: C:\WINDOWS\Tasks\FNmmdByUIWCoGhfBf.job =&gt; C:\WINDOWS\Temp\bsMwgdGxqrwnSkCu\aVDTEXthVzMdqDM\lPTchys.exe &lt;==== ATTENTION
Task: C:\WINDOWS\Tasks\IyqYKvfnImUysBONu.job =&gt; C:\Users\ulrichburke\AppData\Local\Temp\SdHRwpKgZPxspyIlq\QcJrYyEBXNBsBxj\snqgiME.exe &lt;==== ATTENTION
R2 hola_svc; C:\Program Files\Hola\app\hola_svc.exe [19314400 2023-09-28] (HOLA VPN LTD -&gt; Hola Networks Ltd.) &lt;==== ATTENTION
R2 hola_updater; C:\Program Files\Hola\app\hola_updater.exe [19247328 2023-05-29] (HOLA VPN LTD -&gt; Hola Networks Ltd.) &lt;==== ATTENTION
S4 MaskVPNService; C:\Program Files (x86)\MaskVPN\mask_svc.exe [7493560 2020-08-06] (Global Media (Thailand) Co., Ltd -&gt; Global Media (Thailand) Co., Ltd) &lt;==== ATTENTION
FCheck: C:\WINDOWS\SysWOW64\tmpPrst.dll [2023-06-30] &lt;==== ATTENTION (zero byte File/Folder)
DigitalPulse version 0.16.16 (HKU\S-1-5-21-833455764-2610072435-2283333496-1000\...\{64F4736C-6169-4520-9368-BE1C9EAE552A}_is1) (Version: 0.16.16 - DigitalPulse, Ltd.) &lt;==== ATTENTION
Hola Browser 1.215.864 (HKLM\...\Hola Browser) (Version: 1.215.864 - Hola VPN Ltd.) &lt;==== ATTENTION
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 6.2.0.13 - Popcorn Time) &lt;==== ATTENTION
HKU\S-1-5-21-833455764-2610072435-2283333496-1000\...\Policies\Explorer: [NoSecurityTab] 1
2023-09-26 02:29 - 2023-09-26 07:39 - 000000000 ____D C:\WINDOWS\7zSD95C.tmp
2023-09-26 02:29 - 2023-09-26 07:39 - 000000000 ____D C:\WINDOWS\7zSBDA7.tmp
2023-09-26 02:29 - 2023-09-26 02:45 - 000000000 ____D C:\WINDOWS\7zSD630.tmp
2023-09-26 02:29 - 2023-09-26 02:45 - 000000000 ____D C:\WINDOWS\7zS6EAC.tmp
2023-09-26 02:29 - 2023-09-26 02:44 - 000000000 ____D C:\WINDOWS\7zSD3FD.tmp
2023-09-26 02:29 - 2023-09-26 02:44 - 000000000 ____D C:\WINDOWS\7zS6C79.tmp
2023-09-26 02:29 - 2023-09-26 02:44 - 000000000 ____D C:\WINDOWS\7zS6B8F.tmp
2023-09-26 02:29 - 2023-09-26 02:43 - 000000000 ____D C:\WINDOWS\7zSCA2A.tmp
2023-09-26 02:29 - 2023-09-26 02:32 - 000000000 ___HD C:\WINDOWS\msdownld.tmp
2023-09-26 02:29 - 2023-09-26 02:32 - 000000000 ____D C:\WINDOWS\7zSE43A.tmp
2023-09-26 02:28 - 2023-09-26 02:42 - 000000000 ____D C:\WINDOWS\7zS7604.tmp
2023-09-26 02:27 - 2023-09-26 02:43 - 000000000 ____D C:\WINDOWS\7zS57CD.tmp
2023-10-03 06:19 - 2021-03-25 19:17 - 000008192 ___SH C:\DumpStack.log.tmp
WMI:subscription\CommandLineEventConsumer-&gt;BVTConsumer::[CommandLineTemplate =&gt; cscript KernCap.vbs][WorkingDirectory =&gt; C:\\tools\\kernrate]
WMI:subscription\__FilterToConsumerBinding-&gt;CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter-&gt;BVTFilter::[Query =&gt; SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage &gt; 99]
FF Extension: (No Name) - C:\Program Files\Mozilla Firefox\browser\features\{85FD6ACE-3736-491B-8514-6C8C9556E131}.xpi [2023-09-26] [not signed]
OPR Notifications: Opera Stable -> hxxps://best-loan-info.com; hxxps://ccleaner-download.xyz; hxxps://mail-notification.info; hxxps://mnthor.xyz; hxxps://pinghauz.xyz; hxxps://s-tracking.xyz; hxxps://supertopfreegames.com; hxxps://zarabotok-online.xyz
C:\Users\ulrichburke\AppData\Roaming\Opera Software\Opera Stable\Extensions\ompjkhnkeoicimmaehlcmgmpghobbjoj
2023-10-03 05:10 - 2023-10-03 05:10 - 000003238 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineQC
2023-10-02 07:23 - 2023-10-02 07:23 - 000066716 _____ C:\Users\ulrichburke\Desktop\OQ-1mgMS.htm
2023-10-02 07:20 - 2023-10-02 07:20 - 000066716 _____ C:\Users\ulrichburke\Desktop\tvoc00AW.htm
2023-10-02 07:17 - 2023-10-02 07:17 - 000066716 _____ C:\Users\ulrichburke\Desktop\vQcrAfYh.htm
2023-09-27 09:08 - 2023-09-27 09:08 - 000000000 ____D C:\WINDOWS\Tasks\360Disabled
2023-09-26 02:31 - 2023-09-26 07:45 - 000000570 _____ C:\WINDOWS\Tasks\IyqYKvfnImUysBONu.job
2023-09-26 02:31 - 2023-09-26 02:31 - 000003112 _____ C:\WINDOWS\system32\Tasks\IyqYKvfnImUysBONu
2023-09-26 02:28 - 2023-09-26 07:37 - 000000000 ____D C:\Users\ulrichburke\AppData\Local\.opera
2023-09-26 01:50 - 2023-09-26 01:50 - 002903928 _____ (Opera Software) C:\Users\ulrichburke\AppData\Local\aRHCygHY871HeJBEh2ZtVKoj.exe
2023-09-26 01:50 - 2023-09-26 01:50 - 001534472 _____ (Qihoo 360 Technology Co. Ltd.) C:\Users\ulrichburke\AppData\Local\L35vxC8ZIenHv0XJHzFZsJU3.exe
2023-09-26 01:50 - 2023-09-26 01:50 - 000000007 _____ C:\Users\ulrichburke\AppData\Local\duVQDW7e2VxjOrEvsMzi1Y5E.exe
2023-09-26 01:44 - 2023-09-26 01:44 - 002903928 _____ (Opera Software) C:\Users\ulrichburke\AppData\Local\6zYexeswMp7PE73YEOMvCIHd.exe
2023-09-26 01:44 - 2023-09-26 01:44 - 001534472 _____ (Qihoo 360 Technology Co. Ltd.) C:\Users\ulrichburke\AppData\Local\1fFU3xJEv96Hk4hT106eeVHQ.exe
2023-09-26 01:44 - 2023-09-26 01:44 - 000000007 _____ C:\Users\ulrichburke\AppData\Local\2sW7aJh4IHRvF421NOTwkAUQ.exe
2023-09-26 01:39 - 2023-09-26 01:39 - 002903928 _____ (Opera Software) C:\Users\ulrichburke\AppData\Local\XjPVE5OZ7pbsrw5ch0U1h1j6.exe
2023-09-26 01:39 - 2023-09-26 01:39 - 001534472 _____ (Qihoo 360 Technology Co. Ltd.) C:\Users\ulrichburke\AppData\Local\A4pz9QtHKkuzcQGy46fEgxI6.exe
2023-09-26 01:33 - 2023-09-26 01:33 - 002903928 _____ (Opera Software) C:\Users\ulrichburke\AppData\Local\bXYP9bMGitVeCJZWeM8WGiIJ.exe
2023-09-26 01:33 - 2023-09-26 01:33 - 001534472 _____ (Qihoo 360 Technology Co. Ltd.) C:\Users\ulrichburke\AppData\Local\2GRa2z8SNBvOqXdoKbPQTP8f.exe
2023-09-26 01:33 - 2023-09-26 01:33 - 000000007 _____ C:\Users\ulrichburke\AppData\Local\WCNR7A8xj2PCZNUBRc6fMEod.exe
2023-09-26 01:28 - 2023-09-26 01:28 - 002903928 _____ (Opera Software) C:\Users\ulrichburke\AppData\Local\2NgheQrYCSuWAQkNBfaqKmTl.exe
2023-09-26 01:28 - 2023-09-26 01:28 - 001534472 _____ (Qihoo 360 Technology Co. Ltd.) C:\Users\ulrichburke\AppData\Local\giyB0iAKBQDJWMdi8bFRb5s6.exe
2023-09-26 01:28 - 2023-09-26 01:28 - 000000007 _____ C:\Users\ulrichburke\AppData\Local\7ZWM6yn5NYdX0q2Jm2eXOqNJ.exe
2023-09-26 01:23 - 2023-09-26 01:23 - 002903928 _____ (Opera Software) C:\Users\ulrichburke\AppData\Local\s5DwDpM3qHwqyp97tHmF3IAQ.exe
2023-09-26 01:23 - 2023-09-26 01:23 - 001534472 _____ (Qihoo 360 Technology Co. Ltd.) C:\Users\ulrichburke\AppData\Local\L6kJ9a4KDP3JMQfBd3gafAeg.exe
2023-09-26 01:23 - 2023-09-26 01:23 - 000000007 _____ C:\Users\ulrichburke\AppData\Local\1lbQDVwNqmQjztvTYYAraxDy.exe
2023-09-26 01:18 - 2023-09-26 01:18 - 002903928 _____ (Opera Software) C:\Users\ulrichburke\AppData\Local\4oO5H0OFFt2qduaQW7CVIukV.exe
2023-09-26 01:18 - 2023-09-26 01:18 - 001534472 _____ (Qihoo 360 Technology Co. Ltd.) C:\Users\ulrichburke\AppData\Local\Wwu3swl70PQx1FrjxGxiwVJR.exe
2023-09-26 01:18 - 2023-09-26 01:18 - 000000007 _____ C:\Users\ulrichburke\AppData\Local\wrIq5sr9Q8e2AWe2i5wwLotz.exe
2023-09-26 01:13 - 2023-09-26 01:13 - 002903928 _____ (Opera Software) C:\Users\ulrichburke\AppData\Local\4EHOEJD2G9d0Y8OFty93X6fC.exe
2023-09-26 01:13 - 2023-09-26 01:13 - 001534472 _____ (Qihoo 360 Technology Co. Ltd.) C:\Users\ulrichburke\AppData\Local\X0dTCXK8jEQSjNrgHtJeAL4x.exe
2023-09-26 01:13 - 2023-09-26 01:13 - 000000007 _____ C:\Users\ulrichburke\AppData\Local\Rpfa3Yxw1T7TFYeKW28sL0Mf.exe
2023-09-26 01:08 - 2023-09-26 01:08 - 002903928 _____ (Opera Software) C:\Users\ulrichburke\AppData\Local\Z8X8TVyCMRvhEZ6Z0GCuiyDg.exe
2023-09-26 01:08 - 2023-09-26 01:08 - 001534472 _____ (Qihoo 360 Technology Co. Ltd.) C:\Users\ulrichburke\AppData\Local\499509AWTEHB3h1nvO10SIFg.exe
2023-09-26 01:08 - 2023-09-26 01:08 - 000000007 _____ C:\Users\ulrichburke\AppData\Local\YK65Dc66pWRCUz2LkkJ62V7p.exe
2023-09-26 01:03 - 2023-09-26 01:03 - 002903928 _____ (Opera Software) C:\Users\ulrichburke\AppData\Local\TdxKxRzUlvkJDxnM642euvXX.exe
2023-09-26 01:03 - 2023-09-26 01:03 - 001534472 _____ (Qihoo 360 Technology Co. Ltd.) C:\Users\ulrichburke\AppData\Local\vHPgVCly4DpKXtmX7Q2E4k6D.exe
2023-09-26 01:03 - 2023-09-26 01:03 - 000000007 _____ C:\Users\ulrichburke\AppData\Local\IkGq65ZEl8PKdEMx2cvjxx8U.exe
2023-09-26 00:58 - 2023-09-26 00:58 - 002903928 _____ (Opera Software) C:\Users\ulrichburke\AppData\Local\Bf8G6WDkAXuvYuLpt3IHthrU.exe
2023-09-26 00:58 - 2023-09-26 00:58 - 001534472 _____ (Qihoo 360 Technology Co. Ltd.) C:\Users\ulrichburke\AppData\Local\Kjj9Hl0IeWUslEWL4VZGYkjL.exe
2023-09-26 00:58 - 2023-09-26 00:58 - 000000007 _____ C:\Users\ulrichburke\AppData\Local\BMRMyMZBhiBm8kkE3CB3WR6x.exe
2023-09-26 00:55 - 2023-10-02 08:04 - 000000000 __SHD C:\$360Section
2023-09-26 00:53 - 2023-09-26 00:53 - 002903928 _____ (Opera Software) C:\Users\ulrichburke\AppData\Local\j4WUiKnSpapFZWYkjceOV0ui.exe
2023-09-26 00:53 - 2023-09-26 00:53 - 001534472 _____ (Qihoo 360 Technology Co. Ltd.) C:\Users\ulrichburke\AppData\Local\0dpuSUzX3lVSQEd4odKpshxP.exe
2023-09-26 00:53 - 2023-09-26 00:53 - 000000007 _____ C:\Users\ulrichburke\AppData\Local\664QbBNmPonkgIjEIkzKeGQU.exe
2023-09-26 00:36 - 2023-09-26 00:36 - 002903928 _____ (Opera Software) C:\Users\ulrichburke\AppData\Local\kB4kAhEn7SBTPydDhdljNReX.exe
2023-09-26 00:36 - 2023-09-26 00:36 - 001534472 _____ (Qihoo 360 Technology Co. Ltd.) C:\Users\ulrichburke\AppData\Local\Vp2wG4GNDV0xv6kH8dlzEouO.exe
2023-09-26 00:36 - 2023-09-26 00:36 - 000000007 _____ C:\Users\ulrichburke\AppData\Local\yUdtkc9ormsM45GA2uIZAztx.exe
2023-09-26 00:34 - 2023-09-26 07:36 - 000000000 ____D C:\Program Files (x86)\zkehDNuDzykMdDYBQYR
2023-09-26 00:34 - 2023-09-26 07:36 - 000000000 ____D C:\Program Files (x86)\xgsRZeXuLGUn
2023-09-26 00:34 - 2023-09-26 07:36 - 000000000 ____D C:\Program Files (x86)\OgLdmcwTDNthC
2023-09-26 00:33 - 2023-09-26 07:36 - 000000000 ____D C:\Program Files (x86)\WflHaFRRIcQU2
2023-09-26 00:30 - 2023-09-26 00:30 - 002903928 _____ (Opera Software) C:\Users\ulrichburke\AppData\Local\7D6H5FDXQnjij2NW63eSua0c.exe
2023-09-26 00:30 - 2023-09-26 00:30 - 001534472 _____ (Qihoo 360 Technology Co. Ltd.) C:\Users\ulrichburke\AppData\Local\GY23i0tphjHekDGEbiKVSti4.exe
2023-09-26 00:30 - 2023-09-26 00:30 - 000000007 _____ C:\Users\ulrichburke\AppData\Local\KHBl6YcgOVsGSVVPXSNdl6RA.exe
E:\Temp

ulrichburke · Oct 4, 2023

Dear Gary.

Firstly - OWWCHHHH!!!! And now I've gotten that out the way.....

Secondly (just!) - thankyou very, very much for all your help.

Thirdly - would it be OK for me to either go through your list one by one or do the Windows reinstall on a new hard drive? I ask because I've got music making software there that I've tried reinstalling in the past - and the reinstalls haven't worked and I'm too dumb to understand why (the first installs worked by sheer luck, I think, I was on a roll and everything - inc. those installs - was going for me.)

Tell me if they're all Things To Be Deleted and I'm happy to pick my way through the list deleting them all and doing an SFC Scannow afterwards to restore any Windows files - I can do Scannow and CHKDSC and I know the difference between them - Scannow's for files, CHKDSK's for actual disk damage. (CHKDSK /F) I understand powershell pretty well, not perfect, but not bad.

Yours respectfully - and with thanks -

Chris.

Oh My! · Oct 4, 2023

I figured you would be shocked.

In light of the complications you will experience with wiping and reinstalling, let me provide what I usually post when someone asks me if they should clean or reformat their system. I am happy to continue to try to clean your computer but it will require patience on both of our ends. I mentioned rough cut because some of those entries may just be oddly named files/folders and harmless but typically randomly named entries are not legitimate. Review the below then let me know your thoughts.

Here are some thoughts I have put together for people who ask what they should do in light of the infection. Ultimately each user must decide for themselves what to do and the below are things you might want to consider.

It is necessary for us to at least make you aware of the worse case scenario. This is because of the potential Backdoor Trojans bring with them, but it is not a determination on our part that your situation currently falls within this worse case scenario.

Ultimately it is a personal decision whether to reformat or not. What decision should you make to let you sleep well at night? It is different for different people. I will say whether rightly or wrongly most people decide to clean and not reformat, at least initially.

The only insight I can offer is how I evaluate the issue personally even though I have never had a Backdoor Trojan on my computer. One of the primary purposes for malicious software is to somehow separate you from your money. It seems reasonable to assume that a thief trying to take your money via a Backdoor Trojan will hit you hard, and quickly. Once your computer starts to act up and you become suspicious you have the opportunity to eliminate access to your computer and change the information taken, namely account and password information. The key to this, in my opinion, is whether or not you have noticed any irregularities in your banking or other financial institutions, or things like email and social network accounts (i.e. Facebook). If you have not seen any evidence of that then you may question whether your information has truly been stolen. If it seems it hasn't, and your critical information has been changed, it is reasonable to be more confident you are safe but you must stop short of claiming an absolute guarantee.

If, after careful consideration you decide not to reformat your computer it would be wise to continue monitoring your sensitive data and don't wait to address future symptoms on your computer which seem to be malware related.

The bottom line, the only way to be absolutely sure to be rid of a Backdoor Trojan is to reformat. The decision is yours.

Oh My!
Click to expand...

ulrichburke · Oct 4, 2023

Dear Gary.

Again, thanks for all your help.

Yes, I am sitting on a fence whilst writing this (and the points on those boards get right up my....!!) Take me and patience for granted - I'm disabled, got co-ordination problems and am used to having to be slow and patient with stuff. Can we try the cleanup/delete a ton of stuff route first, see what it's like when all the bad trees have been chopped down and go on from there? You tell me what to delete/what kind of things to delete and I'll do it.

Yours respectfully

Chris.

Oh My! · Oct 4, 2023

Hi Chris.

I am always up for a good challenge.

In light of the fact I think we need to be aggressive in cleaning up things and that puts us more at risk of something unforeseen happening, I would like us to create a system image before modifying things. Do you have a recent system image or know how to do that? If not, don't worry, we will do it together.

ulrichburke · Oct 4, 2023

Dear Gary.

This one's a bit more serious than my last post. I've got a whole pile of music making software installed in C:\Users\Ulrichburke\Documents\Sionsoftware that I really don't want to touch because I don't have working versions of all the installation files. Why are they installed there? Because the software I use, Quick Score Elite Level 2 (don't worry, nobody else has heard of it either!) was originally for Windows XP. When I moved onto Win 10, I tried installing it normally (into Program Files) but it didn't like that at all, non-stop crashy-crashy. So I found that if I put it in Documents, it didn't crash anywhere near as much so I put it in there and left it there, with all its VSTs, some of which are JBRIDGED 64-bit files. Most - nearly all - are legit. I use freeware/demo versions/soundfonts/players (like Kontakt Player as opposed to Kontakt Full) because I suck at programming VSTs so I stick to presets. I mean if you're an artist nobody objects to you buying tubes of preset colours, never understood why you're supposed to make your 'colours' entirely from scratch as a composer. So if you're wondering why Documents is SOOO full, that's why!

Not sure if this has anything to do with anything or not - but I can't spot all the supposedly massive files in C:/Users. I mean my C:/Users is saying it's 90gig. Fair enough. I'm happy to do you a screenshot if you want but I can't find ny folders/collections of folders (folders and subfolders) that add up to anywhere near that much, when I open Users up. I've tried TreeSizeFree and Sequoiaview and unless I'm being very dumbass (quite a probable scenario, given the reason I'm here in the first place!) none of the folders in there seem big enough to add up to 90 gig overall. I'd love to free up space by putting folders onto my backup drives (I've got 6 1T backups, one 2T backup, they've all got spare space on) but I'm puzzled why there's no Obviously Massive Folders there apart from Users itself. Which isn't to say you wouldn't spot all the massive ones straight off given a screenshot cos you're the expert, I'm not sure what I'm missing though. If you could give me a head's up as to why a folder called Users that's 90gig doesn't seem to have anything massive IN it, again can give you a screenshot, or tell me where to look in it for hidden folders and the like, I'll do that.

But anything you tell me to delete I'll look at and if it's not music making software I'll delete it, if it IS music making software I'll reluctantly delete it if I can find somewhere to re-purchase it from (legit, or redownload it from if it was a freebie in the first place) and we'll see what's left at the end of it all.

And thanks again for your help.

Yours respectfully

Chris.

Oh My! · Oct 4, 2023

Hi Chris.

For right now I want to focus on creating an image of your system. That locks in being able to revert back to where we are now no matter what happens in the future. It is a safety net to make sure we don't lose anything legitimate that you now have. I don't want to do anything now that will make us worse off. If we have an image we can always go back to that image if we need to and be certain of the ability to return to where we are now.

Are you familiar with imaging a system? I assume not so I am in the process of putting together instructions on how to do it. The only thing you would have to do is follow my step by step instruction.

ulrichburke · Oct 4, 2023

Dear Gary.

Tell me where my thinking's wrong (I know you're the expert!) We can't do a full-system backup BEFORE we fix anything - because doing the full image, as we don't know what's virused and what isn't at this point, would backup the viruses along with Windows, no? So if anything happens and we had to USE the full-system backup, we'd just be replacing all the viruses again!

Sure I technically know how to do it, Acronis True Image. Or Control Panel/Backup and Restore. Thing IS - you'd end up with a massive file - how big would it be? I've got a spare 1TB hard drive, but would that be big enough for everything? If you start having to use cloud providers, the prob's not size, it's time. I've not got a warp-speed modern computer, it's from Windows XP days and it's just got 10 on it because I got so I had to update that. (Legit. copy of 10, Microsoft was giving it away then.) Uploading a complete image to the Cloud would take forever, wouldn't it? Like a day or two at least? (OK I'm prepared to go along with that if necessary, but just saying. I've heard tales of hard drive images taking almost a WEEK to upload to the cloud!)

The hard drive with Windows 10 on it's 1TB and it's nearly full, even if some of the folders with all this data in I can't find - that's why I put the bit about Users being 90 gig but the folders not adding up to anything LIKE that once you opened it up, that's been puzzling me for ages. But just to finish off - if we did a backup image BEFORE we started deleting stuff, wouldn't we just be backing up the viruses along with the good stuff?

Yours puzzledly

Chris.

Oh My! · Oct 4, 2023

You are correct, an image of your system would include any existing malware. The purpose for the backup is to make sure if we broke any programs or accidentally deleted important data we could revert back to a point where we could restore it. Yes, the restoration would include malware but it is better to be sure we have a copy than to potentially lose anything for good. This image is intended to be used as a last resort in case something drastic happens.

==================== Drives ================================

Drive c: (New Volume) (Fixed) (Total:232.32 GB) (Free:25.39 GB) (Model: ST3250820AS ATA Device) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Audio CD) (CDROM) (Total:0 GB) (Free:0 GB) CDFS
Drive e: (Volume) (Fixed) (Total:931.5 GB) (Free:666.1 GB) (Model: WDC WD10 EADS-22M2B0 USB Device) NTFS
Drive f: (New Volume) (Fixed) (Total:512 GB) (Free:336.17 GB) (Model: WDC WD20 EZRX-00DC0B0 USB Device) NTFS
Drive i: (New Volume) (Fixed) (Total:931.49 GB) (Free:406.57 GB) (Model: WDC WD20 EZRX-00DC0B0 USB Device) NTFS
Drive j: (New Volume) (Fixed) (Total:419.53 GB) (Free:151.75 GB) (Model: WDC WD20 EZRX-00DC0B0 USB Device) NTFS

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.8 GB) (Disk ID: B7C07873)
Partition 1: (Active) - (Size=232.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=510 MB) - (Type=27)
Click to expand...

Your Addition.txt report indicates the capacity of your C: drive (Windows) is only about 250GB. I know you mentioned some concern about the drive filling up but are you sure your C: drive is 1TB?

If this is all becoming too much we will proceed with caution and I will have you double check entries before deleting them. We can go the System Restore route, which is not as thorough, but we would have to fix it first. There is a problem with your System Restore.

ulrichburke · Oct 5, 2023

Dear Gary.

You're right - hard drive was telling me it's 1TB but it's not, it's the size you said. Dang! That explains a lot. Hokay.

Most of my software's not installed so much as just sitting in folders - it was drag'n'dropped over from my Windows XP disk, which is now a backup disc, and which I was using YEARS past the XP sell-by date (would you believe I found a 64-bit version of XP and was using that!?!) So I know I can drag'n'drop the main software between hard drives without having to reinstall it as such.

How about I buy a 1TB for real hard drive (or 2TB if I can find one for sale!) put Win10 on it and copy my software over to it, check it all runs (it should) and then format the current hard drive to virus-squash, or would that risk copying hidden viruses over with the files? I mean I can install Malwarebytes and do a check on each folder I copy over onto the new drive and not copy the next till I've virus-checked everything each time? Would that work? Feel free to say 'no', you're the expert here, but I'm willing to give that a shot. All I have to do is find someone selling a 1 or 2 TB hard drive and in a world full of those things, there's gotta be someone nearish me selling one (hopefully an old one I can reformat, so I'm not spending money I don't really have right now! But I'm willing to put money into a new one if you think that's better.)

I know you can get superfast solid state ones that are basically glorified memory sticks but this computer was new when pterodactyls roamed the skies, I'm not sure it could cope! (I'm talking about the machine, NOT it's owner.....!!)

Would that work? I'll go by what you say. BTW - I THINK I've found out why I couldn't upload files the first time I tried, remember I had to put a .RAR on Mediafire? Dunno if you'd call it a bug, but it's just done it for me again - sometimes if you click on a 'view thread to reply' link in one of your E_mails, the site here lets you type without logging in. I THINK if you try to upload something at that point, THEN the site's defences kick in, going 'WAAH! SOMEONE'S UPLOADING AND I'VE NOT GOT HIS NAME!' or similar. But I typed this post and clicked on 'Post Reply' and the site wouldn't let me because I wasn't logged in, though it HAD let me type the post in the first place. I had to CTRL-A, CTRL-C, login, CTRL-V, hand-finish this explanatory bit, THEN post ! Could that be the reason? Not sure, I'm not uploading files this time, just thought I'd let you know.

Yours respectfully, with thanks again for your time,

Chris.

Oh My! · Oct 5, 2023

Hi Chris.

Let's step back a bit and try to simplify things.

Would you allow me to put together a set of steps to create an image of your system? Personally I use Macrium Reflect Free and have already started to create specific instructions for you. That way you can follow step by step instructions and hopefully we can save an image to one of your other drives without the need to spend any money.

Log in or Sign up

I've Been Ransomwared - Loads Of Files Renames .azqt. How To Decrypt?

ulrichburke Private E-2

Oh My! Malware Expert Staff Member

ulrichburke Private E-2

ulrichburke Private E-2

Oh My! Malware Expert Staff Member

ulrichburke Private E-2

Oh My! Malware Expert Staff Member

ulrichburke Private E-2

Oh My! Malware Expert Staff Member

ulrichburke Private E-2

Attached Files:

firefox cant find malwarebytes.jpg

Google finds Malwarebytes.jpg

Oh My! Malware Expert Staff Member

ulrichburke Private E-2

Oh My! Malware Expert Staff Member

ulrichburke Private E-2

Oh My! Malware Expert Staff Member

ulrichburke Private E-2

Oh My! Malware Expert Staff Member

ulrichburke Private E-2

Oh My! Malware Expert Staff Member

ulrichburke Private E-2

Oh My! Malware Expert Staff Member

Log in or Sign up

I've Been Ransomwared - Loads Of Files Renames .azqt. How To Decrypt?

ulrichburke Private E-2

Oh My! Malware Expert Staff Member

ulrichburke Private E-2

ulrichburke Private E-2

Oh My! Malware Expert Staff Member

ulrichburke Private E-2

Oh My! Malware Expert Staff Member

ulrichburke Private E-2

Oh My! Malware Expert Staff Member

ulrichburke Private E-2

Attached Files:

firefox cant find malwarebytes.jpg

Google finds Malwarebytes.jpg

Oh My! Malware Expert Staff Member

ulrichburke Private E-2

Oh My! Malware Expert Staff Member

ulrichburke Private E-2

Oh My! Malware Expert Staff Member

ulrichburke Private E-2

Oh My! Malware Expert Staff Member

ulrichburke Private E-2

Oh My! Malware Expert Staff Member

ulrichburke Private E-2

Oh My! Malware Expert Staff Member

Useful Searches