Analysis Overview
SHA256
590e4e7e66f6f8e4d0838420cdba4ea3d756e644b77c433c1822a04ef455c4f9
Threat Level: Known bad
The file Xeno.exe was found to be: Known bad.
Malicious Activity Summary
Xenorat family
XenorRat
Downloads MZ/PE file
Checks computer location settings
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
Unsigned PE
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Modifies data under HKEY_USERS
Modifies registry class
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-22 02:54
Signatures
Xenorat family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-22 02:54
Reported
2024-03-22 03:25
Platform
win10v2004-20240226-en
Max time kernel
1799s
Max time network
1800s
Command Line
Signatures
XenorRat
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Xeno.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\XenoManager\Xeno.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-700.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-700.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zO8ADBA94C\Xeno.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Xeno.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Xeno.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Xeno.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Xeno.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Xeno.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Xeno.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Xeno.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | 4.tcp.us-cal-1.ngrok.io | N/A | N/A |
| N/A | 4.tcp.us-cal-1.ngrok.io | N/A | N/A |
| N/A | 4.tcp.us-cal-1.ngrok.io | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | 4.tcp.us-cal-1.ngrok.io | N/A | N/A |
| N/A | 4.tcp.us-cal-1.ngrok.io | N/A | N/A |
| N/A | 4.tcp.us-cal-1.ngrok.io | N/A | N/A |
| N/A | 4.tcp.us-cal-1.ngrok.io | N/A | N/A |
| N/A | 4.tcp.us-cal-1.ngrok.io | N/A | N/A |
| N/A | 4.tcp.us-cal-1.ngrok.io | N/A | N/A |
| N/A | 4.tcp.us-cal-1.ngrok.io | N/A | N/A |
| N/A | 4.tcp.us-cal-1.ngrok.io | N/A | N/A |
| N/A | 4.tcp.us-cal-1.ngrok.io | N/A | N/A |
| N/A | 4.tcp.us-cal-1.ngrok.io | N/A | N/A |
| N/A | 4.tcp.us-cal-1.ngrok.io | N/A | N/A |
| N/A | 4.tcp.us-cal-1.ngrok.io | N/A | N/A |
| N/A | 4.tcp.us-cal-1.ngrok.io | N/A | N/A |
| N/A | 4.tcp.us-cal-1.ngrok.io | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | 4.tcp.us-cal-1.ngrok.io | N/A | N/A |
| N/A | 4.tcp.us-cal-1.ngrok.io | N/A | N/A |
| N/A | 4.tcp.us-cal-1.ngrok.io | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | 4.tcp.us-cal-1.ngrok.io | N/A | N/A |
| N/A | 4.tcp.us-cal-1.ngrok.io | N/A | N/A |
| N/A | 4.tcp.us-cal-1.ngrok.io | N/A | N/A |
| N/A | 4.tcp.us-cal-1.ngrok.io | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | 4.tcp.us-cal-1.ngrok.io | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | 4.tcp.us-cal-1.ngrok.io | N/A | N/A |
Enumerates physical storage devices
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133555497233396338" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-566096764-1992588923-1249862864-1000\{DBC8C77D-C427-4DD0-A645-3FD57196A0A1} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-700.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-700.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-700.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-700.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-700.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Xeno.exe
"C:\Users\Admin\AppData\Local\Temp\Xeno.exe"
C:\Users\Admin\AppData\Roaming\XenoManager\Xeno.exe
"C:\Users\Admin\AppData\Roaming\XenoManager\Xeno.exe"
C:\Windows\SysWOW64\schtasks.exe
"schtasks.exe" /Create /TN "svchost.exe" /XML "C:\Users\Admin\AppData\Local\Temp\tmp638C.tmp" /F
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7fff52139758,0x7fff52139768,0x7fff52139778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1876,i,16449142349640515262,11762773581364941727,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1916 --field-trial-handle=1876,i,16449142349640515262,11762773581364941727,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1876,i,16449142349640515262,11762773581364941727,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3200 --field-trial-handle=1876,i,16449142349640515262,11762773581364941727,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3244 --field-trial-handle=1876,i,16449142349640515262,11762773581364941727,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4604 --field-trial-handle=1876,i,16449142349640515262,11762773581364941727,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 --field-trial-handle=1876,i,16449142349640515262,11762773581364941727,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5136 --field-trial-handle=1876,i,16449142349640515262,11762773581364941727,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 --field-trial-handle=1876,i,16449142349640515262,11762773581364941727,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5348 --field-trial-handle=1876,i,16449142349640515262,11762773581364941727,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 --field-trial-handle=1876,i,16449142349640515262,11762773581364941727,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5432 --field-trial-handle=1876,i,16449142349640515262,11762773581364941727,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 --field-trial-handle=1876,i,16449142349640515262,11762773581364941727,131072 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3c4 0x294
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1868 --field-trial-handle=1876,i,16449142349640515262,11762773581364941727,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3280 --field-trial-handle=1876,i,16449142349640515262,11762773581364941727,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 --field-trial-handle=1876,i,16449142349640515262,11762773581364941727,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4048 --field-trial-handle=1876,i,16449142349640515262,11762773581364941727,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5128 --field-trial-handle=1876,i,16449142349640515262,11762773581364941727,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2764 --field-trial-handle=1876,i,16449142349640515262,11762773581364941727,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6072 --field-trial-handle=1876,i,16449142349640515262,11762773581364941727,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5912 --field-trial-handle=1876,i,16449142349640515262,11762773581364941727,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6344 --field-trial-handle=1876,i,16449142349640515262,11762773581364941727,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5428 --field-trial-handle=1876,i,16449142349640515262,11762773581364941727,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6524 --field-trial-handle=1876,i,16449142349640515262,11762773581364941727,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6536 --field-trial-handle=1876,i,16449142349640515262,11762773581364941727,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1868 --field-trial-handle=1876,i,16449142349640515262,11762773581364941727,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6812 --field-trial-handle=1876,i,16449142349640515262,11762773581364941727,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6836 --field-trial-handle=1876,i,16449142349640515262,11762773581364941727,131072 /prefetch:8
C:\Users\Admin\Downloads\winrar-x64-700.exe
"C:\Users\Admin\Downloads\winrar-x64-700.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6828 --field-trial-handle=1876,i,16449142349640515262,11762773581364941727,131072 /prefetch:8
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\94d244ee925c4daaac6143e35b823be0 /t 4296 /p 3416
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
C:\Users\Admin\Downloads\winrar-x64-700.exe
"C:\Users\Admin\Downloads\winrar-x64-700.exe"
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\PopSkip.rar"
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\PopSkip.rar"
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Xeno.zip"
C:\Users\Admin\AppData\Local\Temp\7zO8ADBA94C\Xeno.exe
"C:\Users\Admin\AppData\Local\Temp\7zO8ADBA94C\Xeno.exe"
C:\Windows\SysWOW64\schtasks.exe
"schtasks.exe" /Create /TN "svchost.exe" /XML "C:\Users\Admin\AppData\Local\Temp\tmp2AF0.tmp" /F
C:\Users\Admin\Desktop\Xeno.exe
"C:\Users\Admin\Desktop\Xeno.exe"
C:\Windows\SysWOW64\schtasks.exe
"schtasks.exe" /Create /TN "svchost.exe" /XML "C:\Users\Admin\AppData\Local\Temp\tmp5BD3.tmp" /F
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\a8896377b4fc42378dbf6fe281f2ec59 /t 3992 /p 1684
C:\Users\Admin\Desktop\Xeno.exe
"C:\Users\Admin\Desktop\Xeno.exe"
C:\Windows\SysWOW64\schtasks.exe
"schtasks.exe" /Create /TN "svchost.exe" /XML "C:\Users\Admin\AppData\Local\Temp\tmp9AD0.tmp" /F
C:\Users\Admin\Desktop\Xeno.exe
"C:\Users\Admin\Desktop\Xeno.exe"
C:\Windows\SysWOW64\schtasks.exe
"schtasks.exe" /Create /TN "svchost.exe" /XML "C:\Users\Admin\AppData\Local\Temp\tmpBCFE.tmp" /F
C:\Users\Admin\Desktop\Xeno.exe
"C:\Users\Admin\Desktop\Xeno.exe"
C:\Users\Admin\Desktop\Xeno.exe
"C:\Users\Admin\Desktop\Xeno.exe"
C:\Users\Admin\Desktop\Xeno.exe
"C:\Users\Admin\Desktop\Xeno.exe"
C:\Users\Admin\Desktop\Xeno.exe
"C:\Users\Admin\Desktop\Xeno.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 92.123.241.137:80 | www.microsoft.com | tcp |
| GB | 92.123.241.137:80 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 137.241.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.tcp.us-cal-1.ngrok.io | udp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| NL | 142.251.39.110:443 | clients2.google.com | udp |
| NL | 142.251.39.110:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 232.136.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.241.123.92.in-addr.arpa | udp |
| US | 162.159.136.232:443 | discord.com | udp |
| US | 8.8.8.8:53 | assets-global.website-files.com | udp |
| US | 8.8.8.8:53 | global.localizecdn.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 104.18.5.175:443 | global.localizecdn.com | tcp |
| NL | 216.58.214.10:443 | ajax.googleapis.com | tcp |
| NL | 216.58.214.10:443 | ajax.googleapis.com | tcp |
| GB | 13.224.81.106:443 | assets-global.website-files.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| GB | 96.17.179.184:80 | apps.identrust.com | tcp |
| GB | 13.224.81.106:443 | assets-global.website-files.com | tcp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.5.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.81.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d3e54v103j8qbb.cloudfront.net | udp |
| GB | 18.165.158.90:443 | d3e54v103j8qbb.cloudfront.net | tcp |
| US | 8.8.8.8:53 | assets.website-files.com | udp |
| GB | 13.224.81.45:443 | assets.website-files.com | tcp |
| GB | 13.224.81.45:443 | assets.website-files.com | tcp |
| GB | 13.224.81.45:443 | assets.website-files.com | tcp |
| GB | 13.224.81.45:443 | assets.website-files.com | tcp |
| GB | 13.224.81.45:443 | assets.website-files.com | tcp |
| GB | 13.224.81.45:443 | assets.website-files.com | tcp |
| US | 8.8.8.8:53 | 71.10.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.158.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.81.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.110.54.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 172.64.155.119:443 | geolocation.onetrust.com | tcp |
| US | 8.8.8.8:53 | 40.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.155.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| NL | 142.250.179.142:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 142.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | remote-auth-gateway.discord.gg | udp |
| US | 162.159.135.234:443 | remote-auth-gateway.discord.gg | tcp |
| US | 8.8.8.8:53 | 234.135.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 8.8.8.8:53 | gateway.discord.gg | udp |
| US | 162.159.133.234:443 | gateway.discord.gg | tcp |
| US | 8.8.8.8:53 | 234.133.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | status.discord.com | udp |
| US | 162.159.136.232:443 | status.discord.com | tcp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| US | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| US | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| US | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| US | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| US | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| US | 162.159.134.233:443 | cdn.discordapp.com | udp |
| US | 8.8.8.8:53 | 233.134.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.scdn.co | udp |
| GB | 96.17.179.167:443 | i.scdn.co | tcp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.178.17.96.in-addr.arpa | udp |
| US | 162.159.134.233:443 | cdn.discordapp.com | udp |
| US | 8.8.8.8:53 | images-ext-1.discordapp.net | udp |
| US | 8.8.8.8:53 | media.discordapp.net | udp |
| US | 162.159.128.232:443 | media.discordapp.net | tcp |
| US | 162.159.129.232:443 | media.discordapp.net | tcp |
| US | 162.159.129.232:443 | media.discordapp.net | tcp |
| US | 8.8.8.8:53 | 232.128.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.129.159.162.in-addr.arpa | udp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 162.159.129.232:443 | media.discordapp.net | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| NL | 172.217.168.227:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 227.168.217.172.in-addr.arpa | udp |
| US | 162.159.128.232:443 | media.discordapp.net | udp |
| US | 8.8.8.8:53 | 32.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.tcp.us-cal-1.ngrok.io | udp |
| US | 54.219.150.182:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| SG | 74.125.68.94:443 | beacons2.gvt2.com | tcp |
| SG | 74.125.68.94:443 | beacons2.gvt2.com | tcp |
| SG | 74.125.68.94:443 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | 94.68.125.74.in-addr.arpa | udp |
| US | 54.219.150.182:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 3.214.58.216.in-addr.arpa | udp |
| US | 54.219.150.182:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.150.182:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| NL | 172.217.168.227:443 | beacons.gcp.gvt2.com | udp |
| US | 54.219.150.182:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 8.8.8.8:53 | 50.192.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| AE | 172.217.17.67:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | 67.17.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| NL | 216.58.214.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | www.win-rar.com | udp |
| US | 8.8.8.8:53 | 14.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.179.250.142.in-addr.arpa | udp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| US | 8.8.8.8:53 | 163.68.195.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.tcp.us-cal-1.ngrok.io | udp |
| US | 52.8.11.72:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| US | 52.8.11.72:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| NL | 172.217.168.227:443 | beacons.gcp.gvt2.com | udp |
| US | 52.8.11.72:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.72:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.72:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 162.159.136.232:443 | status.discord.com | udp |
| US | 8.8.8.8:53 | 4.tcp.us-cal-1.ngrok.io | udp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.136.232:443 | status.discord.com | udp |
| US | 162.159.129.233:443 | cdn.discordapp.com | udp |
| NL | 172.217.168.227:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 233.129.159.162.in-addr.arpa | udp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 8.8.8.8:53 | 4.tcp.us-cal-1.ngrok.io | udp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 8.8.8.8:53 | 4.tcp.us-cal-1.ngrok.io | udp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 8.8.8.8:53 | 4.tcp.us-cal-1.ngrok.io | udp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.135.232:443 | discord.com | udp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 8.8.8.8:53 | 4.tcp.us-cal-1.ngrok.io | udp |
| US | 54.219.150.182:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.150.182:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.150.182:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.150.182:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.150.182:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.150.182:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.150.182:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.150.182:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.150.182:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.150.182:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.150.182:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.150.182:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.150.182:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.150.182:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.150.182:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.150.182:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.150.182:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.150.182:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.150.182:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.150.182:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.150.182:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.150.182:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.150.182:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 8.8.8.8:53 | 4.tcp.us-cal-1.ngrok.io | udp |
| US | 52.8.11.72:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.72:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.72:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.72:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.72:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.72:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.72:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.72:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.72:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.72:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 162.159.135.232:443 | discord.com | udp |
| US | 52.8.11.72:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.72:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.72:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.72:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.72:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.72:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.72:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.72:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.72:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.72:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.72:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.72:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.72:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.72:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 8.8.8.8:53 | 4.tcp.us-cal-1.ngrok.io | udp |
| US | 52.8.11.72:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.72:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.72:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.72:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.72:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.72:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.72:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.72:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.72:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.72:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.72:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.72:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.72:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.72:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.72:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.72:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.72:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.72:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.72:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.72:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.72:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.72:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.72:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.72:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 8.8.8.8:53 | 4.tcp.us-cal-1.ngrok.io | udp |
| US | 52.53.74.111:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.53.74.111:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.53.74.111:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.53.74.111:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.53.74.111:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.53.74.111:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.53.74.111:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.53.74.111:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.53.74.111:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.53.74.111:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.53.74.111:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.53.74.111:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.53.74.111:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.53.74.111:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.53.74.111:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.53.74.111:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.53.74.111:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.53.74.111:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.53.74.111:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.53.74.111:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.53.74.111:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.53.74.111:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.53.74.111:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 8.8.8.8:53 | 4.tcp.us-cal-1.ngrok.io | udp |
| US | 52.53.74.111:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.53.74.111:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.53.74.111:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.53.74.111:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.53.74.111:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.53.74.111:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.53.74.111:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.53.74.111:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.53.74.111:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.53.74.111:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.53.74.111:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.53.74.111:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.53.74.111:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.53.74.111:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.53.74.111:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.53.74.111:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.53.74.111:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.53.74.111:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.53.74.111:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.53.74.111:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.53.74.111:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.53.74.111:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 8.8.8.8:53 | 4.tcp.us-cal-1.ngrok.io | udp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 8.8.8.8:53 | 4.tcp.us-cal-1.ngrok.io | udp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 8.8.8.8:53 | 4.tcp.us-cal-1.ngrok.io | udp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.136.232:443 | discord.com | udp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 8.8.8.8:53 | gateway-us-east1-c.discord.gg | udp |
| US | 162.159.130.234:443 | gateway-us-east1-c.discord.gg | tcp |
| US | 8.8.8.8:53 | 234.130.159.162.in-addr.arpa | udp |
| US | 162.159.136.232:443 | discord.com | udp |
| US | 8.8.8.8:53 | 4.tcp.us-cal-1.ngrok.io | udp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 8.8.8.8:53 | 4.tcp.us-cal-1.ngrok.io | udp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 8.8.8.8:53 | 4.tcp.us-cal-1.ngrok.io | udp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 8.8.8.8:53 | 4.tcp.us-cal-1.ngrok.io | udp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 162.159.130.234:443 | gateway-us-east1-c.discord.gg | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 8.8.8.8:53 | 4.tcp.us-cal-1.ngrok.io | udp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 8.8.8.8:53 | 244.90.52.13.in-addr.arpa | udp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 13.52.90.244:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 8.8.8.8:53 | 4.tcp.us-cal-1.ngrok.io | udp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 8.8.8.8:53 | 190.247.219.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gateway-us-east1-c.discord.gg | udp |
| US | 162.159.136.234:443 | gateway-us-east1-c.discord.gg | tcp |
| US | 8.8.8.8:53 | 234.136.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.137.232:443 | discord.com | udp |
| US | 8.8.8.8:53 | 232.137.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.tcp.us-cal-1.ngrok.io | udp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.247.190:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 8.8.8.8:53 | 4.tcp.us-cal-1.ngrok.io | udp |
| US | 54.219.150.182:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.150.182:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.150.182:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.150.182:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 54.219.150.182:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 8.8.8.8:53 | 182.150.219.54.in-addr.arpa | udp |
| US | 162.159.136.234:443 | gateway-us-east1-c.discord.gg | tcp |
| US | 8.8.8.8:53 | 4.tcp.us-cal-1.ngrok.io | udp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.142:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 8.8.8.8:53 | 4.tcp.us-cal-1.ngrok.io | udp |
| US | 52.8.11.72:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.72:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.72:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.72:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
| US | 52.8.11.72:14628 | 4.tcp.us-cal-1.ngrok.io | tcp |
Files
memory/5016-0-0x0000000000760000-0x0000000000772000-memory.dmp
memory/5016-1-0x0000000074590000-0x0000000074D40000-memory.dmp
C:\Users\Admin\AppData\Roaming\XenoManager\Xeno.exe
| MD5 | b9ff857cd3e61769787d6c21b45bcc6c |
| SHA1 | 92aea3ec2bf2ca4f7127ef8581e1a79059774489 |
| SHA256 | 590e4e7e66f6f8e4d0838420cdba4ea3d756e644b77c433c1822a04ef455c4f9 |
| SHA512 | d87caa6133e50141458d30915f400592f0b1e20b75457c51d2c8929987fd6cce1dc7ba4539fa5efcb18f7b5510b72273a0c7c076b4a991c3539aa5bbc46bdb0b |
memory/5016-17-0x0000000074590000-0x0000000074D40000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Xeno.exe.log
| MD5 | 916851e072fbabc4796d8916c5131092 |
| SHA1 | d48a602229a690c512d5fdaf4c8d77547a88e7a2 |
| SHA256 | 7e750c904c43d27c89e55af809a679a96c0bb63fc511006ffbceffc2c7f6fb7d |
| SHA512 | 07ce4c881d6c411cac0b62364377e77950797c486804fb10d00555458716e3c47b1efc0d1f37e4cc3b7e6565bb402ca01c7ea8c963f9f9ace941a6e3883d2521 |
memory/2236-18-0x0000000074590000-0x0000000074D40000-memory.dmp
memory/2236-19-0x0000000005100000-0x0000000005110000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmp638C.tmp
| MD5 | c19b33268e74b9dfb678ebbe128db491 |
| SHA1 | 49dd45693580c198a87ba06464c362c7c993907b |
| SHA256 | 8ad22e22ad7494702655cea50b2228b602ed223c844148e2780610bb4bdba435 |
| SHA512 | baf521387a499412d8283f8733ced0e05aeab7e7a66e58c0110d857bfd07d68748e7805098e131fad954eb58761688dffd0c36359115d460155287ebb5ebb3e6 |
\??\pipe\crashpad_4260_LPQQLASZSQMIIUZI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7bd674616cf14524b3cedbc3747c78c9 |
| SHA1 | 9ecd42d91636ac323a7011f5c7042060c715f967 |
| SHA256 | 47fe0bb4815e4b5d2362e19b60218475f0fca4bb912bac5ef7e966eec97d1906 |
| SHA512 | 7cf69fe493f91498d0dbc908e35c06ef30695572a8cedf883ba8208b5905b1f53fee15a80e8adb6ceef3be50081d99c72a121bcc74729e10e958474ccc2c7d74 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | cc633567a1f7e556630332af070a1f13 |
| SHA1 | f5c99a8fda945400d07d915abc7a23dbc4493a28 |
| SHA256 | 99c2b1ea2bee318f01dca538320f32944221513fd5b7f744e5d74c4b0898bae2 |
| SHA512 | a474bcaa3a1349f80571cf9483957ba4c8e4047b7ebfe15fc3e6be1514f1c8242c09db893b709481f814862e177aef465c10f51e3a9bb6948af725cf4be27d45 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8aa769a00a2ded15fdd476d6af001b7a |
| SHA1 | 9f58797831ba5179770886a6c6f42f443d844f85 |
| SHA256 | cad4b2841571b4688f1b17db8952e148fa7a80d164b97aaae1301fa18aa0db34 |
| SHA512 | f3625326fcf4fbb89ce943b2b9a7417a676fec9fc26c99e7890b3fdd3db0101befc706f0740ac8ad83b2cfba398c12f05f4e165a002d8c7a8ec432c972d3bf0a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\1df60205-73a1-482d-a827-2baf9931f205.tmp
| MD5 | c954f58e277dfd7c930116f434cfc604 |
| SHA1 | d46feb3ed604d4bc8f066c6719651257ecdf1838 |
| SHA256 | 5d5ff6d73bdf1b56e7396cb97e204d47d90fd2675ffbbb5baef2128fbe0b70f4 |
| SHA512 | 55c79fdb1e2c22f663ff8d9def13c10a989cfda8137e5f0a9cfb83129f505ac589807a0e4c25fa458f7ff00db02c03ab37e7c760cc3cd24863bb864a91664f67 |
memory/2236-65-0x0000000074590000-0x0000000074D40000-memory.dmp
memory/2236-66-0x0000000005100000-0x0000000005110000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 830d809a9b86be7a07ccd2557ab807ca |
| SHA1 | b9ec01e8d2c75006a148ac2d41e1a95abd957017 |
| SHA256 | ce97ad153a7dd5baf3118472574d102cc3d328e8c3e90f639dc766cd01fe13b8 |
| SHA512 | de2237e1ebd5ad3c072d94af7fecd7f546a844ac7e7659b34ee3f2bf8c86acc7a0fd579347d9cc91fa6a847212e96eb2a484b772235ca12edf95b2750fa04904 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 091305a1419b25d59089f28860f08881 |
| SHA1 | 81d30888afe335f5555e16ebc37c68e158008523 |
| SHA256 | 9befe0c9750d6e838d7a4fbb244a1c540594d476dd0f158a8ab80e800a5298f2 |
| SHA512 | 2499a28eea4fcdfe9bca472f0d907dd7e67ac1d059b9cd908f30a06f2776646d8fbe827772031224fbd212fd8fed4b3b27f8d6667f92b1166d997cd3ee09e726 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | ebf6bf666fc86c00edbd51c89b2642cf |
| SHA1 | d4f1b9de1fdbc9f5b4589f08cf7a29e12573a3c3 |
| SHA256 | 4472b12c255e3c8b3f5df089bfd6dfee818672d3f4aff9e3fc3441f43536bc79 |
| SHA512 | 49c1b581327d61e958f57d2a1e2f8e83fdf633b553c0e795f23d5aece8090382d7836fb0006abb9e55fd4f2d4fa78c3d81a81adf2b2ae6a45b5707b94018a67a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57edcb.TMP
| MD5 | 31ce9047f5d0235c3f3a52f1ff2eb4fd |
| SHA1 | 573af066f4be5da0f7861a74d58a5d2e1c9c5409 |
| SHA256 | ac8adb34661167bd7c9a4e159982023f1c42536b9cc747f5baf8fa2828115fb6 |
| SHA512 | 47649f198a5c446cb59da81c7683e4431d12e160e1e75e22eb9b8557c38822b397ed1b61886c4968cfee4be51f0ddec080864ff7c06f1307163e03c2430f68da |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8a273eec6ff97efc05ef874cad96e29c |
| SHA1 | f0f50dcca7b61af96a92cf61e4cdd55bce02d693 |
| SHA256 | 5e88a7725204439269fa575b06a90580d3abdf3f500bcd3181712d448d1153d4 |
| SHA512 | fe256dcb23eca89192cb81a2ef7a894b640e513aa9c55b44f4deaeab803c1ca213d9a732e38d9c3f27313804de01c27b6cb13ff68601633ac69d62fe1421a803 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b5d4cc125db8c8d27aad43968a127e10 |
| SHA1 | 67831dd7af1016c854b3d1e4cb429a9bd747e857 |
| SHA256 | 6e297b9335258f01e33d962d97fcf7d59f86af20d6205344fc2713f61962e2b8 |
| SHA512 | 92ab70086074c74c020f19c189cfe2c908f9c6536531c1c998bab1916a1a33aa256487df0145435ddf648659789eee275e35ada787d290fba6209c56aa72bb37 |
C:\Users\Admin\Downloads\Xeno.zip.crdownload
| MD5 | a877d6845cee78ea9f130e4450780920 |
| SHA1 | 009c5c2641748ce2c5d20410300c3cecf86e451b |
| SHA256 | 7dfeea625f42a6066c5fcd5cfc514b7b6dd59022466569c07dba8ee316ce3c0b |
| SHA512 | b034f5889c410bef8c4e176d8e04cd64c3e1ffbba2bac1ce451b4967b8527a0d127eba1ecd1ab0adef90ac01c5e493b6c0e210e9d9e2d5c2acb072aac664182e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6c7b7731051926008978d659580622c0 |
| SHA1 | 7e5fadfe28af283cf8e64b2cefec73e7d4456f63 |
| SHA256 | 4243faf0dce74426452880aba62758e44f8f1bebab36ee1fbcf0be5dbedbc999 |
| SHA512 | eaa687ffb5fc7530eaaae625b953461bd6e0d138ff5c1c2535afbd105b111ef1513f7764932af3bbe1599f44ce47eb19ca5d3c90bb748cfe07e6ef4007b831e9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 568665b39a32faeacd59e38081a744ce |
| SHA1 | 10c68d4fdad5f28dc550c88f0dbd6f6ca75715e3 |
| SHA256 | 20111320b54890d7221ec2739506dfb7a124ca27ee2eac947a70287a14c14b40 |
| SHA512 | d4984ba16ffde9b8f7bef543f4b3021a91027d83260f8c5f0dc381cdde68c5102cd84ecd43502859f75f62f2a0d35fb096e40afad6a900113d00f75cd5bf1848 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f8d3a0527a03d9cb43bd33dc9c50c8f9 |
| SHA1 | 9a223addd886b30f91870e69dcde5276c628e521 |
| SHA256 | 171c95fee9c387f3ce516c67a260df236f6d5b80c55812acdb7e1cb940fc9e0f |
| SHA512 | ef4adc19d5963d1e8e3f77b30a4bc0a6dfa420a84be58ee68699821568549a54eae62f77d2ccf02a5d06da7384cae5ddb7dee306c72cb7492e04eeb94aba2ed5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 81d814869d592c73b28ffca07ef126b3 |
| SHA1 | fd3317e8d6a755534f83ce6a82514ebfa6d3ca8f |
| SHA256 | a82e1aaa6f8013bf633cda68a8cef7d0352821e0e663fedcd208afbe5d52df4b |
| SHA512 | 5bef8d8a36e401c49b3325174e26c395678df6018b7104e7ac71da0d7406841d8475d69ebb7c868ef02fad3c597516301eee64ff4ba3d3386887bbf5b30f4049 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c42b5a5f31ce8d50e3338bc602c7a26b |
| SHA1 | 59ea8c1c7f7cbe821c12b961cd71db2d84ba35ca |
| SHA256 | 1e1c13fd04644c621c260b1e0ccc7de0a145cf583b1872cd2c83ad08a518615f |
| SHA512 | 8d58e68a8fd381d91b1235cc8a066509e0bce124b98951b6cbeef8d2819f06616594597ac3ee7a76a4d73d930176f7945e052b61119698340fc3039a005be02f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 50bbc92ecbd9297f22e1889fe1cf574a |
| SHA1 | d220c5f434a9d7b54b4d7ba6fb64e17e05e2dd99 |
| SHA256 | 038c0f90a0f0d2457f84d93f42d1e6270c321340dffb45ba61c74763aac3be56 |
| SHA512 | e99e18ef51b00acc8846349d8bb18ed946a8f8094d3db2fd3769da2d0a2fb56d580a7bbc7e7fd8c5a39bf66a85c912a916f1f5444fd997f03c2ca7b628f7e225 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004b
| MD5 | 813c1b41e435242e7365a4bcd7adcf23 |
| SHA1 | 2d25e1564eaf93455640413b95646b3f88f9075b |
| SHA256 | 70cb2151ee4ef83195855d29819491a23c5eafee2e72b7ffd9041b35363d1542 |
| SHA512 | 268c4fa1797700a205e37e716c1472592ad6242344645c703ab1ab8d4d68452c3ccce7cdc4d56a0b42d4061bdc793f1c79dffc397f038133387b94b2a1f4051e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ba905da61de8235b0022347f4f8a5769 |
| SHA1 | ca697d20221f9203fd9278445fe65f4fdf7a7908 |
| SHA256 | 5a9c84b461463bf993b4224dea55c1da4925b4ab1a43aef1696cb430e06cffaa |
| SHA512 | 33ad68816fd5722307db0723257a663968650145c880e7fe8e23f95470f0415385efb51c9f998283c9f7acd3aa3da99c7dbf1d2d4b18268e9d07ff2dab78c8e9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 3e7fa3a73301a2f6b3273784c446502f |
| SHA1 | a5c8940a884bcd6fccaa34e226cce69531e6520b |
| SHA256 | 4a4e94bb084fe2bf47ae4202a66da08a2a74c837e90879010219fa777ccb458d |
| SHA512 | aa6e837d796250c20c3ea07db171bb164afb47b53e2a815b5e61390b8b07ca17efbc8bb8ece53837b3a41e13321fb2f62f39055a8f2c8a6aaf0cb4d004abc80b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7281cd4125a1d22996af33b19bfe85b9 |
| SHA1 | be94a118831f1cd602a2b83ae14bebbf1c0d325d |
| SHA256 | 1b444b798438f330de5544f8905dfc0d3299dfe8c9d4cf3888802baef1665d63 |
| SHA512 | ec9e6d4e9f46bc42ac4b643425f044a190841506326716a87683ec51d617ec4d7d6a147d81864521ea17a12c8dcd6c41a01783d7eb21db697d4c2f06ba363406 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 5980ea5423238b77decdee05399b7739 |
| SHA1 | 80dc33053d1f2b3b25306a2ffdcf921327a1d003 |
| SHA256 | da35dc246d6b54884ba2399e0899eebd09645b9126a944c105f14f67f16035c3 |
| SHA512 | feda5553179603ce8c4861a2de36932c521cbb67efbfb8ebb93dcfb035440eefadebd588c30fbac750d72d05c4e0f0ded76c4fb2f7672bd10e1edf31303ae4cd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 16feebe440b0466c9c4f813a5539096c |
| SHA1 | 1c30acff946daea76215257a5753083f533db9a9 |
| SHA256 | f7f68117b38cf6511e7f0b987dc22eca805d4bbdda5fffab34c5fdcbc0fa2adc |
| SHA512 | fe10b2814761b0c8a1dc4be42c0408a7c42cc733c6ec3d07d659f220633da9b032efc0fe4bc76b7e6e33f0b3ee87104983e784349b71fa2d812b1e203fa2394c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 90a439403378b662853457d9b1cd39b9 |
| SHA1 | b99209891fe67dd8b1ebedbcea7059e6af8d4fb9 |
| SHA256 | 74ce3d5a2094eb838be8885dafde442ea3c8c25c2cd2cff6e6b8d6128fdbd4b2 |
| SHA512 | 0b9baab4c3f0776ffda1dab88eb8ed19e05e69cc3177eee1869dc539435a0fc92a9ae81f75cdb16ea98834b101db14776e0d121db4b979a7dca48ab5c502cd90 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 011bd2c5fc16dde338468903b0b5d449 |
| SHA1 | cd2633dab50d697cc79861136dc38aa094ec3b46 |
| SHA256 | 12ea487169970f2cb732e66b85e7634b1705f992bca9b35de80179eb569520ce |
| SHA512 | cc18c16f36aa19dbffb341cc1ebe10b4eaac1050ae37deb666f6c9c04caad6153f7f81e864e706456709e38d47212c9f09c12f34490f73c38e9a040448da6f79 |
C:\Users\Admin\Downloads\winrar-x64-700.exe
| MD5 | 9688349e758b7f4407f89ca483a93531 |
| SHA1 | 9b32d6490ae27346c4b6a00d9c430fef8fafb9b8 |
| SHA256 | c97dbcd65036dd97bea0351f36a33f869c031c10483ce36c77de91a9c384f484 |
| SHA512 | adaf654fa89190eb15cf535a567277ad303a9203d073bb2c7c8ccf0b8244f86806f39c71bb708f0843b9d9d5d1f69e9c612bff5e20ba4cb6e9fedc2d5105f8e8 |
C:\Users\Admin\Downloads\winrar-x64-700.exe
| MD5 | 48deabfacb5c8e88b81c7165ed4e3b0b |
| SHA1 | de3dab0e9258f9ff3c93ab6738818c6ec399e6a4 |
| SHA256 | ff309d1430fc97fccaa9cb82ddf3d23ce9afdf62dcf8c69512de40820df15e24 |
| SHA512 | d1d30f6267349bb23334f72376fe3384ac14d202bc8e12c16773231f5f4a3f02b76563f05b11d89d5ef6c05d4acaacc79f72f1d617ee6d1b6eddab2b866426af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | 406a86b97b437e95bc917d264ea68725 |
| SHA1 | d8cb22b87947b44984c30e02bcf9031d697ff073 |
| SHA256 | e5a0bb4c16703eb5479752d00bfa8c76e73696522e7c62ae0b7a9ae5888420a6 |
| SHA512 | 91b61bad693153ba74f0153b825e1a6f11d13fc4785b846954142f81bb4989df2997cb490cd18f58b109a7a865f4d76c9f9816e3cd67fd999b345c010e8658b4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 71533036f75db6dcf8e854ff50510f20 |
| SHA1 | 972a32b90f1887857d3bc64dd643cec65f8479f8 |
| SHA256 | f18817f281f0c50abf64680da1178fcd8fac81b08c58d417d4eabd8203f70fd6 |
| SHA512 | 4f2e85775976126a38243e6905b77f68cb5957f9957c2112281df4e36ec83c1d4e56ba3b5c07aed7c3d366aa63103e7502c2f5ad70c546ec97fa6b78f32eb3f4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 53454ada4b5b45ec1c480e270807454a |
| SHA1 | cc392cfaf94dbe6467d6d19d07698b870a6afea7 |
| SHA256 | f539acabebc3b0c2877ed12c8a1dc902eb3fdab83e1fe55ca04c4f6fa06d9f86 |
| SHA512 | 318fc5d5480f0aa8e91fb92dacb2332620a9c22e472d029903eb0784714ae9f21c3d4150a9a1e4f608c76983d174d828120fcb02f5617684fad756d45bc5f1db |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 95518acb0bbbc818e78ef24d3783f934 |
| SHA1 | 06d2a87a8f53463dbd27ec47d7f851da787754e3 |
| SHA256 | f767df7d20c3515b17cfba153ba3773341af3770ce783cc75a4d2417de83b833 |
| SHA512 | d5128077b1d2560a44bed1727ce38410400696f4ddad3a91d35db4305ce73e2553d64b3b62b895735f9581170aa0626163a910c6d5e3f3967923c876968ffbf2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 85f34fbad44a9ff4d8990e0ae1788748 |
| SHA1 | 59e43d33a14af32d041f3a65e057c98d8c05361f |
| SHA256 | ab96020835650c131f4fb9bb8105c8c4eebfdccab2755c3f852095b9d351acc8 |
| SHA512 | 7937d469b915f30b1558d96421fadf50eafcc97939dab6c114f9a4506d7a305842c1b4f39958fe66a217279139d990a7cd17cba92866c9b84982fc10506e3248 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fc0e37cf2581f52b8f26ec75ffac8d05 |
| SHA1 | b46609a0c02dfdb168aa782b5954d71f22dba69e |
| SHA256 | 7e96c01e84150f3e4bc523a60c89ca6aea612a67f537dac502c1fc0fa471ac40 |
| SHA512 | e9cdd6727223b00ca553bb6bcabae975b5399c5082b06530bedf5a60554166a85b545dc0e02e7b10fd75834adaebc1a540a69be88b220c8c138fbadc747b4523 |
memory/5616-804-0x0000028468240000-0x0000028468250000-memory.dmp
memory/5616-820-0x0000028468340000-0x0000028468350000-memory.dmp
memory/5616-836-0x0000028470610000-0x0000028470611000-memory.dmp
memory/5616-838-0x0000028470640000-0x0000028470641000-memory.dmp
memory/5616-839-0x0000028470640000-0x0000028470641000-memory.dmp
memory/5616-840-0x0000028470750000-0x0000028470751000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 256725da691c0afb866248f171de6e17 |
| SHA1 | 47b1bd8a43322f7939ef8d37318541ad87c0eb72 |
| SHA256 | c88861a29c3cf34690395b1d3fd58e27a8cb355f482ca517844ef641299e08e9 |
| SHA512 | c616d97e1f1ac1981d1f0894d80f305140782faa215fc117dd148095a385a8d3d294047f520eacf83b99a66e52d02a5af42602f32231dcb3a7cc092024316284 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 253b52e32d78c3bc9ab0893df08ab430 |
| SHA1 | afa3edae0beb1a971bf22cd918c2ef6bab64df69 |
| SHA256 | 8135d86ea26cce1e980adfd829a95ed52f0638226ae989cd0e00a6f3e8018d34 |
| SHA512 | ae28b57dd79954f44fbbfa7e783876091499daef5d6ca5975cb4af930328a4712ddcdf2b0027e9e54e3f270e494d700bcc05eceebb1e28acd6c11b8e720deb6e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 6280c540f50334541d00f8faf8afbd41 |
| SHA1 | a824c856fe37a032ea721d3a563a0de81e45a315 |
| SHA256 | 603d01b9a0cef713ccdadb148e780f13b6b41d97f69d5e5652f059346b7a76c3 |
| SHA512 | 0f1130f386b3204a38411ee0ed67c8fbec7bc0f5670630b107394363323349000e9a8489e4ae1a39bc3107cf7f38766a56e69fdf7961c9101a2bc66ddd0acfaf |
memory/3236-886-0x0000000074590000-0x0000000074D40000-memory.dmp
memory/3236-887-0x0000000002F10000-0x0000000002F20000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmp2AF0.tmp
| MD5 | cd60e1aa86745b3e5428ef4996724532 |
| SHA1 | f153c67f8aba9d2216d56c2a1ed0b56d8dd8c124 |
| SHA256 | 49e4aa85a8e6d3868278cf1893a11683e0b56b9e06f0caaf1d475349642f365b |
| SHA512 | 0099239bcafc8814524d26eaf983751d6c95d68ff8625cab8cd6ecfdef6e43e332f0453129b16cb8521a3ef54f7fa91c2e4671cf405f8d578d049f75c3778114 |
memory/1800-894-0x0000000074590000-0x0000000074D40000-memory.dmp
memory/1800-895-0x0000000002AE0000-0x0000000002AF0000-memory.dmp
memory/3236-896-0x0000000074590000-0x0000000074D40000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmp5BD3.tmp
| MD5 | fe6f6152909c63badd74b1bc21577980 |
| SHA1 | 26dd206c7ef638b6c1d9cc4eb05d394f4775b475 |
| SHA256 | 33c636db61f6e46fe32704d99673098b997ba612d4214a84c0a8b23aa53b7c72 |
| SHA512 | 0792e5b7b174df59b3240e3cf3c49d5dea2896a3100ce72276e1c07c85c6819ce51c76eb5dfc81da15a075c1e9604316e02b1638ca4062291c219907088254de |
memory/5592-909-0x0000000074590000-0x0000000074D40000-memory.dmp
memory/1800-910-0x0000000074590000-0x0000000074D40000-memory.dmp
memory/5592-911-0x0000000004F60000-0x0000000004F70000-memory.dmp
memory/4420-915-0x0000000074590000-0x0000000074D40000-memory.dmp
memory/3332-920-0x0000000074590000-0x0000000074D40000-memory.dmp
memory/5592-919-0x0000000074590000-0x0000000074D40000-memory.dmp
memory/4572-922-0x0000000074590000-0x0000000074D40000-memory.dmp
memory/5592-924-0x0000000004F60000-0x0000000004F70000-memory.dmp
memory/6124-925-0x0000000074590000-0x0000000074D40000-memory.dmp
memory/4880-927-0x0000000074590000-0x0000000074D40000-memory.dmp
memory/4420-928-0x0000000074590000-0x0000000074D40000-memory.dmp
memory/4572-929-0x0000000074590000-0x0000000074D40000-memory.dmp
memory/4880-930-0x0000000074590000-0x0000000074D40000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0f7ba3c46d34045c1b8481cfa9a60a34 |
| SHA1 | 1d9abf29e9083da53b96bbb54c44750f17c91384 |
| SHA256 | ef0a568046b15a977bd81647df27d1144e71e4986a6212ddb6243ab4d6eeb887 |
| SHA512 | 0fc54a9ac239a06d14aeddc3b16b6007f4684952c05ec930f63772fb10f32d97bed579ea9457c7f91663689c66a55e1244eff7e5ad341fd409e374c0827d3769 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 34bd51fe062a1b1a905863786d1b40da |
| SHA1 | 183d3024589a9d0d404d35ccce98631f2073c637 |
| SHA256 | 418588fe872dd7e3d0ac6733e25d871d6394cfd447aacb8eddf750742b06f889 |
| SHA512 | f934d0967c680bb5366f1ab57246324a168b9cf2db3b16ce3e96177340a869c5a4977a9373f69f557e1060b5993d0609b47ab2bfc9847be91cec795e7a6cfcc3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7e4d4b658e56c00b183e45c03b1452bb |
| SHA1 | a1e9bf05e317dc94e84b0ff54f0adb184c45be2c |
| SHA256 | dbe0bf9e8477fad2579739fd82d15d4440d0062d7c2c8d8b838858b681476729 |
| SHA512 | d3b0197d1b3095414be57f0524257d80ebf6b074bb245179f9a0fabc52f026bfe2fc8f6d1cc8e1842e4ccdb076fbe912961840c043a5ffcfbd03ac0cd1dd3975 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5d040bd03fa6ac0144b072f843cfb242 |
| SHA1 | b99f38bcee77e3672412f2db04cea5f4e2ac00c0 |
| SHA256 | 2eef39acd9656f5cb3162f4ed6e6d12b0529c29c5575b31fc3bfea4e972f15c4 |
| SHA512 | 409babcb3eee204cac7aac4e798ae26a36eae0caf254b9d3723297baa5b00f319fa1d59a267870235396e04d110047eafaa5337248d8e6c0bcd805862699cbea |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | aeeaa962e9fe5c1cca2c37026b23c7f6 |
| SHA1 | 1ddbfac69207ba0c2ad588f036ab3d3cbdcc01b0 |
| SHA256 | 270a5c4449a80f380ea7d11ad76d38abef551f324cb27df65ff8ecd32dca3732 |
| SHA512 | 31e2d026270e9aa9dacfe4ac1f3768aaaf3d85eeda9ac49893e62ce51fe22ced93a551aa642c39dac5f484957a00984328edbcc9e4c84aeb2732e390f0a0dc12 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f62311fa3d248e9c41d0ccebd5d112d0 |
| SHA1 | 5bd90d0766bec44c26d86b76c13ae3e85d1a2800 |
| SHA256 | dc20b6b83b60ae8c454ff1dc74b149eb451af631650ceeee5c3cb6442e6c0b27 |
| SHA512 | 66222ff1ed7aea3de1a51257d2b083b4296ba0a82ffdd64cae9570c227bcf1213178111494fa955c83e1b450f508b1fc5500b3ed61a39add6e3df20df191bffb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 43a750062dc7070e684d6ac9bb73fe16 |
| SHA1 | 3bec45c7a81f156e636e900cc578a4f4f9ca4571 |
| SHA256 | 07e9d370ecd619cba7db15781465c6bf4207ef6abd39f106fa7a8147c1841429 |
| SHA512 | f261a4914aa9f60148c070f51531f23c1507300fcdd57ab424687ae6c74dd0503e000af199292af795286b0b7ec40ec66cb89b473192b7d818bb988152ead10b |