Analysis Overview
SHA256
fa4e6545f776160094004f3bfc1c9e199ec43e22870b1674b48ecc9a80ec71fb
Threat Level: Known bad
The file XWorm V5.2.rar was found to be: Known bad.
Malicious Activity Summary
AgentTesla
Stormkitty family
AgentTesla payload
Agenttesla family
Contains code to disable Windows Defender
StormKitty payload
AgentTesla payload
Downloads MZ/PE file
Checks computer location settings
Loads dropped DLL
Executes dropped EXE
Obfuscated with Agile.Net obfuscator
Adds Run key to start application
Checks installed software on the system
Drops file in Windows directory
Drops file in Program Files directory
Unsigned PE
Program crash
Enumerates physical storage devices
Suspicious behavior: GetForegroundWindowSpam
Uses Volume Shadow Copy service COM API
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Kills process with taskkill
Modifies registry class
NTFS ADS
Uses Volume Shadow Copy WMI provider
Suspicious behavior: EnumeratesProcesses
Uses Task Scheduler COM API
Modifies Internet Explorer settings
Enumerates system info in registry
Checks processor information in registry
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Modifies data under HKEY_USERS
Modifies registry key
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-05-16 12:47
Signatures
AgentTesla payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Agenttesla family
Contains code to disable Windows Defender
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
StormKitty payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Stormkitty family
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-16 12:47
Reported
2024-05-16 13:08
Platform
win7-20240220-en
Max time kernel
1196s
Max time network
1203s
Command Line
Signatures
AgentTesla
AgentTesla payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Run\Skype for Desktop = "C:\\Program Files (x86)\\Microsoft\\Skype for Desktop\\Skype.exe" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe" | C:\Users\Admin\Desktop\XWorm V5.2\XWorm V5.2.exe | N/A |
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Microsoft\Skype for Desktop\ucrtbase.dll | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File created | C:\Program Files (x86)\Microsoft\Skype for Desktop\is-OD3FO.tmp | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File created | C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\linux\is-UP82P.tmp | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File created | C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\linux\is-UV15I.tmp | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Skype for Desktop\libGLESv2.dll | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File created | C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-9FFK7.tmp | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File created | C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-KOAVR.tmp | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File created | C:\Program Files (x86)\Microsoft\Skype for Desktop\is-USVA4.tmp | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File created | C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\mac\is-GUT3C.tmp | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File created | C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\presence\is-9L328.tmp | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Skype for Desktop\unins000.dat | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-sysinfo-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File created | C:\Program Files (x86)\Microsoft\Skype for Desktop\is-5L4D4.tmp | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File created | C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-440EB.tmp | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Skype for Desktop\API-MS-Win-core-xstate-l2-1-0.dll | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Skype for Desktop\SkypeContext.dll | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File created | C:\Program Files (x86)\Microsoft\Skype for Desktop\is-I0NF2.tmp | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File created | C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\linux\is-ACBFP.tmp | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\ssScreenVVS2.dll | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-processenvironment-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File created | C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-55EKV.tmp | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File created | C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\linux\is-PV4VC.tmp | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File created | C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\is-BIF35.tmp | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-file-l2-1-0.dll | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\RtmPal.dll | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File created | C:\Program Files (x86)\Microsoft\Skype for Desktop\is-PKSVI.tmp | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File created | C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-1FINM.tmp | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File created | C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\is-30Q23.tmp | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-crt-filesystem-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-console-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File created | C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\win\is-T8TQA.tmp | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File created | C:\Program Files (x86)\Microsoft\Skype for Desktop\is-8POOQ.tmp | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File created | C:\Program Files (x86)\Microsoft\Skype for Desktop\is-AV320.tmp | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File created | C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\mac\is-M3GA2.tmp | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File created | C:\Program Files (x86)\Microsoft\Skype for Desktop\unins000.msg | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-crt-string-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File created | C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-LUTN2.tmp | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File created | C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-G2HPJ.tmp | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File created | C:\Program Files (x86)\Microsoft\Skype for Desktop\is-VCS1F.tmp | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File created | C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-NMSJE.tmp | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File created | C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\win\is-94MGB.tmp | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File created | C:\Program Files (x86)\Microsoft\Skype for Desktop\is-6ETRS.tmp | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File created | C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-GJL7B.tmp | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File created | C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-OVCNR.tmp | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-crt-conio-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File created | C:\Program Files (x86)\Microsoft\Skype for Desktop\is-N20V9.tmp | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File created | C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\presence\is-HRJN6.tmp | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File created | C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-1EMCO.tmp | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-util-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File created | C:\Program Files (x86)\Microsoft\Skype for Desktop\is-Q9N6U.tmp | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File created | C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-62DUH.tmp | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File created | C:\Program Files (x86)\Microsoft\Skype for Desktop\is-IK864.tmp | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File created | C:\Program Files (x86)\Microsoft\Skype for Desktop\is-23D86.tmp | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File created | C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-TC6Q1.tmp | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File created | C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-OV15N.tmp | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-heap-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-core-libraryloader-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-crt-heap-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File created | C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\images\tray\linux\is-TFFOB.tmp | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File created | C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\modules\is-ID9KR.tmp | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File created | C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-KG45U.tmp | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File created | C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-AKDM3.tmp | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File created | C:\Program Files (x86)\Microsoft\Skype for Desktop\locales\is-UILLT.tmp | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Skype for Desktop\api-ms-win-crt-utility-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\WindowsUpdate.log | F:\e2acade7bf9a62aeaebc2f\Setup.exe | N/A |
| File opened for modification | C:\Windows\WindowsUpdate.log | F:\e2acade7bf9a62aeaebc2f\SetupUtility.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Desktop\XWorm V5.2\._cache_XWormLoader 5.2 x32.exe |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString | C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | F:\e2acade7bf9a62aeaebc2f\Setup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | F:\e2acade7bf9a62aeaebc2f\Setup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz | C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 | C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 | C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\Desktop\XWorm V5.2\._cache_XWorm V5.2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\Desktop\XWorm V5.2\._cache_XWorm V5.2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion | C:\Users\Admin\Desktop\XWorm V5.2\._cache_XWorm V5.2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Desktop\XWorm V5.2\._cache_Synaptics.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion | C:\Users\Admin\Desktop\XWorm V5.2\._cache_Synaptics.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion | C:\Users\Admin\Desktop\XWorm V5.2\._cache_XWorm V5.2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Desktop\XWorm V5.2\._cache_XWorm V5.2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\Desktop\XWorm V5.2\._cache_Synaptics.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\Desktop\XWorm V5.2\._cache_XWorm V5.2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{072E15D9-1383-11EF-A3F8-62949D229D16} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\UpgradeTime = 90f63f678fa7da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\Version = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C627CB79-1383-11EF-A3F8-62949D229D16} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{165AD9D9-1383-11EF-A3F8-62949D229D16} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000abb8596cc50c0546bfda6658dcffc2330000000002000000000010660000000100002000000077f64b43fdba92e71c4e1353e1811796b251e1b15c7697921f0235abd61edd13000000000e8000000002000020000000f62432d78aaae15249da2cdfe9d14993b214ed8e999e0859300e148a9155f4b020000000e18ceac2b46bccec98c13d661d93c1541f041c7a8f43f6d9f40b92252e1e60c040000000249003c31225aafd207cdd482d11e8d116c721347cd3204dcdc4b283320f5f959e82632537a750b67729e6cc7e8724eebb1e66978ff0f4a552b6c503441f17b4 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\skype-meetnow\URL Protocol | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\skype\URL Protocol | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\tel\URL Protocol | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\SkypeURL | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\SkypeURL\DefaultIcon\ = "\"C:\\Program Files (x86)\\Microsoft\\Skype for Desktop\\Skype.exe\"" | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\SkypeURL | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\SkypeURL\shell | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\SkypeURL\shell\open | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\SkypeURL\shell\open\command | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\ShareWithSkype | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\SkypeURL\shell\open\command\ = "\"C:\\Program Files (x86)\\Microsoft\\Skype for Desktop\\Skype.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\skype\ = "URL:skype" | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\callto\ = "URL:callto" | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\skype | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\tel\ = "URL:tel" | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\ShareWithSkype\ | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\ShareWithSkype\icon = "C:\\Program Files (x86)\\Microsoft\\Skype for Desktop\\Skype.exe" | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\ShareWithSkype\MUIVerb = "@C:\\Program Files (x86)\\Microsoft\\Skype for Desktop\\SkypeContext.dll,-101" | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\SkypeURL\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\SkypeURL\shell\open\command | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\callto | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\skype-meetnow\ = "URL:skype-meetnow" | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\callto\URL Protocol | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\ShareWithSkype\command | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\ShareWithSkype\command\ = "\"C:\\Program Files (x86)\\Microsoft\\Skype for Desktop\\Skype.exe\" --share-file=\"%V\"" | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\skype-meetnow | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\tel | C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\Skype-8.119.0.201.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\avast_one_free_antivirus(1).exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\avast_one_free_antivirus(2).exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2.rar"
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2.rar"
C:\Users\Admin\Desktop\XWorm V5.2\XWorm V5.2.exe
"C:\Users\Admin\Desktop\XWorm V5.2\XWorm V5.2.exe"
C:\Users\Admin\Desktop\XWorm V5.2\._cache_XWorm V5.2.exe
"C:\Users\Admin\Desktop\XWorm V5.2\._cache_XWorm V5.2.exe"
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Users\Admin\Desktop\XWorm V5.2\._cache_Synaptics.exe
"C:\Users\Admin\Desktop\XWorm V5.2\._cache_Synaptics.exe" InjUpdate
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://t.me/XCoderTools
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2608 CREDAT:275457 /prefetch:2
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://t.me/XCoderTools
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:300 CREDAT:275457 /prefetch:2
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://t.me/XCoderTools
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2132 CREDAT:275457 /prefetch:2
C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe
"C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch&plcid=0x409&o1=.NETFramework,Version=v4.8&processName=XWormLoader 5.2 x64.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1728 CREDAT:275457 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5a09758,0x7fef5a09768,0x7fef5a09778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1120 --field-trial-handle=1292,i,13104212106738343354,10862040526943913725,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1292,i,13104212106738343354,10862040526943913725,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1588 --field-trial-handle=1292,i,13104212106738343354,10862040526943913725,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2296 --field-trial-handle=1292,i,13104212106738343354,10862040526943913725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2324 --field-trial-handle=1292,i,13104212106738343354,10862040526943913725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1408 --field-trial-handle=1292,i,13104212106738343354,10862040526943913725,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1360 --field-trial-handle=1292,i,13104212106738343354,10862040526943913725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3428 --field-trial-handle=1292,i,13104212106738343354,10862040526943913725,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3592 --field-trial-handle=1292,i,13104212106738343354,10862040526943913725,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3608 --field-trial-handle=1292,i,13104212106738343354,10862040526943913725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3456 --field-trial-handle=1292,i,13104212106738343354,10862040526943913725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3472 --field-trial-handle=1292,i,13104212106738343354,10862040526943913725,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3612 --field-trial-handle=1292,i,13104212106738343354,10862040526943913725,131072 /prefetch:1
C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe
"C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2112 --field-trial-handle=1292,i,13104212106738343354,10862040526943913725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3648 --field-trial-handle=1292,i,13104212106738343354,10862040526943913725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=776 --field-trial-handle=1292,i,13104212106738343354,10862040526943913725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3692 --field-trial-handle=1292,i,13104212106738343354,10862040526943913725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=1944 --field-trial-handle=1292,i,13104212106738343354,10862040526943913725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2716 --field-trial-handle=1292,i,13104212106738343354,10862040526943913725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3672 --field-trial-handle=1292,i,13104212106738343354,10862040526943913725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=1280 --field-trial-handle=1292,i,13104212106738343354,10862040526943913725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3600 --field-trial-handle=1292,i,13104212106738343354,10862040526943913725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3692 --field-trial-handle=1292,i,13104212106738343354,10862040526943913725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=1204 --field-trial-handle=1292,i,13104212106738343354,10862040526943913725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4064 --field-trial-handle=1292,i,13104212106738343354,10862040526943913725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=3472 --field-trial-handle=1292,i,13104212106738343354,10862040526943913725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=3216 --field-trial-handle=1292,i,13104212106738343354,10862040526943913725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=3736 --field-trial-handle=1292,i,13104212106738343354,10862040526943913725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=3768 --field-trial-handle=1292,i,13104212106738343354,10862040526943913725,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3716 --field-trial-handle=1292,i,13104212106738343354,10862040526943913725,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3728 --field-trial-handle=1292,i,13104212106738343354,10862040526943913725,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4224 --field-trial-handle=1292,i,13104212106738343354,10862040526943913725,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2836 --field-trial-handle=1292,i,13104212106738343354,10862040526943913725,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3976 --field-trial-handle=1292,i,13104212106738343354,10862040526943913725,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3596 --field-trial-handle=1292,i,13104212106738343354,10862040526943913725,131072 /prefetch:8
C:\Users\Admin\Downloads\ndp48-x86-x64-allos-enu.exe
"C:\Users\Admin\Downloads\ndp48-x86-x64-allos-enu.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1940 --field-trial-handle=1292,i,13104212106738343354,10862040526943913725,131072 /prefetch:8
F:\e2acade7bf9a62aeaebc2f\Setup.exe
F:\e2acade7bf9a62aeaebc2f\\Setup.exe /x86 /x64 /redist
F:\e2acade7bf9a62aeaebc2f\SetupUtility.exe
SetupUtility.exe /aupause
C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe
"C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch&plcid=0x409&o1=.NETFramework,Version=v4.8&processName=XWormLoader 5.2 x64.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1772 CREDAT:275457 /prefetch:2
C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x32.exe
"C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x32.exe"
C:\Users\Admin\Desktop\XWorm V5.2\._cache_XWormLoader 5.2 x32.exe
"C:\Users\Admin\Desktop\XWorm V5.2\._cache_XWormLoader 5.2 x32.exe"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "4891988862136017521468827628941387891-410656731-482429752-765304601373655979"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 708
C:\Users\Admin\Desktop\XWorm V5.2\XWorm V5.2.exe
"C:\Users\Admin\Desktop\XWorm V5.2\XWorm V5.2.exe"
C:\Users\Admin\Desktop\XWorm V5.2\._cache_XWorm V5.2.exe
"C:\Users\Admin\Desktop\XWorm V5.2\._cache_XWorm V5.2.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://t.me/XCoderTools
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1660 CREDAT:275457 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1660 CREDAT:209927 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1660 CREDAT:603151 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1660 CREDAT:734222 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1660 CREDAT:668702 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1660 CREDAT:2831381 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1660 CREDAT:2176021 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1660 CREDAT:3290142 /prefetch:2
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://t.me/XCoderTools
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5a09758,0x7fef5a09768,0x7fef5a09778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1328,i,17373911837189714440,8285197714103792285,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1328,i,17373911837189714440,8285197714103792285,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1596 --field-trial-handle=1328,i,17373911837189714440,8285197714103792285,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2172 --field-trial-handle=1328,i,17373911837189714440,8285197714103792285,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2180 --field-trial-handle=1328,i,17373911837189714440,8285197714103792285,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1524 --field-trial-handle=1328,i,17373911837189714440,8285197714103792285,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1348 --field-trial-handle=1328,i,17373911837189714440,8285197714103792285,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3436 --field-trial-handle=1328,i,17373911837189714440,8285197714103792285,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3588 --field-trial-handle=1328,i,17373911837189714440,8285197714103792285,131072 /prefetch:8
C:\Windows\System32\control.exe
"C:\Windows\System32\control.exe" SYSTEM
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2616 --field-trial-handle=1328,i,17373911837189714440,8285197714103792285,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2336 --field-trial-handle=1328,i,17373911837189714440,8285197714103792285,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2232 --field-trial-handle=1328,i,17373911837189714440,8285197714103792285,131072 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1740.0.2139292313\1247043150" -parentBuildID 20221007134813 -prefsHandle 1228 -prefMapHandle 1220 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {85365adb-ccb9-4cb9-b921-674eacf3988f} 1740 "\\.\pipe\gecko-crash-server-pipe.1740" 1292 111d6958 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1740.1.509806403\593974200" -parentBuildID 20221007134813 -prefsHandle 1484 -prefMapHandle 1480 -prefsLen 20830 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e06e9cdb-b66b-4265-a12c-a5cc89e931ce} 1740 "\\.\pipe\gecko-crash-server-pipe.1740" 1496 e72b58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1740.2.310255101\199962175" -childID 1 -isForBrowser -prefsHandle 2084 -prefMapHandle 1920 -prefsLen 20868 -prefMapSize 233444 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bbf0d60e-2f1c-484a-bca5-ca9358263c9c} 1740 "\\.\pipe\gecko-crash-server-pipe.1740" 1956 1a16f558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1740.3.933067721\448402005" -childID 2 -isForBrowser -prefsHandle 800 -prefMapHandle 1660 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd025dec-8312-4be0-bf2f-29214e4e5d66} 1740 "\\.\pipe\gecko-crash-server-pipe.1740" 2308 e65c58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1740.4.420071037\943574057" -childID 3 -isForBrowser -prefsHandle 2808 -prefMapHandle 2804 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e95e295a-127f-49e0-848b-442089f6e4c9} 1740 "\\.\pipe\gecko-crash-server-pipe.1740" 2820 e5b258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1740.5.1348998070\2109834491" -childID 4 -isForBrowser -prefsHandle 3712 -prefMapHandle 3772 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2cfa1af9-1d5c-4f88-8eee-75fc8cb03894} 1740 "\\.\pipe\gecko-crash-server-pipe.1740" 3776 e62858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1740.6.830034595\2085488502" -childID 5 -isForBrowser -prefsHandle 3920 -prefMapHandle 3924 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0631a192-426f-4d54-9368-73ac34676147} 1740 "\\.\pipe\gecko-crash-server-pipe.1740" 3912 1e3d1358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1740.7.1014843709\1666108763" -childID 6 -isForBrowser -prefsHandle 4100 -prefMapHandle 4104 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6e7ecd3-12c7-4924-9828-04e7b836250c} 1740 "\\.\pipe\gecko-crash-server-pipe.1740" 4088 1ece0258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1740.8.407519118\695492032" -childID 7 -isForBrowser -prefsHandle 4412 -prefMapHandle 4416 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8067d340-b4f7-429a-b307-7ecfc5fec04d} 1740 "\\.\pipe\gecko-crash-server-pipe.1740" 4392 2206e558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1740.9.1293749152\753313322" -parentBuildID 20221007134813 -prefsHandle 3880 -prefMapHandle 3888 -prefsLen 26691 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b6d09a1-3cf7-471a-8920-c429d7ba9b72} 1740 "\\.\pipe\gecko-crash-server-pipe.1740" 3832 1e023258 rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1740.10.1091320513\1087872037" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 3748 -prefMapHandle 3744 -prefsLen 26691 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e29a170-aab8-4e7c-b3d3-d0fbfcc58f09} 1740 "\\.\pipe\gecko-crash-server-pipe.1740" 3696 1e3d2558 utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1740.11.445384206\378654599" -childID 8 -isForBrowser -prefsHandle 4652 -prefMapHandle 4648 -prefsLen 26691 -prefMapSize 233444 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aac911ad-bd5f-413b-bc7b-e510f68bf38c} 1740 "\\.\pipe\gecko-crash-server-pipe.1740" 4664 22072858 tab
C:\Users\Admin\Downloads\Skype-8.119.0.201.exe
"C:\Users\Admin\Downloads\Skype-8.119.0.201.exe"
C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp
"C:\Users\Admin\AppData\Local\Temp\is-7A9AC.tmp\Skype-8.119.0.201.tmp" /SL5="$40334,89112581,404480,C:\Users\Admin\Downloads\Skype-8.119.0.201.exe"
C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im Skype.exe
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1740.12.1711618072\2070101618" -childID 9 -isForBrowser -prefsHandle 5184 -prefMapHandle 5428 -prefsLen 26787 -prefMapSize 233444 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa7b96df-70e7-4c73-bd72-08d709072a11} 1740 "\\.\pipe\gecko-crash-server-pipe.1740" 5452 23f29e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1740.13.1059824630\1939871101" -childID 10 -isForBrowser -prefsHandle 4212 -prefMapHandle 1076 -prefsLen 26787 -prefMapSize 233444 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6dd1d5a8-562a-4276-ad92-d497df9323eb} 1740 "\\.\pipe\gecko-crash-server-pipe.1740" 4224 269fbf58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1740.14.786907266\995271111" -childID 11 -isForBrowser -prefsHandle 9340 -prefMapHandle 9344 -prefsLen 26787 -prefMapSize 233444 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {234510be-71c0-435d-8cde-12a1e78b5dff} 1740 "\\.\pipe\gecko-crash-server-pipe.1740" 9328 24c3ae58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1740.15.1152651268\1801023401" -childID 12 -isForBrowser -prefsHandle 9208 -prefMapHandle 9204 -prefsLen 26787 -prefMapSize 233444 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8ff71ca-4ed6-4a4c-bb23-072e9b1708b2} 1740 "\\.\pipe\gecko-crash-server-pipe.1740" 9224 24c37858 tab
C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
"C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe"
C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
"C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop" /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop\Crashpad" --url=appcenter://generic?aid=a7417433-29d9-4bc0-8826-af367733939d&iid=384299fc-862f-4e14-7377-9d532abfa2ee&uid=384299fc-862f-4e14-7377-9d532abfa2ee --annotation=IsOfficialBuild=1 --annotation=_companyName=Skype --annotation=_productName=skype-preview --annotation=_version=8.119.0.201 "--annotation=exe=C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --annotation=plat=Win32 --annotation=prod=Electron --annotation=ver=19.1.8 --initial-client-data=0x34c,0x350,0x354,0x348,0x358,0x73fd2d8,0x73fd2e8,0x73fd2f4
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1740.16.2005946863\1022771798" -childID 13 -isForBrowser -prefsHandle 9180 -prefMapHandle 3812 -prefsLen 26787 -prefMapSize 233444 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef6c68e3-6b2b-4e1a-84e1-866a757616e0} 1740 "\\.\pipe\gecko-crash-server-pipe.1740" 9248 251e1058 tab
C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
"C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1308 --field-trial-handle=1332,i,4639656030665209120,633364354520873850,131072 --enable-features=WinUseBrowserSpellChecker,WinUseHybridSpellChecker,WinrtGeolocationImplementation --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
"C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop" --mojo-platform-channel-handle=1536 --field-trial-handle=1332,i,4639656030665209120,633364354520873850,131072 --enable-features=WinUseBrowserSpellChecker,WinUseHybridSpellChecker,WinrtGeolocationImplementation --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Windows\SysWOW64\reg.exe
C:\Windows\system32\reg.exe ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "Skype for Desktop" /t REG_SZ /d "C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" /f
C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
"C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop" --app-user-model-id=Microsoft.Skype.SkypeDesktop --app-path="C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --ms-disable-indexeddb-transaction-timeout --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1832 --field-trial-handle=1332,i,4639656030665209120,633364354520873850,131072 --enable-features=WinUseBrowserSpellChecker,WinUseHybridSpellChecker,WinrtGeolocationImplementation --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --skype-process-type=Main --skype-window-id=__MAIN_ROOT_VIEW_ID__ /prefetch:1
C:\Windows\SysWOW64\reg.exe
C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Skype /v RestartForUpdate
C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
"C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1300 --field-trial-handle=1332,i,4639656030665209120,633364354520873850,131072 --enable-features=WinUseBrowserSpellChecker,WinUseHybridSpellChecker,WinrtGeolocationImplementation --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Windows\SysWOW64\reg.exe
C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "Skype For Desktop"
C:\Windows\SysWOW64\reg.exe
C:\Windows\system32\reg.exe QUERY HKCU\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\tel\UserChoice /v ProgId
C:\Windows\SysWOW64\reg.exe
C:\Windows\system32\reg.exe QUERY HKCR\\Application /v ApplicationName
C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
"C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop" --app-user-model-id=Microsoft.Skype.SkypeDesktop --app-path="C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar" --no-sandbox --no-zygote --enable-blink-features --disable-blink-features --autoplay-policy=no-user-gesture-required --disable-background-timer-throttling --ms-disable-indexeddb-transaction-timeout --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2480 --field-trial-handle=1332,i,4639656030665209120,633364354520873850,131072 --enable-features=WinUseBrowserSpellChecker,WinUseHybridSpellChecker,WinrtGeolocationImplementation --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Users\Admin\Downloads\avast_one_free_antivirus(2).exe
"C:\Users\Admin\Downloads\avast_one_free_antivirus(2).exe"
C:\Users\Admin\Downloads\._cache_avast_one_free_antivirus(2).exe
"C:\Users\Admin\Downloads\._cache_avast_one_free_antivirus(2).exe"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 4544 -s 624
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | xred.mooo.com | udp |
| US | 8.8.8.8:53 | freedns.afraid.org | udp |
| US | 69.42.215.252:80 | freedns.afraid.org | tcp |
| US | 8.8.8.8:53 | t.me | udp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| US | 8.8.8.8:53 | docs.google.com | udp |
| GB | 142.250.200.14:443 | docs.google.com | tcp |
| US | 8.8.8.8:53 | drive.usercontent.google.com | udp |
| GB | 142.250.179.225:443 | drive.usercontent.google.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | api.bing.com | udp |
| US | 13.107.5.80:80 | api.bing.com | tcp |
| US | 13.107.5.80:80 | api.bing.com | tcp |
| US | 13.107.5.80:80 | api.bing.com | tcp |
| US | 13.107.5.80:80 | api.bing.com | tcp |
| BE | 88.221.83.226:80 | www.bing.com | tcp |
| BE | 88.221.83.226:80 | www.bing.com | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| BE | 88.221.83.226:80 | th.bing.com | tcp |
| BE | 88.221.83.226:80 | th.bing.com | tcp |
| BE | 88.221.83.226:80 | th.bing.com | tcp |
| BE | 88.221.83.226:80 | th.bing.com | tcp |
| BE | 88.221.83.241:443 | th.bing.com | tcp |
| BE | 88.221.83.241:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| FR | 20.190.177.83:443 | login.microsoftonline.com | tcp |
| FR | 20.190.177.83:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | a4.bing.com | udp |
| BE | 88.221.83.224:80 | a4.bing.com | tcp |
| BE | 88.221.83.224:80 | a4.bing.com | tcp |
| BE | 88.221.83.226:80 | a4.bing.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 88.221.83.226:80 | a4.bing.com | tcp |
| BE | 88.221.83.226:80 | a4.bing.com | tcp |
| BE | 88.221.83.226:80 | a4.bing.com | tcp |
| BE | 88.221.83.226:80 | a4.bing.com | tcp |
| BE | 88.221.83.226:80 | a4.bing.com | tcp |
| BE | 88.221.83.226:443 | a4.bing.com | tcp |
| BE | 88.221.83.241:443 | th.bing.com | tcp |
| BE | 88.221.83.241:443 | th.bing.com | tcp |
| BE | 88.221.83.226:443 | a4.bing.com | tcp |
| BE | 88.221.83.241:443 | th.bing.com | tcp |
| BE | 88.221.83.241:443 | th.bing.com | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| FR | 142.250.178.142:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 172.217.20.174:443 | play.google.com | tcp |
| GB | 216.58.212.195:80 | www.gstatic.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | dotnet.microsoft.com | udp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| FR | 172.217.20.174:443 | play.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| FR | 142.250.179.78:443 | consent.google.com | tcp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 8.8.8.8:53 | support.microsoft.com | udp |
| CZ | 2.19.216.145:443 | support.microsoft.com | tcp |
| CZ | 2.19.216.145:443 | support.microsoft.com | tcp |
| CZ | 2.19.216.145:443 | support.microsoft.com | tcp |
| CZ | 2.19.216.145:443 | support.microsoft.com | tcp |
| CZ | 2.19.216.145:443 | support.microsoft.com | tcp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| AU | 104.46.162.227:443 | browser.events.data.microsoft.com | tcp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 8.8.8.8:53 | mem.gfx.ms | udp |
| CZ | 2.19.217.218:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| SE | 23.34.233.128:443 | c.s-microsoft.com | tcp |
| US | 13.107.253.64:443 | mem.gfx.ms | tcp |
| NL | 40.126.32.72:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| CZ | 2.19.217.218:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| FR | 142.250.179.74:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | aadcdn.msauth.net | udp |
| US | 8.8.8.8:53 | aadcdn.msftauth.net | udp |
| US | 13.107.253.64:443 | aadcdn.msauth.net | tcp |
| AU | 104.46.162.227:443 | browser.events.data.microsoft.com | tcp |
| AU | 104.46.162.227:443 | browser.events.data.microsoft.com | tcp |
| AU | 104.46.162.227:443 | browser.events.data.microsoft.com | tcp |
| AU | 104.46.162.227:443 | browser.events.data.microsoft.com | tcp |
| CZ | 2.19.217.218:443 | www.microsoft.com | tcp |
| SE | 23.34.233.128:443 | c.s-microsoft.com | tcp |
| CZ | 2.19.217.218:443 | www.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.253.64:443 | aadcdn.msauth.net | tcp |
| AU | 104.46.162.227:443 | browser.events.data.microsoft.com | tcp |
| US | 13.107.253.64:443 | aadcdn.msauth.net | tcp |
| AU | 104.46.162.227:443 | browser.events.data.microsoft.com | tcp |
| AU | 104.46.162.227:443 | browser.events.data.microsoft.com | tcp |
| AU | 104.46.162.227:443 | browser.events.data.microsoft.com | tcp |
| AU | 104.46.162.227:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | support.content.office.net | udp |
| NL | 23.38.21.64:443 | support.content.office.net | tcp |
| NL | 23.38.21.64:443 | support.content.office.net | tcp |
| NL | 23.38.21.64:443 | support.content.office.net | tcp |
| NL | 23.38.21.64:443 | support.content.office.net | tcp |
| AU | 104.46.162.227:443 | browser.events.data.microsoft.com | tcp |
| AU | 104.46.162.227:443 | browser.events.data.microsoft.com | tcp |
| AU | 104.46.162.227:443 | browser.events.data.microsoft.com | tcp |
| AU | 104.46.162.227:443 | browser.events.data.microsoft.com | tcp |
| AU | 104.46.162.227:443 | browser.events.data.microsoft.com | tcp |
| AU | 104.46.162.227:443 | browser.events.data.microsoft.com | tcp |
| AU | 104.46.162.227:443 | browser.events.data.microsoft.com | tcp |
| AU | 104.46.162.227:443 | browser.events.data.microsoft.com | tcp |
| AU | 104.46.162.227:443 | browser.events.data.microsoft.com | tcp |
| AU | 104.46.162.227:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | dotnet.microsoft.com | udp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| CZ | 2.19.217.218:443 | www.microsoft.com | tcp |
| CZ | 2.19.217.218:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | microsoftmscompoc.tt.omtrdc.net | udp |
| US | 8.8.8.8:53 | target.microsoft.com | udp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 8.8.8.8:53 | w.usabilla.com | udp |
| IE | 52.49.113.86:443 | w.usabilla.com | tcp |
| US | 8.8.8.8:53 | westus2-0.in.applicationinsights.azure.com | udp |
| US | 20.9.155.145:443 | westus2-0.in.applicationinsights.azure.com | tcp |
| US | 8.8.8.8:53 | d6tizftlrpuof.cloudfront.net | udp |
| GB | 3.162.19.12:443 | d6tizftlrpuof.cloudfront.net | tcp |
| CZ | 2.19.216.145:443 | support.microsoft.com | tcp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| CZ | 2.19.217.218:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| CZ | 2.19.216.145:443 | support.microsoft.com | tcp |
| CZ | 2.19.216.145:443 | support.microsoft.com | tcp |
| CZ | 2.19.217.218:443 | www.microsoft.com | tcp |
| AU | 104.46.162.227:443 | browser.events.data.microsoft.com | tcp |
| SE | 23.34.233.128:443 | c.s-microsoft.com | tcp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 13.107.253.64:443 | aadcdn.msauth.net | tcp |
| NL | 40.126.32.72:443 | login.microsoftonline.com | tcp |
| CZ | 2.19.217.218:443 | www.microsoft.com | tcp |
| US | 13.107.253.64:443 | aadcdn.msauth.net | tcp |
| AU | 104.46.162.227:443 | browser.events.data.microsoft.com | tcp |
| AU | 104.46.162.227:443 | browser.events.data.microsoft.com | tcp |
| AU | 104.46.162.227:443 | browser.events.data.microsoft.com | tcp |
| AU | 104.46.162.227:443 | browser.events.data.microsoft.com | tcp |
| AU | 104.46.162.227:443 | browser.events.data.microsoft.com | tcp |
| AU | 104.46.162.227:443 | browser.events.data.microsoft.com | tcp |
| AU | 104.46.162.227:443 | browser.events.data.microsoft.com | tcp |
| AU | 104.46.162.227:443 | browser.events.data.microsoft.com | tcp |
| AU | 104.46.162.227:443 | browser.events.data.microsoft.com | tcp |
| AU | 104.46.162.227:443 | browser.events.data.microsoft.com | tcp |
| AU | 104.46.162.227:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | download.visualstudio.microsoft.com | udp |
| FR | 68.232.34.200:443 | download.visualstudio.microsoft.com | tcp |
| AU | 104.46.162.227:443 | browser.events.data.microsoft.com | tcp |
| AU | 104.46.162.227:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 20.42.65.94:443 | browser.events.data.microsoft.com | tcp |
| US | 20.42.65.94:443 | browser.events.data.microsoft.com | tcp |
| GB | 216.58.212.195:80 | www.gstatic.com | tcp |
| US | 20.42.65.94:443 | browser.events.data.microsoft.com | tcp |
| US | 20.42.65.94:443 | browser.events.data.microsoft.com | tcp |
| US | 20.42.65.94:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| GB | 51.132.193.105:443 | browser.events.data.microsoft.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | e2c4.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| JP | 34.97.161.128:443 | e2c4.gcp.gvt2.com | tcp |
| GB | 172.217.169.3:443 | beacons.gvt2.com | tcp |
| GB | 172.217.169.3:443 | beacons.gvt2.com | udp |
| JP | 34.97.161.128:443 | e2c4.gcp.gvt2.com | tcp |
| GB | 51.132.193.105:443 | browser.events.data.microsoft.com | tcp |
| GB | 51.132.193.105:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| US | 2.18.190.71:80 | crl.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| CZ | 2.19.217.218:80 | www.microsoft.com | tcp |
| GB | 172.217.169.3:443 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 20.189.173.10:443 | browser.events.data.microsoft.com | tcp |
| US | 20.189.173.10:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | dotnet.microsoft.com | udp |
| US | 13.107.253.64:443 | dotnet.microsoft.com | tcp |
| US | 13.107.253.64:443 | dotnet.microsoft.com | tcp |
| US | 8.8.8.8:53 | t.me | udp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 172.217.20.174:443 | play.google.com | udp |
| FR | 172.217.20.174:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn1.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn3.gstatic.com | udp |
| FR | 142.250.179.110:443 | encrypted-tbn3.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn1.gstatic.com | tcp |
| FR | 142.250.179.74:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | www.skype.com | udp |
| US | 52.113.194.133:443 | www.skype.com | tcp |
| US | 52.113.194.133:443 | www.skype.com | tcp |
| FR | 216.58.214.163:80 | www.gstatic.com | tcp |
| US | 52.113.194.133:443 | www.skype.com | tcp |
| US | 52.113.194.133:443 | www.skype.com | tcp |
| US | 52.113.194.133:443 | www.skype.com | tcp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 8.8.8.8:53 | secure.skypeassets.com | udp |
| US | 8.8.8.8:53 | api.skype.com | udp |
| US | 8.8.8.8:53 | consumer.entitlement.skype.com | udp |
| US | 8.8.8.8:53 | swc.cdn.skype.com | udp |
| CZ | 104.64.127.197:443 | secure.skypeassets.com | tcp |
| CZ | 104.64.127.197:443 | secure.skypeassets.com | tcp |
| CZ | 104.64.127.197:443 | secure.skypeassets.com | tcp |
| CZ | 104.64.127.197:443 | secure.skypeassets.com | tcp |
| CZ | 104.64.127.197:443 | secure.skypeassets.com | tcp |
| CZ | 104.64.127.197:443 | secure.skypeassets.com | tcp |
| CZ | 104.64.127.197:443 | secure.skypeassets.com | tcp |
| US | 8.8.8.8:53 | edge.skype.com | udp |
| NL | 51.105.197.41:443 | api.skype.com | tcp |
| US | 8.8.8.8:53 | uhf.microsoft.com | udp |
| NL | 20.126.223.223:443 | consumer.entitlement.skype.com | tcp |
| US | 8.8.8.8:53 | browser.pipe.aria.microsoft.com | udp |
| US | 13.107.253.64:443 | js.monitor.azure.com | tcp |
| US | 13.107.3.128:443 | edge.skype.com | tcp |
| US | 8.8.8.8:53 | web.vortex.data.microsoft.com | udp |
| US | 13.89.178.27:443 | browser.pipe.aria.microsoft.com | tcp |
| NL | 23.38.20.239:443 | uhf.microsoft.com | tcp |
| US | 8.8.8.8:53 | a.lw.skype.com | udp |
| US | 52.113.194.133:443 | a.lw.skype.com | tcp |
| CZ | 104.64.127.197:443 | secure.skypeassets.com | tcp |
| CZ | 104.64.127.197:443 | secure.skypeassets.com | tcp |
| NL | 51.105.197.41:443 | api.skype.com | tcp |
| NL | 20.126.223.223:443 | consumer.entitlement.skype.com | tcp |
| US | 52.113.194.133:443 | a.lw.skype.com | tcp |
| US | 13.107.3.128:443 | edge.skype.com | tcp |
| NL | 23.38.20.239:443 | uhf.microsoft.com | tcp |
| CZ | 104.64.127.197:443 | secure.skypeassets.com | tcp |
| CZ | 104.64.127.197:443 | secure.skypeassets.com | tcp |
| CZ | 104.64.127.197:443 | secure.skypeassets.com | tcp |
| CZ | 104.64.127.197:443 | secure.skypeassets.com | tcp |
| CZ | 104.64.127.197:443 | secure.skypeassets.com | tcp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| CZ | 104.64.127.197:443 | secure.skypeassets.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| CZ | 104.64.127.197:443 | secure.skypeassets.com | tcp |
| CZ | 104.64.127.197:443 | secure.skypeassets.com | tcp |
| CZ | 104.64.127.197:443 | secure.skypeassets.com | tcp |
| CZ | 104.64.127.197:443 | secure.skypeassets.com | tcp |
| CZ | 104.64.127.197:443 | secure.skypeassets.com | tcp |
| CZ | 104.64.127.197:443 | secure.skypeassets.com | tcp |
| CZ | 104.64.127.197:443 | secure.skypeassets.com | tcp |
| CZ | 104.64.127.197:443 | secure.skypeassets.com | tcp |
| CZ | 104.64.127.197:443 | secure.skypeassets.com | tcp |
| CZ | 104.64.127.197:443 | secure.skypeassets.com | tcp |
| CZ | 104.64.127.197:443 | secure.skypeassets.com | tcp |
| CZ | 104.64.127.197:443 | secure.skypeassets.com | tcp |
| CZ | 104.64.127.197:443 | secure.skypeassets.com | tcp |
| CZ | 104.64.127.197:443 | secure.skypeassets.com | tcp |
| CZ | 104.64.127.197:443 | secure.skypeassets.com | tcp |
| CZ | 104.64.127.197:443 | secure.skypeassets.com | tcp |
| CZ | 104.64.127.197:443 | secure.skypeassets.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 54.188.201.143:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn1.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn3.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn1.gstatic.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn3.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn3.gstatic.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn3.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn1.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn3.gstatic.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn3.gstatic.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn3.gstatic.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 172.217.20.174:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 172.217.20.174:443 | play.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| FR | 142.250.179.78:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| FR | 142.250.179.78:443 | consent.google.com | udp |
| US | 8.8.8.8:53 | www.skype.com | udp |
| US | 8.8.8.8:53 | www.skype.com | udp |
| US | 52.113.194.133:443 | www.skype.com | tcp |
| US | 8.8.8.8:53 | s-0006.s-msedge.net | udp |
| US | 52.113.194.133:443 | s-0006.s-msedge.net | tcp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| CZ | 104.64.127.197:443 | secure.skypeassets.com | tcp |
| US | 8.8.8.8:53 | e2782.b.akamaiedge.net | udp |
| CZ | 104.64.127.197:443 | e2782.b.akamaiedge.net | tcp |
| CZ | 104.64.127.197:443 | e2782.b.akamaiedge.net | tcp |
| CZ | 104.64.127.197:443 | e2782.b.akamaiedge.net | tcp |
| CZ | 104.64.127.197:443 | e2782.b.akamaiedge.net | tcp |
| CZ | 104.64.127.197:443 | e2782.b.akamaiedge.net | tcp |
| CZ | 104.64.127.197:443 | e2782.b.akamaiedge.net | tcp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | e2782.b.akamaiedge.net | udp |
| US | 8.8.8.8:53 | part-0036.t-0009.t-msedge.net | udp |
| US | 8.8.8.8:53 | part-0036.t-0009.t-msedge.net | udp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 8.8.8.8:53 | s-0006.s-msedge.net | udp |
| US | 8.8.8.8:53 | a.lw.skype.com | udp |
| US | 8.8.8.8:53 | a.lw.skype.com | udp |
| US | 52.113.194.133:443 | a.lw.skype.com | tcp |
| US | 8.8.8.8:53 | www.tm.v4.a.prd.aadg.trafficmanager.net | udp |
| US | 8.8.8.8:53 | www.tm.v4.a.prd.aadg.trafficmanager.net | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 8.8.8.8:53 | onedscolprdeus18.eastus.cloudapp.azure.com | udp |
| US | 20.42.73.30:443 | onedscolprdeus18.eastus.cloudapp.azure.com | tcp |
| US | 20.42.73.30:443 | onedscolprdeus18.eastus.cloudapp.azure.com | tcp |
| US | 8.8.8.8:53 | onedscolprdeus18.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | browser.pipe.aria.microsoft.com | udp |
| US | 52.182.143.214:443 | browser.pipe.aria.microsoft.com | tcp |
| US | 8.8.8.8:53 | onedscolprdcus19.centralus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | onedscolprdcus19.centralus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | edge.skype.com | udp |
| US | 8.8.8.8:53 | edge.skype.com | udp |
| US | 13.107.3.128:443 | edge.skype.com | tcp |
| US | 8.8.8.8:53 | s-0001.s-msedge.net | udp |
| US | 8.8.8.8:53 | s-0001.s-msedge.net | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 13.107.253.64:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | part-0036.t-0009.fb-t-msedge.net | udp |
| US | 8.8.8.8:53 | part-0036.t-0009.fb-t-msedge.net | udp |
| US | 8.8.8.8:53 | x.clarity.ms | udp |
| US | 8.8.8.8:53 | clarity-ingest-eus2-e-sc.eastus2.cloudapp.azure.com | udp |
| US | 20.114.190.119:443 | clarity-ingest-eus2-e-sc.eastus2.cloudapp.azure.com | tcp |
| US | 8.8.8.8:53 | clarity-ingest-eus2-e-sc.eastus2.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | browser.pipe.aria.microsoft.com | udp |
| US | 8.8.8.8:53 | onedscolprdeus18.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | onedscolprdwus04.westus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | onedscolprdwus04.westus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | go.skype.com | udp |
| US | 52.113.194.133:443 | go.skype.com | tcp |
| US | 8.8.8.8:53 | get.skype.com | udp |
| US | 52.113.194.133:443 | get.skype.com | tcp |
| US | 8.8.8.8:53 | download.skype.com | udp |
| US | 8.8.8.8:53 | e4707.dspg.akamaiedge.net | udp |
| SE | 23.34.232.137:443 | e4707.dspg.akamaiedge.net | tcp |
| US | 8.8.8.8:53 | e4707.dspg.akamaiedge.net | udp |
| US | 8.8.8.8:53 | part-0036.t-0009.fb-t-msedge.net | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 8.8.8.8:53 | browser.pipe.aria.microsoft.com | udp |
| US | 8.8.8.8:53 | onedscolprdwus01.westus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | onedscolprdwus01.westus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | onedscolprdeus20.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | onedscolprdeus20.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | x.clarity.ms | udp |
| US | 8.8.8.8:53 | clarity-ingest-eus2-e-sc.eastus2.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 8.8.8.8:53 | onedscolprdeus18.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | www.avast.com | udp |
| CZ | 104.64.116.3:443 | www.avast.com | tcp |
| US | 8.8.8.8:53 | e8647.dsca.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e8647.dsca.akamaiedge.net | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | static3.avast.com | udp |
| US | 8.8.8.8:53 | assets.adobedtm.com | udp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 104.19.177.52:443 | cdn.cookielaw.org | tcp |
| US | 104.19.177.52:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| CZ | 23.73.141.197:443 | static3.avast.com | tcp |
| CZ | 23.73.141.197:443 | static3.avast.com | tcp |
| CZ | 23.73.141.197:443 | static3.avast.com | tcp |
| CZ | 23.73.141.197:443 | static3.avast.com | tcp |
| CZ | 23.73.141.197:443 | static3.avast.com | tcp |
| CZ | 23.73.141.197:443 | static3.avast.com | tcp |
| SE | 23.34.232.228:443 | assets.adobedtm.com | tcp |
| US | 8.8.8.8:53 | e13074.dsca.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e7808.dscg.akamaiedge.net | udp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 8.8.8.8:53 | e7808.dscg.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e13074.dsca.akamaiedge.net | udp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 104.18.32.137:443 | geolocation.onetrust.com | tcp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 8.8.8.8:53 | dpm.demdex.net | udp |
| US | 8.8.8.8:53 | www.nortonlifelock.com | udp |
| IE | 52.19.228.126:443 | dpm.demdex.net | tcp |
| US | 8.8.8.8:53 | dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | e4117.dsca.akamaiedge.net | udp |
| BE | 23.55.96.68:443 | e4117.dsca.akamaiedge.net | tcp |
| US | 8.8.8.8:53 | e4117.dsca.akamaiedge.net | udp |
| US | 8.8.8.8:53 | dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | s.go-mpulse.net | udp |
| BE | 23.55.96.141:443 | s.go-mpulse.net | tcp |
| US | 8.8.8.8:53 | e4518.dscx.akamaiedge.net | udp |
| US | 8.8.8.8:53 | widget.trustpilot.com | udp |
| US | 8.8.8.8:53 | e4518.dscx.akamaiedge.net | udp |
| GB | 18.172.89.110:443 | widget.trustpilot.com | tcp |
| US | 8.8.8.8:53 | widget.trustpilot.com | udp |
| US | 8.8.8.8:53 | widget.trustpilot.com | udp |
| US | 8.8.8.8:53 | znb3hblkjhhpwrz9k-gendigital.siteintercept.qualtrics.com | udp |
| US | 8.8.8.8:53 | prodlb.siteintercept.qualtrics.com.cdn.cloudflare.net | udp |
| US | 104.17.209.240:443 | prodlb.siteintercept.qualtrics.com.cdn.cloudflare.net | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| US | 8.8.8.8:53 | prodlb.siteintercept.qualtrics.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | mstatic.avast.com | udp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | symantec.demdex.net | udp |
| US | 8.8.8.8:53 | cm.everesttech.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | static-cdn.hotjar.com | udp |
| US | 8.8.8.8:53 | mstatic.avast.com | udp |
| US | 8.8.8.8:53 | static-cdn.hotjar.com | udp |
| US | 8.8.8.8:53 | mstatic.avast.com | udp |
| NL | 20.50.2.44:443 | mstatic.avast.com | tcp |
| IE | 176.34.167.98:443 | symantec.demdex.net | tcp |
| US | 8.8.8.8:53 | oms.avast.com | udp |
| US | 8.8.8.8:53 | cm.everesttech.net.akadns.net | udp |
| US | 8.8.8.8:53 | cm.everesttech.net.akadns.net | udp |
| IE | 66.235.152.221:443 | oms.avast.com | tcp |
| US | 8.8.8.8:53 | cchridx27a.data.adobedc.net | udp |
| US | 8.8.8.8:53 | siteintercept.qualtrics.com | udp |
| US | 8.8.8.8:53 | c.go-mpulse.net | udp |
| US | 8.8.8.8:53 | cchridx27a.data.adobedc.net | udp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| US | 104.17.209.240:443 | siteintercept.qualtrics.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| CZ | 2.19.216.168:443 | c.go-mpulse.net | tcp |
| US | 8.8.8.8:53 | e4518.dscapi7.akamaiedge.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | e4518.dscapi7.akamaiedge.net | udp |
| CZ | 2.19.216.168:443 | e4518.dscapi7.akamaiedge.net | udp |
| GB | 18.165.160.39:443 | static-cdn.hotjar.com | tcp |
| IE | 52.18.190.199:443 | cm.everesttech.net.akadns.net | tcp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| US | 8.8.8.8:53 | trial-eum-clientnsv4-s.akamaihd.net | udp |
| US | 8.8.8.8:53 | trial-eum-clienttons-s.akamaihd.net | udp |
| GB | 3.162.20.60:443 | script.hotjar.com | tcp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| US | 2.18.190.75:443 | trial-eum-clientnsv4-s.akamaihd.net | tcp |
| US | 2.18.190.68:443 | trial-eum-clienttons-s.akamaihd.net | tcp |
| US | 8.8.8.8:53 | a248.b.akamai.net | udp |
| US | 8.8.8.8:53 | a1024.dscg.akamai.net | udp |
| US | 8.8.8.8:53 | a1024.dscg.akamai.net | udp |
| US | 8.8.8.8:53 | a248.b.akamai.net | udp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | x5s5cjycck7ewzsgamkq-p2ipy3-3e2ab4947-clientnsv4-s.akamaihd.net | udp |
| US | 8.8.8.8:53 | 191-101-209-39_s-2-18-190-68_ts-1715864341-clienttons-s.akamaihd.net | udp |
| US | 2.18.190.82:443 | x5s5cjycck7ewzsgamkq-p2ipy3-3e2ab4947-clientnsv4-s.akamaihd.net | tcp |
| US | 2.18.190.79:443 | 191-101-209-39_s-2-18-190-68_ts-1715864341-clienttons-s.akamaihd.net | tcp |
| US | 8.8.8.8:53 | 0217991c.akstat.io | udp |
| BE | 23.55.96.141:443 | 0217991c.akstat.io | tcp |
| BE | 23.55.96.141:443 | 0217991c.akstat.io | udp |
| US | 8.8.8.8:53 | 4711400.fls.doubleclick.net | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | s.yimg.com | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 8.8.8.8:53 | www.upsellit.com | udp |
| US | 8.8.8.8:53 | privacyportal-de.onetrust.com | udp |
| US | 8.8.8.8:53 | edge.gycpi.b.yahoodns.net | udp |
| GB | 87.248.114.11:443 | edge.gycpi.b.yahoodns.net | tcp |
| GB | 216.58.204.70:443 | 4711400.fls.doubleclick.net | tcp |
| US | 204.79.197.237:443 | bat.bing.com | tcp |
| US | 8.8.8.8:53 | dual-a-0034.a-msedge.net | udp |
| US | 34.117.39.58:443 | www.upsellit.com | tcp |
| US | 104.18.32.137:443 | privacyportal-de.onetrust.com | tcp |
| US | 104.18.32.137:443 | privacyportal-de.onetrust.com | tcp |
| US | 8.8.8.8:53 | edge.gycpi.b.yahoodns.net | udp |
| US | 8.8.8.8:53 | dual-a-0034.a-msedge.net | udp |
| US | 8.8.8.8:53 | analytics.ff.avast.com | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | www.upsellit.com | udp |
| US | 8.8.8.8:53 | www.upsellit.com | udp |
| US | 34.117.223.223:443 | analytics.ff.avast.com | tcp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | privacyportal-de.onetrust.com | udp |
| US | 8.8.8.8:53 | analytics-prod-gcp.ff.avast.com | udp |
| US | 8.8.8.8:53 | privacyportal-de.onetrust.com | udp |
| US | 8.8.8.8:53 | analytics-prod-gcp.ff.avast.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 87.248.114.11:443 | edge.gycpi.b.yahoodns.net | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 34.117.39.58:443 | www.upsellit.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 34.117.223.223:443 | analytics-prod-gcp.ff.avast.com | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | udp |
| BE | 108.177.15.155:443 | stats.g.doubleclick.net | tcp |
| BE | 108.177.15.155:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | a.config.skype.com | udp |
| US | 8.8.8.8:53 | bits.avcdn.net | udp |
| US | 8.8.8.8:53 | pipe.skype.com | udp |
| US | 52.113.194.133:443 | get.skype.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 20.189.173.25:443 | pipe.skype.com | tcp |
| FR | 142.250.178.142:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1---sn-aigl6nsr.gvt1.com | udp |
| GB | 74.125.105.134:443 | r1---sn-aigl6nsr.gvt1.com | udp |
| GB | 74.125.105.134:443 | r1---sn-aigl6nsr.gvt1.com | tcp |
| NL | 23.197.94.235:443 | bits.avcdn.net | tcp |
| US | 8.8.8.8:53 | e4682.dscd.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e4682.dscd.akamaiedge.net | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 13.107.253.64:443 | part-0036.t-0009.fb-t-msedge.net | tcp |
| US | 13.107.253.64:443 | part-0036.t-0009.fb-t-msedge.net | tcp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 192.229.221.185:443 | tcp | |
| US | 192.229.221.185:443 | tcp | |
| US | 192.229.221.185:443 | tcp | |
| US | 34.117.223.223:443 | analytics-prod-gcp.ff.avast.com | udp |
| US | 192.229.221.185:443 | tcp | |
| NL | 20.50.201.205:443 | tcp | |
| US | 52.168.117.175:443 | tcp | |
| US | 192.229.221.185:443 | tcp | |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| NL | 20.50.201.205:443 | tcp | |
| US | 52.168.117.175:443 | tcp | |
| NL | 20.50.201.205:443 | tcp | |
| US | 192.229.221.185:443 | tcp | |
| NL | 20.50.201.205:443 | tcp | |
| NL | 20.50.201.205:443 | tcp | |
| US | 192.229.221.185:443 | tcp | |
| US | 192.229.221.185:443 | tcp | |
| US | 192.229.221.185:443 | tcp | |
| US | 192.229.221.185:443 | tcp | |
| US | 192.229.221.185:443 | tcp | |
| US | 192.229.221.185:443 | tcp | |
| US | 192.229.221.185:443 | tcp | |
| US | 192.229.221.185:443 | tcp | |
| BE | 23.55.96.141:443 | 0217991c.akstat.io | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | 0217991c.akstat.io | udp |
| US | 8.8.8.8:53 | x.clarity.ms | udp |
| US | 8.8.8.8:53 | 0217991c.akstat.io | udp |
| US | 8.8.8.8:53 | x.clarity.ms | udp |
| US | 8.8.8.8:53 | edge.skype.com | udp |
| US | 8.8.8.8:53 | clarity-ingest-eus2-e-sc.eastus2.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | x.clarity.ms | udp |
| US | 8.8.8.8:53 | e4518.dscx.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e4518.dscx.akamaiedge.net | udp |
| US | 8.8.8.8:53 | edge.skype.com | udp |
| US | 8.8.8.8:53 | e4518.dscx.akamaiedge.net | udp |
| US | 52.168.117.175:443 | tcp | |
| US | 52.168.117.175:443 | tcp | |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 20.189.173.9:443 | tcp | |
| US | 20.189.173.9:443 | tcp | |
| US | 20.189.173.9:443 | tcp | |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 20.42.73.27:443 | tcp | |
| US | 20.42.73.27:443 | tcp | |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 20.189.173.4:443 | tcp | |
| US | 20.189.173.4:443 | tcp | |
| N/A | 127.0.0.1:58185 | tcp | |
| N/A | 127.0.0.1:58193 | tcp | |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 20.44.10.123:443 | tcp | |
| US | 20.44.10.123:443 | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\7zE87A3BD06\XWorm V5.2\Icons\icon (15).ico
| MD5 | e3143e8c70427a56dac73a808cba0c79 |
| SHA1 | 63556c7ad9e778d5bd9092f834b5cc751e419d16 |
| SHA256 | b2f57a23ecc789c1bbf6037ac0825bf98babc7bf0c5d438af5e2767a27a79188 |
| SHA512 | 74e0f4b55625df86a87b9315e4007be8e05bbecca4346a6ea06ef5b1528acb5a8bb636ef3e599a3820dbddcf69563a0a22e2c1062c965544fd75ec96fd9803fc |
\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe
| MD5 | e6a20535b636d6402164a8e2d871ef6d |
| SHA1 | 981cb1fd9361ca58f8985104e00132d1836a8736 |
| SHA256 | b461c985b53de4f6921d83925b3c2a62de3bbc5b8f9c02eecd27926f0197fae2 |
| SHA512 | 35856a0268ed9d17b1570d5392833ed168c8515d73fac9f150cf63cc1aea61c096aa2e6b3c8e091a1058ba062f9333f6767e323a37dfb6f4fa7e508a2a138a30 |
C:\Users\Admin\Desktop\XWorm V5.2\XWorm V5.2.exe
| MD5 | 3082f2b3be8f23e8c28d010df590bbe9 |
| SHA1 | 387ffb42347bab29404db26fd43ed9b895374293 |
| SHA256 | 34579787f8fa96efd57639473739e7c537e14dc77d941a545e0a211250863761 |
| SHA512 | 087e3b4fa98cb3ff191426d20ac042c65658892444fae558cb54b8940443d3d8110e07d6e6dbaa04e4b394755b3e07b1e8e8f7819b3bcfeee9a4056ae877770e |
\Users\Admin\Desktop\XWorm V5.2\._cache_XWorm V5.2.exe
| MD5 | 8b7b015c1ea809f5c6ade7269bdc5610 |
| SHA1 | c67d5d83ca18731d17f79529cfdb3d3dcad36b96 |
| SHA256 | 7fc9c7002b65bc1b33f72e019ed1e82008cc7b8e5b8eaf73fc41a3e6a246980e |
| SHA512 | e652913f73326f9d8461ac2a631e1e413719df28c7938b38949c005fda501d9e159554c3e17a0d5826d279bb81efdef394f7fb6ff7289cf296c19e92fd924180 |
memory/1420-225-0x0000000000400000-0x00000000010F3000-memory.dmp
memory/2304-226-0x0000000000ED0000-0x0000000001B08000-memory.dmp
\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x32.exe
| MD5 | b81cba0b61fb340928e304523fceb27d |
| SHA1 | ea8a0ae7596997a5748ab062df398a4e9810b27f |
| SHA256 | d94fe6c95b33d51f5b6167eda860ada300643954ba629eee5a9ea2652019f3c7 |
| SHA512 | 345f8fe0b6acc2cb5bc787d0524b13bba12b30ae494244b1ff42358d820fa0c6b1b0e5ff846a13a87b8bbce7173570892c11271a9993fcad43c0169fa02b1abd |
memory/1892-239-0x0000000000D90000-0x00000000019C8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\TMzpx\TMzpx.dll
| MD5 | 2f1a50031dcf5c87d92e8b2491fdcea6 |
| SHA1 | 71e2aaa2d1bb7dbe32a00e1d01d744830ecce08f |
| SHA256 | 47578a37901c82f66e4dba47acd5c3cab6d09c9911d16f5ad0413275342147ed |
| SHA512 | 1c66dbe1320c1a84023bdf77686a2a7ab79a3e86ba5a4ea2cda9a37f8a916137d5cfec30b28ceae181355f6f279270465ef63ae90b7e8dcd4c1a8198a7fd36a8 |
memory/1892-248-0x000000001CED0000-0x000000001DABC000-memory.dmp
memory/1892-250-0x000000001DC90000-0x000000001DE84000-memory.dmp
C:\Users\Admin\Desktop\XWorm V5.2\Guna.UI2.dll
| MD5 | bcc0fe2b28edd2da651388f84599059b |
| SHA1 | 44d7756708aafa08730ca9dbdc01091790940a4f |
| SHA256 | c6264665a882e73eb2262a74fea2c29b1921a9af33180126325fb67a851310ef |
| SHA512 | 3bfc3d27c095dde988f779021d0479c8c1de80a404454813c6cae663e3fe63dc636bffa7de1094e18594c9d608fa7420a0651509544722f2a00288f0b7719cc8 |
memory/2784-251-0x0000000000400000-0x00000000010F3000-memory.dmp
C:\Users\Admin\Desktop\XWorm V5.2\GeoIP.dat
| MD5 | 8ef41798df108ce9bd41382c9721b1c9 |
| SHA1 | 1e6227635a12039f4d380531b032bf773f0e6de0 |
| SHA256 | bc07ff22d4ee0b6fafcc12482ecf2981c172a672194c647cedf9b4d215ad9740 |
| SHA512 | 4c62af04d4a141b94eb3e1b0dbf3669cb53fe9b942072ed7bea6a848d87d8994cff5a5f639ab70f424eb79a4b7adabdde4da6d2f02f995bd8d55db23ce99f01b |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9DC39EB1-1382-11EF-A3F8-62949D229D16}.dat
| MD5 | df0a940d8d385acb53b5952c1bcd5ece |
| SHA1 | 8087090ec64631f2e4054f1123c6b6fb85eb757e |
| SHA256 | f40835608b9a89641bcccbc43a00be53bcebfaa557db48f9a6b2bb1d4809d49e |
| SHA512 | 34074a3c2ec1a8405983df73823868d62845799142a233f6c1b4db84f3fd67068185e61b73a3a539cedbef9d75204aa4e9a982218fc50f0c1e66ea480114651b |
C:\Users\Admin\AppData\Local\Temp\CabA036.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\TarA10A.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 949acca9a2ed79569a2162b85e28745a |
| SHA1 | ac4d629d80fa1d8cf1505bbed53e0e56029d01b5 |
| SHA256 | c2a1c0beae3afb4b9122f58e54e6524993f88182c0b651cc31a9f72581986ee6 |
| SHA512 | 68d42609470d1d505d29bd28b1dbfccdf92bf476c50d85f8d911c13075620c2b81b299e75280f4039ec7172ed477002f9fdbe312d10c784d021453f1f296bd2e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 239137490e3be8d5c140e684cbf21e6c |
| SHA1 | 6552b69988e736df3e1ff93462a18ef920829713 |
| SHA256 | 5b1b66a1d59a5b1f9d4ecafee0b6879d25fa5b75e764c3842cfe3f1598919099 |
| SHA512 | 2f797a5a7b7027b9db0b10e3ecbb0a7c7a572266ab1eb3a731f349207486dfaa0cdaf597defc613c6cdaf463e237e15468d975f5dc144c4e4bc2f326880d5a70 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 63e6d10d398d5f6c3ba34209b5f40fa7 |
| SHA1 | 7fe7baaf8be7a5b7a48084bc252ee64a375da872 |
| SHA256 | 70c54c31729c9575dcd0c4f35f9209c0e6d9b25ffe297232e94c41beccbac441 |
| SHA512 | 76f421b133f303ad5793ffa407e19bef9457fa502c6b01ea6d64ccedc1dd216cfe7e4631d244f937f0d5132be8658e14c63bfdff3dd9ade48893296ea11f6ec9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10c54db5850c6bf53de59f398f92e32d |
| SHA1 | b79d2e67f5b95b9b6fedf5f0a592c6db78d94131 |
| SHA256 | abee5bd1f844b336c1873593814640693beee9286b68461816eb22471081d6f1 |
| SHA512 | 6860edf46d5d2a961e17c99320e32de79b976c940ef6e379e2998e170f28971371ab7987896343c7ade92c98ed8515d68651dfd45e89945e9fd1a27841e8e81a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 86b0fb9953c6c93323ad0e9ad9ba2050 |
| SHA1 | 08abbbbf827fd5cc74d8940c8bf08cbce3bd73fe |
| SHA256 | b66faeb366d11197bce1646b822db60a92ec2944c43b65b69cf66ce797657f19 |
| SHA512 | 335e93a4a463f50ba36152cbe7a1d502d78f25b172793cf23418a47c65f053e4cc219e1ffb3ef8f80e04e849a58a08a6f197bd08db9ecd66dbb194991208096d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 95c80d146fc28c107ea2a5e36573dfe9 |
| SHA1 | 875a5c1a343d7a34ce209f12915b0e77b041f009 |
| SHA256 | f38d0efa2872b3d8222d78b68137d90bdd1c72a6abd7ed2d333066e02ff7703d |
| SHA512 | 5953d0977c5fed7db461e6c422c1e0f967af50daa343df6c009669f66eab6bb5f1627b288e3d96eb52c72d6b4e07fe37baea19cab25815dd1c482e141e1392ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b72f800d24728b5fbb428fea85a1556b |
| SHA1 | 1326ff189b3f927aa7f5d4338bc4a09a55af9bdf |
| SHA256 | c5054d2a03c404931becf9506bfce796b4e84b7924ce491b7b55d4e9fd79cb79 |
| SHA512 | 24c0a9e314238da1a5a7320e5892e6158d8b8e61ffd8680a3d5de9979fdf0b633a2d5ae3f5cde8ae73404b5f5a7cb500fbaa7452f27de025abeeeab0691d5739 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a847ff4d0c40ed028a0271b036c4d62b |
| SHA1 | 84f4d83b254db7d0783f55bd2fb8ad6cb88dc5d8 |
| SHA256 | 71213d78b77dcef0c8790c7ed84adcbfea96c0c094884bf70f1208241ecbe2b6 |
| SHA512 | 8c0b3e003b40b16ae33678c06e0009b22d0b73c183cbe1a808c3e85893990877c9000372d2eef1f8e1a69fb7a0a63d599f469ed1f74058a5ea320cc7928aa483 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6efe3ca558248f41e04a1b004ea27770 |
| SHA1 | 99cc3a0da2e0add23f6b55a712997bb98a3327d6 |
| SHA256 | a33e004d2fff39b13e0e84d2f80c612e205f1bd1fcc5b45c5db3d263f237c099 |
| SHA512 | e1e3389eabb6684011d065a6ccf8f86cb7c6f1c78c3d716d4068b3f93e11ac9828dfe0d7b7f12aeab79dba8ccb4ece5a267c367f57a2759fb8a8f368729d5364 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bb93f3369c3c85d207e9cd832028ca26 |
| SHA1 | 55a5fcbe4b1d39973230aff94fcfafce2576cc1f |
| SHA256 | 20b5cc63eccc3e5ff6ca5d73e662494d6edd4d6b748086ef9b2279a1de98e459 |
| SHA512 | 55bcdee6ea277d0aab0588ada242c25026cf246b2371b135cba85e8a3c75bc63cdd5657a6443542cfd0ce51a93a8f8e71032fa9ae45b89f8cede607126240533 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c69320ec14ddad6c856503d1cb0ec02d |
| SHA1 | b757d9178209b3f3c234cec7961b2e12a17b5682 |
| SHA256 | 1f3c86d5169d5ec7da3e7a5119b6e6978de7d757d5745bdb530ee4a18d9ce02a |
| SHA512 | f52b835d872f86aa14050790aefaaf5274ef3699f4f660b5519fb759a3882d004430b8fff8d969bb63e30d44632e9050ade431bcbc4833591f29f37265578dac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2cd5aa4d23d25f1455f658c935c31664 |
| SHA1 | ef5a399fbae5121e5916db6b54a3df92ecbeb88c |
| SHA256 | 77bbe84c57b5e981481ffb0a9d5d1284cccdd49cfbaa5411572a0771c8bfd6c1 |
| SHA512 | d5c95f49d38d2ee63afabf814acf0438e267dbfab611817ba5dec02656c5060b8621d1d6e09e074cc1433a7e8f327fbbc7f45cd24fe40f56e5eaa03ff2d77fa5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0feabcac13b8da0f24b32ad867f71950 |
| SHA1 | 791c6223933e243d17273d9e59ea9fa1ab49acf7 |
| SHA256 | bdce41981d0bf7fa8fdee0c20bf6a4beaac48dfbf786c76250e16710fe0a7c47 |
| SHA512 | ea100481b7921de76e776c01d052ac97c5e8d159c18f82a18bf162b1b74f159df0f75d8756451cc5a1fc917a7ab3e0e3572ec907df66aa4651487aead74480c5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e6e1a025764b9477d0ef23e42b1cc05e |
| SHA1 | 5fedccf09a33baaca763cdd7695c53f3e3c79e5f |
| SHA256 | f707c09e4f891b18fa64f634a142eda68b1a4e46e239f251a176c1c7793f6692 |
| SHA512 | 07767e877221d89ea39ca9d1f96cac2645182ea8856ec2d55e5c13e59c765ab1bf60603ed64c274c48c5dce75a17b0881fe9dab5cb736d211bcb0a8f5dd60aa6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0045d222b106463c0cea575b32d6836e |
| SHA1 | ece1d391e8d893518554c980c074f5ddfdd3f980 |
| SHA256 | 8fa336e67681c52bb001382e52ad8915f8622bd5af8cf6e717c358b94fd1e041 |
| SHA512 | 4886328582fb2a3054cfa9eff2ed929df154f84467934ffe450386407f0919b03f96027bfaa22b23156ac6202523e79d95c42a6ef50ca5deb704670f5bbf2c3f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c23d471a0e9e96f1483e7d66ee4c5d25 |
| SHA1 | 2749858cd992cba98fa1c1877fe1b9e6b88be2a8 |
| SHA256 | 6d4517616ae7912e0a0212afcdd61e87cd7e47a827c83596b8b0091ace87b8b7 |
| SHA512 | 5f3f7fdc45642b3154728a1678f1d226d4d21a957a498a95e7ad15d9159bb6ed58e9ea2b9e5adaffdfeebb8d691a57a63dc990cf3d1d56f19fea96c2c7d67bfe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bffa0236ebe6a3e5c483824c344c93a7 |
| SHA1 | a49bb0411765fa80802fafe872d05740ec021519 |
| SHA256 | f67c7bbf820939f28eb70fa560b5141910893f6047a7320e1819c09f6393a019 |
| SHA512 | bc9266f0c79845be94cba80afc29db211be39091a7dc35731797e22c7dfb2ea292cbf43a2d4734c0c00e26f6c476e1d591d244c578346d5e4dbfda488f2bc02a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f7f354b8248486957139842cd33075b4 |
| SHA1 | 8fb308db9be501bd9eac6d52727084a9ca86c082 |
| SHA256 | 7b695120d1dbdd57ec3ed85b68ad151a39758f98fab8f6ce48e7de4eb166809e |
| SHA512 | e2882d68ae376f917e8f36aa2253e64b338341c46c5221781431b3b893509a88743c1a79ff92111ecae3413e634de3f7d98793b0976a7d490b2beedeb88914cd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c985ccf2bad98358291babfe7a87668a |
| SHA1 | b06f079678b5eab48d318df156f6df3fd39cceea |
| SHA256 | 3da97e3ab49de38dc669527e64920ae5514bb7cd81fbaa5fb847d87ef51e0ac3 |
| SHA512 | 70b9091dee27b7e8ab8002977c25a2f6c733b189e5a0f826ddd26e56b800191d845d556ef0bc8ed3c574253e7c94c40101f209e5a679e009bab763d6198dde64 |
memory/2784-1173-0x0000000000400000-0x00000000010F3000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 50da7f82dbd213b82b1f204e9332be52 |
| SHA1 | d4d4c9ff30056ead3ba8c4aec029883af4edd868 |
| SHA256 | 6c4e5f96bc6c3ab823156be6eee8b80ebbfc8ea87a32db1a6b6cb25590f683f3 |
| SHA512 | a891a8cb1dd85385fa39bde32d48552b1439ca26114ca9d62d610ad668fa81a803bb14224417cda05cfeae0eb18399e8000f4228534215f64d21e88feefe68ea |
memory/2784-1199-0x0000000000400000-0x00000000010F3000-memory.dmp
memory/2784-1210-0x0000000000400000-0x00000000010F3000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7d677b96ebcc3473cc49c156553e66f2 |
| SHA1 | 0e12a2bb0f25b5258330b09d3939e0ab32308d62 |
| SHA256 | 12bb1042963dd36e47b5e3df1badaca82a1ea33bac2d627a147bdb2e949622b9 |
| SHA512 | e1a13f79c7bfd3f8fe0210b4f7f70507e9c2aa2ec49fa91aaf244ccd723d69e0529da22948bac971c22b2588839ec558d5417a0ec0adbee8017ff7fa07dca27a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ac99060733153e28a13aa1d00ad2b1c2 |
| SHA1 | 679d4fc3042cdf0b544430b7a85a523441271e5d |
| SHA256 | 295920c68402de42769a325f7c368498566768564d08c1ecafc5367f10490060 |
| SHA512 | f55f514e84afef794e916fc78e3b60499a79e02f1d21c7b3641046eafbad03dd877438d94f0f211af9fc8b9401e7db4c61d3b3c6e952fb00fa1b4bc6e456ebc3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dd56eacc0528984eeb5296628f6779e0 |
| SHA1 | c1ce4f4e6d8f21335c993ad5479aafdc6408f3fb |
| SHA256 | 10e9d380f1d8d90e9f6f3363e402560d166db2eb22a3367811ab638fa84a55bc |
| SHA512 | a6fd56c47b5a7584a2c93f2884ca15f722e39b25ecd312688a936351e216ab072a9c2d83130d6c788333a0434f181f39ccb86ef1a55aa4a5811c7364be1055a7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c2532ad016fb22f380b928676fd381c7 |
| SHA1 | c91210c1e1dc24479d333e258da0c5b6f56a3e65 |
| SHA256 | 62e30bedb155ba59429cf7da4255e2528dc25052946852914f952dbf4a08f6cb |
| SHA512 | 089c8dec7ada07a5c6587ba1ae75f838124253ce3dbe9aba113be1eac7602e9abf15fe3fd5363de89878a1c35e61b248471db0ba20183131d1e30bcbbb003830 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 126a473f9cbe6227c330c7d69c7b0193 |
| SHA1 | e4d507922e384f05c9f3fd8e03a7fd91d63f05bc |
| SHA256 | 01e305e8ee03e17d8c25f2a0ae3f51fe59755c1a62c7cbeb76f29923882d472d |
| SHA512 | 4dba44092cb7e7175a5b8cbe93d8991d7152283dea3aed16b60f923410cd1ec5a59df5725891383a2596a14a41b47c6dce7bd3cdc78a74b7ac229be9236741b4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cb9e77e1b426570331455fbe656c3a1b |
| SHA1 | 076ae69a7f2d9f5eaa9a58e675b3defd5db2e104 |
| SHA256 | 475ec46ccd83f02d4463be6948ba372114bed32928bd7039f3ae9655a604063c |
| SHA512 | 7926e99a3769ca5264cf04455fa45f3a92138ac18f801e92051289b1d73973791d69ef714a458e3c2306d7411712f58dfd4f88ae3170a06d92440d0e3bfe5271 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 71a77e449950c3112f7e4a5afa747ba8 |
| SHA1 | d4c5394666d8bf653194a80206045ed312b1484e |
| SHA256 | bf234b2964a533bd44de5db9bc3a759e639e1d674276467d8be89aa0b170d31b |
| SHA512 | 4cca4103e9d81869df83aa09eec5bbb65fcb8b70c36de0d4cd2beadad56b8707f5e95c8d0b8a74e6ec3863de32bb39a83b4294d998792d09813bbb995e77e214 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 05e5b9f9e1266761111df9a88e0ecd65 |
| SHA1 | a2caadd7bd3ddca33c475d30252d60b588373595 |
| SHA256 | 55032aad4f59d4ca5f6909f46c8a43c6a0418ca388982926fc17f5e6b4d81410 |
| SHA512 | d60f8dd2cf31ce086f263e6cedaf89889540e5d9237d741074e16bab9e27c5627bd11bb4165ee1ccb43ab1011bc744f891bea3b767a149bf96de5a68a9638e37 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9a407cc22d857cce3a6c4c1d2e729c68 |
| SHA1 | dbdf5db3b6731b2162e0cc26d06195cfa0e7ef68 |
| SHA256 | 43da9ed6257984121c87b3b64ba3c092d877a6372fdcab8f545d7f0d44d901d0 |
| SHA512 | ca9f68d40c0d22a0b981a2cdf3158f17802ba506308fd299630cd9d122b760b0af6d220094bca8130996fe367f1926fdecf09d6ed4d7d8c403e5f809a6bb2dc7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e59fc7bfe9e91e766b21e1600a56bcd2 |
| SHA1 | 6f47c3b5ad38555c1b981e164d67003372439682 |
| SHA256 | dbb4fbb91e505b29c34eda3469a361381afe297559fc7b08fa7fb90dd7463811 |
| SHA512 | 9c827a6f51240a527d0b6f876b36ad09a0242f2c55ef89971371db07b8fbe9f59a133eddf1a7a3989713f539b2bd4e407a72c487c140287e0a83524f79282804 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CY2G78MW\qsml[1].xml
| MD5 | 1f48e7bdc1da896070547808a6074995 |
| SHA1 | dfdd105f2b78a6e19790cac7cf4e8e48e02c2606 |
| SHA256 | 01b9bd956a8bef03714032d88cf63aa7e9932af5cf826b9e8c021d5ef8fbc4e5 |
| SHA512 | 5b3100c2846173e732a5e67b2b5bd26810690dd790956430cfd3be84da8c6180bc2a19e4af615343162f95cce0bcc8aba7260c2fa0f5ccc1fb835200e89bb9e7 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CY2G78MW\qsml[2].xml
| MD5 | 23f664d704a531117bb8ed957fb19196 |
| SHA1 | 73040ccff82fdfa27bf8cbc1b2ddc69290c665de |
| SHA256 | f32c55e02f2f2a68bd5358d60a902cf12bef30b51932f296a93e0884271e3f9d |
| SHA512 | 3d67a8364f7a21a3debf0eb9d10026d9b1bc1de3a51432c66098581d088da2a8571502359f417924aec189cc294a1f21ffd7c1cca6c166e58bab5659b82caa6e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CY2G78MW\qsml[3].xml
| MD5 | 04e5f6e35dc00a264cfef7b185ccf5e8 |
| SHA1 | 0f83915bb9f22a8aa86d2840eb63e99159d547a1 |
| SHA256 | cf2ed810f3b15bcff68529550db487b00ae5175e7c6d90b9027b6ddba252b275 |
| SHA512 | 5dde97cc7161619a60f37e958cc509f276f0452c28c2d6fc3c4339432d1aaf04cf0fe01ed9220ffe202fe377483abfc1a77dd17ce597b881b02e37c4c859f217 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CY2G78MW\qsml[4].xml
| MD5 | d2a1fc37c853ce3b65c0bf636df72ae8 |
| SHA1 | 61894bb6cd002ef6e7c5b044d7efb0f99f3d0bf5 |
| SHA256 | 226a0de3abc2c98febbd2e4a6d4ef530317d7538c24f8bed9fa477ee4c5ba852 |
| SHA512 | f37203b1f4f0a380fe1ad86543e634a7436c7dbcce9c27d906a0b17eebd24a13f749a32597eba48a65716daa3350002cbc97e1c13667f60547165dff22d26602 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CY2G78MW\qsml[5].xml
| MD5 | c661d8fa0e2e1c8ca8918dd54ee3ba30 |
| SHA1 | da77d5ace78bbd7c5d702d03479e0a9a652ec67c |
| SHA256 | 7fa9f2286d80b9b0a283ea31528ac00c6f113e595dae477bd2c9a137a206553f |
| SHA512 | 7048f091775a4afdf67b7eaa0deeec880b28689985a805810cda0227ecb58e77a99a82e1a2ea1ea0532794c0b3f485d29f65e685703ade413679f17c1d3aae11 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CY2G78MW\qsml[6].xml
| MD5 | d756786e08cceca0f2246708f5b037c3 |
| SHA1 | 1d3da7509605c775c5b5da623f85a5893dd443fd |
| SHA256 | 87c051bd19186d34d9b7bb6061358af5c0f76c27a823b46014aed20b9119eb9e |
| SHA512 | 781b69ec9304c8d51d18fc92bb23e920cab9b347644eeb385218e242b02ff01a614f28e1f11fc618ac011ab58324d9c59c26ed3e36435cddf60715570e2a7912 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\favicon-trans-bg-blue-mg[1].ico
| MD5 | 30967b1b52cb6df18a8af8fcc04f83c9 |
| SHA1 | aaf67cd84fcd64fb2d8974d7135d6f1e4fc03588 |
| SHA256 | 439b6089e45ef1e0c37ef88764d5c99a3b2752609c4e2af3376480d7ffcfaf2e |
| SHA512 | 7cb3c09a81fbd301741e7cf5296c406baf1c76685d354c54457c87f6471867390a1aeed9f95701eb9361d7dfacce31afd1d240841037fc1de4a120c66c1b088c |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\jw2rl61\imagestore.dat
| MD5 | 66f4680096bb9b5afd4256b96c4711d4 |
| SHA1 | c3a18818ab7bb0c2dc1872afdfaa82639c89e580 |
| SHA256 | 9f5704b756a1ab10cebf40d363524de9395971bcc1d461d997459259828c7644 |
| SHA512 | 663596dbcf9afc6e440837877ba934863866e517341470b64b77a4f5f66ef2dd3c667f4d1abc72a6da5c5e627c06ab69262c0f82567aee208742223923b72707 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\jw2rl61\imagestore.dat
| MD5 | ab501d91b550ef2b987bfa4ba13fd130 |
| SHA1 | 88ae4f729b39a3f6ebf646a5d0a808a9ed23bedc |
| SHA256 | 0b6d5b1bf4d0f2204acf0aeb1b0059a3af1c8ebc41b9c9b5ae90b2cacee3bc4d |
| SHA512 | 666d131a193a9cafe48594cfb1449ec2208d7abe71e8621aec172d4d697d0149015d3882705fa564d82ae2883f0ebe60daba1270b179087c6ed1a5d3cadf83a5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d8bf96d86dab21d37f93edd6c6db5498 |
| SHA1 | 2ad51543ffbeff9680b964508dd4c653f9492591 |
| SHA256 | a8d31846c1a2424ed2f29cf02c8c8ee20a9f331cb07958647a9ab164dfe4fb9b |
| SHA512 | 09584c2a9dfd97980e1bf47cf29c9ac0285c63bba376bb6b07d45aa67593f928d3cde057827e94f047cb6f8f61a6b2128a59d1506f5d77191879058409750bfc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 50ee91eb9cab40da5402ef7d618ab7b4 |
| SHA1 | 0c4dc7520c701c09925d21da403a5dd41f955f69 |
| SHA256 | a4ecea85591582159e83fcff80755f5a7b9639a4601096e77a33e1c99d20f59d |
| SHA512 | da5e2da35318a1e0db2d2f73f21b26aed0636252bf5a24eaa209b835d264183525226e2a178c8ad0faad7de3ae74b16ae876750107c8a5537660365078d3072a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 9ffd80f967c3b14a794d26cafd9a207c |
| SHA1 | 4f4e08729a7bd99a6ed0e5bb4355a482b1d7625f |
| SHA256 | ff2bb702488d384479aa1b5968c392d93bd5156c5df8e4c643bce67090b0391b |
| SHA512 | aa08f1478b14472032fde891c935da4873a42aefb23706052ea78d05676e4c48254b3b2abc33841bcaf7ad92461cd07dc4f65cf970ac20c4dd50e93fcf66aca1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3694ca25c8e2920054f36ab2f8353170 |
| SHA1 | 2384609181f6ed9fac92d60d48efff9b4510d7b2 |
| SHA256 | 1c20c206ba9dc2e4b96e68b0a6203f58e46e79c774683e55737e6fee2f694b2a |
| SHA512 | aad47f731edb969cc472f31dd9dfa085e5d8bb00e77e70aa52bb1c5c98f710409655df20065849f3c8e1004d254fde814bcada0a627e6cd0b0b390ffe7c3d923 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0358490869423568a59827c16731bbad |
| SHA1 | bd23e6ac50142e3f62c70dd23efa5d6b4f76f49f |
| SHA256 | 12032e085933b089b307ed42f2654747c464c505254fe51d79ef57786ab8de50 |
| SHA512 | a3d8d059e2d9cd7ccb5e329a7929a5b29d395e8e485535edd773cab1b5631994731503bb582cb7f4c4492af2279c0236efd70a6e20111d7bc5aa1e530a2b31a1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C
| MD5 | 50010b850baa82cc0c3adeeb5de485ca |
| SHA1 | c7cb1d5d6ca4ce7fe9cf1ef572b8cea4a5d56165 |
| SHA256 | 3f63b6ed9844d060906abcf8ff559ccb4762d3ae028644c5f5d93fc8b042eb0a |
| SHA512 | 645926e2a5079a7273fae6d3521291f2b44024d9ada540688e3277518f5cf5fc2439e2491eab2dfa16bca4d099b1927638a635cd489646c34ab6fdd6aa586d31 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C
| MD5 | f55da450a5fb287e1e0f0dcc965756ca |
| SHA1 | 7e04de896a3e666d00e687d33ffad93be83d349e |
| SHA256 | 31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0 |
| SHA512 | 19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b7e4e6c2d336b8f5e1297d9c03e6a353 |
| SHA1 | e0cd19c0157eeb4abf47101a13aa4de759c5ded1 |
| SHA256 | 883e33211567d9dda7a6f4a7e9ef42c4242ae9e798c7f1cde5cb697c5b9c82be |
| SHA512 | 77ec45db561fbc5fb5ab2b7c0eb1f3187bb06b3bb4353b4192399ae16cac9b1d1e3ec1fb99efbe4187fa4c73a522cbe1580d118554ac453586b3b24af5b90eaf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 26b470601d130e708451bc7ec2d60d0b |
| SHA1 | 74a0ec37a22a3256168d1044e904e9dee19172fc |
| SHA256 | 3a6044c8102155199a66b7f2e0e1e749bc8f23c760c533f3f5170b30a2743177 |
| SHA512 | 82384393ac93f845fb62051b7fb702fced142cc7e982210502eb273fac59e79e2a87e2cf06c807a5abd85dbb56224a26b7b4cd383dbbd0a7c477994eecec33d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a2d549769518594a45f247963eb0ba0c |
| SHA1 | 3941979a7aa4e8411998c8a6b96e82cce26402c0 |
| SHA256 | 4c0e1196a9e67deb3d682eb8872bc4f357f7b05dd2a3bc745b7af491c363634f |
| SHA512 | dbde6070e89872ac6dbe66fb382c415d020958425bbe4734b58b510caeda0bb3ec567fdf210eb99726b85823fd1dc9eac7abf45cd03aa1c349f7d42992ec6238 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bc74186909a6664066881a42b402b8ec |
| SHA1 | 2ec1069edc09faf9b830f2c6641f905dc0e1f0b1 |
| SHA256 | 10ea32bc139e6aac6626f790b7fba644eb280dd09bdf29ee25b7ddec1f3d7eac |
| SHA512 | 1f56fc884b1b204780e868eec01de151a6712a584618119c607d2003ed66134fa0ef3b84962f4deebe71a9330ef9c5e73f3a90d8e7a6881c01508d4be4e21dfd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ea208c8fb34e0c264615deea1ae412f9 |
| SHA1 | 0124698c2c271505bff9214dcd726210b927c03b |
| SHA256 | 7dc527baf82f0c7b46d125059e5870958643a97ab31ae2b791c79577e1759af2 |
| SHA512 | 0e770b44e41888dfbd948431cbd99c32ded4e176fbe7d92ab7c09640191d716a385779796687db0c76489937b94f5318e184cf7ba4911338fd285cb36ed3e199 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2b069b4b593f2e2b9a3936f65e5ff600 |
| SHA1 | 01eb83ee77659add0fad2036b2646eeb4170a79f |
| SHA256 | 035db1bb954ac2fa6c80edc40d7a433b07979d2be5f3d63297534bc6f5b9fd09 |
| SHA512 | 26c19ef0adf860c9c298251633fe1972b5cb69305d3d1ab1c3c6bb7cf4aa368705bbb11b9a083cf6917b8c1f71a6d6460843eea907e1a879991873bd505b63b5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9decbc8f18e4ca41177ace2efd6d4d6b |
| SHA1 | 6bc5da90d54ed08425ef3b2e2c817f99677ef110 |
| SHA256 | befd366fb205bc40f1875f92ae126e19a51f92ab8041aa99664fa9796e849f0f |
| SHA512 | 71f772a866c998f2f106bce322e53fce16135efe7cade4e29a72741fc6d50bd83a8eea0bcfa2ccb7775ee874c1662cd14654712e07dde6d601f64a2398322baf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a64bd26e6ac74bdbba2752409fae130 |
| SHA1 | 62a9874bdfe351817cead6d4c84aa021dab95eb3 |
| SHA256 | 35170fca05b6c34f7485dc42bf7c91ccd212412ead6bddb40cb6ec23b2e152c9 |
| SHA512 | 3f76f848ee8172bd74d3e32e569382da64bcc218f7d46fe5e45a939449df8761c53fa25122db0e2b718252f23daa8dea55164d3aa50f5efaa8a48d0fba9c3a1a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4277fc2779e174f38b1e23c723ca1dda |
| SHA1 | 66e5d82c5184a90626c7bfcd8662d4450e0992d8 |
| SHA256 | 94b806772a4f769be6c50ae9fcc59d76415b8efdfc723c16ed6c77c4185a3dde |
| SHA512 | 904e9d0d5ab2f25aa750c8655f51da5a64d93c2ca3da4feb69a1d26630c8360d21dee67f898657782b4560d4f1b6b348f220c84a610f383056a1812f5a7ffaae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3c8fe87937764656550667f74af0217d |
| SHA1 | 3809361445a1e4c9007643c4e8bb01efe8c57128 |
| SHA256 | 84a70a2ddf5a4d7220f8d490e25c4a3b48ae626612680b3332cd5f5ba929d7f6 |
| SHA512 | 710f8278a0a6fca56770514e7d4d9d8074f4cb205ff265bdd17fb39cff1fd497ba1529cbd7fbbbe4e2c7ad8325f4602973d855d4ca38fadb62121baf6fcf3592 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 12ff48baba8153a0c75dd321b259121d |
| SHA1 | 94b9a35dcf8a40be8ce42f3f7fe39c71be351bb0 |
| SHA256 | dce2190a25dde74603f36b9eb9a8ef5917082f5288121418431e66423e3c05fb |
| SHA512 | dec8331ae9a88cf9cafbc856e3b1e320707761339dcb054d172ca1a6c8074399fb03bc74f002014239dd83d30314a9d4cf98785ac8530082ac64d4f9244dd79a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b244c2e82d82f96b92b00958dec44dd0 |
| SHA1 | 540c3899858f0065e0da925027420b365a2cf7dc |
| SHA256 | 11520e16d91fdc9f933619b6707283cbb50f57b3ea06b6dbf11f65f808f3127f |
| SHA512 | bb7af0bb2ba060869caf08d3cbb478dbcf7c135b3cc40f3524db21baf9633e37ad775c301b456cf2885c30dc5d3cfdfa1dbcd6073119e38a3672d37b7abeb5a7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3afa163ede8105554b31f8cf029f90a3 |
| SHA1 | 70640406b1ee3b7eb8e8beaee82593fcfb68505a |
| SHA256 | 8776e48265c95a761c0f1427d2f10b0c3ebd06c8e218fbecdf18b5c51fbd020f |
| SHA512 | bd99a5a13fb5ff33181d7b6f859e365171af66b40947f398fe0161a44009e795dfc35ae447c4e2325a7f8c2b8a4fe6fe5dd72a939542bd8a17ae705bf8f57407 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 94cf7dc70dad46e104162e10b34cb71d |
| SHA1 | 25452e205ab2878a3689264b555631c87c910988 |
| SHA256 | a90058f2651f232b1d5949a159ac341b1a0728dc345c9006df3d5a8851b84166 |
| SHA512 | 55bc0b18d7a3cb4147b6929f3420f7db2d9d93b4204ed9e6e11c055b9b32bdd6be3bf9a2d525e495e673cbefaed15f2e133ba2f7af3943b4d183bb2d3655def6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 44c5cac855594399c90b84a70dbb4fcb |
| SHA1 | ec5505b7e5ebb4e2ce2051a0a9be95da45e102fa |
| SHA256 | 278a709feb083c37da3f7971d71df8771b536cf6100c31567b7d18d90b13310b |
| SHA512 | 82fcd1d5d42e182e2217d092483a5ed459e9cb40cc9bc0d0602f54c7347e245a05490bc2c7ac3a574c7825e44ba3b657751aab6269e30d62310681de962ac963 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9bc3f9a49bed34540d521828cf37fd42 |
| SHA1 | 2df616d2d8ec8d02bb6b7c6070fc0c279520567f |
| SHA256 | 9abccc14e0d4d0fec1bb234438fefd3c3fc2863001470171450eb48a6c0a5d93 |
| SHA512 | 0fc74e6df8f58f7a00e209203aec0f274cbd6fe9ec9d86c2c50eb6d828a57d315cd6cc2bf15a5563aa0eac2a289314574635ce429ca3fd989559b5521ac62288 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c249fcfe997b8c2206d888664dfc9715 |
| SHA1 | 7edabdf199b1e8e0015cf25c9c530423e0d8ee77 |
| SHA256 | cf38dc369fdbf09be763ed931df14020bcb13fa3de2ac06685867af69032aeb9 |
| SHA512 | becc35b69403e1cf565479f97925541c5adae51477de93c3945166ef8084f18b09675063e87269fbc24e5f6c8cc4a43f4b3e7d0cd9cb87349400e38bdffdc560 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c4265c46b7a958776589a4e0d952f3e6 |
| SHA1 | a16b0ec919a2cefec6624cac04d20cdfe1a069a6 |
| SHA256 | 512e649a2e9e1f2996af3a4bc165a1317be67ff0bcec2a683292cdd7e67f278d |
| SHA512 | 2f8bbabf5a9dad6d0da23f45dd250e2c4a5bdc320e7b3147d3b9ebcea8904ff4371f47e5e9d7c0b1433bfdc42a13376a681a3ac5a948f318cc941a02e4297687 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | decddce9be9eb2d59e153e0c9b0c91c1 |
| SHA1 | b3f17c592d3d8816535975ac3718a0ab74fd1ece |
| SHA256 | 059ffc2da6150b993f9297d99f95a7f405a0035103d8278bc187789b5a2b39a1 |
| SHA512 | 9a381d30bc5eedf622d6355c33869c120b2534ef16c264a7e6568d25af09fd62d1f8c3e8534f229b96767af929726bcc9f5938a7f36ff03b39206d964b2a2888 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSAB58HZ\qsml[1].xml
| MD5 | d79a7b7c4fda97e3ff74147c09db4e12 |
| SHA1 | 8cb2930d412a67b8db0d75316f97728af9441407 |
| SHA256 | c5fe07b174efb0333644043b2dc37f83ea80a7100b8884d130418687886cfdd9 |
| SHA512 | 8c0c04527cd27d677f14813957ecf9832d0f5014b2a4b0dd2bc54d346348cd6795e361013edd80c22eacc4912c595be6da2cbf9161e80498d2a368a62e8685da |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{9DC39EB4-1382-11EF-A3F8-62949D229D16}.dat
| MD5 | 4f666890887feaa9d6ac511d623a91aa |
| SHA1 | 241f47ce880be2cf4346e6d6a4911923c2c77d90 |
| SHA256 | eef3127cf843e9637a6c8d850ef7ee2e7d1c4ee51244a340189d0fbc9aaa4010 |
| SHA512 | abd8c21e06e5f4a06b0ad7f979ed61c67fadf92c7748cfc5739e9b63d5a6566910078943ff7fd28bf2dece50513dbcd9ae5836e582e514db90e660266d1c5b25 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{F0875AD0-CFEC-11EE-9B3F-EA6B8212FFD3}.dat
| MD5 | 75e87d53bf299cc7c3c924d4a1ed7ccd |
| SHA1 | 290d1a5304a9c841e25275c86877942868d9f17d |
| SHA256 | bf40bc2c5efcf563bb5093b99de2dd38b970f906275eec7c6c8ebecb6eeec907 |
| SHA512 | a1a6b41aa7c7b964a0b90366690a0a6e82fd84de111bf2b97d9ccfc16c6a05b520f955b2c619f994ca40e55879e6ad8020958e15f2be25815f6b4fa63bd039ca |
C:\Users\Admin\AppData\Local\Temp\~DFAE131407300C9C65.TMP
| MD5 | f708f3c1628c0320b98dea0dfc024155 |
| SHA1 | 13c081818264031587cfedba9d706e3bf08ccc51 |
| SHA256 | 47681b55a6f150d0b2a0e942f302007781158a9a1c3fc869160d2730b087a055 |
| SHA512 | e38d402bc61c6dbc0d3557ccc094b0cdb31bbc884ab7d8612a96e28149eeb533704e3b60d76986da6b5849d8279ab45c147b78feb4c406c5924d4502d52656cd |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\jw2rl61\imagestore.dat
| MD5 | 513f34239c6146d8c4321a3f45bbc761 |
| SHA1 | dcd1e1195740b5ad6fab0a31c0c098fdf1f828a4 |
| SHA256 | 04231adbc0197dc4baba6dd19de8f8fa0bf2a0cf508ef03452e0084c2dd1b5de |
| SHA512 | 0a7a586105c49e4c03fae814b8f126c9335853b702ce220733c697eea1b60367cfe073fd3a5744d7fbdbe2987e2327624be026716ddeff0f5e9a7f212979e14c |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{F0875AD0-CFEC-11EE-9B3F-EA6B8212FFD3}.dat
| MD5 | a9e65020a6b3f8cca47a0d19a9d4187b |
| SHA1 | 5e3d5818efd7435fb04662cab6f937752cd68223 |
| SHA256 | 8de82b521ae4cab896a9cccc4e92c80fed735b7a30197105ddbfe4376f1e9575 |
| SHA512 | bef2532184cbb3699cbe0e2723a58c82829986c88b55885ca2ec7ef09f453e809259cf558c89587944a4ff91ac7e841e652a1e1cc80fd17d0a7ca3386cf93d57 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{F6469218-1382-11EF-A3F8-62949D229D16}.dat
| MD5 | 9235739416bfdf7c062b24d4c29865e7 |
| SHA1 | db618289080eef0ade16dd3289ccecf30eecbff9 |
| SHA256 | aa6a78b969ab2d86975bd3630ca8c4f844973a3de3bf7334818131b78dbb6774 |
| SHA512 | 9c50358341d0f3d0da3195b5aed6d7dd91d12dd87e01bbc1a8ad78dae0c2febf966bf54f2ddaa5602e7b33763521da4ff836e030158fb27b93adba68d8bf38f7 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\28c8b86deab549a1.customDestinations-ms
| MD5 | 2dcb5363975114bcb16a977375c9aacd |
| SHA1 | 54c089f5be2defe32343cc3eaaf0a13c9e1ec538 |
| SHA256 | 3ad8f6629552e49a49c8a4ec8b6b29953372db280aeabba3d9183d4331ba8af7 |
| SHA512 | e4c3a04233952aafb77fcd8cd838c06f549ac69ad9cc6f4e73b1b2ff6f878a89cb7a055c5730843f8c76893d22e34cf6ef58e25577a92a73b30b47cdd683e53c |
C:\Users\Admin\Desktop\XWorm V5.2\XWormLoader 5.2 x64.exe.config
| MD5 | 15c8c4ba1aa574c0c00fd45bb9cce1ab |
| SHA1 | 0dad65a3d4e9080fa29c42aa485c6102d2fa8bc8 |
| SHA256 | f82338e8e9c746b5d95cd2ccc7bf94dd5de2b9b8982fffddf2118e475de50e15 |
| SHA512 | 52baac63399340427b94bfdeb7a42186d5359ce439c3d775497f347089edfbf72a6637b23bb008ab55b8d4dd3b79a7b2eb7c7ef922ea23d0716d5c3536b359d4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 26a6fabcb576c0b0b0bb2e4ed12c3f71 |
| SHA1 | 17c2f8b1ab0e713536dda4e92d3b9ccd927d2c2d |
| SHA256 | 89c8ee1daec76eb2421ea0a991c6662124297492732062cd11502d6f8a50d649 |
| SHA512 | 7f2f773f435758a245f06aaac9bba4ef5d255bca6ee52ecf1e4b07fa204acd632237fa151cf6ca3cc49c4f6989ddcf0e741f092b3d82d1e9c3a9e78b32e0a1b2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 3344b0a461695f1113a5fe23e771adb5 |
| SHA1 | 4044d3829086d519e79ecc88f606f28fa3682e6d |
| SHA256 | 325127b8b68c50343c9d2db2a998d038c4dbdaa1d94d2a19a18aa8a51f52079a |
| SHA512 | a2532f14284e6ff1419be7a4fe9313941778d0d97203dfb89631ab9183e49ff9a80ac0e8f4c40c4fdd6fb38bd5bdae4d15051eb4aa4176bf0ca5b5acebd14370 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
\??\pipe\crashpad_2572_YBFHGRUKGXTTCIGD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 2f06340ac4b5e9889f615ce13415faee |
| SHA1 | 82cb162a6e71386247ee941c7b89451a0da43f64 |
| SHA256 | 21e03ba8de41e38487d1ff5b505b875e7f2f70dfdc9bdc727f56202ccfce4fb0 |
| SHA512 | 4754d447dc172d363dea6b8c4259bc98e0cb11faa611c258f0ad1dd169dc07130764164267ccbe5e1dadd56efbc51cad410baa04003d5e7e53496c460ad2c5dd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ce52e525-8096-4a49-aa3b-ef4d9fa62590.tmp
| MD5 | 9ef6ce6fc0e8922b107ff00182b0f22f |
| SHA1 | e84ad7f71d1ec36eda31cbb8a5fa82758dc092da |
| SHA256 | 4de69d374d3bf9987ec7e453616e251cb3ecf2a44d1ef4cbf338c72218c8932f |
| SHA512 | 5da147ff342f90acf64d2affe91d20a597bee94bdf95d53e10d956802258a391732ee0608930d15b97b088afa0864a0d35c68ac772d7694a9383c6a406f6bd8e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 70d1a6ad8de8cbc1c70cc5c34e4c4381 |
| SHA1 | 288b36161522d4daf04f7cc2cd2154a254293907 |
| SHA256 | 2eda9b42414da3925c7e5da53c94879657ab1001a9972c439998cd4ee787d4ee |
| SHA512 | 587ce8cbc97f1f42e4bb84df2f530735532b90c9302f886cc3423696ccd64e14c629132b24034fb69798f356baafbecc6b753dc4348f84c75932aa6783ca2c17 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4225240741e36d0d18df9d94609a3e13 |
| SHA1 | a9db9c513366fa7879eb43c0a0da49d81f27d2ba |
| SHA256 | 2ae5c4f6da54aa8a6ef9fb3f1912211397e9ffaca04cdcfc7e4c5e961d58522b |
| SHA512 | b0317d7234cfcc0fb36863f4583635c9056ca2eccb0c83ac26a7cafa6e890d90623f9e4c26316af1cc90f60da4459732c1ca651cfb2d7a30762f25b04c27fc6c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a4e3797e196c54589d2dc3e3343fbe32 |
| SHA1 | 24d210f90c6387aaf4d6a245d36e14a0fb787741 |
| SHA256 | 542d8d1c78a13fd200b1f5fb889677ba12a8ebb8fb1d1a51b5c873a4d676e622 |
| SHA512 | e7006d73f443d8650e7bf0a13042011b0af80ce2ceadafb54cbc8ad89e3b34791e1f8768d6c03a70a3369113d6a890540fed8abe405384d2825a7f7429d95232 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f0910f1b97abf8258dab2418625f3f17 |
| SHA1 | 7afa32d5bcf335c4df71e6cf1a0768bf8cf03df7 |
| SHA256 | c1e2333722fed1b326c0a8d32dcfc1772e2eba661c95f139b726cd804d7e0d7f |
| SHA512 | 6d4a7a2c06409b663b81551a9a3098087f0e350ff740f092223c98b6a604c6d1799366323249237e9189261485f48c304bc03e343e3b9a56ad41eb7e9ef55231 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 506d7e2a16e186dcb4f777ed7b97995a |
| SHA1 | 7b9e181c0184684b4cd2635b1cf79ec1548c984e |
| SHA256 | b5e79b16b84cdbe2792b24b3c10e53f19a409b9e4a73f5754bc3dbb88d9a0d89 |
| SHA512 | 764b17a4eb582af8991115ae3f137d8b85d565b5add6a9fb3bcfc2ca8953103d1597a94b8e7b398a340dbfac7c96234b52b75400a293fa851e809fee5860294f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0fecdad71db439bce2f39fcf026ea1b8 |
| SHA1 | 7e3ffa827ee64b1bbcd343ca83ffc9c73be8b685 |
| SHA256 | 692d53dc7ab5736ea0121855727deaeb6b73eaa3577f3955f19df5f2af8f819f |
| SHA512 | b47754dc83fc47726998405426961b3381a4860c95f9b1061a277d5b293a3f817c02b0608e3083f740919bfa2f6a6c5bb377de6db3398be1ffdfb0860bfd887e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 35beb6913ada56bafbe25702594c73b0 |
| SHA1 | 7e65bd1bba81b8ac0ba279378a8f24c31a7ef6a8 |
| SHA256 | 00ab2bfcbde97c764ff5bb66f855f1fbe14973908e36ffd3a501d998e8964c9c |
| SHA512 | e35c465ec7c171ebecbbc43e854f6ac324445051fcf98ee360710129cc77a75f61506ed15ddb89494b7205c72d26602ea0c3ce792e34541fd33d6c1b515df31c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1577fd2090bc1bf88f871a9b515c4995 |
| SHA1 | da5710f8e5fd939df015f8d2dbd83b742f140498 |
| SHA256 | 8dda485aa0c60f18d97092b9ab7249e5c68edc4bd62fb9d157d631e3a0d2ae10 |
| SHA512 | 820676bddbe557604e3d7d801c503174deda227e3759a8b19ea99f3b2faabb8ac4e6c65b383ce5ab853a42cc68bafd663204fd5d45c8ee3d834ef34e1dcf8bad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe676dab31b8f94e081cd1058d808f52 |
| SHA1 | d1a2c49be86bfc36e1eb4eb5bca7c8dedaf29dfb |
| SHA256 | 06616aa4fcfb210069ea6a118098fada92f4c7788d57840244d8b452853f2089 |
| SHA512 | 5d2887891294bf473e201a613f8485bf3001900fe97c8984c3a3baff3b82860dcebd4cbe310b8c01ce526d4da0118fd796591c1d9561ca47cd07fc50d51d4d51 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d0e6e32bf270ff9a385fd206460d4721 |
| SHA1 | f69b7f6b151977c097fa689b762629e4eab317e3 |
| SHA256 | 957e16bd05943502b54f8cf1429c400f6b682230af2613268510b2741e7258ec |
| SHA512 | 6dd8b76f5ad8dac8138715193c17ed36714db2e315c9409241dc03de7c76441ea8d4b028ac452bd89d5e1f1368422bdebab168e10852804d2508afe6f6b21736 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 22f10f379bf3834b252d1e25b617a4cf |
| SHA1 | 71d38c3b24c70692eab8b657135860dca0fac238 |
| SHA256 | 35f32508381b27adec1686b8d9da190437fdd9f868518175b10e55399a92297f |
| SHA512 | 211e057bae6609481e53563cd1ccc2756abd400b67896befa3ba0472a44f2804f125e60567e1c4470fb0f564c77cce8c18e30e3438013e6a0472525913457b57 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a6eadf7fd247f630610f18254c5bd9b7 |
| SHA1 | 011a28173f415031db02f1e10b7eb59de0ae03b1 |
| SHA256 | 63d35d52bf5ff717c4c2498057fa4514da7b1ae3756dde0942be30a96aba0776 |
| SHA512 | bedac7f08fe13e683fb1923e449666cffd7cebbf596639f6c51c490b0132fcd13429cd38cf3128090d623ab538e807e873b357d5fa555ce06c814d6d387a1759 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 35c12d4f6b76c68bd0a3f8251ae4d6b4 |
| SHA1 | 48209f0dab9457a61064cbde75e4583f053e913e |
| SHA256 | 41ff7f73a115583870f6ef9846cabe8874db0b764e433ce04ce7592b27e9fb10 |
| SHA512 | 35cb32e9a1f7444a065f3a3ca5e4bf594dbbb08849a7af63a1530099a4e52902c6465ac2c33969d7d5166e1bf0ae62a6b0ad3a160f6bdcdbd309e29afb0c9a26 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ca5aced1a6742b186db185de34131e04 |
| SHA1 | e183dbd9f1a8b2a8a194a7929004af304e3f1cb2 |
| SHA256 | 38c6c1a8af195719f70083a0491e3aad8db64af0dc88309a827a906489ccba1c |
| SHA512 | c1f42cb8a535ebd9c60c6f00694cd78ade71d46bb6161ada455e2a8ca48b483aa57d7cca13d08df9e106e5a241491fef4af253ed5ca00b22459c57ce09536db7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 247cbd12f5bfe89558c847e2dbd559e6 |
| SHA1 | 9187780d5eefbece4730add271871c19eae3d18e |
| SHA256 | a9eb0b52e19cb4810635afe3a725a5edbad0404290dd39a85c0f89ce838ea9ba |
| SHA512 | 4a2d55303e0d645ad27be35a12765ad1e68d21ee44fcdb88181a28f6fdd6e9076dfc565ea6a6f66cb18e5b9753d0d3aca6ddaa30afc0ebcf16bc9cd27b665fa9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f019eed224d5460029b0acb7adf86446 |
| SHA1 | 8dc3b209fd97610984f9d75e6a7ed6cdb437d88b |
| SHA256 | 44acaa6bbcf9346b75764e638661c0dd6cd05f6359c91abdb158cdf7645a6eef |
| SHA512 | 23a721f37b66e63132e9942c54d917c004ddeb8644f642730d31b4764505d574cd67178236db3fafe80df573dc87c6ba3312e466924d4ec65ae0ecafd87ecc07 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b9c8037427f42dd6a861f1e9258ce5e |
| SHA1 | 40a8ca92ee9e222d53f706588b6eee4b8a35fcef |
| SHA256 | 634d8b9fe0df20e4f627df4c383e4b28481f40ea02f5f3d280f0e5d46f075b24 |
| SHA512 | 636b9691352fd88012f9de68e7b78cf2c95ea972056c283c0dda7809e58a5a80fe11b9ba94646151d74a673c0872af35d674f4e190244c887f4088453ea7a1ba |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e8abc545846b2a3aa2d527a49fc09174 |
| SHA1 | a13ebf93f1a316a062a1d4952a9dfd9f260631b1 |
| SHA256 | 55132c247c1aa41e6c417b5f26432b1230f331896a661dff13f8c4d83ebd4c37 |
| SHA512 | 24880c017d398266eefcb1381eb65ba6afde7a606cabffe2dc144430c11df4c7551026789a8f8b84c4c1f001d7e9f4122c86e703ecb8c747719ebcb3d9c8b8c9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e6e93c905305637329e490ea0e1f6f2d |
| SHA1 | 6b907ba5026b88463deafef3b955fac535625c20 |
| SHA256 | 7f348f966a939d96ecfa1c3b41d2f580e01e485a1fff9e38b260d8b8d161c1d5 |
| SHA512 | 016269adae4ed9dbec99f8e23e5599c13eb20e2c25a85b5f5f50e880fe6fbef4b2b5e75006e07239e507840b91d142d00a1f6af0b5be49a58213f8f3784d47d7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
| MD5 | dc72ddd7a475adcef28f53727afaa492 |
| SHA1 | 7e39e28738743b2d83cc9baf0d21772e899fb8fd |
| SHA256 | 85e1c7c45bf91a5273f87000eddbebd4b61c4549126cf70084d728a0f5b5249d |
| SHA512 | 2addfc8e4e09abd5c06fe5753f189a1c1d4f3408dfd7c31706eb2bd86b594f164628dc663ab947df171f33070bb846877eee75b4bba256183d34dd5cc9f8fd06 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
| MD5 | 805d4fdfc3d3e5ddd5391b8f361fa519 |
| SHA1 | 5425f05d27964bc57cd879e16914bce5053ec743 |
| SHA256 | 3924dabf7b129ad34cdd665768bff84c6ffa449b942cab5df2e30b0ea9efb659 |
| SHA512 | 7a64df530a77faf100ba32d9cf82ca5d57f6f11f40a1e6688d695d3b726b807b6f7e34853fb2b7ecb30c137465618f09077031f42b24eb80ee90ab5c3a0bd8ca |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007
| MD5 | a4fb7ff0d3979915e838de8951d06f2e |
| SHA1 | e446535817dbe1f0133dc5d2589b42be88b1dc58 |
| SHA256 | 3e57cf7093980c3ca1d39f83ea0e3975b001d2b30456e1a3831fa4d265a30ca1 |
| SHA512 | 809918e9f11e3d759a7606565db5c002150c61eb3df45804cfd96fecad03cd2c56b78b891cdf9d5e70102cb9ac9ba7d9129f3ebea0f1d60ef272ee8b4a34965e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a
| MD5 | 118de96ce25eac31803b1c649f0fc952 |
| SHA1 | fc2fef7f1eb84e60c676ec7ed4bfb94b86dc9b5b |
| SHA256 | 631ff66f29abc9e22f1fbf7da0a22e34f6fdbb5a7a7038b1dccd51670631b277 |
| SHA512 | 36fcb877f384c9417afd2f9ac4795b4cdf13795fa4310182ab14b9164835dfeccfe88ce4cae5cbfdde87b7628ea6d50aa8a418be509f1aadd05037172224d8ee |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
| MD5 | 47f5b6368c594f51630907876f0627de |
| SHA1 | 248a41e58bf6c73b632d8d6bacab290ff56a0f0b |
| SHA256 | bc9487b0060710ea9feda9871fd52f86d37f5b3d16369ca7b2692cebe512d70a |
| SHA512 | 116cb24e70c451f49f08de3b596ba07c6cdbb1d4beae7041b244a9462469b8af8e90c5a5019a9d43cc56252a30d1e8b54ff8bae2e8536cd5cf9d007ddabb96fb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b
| MD5 | 212430a6260f24c721064a2023993fef |
| SHA1 | 873b301e76bf8a56e0715d9963d29105511f06b3 |
| SHA256 | 13f3a638570665e50c944f1075a4a7da9c115cab23852b56169da2730aad3d86 |
| SHA512 | d541a4d50dc383041bea5fe3646282ae7df1729444f6922a51854cce534467b05fb7199cc4419f18c297e63df4a68b5a053b90d5d53287013f214503c2099da6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c
| MD5 | 700cc5eb5e576e156d947e9084e35f58 |
| SHA1 | f4dfbad356438c954d26005c1cabc03d77268bc9 |
| SHA256 | 80cb661688a7e40b56576b98752dca4c4ae1acdf62b57634222437dd1926ac6a |
| SHA512 | 1646fcce56a0ca323ed8cd3fa25da3db72c10359c8207036ba26a886286f111261574487ef8125b6f9db00d9094d707cf5d97f4c7aa5787927e89eff6b953370 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010
| MD5 | 6a6eca5c966e34ddffca3cb7051ce9d7 |
| SHA1 | 150e0b71a5d65b5ac354c4c933d1f21b9c9440ec |
| SHA256 | 5e756814652cddfd22ff7495c8feec4596d6f5a7b30269c416a4f002ec57bd71 |
| SHA512 | 7551d97c9085c8e785b754ad93af4d6c24c1ad7702d4ea4dc9d118260587af25aa817ff977d566b9847ea8b7655741c3918315a92bff5a9dca8c034daffa5405 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 30b935cc77fdf1d28cc476146a4dc03c |
| SHA1 | 1a31481bb2d836e4805c000b7101d0500ce47203 |
| SHA256 | 4c14f3bd717a90b8344b6b763a06c7bee7af5b6729d5b6baa0687c4d26543b14 |
| SHA512 | b1e25baf5ad0243fb99f2bc3d4133dd90f34f502e3ad46e94f1c790a3fae7fae10ba0572e9e1277736c8f61accf250b88fb799c313faaa1c8fc530c6a9a3674c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | feb385e750d30804f38e8029597529a5 |
| SHA1 | 2a9560dec18883ea9cf0842abf4feafd40f1b3fb |
| SHA256 | 80d321a76a2b26a89436a254ce497b67259e08dd828f018b60168645037f6695 |
| SHA512 | c3fd9ec1f7967d1a70e066584c42015b2711c0f5cdd8d9eacdb60fe286d65735a874a07b12f242e95e513bacd983a13b507d9da295f2eb34ce164529273b7b49 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2baeeb13b133b38668389e5ce0c3e3c5 |
| SHA1 | 84aaba40d71653eb6e38941ab4b8381c0918aa6b |
| SHA256 | b168fe4ec395280dca84a23bccaa7c1114204fe14285a92156f0e0baa31d0544 |
| SHA512 | 40ab25bcfd0120660431b1053fa9d91b1a4931ee29be9d30a38dad51f83e3efa8cc1f820a2fdfe61504b6b87d50ff50be3c2382bf1d887caeacea9b6109620e0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 09007de7440d9895bf6e0b7e53dc52a0 |
| SHA1 | f6aed15bdc011a22061b04e7315c0c474f12b744 |
| SHA256 | d83f6d6b3fb802d7301b9f046e608f5bf2b859020b341da30a093a26926bba97 |
| SHA512 | 0d0905198a7cbc4073d746e693aad9bfa2d730f0a6b03cadbad63273cc8aefc2481cedd6912704ab07bfb122c43b6fdfdfa4dd7a28a069c4733ec05fbd86c69b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e5c14f64e5480292c85cd1ad8522801 |
| SHA1 | 14f9025890dbbdff60929da194610af81e50b873 |
| SHA256 | 82572ee31788c9fe8058fca15b83ff08db07ea4feaf84e64b9ff372089a11cfb |
| SHA512 | 0775e6fa9368cf678cf9e2ee0f5ec1ea6db2c169f23ec896040e4ac136964d31fa26f9ee2509027678111291e6c123d5407a672e14200da69e296dcdf50b28ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e1ba907b6bae8b29cda120e9acddcc3 |
| SHA1 | 9175d54545c044f7f4d91120fcc593f9d547031e |
| SHA256 | bfa9e1b59ef4cf7cf35f6618924018eac8aafeaae4cf25866862d6d1d1a55cc1 |
| SHA512 | c6a5bbca33730a4a5561e46924b1164d695076f1c6438a246dedf607a9362cb7727d440da0afcbfcda90da91132b94a7156edb4c79c7546204debed50365f697 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6dbfc52b3c6a8501d6169dd93380bb5c |
| SHA1 | caa4b755c8d400c5cf7c3c457d3a39f80c015c35 |
| SHA256 | 90cd9f5bfcce7c6f495e1d89295f8d2298fb6912c3b7ef8432145b7327b822de |
| SHA512 | 1b5f8f66e3776f4eabc80479c6c1d385814457d9b2f28952adcc5fc3ca65c30eab9925481e85647e170cf48a46be0c5500ba2716349f5c3208abbc4731ed20c5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e
| MD5 | e51f388b62281af5b4a9193cce419941 |
| SHA1 | 364f3d737462b7fd063107fe2c580fdb9781a45a |
| SHA256 | 348404a68791474349e35bd7d1980abcbf06db85132286e45ad4f204d10b5f2c |
| SHA512 | 1755816c26d013d7b610bab515200b0f1f2bd2be0c4a8a099c3f8aff2d898882fd3bcf1163d0378916f4c5c24222df5dd7b18df0c8e5bf2a0ebef891215f148e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f
| MD5 | 357dbcf091aefc23129a7f7ef3653fb8 |
| SHA1 | 1ceb53402cbd188fb541d60f3d058039d140e791 |
| SHA256 | d2bd7c32ee6d99d6a81b86eeaf043803284a869004a7ddcf3296a1864211b3d2 |
| SHA512 | a2060de2b1d6e42d2158d34108cda4ff7d67135c943cac1b845d5aab853991c39dac89803be8791bb37ac485ccdd4f4de8e17853074dd6eb16c126e13d1bd3b4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dd274ea60e09342379714e42142c1f1f |
| SHA1 | 54644d13d21373cc19e8f4ef0ba3f661d5009f45 |
| SHA256 | bdeb050b488d9b40234e9ebafc134652558be07111a5c6fa8b2d3057d1a0f292 |
| SHA512 | eebdb7368db118217f6eb3d0291c0f9bd2ba67f75941619611ba66c430f3b54cae81490fefeb7a405ae9d5c5dcd5e2add03a48f8b882e30ede5d1db85d475f1e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7ad1e2d8ebb278ab799d2ecc25bd2563 |
| SHA1 | 5568cb6789f53b516dcbf6a5e6a8d225016ecc57 |
| SHA256 | 1b599693401f8b9a257c3e34c295e0542f96479c04ffb6cded5e2b14b37588a3 |
| SHA512 | 360a20d3f4707bc4c1813673b39b8c5ef00d251e71441e4d3dbb455cd6c771c645f87ac5d2cba293f9c18b5585b62deb6a88a3e4b9f0886fbcb988b3239a7bca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b5032b99df9c914645faeaa523946faf |
| SHA1 | 3f18a8bf736655e670921b28f2573f07611ff06e |
| SHA256 | 024f46d5026deddee4e9d42493fdb84e4d1bb5af210d2fc9394a4c9bee0d1ea8 |
| SHA512 | 0ee6a9d4d05a6f8cc2f019616164eabf53c19c47997eee0eebb3bae6d423c8fde41d40e094e93a7d593851bc9eef1ac7dfc68cc8400968361a1bc1167d168d63 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d56285188f5c1c0b9ba459b16e9498b3 |
| SHA1 | a505d82f2b2faf3160145a287d3ba44a3325cd8b |
| SHA256 | f0bd8c954f9bf8881f1591ffe1d964947a151ae89a9d4a286c0fe5c1ed62214a |
| SHA512 | e5628cc50147daaee62772253de3be0e47edadb28578b9754ddb88f710d4e598aafabdc199274fec63a1a352281a43cb827bd54824bfd67a4d9682aba747cdd0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 05a1088cdad96c81ae6b23a458af316d |
| SHA1 | 22b1df4030897bbc56080bc5681c5f35235336c0 |
| SHA256 | 4cf6f36b0e08f073070563ba183083f7fcb4499f878aeef4693f0717d824b53f |
| SHA512 | 0487d7c39732dbffac9b9de06f6027b1e3a20b3ec5ec0294f1270229fa125424f7fed89830a1a6daa427cfe5a9decf37c722cf4b07aafb1d0c069980d0f6f949 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 575bc76bcbdfabc8e38034bbcf8c82a8 |
| SHA1 | 8e7b748a9c5aeea84d5651f6fe06650432146a26 |
| SHA256 | f88dc9ad80790430e5e34eb79d8e447542fb8c5c8e71825da966201ae6336452 |
| SHA512 | b2e78cb41aa01d853eef8018d0b8e6ef61db891ba50e55df86e50ff2e95e7b486bd4a077ab8d2d0e057a0719fe48b93db81547de5255ba7bf0c2ecd0060b6c38 |
memory/2784-5582-0x0000000000400000-0x00000000010F3000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a363addd4f3aece79199601300134a9c |
| SHA1 | 3779ddfc65b3cd7d1f4bcd362fcee97a9c6c3de0 |
| SHA256 | db69442a8ae921267ca961597ac89c4aa06a9a557d14f0f04ad122b656d6f16b |
| SHA512 | d636bd715df09462738284d1bf2c433b6340dcad51b21fc39c276c7a3a6cf970a2ede5ce4f2850d5af21b685b72d46b54293e6addfb25e5c00c7708e1626e0d8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 2934fdfff380a7c6fdb54d2af296bd39 |
| SHA1 | 95e2223652e4b3f3d4dda44ea2d5c6e62fd4a5b1 |
| SHA256 | 25c2a7873be3a3b9248b3a0c5b9d929009376a54db5215efa3cb36e6e4d74a07 |
| SHA512 | 871c681497bf1f9b4e0ba4a265e50c620dc15685bb82993dddab5f8677da9b3347f3117f531df90558cf613de89bb5adf1f31910960eeeec7efb1b6bc58b201f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d845eed585eb9363754ddeb6b5f24083 |
| SHA1 | d7c4bf573cab9a8ec8ec81df3457d60ac1c0eba5 |
| SHA256 | 82eb2fde56cc99e0060f035e20f5b3659efca74621fee1082c743ff98d5bac12 |
| SHA512 | 0f082da27b127261e896d66ab25512f4c8a86da754f52f4899803b09a3f6b5d3f66a33e59ce6a7578054efadfb7d309e473eda2b5bcbeedec05ab120108e36a2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | f7675e6037bedc0b6734aa6dfdd5e9b4 |
| SHA1 | db34eb00be32b2482a147c586dabffafb4944d1d |
| SHA256 | 4516e50804be516900b0706ba4f3821dbffe030d2aa95a566f1165d8fbc5510e |
| SHA512 | cb08bc1bea90dd891a0ff74f560f413356bf74cbdc8219267a8c1cb99f80dc7b34e463268b6bc3c4d7c5b6ee51086e23e613f5f2e75f51b2532eb0aa4c956740 |
F:\e2acade7bf9a62aeaebc2f\NetFx451\netfx_Full_GDR_x86.msi
| MD5 | 813dbf717700ec79ce7586dc2fab7148 |
| SHA1 | 1d25ad52b0fc7c7fc269faddd4f826500e3569a9 |
| SHA256 | 6e96d285fd9412b5754644cc12c4eeb662d509e0926eb2254f8b57ad3a2d73ca |
| SHA512 | 90877d8a266d8928886fb481d66e88ab6b36c8edc9e415f8bebae345f72b144d5989965ea64446c7e847fffec7197518b44db097c2ba9bbc6d473afd0d11ecf0 |
C:\Users\Admin\AppData\Local\Temp\Setup_20240516_125559896.html
| MD5 | a6f75591371c7b0a847aa20987b78f1d |
| SHA1 | 9ebcbdae039511168cb46f6e5ed42c7ea40a3302 |
| SHA256 | 7d48a2d72eb777b1b0ae0df40e99580dd41a727b0e7d162226ed4b4982e7a340 |
| SHA512 | 61511b4d58408a0e8c0d03baee379c240361c4b5cc576b2c1ae0d635f7f15fef1a4967209df462625c0583c00de2a802d7389253942a68d6a4dbd6ebaa684fbe |
memory/920-6182-0x0000000074730000-0x0000000074810000-memory.dmp
memory/920-6185-0x0000000073EB0000-0x0000000073EB8000-memory.dmp
memory/920-6184-0x0000000073EC0000-0x0000000073F16000-memory.dmp
memory/920-6183-0x00000000746F0000-0x0000000074729000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2a625b9fda236d1f152d07c0cddb5a3f |
| SHA1 | 57e7d7d8967e1fb5e9ddab8f37310ff8dc67904c |
| SHA256 | de6eafbbb3a84c411f25d06cc12e9031289a44a93056db3494ca89ebdb87411d |
| SHA512 | 25807b92b35eb1d0a2dbda099d85e07cc7d2846d846a9d73c05e13ee27376db846ed306fd9639deabd3172d7b18b6e6335cc59cbb31ab22e3ecb947cfb3c4d91 |
memory/920-6329-0x0000000074730000-0x0000000074810000-memory.dmp
memory/920-6330-0x00000000746F0000-0x0000000074729000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 9dd9c84b8d8ea59b6c86b1ddd74f3631 |
| SHA1 | d8755aa6850574e2572ff0a84a8723a9853bcd8b |
| SHA256 | 8539a1435948c0cfe753aad870a964e25e5f5214f6460b9a5ae0097ef43cefbd |
| SHA512 | b2ce28c7b5c5a670c0261d805bb85e2276c1a7ca1275d5feabbd7b39e90723662bfa0f736c755a722069d64c3e95cfbebdb77dee755e76a7b94dfc9e6c3c8f75 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\3b3e4c0a-bfb6-46f5-95b7-74549d641890.tmp
| MD5 | c2c8ac5778d26a43cd00eb37244fa46f |
| SHA1 | 805c2c2c9ba21ef0cd1bae39160a2396474a92fa |
| SHA256 | e1fdd6116f7ce18509a6a16524478aa6e6c6a378505d66f265686fea672696a7 |
| SHA512 | 8e4b65209ffeb8c8cfc8d3a3a8bd05c0f71128b8353637d358057f2fe8109093469848b9c6a9c21d245a5b4b38da02f2b17da6c025c42f832eda179732ae1e4c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 55677ef5b0e8e26bad599a044617b151 |
| SHA1 | 48066ab895a4943143977af3d7a4acb9e732923b |
| SHA256 | 2842571c7b178efa6512f66dd338b7acaeaad408274ed6134cec5cd6a2ebafd0 |
| SHA512 | a6a5beade6688e185ff9161f8d85b6e61ed238f2fba8d4bd1106306d992c6779275082f65e79724f1d74582a3cb144ba3f8d04964751578876d0953391be3f25 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 11897f946af04285b87b8c922b54b57a |
| SHA1 | 11840af96e7b846a6493fa34685147ed32c9dc32 |
| SHA256 | 24e16074f54ec469127982d6d989cd824dd85b25a1d0955d3fbd85ae1fd6db0a |
| SHA512 | 63fc324b4fd85233ec9df25ed52d244e0d32d89db736d98d5dc1e1a3105236e92dcc803f486a3f2f92054227d04ebc01383f21d9b0b0b44c6e1668f5716c12bf |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I819HQXH\errorPageStrings[1]
| MD5 | e3e4a98353f119b80b323302f26b78fa |
| SHA1 | 20ee35a370cdd3a8a7d04b506410300fd0a6a864 |
| SHA256 | 9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66 |
| SHA512 | d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\httpErrorPagesScripts[1]
| MD5 | 3f57b781cb3ef114dd0b665151571b7b |
| SHA1 | ce6a63f996df3a1cccb81720e21204b825e0238c |
| SHA256 | 46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad |
| SHA512 | 8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa |
memory/1820-7500-0x0000000000400000-0x00000000004DE000-memory.dmp
C:\Users\Admin\Desktop\XWorm V5.2\._cache_XWormLoader 5.2 x32.exe
| MD5 | f3b2ec58b71ba6793adcc2729e2140b1 |
| SHA1 | d9e93a33ac617afe326421df4f05882a61e0a4f2 |
| SHA256 | 2d74eb709aea89a181cf8dfcc7e551978889f0d875401a2f1140487407bf18ae |
| SHA512 | 473edcaba9cb8044e28e30fc502a08a648359b3ed0deba85e559fe76b484fc8db0fc2375f746851623e30be33da035cec1d6038e1fcf4842a2afb6f9cd397495 |
memory/2160-7501-0x0000000001080000-0x00000000010A0000-memory.dmp
memory/2160-7502-0x00000000005C0000-0x0000000000602000-memory.dmp
memory/2160-7503-0x0000000000390000-0x00000000003B8000-memory.dmp
memory/2160-7504-0x0000000000440000-0x0000000000446000-memory.dmp
memory/2160-7505-0x0000000000FD0000-0x000000000102E000-memory.dmp
memory/2160-7506-0x00000000048B0000-0x0000000004906000-memory.dmp
memory/2160-7507-0x0000000000BC0000-0x0000000000BC6000-memory.dmp
memory/2160-7508-0x0000000000CD0000-0x0000000000CD6000-memory.dmp
memory/2160-7509-0x0000000001030000-0x000000000106C000-memory.dmp
memory/2160-7510-0x0000000000D50000-0x0000000000D6A000-memory.dmp
memory/2784-7525-0x0000000000400000-0x00000000010F3000-memory.dmp
memory/2336-7527-0x0000000000330000-0x0000000000F68000-memory.dmp
memory/2776-7526-0x0000000000400000-0x00000000010F3000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I819HQXH\dnserror[1]
| MD5 | 73c70b34b5f8f158d38a94b9d7766515 |
| SHA1 | e9eaa065bd6585a1b176e13615fd7e6ef96230a9 |
| SHA256 | 3ebd34328a4386b4eba1f3d5f1252e7bd13744a6918720735020b4689c13fcf4 |
| SHA512 | 927dcd4a8cfdeb0f970cb4ee3f059168b37e1e4e04733ed3356f77ca0448d2145e1abdd4f7ce1c6ca23c1e3676056894625b17987cc56c84c78e73f60e08fc0d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\NewErrorPageTemplate[1]
| MD5 | cdf81e591d9cbfb47a7f97a2bcdb70b9 |
| SHA1 | 8f12010dfaacdecad77b70a3e781c707cf328496 |
| SHA256 | 204d95c6fb161368c795bb63e538fe0b11f9e406494bb5758b3b0d60c5f651bd |
| SHA512 | 977dcc2c6488acaf0e5970cef1a7a72c9f9dc6bb82da54f057e0853c8e939e4ab01b163eb7a5058e093a8bc44ecad9d06880fdc883e67e28ac67fee4d070a4cc |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{CD530FA2-1383-11EF-A3F8-62949D229D16}.dat
| MD5 | dd56c6d36d151a1a6700f9d679b50ddc |
| SHA1 | efd16afca65e34394e16a0ec39e7bce8a6b66bab |
| SHA256 | baa12e820f533f651d3974bcdd072cbb27a422b8689c5acad56ca815e1595311 |
| SHA512 | 6311b3a1c1083a042b148b21df46cfb61fe5ca1b68e6c757831c4433ea0a4fa9aac7d4aedbbdd7c07a13ca9cb560aae9104cd0124cdbd306c79a6a0ace3c0046 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{CD530F9D-1383-11EF-A3F8-62949D229D16}.dat
| MD5 | 883cba510387bd1393f9de6535028cfb |
| SHA1 | 7cefd6834c61c92b34c27440b8663e7a5e8a8df0 |
| SHA256 | e7670823012a71b92d614138c940203662f718b7224769d9342b226d0e10e8a4 |
| SHA512 | d827977f8af3839587e27de105c647c9e459b2ea52da69605075e41e8d9f5f22f72f5e13a15b355a1a4a8d8692b9fe81db4ac303359849cff25bb9af8e253c63 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 39e40b362bdc1e121c6c6a234cf5a7d0 |
| SHA1 | e7d46c8386bad51ab8b775c828ece711ef320302 |
| SHA256 | e593936454d92cdc9ca94e2ab9a6ad6fcce1b336d57adeb62c2ab0a23a938192 |
| SHA512 | b4250429c50a73e4d72e6f54008bb29cdd7bdd016096d9de8e4a6ee79a9cc2b9b39125b004e5d588633510615724ca4a11a96d32b540433927acdbb58e26b8d1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000010.dbtmp
| MD5 | 60e3f691077715586b918375dd23c6b0 |
| SHA1 | 476d3eab15649c40c6aebfb6ac2366db50283d1b |
| SHA256 | e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee |
| SHA512 | d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000009.dbtmp
| MD5 | 979c29c2917bed63ccf520ece1d18cda |
| SHA1 | 65cd81cdce0be04c74222b54d0881d3fdfe4736c |
| SHA256 | b3524365a633ee6d1fa9953638d2867946c515218c497a5ec2dbef7dc44a7c53 |
| SHA512 | e38f694fd6ab9f678ae156528230d7a8bfb7b59a13b227f59f9c38ab5617db11ebb6be1276323a905d09c4066a3fe820cf58077ab48bf201f3c467a98516ee7a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\486b498c-584a-4be5-b93d-6ec85ea6cd13.tmp
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 419bd23263e5dc888c250465a35ae0b6 |
| SHA1 | cbcf62f73ab7c460b3db950e5b1b151e9a7f57f3 |
| SHA256 | e41e24c31978fce4e9a7868b025999d9747f8a03818efa7d6cd33e3f185de4ef |
| SHA512 | ec03cf4f2c47534f1ca0ad5d12b46bf0c603a1e1fce2437591a383898963eee7cb3ad5eefe4e4623eabc92e91d41f089ea4504e89b022b3c4f75b23db3e5969b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6bed150b1f2cf44ba622ebee7de623af |
| SHA1 | b0b3b867b25c13b761bc7aef46032417f6898762 |
| SHA256 | b1e136f325be80b4b448bb1b9466b554a24a70b1b4940a7461897ae72a5cd43a |
| SHA512 | c7811cc1daf2d4c29946e7695fee52c5ea350ff20acbb3208962e538a48692d884e03066b9053a364158d62c5aad50ea9e91a192a0141bf6302cd4b6fc23d670 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f4e2e88fc670f28e98f7cdd4f2e707a2 |
| SHA1 | ffe5268dcaa6e85986afeb7de0c1e0ad82b6085c |
| SHA256 | 5f3b3d87f024e5de391c5a8795d3fecd2ccff078fa6e2465f716325fc8926752 |
| SHA512 | ad534aadfa51b696512ba6ec10778490cefd84c5a213346fcd54fcc754f6ec647053cc2cc92a883a041912bb9a578ce1fe97b095cfb0b25da47fb84c0a5ced4c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 94546f351cf95e13ed163b1e3377ef5b |
| SHA1 | 4c775efa5ab372214b601bd6ee0af844071eb69f |
| SHA256 | ef416bd03216a1182eab1f3a57211d01d2f9b740a9967b8ec99e8e0eb6b69d44 |
| SHA512 | a5c387e131268b609d4a50d1257049d304023ce916b7c6b781e63cc440d42fb8551ff5ad415303c7a201bf3c2bcd5f86d2f5fb2ccebec67eecacd3ee5f53d281 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 28d39bb3bfcc764ccdd89a7185f07319 |
| SHA1 | 4aafd8086a7e32793f1067606a18427573e9114b |
| SHA256 | 1bd3ee5e0a6bf12432062f3d630be0afc6bed8424014351d9cc8cffbbaac4cca |
| SHA512 | 99a74f3952d6823ff4f37b95096d585fd81ad62305e5b030d630f2e679fdd610fad3833aad09af449c1942c6102e78ea7983d85def6dd8b402fa08fb06080472 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1de34741dc074d608edda60d1ad61927 |
| SHA1 | 2fecf12f9778ba83d3976e56ea91cfebb2048cf5 |
| SHA256 | 7a3830b3803c43fc100483358de1118f6168951de1b40195cf21cf9e17584195 |
| SHA512 | 277d6f89c7e45f6717883490a96da16a8df9dd5d087ac18f8070c24a9d8ca08b6d5d10428c9d84f22e21d9ea90e5989fb0af13f0da49cd66a7bc2e2d53200eb1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1fc7be7e2f4751ca9f1ffc5e1cf2eb97 |
| SHA1 | 1fc9dddc2673923788f8eb9d41b4f765af2d32d3 |
| SHA256 | 1dfcb98faee8c392e434649439716e80e2d29961e7be1a3099c7e661fd65a603 |
| SHA512 | 6e9b7d52fd71a42e30fbaa4cb3e64e999816bfba709547ba2bccbc577c68eaa4c6f1bcb0dd46540082f2d14c92e65ff1799212670b2f611f8ce6824a0514148c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 21a306ba577c119fb12c4ca6d2029acb |
| SHA1 | 079a9eb8061e261e58ac208530b343dce488a372 |
| SHA256 | 3ab5c3ba2d0a817c7a633fa680f00d606dfeebfd8f238bb369538aacc825881c |
| SHA512 | 430ceb2961d221acf5aaa3852666972395df186054836bdc925df27f41de9e272ce7e22d9a2f1637e255dccec66e7dca985a9a70798a1262e00e3132c2c2c111 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 584365d60957dc33dc16a7b21b8dd242 |
| SHA1 | a88b0cf8ab758a77094255e23fa5073a5a83cf62 |
| SHA256 | 4a0b488e18bf16b00fe37fa00506e44caa1cffa7a1740d748da7514b728793ed |
| SHA512 | 4f234e566e3956c7434b6713280f0d9b5e7893dab3bf9c8d4d2233d944b96dde358087cfd98d8115badc0903515b3d54e0ce2aa38f2d10a4c6c812f45273da41 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b8e85e2ddd78503d387603ad4d329fbe |
| SHA1 | c49a1838f133f8543df02de6cea7fdf07396fbfb |
| SHA256 | 99770ae1f9a1d0ad6d3787af0392fc04bac4e8ef31b8b7c072a17c3169a31141 |
| SHA512 | acb56e25e1338e1feffc1262f1dc071fdcaa323feaddb06d097fa068afdb4d97e955fdb234e0081deadd3dc6c929e5dcc26154a9eb311cf7069f3bfe73295e56 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 96d9311ffc4e777ce9e180afd75277a3 |
| SHA1 | f7ec55e4e697ab67a8a9565d224fb3032bda7757 |
| SHA256 | 43bde6760cfb7e696b4a4d340498ebe87cde7b1fd1e7e9c7a5a6d72c6ee045d2 |
| SHA512 | 79308c0a4b40ae9d9b0285a7c361331ac5b8d1e269de76a3cebdf32d3567c040f99fc8d0c97ac6156da5a7447fa87ff11f1d5ffa186e6c44cbaa54b7d10e9030 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\610df0f7-03e5-4340-bd6f-71b7b7090ea2.tmp
| MD5 | 88db35fafc1480155418c9e66f872b48 |
| SHA1 | 87e402131dbfa0865b48b5d2b5660ec1e46252c0 |
| SHA256 | 851b0f3be4f9246a8d64fd2fe62a8eebe8f86b595ecd51d261cd4d3682de508f |
| SHA512 | e9efd42d35b54b3ca066f8281199c2ac1db701f70cc8d941e4282d9cfbdaffd625e44bbc899a753ef12ee01eb22efe370ccd39f5159cff2bc7181e068f60b3ed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 62b444b55bfd0d370e6b84083270a79c |
| SHA1 | 6bd7c3b57787ff902638092a2e9f4f281f072a21 |
| SHA256 | 3fd45e0c731e996e7c7ec39b108375049e0c69fed6d228c00453a80ff7bee2a9 |
| SHA512 | 474b5eb8ae98dc37abb0b76a8854485b2c79949e88ef9ce750ee30e9f96bf9e7f199026672cb2d18fc357a3104055e6d30a14b9a408142fb08c40674da2fd05b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 28301b2ca41c9cc0429990c346024c98 |
| SHA1 | 6b337104deacf50554b6ceca747b7038a1fdf6ec |
| SHA256 | f376a3fab5755b73200da6fd4a31487c6f374e87984af06268af0a89cb92dc31 |
| SHA512 | 0958b1ab082c188de9f94d868ee79c8d598c0489d684ad9f2f60fa1f63b8cf180e6c56dd01eb2af426e09edd13a25d4ad2f14eeb82e93a8fda503c25e817fec2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\datareporting\glean\pending_pings\29028105-8954-4345-8617-8e48b737f6f5
| MD5 | 91e12bc7777682fb862212f0579328a6 |
| SHA1 | a04dbe5bc79841733d996d46c5804c343208d86e |
| SHA256 | 9b8fe255c0ebd3b83018c5f7c64530f73092181ecdf498f0d0f58d9116c1ddb6 |
| SHA512 | f7c39090f1075219bf66da43d533c1b8db85e9b7aec4a973a88ec4efec568e49346ad53e7429210d31ff589ff72c989e1629a63d8c4df6c52627d5dd9175c9cd |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 5d8cf1ed6ae33312828f23ef6f493b47 |
| SHA1 | 1c981a34d90d3c48e55f76d5a02e8e64a1d56442 |
| SHA256 | bc875ece1ccc9bad9d9ff66507b16b6fb380d2e44969dc4d37629ee1809a7752 |
| SHA512 | 3d89645c18b3daf03fd47ab25a5fc2a5d560ab781e7b0c69539de4af4d25e265df90456e7562acb5df4441a42b00ce3c49b9fc54e51b3a9fa522de4470329ebb |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 7ffbae22bf074950898752fab7707a70 |
| SHA1 | 8877d0089b811e696bfab0cba0af925ee06357e4 |
| SHA256 | 0c37709a03b99b7accad294333ddcb15c88b3cd03cfa7019c1c7c8ae5359924d |
| SHA512 | a3728f78d0fb2ee8b8e277db4ea2d1828831acb91c401dbf1eedf0de7e1888a5bb66b2896e592ecf2fdc893731ab3e883b38a5f20f1e82bad6704a72add7fb22 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\datareporting\glean\pending_pings\7f7cd13c-d921-4b9d-aae0-ed9c18a0d079
| MD5 | 1c9d1b7709df0ae311bfc9d2159cef61 |
| SHA1 | 37c8fb910fa86cb560833bf1fa2933d64cc7a22f |
| SHA256 | 44b078bb54362967e53007129c54d3c7a348f2ec1d2b4630a1d750578e132e7e |
| SHA512 | f1b247b672e81122226c95692cdaaaa36430911d6c8478f3174b4943ccbf43b3813a12151d57b21d14ebd2e31e25e6e3eff2a1a4b7f124704abc6e337201df93 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 04ef1fbf6f5acdd6ea716e82563d71b9 |
| SHA1 | dfb9ee5ed051ab2896f7a5514e2ce6f4808e5e1a |
| SHA256 | f854d8ba11d92529cbd1031923c067bf163436db8700c2db3a780f9ca3b32fe7 |
| SHA512 | 24af5809e5d5e5c77436a8f7c4ad15e1ee1d7db6ac9a70c042f76065033566410c7ee70d812f19dbfc8c07dbda9a70c6d879c84fc8a17484e0230fd1be66bef6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\prefs-1.js
| MD5 | 4059ac1bb04e95905070a1ac8600a6be |
| SHA1 | 5c02b34de5d28e4fa4d42cd2c4de9d9249f07b25 |
| SHA256 | 73cdf20eae39d91ee9369beb3843a14d4104d536ec69eebf35a9e566bd759215 |
| SHA512 | 57c1911fd52bec7932ee5d7d4700800e69fdd86d550c453620b4df97c02d2242c0c4fef35d00480573b3bb4c08a38f78e9a7f0a5a40b0599ba1634b826b88250 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xkoyglns.default-release\cache2\entries\E00BECD303B77CED95A357A7A1E4C8D69B473C88
| MD5 | f01fd013673bd4c3d474ae0a11115a50 |
| SHA1 | 8e9c80520eccb0460abc56c1452262533b3f0d93 |
| SHA256 | 787057a67b45a7f9cc61f194bb73fb13b8295fbaf2f47e12af3b53eb84de00f8 |
| SHA512 | 66aa51d796e80861d223d05b5a43700b27453dbb9817d57257d0afbb064d24d1a0d581e83b404de274a84ac079c7abf6069acf0a251e1c2d7649494908a60b23 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | a7d9bf663348fa26ced08eb659371bee |
| SHA1 | 43cd0f5b0e9dc4654043fd025e68bd8852f3e8d8 |
| SHA256 | 7dfa61dc765156fe07eaa58de04c358ceb31050b58e6f39a43b79a7389888856 |
| SHA512 | 0ac93f77d139cfd56fe9e631684ae840b8880bee7a2442719bc5e03987e8a78809545a5c8047867cdb858d80e0254d58cb4b8636f24964f4d43468c8fda2c0c4 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xkoyglns.default-release\cache2\doomed\11769
| MD5 | 24cdfd5bb8849be24dc01c4a251fd40d |
| SHA1 | 0aab0036d4bf532174bf52305e7618c45a4e9c90 |
| SHA256 | 6fb4c8559798f6b4d3dead02a3b2c1c691c7295af46860869d031bf34ca0c99e |
| SHA512 | c05d1c04e910a583ef932b69ffe7903f0c1632aeacd7579cd3a0de18236ac370a07f15673e66197377b58d9ea409c1fe2cd6e94e297817f5d11160e720b9e0e8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\prefs-1.js
| MD5 | da47374545d269f5659ebd6f432147b4 |
| SHA1 | 4119d45d5e257de0182a67db6d539b1876aeefe3 |
| SHA256 | e283b8498d0e5dc92f4ce3becbb76344bdedc263fe3882298fb45dd1e1df4eb8 |
| SHA512 | b1217d51cb0271332835cc75167439ccaea869029a4b1a95dbd0502b3fc6eee20dfe860c738d67904742a0ebaee7ffc26322cd08b99864f39a736e368b9ed37b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 503c00188fd440de28152cc353dafddc |
| SHA1 | 65ec03fdffc6fc46c97669a7cc3f780bdbf2c93a |
| SHA256 | d742e6b9fc728ff835d07b78070d5276f3beaad0ce0ec3a3a7624e23ba88c494 |
| SHA512 | 3301d2fd13517e32eca00dd82b7de011d8c4f94bc8f0c50b3c7824d78d3db2be93b20fc2bd36e18fed0bba65ba21872c8260cb8b7ac9ae3314fd99793ddac8c0 |
C:\Users\Admin\Downloads\Skype-8.J8GheoWK.119.0.201.exe.part
| MD5 | 3a320e4fb052ca866bb8a8406e1414f1 |
| SHA1 | 336de51ef08e5eb6c20616e2ab72eb6144210b18 |
| SHA256 | 484611f3411959560fc61b28bd5765ebf0d8374cbfe22fb8b5200a3b9203d0d3 |
| SHA512 | 8fa388c886b9f0a102d17b1da28353a804ac6e79cd9868da701122f78f48b49a1ee5174cbd84c9e46dc5480053b6e70fa02aef44062fd4d8f7e64745ac4d340f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | e871482c6b26fe5b18a4ba54e55b952d |
| SHA1 | fe9ef4f8fb20b19fc07c7e1c6c230dc956e56c10 |
| SHA256 | cd066e6c043ea41c67661d5ca8658a694919acafe60bdd99d49ac96193cba4bc |
| SHA512 | 36b5888b3935d71bd19134d5631e0528f5f2650bd348863e8852a8916f80fb977290683a3f3a3df39cc51d6721deff53abf98969817a4edfd54e071c9e69bda7 |
C:\Program Files (x86)\Microsoft\Skype for Desktop\unins000.exe
| MD5 | d836f5abb87998795edd2a9ffed410d9 |
| SHA1 | 201ea1c596a8e9b5da43f731faf740a9794d529f |
| SHA256 | 1b812058d6b590ebd881da15ef4a3eaf22aed5f213c56c1768a5c74132b5e61b |
| SHA512 | ed54aeaf665e2652fba30a4c886965a412019a4a1de99b09c03bd93b75f86c0f788a3f08b94ced40f0da7979f717ebaf6e1a7512025a86dd20ff316a756b6312 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xkoyglns.default-release\cache2\doomed\18999
| MD5 | 3e1c02f2a0c761bf753d1ee4b600937a |
| SHA1 | 1c7c2d6712f05dbfbe8a871292d684b504dee02f |
| SHA256 | f2bcae7693c15a68782039f143290a6e578b39b16b79a03a79b38c5ac8c26b55 |
| SHA512 | 2f1e0f6891a0019629df2eac02cc83da1b0f1fee7a20fc502511e52332c8021573d0cf8955d6845eea5796d7a3dac85a7270415d509a34cd4a428938204fedc5 |
C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\CURRENT~RFf7fffa3.TMP
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | ccb3afb3fe5f3373bc1a688bf81c8cd6 |
| SHA1 | 041088e7212d8be57ba76d61939b31317923ed99 |
| SHA256 | 8f6eb7d3ecbbc2acf0c716b1518543b9fdc4821f8f25e9563edc08ec1869134e |
| SHA512 | 86eba40203508ad14fcb44641cc71588b65fb86d56d83ac87be51b55ec4e3a5514e7848ab1d99f60c1d1121e91684b9f83f1a7c3e5bd19737caa80ed39b1004d |
C:\Users\Admin\Downloads\avast_one_free_antivirus(1).exe
| MD5 | c487f2f11e5d103d206aa262011d62d4 |
| SHA1 | 818a86f045ca03dc822ada16d66ff7bc00ce6702 |
| SHA256 | da3b44c7f86e36dc8eedf2ccbe9b3f3426431d5fd38f01c19af392faabc6f97f |
| SHA512 | 7bc66f1ea5ba49372857721d8752e8260bba26c9816ac52d056dbe07f2f6df654055973ede9686fa75111b30d2d2d4e53d8527378bb13e8301b787da13648dff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bb494a5acc52a7b5e3bafc64f7c34ee8 |
| SHA1 | ceb69bf2e11141765244ce00c3152e2842496ca3 |
| SHA256 | f7d428b8a7670ee6aad14c0b7071ed09db4d7b0b9e6a6970f7f57dbd1ff8d6c5 |
| SHA512 | 6cbcf9d47c691362b27318cbb78a2647100b458761e119d594eeba7e46559bb96fc289d0726e316be770a9370e610bf933fe2791a6c84488fcc2175d190469f7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e3068b6cbdd80c73eb1aa83cb960fede |
| SHA1 | 4c67608ddbe5419b0a081aad16efc2a57c3c0020 |
| SHA256 | f5c7c0b5508249a3ac637b4bfbb106c7f3dc748a5fd79a2a41040b44e6a3c422 |
| SHA512 | 959e1bdbb4ad3b33562132efa189d2605c332cc7d00719d93fbf85cbba550af0726e30e7efa49d3ebf9dc96ff1becc62c008e33d7c5207dbadb68f436fc48fe1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4965833be7a4a97b63ffe0f821d65f87 |
| SHA1 | 911f34e96f758789068aaeff55f7bdfdd6c3a087 |
| SHA256 | fdbe704c655e5c4640c4c09102605499a8c26ca6fd8cf893902e286f870af49f |
| SHA512 | 1775725e536f856b4360e163e0d0f54151ad9cb04bf337c6d5cb5547e377453c00d8e6b3790b91b8ac69558352a6b07fa90c7a1b267827741dd79541f9d27ee6 |
C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop\Partitions\88f46675-7bb9-4af5-89a3-2d6b1fdb9879\Local Storage\leveldb\000002.dbtmp
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop\Partitions\88f46675-7bb9-4af5-89a3-2d6b1fdb9879\Cache\Cache_Data\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop\Partitions\88f46675-7bb9-4af5-89a3-2d6b1fdb9879\GPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop\Dictionaries\en-US-10-1.bdic
| MD5 | 4604e676a0a7d18770853919e24ec465 |
| SHA1 | 415ef3b2ca0851e00ebaf0d6c9f6213c561ac98f |
| SHA256 | a075b01d9b015c616511a9e87da77da3d9881621db32f584e4606ddabf1c1100 |
| SHA512 | 3d89c21f20772a8bebdb70b29c42fca2f6bffcda49dff9d5644f3f3910b7c710a5c20154a7af5134c9c7a8624a1251b5e56ced9351d87463f31bed8188eb0774 |
C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop\Partitions\88f46675-7bb9-4af5-89a3-2d6b1fdb9879\GPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop\Partitions\88f46675-7bb9-4af5-89a3-2d6b1fdb9879\Session Storage\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
memory/4544-10338-0x0000000000A90000-0x00000000016C8000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 2898ef651bbbd91e9073c5003497dbaa |
| SHA1 | 2b112a995152d42d8fdbcda4f7a63565d98f2961 |
| SHA256 | 8f5e1d36fcf6f1f913ee44b67bdd30469aeab06ebcbde7ab92618b1b1f115d46 |
| SHA512 | 1432fe2fc7e1707bd7fab4a6cf5a061b308b2617422e85a7443565c49b2d0cb95e43e53ef6335cfcd189cd9ee845bba2337d25135cbf86dc92cea4f1ac747586 |
C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop\Partitions\88f46675-7bb9-4af5-89a3-2d6b1fdb9879\Network\TransportSecurity
| MD5 | b19e002a194276541fe5243064b7ada5 |
| SHA1 | e9bea14c4b1327a448c3a34e7687e162d6d4d979 |
| SHA256 | 211a14782858c390874d2dc723912003d06242f314addbf647e0f58645419e1e |
| SHA512 | 0184263f78ae02c6efe1198f2dfbc20c550904f0ae8e5df17dce2c663c3de69859a0b7991426d317a76e20a929504db11ee1e2375e43d45e5a51046329cea28d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\sessionstore.jsonlz4
| MD5 | c9a3a5f2199820b9d0efc35cf8dcf337 |
| SHA1 | 951e60fc4949a26f48435c5d031001b574ab8b1a |
| SHA256 | 273681632507e82d4b4b02867e84c1c274b7b8448ca16d78f675fde34a368bae |
| SHA512 | bcdd2a91efe5c4c8a85e389b41ca11482e30ff687c075781fd563da24b0b4d83cc77c4479f902f8f31a4f8cd0e9bd6ce570c3f993e63089af59e3dc8701b2cde |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\prefs-1.js
| MD5 | 645e076cb32305b303697d32cc76b250 |
| SHA1 | ce61852f8d9f85056946f259ae5aed0dbc3f8698 |
| SHA256 | db39dc250931b8fab84940c56eaa499cf032b647302620e771ee927ae440304f |
| SHA512 | d945b32bb375c4239d3708763c4512bc47720019c9731898bde532ab1bfca8b528a2b506662698379473d42a8d772d96eebdbe08fe152d3c24792d1cd8474c14 |
C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop\Partitions\88f46675-7bb9-4af5-89a3-2d6b1fdb9879\Code Cache\js\index-dir\the-real-index
| MD5 | 29d3e2afb8a370e6458db67eea5d095e |
| SHA1 | 3796c732f8eb219d3ba0f14df87c510b545c26bf |
| SHA256 | 22a4c3d8411b6e41ba523663fc1aefc8eaf29e21f21d4bb94e2bec447551862c |
| SHA512 | 748b4f38debaaae8b5e2d8cc16d5b6a05b54538c63d229edfaa98e302cb1bb9974eeb50c70d63a945c3c1395c6d6ee4e79a9cae998af53ca171cf361ebb22b2c |
C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop\Network\Network Persistent State
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d38dcce895f68d0f9c3c8a9f1f437619 |
| SHA1 | 7206caa55c27896cbecca00f41de5b7fb4a9f75a |
| SHA256 | b74a0e03b318440d2bae60e33b73a2f32465bb8105c0dfae35b7370df6b951bf |
| SHA512 | 4809e636a6bb132b7c04b67844d8e70d30e0dc25c437c60a9b98d85622b8c949de2db888e1a0b780be767f245f42820e0546d6d869f05677429fded9b9638cf1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3f2b239d57623718270da5e4fd29b8c9 |
| SHA1 | fd13eafcedff316056087dba497d4a7a06c7e50e |
| SHA256 | acc04a4359b9342cbdcfb2855eb9af2af96dc093f7140b63c62e509e57ffd9c2 |
| SHA512 | 5311dd3aff099d9764f61b9ea5c4ca75d5a0ea4ec0766548c24f268f92d4980bc30dd90b8b33acfddaa9af51d046d5437a1d27093371151167f2c13469e1af19 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 694794beb10e9b3c95afbff5f98e43f8 |
| SHA1 | aee7b441e93b9ddbd1fea4aa90ed698ed71a4e97 |
| SHA256 | e2d5eacfc0cc09973e6057cc844bc66b7d077e7d525938a962145105cf1eca44 |
| SHA512 | 13c70780bde0e416c84adb8654dc53c14b5696aa7c206de54c7231703892db46b4d6f58768f2d3c4a80848e3ab3c83b6c4eecc54d536773baa0a423577f7a306 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2981877940b9e6e525802faa2f46fe3b |
| SHA1 | abbc2a4ce442ccfeff559c2703f5d0e98171a4b8 |
| SHA256 | 757e6d5a31ee65feee2527ba0b7712ef78c406adaec635e1c78d920ef5091645 |
| SHA512 | d52d723d4e8a810b4a4c2ebc62b02f2132826d1decb8af7cc37b431580902742b965c094625f2e2ae47ccb5eda21e98c131601679c6bf8670ec200093279993e |
C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop\Network\TransportSecurity
| MD5 | 8e7385d3867b065f427bd0c85fef6da5 |
| SHA1 | 4fbcdb4a697c9cba0c81d3b6644896162236ba3a |
| SHA256 | e5504efc0d92884bc884f39f198c55b2fb3eafcdb8b753d5b1e4b1350cf14fcb |
| SHA512 | 1eae973da3c51a3fb668a399cc32464840f1c191c800aafa337eb221ffad0ddb2ba394ee94a4fd60a42c0b9fdb2e2766c740dac2ecf3fd7667e2938a3f979ddb |
C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop\Partitions\88f46675-7bb9-4af5-89a3-2d6b1fdb9879\Network\Network Persistent State
| MD5 | 00ae66ec18564d2943739a64e6ef0eb2 |
| SHA1 | cca911e269b14e5568d6a41619772b75e25dfaf9 |
| SHA256 | 929c0f4285a5557225cf1fb5a8ca79c310c0e02194a0e15a220e7ea0f35905ff |
| SHA512 | df3415a2f6a14b7577530a0270d03746bce27b9731d80a8098fee3fc8c0e01ae873d2f3dcde4f637fbacadf54056267a263fe78f7c35cc0b2588befbd633b0a8 |
C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop\Network\TransportSecurity
| MD5 | 78f94a306827b7494bade7270d330fc8 |
| SHA1 | f71ff4353b04736f8193ae5966e03ec5a72fa122 |
| SHA256 | a0c746123bf60c3183c2561c22f0a58c343de8f5f644eab2d5ca4918ff9530d5 |
| SHA512 | c392bf301e9dc054eaef5992ade2596c08ef2b6606d47c4166182f3379b67cb32e676e053c706a7891d0edcd4252efc388c215bc0ed1e4a26a3a9a86733c7007 |
C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop\Network\Network Persistent State
| MD5 | 63c6f2feffd240c5dcabbb13e5880d27 |
| SHA1 | 876a1c57696510f7cedd10310ae48d3a49350234 |
| SHA256 | fc5cbaa9abc3978dfab1bd1d3d9bf6fe9cd8dcc1b9c4219d5ad97ea9c389013f |
| SHA512 | 7dc4e2f67df9be8f6ecc6236d8ba8bef56b0ed09bd7f3d5949ab01d547b782a8be68a38979a89a6b579b40591b7d848ae2d7862bcb754c87c83ef7be83ee9a8d |
C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop\Network\Network Persistent State
| MD5 | d995aa413577e4343d8389abf100dd48 |
| SHA1 | 98aab67cfbb7696315376e6a41827811977aaa86 |
| SHA256 | 4cab61de1839fd18fecd6360986df875dfb2f074f63a7a6fc3d08b4d722f380e |
| SHA512 | 765b7db4861b0a5fecbb8f6bcacd3447cb33005e3c6a97ea0b080c176721dc7b82cbd690967c918075baa6957558166af8cef497d2be8638a644f9bbade72629 |
C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop\Network\TransportSecurity
| MD5 | e46400ab37b2907d1ac3f95274a19ee0 |
| SHA1 | 068f0b5be586bb302276d158967be99dbfb8a788 |
| SHA256 | 5314d59f5c5775b84180e4b0c7b4c5541e4418a8d0d28d60ebba8df237dab747 |
| SHA512 | c79aed576cb4a6bed39617c53f98b7185d3a23dc469e667326e8c1eba0f100ccd1465aa3c4c96df68769e3a6d5a21281e75221f4e1f2d2e598fd03179c9ae400 |
C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop\Network\Network Persistent State
| MD5 | be79520942081f3d0e2384b0a8a0d59e |
| SHA1 | 946466f0ae5fade97a26155fe12d3397a6b5deec |
| SHA256 | 4765c897c0896a8a2615065c60261d58b2b9d13254d688330331436f52808283 |
| SHA512 | ed706df9ba28e6b0971cde8175a3dc01d75ea0b55219f93152a5501f4183c9a3627730e16ffce3c8f534b1cfdb903df705e8616f3c17f8facde3c2ab71df0144 |
C:\Users\Admin\AppData\Roaming\Microsoft\Skype for Desktop\Network\TransportSecurity
| MD5 | 9e337cabb9fcf04b180832e4997363b6 |
| SHA1 | 0dec61b405ad87feac9f8cabaf7bc897a89874a9 |
| SHA256 | 379eb81ee94aa70efa5278852188292a46592db530e12f4d016fe178c35efde4 |
| SHA512 | dccaa4440c3d7357a5d2fffcf01e4d4957f9cc0f1a2cfe1f518543552c7a40287980d623b68e3b00b793749cc3dd2e90a0c19ce612466fc214347f31bad935c5 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-16 12:47
Reported
2024-05-16 12:53
Platform
win10v2004-20240508-en
Max time kernel
300s
Max time network
303s
Command Line
Signatures
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133603373611398499" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2.rar"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ffa28e2ab58,0x7ffa28e2ab68,0x7ffa28e2ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=1940,i,8037069594501379051,4108914333903679369,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1940,i,8037069594501379051,4108914333903679369,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2280 --field-trial-handle=1940,i,8037069594501379051,4108914333903679369,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1940,i,8037069594501379051,4108914333903679369,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3084 --field-trial-handle=1940,i,8037069594501379051,4108914333903679369,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4316 --field-trial-handle=1940,i,8037069594501379051,4108914333903679369,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4496 --field-trial-handle=1940,i,8037069594501379051,4108914333903679369,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4604 --field-trial-handle=1940,i,8037069594501379051,4108914333903679369,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4920 --field-trial-handle=1940,i,8037069594501379051,4108914333903679369,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4996 --field-trial-handle=1940,i,8037069594501379051,4108914333903679369,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 --field-trial-handle=1940,i,8037069594501379051,4108914333903679369,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 --field-trial-handle=1940,i,8037069594501379051,4108914333903679369,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 --field-trial-handle=1940,i,8037069594501379051,4108914333903679369,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4672 --field-trial-handle=1940,i,8037069594501379051,4108914333903679369,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1124 --field-trial-handle=1940,i,8037069594501379051,4108914333903679369,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| BE | 88.221.83.234:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 83.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| FR | 216.58.213.78:443 | clients2.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| FR | 216.58.213.78:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 78.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 6fdca6923f373841b5bca8f2d5e5c140 |
| SHA1 | dea637b536852f39f2eb31103366998435433ab0 |
| SHA256 | af875e4d6259a0be519e21dba275626808e5bf8833ea004531e5ba8dc1795ea2 |
| SHA512 | 63f8ae9de0bbf1845bd92e21778ee3b8fc795c78031342ec019e7bff2232370d1b4ca0f8e3ec16373bb81a430a88e3432793820a247c6f3b7e71dc0ac703977d |
\??\pipe\crashpad_2072_TUKJNVYPTXIXXYYJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 6ea63619eb42b7406244cbcd8a72cfd6 |
| SHA1 | 9d75d8b91b696890edbeebdc8048c05d716a2463 |
| SHA256 | 16bb67bce9151143aa0ce6828e46137b94969e5a0481f446bda8153ea35206c5 |
| SHA512 | 2e3b54ab06752fca872cd5df61d35373c86bc56b1ddc58fbe1611fabffb98171ea244d7c3968448af0f5a38fd4bdd86607f888267245ae02cab7f5f08d3a0677 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c53ba1e5a3c9fc2e7779544cc6a541a8 |
| SHA1 | 1f9e2785328863d9610eb463937eedc837940652 |
| SHA256 | b719cd306f6052a06c9a45fbdfc8f33cc8c5d136551f1302f9ab424de620553a |
| SHA512 | a1890f85850bd2573cdda172d8319042039e5181a47f21c289b952562a6ef702e9373b41cf6c0833e6f4313efd14d6c864548a53bacb76770a19bbca11d44c05 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | fe51961a076666c4806a8c70320c9013 |
| SHA1 | ade1678ab2ac7920381c2a6fd715f05823435724 |
| SHA256 | 55e3fdbe743de9012712650efcb37fb623e77d486f6fd8018f81254b6d694437 |
| SHA512 | 68b20facd34dc61e1d643fc4f238875488756b066787a98bb9ee7c31e0c3f3d6b6dea15759dc24010ccba3c21f3599cd858d5fb5cd7dfbfed085d9f58efe1b54 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 73bf97c1f6f627d997e639bd7b02c55f |
| SHA1 | c7503289e9566e54e97c6625dd28ee1e46471ca3 |
| SHA256 | 06cefa67e8b29c96967fb602e1e8aae068af4e39ad118d26c40ed6473d2d0f24 |
| SHA512 | 3a24611549007e1a86a64b5540f9bb3444e28e73e327b10d6ec58b4e919b0f813401865604582eee55d7c388e8aa35ff566b32800fb483d644bf52c3bb26e8df |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | a894a30057edd785c6f0607dbf5fad0c |
| SHA1 | 2a44033b7fc7936d29c8e116e046b83ee32f1f85 |
| SHA256 | 36ea242af958fdda3f82e1c73058795c34c85dd6fbf016e44e7b131bf54786aa |
| SHA512 | 16bf52287986cff9a0483d489aaa0dded275c9c7f6a5af80b47ede0930cc2ffa428bd642e873c2f0f9f8c392db9ac25d331a7ee7fabc17b11e894bbc1929c47c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58fa59.TMP
| MD5 | 9db56ef3c71c580fe4f3fa8efb7252be |
| SHA1 | 54f1dc91ed82af11ef03cf4186b415e6827408c4 |
| SHA256 | a824324847d7cda8fd40d9f11cdc7381fd5e988ee75b130513b8b6554ff38e2d |
| SHA512 | 944791e14f56a1a5c6cb6deac625a611543ee77e9dee3a5cd2820f33c73cf58f778d1bdb0709530517a7e0be97ed8000fba1e5676a6856c54b6909ddf359f9a5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b02eb2534326fbe7ac2ad24993596a98 |
| SHA1 | f2d2eea376180cdb7451697674a145061b0c3e3d |
| SHA256 | 7b78cf49678fd95d632e56fcc10d40307634e43fe0891461c76cc29c353fae1f |
| SHA512 | 34c20dc54e454bd131adbc4cd6c401151085be8c94f2466cf040fc167c602bcd0d084a9bd0589cb04cfa06d773824b255143971483566855647aeceacf57aa5b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 44bacc472db2a183f87c9f0bf86e1f3d |
| SHA1 | b985220129db28b7d6ad62e1cc87a1216910ef0b |
| SHA256 | 62618c30bf5e10ede61a5244f26e70983ff643b4a8db404fc74217a0d2cfe390 |
| SHA512 | f106ca330f24a6ebd8ddd05ecd06b6d3d67922d12b7a7ad45c76301ef18ef31e33aae6a65f081262a8ff58ab0ef065092d2730945ea0a0562e8fca954e891aaf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d297749d7866e1d812bfbac8643ec50a |
| SHA1 | 1649571b7750cadaa6dcc1dbffeb1cc51afd7a3c |
| SHA256 | 30903d81ad7b29c2dd31eceb4e61e1c8099872251fbba494735cc962b11671e8 |
| SHA512 | cb8d3c7d8ad9570806a7c749f377cf770f8102c6c75966552f25d40842ca18f2bb1ae9b024b52858f917a9bde465f7316432197c312102d3f112c1aa23d6baed |