Malware Analysis Report

2024-09-11 14:51

Sample ID 240609-sc399acd92
Target VSCodeUserSetup-x64-1.90.0.exe
SHA256 5551a2328defe20fd5d612b78f43403a11980dafa1b46c10649fd5909076c543
Tags
xworm execution rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5551a2328defe20fd5d612b78f43403a11980dafa1b46c10649fd5909076c543

Threat Level: Known bad

The file VSCodeUserSetup-x64-1.90.0.exe was found to be: Known bad.

Malicious Activity Summary

xworm execution rat trojan

Detect Xworm Payload

Xworm

Command and Scripting Interpreter: PowerShell

Looks up external IP address via web service

Executes dropped EXE

Loads dropped DLL

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Creates scheduled task(s)

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Command and Scripting Interpreter
T1059
PowerShell
T1059.001
Scheduled Task/Job
T1053
Persistence
TA0003
Scheduled Task/Job
T1053
Privilege Escalation
TA0004
Scheduled Task/Job
T1053
Defense Evasion
TA0005
Credential Access
TA0006
Discovery
TA0007
Query Registry
T1012
System Information Discovery
T1082
Lateral Movement
TA0008
Collection
TA0009
Exfiltration
TA0010
Command and Control
TA0011
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-06-09 15:00

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-09 14:59

Reported

2024-06-09 15:05

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\VSCodeUserSetup-x64-1.90.0.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-V20D7.tmp\VSCodeUserSetup-x64-1.90.0.tmp N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3776 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\VSCodeUserSetup-x64-1.90.0.exe C:\Users\Admin\AppData\Local\Temp\is-V20D7.tmp\VSCodeUserSetup-x64-1.90.0.tmp
PID 3776 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\VSCodeUserSetup-x64-1.90.0.exe C:\Users\Admin\AppData\Local\Temp\is-V20D7.tmp\VSCodeUserSetup-x64-1.90.0.tmp
PID 3776 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\VSCodeUserSetup-x64-1.90.0.exe C:\Users\Admin\AppData\Local\Temp\is-V20D7.tmp\VSCodeUserSetup-x64-1.90.0.tmp

Processes

C:\Users\Admin\AppData\Local\Temp\VSCodeUserSetup-x64-1.90.0.exe

"C:\Users\Admin\AppData\Local\Temp\VSCodeUserSetup-x64-1.90.0.exe"

C:\Users\Admin\AppData\Local\Temp\is-V20D7.tmp\VSCodeUserSetup-x64-1.90.0.tmp

"C:\Users\Admin\AppData\Local\Temp\is-V20D7.tmp\VSCodeUserSetup-x64-1.90.0.tmp" /SL5="$701EC,99556431,828416,C:\Users\Admin\AppData\Local\Temp\VSCodeUserSetup-x64-1.90.0.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 10.73.50.20.in-addr.arpa udp

Files

memory/3776-0-0x0000000000400000-0x00000000004D8000-memory.dmp

memory/3776-2-0x0000000000401000-0x00000000004B7000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-V20D7.tmp\VSCodeUserSetup-x64-1.90.0.tmp

MD5 8ae52fc01f13e521c75276cf7af9625f
SHA1 94bb90bc0da93b9d548c91986c8b4b7c6168da2b
SHA256 935ff0d75f56f29ad95436813ea988dc1f679aaf225eafc44367b4fc8a4f2fa1
SHA512 cbb8d0e90db37d277c5bd92be2f2297599379f245044ae426cf9f5841b98f1cf0261c0fa90ec9b5e4a2f791d0e79e5b4f8bcbe8f04784708f2bd5a7498c768d4

memory/2080-6-0x0000000000400000-0x000000000068E000-memory.dmp

memory/3776-8-0x0000000000400000-0x00000000004D8000-memory.dmp

memory/2080-9-0x0000000000400000-0x000000000068E000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-09 14:59

Reported

2024-06-09 15:05

Platform

win7-20240220-en

Max time kernel

62s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\VSCodeUserSetup-x64-1.90.0.exe"

Signatures

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Xworm

trojan rat xworm

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-5L9JO.tmp\VSCodeUserSetup-x64-1.90.0.tmp N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\VSCodeUserSetup-x64-1.90.0.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\System32\schtasks.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1992 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\VSCodeUserSetup-x64-1.90.0.exe C:\Users\Admin\AppData\Local\Temp\is-5L9JO.tmp\VSCodeUserSetup-x64-1.90.0.tmp
PID 1992 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\VSCodeUserSetup-x64-1.90.0.exe C:\Users\Admin\AppData\Local\Temp\is-5L9JO.tmp\VSCodeUserSetup-x64-1.90.0.tmp
PID 1992 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\VSCodeUserSetup-x64-1.90.0.exe C:\Users\Admin\AppData\Local\Temp\is-5L9JO.tmp\VSCodeUserSetup-x64-1.90.0.tmp
PID 1992 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\VSCodeUserSetup-x64-1.90.0.exe C:\Users\Admin\AppData\Local\Temp\is-5L9JO.tmp\VSCodeUserSetup-x64-1.90.0.tmp
PID 1992 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\VSCodeUserSetup-x64-1.90.0.exe C:\Users\Admin\AppData\Local\Temp\is-5L9JO.tmp\VSCodeUserSetup-x64-1.90.0.tmp
PID 1992 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\VSCodeUserSetup-x64-1.90.0.exe C:\Users\Admin\AppData\Local\Temp\is-5L9JO.tmp\VSCodeUserSetup-x64-1.90.0.tmp
PID 1992 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\VSCodeUserSetup-x64-1.90.0.exe C:\Users\Admin\AppData\Local\Temp\is-5L9JO.tmp\VSCodeUserSetup-x64-1.90.0.tmp
PID 2752 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 2584 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 2864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 2864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 2864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 2832 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 2832 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 2832 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 2832 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 2832 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 2832 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 2832 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 2832 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 2832 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 2832 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 2832 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2752 wrote to memory of 2832 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\VSCodeUserSetup-x64-1.90.0.exe

"C:\Users\Admin\AppData\Local\Temp\VSCodeUserSetup-x64-1.90.0.exe"

C:\Users\Admin\AppData\Local\Temp\is-5L9JO.tmp\VSCodeUserSetup-x64-1.90.0.tmp

"C:\Users\Admin\AppData\Local\Temp\is-5L9JO.tmp\VSCodeUserSetup-x64-1.90.0.tmp" /SL5="$400E0,99556431,828416,C:\Users\Admin\AppData\Local\Temp\VSCodeUserSetup-x64-1.90.0.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6d89758,0x7fef6d89768,0x7fef6d89778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1148 --field-trial-handle=1352,i,3510878230210781235,13211494890066043008,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1472 --field-trial-handle=1352,i,3510878230210781235,13211494890066043008,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1568 --field-trial-handle=1352,i,3510878230210781235,13211494890066043008,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2276 --field-trial-handle=1352,i,3510878230210781235,13211494890066043008,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2284 --field-trial-handle=1352,i,3510878230210781235,13211494890066043008,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1364 --field-trial-handle=1352,i,3510878230210781235,13211494890066043008,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1440 --field-trial-handle=1352,i,3510878230210781235,13211494890066043008,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3488 --field-trial-handle=1352,i,3510878230210781235,13211494890066043008,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3516 --field-trial-handle=1352,i,3510878230210781235,13211494890066043008,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3520 --field-trial-handle=1352,i,3510878230210781235,13211494890066043008,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3708 --field-trial-handle=1352,i,3510878230210781235,13211494890066043008,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2552 --field-trial-handle=1352,i,3510878230210781235,13211494890066043008,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1352,i,3510878230210781235,13211494890066043008,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2084 --field-trial-handle=1352,i,3510878230210781235,13211494890066043008,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2280 --field-trial-handle=1352,i,3510878230210781235,13211494890066043008,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3480 --field-trial-handle=1352,i,3510878230210781235,13211494890066043008,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=716 --field-trial-handle=1352,i,3510878230210781235,13211494890066043008,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2436 --field-trial-handle=1352,i,3510878230210781235,13211494890066043008,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3792 --field-trial-handle=1352,i,3510878230210781235,13211494890066043008,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4216 --field-trial-handle=1352,i,3510878230210781235,13211494890066043008,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4232 --field-trial-handle=1352,i,3510878230210781235,13211494890066043008,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3976 --field-trial-handle=1352,i,3510878230210781235,13211494890066043008,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4224 --field-trial-handle=1352,i,3510878230210781235,13211494890066043008,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4112 --field-trial-handle=1352,i,3510878230210781235,13211494890066043008,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1808 --field-trial-handle=1352,i,3510878230210781235,13211494890066043008,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2740 --field-trial-handle=1352,i,3510878230210781235,13211494890066043008,131072 /prefetch:8

C:\Users\Admin\Downloads\XClient.exe

"C:\Users\Admin\Downloads\XClient.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\Downloads\XClient.exe'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'XClient.exe'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\svchost.exe'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'svchost.exe'

C:\Windows\System32\schtasks.exe

"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "svchost" /tr "C:\Users\Admin\AppData\Local\svchost.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.196:443 www.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 apis.google.com udp
FR 142.250.178.142:443 apis.google.com tcp
FR 142.250.178.142:443 apis.google.com tcp
US 8.8.8.8:53 play.google.com udp
FR 172.217.20.174:443 play.google.com tcp
FR 172.217.20.196:443 www.google.com udp
US 8.8.8.8:53 id.google.com udp
FR 172.217.20.195:443 id.google.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
FR 172.217.20.195:443 id.google.com tcp
FR 142.250.178.138:443 content-autofill.googleapis.com tcp
FR 172.217.20.174:443 play.google.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
FR 142.250.179.110:443 encrypted-tbn0.gstatic.com tcp
FR 142.250.179.110:443 encrypted-tbn0.gstatic.com tcp
FR 142.250.179.110:443 encrypted-tbn0.gstatic.com tcp
FR 142.250.179.110:443 encrypted-tbn0.gstatic.com tcp
FR 172.217.20.195:443 id.google.com udp
US 8.8.8.8:53 oxy.st udp
RU 185.178.208.137:443 oxy.st tcp
RU 185.178.208.137:443 oxy.st tcp
US 8.8.8.8:53 contextual.media.net udp
BE 104.90.24.23:443 contextual.media.net tcp
US 8.8.8.8:53 code-ya.jivosite.com udp
US 8.8.8.8:53 lg3.media.net udp
GB 2.21.188.27:443 lg3.media.net tcp
AM 5.101.37.37:443 code-ya.jivosite.com tcp
FR 172.217.20.196:443 www.google.com udp
AM 5.101.37.37:443 code-ya.jivosite.com tcp
FR 142.250.178.138:443 content-autofill.googleapis.com udp
AM 5.101.37.37:443 code-ya.jivosite.com tcp
US 8.8.8.8:53 node-ya-1.jivosite.com udp
RU 51.250.22.213:443 node-ya-1.jivosite.com tcp
RU 51.250.22.213:443 node-ya-1.jivosite.com tcp
US 8.8.8.8:53 code.jivosite.com udp
RU 51.250.22.213:443 node-ya-1.jivosite.com tcp
US 8.8.8.8:53 telemetry.jivosite.com udp
GB 198.244.165.101:443 telemetry.jivosite.com tcp
GB 2.21.188.27:443 lg3.media.net udp
US 8.8.8.8:53 code-ya.jivosite.com udp
AM 5.101.37.37:443 code-ya.jivosite.com tcp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
FR 142.250.179.110:443 google.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 ads.themoneytizer.com udp
US 8.8.8.8:53 smatr.net udp
US 8.8.8.8:53 cdn.adlook.me udp
US 104.22.62.227:443 ads.themoneytizer.com tcp
US 104.22.62.227:443 ads.themoneytizer.com tcp
NL 88.208.46.222:443 smatr.net tcp
US 8.8.8.8:53 yastatic.net udp
RU 193.17.93.93:443 cdn.adlook.me tcp
RU 178.154.131.215:443 yastatic.net tcp
RU 178.154.131.215:443 yastatic.net tcp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 ced.sascdn.com udp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 secure.quantserve.com udp
US 8.8.8.8:53 tag.leadplace.fr udp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 adtrack.adleadevent.com udp
DE 51.89.9.253:443 onetag-sys.com tcp
US 8.8.8.8:53 p.cpx.to udp
BE 23.14.90.73:443 ced.sascdn.com tcp
DE 91.228.74.159:443 secure.quantserve.com tcp
US 8.8.8.8:53 ogffa.net udp
US 8.8.8.8:53 system-notify.app udp
US 8.8.8.8:53 counter.yadro.ru udp
FR 145.239.192.166:443 tag.leadplace.fr tcp
IE 52.51.190.15:443 adtrack.adleadevent.com tcp
IE 63.34.77.99:443 p.cpx.to tcp
NL 88.208.46.222:443 ogffa.net tcp
DE 23.88.8.125:443 system-notify.app tcp
RU 88.212.201.198:443 counter.yadro.ru tcp
US 8.8.8.8:53 ads.adlook.me udp
FR 142.250.178.138:443 content-autofill.googleapis.com udp
RU 78.140.242.69:443 ads.adlook.me tcp
US 8.8.8.8:53 uidsync.net udp
US 8.8.8.8:53 rules.quantcount.com udp
US 8.8.8.8:53 cdn.id5-sync.com udp
DE 52.222.191.32:443 rules.quantcount.com tcp
US 104.22.53.86:443 cdn.id5-sync.com tcp
DE 157.90.33.122:443 uidsync.net tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 pixel.quantserve.com udp
BE 23.14.90.74:80 apps.identrust.com tcp
DE 157.90.33.122:443 uidsync.net tcp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 match.adsrvr.org udp
NL 185.89.210.153:443 ib.adnxs.com tcp
US 52.223.40.198:443 match.adsrvr.org tcp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 s.cpx.to udp
IE 63.34.77.99:443 s.cpx.to tcp
DE 162.19.138.82:443 lb.eu-1-id5-sync.com tcp
DE 162.19.138.117:443 lb.eu-1-id5-sync.com tcp
DE 23.88.8.125:443 uidsync.net tcp
US 8.8.8.8:53 download.oxy.st udp
RU 185.178.208.137:443 download.oxy.st tcp
RU 185.178.208.137:443 download.oxy.st tcp
US 104.22.62.227:443 ads.themoneytizer.com tcp
DE 51.89.9.253:443 onetag-sys.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
DE 51.89.9.253:443 onetag-sys.com tcp
DE 23.88.8.125:443 uidsync.net tcp
US 52.223.40.198:443 match.adsrvr.org tcp
DE 157.90.33.122:443 uidsync.net tcp
DE 157.90.33.122:443 uidsync.net tcp
RU 185.178.208.137:443 download.oxy.st tcp
US 8.8.8.8:53 s1.oxy.st udp
US 104.21.234.182:443 s1.oxy.st tcp
US 8.8.8.8:53 tmzr.themoneytizer.fr udp
US 104.21.40.15:443 tmzr.themoneytizer.fr tcp
NL 178.250.1.11:443 gum.criteo.com tcp
DE 162.19.138.82:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 ww1097.smartadserver.com udp
US 8.8.8.8:53 lexicon.33across.com udp
US 8.8.8.8:53 id.crwdcntrl.net udp
US 35.244.193.51:443 lexicon.33across.com tcp
IE 52.215.133.162:443 id.crwdcntrl.net tcp
FR 217.182.178.225:443 ww1097.smartadserver.com tcp
DE 162.19.138.117:443 lb.eu-1-id5-sync.com tcp
DE 162.19.138.82:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp

Files

memory/1992-2-0x0000000000401000-0x00000000004B7000-memory.dmp

memory/1992-0-0x0000000000400000-0x00000000004D8000-memory.dmp

\Users\Admin\AppData\Local\Temp\is-5L9JO.tmp\VSCodeUserSetup-x64-1.90.0.tmp

MD5 8ae52fc01f13e521c75276cf7af9625f
SHA1 94bb90bc0da93b9d548c91986c8b4b7c6168da2b
SHA256 935ff0d75f56f29ad95436813ea988dc1f679aaf225eafc44367b4fc8a4f2fa1
SHA512 cbb8d0e90db37d277c5bd92be2f2297599379f245044ae426cf9f5841b98f1cf0261c0fa90ec9b5e4a2f791d0e79e5b4f8bcbe8f04784708f2bd5a7498c768d4

memory/2700-8-0x0000000000400000-0x000000000068E000-memory.dmp

memory/1992-9-0x0000000000400000-0x00000000004D8000-memory.dmp

memory/2700-10-0x0000000000400000-0x000000000068E000-memory.dmp

memory/2700-12-0x0000000000400000-0x000000000068E000-memory.dmp

memory/1992-14-0x0000000000400000-0x00000000004D8000-memory.dmp

\??\pipe\crashpad_2752_NXBZRODFEVGHHNHB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Temp\CabD2DB.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7352d1df4886dd1be266e1b0f5790fe9
SHA1 233b9be048e3af77493021cca7b90a319315ebda
SHA256 4f4c94822f03aae5c34476189a5d0b3a9803e6670cea41eb1389a6fd3bb6e4d7
SHA512 85d693d481ee4de99b8074faf2972fa400c30191522f979874d3acf52ba7c131bd5b512149bf48dcc25ed8926c02a2da6f2eba8cf8ab5bfaaa45ad05126dbcab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4f24af354976a78b85130fe9c44f3fe1
SHA1 3744d8d202c5c9d5d92030702eba2cb4def4fad7
SHA256 415d97277a731a6486710e31bc8a27e60162b1d9f5897f158d555b403303183f
SHA512 6ae6d3b59d9cd8fe598c24070f6da5928e0e8dfe4aa7ac318794f1e535caf9a2f9b62ed1715a7360e56ae32f62dfa9e9208d3d09d9a7392057d770a17fe89984

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\30f1d1c8-e7e2-4998-9a2f-3c77001536c3.tmp

MD5 51456e352066825df78ec223dc4197e1
SHA1 206ab15381667c039da26ae6c6b065b3f8bccdf0
SHA256 586fa24d034cd046248ba2c5bafc2e9ee6e7419a2d25fc436cdb75d5ce6d86ac
SHA512 6196f5218989d0437cdd473b7520b0a99a377eb0274530faf479e0ffb93621390ff6cbb3e492be9515d3576162f1cf0552c9dd2cbcfe1fc9a07236038fe86aae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2cf2c3a6c07fd297d772201fd00699c2
SHA1 2261be1d78190e054c89436ebf60aa4f414a554a
SHA256 cbb667f475052b6e20c9146fc265b57f5a0ae7b167c24e9180fb2085e6e37d1a
SHA512 760b369a9780386c1b5942c1d23dab34e25038b7fd8462316548e65999cbb6ea5eefed66b6399df5d2ec6ca370fc6c13263d234a051bf4370189e4ab7b2578ba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

MD5 4588208961b6b7ed6cd974687346348a
SHA1 52085a4f6c875b6949261704f05050c1727e9c55
SHA256 95a95b07b4e0d051f83a51b680810572bd1244b42cb6e640d3b29b98f3e92885
SHA512 a9853353e68286f62535548ddbf1a97f1b39c1b6200161a660b1a4eac6864a1f6e93ab72d2cfe61249bf4543e2317f04babb3be211a37c12a55d55ee08b2b515

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

MD5 cd7b3e4dfecea7028bc1bdeda5a47477
SHA1 5c37dcaa4ed3c2a4051e4dc1714a342ac0de8365
SHA256 4d401337713e7f1c9f6588f8f7d79721e531c837b5f2f73c0b3cb372fd8f9b87
SHA512 ea11eb8d8347a39a1aa990a05cce6543e47145a1e618091750e2ad77497449e12e8b4d5b1e3385c9669cdd6a66e7dac96ff0e67913730c27c0ef2ff40a669f2d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

MD5 82db06ca267ac7fdd878a1df35f41f4e
SHA1 9dae7f1ae60d7b83dbdada64fd1b4296f8f20051
SHA256 3847721350fd764d4d21cb4d2e02ab95c4ccdaa9d8ffefeb6f1078bf169ac6fb
SHA512 6e9beeca7caa94fc5dcf929d5af18d24acfc2a56612840b7084fb6057785d85b272eec8acdf4457c7dd1de9bee5e03fefc082a170131002229da0c01da9a8fb8

C:\Users\Admin\AppData\Local\Temp\TarD6F5.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_oxy.st_0.indexeddb.leveldb\CURRENT~RFf77d826.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fb507c4130d7150f9b757c1e0313f478
SHA1 638090120c696eedace06e209f116cc81d7ab4a1
SHA256 e3263201af3a35f6d55425f90d37c9d7ef1989cc700109a2ca90682fa3975aae
SHA512 d4e7e6fe674714119229e44e492f96a16ea911ec98eda0b6b14f4ee2aaaf4ed5cb1c91712b5336581d5f12ece605aa2e69937b9ec6c312345cdc073a0a2108be

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b253a96178ffeacb585d542858384327
SHA1 0571ac4868f710a0539390b090dd7223c7d27e44
SHA256 f842ed60cebb979e576603718150d380665729a94a0bc36e61f7fa2438c2eecb
SHA512 dca7e925c0c6838d61f2e32b80fed3ae29e3b47be6974e178fd62b377b30af385579d4b3743e6b4bd2454fa636643f8d58cb52471fb13e1346aafad128be674a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7185cd7750531e770129ef923c4a584d
SHA1 c1379e5eead957ae1c568cc9b2da3ba311401733
SHA256 bf477db6c787f1954168f03247866f8b38b00d84a1e22353fc1707e39d404f72
SHA512 ac3348c79fece8268cd49f4cf8abc76e4a9fb4a3ea797557c49b07a24cfe5c3f24f282090c88eb8444484bdc5cedd5730769233b8ac22878f1a90ab7540a4d45

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 91d5c24d47c1c3bc3de6f6557bded42e
SHA1 86e2d780032489cd16b8b398f7c07f9b1fb61d8f
SHA256 d42af06be53e6e5d2439ab7b19b166bd6bfbbc37e43acc1a550dff546022edb3
SHA512 11ad137efc9b631d9126abc8e168a67c7be2fbc0250f7db41b30d866bca2305d578bc0ac3db56151b13f31a3f60e3f9cc8f44c776b97a37cb7da5e2c4e4d95ec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3b50edf2edb97437e01ab9670192f446
SHA1 850ce4d29d55feb6a4bf908cf84df787764797a1
SHA256 76b2af8c2151192a1fd87529f4b41febe6662fa013c70d50471bba5a0e6fbce4
SHA512 e2e39ae0a54cdd02724e087d782d0ae31f2f4a406a0cd6d9f6515fb7ba69235474071d19924bc6df26a5f09a7f269734cc29097d80a6477e370491378a484bf5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 64faf7fb6de0e3f05ff5eeeec4c5dc6b
SHA1 c2c9a91c4a726b5a0d0afd5bc21846bc02a47603
SHA256 525423297507dea4e8be827026ee4f03e3896af7a19bd8ffed64eb3ac20d515e
SHA512 753ea8e27d7567c659616d8da13ecd39c275ce9cbe350f44ae44562993cef5e0385e30ec108ba8a9b4154a93b74aaefd549f9d8e9b411aa7edadeb6f22b508f6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7c9f01558283e26795fa994b0d50a076
SHA1 7c787f895c6c9bcd86379df42994c6c5e409f054
SHA256 79a2e9bc43fab56ec0ff0dbf55459bc1a1fef510f89319c8181b9ebdfb28e570
SHA512 d998c1a891f846821160172ced35d56c2eb882ea91bddd60b2d7c09c0134c148bac941a1e1688a4f84d1c50e5ab6ad5f1c3b178d4df66938aabab4dc6e528acf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 96c6d076ab2dd6c109022da674d2e6cc
SHA1 4870c1212f2d6a40ae87eab844f34a3fe672e2bf
SHA256 07a27d89e3b9f8f39a5773c447defd990866d6d09526531fd19ea1d01905d87c
SHA512 0032dcdd7e2ea0f99b09ed9364488fa270a512f098fbb6d696bcb5bbc7e4423ae688e34da694b04d13c7cfecd0338bd47d680f8be3a1300b0058f01546f8d85d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 67f0968483dd5285c1a87833884f8f65
SHA1 b3e6c91c37fbcb9b4f3326bd53c136f4333b85e7
SHA256 54f63fb42f3bee087f2b84f8270a097bc72e845cbb9a6dfb54cd67eb3526dd74
SHA512 8ba207c75800365a27e1d9a139b60333ba5f2f9609884a0c5275fb193bab9b88897fda5f41baf617b59efb872347ea6c4a66c15c0a4c83b353567c9e77f2bde0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9011c9c7470a8d2fda15a576baaacd4b
SHA1 d9dd1d9a18a53afe5a016b318c799eaa10664b38
SHA256 78a6cc98f75723ec7afee44f79a1f81d43acb5f4f572edba308016fd27b4b2c5
SHA512 113ea8963f1cceb89e5de782d6a3ed828a31f9e22d1a23065ea77e32124027efc83827bb70101ce610253e6d47ee55a33e3fec5ec844fd3c9fc01c3c6a7da468

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C

MD5 f55da450a5fb287e1e0f0dcc965756ca
SHA1 7e04de896a3e666d00e687d33ffad93be83d349e
SHA256 31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0
SHA512 19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C

MD5 b91b78df07b9835a56db0b5fbf7db95e
SHA1 4514b25edca54dd5984c192a83a2e5fcd9c7827d
SHA256 1ff861480099b2d089c2a743fa0e5e3554340fb59002ee3de41e1ad7efc130e1
SHA512 911ec986ba88efacc19d0f2df28201ea41265a1fe492b0fb6e030b33d780429aac207078c9da7aa8cc2f3f06f5f08421fd1783b98031ee4b5b272cc80397e1f9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 46372d073074e218be98e5feac83d2d2
SHA1 84ac7a0d62717aeb8edcf9a4295d4c82bed5ca95
SHA256 0e8f0d01bf7b322ade6f3812af4cc735d1ada559970c28da88194a63481bd6f4
SHA512 cd481179d9f268d2f73592088ff618073e940a423c015fd107124baeed1a1d551564788a957e07d9aece1da44aecaeb8fadddb4ce1ae9916010a639bfaadb239

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fc82a5073c4b80eea81b71e522278d87
SHA1 b966393b8f83c00d5c7a8c0e2bccff29884609bb
SHA256 0a359b22e5450e1595634a3dfd45578d73faa231212e9ccad229348d8ef4ec01
SHA512 acca610d92338aa8c4fc2ca1ec04db58dea2d0a3ed90e0fca4b4c66100fc7cb9533afdfe3972cdac2890681fea4c5f2fbe939677f92198b133b55f75c58a71eb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4e6a8bbfd4133525d2e1da03772a92c4
SHA1 50f40118f18b16f4ff04b33caa758a5a04a26bfc
SHA256 e27996023d36cda09ca92554a3d43b9d62fa6da3cd19a91185bede56c898d9d7
SHA512 2927d694e5dc158f11cb37c3c8a5296b661b758d83473964c433ecf841555a531538faa5d97f41a5b182b7be7224df4d37642e54ce9574c65d212c538fa2a654

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c8f03236a51f9710a31912d3a5763c59
SHA1 f95a9fa4f9aebc7781b310fde255a6bec0996c26
SHA256 a908bef3468b493bc3335614e63e697b2ecaef358da939328d3cc92c46bab0b0
SHA512 b71c29dc6d0afb549c982d342cea1a8f5821601dadbb17d92a14b423e5f0d00fef56dac8b6b1f5c78ed5aa2ebad5cd1a8446b4c511757f0118d62b4200b534d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eeebc76cfa0beb04a0e713e150b209be
SHA1 84b19bb472592a6fa002624807375aa4cd6914c8
SHA256 14580a3b9e095f58f32fbaf8cb39436f2df8c554e2a3b537ebb1c052e651a2e9
SHA512 a87988e21148c3da2845f926f7af93956e1665d2da30cb2e2ebd50d12143d6b5efe315a1a9ce6277bd8e6291ebcd0f5efa7e160e72d04b86f84795ce909b0174

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0fa073ad6321504156dab7087e4f50d1
SHA1 d3d7d36de20f199f8f4df88e9d6b32156bb9d735
SHA256 6a7028a0dec20ca595f3a169a121692314e6b9bb068efd2bab755c0482289017
SHA512 b9667da8655d67864ee1fd48f2ea396d9e7dde300c7c35c11cbafdac442560b9511a2235250531d97519b8297fede15aba660ea5de43abb791483cfeebb6a806

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2e51bf82882690b5ea370643babcc460
SHA1 228bd0dd3d11cec687f0478df25fa998fcfd7de5
SHA256 10511531f766d16e8e294867eb12beee763b186e383935390fde3f2e4ca87723
SHA512 6658cf857bc4df8f9b4ec8fcd441ba517474d4e5f382e62cc2858eb6924f62bc45cc27ac446bbda1f3d4796d6229513c9b757920f0402681e9741bcf7d95a18e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a9f38ba280409093ff99e218c336c958
SHA1 cc85420698b771c798f746a46c830564561fedb0
SHA256 6f729478091f0384c8712eb3bf5e6d781b33bac2f2209f2107c759e9eaf75dd7
SHA512 2b050fee49be57a5949076577bd9f3ea91db1624f16084645e44f13d03005a9a1944e24057286564ef5dddea908778c1247442d9b3bd782f51ea779038f2c8c0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1411a363f53f227ca3a7a06cd82b69eb
SHA1 1a1ce847c2037e095920ba55882a9465c425a66a
SHA256 46904e8ef164d6cf51971077ee7ab50ee565edf2a62771347fede7123ac2fc3b
SHA512 830b24ecfceb7b16dbae1edacebae6140a6eab43e87da3fa1e222031fc33bb88098cfa343758512cdc5f1f00e4532a06e31160257c11147e34861161746d6d37

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 17cc5bb37e886abfc3fd4559e0dcb290
SHA1 ad6f097a50d218e79953a9fff698d2eb682c85cf
SHA256 4f89ce8d0de90dea9dfea178fdb2468ea3b8007f41e377765a990d38b0ea2ec6
SHA512 9e398a7eb5bb5f51d03eafa190d853857649653af8083f8efa97a154c769bf8831556a5c06cbb699581679832abdad47431ddd373c2af8e41137cb672fa4f60a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 bfd27feb8b8875c4e728d4789282f1aa
SHA1 69f7af3ff902e062964133940d75b76326cf8410
SHA256 6ebcd9392c95cad578be8a86e4988873997eeaaecce4a11dc59fc1f251239c12
SHA512 8d1835b7ac0e8630cc82bcb5766907fd0b35d5a08a9de147a17e416109a84bb0228637eb1cfa58e9581de0b95a2fcc887cd8e7752d7de1ff24d97b2dcee3e1f4

C:\Users\Admin\Downloads\XClient.exe

MD5 f7f57206c0ff548a79b7418aebe2a7f6
SHA1 b258e9bbd7e725f732d823c4c91fcfc03d570de8
SHA256 fa3562573cbbcfc09eae88235af95a6989a3ffdf9a9661dede68826f23c33549
SHA512 f7e929269cf1fb504eb49fb90f5c1af48d5e43365a284e97ee7d9616ff54eb0ff7a657aa27b880e5831a70f4e5dedfbbea53217ec0872427cce329dfc8ea855e

memory/2324-1906-0x00000000011B0000-0x00000000011C0000-memory.dmp

memory/2124-1913-0x000000001B630000-0x000000001B912000-memory.dmp

memory/2124-1914-0x0000000002810000-0x0000000002818000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

MD5 e54a31618a887bf5582371a9a5c817fb
SHA1 d15a96802dedcd9f0969044ad5bc16eeb58e320e
SHA256 cd0e6b8ef35391932fb67cf2a5681c92e7120a89a5e8c2456485c11ae7667549
SHA512 368b361fe8ec605eeff952d097e0de4a6420908a232bdc8c48c2c42034b73578d4541c6501c87662613ea665bbc9d26bcb570f999cc05bc4fb8875c4fd56938b

memory/2728-1920-0x000000001B5C0000-0x000000001B8A2000-memory.dmp

memory/2728-1921-0x00000000022D0000-0x00000000022D8000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 541093fc64994e100f95cf954b3dc705
SHA1 84de741a932a9bbff2d23eb798c5f653faff6253
SHA256 373a702750a065fddde346cce6a2644276eeb65041ac6d0c38d27e0b1954a360
SHA512 225268f6a5edd97aca2275186d493e7fe5789f8d3ae5e54c4ddbcc0bcec99927cdac4292ac4ee244055a32f1e41e357012a1b71d0b45bfe31a03529ba36b164e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9d21b4098d373a98d813ddc22e63edaf
SHA1 2ad19164e28081112c014bcbd28466ec37fdd1f9
SHA256 eb8ceaaa9c89578007e6b19b20d2ed71485c57afb9659c4b8925bc22c38e6ad5
SHA512 889357c8ac0155ff47457b7dbc026c3974ddaaee34e23b7952b8c9b306f04c5ff172fbeee3e45d9ab6cf9e2d809eae98a797c849a566188b8821c02532c75a90

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 6f46b9b7abaefdc13110889b886f8dfd
SHA1 621045074df2f51dc42eb87ffaef43a0cc0c6637
SHA256 4ffde53fe77797c0a502ed333b1d09a6752552298010007f8c0675066358d47d
SHA512 6cb4534eed7dda5f550c49a22c98f25bd46c2f91f014bfd8d8ecd6a19ed852d8bd25198dc80b6a63647f7efddf906c07ce15597e4f952bf45c4380fd6c6a38fc