Analysis Overview
SHA256
42b181e9b5f424472212742a187260d4edc73b7683ae83460c974508130e08ad
Threat Level: Known bad
The file python-3.10.2-amd64.exe was found to be: Known bad.
Malicious Activity Summary
StormKitty payload
AsyncRat
StormKitty
.NET Reactor proctector
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
Looks up geolocation information via web service
Drops desktop.ini file(s)
Drops file in System32 directory
Checks installed software on the system
Executes dropped EXE
Loads dropped DLL
Event Triggered Execution: Netsh Helper DLL
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Checks processor information in registry
Checks SCSI registry key(s)
Suspicious use of FindShellTrayWindow
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-07-07 16:17
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-07 16:16
Reported
2024-07-07 16:29
Platform
win10v2004-20240704-en
Max time kernel
603s
Max time network
737s
Command Line
Signatures
AsyncRat
StormKitty
StormKitty payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
.NET Reactor proctector
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Local\6a4443820b599dd34591c67474587ad8\Admin@FCYEIXNJ_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\Camera Roll\desktop.ini | C:\Users\Admin\Desktop\XWorm V3.0 Bin\XWorm V3.0 Bin\XWorm V3.0 Bin\Builder.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\4bce81f89c3ee2eff4c7e395d6e3dc0c\Admin@FCYEIXNJ_en-US\Grabber\DRIVE-C\Users\Admin\Documents\desktop.ini | C:\Users\Admin\Desktop\XWorm V3.0 Bin\XWorm V3.0 Bin\XWorm V3.0 Bin\Builder.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\4bce81f89c3ee2eff4c7e395d6e3dc0c\Admin@FCYEIXNJ_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\Saved Pictures\desktop.ini | C:\Users\Admin\Desktop\XWorm V3.0 Bin\XWorm V3.0 Bin\XWorm V3.0 Bin\Builder.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\b6a1fda535893e3951eeb1fdb2c82063\Admin@FCYEIXNJ_en-US\Grabber\DRIVE-C\Users\Admin\Desktop\desktop.ini | C:\Users\Admin\Desktop\XWorm V3.0 Bin\XWorm V3.0 Bin\XWorm V3.0 Bin\Builder.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\b6a1fda535893e3951eeb1fdb2c82063\Admin@FCYEIXNJ_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\Camera Roll\desktop.ini | C:\Users\Admin\Desktop\XWorm V3.0 Bin\XWorm V3.0 Bin\XWorm V3.0 Bin\Builder.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\b6a1fda535893e3951eeb1fdb2c82063\Admin@FCYEIXNJ_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\Saved Pictures\desktop.ini | C:\Users\Admin\Desktop\XWorm V3.0 Bin\XWorm V3.0 Bin\XWorm V3.0 Bin\Builder.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\6a4443820b599dd34591c67474587ad8\Admin@FCYEIXNJ_en-US\Grabber\DRIVE-C\Users\Admin\Desktop\desktop.ini | C:\Users\Admin\Desktop\XWorm V3.0 Bin\XWorm V3.0 Bin\XWorm V3.0 Bin\Builder.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\6a4443820b599dd34591c67474587ad8\Admin@FCYEIXNJ_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\desktop.ini | C:\Users\Admin\Desktop\XWorm V3.0 Bin\XWorm V3.0 Bin\XWorm V3.0 Bin\Builder.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\6a4443820b599dd34591c67474587ad8\Admin@FCYEIXNJ_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\Saved Pictures\desktop.ini | C:\Users\Admin\Desktop\XWorm V3.0 Bin\XWorm V3.0 Bin\XWorm V3.0 Bin\Builder.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\4bce81f89c3ee2eff4c7e395d6e3dc0c\Admin@FCYEIXNJ_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\Camera Roll\desktop.ini | C:\Users\Admin\Desktop\XWorm V3.0 Bin\XWorm V3.0 Bin\XWorm V3.0 Bin\Builder.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\6a4443820b599dd34591c67474587ad8\Admin@FCYEIXNJ_en-US\Grabber\DRIVE-C\Users\Admin\Documents\desktop.ini | C:\Users\Admin\Desktop\XWorm V3.0 Bin\XWorm V3.0 Bin\XWorm V3.0 Bin\Builder.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\6a4443820b599dd34591c67474587ad8\Admin@FCYEIXNJ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\desktop.ini | C:\Users\Admin\Desktop\XWorm V3.0 Bin\XWorm V3.0 Bin\XWorm V3.0 Bin\Builder.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\4bce81f89c3ee2eff4c7e395d6e3dc0c\Admin@FCYEIXNJ_en-US\Grabber\DRIVE-C\Users\Admin\Documents\desktop.ini | C:\Users\Admin\Desktop\XWorm V3.0 Bin\XWorm V3.0 Bin\XWorm V3.0 Bin\Builder.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\4bce81f89c3ee2eff4c7e395d6e3dc0c\Admin@FCYEIXNJ_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\desktop.ini | C:\Users\Admin\Desktop\XWorm V3.0 Bin\XWorm V3.0 Bin\XWorm V3.0 Bin\Builder.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\4bce81f89c3ee2eff4c7e395d6e3dc0c\Admin@FCYEIXNJ_en-US\Grabber\DRIVE-C\Users\Admin\Desktop\desktop.ini | C:\Users\Admin\Desktop\XWorm V3.0 Bin\XWorm V3.0 Bin\XWorm V3.0 Bin\Builder.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\b6a1fda535893e3951eeb1fdb2c82063\Admin@FCYEIXNJ_en-US\Grabber\DRIVE-C\Users\Admin\Desktop\desktop.ini | C:\Users\Admin\Desktop\XWorm V3.0 Bin\XWorm V3.0 Bin\XWorm V3.0 Bin\Builder.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\b6a1fda535893e3951eeb1fdb2c82063\Admin@FCYEIXNJ_en-US\Grabber\DRIVE-C\Users\Admin\Documents\desktop.ini | C:\Users\Admin\Desktop\XWorm V3.0 Bin\XWorm V3.0 Bin\XWorm V3.0 Bin\Builder.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\b6a1fda535893e3951eeb1fdb2c82063\Admin@FCYEIXNJ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\desktop.ini | C:\Users\Admin\Desktop\XWorm V3.0 Bin\XWorm V3.0 Bin\XWorm V3.0 Bin\Builder.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\6a4443820b599dd34591c67474587ad8\Admin@FCYEIXNJ_en-US\Grabber\DRIVE-C\Users\Admin\Desktop\desktop.ini | C:\Users\Admin\Desktop\XWorm V3.0 Bin\XWorm V3.0 Bin\XWorm V3.0 Bin\Builder.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\4bce81f89c3ee2eff4c7e395d6e3dc0c\Admin@FCYEIXNJ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\desktop.ini | C:\Users\Admin\Desktop\XWorm V3.0 Bin\XWorm V3.0 Bin\XWorm V3.0 Bin\Builder.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\b6a1fda535893e3951eeb1fdb2c82063\Admin@FCYEIXNJ_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\desktop.ini | C:\Users\Admin\Desktop\XWorm V3.0 Bin\XWorm V3.0 Bin\XWorm V3.0 Bin\Builder.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | mediafire.com | N/A | N/A |
| N/A | mediafire.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | mediafire.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | icanhazip.com | N/A | N/A |
Looks up geolocation information via web service
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\perfh007.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfc009.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfh00A.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfc010.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfh010.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfc00C.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfh010.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfc007.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfc011.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfc010.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfh011.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfh00C.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfh00C.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfc011.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfc00A.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfc00C.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfh007.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfh009.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfh00A.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfh009.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfh011.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfc007.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfc009.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfc00A.dat | C:\Windows\system32\lodctr.exe | N/A |
Checks installed software on the system
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Temp\{B2C503D4-A2D5-433F-95D5-7E0D1225ECAB}\.cr\python-3.10.2-amd64.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Temp\{B2C503D4-A2D5-433F-95D5-7E0D1225ECAB}\.cr\python-3.10.2-amd64.exe | N/A |
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0 | C:\Users\Admin\Desktop\XWorm V3.0 Bin\XWorm V3.0 Bin\XWorm V3.0 Bin\Builder.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Users\Admin\Desktop\XWorm V3.0 Bin\XWorm V3.0 Bin\XWorm V3.0 Bin\Builder.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0 | C:\Users\Admin\Desktop\XWorm V3.0 Bin\XWorm V3.0 Bin\XWorm V3.0 Bin\Builder.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Users\Admin\Desktop\XWorm V3.0 Bin\XWorm V3.0 Bin\XWorm V3.0 Bin\Builder.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Desktop\XWorm V3.0 Bin\XWorm V3.0 Bin\XWorm V3.0 Bin\Builder.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Desktop\XWorm V3.0 Bin\XWorm V3.0 Bin\XWorm V3.0 Bin\Builder.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Desktop\XWorm V3.0 Bin\XWorm V3.0 Bin\XWorm V3.0 Bin\Builder.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff4864ab58,0x7fff4864ab68,0x7fff4864ab78
C:\Users\Admin\AppData\Local\Temp\python-3.10.2-amd64.exe
"C:\Users\Admin\AppData\Local\Temp\python-3.10.2-amd64.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1896 --field-trial-handle=1952,i,15610469715716752386,13520923855303157785,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1952,i,15610469715716752386,13520923855303157785,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2172 --field-trial-handle=1952,i,15610469715716752386,13520923855303157785,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=3116 --field-trial-handle=1952,i,15610469715716752386,13520923855303157785,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=3148 --field-trial-handle=1952,i,15610469715716752386,13520923855303157785,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --mojo-platform-channel-handle=4276 --field-trial-handle=1952,i,15610469715716752386,13520923855303157785,131072 /prefetch:1
C:\Windows\Temp\{B2C503D4-A2D5-433F-95D5-7E0D1225ECAB}\.cr\python-3.10.2-amd64.exe
"C:\Windows\Temp\{B2C503D4-A2D5-433F-95D5-7E0D1225ECAB}\.cr\python-3.10.2-amd64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\python-3.10.2-amd64.exe" -burn.filehandle.attached=596 -burn.filehandle.self=548
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4920 --field-trial-handle=1952,i,15610469715716752386,13520923855303157785,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 --field-trial-handle=1952,i,15610469715716752386,13520923855303157785,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 --field-trial-handle=1952,i,15610469715716752386,13520923855303157785,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --mojo-platform-channel-handle=1640 --field-trial-handle=1952,i,15610469715716752386,13520923855303157785,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3356 --field-trial-handle=1952,i,15610469715716752386,13520923855303157785,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4956 --field-trial-handle=1952,i,15610469715716752386,13520923855303157785,131072 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3888,i,6959856223548986108,4217696995639198458,262144 --variations-seed-version --mojo-platform-channel-handle=4116 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --mojo-platform-channel-handle=5240 --field-trial-handle=1952,i,15610469715716752386,13520923855303157785,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 --field-trial-handle=1952,i,15610469715716752386,13520923855303157785,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --mojo-platform-channel-handle=2372 --field-trial-handle=1952,i,15610469715716752386,13520923855303157785,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4468 --field-trial-handle=1952,i,15610469715716752386,13520923855303157785,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4784 --field-trial-handle=1952,i,15610469715716752386,13520923855303157785,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --mojo-platform-channel-handle=5256 --field-trial-handle=1952,i,15610469715716752386,13520923855303157785,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5604 --field-trial-handle=1952,i,15610469715716752386,13520923855303157785,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 --field-trial-handle=1952,i,15610469715716752386,13520923855303157785,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=5760 --field-trial-handle=1952,i,15610469715716752386,13520923855303157785,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=4412 --field-trial-handle=1952,i,15610469715716752386,13520923855303157785,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 --field-trial-handle=1952,i,15610469715716752386,13520923855303157785,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4556 --field-trial-handle=1952,i,15610469715716752386,13520923855303157785,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Desktop\XWorm V3.0 Bin\XWorm V3.0 Bin\XWorm V3.0 Bin\Builder.exe
"C:\Users\Admin\Desktop\XWorm V3.0 Bin\XWorm V3.0 Bin\XWorm V3.0 Bin\Builder.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Users\Admin\Desktop\XWorm V3.0 Bin\XWorm V3.0 Bin\XWorm V3.0 Bin\Builder.exe
"C:\Users\Admin\Desktop\XWorm V3.0 Bin\XWorm V3.0 Bin\XWorm V3.0 Bin\Builder.exe"
C:\Users\Admin\Desktop\XWorm V3.0 Bin\XWorm V3.0 Bin\XWorm V3.0 Bin\XWorm V3.0.exe
"C:\Users\Admin\Desktop\XWorm V3.0 Bin\XWorm V3.0 Bin\XWorm V3.0 Bin\XWorm V3.0.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\XWorm V3.0 Bin\XWorm V3.0 Bin\XWorm V3.0 Bin\Fixer.bat" "
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
C:\Windows\SysWOW64\chcp.com
chcp 65001
C:\Windows\system32\lodctr.exe
lodctr /r
C:\Windows\SysWOW64\netsh.exe
netsh wlan show profile
C:\Windows\SysWOW64\findstr.exe
findstr All
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
C:\Windows\SysWOW64\chcp.com
chcp 65001
C:\Windows\SysWOW64\netsh.exe
netsh wlan show networks mode=bssid
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\XWorm V3.0 Bin\XWorm V3.0 Bin\XWorm V3.0 Bin\Fixer.bat"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
C:\Windows\SysWOW64\chcp.com
chcp 65001
C:\Windows\SysWOW64\netsh.exe
netsh wlan show profile
C:\Windows\SysWOW64\findstr.exe
findstr All
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
C:\Windows\SysWOW64\chcp.com
chcp 65001
C:\Windows\SysWOW64\netsh.exe
netsh wlan show networks mode=bssid
C:\Windows\system32\lodctr.exe
lodctr /r
C:\Users\Admin\Desktop\XWorm V3.0 Bin\XWorm V3.0 Bin\XWorm V3.0 Bin\Builder.exe
"C:\Users\Admin\Desktop\XWorm V3.0 Bin\XWorm V3.0 Bin\XWorm V3.0 Bin\Builder.exe"
C:\Users\Admin\Desktop\XWorm V3.0 Bin\XWorm V3.0 Bin\XWorm V3.0 Bin\XWorm V3.0.exe
"C:\Users\Admin\Desktop\XWorm V3.0 Bin\XWorm V3.0 Bin\XWorm V3.0 Bin\XWorm V3.0.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
C:\Windows\SysWOW64\chcp.com
chcp 65001
C:\Windows\SysWOW64\netsh.exe
netsh wlan show profile
C:\Windows\SysWOW64\findstr.exe
findstr All
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
C:\Windows\SysWOW64\chcp.com
chcp 65001
C:\Windows\SysWOW64\netsh.exe
netsh wlan show networks mode=bssid
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f8 0x49c
C:\Users\Admin\Desktop\XWorm V3.0 Bin\XWorm V3.0 Bin\XWorm V3.0 Bin\Builder.exe
"C:\Users\Admin\Desktop\XWorm V3.0 Bin\XWorm V3.0 Bin\XWorm V3.0 Bin\Builder.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
C:\Windows\SysWOW64\chcp.com
chcp 65001
C:\Windows\SysWOW64\netsh.exe
netsh wlan show profile
C:\Windows\SysWOW64\findstr.exe
findstr All
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
C:\Windows\SysWOW64\chcp.com
chcp 65001
C:\Windows\SysWOW64\netsh.exe
netsh wlan show networks mode=bssid
C:\Users\Admin\Desktop\XWorm V3.0 Bin\XWorm V3.0 Bin\XWorm V3.0 Bin\Builder.exe
"C:\Users\Admin\Desktop\XWorm V3.0 Bin\XWorm V3.0 Bin\XWorm V3.0 Bin\Builder.exe"
C:\Users\Admin\Desktop\XWorm V3.0 Bin\XWorm V3.0 Bin\XWorm V3.0 Bin\Builder.exe
"C:\Users\Admin\Desktop\XWorm V3.0 Bin\XWorm V3.0 Bin\XWorm V3.0 Bin\Builder.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
C:\Windows\SysWOW64\chcp.com
chcp 65001
C:\Windows\SysWOW64\netsh.exe
netsh wlan show profile
C:\Windows\SysWOW64\findstr.exe
findstr All
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
C:\Windows\SysWOW64\chcp.com
chcp 65001
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
C:\Windows\SysWOW64\netsh.exe
netsh wlan show networks mode=bssid
C:\Windows\SysWOW64\chcp.com
chcp 65001
C:\Windows\SysWOW64\netsh.exe
netsh wlan show profile
C:\Windows\SysWOW64\findstr.exe
findstr All
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
C:\Windows\SysWOW64\chcp.com
chcp 65001
C:\Windows\SysWOW64\netsh.exe
netsh wlan show networks mode=bssid
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 4.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 172.217.16.238:443 | clients2.google.com | udp |
| GB | 172.217.16.238:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mediafire.com | udp |
| US | 104.16.113.74:443 | mediafire.com | tcp |
| US | 104.16.113.74:443 | mediafire.com | tcp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | 74.113.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 104.16.113.74:443 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| DE | 18.64.79.96:443 | cdn.amplitude.com | tcp |
| US | 8.8.8.8:53 | 72.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.79.64.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| NL | 157.240.247.8:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | 8.247.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| GB | 172.217.169.46:443 | translate.google.com | tcp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 44.227.246.182:443 | api.amplitude.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.200.42:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 182.246.227.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| NL | 157.240.247.8:443 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| GB | 142.250.187.234:443 | translate.googleapis.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| GB | 172.217.16.227:443 | www.google.co.uk | tcp |
| BE | 74.125.71.155:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.71.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | secure.gravatar.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 192.0.73.2:443 | secure.gravatar.com | tcp |
| NL | 157.240.247.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 2.73.0.192.in-addr.arpa | udp |
| GB | 142.250.200.42:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| BE | 74.125.71.155:443 | stats.g.doubleclick.net | udp |
| GB | 172.217.16.227:443 | www.google.co.uk | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | 35.247.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.35:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | 35.169.217.172.in-addr.arpa | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | 116.32.239.216.in-addr.arpa | udp |
| GB | 142.250.187.234:443 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | www6.mediafire.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| GB | 172.217.169.46:443 | translate.google.com | udp |
| US | 8.8.8.8:53 | 73.79.16.104.in-addr.arpa | udp |
| GB | 142.250.187.234:443 | translate-pa.googleapis.com | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| GB | 172.217.169.35:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 104.193.132.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 104.16.113.74:443 | www.mediafire.com | udp |
| GB | 142.250.200.42:443 | translate.googleapis.com | udp |
| GB | 142.250.200.42:443 | translate.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | upload.ee | udp |
| DE | 57.129.39.102:443 | upload.ee | tcp |
| DE | 57.129.39.102:443 | upload.ee | tcp |
| US | 8.8.8.8:53 | www.upload.ee | udp |
| DE | 57.129.39.102:80 | www.upload.ee | tcp |
| DE | 57.129.39.102:443 | www.upload.ee | tcp |
| DE | 57.129.39.102:443 | www.upload.ee | tcp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| GB | 2.18.109.243:443 | s7.addthis.com | tcp |
| US | 8.8.8.8:53 | du0pud0sdlmzf.cloudfront.net | udp |
| GB | 2.18.109.243:443 | s7.addthis.com | tcp |
| DE | 54.230.55.123:443 | du0pud0sdlmzf.cloudfront.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | pogothere.xyz | udp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | tcp |
| US | 172.67.220.203:443 | pogothere.xyz | tcp |
| US | 172.67.220.203:443 | pogothere.xyz | tcp |
| US | 8.8.8.8:53 | lcolumnstoodthe.info | udp |
| US | 8.8.8.8:53 | deedeisasbeaut.info | udp |
| US | 8.8.8.8:53 | ghabovethec.info | udp |
| GB | 18.239.236.118:443 | lcolumnstoodthe.info | tcp |
| US | 8.8.8.8:53 | 102.39.129.57.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.109.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.55.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | supervisofosevera.com | udp |
| US | 104.21.15.106:443 | deedeisasbeaut.info | tcp |
| GB | 18.244.140.100:443 | ghabovethec.info | tcp |
| US | 8.8.8.8:53 | getrunkhomuto.info | udp |
| US | 172.67.220.203:443 | pogothere.xyz | udp |
| GB | 143.204.176.76:443 | getrunkhomuto.info | tcp |
| GB | 18.172.153.27:443 | supervisofosevera.com | tcp |
| GB | 18.172.153.27:443 | supervisofosevera.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| NL | 157.240.247.35:443 | www.facebook.com | udp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.200.42:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 203.220.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.236.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.15.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.140.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.176.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.153.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.102.250.142.in-addr.arpa | udp |
| US | 104.21.15.106:443 | deedeisasbeaut.info | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| BE | 74.125.71.155:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | tcp |
| GB | 18.239.236.118:443 | lcolumnstoodthe.info | tcp |
| US | 8.8.8.8:53 | 1.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | iheru.dwhitdoedsrag.org | udp |
| US | 54.225.185.110:443 | iheru.dwhitdoedsrag.org | tcp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 110.185.225.54.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 54.225.185.110:443 | iheru.dwhitdoedsrag.org | tcp |
| US | 8.8.8.8:53 | icanhazip.com | udp |
| US | 104.16.185.241:80 | icanhazip.com | tcp |
| US | 8.8.8.8:53 | api.mylnikov.org | udp |
| US | 104.21.44.66:443 | api.mylnikov.org | tcp |
| US | 8.8.8.8:53 | 241.185.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.telegram.org | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 8.8.8.8:53 | 66.44.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.167.154.149.in-addr.arpa | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 8.8.8.8:53 | pastebin.com | udp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 8.8.8.8:53 | 24.19.67.172.in-addr.arpa | udp |
| US | 104.16.185.241:80 | icanhazip.com | tcp |
| US | 104.21.44.66:443 | api.mylnikov.org | tcp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 104.16.185.241:80 | icanhazip.com | tcp |
| US | 104.21.44.66:443 | api.mylnikov.org | tcp |
| US | 8.8.8.8:53 | api.telegram.org | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 104.16.185.241:80 | icanhazip.com | tcp |
| US | 104.21.44.66:443 | api.mylnikov.org | tcp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| US | 104.16.185.241:80 | icanhazip.com | tcp |
| US | 104.21.44.66:443 | api.mylnikov.org | tcp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 104.16.185.241:80 | icanhazip.com | tcp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 104.21.44.66:443 | api.mylnikov.org | tcp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:8808 | tcp | |
| N/A | 127.0.0.1:7707 | tcp |
Files
\??\pipe\crashpad_2668_VVGTPHWLZKTYYQJR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Windows\Temp\{B2C503D4-A2D5-433F-95D5-7E0D1225ECAB}\.cr\python-3.10.2-amd64.exe
| MD5 | 76ff12f0cd0e44ef355f1d30d1392a40 |
| SHA1 | 7c9636454af4bba15734517d2c9fed79f137b5da |
| SHA256 | 1f0f331e97c74dfa18fc7d19baef82bfe19324d9c79fab775f82ca55cc7b59cb |
| SHA512 | c2703111891e08675e74c79a3e2620fb650c4c99bbefc298e12bc948ba015e9c02ce7f4e5930c0c3f1f7b6dfaf17f385cfc994b68b7ea63f776a2f61e5741ce7 |
C:\Windows\Temp\{1D168801-2361-41BD-B3CE-4625CC7F4813}\.ba\PythonBA.dll
| MD5 | 75f826580b0fb706f7ee5f6e0724e294 |
| SHA1 | 0a8bfd587ddef14158e2abacd1f32afda4ce1f44 |
| SHA256 | 66de728be20d862415dfa189526c4351305845179c65605e210961c720620251 |
| SHA512 | af528020d19a6453febd11323e02a0d595639b8c73ed5a24107eed3ffc94747770d7b028d262d387e571971a45dc16c71817bc7f6ee38fa08a377e3f19f04d28 |
C:\Windows\Temp\{1D168801-2361-41BD-B3CE-4625CC7F4813}\.ba\SideBar.png
| MD5 | ca62a92ad5b307faeac640cd5eb460ed |
| SHA1 | 5edf8b5fc931648f77a2a131e4c733f1d31b548e |
| SHA256 | f3109977125d4a3a3ffa17462cfc31799589f466a51d226d1d1f87df2f267627 |
| SHA512 | f7b3001a957f393298b0ff2aa08b400f8639f2f0487a34ac2a0e8d9519765ac92249185ebe45f907bc9d2f8556fdd39095c52f890330a35edf71ae49df32e27a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c04e12e777c07f63826803fe53e00125 |
| SHA1 | fa0e803a20ae73f0502663770baa32776a0ba91d |
| SHA256 | 8e5533c5da609db4a5ad375499e25819420ec8a0c7fe52676dbd42cb0b440414 |
| SHA512 | 2b740f655b949ad8f498b25cdc21230d756f6c7edc20046791664e9d509b22c34721d1e5b2aba91b1afb0480fcf6e39ce0079ee1286c633a9c202970e9829971 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8c4dcdb2c74915c9cc318d38b4fcf6c0 |
| SHA1 | f86e146a80b9d0f610e49e6f4c6cc36027466472 |
| SHA256 | f1717b7fb2b9a12f6901951203d047e21dd98ae296072c0ec8f64f3fcfd83312 |
| SHA512 | 693e450760281fa505f4e4e0aa9751788ac4d2a588f98be0167663292a676c94dcfe7559b7ce1578819d1ef8bf12e0e65fac6335fc32225a96f0aa2d368ce835 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | aca8a05c575d7e6157d6c85d4483841a |
| SHA1 | b8f4ff5aa63fa2f398259999572d6c36c4fd04e4 |
| SHA256 | ffde43df93a16641ae92bd683100ab095a6a3e99efbc3d8d3c23a4f00fc784c3 |
| SHA512 | fab3e09db0aaffb5077dc0a4916069c116c71232a018d71ac032558fb8271efe16a00789f8a13aeaa0f3230d354f61b6c1948c5b73da666d41dc1b644b2cb7a2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 0d108c2b7cc36285696c1ddeaee45a1d |
| SHA1 | 2c9fd8b4ad6814b936c45e0afeb3b7cae7cd8f78 |
| SHA256 | 3cfc3fea82faeede5f5a996fb062236c09bd895637ede241f644450ddabb2e9a |
| SHA512 | 8ac2d5578d0014930f0c490b2cdf21eb84aff372b367df593e297d20ae2b01075a2d2ef52e116d5f60a8cdd75ae70fd9c0b9942ebb786b8a5783b4fe813f910f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9dfc9fa5b4c44e40bad7efe7a2ca655d |
| SHA1 | 193241e6f2595f6902a8fe894bc8cb57f24e1153 |
| SHA256 | 582ec25d99eece83d9aed343e574eef07f77da9df377127d1c9f55189907ee64 |
| SHA512 | a73a199352733ec5b41c12e6a893f173aeed06445418759d093330e382a961007c0364067c19b450c06420ebcbc877959366bbbeef95d4a9e57f7a7e0064f32a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 02e21fb4e04280b9cefc7b9e7d7d8148 |
| SHA1 | 86a906dc81b81f61af4f0bce6e47da54a8f73a19 |
| SHA256 | 95bd0bc5b21850c11425005b61227e6164b51227a1eac718426353a2e8fa8461 |
| SHA512 | 8f9caf89023277e7237e40abc8a4d39d20b3671a736d6fe4abe38882601dfca08e5f66a1c8d33c1c5172134b9b853ac15bd4426a50351da50b297a695aeab9c6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | f4ca16be06a9b6a053209a29e79f80a4 |
| SHA1 | d650a55542c0f55b05cc006a864663201fe6c5f8 |
| SHA256 | cba1be74704d1f2fcd8baf89e0a79987ed04544296dedf77a9a088513226c8ad |
| SHA512 | 179635e844560bd1f4b65ba15826ceffd94b44260ae7cec91a5b786eb0e2a30fc5252ce5b5ad3eff745046fe50ac4f6dbbb5029606b9480b05238d80610f120a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 747e1a56aa1271ac30c43c4bad29100f |
| SHA1 | 40f9fcdf35a84c0bcf0f977399ddeebcf83e73d7 |
| SHA256 | c2eb39c046231da847c7c197a2b05b602655fd2c95120aae1c20fc040c3496d4 |
| SHA512 | 53e7ed484894a95bf2e7566750c056139b8be767617382e284b8c57ee07968857226b9f102b1ff03ad920f24b5f9163e0fe146fbd5ca14c9a6fd2e39c4de6e03 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ef4e6c63a8de24979e75813899b10eb2 |
| SHA1 | 680efa0ac76d9a3c24823c535584af73cdf97676 |
| SHA256 | 7a4f4603cb188fda8dd622a4e6fe033a1abc6e835fc7e1083309d002109b59c3 |
| SHA512 | 3f5d7f46a962c721dfdffb558f1de3867f40e9a93eb83e72e811b104f6a000e827689f7edceed630f10665d9d20b02576707f230fa4393bac435c49ae41c448d |
memory/4756-201-0x0000000000FB0000-0x0000000000FFA000-memory.dmp
memory/4076-204-0x000001E386870000-0x000001E386871000-memory.dmp
memory/4076-203-0x000001E386870000-0x000001E386871000-memory.dmp
memory/4076-202-0x000001E386870000-0x000001E386871000-memory.dmp
memory/4756-205-0x00000000058A0000-0x0000000005906000-memory.dmp
memory/4076-211-0x000001E386870000-0x000001E386871000-memory.dmp
memory/4076-215-0x000001E386870000-0x000001E386871000-memory.dmp
memory/4076-212-0x000001E386870000-0x000001E386871000-memory.dmp
memory/4076-210-0x000001E386870000-0x000001E386871000-memory.dmp
memory/4076-214-0x000001E386870000-0x000001E386871000-memory.dmp
memory/4076-209-0x000001E386870000-0x000001E386871000-memory.dmp
memory/4076-213-0x000001E386870000-0x000001E386871000-memory.dmp
C:\Users\Admin\AppData\Local\4bce81f89c3ee2eff4c7e395d6e3dc0c\Admin@FCYEIXNJ_en-US\Browsers\Google\History.txt
| MD5 | 744bc9144cc6aaa911d4f90c5b6fefae |
| SHA1 | 8dc7763f83f49320179bc40f2545902150f99ff5 |
| SHA256 | 63b26c4916a7db34254486ddd6f033ba4fc404fe5c98434972973c76cd674bcc |
| SHA512 | 14ad3303ccadb84d5f42bfd3cce3bea9ccbc48be95111f8428821de0aabce0e31d79d53ba7f9560039a007560347c392b4f5c7ddedfefe2d76b16e52d305fbb4 |
C:\Users\Admin\AppData\Local\4bce81f89c3ee2eff4c7e395d6e3dc0c\Admin@FCYEIXNJ_en-US\Browsers\Google\History.txt
| MD5 | 82b00ffbf76c94fad25c2eb129dccae7 |
| SHA1 | c042bd8f96b623b41fbd0a4630db4af4d23ba712 |
| SHA256 | 94f53107a862bb02594be7e286cd3618b00e2f41329c9b0278247e257bf77448 |
| SHA512 | 1a9c0c4d34bb995c7ab7771f07506e364b47b2653b66a2ff3d1f3e0265f6674accf4095759af79a851e93f50ba45280b56e6ebe36199953a0ce150787df2a4fa |
C:\Users\Admin\AppData\Local\4bce81f89c3ee2eff4c7e395d6e3dc0c\Admin@FCYEIXNJ_en-US\Browsers\Firefox\Bookmarks.txt
| MD5 | 2e9d094dda5cdc3ce6519f75943a4ff4 |
| SHA1 | 5d989b4ac8b699781681fe75ed9ef98191a5096c |
| SHA256 | c84c98bbf5e0ef9c8d0708b5d60c5bb656b7d6be5135d7f7a8d25557e08cf142 |
| SHA512 | d1f7eed00959e902bdb2125b91721460d3ff99f3bdfc1f2a343d4f58e8d4e5e5a06c0c6cdc0379211c94510f7c00d7a8b34fa7d0ca0c3d54cbbe878f1e9812b7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | ce7855ec83b35ea8e93a9e0e89139b12 |
| SHA1 | c40051fd6085dea0f31785b83c268a195536563a |
| SHA256 | 19009caf9ea9f4536e98ba9b999f109fc66966931e0b9ef458b227ed52ecc029 |
| SHA512 | a4d71258c512b33d4b5b57eb5fa7e757b8ebef3d531317590d2d2c1b57d80601fea8df5dcbbcb42e1b7af53374ca672192ecd99f60b238cdd66102bfa4679b77 |
C:\Users\Admin\AppData\Local\4bce81f89c3ee2eff4c7e395d6e3dc0c\Admin@FCYEIXNJ_en-US\System\Process.txt
| MD5 | 9581e464fed860ad7cb109760b93dcd1 |
| SHA1 | 8fbd542df219d7f60a6ad86ba4d765fd4b3d2784 |
| SHA256 | 9263ad05905ea838e5e98658d6ac16cd09d7677479e4f5b1452828b4c4bb7709 |
| SHA512 | d396f01bd439a7a9407551f3c053e084e77cecd55e5b1902446d5a90543ac6624ff1654bf5193f274410bd90ef26e9ae300ec92fab27c3d856ab9e512b15da6a |
memory/1156-366-0x0000025FE87D0000-0x0000025FE8EFA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmpC77A.tmp.dat
| MD5 | a146b07d36c77deb545345f9fe3ddd75 |
| SHA1 | a0c87bf2dbe1dccdcbd2f68f2c366d273d247192 |
| SHA256 | f28113548245d5faa6e48dcbd57e80a29081d017b95808697347619b89d42c9b |
| SHA512 | 5cad32cef6e57d99c0e4508ae7f727055b0350a54578b65e1cf7f2fac319c07e32bb931740b4466d343be3c1178cf796067f467a2ccb56d7a60473258ff078cb |
C:\Users\Admin\AppData\Local\Temp\tmpC7AB.tmp.dat
| MD5 | 280d0d576cc8302dc483695ab2a76ef7 |
| SHA1 | 7641333ca134b8f507046a4b92674ef48d20e4ee |
| SHA256 | 15e1b6bd397772024d3bc44b6772c0780639d23ff582027e0738e1dee0e0fb14 |
| SHA512 | ff8c21b7da132100b6501882f66a5b052742ae9f2b88eb2b1e8a4f09267dd64b963a1b88eb5737b3c173b0a7a83431719839a6c00c8a2aff59a0ec872be3d45f |
C:\Users\Admin\AppData\Local\Temp\tmpC8A8.tmp.dat
| MD5 | 73d744a8e8033f343403358e3cad07b5 |
| SHA1 | 424a3f29d1794f1eda595758b0c4e01cd25d2c9b |
| SHA256 | 5cf92bb56d79629edc3fe42f1e880b596e47a9ff2450e1d134dccdde8cb93731 |
| SHA512 | 80c6c3fea713a7797772c725d1cf464870bb4aed23b8904cdfa39f8c022882c72be0a9adc5439f7b71bd43311cd6dc1f9e19b032bac26fe40b44e3d4f3b573b4 |
C:\Users\Admin\AppData\Local\Temp\places.raw
| MD5 | 46ca5e06e3f5fb88dc47ea8b952f3d27 |
| SHA1 | ba8eadadca2c34c115b667781ec0cfc928819adc |
| SHA256 | 9ae16bb881de7ad516bb3e3c608ed5faf53fa942f950219bcdb7c05298c0e2fc |
| SHA512 | 661eda3f781c44d86c84d28f4809f8cc805bf9506a761fa7b6d1bc03ed269835f7acdce40851331a2d680425f9f07aa67213d09cd1f86fd7ccb05df91d3b42b7 |
memory/1156-479-0x0000025FEC8C0000-0x0000025FED3D6000-memory.dmp
memory/4756-506-0x0000000005D30000-0x0000000005DC2000-memory.dmp
memory/4756-508-0x0000000006830000-0x0000000006DD4000-memory.dmp
C:\Windows\System32\perfc011.dat
| MD5 | 50681b748a019d0096b5df4ebe1eab74 |
| SHA1 | 0fa741b445f16f05a1984813c7b07cc66097e180 |
| SHA256 | 33295c7ee1b56a41e809432bc25dd745ba55b2dc91bfa97aa1f55156880cd71a |
| SHA512 | 568439b3547dcbcce28499d45663fdd0e2222f6c5c90053769ce2585f65721f679c071393328bde72c9a3f03da4c17abb84b8303897688b59598887ceb31438e |
C:\Windows\System32\perfh007.dat
| MD5 | 8e549f070ac8bb646d0c34569ad6d880 |
| SHA1 | 2a9bd2f7378ef5e85831cf590d9d735e9645f49e |
| SHA256 | b08ebaa7d8ba93702ba84a59f41c0faed94273203d353c4f3cad31530d1b3751 |
| SHA512 | 10c3a012dc64fdcb5bb0d8fe03aa771b936e78092de33e029658ad18e8c4771cddb84e6057b79bf8e6e90a8f3972f4bb1cad16f3cc96c13527289f3477f5fbd5 |
C:\Windows\System32\perfh009.dat
| MD5 | 367662b55faba4e0728f3c296daa92a7 |
| SHA1 | 1775899bd0f1bb5cf945910db18aa3a9d4d15b7a |
| SHA256 | c2ea1af1c970468f522e354c8e47b121b66a0d0428a8400f4a5cb03216368ce1 |
| SHA512 | 283e9cf2bf6fe904b530bd188347641c1d30b27c95d89552e18aa33be1c7e2840f10a09868a2862ee53bb805cef2cdbb31b8db391ca140b5dda27058dcad11ce |
C:\Windows\System32\perfc00A.dat
| MD5 | 70c7ba068b82106810720fdec5406762 |
| SHA1 | 744c05ee14ea69e9706a07967b4ca1597298729d |
| SHA256 | f3fccee564956fd81a1bba3477a18b04197bccf5efa057713c92a77b266c7b33 |
| SHA512 | 14bb6e89946abcc10f640e2d553623b319c829e31ff872be0976c3d0419bc8ac656e4774333d4040df9507f064e9f92347677f4b20c66317fffaabed5bb1c4b4 |
C:\Windows\System32\perfh011.dat
| MD5 | 394e68a48cbedf2aa4290ad4be6c1254 |
| SHA1 | e9b5a4204bedd201adfee94cd4bd475f92d508a0 |
| SHA256 | 48dbdc9f160e51c14f7cf0f4f31856fc5c51bb5a157eefc9159612227def9d88 |
| SHA512 | 5b3ebefb252a4ea2b5504fdb79fba35f256ee544df6385eeb47a05be4eddd41063fe9a025d5e8393d34cc34abd431810b5c5cc21c777316200c9cfa769fcfd6c |
C:\Windows\System32\perfc007.dat
| MD5 | 3fe48fb25091a9d13b94f8b81c1be040 |
| SHA1 | 21f5adcd4f852b3e3a84ae7788ede8f2f26a6515 |
| SHA256 | d5d9ec6461c30880496d1ee5a8d770d59ced59d1b28e015d08d44832ced60591 |
| SHA512 | e02f495ee34dd013bba39a1c4a8bf22db122d54fcda84a8aa8557462a2f13a058f05d0eb13a817ba45b5527f830492e5a00365b5eb4122ed6b8f28a9ffd2d308 |
C:\Windows\System32\perfc010.dat
| MD5 | 9c127d90b405f6e4e98e60bb83285a93 |
| SHA1 | 358b36827fb8dbfd9f268d7278961ae3309baaa1 |
| SHA256 | 878a012b076c81d7b46068109d9b9e1a86aa8527d87d0baee47b59b07502c578 |
| SHA512 | bd80bb82e6f2375107153b7da67ce4a3ab3d457103a8371f93e130edece21791d8a716ab9793b74c6b5ab10166ccb52aee430bc4b63403b7e4749d7db9929e73 |
C:\Windows\System32\perfh010.dat
| MD5 | 4e277d7a9304103e3b68291044c7db6b |
| SHA1 | b23864c76259c674ac2bc0210dab181bfc04dedf |
| SHA256 | 5dc2192236274fda886a0c0f396646f9292000ba33bd0e2061a65bc06639be16 |
| SHA512 | 094477571cb17d7b19f6e81ef237c579f03c944745499b2e537d77972da89f8f4baa0825c3f79993d96116aa071bbc776a96f55cf8ab3f60698c2c4e03e36957 |
C:\Windows\System32\perfc00C.dat
| MD5 | 0cfd5298e63f44351ebca47f6a491fbe |
| SHA1 | b86c08b13f0e60f664be64cb4077f915f9fc1138 |
| SHA256 | 562261cc16c6e5e2e3841a1ba79083293baa40330fb5d4f7f62c3553df26ccb3 |
| SHA512 | 549e5c28598ac2a6b11936aa90f641dfa794c04dd642309d08ef90a683d995d8f2d3a69ee2ecd74adae5beb19e9de055e71670922d738bd985657ffe75ebe235 |
C:\Windows\System32\perfh00C.dat
| MD5 | d5972cca5d434d4ca1742fe0a5ddd5d4 |
| SHA1 | a3cdc3ad50ff9ba19722f2e2cb76f95b60bd92b2 |
| SHA256 | f85cfffd1414d3e975f430a1e2f2a3b473ee8995a961dfb103fe18d5bf06e321 |
| SHA512 | 2ce34cf9b868fda0852e6b0d805171fcfda00c0c6cf044bf8831e6fa2aef4933ae00a8eaf757c09d67c30ae7ab58136959351f7d04d8ba6921f51fc87378565c |
C:\Windows\System32\perfh00A.dat
| MD5 | 893d78f82b3994cf86b3c8c80cd7ad6a |
| SHA1 | a68cfd50ebc35eee62c84f0fd74d20d1e0bb1476 |
| SHA256 | 411b7581b0af88caa8c75409dc83ac8b521ba4d987d9347402438be16d31097c |
| SHA512 | 7f7cc32aca4f023f34e4ab7a51fbd0ca0b0ea51fde6d79b9a4322bee9b4d55800a981b2d97007ceadfa609767b7d84e9eebd8b3e92f9cb68855625a25767f42b |
C:\Users\Admin\AppData\Local\b6a1fda535893e3951eeb1fdb2c82063\Admin@FCYEIXNJ_en-US\System\Process.txt
| MD5 | 2f13984ae57642e6b09fd87e8633b8e4 |
| SHA1 | 39dfa367a4d48aaa804be1ba8779b83da8286ab7 |
| SHA256 | f92bb78ee7ed227d1d03e7bc602156dd145396693b12cca861785d5cb36dbac2 |
| SHA512 | 4b07e8b8d4f8b101a1f2cdf30f88e3104c2e7790bb2a9c2f4ef4b521393572b68c0435b3454adce6e5d81f617efce4730a18e5a7b40ba80df289f156a18f1d06 |
memory/4756-1159-0x00000000060B0000-0x00000000060BA000-memory.dmp
C:\Windows\system32\perfh007.dat
| MD5 | b9a5000ea316ac348cf77beb0e5bc379 |
| SHA1 | 4e666af14169eb10a0a08ac2f5ed5ecf4764df46 |
| SHA256 | 1b25a6879c667258cdb900683004ef007c6b3a1a933d823b124d9a6acf9de608 |
| SHA512 | 9fd911586a0aebec11c48e9f78de3b3f6e41c98a2770f5ac10d0a3947b4b3f326a8c5028c478c8634fb84a071186606e69a7aff83b1cf972d4728e3923503118 |
C:\Windows\system32\perfc010.dat
| MD5 | 0515a1da37c05145889c952be393545b |
| SHA1 | 2dfd0c6c788a28de47f0074b2b63e78e973da745 |
| SHA256 | 445ffb36cf57e356c8a81a3b0879f664c3027fda0fe9b8b08a41a1aa51884637 |
| SHA512 | a3a1acb3ebfff3a64a2a26130877c9fc9acf02d08f02c0053dd038bebff5fc5b1a25b9641c2eb003c389034455e44c7aa1d4c719a9e6e91e1acc7cee2b00f93d |
C:\Windows\system32\perfh010.dat
| MD5 | a5389200f9bbc7be1276d74ccd2939b4 |
| SHA1 | 8d6f17c7d36f686e727b6e7b3a62812297228943 |
| SHA256 | 494db162e2ccd95e69404a34170b6e59847f444881834f3c175c6bc70d783087 |
| SHA512 | fc1d1e81362d186410b4af3d6add3c8b32fdd75ea79b7e868cc16615358264af04f47170229d32dffcbf7e1ba2b841ccd2d4f27b0f8d82a0685806c22d3d0a92 |
C:\Windows\system32\perfh00C.dat
| MD5 | d0a8d13996333367f0e1721ca8658e00 |
| SHA1 | f48f432c5a0d3c425961e6ed6291ddb0f4b5a116 |
| SHA256 | 68a7924621a0fbc13d0ea151617d13732a991cef944aae67d44fc030740a82e9 |
| SHA512 | 8a68c62b5fc983975d010ae6504a1cbfdf34d5656e3277d9a09eb92929e201e27ca7bd2030740c8240a4afd56af57c223b4fd6de193bedf84ac7238777310de4 |
C:\Windows\system32\perfc00C.dat
| MD5 | 372fe4caff0b3e4226b9b2f724c46d65 |
| SHA1 | f46867fb163fde8b9f63375ec0d68341db458be0 |
| SHA256 | 83d5ef4c544b86a89fa179d6c8487a23867816bddd136df26be91e2bb53230ad |
| SHA512 | 31cd6b936b0882884e1ecc47d46eaff86ef9cf49cb8600213d6e3c3145a85f30aeb1fa3cf5634d7ea0c5dd6af7f5e209208cb978e7f7d9424f65c469c612b9e3 |
C:\Windows\system32\perfh00A.dat
| MD5 | 1402add2a611322eb6f624705c8a9a4e |
| SHA1 | d08b0b5e602d4587e534cf5e9c3d04c549a5aa47 |
| SHA256 | 0ac43c8e77edb2c1468420653fc5d505b26cdc4da06c4121ce4bbecae561e6cb |
| SHA512 | 177d5ea7e77eee154042b5e064db67a5cac9435890a2ff65cd98da21433f4e7de743e9df22ac0ac61be89fc0be8655b46454ed4a930d13fc7c1dfebe5896781f |
memory/4756-1335-0x0000000006140000-0x0000000006152000-memory.dmp
C:\Users\Admin\AppData\Local\b6a1fda535893e3951eeb1fdb2c82063\msgid.dat
| MD5 | cfcd208495d565ef66e7dff9f98764da |
| SHA1 | b6589fc6ab0dc82cf12099d1c2d40ab994e8410c |
| SHA256 | 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9 |
| SHA512 | 31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99 |
C:\Windows\system32\perfc00A.dat
| MD5 | 8bab87294d0cc2cf5959a6c0f3018ab6 |
| SHA1 | 58fe3d9997dfb9cf009f4eadafae81e473c317c0 |
| SHA256 | 426e0fc5c43c06d5b0986b27367e2faccb117a845355bb87ffef441184ab154f |
| SHA512 | e748f1efd020e754afd04aefcbb71955ed37ca4f32dd27481a38691cb386433b76eb8879d0f328f342c4e276ba7f37878ec17b230d7e8d308f115996499386c2 |
C:\Windows\system32\perfh009.dat
| MD5 | 1ad05e460c6fbb5f7b96e059a4ab6cef |
| SHA1 | 1c3e4e455fa0630aaa78a1d19537d5ff787960cf |
| SHA256 | 0ae16c72ca5301b0f817e69a4bac29157369ecfbadc6c13a5a37db5901238c71 |
| SHA512 | c608aa10b547003b25ff63bb1999a5fff0256aadd8b005fdd26569a9828d3591129a0f21c11ec8e5d5f390b11c49f2ef8a6e36375c9e13d547415e0ec97a398f |
C:\Windows\system32\perfc009.dat
| MD5 | 1e60bc5e525063b96078df17fbd3c4e1 |
| SHA1 | bae8eda409cb3e016ddd420c6354aeaac2d267b9 |
| SHA256 | a0894847ca6208cf7e519d8e825458596bbcd78156a453e32872de7592ea20d8 |
| SHA512 | 5758d535e4ce20cc30b9b57fea1811feffb2655ecc6eec69c942defb4b4f8c06e8e37860f85ec7cad26df9d7635ecaf131a68ec4ee291aa36e448c7ef2339652 |
C:\Windows\system32\perfh011.dat
| MD5 | b80ff435d9aee22369f6246d7a2d9478 |
| SHA1 | 05a278e903c2dfdd689418c8fb3bc432581b8a82 |
| SHA256 | 4e14ba5f6e55a50ea95256ca14b35f0e70def0ad3505a84c593e48e9de0914a5 |
| SHA512 | c63d06d1f7247a8164923d1ae4e6d457324dde2edcd31a910e5e685c10d3cf79160a9e476d521eb559dcdfdbc167e461b6d04867772b8c7f6b23556eb303ea97 |
C:\Windows\system32\perfc011.dat
| MD5 | 76b1f6a65baedbdbc6d058f5abf0b628 |
| SHA1 | a9a30da4d3a25d148f8e6defd917bf4bbcc95882 |
| SHA256 | b2b8592ae3cd9c2e2b55a8a4cdd16a34854f0d2c4f7c2e68427ecbcd19b6280a |
| SHA512 | 54bee70adacfdf9881373c96ff1a7f73657c1a1a0596f95cd63d72183e6883cb396ae4e79ac26c9ac51165d25e50d916ef462bcdb3c6a4ad0ef8346e6038749c |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\XWorm V3.0.exe.log
| MD5 | a9141ed1837f780cf691c7ce790db9c5 |
| SHA1 | 86d5a6683a0031226f8477cb2d60edf65325f1ec |
| SHA256 | cf428d3c771587984baaea34a2f01139009f4493431db844f2114daff8f958f0 |
| SHA512 | c573c632ab243eb226a878e67c03b328f341ccd8c8696c0f0b6ef7bf6cbc1ae72a1444fa4ac831547590b9420092b4a43528bcffc5ddeeaca071cdb951fa4bd3 |
C:\Users\Admin\AppData\Local\6a4443820b599dd34591c67474587ad8\Admin@FCYEIXNJ_en-US\Grabber\DRIVE-C\Users\Admin\Desktop\XWorm V3.0 Bin\XWorm V3.0 Bin\XWorm V3.0 Bin\Readme.txt
| MD5 | 85122ad50370f9a829b6602384b1b644 |
| SHA1 | 6d0dc94e7fe82650422a17368314da0da58af6b5 |
| SHA256 | 444cbc7b57b4a6198ee1474fd9623e1afcb8c7a0b180f05e961a822f4365499b |
| SHA512 | a3ccd49bc0424534ba3b5ee558709022dd31d257ca48fd2eb8d7305ec098dc9275e016da332d293b7cdbdc5e91b82c7602c15abc52c0c0c4f3c81d4126b4afd6 |
C:\Users\Admin\AppData\Local\6a4443820b599dd34591c67474587ad8\Admin@FCYEIXNJ_en-US\Grabber\DRIVE-C\Users\Admin\Desktop\desktop.ini
| MD5 | 9e36cc3537ee9ee1e3b10fa4e761045b |
| SHA1 | 7726f55012e1e26cc762c9982e7c6c54ca7bb303 |
| SHA256 | 4b9d687ac625690fd026ed4b236dad1cac90ef69e7ad256cc42766a065b50026 |
| SHA512 | 5f92493c533d3add10b4ce2a364624817ebd10e32daa45ee16593e913073602db5e339430a3f7d2c44abf250e96ca4e679f1f09f8ca807d58a47cf3d5c9c3790 |
C:\Users\Admin\AppData\Local\6a4443820b599dd34591c67474587ad8\Admin@FCYEIXNJ_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\Camera Roll\desktop.ini
| MD5 | d48fce44e0f298e5db52fd5894502727 |
| SHA1 | fce1e65756138a3ca4eaaf8f7642867205b44897 |
| SHA256 | 231a08caba1f9ba9f14bd3e46834288f3c351079fcedda15e391b724ac0c7ea8 |
| SHA512 | a1c0378db4e6dac9a8638586f6797bad877769d76334b976779cd90324029d755fb466260ef27bd1e7f9fdf97696cd8cd1318377970a1b5bf340efb12a4feb4a |
C:\Users\Admin\AppData\Local\6a4443820b599dd34591c67474587ad8\Admin@FCYEIXNJ_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\desktop.ini
| MD5 | 29eae335b77f438e05594d86a6ca22ff |
| SHA1 | d62ccc830c249de6b6532381b4c16a5f17f95d89 |
| SHA256 | 88856962cef670c087eda4e07d8f78465beeabb6143b96bd90f884a80af925b4 |
| SHA512 | 5d2d05403b39675b9a751c8eed4f86be58cb12431afec56946581cb116b9ae1014ab9334082740be5b4de4a25e190fe76de071ef1b9074186781477919eb3c17 |
C:\Users\Admin\AppData\Local\6a4443820b599dd34591c67474587ad8\Admin@FCYEIXNJ_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\Saved Pictures\desktop.ini
| MD5 | 87a524a2f34307c674dba10708585a5e |
| SHA1 | e0508c3f1496073b9f6f9ecb2fb01cb91f9e8201 |
| SHA256 | d01a7ef6233ef4ab3ea7210c0f2837931d334a20ae4d2a05ed03291e59e576c9 |
| SHA512 | 7cfa6d47190075e1209fb081e36ed7e50e735c9682bfb482dbf5a36746abdad0dccfdb8803ef5042e155e8c1f326770f3c8f7aa32ce66cf3b47cd13781884c38 |
C:\Users\Admin\AppData\Local\6a4443820b599dd34591c67474587ad8\Admin@FCYEIXNJ_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\desktop.ini
| MD5 | 3a37312509712d4e12d27240137ff377 |
| SHA1 | 30ced927e23b584725cf16351394175a6d2a9577 |
| SHA256 | b029393ea7b7cf644fb1c9f984f57c1980077562ee2e15d0ffd049c4c48098d3 |
| SHA512 | dbb9abe70f8a781d141a71651a62a3a743c71a75a8305e9d23af92f7307fb639dc4a85499115885e2a781b040cbb7613f582544c2d6de521e588531e9c294b05 |
C:\Users\Admin\AppData\Local\6a4443820b599dd34591c67474587ad8\Admin@FCYEIXNJ_en-US\Grabber\DRIVE-C\Users\Admin\Documents\desktop.ini
| MD5 | ecf88f261853fe08d58e2e903220da14 |
| SHA1 | f72807a9e081906654ae196605e681d5938a2e6c |
| SHA256 | cafec240d998e4b6e92ad1329cd417e8e9cbd73157488889fd93a542de4a4844 |
| SHA512 | 82c1c3dd163fbf7111c7ef5043b009dafc320c0c5e088dec16c835352c5ffb7d03c5829f65a9ff1dc357bae97e8d2f9c3fc1e531fe193e84811fb8c62888a36b |
C:\Users\Admin\AppData\Local\6a4443820b599dd34591c67474587ad8\Admin@FCYEIXNJ_en-US\Browsers\Google\Downloads.txt
| MD5 | 7a01df9067b43643c7d7878b617fb861 |
| SHA1 | 7a8f3cf11b726b8ff38e8b8a05293f503fbb1bb8 |
| SHA256 | 58da8432380d3420659e3623b85315dfc56442f3f2714318279e4044741515cd |
| SHA512 | 5cf36c4194d8eb2a4786c56a7b5497c930e3123163a95d5ddeb0221c30f705102f21c602eeec1a49be728bdb5284887c53fdfe63a973f1f46b6cbe13e8a6e67c |
C:\Users\Admin\AppData\Local\Temp\tmp63FA.tmp.dat
| MD5 | 8f5942354d3809f865f9767eddf51314 |
| SHA1 | 20be11c0d42fc0cef53931ea9152b55082d1a11e |
| SHA256 | 776ecf8411b1b0167bea724409ac9d3f8479973df223ecc6e60e3302b3b2b8ea |
| SHA512 | fde8dfae8a862cf106b0cb55e02d73e4e4c0527c744c20886681245c8160287f722612a6de9d0046ed1156b1771229c8950b9ac036b39c988d75aa20b7bac218 |
C:\Users\Admin\AppData\Local\Temp\tmp647F.tmp.dat
| MD5 | d367ddfda80fdcf578726bc3b0bc3e3c |
| SHA1 | 23fcd5e4e0e5e296bee7e5224a8404ecd92cf671 |
| SHA256 | 0b8607fdf72f3e651a2a8b0ac7be171b4cb44909d76bb8d6c47393b8ea3d84a0 |
| SHA512 | 40e9239e3f084b4b981431817ca282feb986cf49227911bf3d68845baf2ee626b564c8fabe6e13b97e6eb214da1c02ca09a62bcf5e837900160cf479c104bf77 |
C:\Users\Admin\AppData\Local\Temp\tmp643F.tmp.dat
| MD5 | 827e1cf88899907badcfa03032cac087 |
| SHA1 | 6e73bf6559ad16e86f77aa802ea119eae25c5a28 |
| SHA256 | 8e9adaa5e4db956c5d3e7f351895d077ec0c970e53df4648817940c2c8e09167 |
| SHA512 | b4c9f6c134db44e9d71371ab7a9f9633448aea603b5f446d00a06bd6d04642b3f0d0ce670e06d34dd78bf046d9a247d63719cccbd54f76b2be647ba556aaf4bb |
C:\Users\Admin\AppData\Local\Temp\tmp643E.tmp.dat
| MD5 | 7872fbf0a1bb518682babda3d8dc7b4e |
| SHA1 | 9714d4f9f7e7c3b9a99f656b88b3a10cbd9c65e4 |
| SHA256 | a821fa964b5c5273f0e4696e98815f07113c85436cc468f41f39722e7d2767c2 |
| SHA512 | f91bb32e1675f822af53ebc91dc5764625b13bc2e365dcf795e1132525857e5d43a18b2f53b4bb70722aef7a0eafd5b3e4d1805f8567d325d34ae41c281832c0 |
C:\Users\Admin\AppData\Local\6a4443820b599dd34591c67474587ad8\Admin@FCYEIXNJ_en-US\Directories\Documents.txt
| MD5 | f4cf79c19d4de392d1b67e5acc967a96 |
| SHA1 | 53dcf173e601b449b059379f14d434e6353759f5 |
| SHA256 | d8e2a3d78770ae4f3d27e6b19491650c871710a371e7972f92bb3dd13849735d |
| SHA512 | 07307c0e295d94942d5761fd8e80c41f3a812e824c6af2f48c0ec9a55b428f41212a1cc7cc9e6a4a915019e46f4913520b891743a17f03262257ce41845128fe |
C:\Users\Admin\AppData\Local\6a4443820b599dd34591c67474587ad8\Admin@FCYEIXNJ_en-US\Directories\Desktop.txt
| MD5 | 05ab0a474942eb2b64d5637768e43477 |
| SHA1 | cc50326c277d10bbf3242e07ba3f0689c0a0eead |
| SHA256 | f941c8e261fd3b56f5ec955fcdbe9d3b0244e639dc31d4b0b6212562da4044eb |
| SHA512 | 7d512f0e193804298510240e6650f7fd332d8011f39852641e4ff16c27c4eddb754ef7d0e8aaaa7a9ed3d089dffac5ee95e19cd0a30c0ae49e07304267f7100e |
C:\Users\Admin\AppData\Local\6a4443820b599dd34591c67474587ad8\Admin@FCYEIXNJ_en-US\Directories\Videos.txt
| MD5 | 1fddbf1169b6c75898b86e7e24bc7c1f |
| SHA1 | d2091060cb5191ff70eb99c0088c182e80c20f8c |
| SHA256 | a67aa329b7d878de61671e18cd2f4b011d11cbac67ea779818c6dafad2d70733 |
| SHA512 | 20bfeafde7fec1753fef59de467bd4a3dd7fe627e8c44e95fe62b065a5768c4508e886ec5d898e911a28cf6365f455c9ab1ebe2386d17a76f53037f99061fd4d |
C:\Users\Admin\AppData\Local\6a4443820b599dd34591c67474587ad8\Admin@FCYEIXNJ_en-US\Directories\Downloads.txt
| MD5 | d27923a08080758c11271c5d464fc1f8 |
| SHA1 | 4446847164cb2ff8062084855b39773b4563d8f7 |
| SHA256 | 3eb198b511919296273c5b85bb3fc0861437d4100fa966836a5d8c07593996ee |
| SHA512 | cdc8d422f8d61c10e8e9b66561ad4d2127b81d41ea327679ad641416ae6fe88a29ca082ddc0d1cad331b060125f85644ebf533f304df615b282eeb845199f504 |
C:\Users\Admin\AppData\Local\6a4443820b599dd34591c67474587ad8\Admin@FCYEIXNJ_en-US\Directories\Temp.txt
| MD5 | bb88062cd0043b12b403dcb2edf708e5 |
| SHA1 | 6a73b00c30514c285070c4d05025bb682910fc70 |
| SHA256 | da17aea7a3fed2b442218c129bbbdd25c08f9442532bf2678b71470b8c994f23 |
| SHA512 | e2cdee9fb906687da179195518ab6917bf5ac91bccd08e55a4cb868c6be8e1d2500ae192218612f1406bd4be20f16da77221d3dae178c4e1f292b5fa379f63f2 |
C:\Users\Admin\AppData\Local\6a4443820b599dd34591c67474587ad8\Admin@FCYEIXNJ_en-US\Directories\OneDrive.txt
| MD5 | 966247eb3ee749e21597d73c4176bd52 |
| SHA1 | 1e9e63c2872cef8f015d4b888eb9f81b00a35c79 |
| SHA256 | 8ddfc481b1b6ae30815ecce8a73755862f24b3bb7fdebdbf099e037d53eb082e |
| SHA512 | bd30aec68c070e86e3dec787ed26dd3d6b7d33d83e43cb2d50f9e2cff779fee4c96afbbe170443bd62874073a844beb29a69b10c72c54d7d444a8d86cfd7b5aa |
C:\Users\Admin\AppData\Local\6a4443820b599dd34591c67474587ad8\Admin@FCYEIXNJ_en-US\Directories\Startup.txt
| MD5 | 68c93da4981d591704cea7b71cebfb97 |
| SHA1 | fd0f8d97463cd33892cc828b4ad04e03fc014fa6 |
| SHA256 | 889ed51f9c16a4b989bda57957d3e132b1a9c117ee84e208207f2fa208a59483 |
| SHA512 | 63455c726b55f2d4de87147a75ff04f2daa35278183969ccf185d23707840dd84363bec20d4e8c56252196ce555001ca0e61b3f4887d27577081fdef9e946402 |
C:\Users\Admin\AppData\Local\6a4443820b599dd34591c67474587ad8\Admin@FCYEIXNJ_en-US\Directories\Pictures.txt
| MD5 | dd5c7754794863fb0bb811d51d30c056 |
| SHA1 | b504b915558911f1d0bd87db2f929b313fc7deb8 |
| SHA256 | 0798eba38430df53c2d8c747a29a39f0c996e9e5bef4252242f0e7d018676acc |
| SHA512 | c7b3d546e69d8cb9f0fd57c0d4830a57ffd17af9bc0b9263f65af0840951b9ee76f3afb458d8717978b17fb951020ff3ac6cf4ca647715aa6442222bff0b502e |
C:\Users\Admin\AppData\Local\6a4443820b599dd34591c67474587ad8\Admin@FCYEIXNJ_en-US\System\Process.txt
| MD5 | 475460b147a0fd49e1537e9a11b12e8d |
| SHA1 | 8f28bed0c78351e3a50437db500a6db682010bb2 |
| SHA256 | 93b9f9a65401489e5a3f79f12ef0a81f64715684973e41ad6bdb70662a6ae468 |
| SHA512 | 65a8b516af67030b431d76f43162db3fe1ad448f837c1747efc4491160cc7be7e6d0d76d347222c057169327980618b0ee59910afa98e8b00bdf13d7cc701159 |
C:\Users\Admin\AppData\Local\6a4443820b599dd34591c67474587ad8\Admin@FCYEIXNJ_en-US\System\WorldWind.jpg
| MD5 | 6c43207fbca593e00f427a406f2926c2 |
| SHA1 | 14af48b220d3ec9fd0f6823585f0802e35a77faf |
| SHA256 | a591dc1bfed6acc477a091fa3759b8e8a24f268290eeb8337897ea24b76a3e3e |
| SHA512 | 0efb4e1fd25381007291351a57c0cb10d667bdc3694174821fdc72d1a17cae7d75107aada078d3f6dc74323dd017fa984780ba2ac839a4eed1e349b350e561c1 |
C:\Users\Admin\AppData\Local\6a4443820b599dd34591c67474587ad8\Admin@FCYEIXNJ_en-US\System\ScanningNetworks.txt
| MD5 | 58cd2334cfc77db470202487d5034610 |
| SHA1 | 61fa242465f53c9e64b3752fe76b2adcceb1f237 |
| SHA256 | 59b3120c5ce1a7d1819510272a927e1c8f1c95385213fccbcdd429ff3492040d |
| SHA512 | c8f52d85ec99177c722527c306a64ba61adc3ad3a5fec6d87749fbad12da424ba6b34880ab9da627fb183412875f241e1c1864d723e62130281e44c14ad1481e |
C:\Users\Admin\AppData\Local\6a4443820b599dd34591c67474587ad8\Admin@FCYEIXNJ_en-US\System\ProductKey.txt
| MD5 | 71eb5479298c7afc6d126fa04d2a9bde |
| SHA1 | a9b3d5505cf9f84bb6c2be2acece53cb40075113 |
| SHA256 | f6cadfd4e4c25ff3b8cffe54a2af24a757a349abbf4e1142ec4c9789347fe8b3 |
| SHA512 | 7c6687e21d31ec1d6d2eff04b07b465f875fd80df26677f1506b14158444cf55044eb6674880bd5bd44f04ff73023b26cb19b8837427a1d6655c96df52f140bd |
C:\Windows\system32\perfc009.dat
| MD5 | 6ba86043d5bb686959fccfc96b66a406 |
| SHA1 | 1a0124b6bf961cc0b4dcb39fc0553b8b51f3bcae |
| SHA256 | ef92dae76f5fb86dc1946dd90308670a7b9b0f9a2d015dfdc5a949a9a57deff1 |
| SHA512 | 475dbbbe812391d0d6b51232d2fb74dd3546511fd56c8baf5b2fc11bf315e61a1bd621fd64c68ffbfc62a2cfb2695c7ecb7eb6cb68e0b0e8c69ccd7615e11341 |
C:\Users\Admin\AppData\Local\5ad6d1b108ad80ef730197e1b2c85a31\Admin@FCYEIXNJ_en-US\System\Process.txt
| MD5 | 7ed5a8ca1ca30f47dc7de170ca7e89d9 |
| SHA1 | ad3500ea5511fc60c2040530fbe5519b26e73754 |
| SHA256 | e5a76d9e78053458a975b40295d0ffca17f5d75f1ec2aa2f105a0334aced5a1e |
| SHA512 | 8b93ba57f92b719c24f999fe499c09b21ad5586747b79d05f8d4e8ca430885377cd3e0e7484815385a586959789910419c0ce25bcdfd7e0b9bd1675174d7b3db |
C:\Users\Admin\AppData\Local\5ad6d1b108ad80ef730197e1b2c85a31\Admin@FCYEIXNJ_en-US\System\Process.txt
| MD5 | f2fc47f4732c8b8eb0c1e0fff0ba6435 |
| SHA1 | aeba563840c6aee404dc665f6ed569e61912f69e |
| SHA256 | bb09417f41b08627feeebb1051b420e08abdab7bbaa3bac55992bbeb57073311 |
| SHA512 | 04c01875225a374fb9ef3b9a1c2007e170cd9a59590a8b43320767399aefcb7bdc172082b73cbc54358d0c036b0e53e9053f5495a035dc7a2af7b47fc78c7208 |
C:\Users\Admin\AppData\Local\5ad6d1b108ad80ef730197e1b2c85a31\Admin@FCYEIXNJ_en-US\System\Windows.txt
| MD5 | c18da227c6da8ae3f0d046ae30cfe0f3 |
| SHA1 | ac96d9a4060cbf343c452c614329f055f8bdccae |
| SHA256 | f11d345fe7370897c4c0e6861c3b4f680e6b3dbaf6739e2681a96003dd4bea5b |
| SHA512 | b1aded7558cb62ed845bc33e5fa95dc43e317682261406a590d15d5a0de296eae0eb8de4836267751342c835fec6813249e50c7de2ffc7e6eb29dfeb3f0f06c0 |
C:\Users\Admin\AppData\Local\5ad6d1b108ad80ef730197e1b2c85a31\Admin@FCYEIXNJ_en-US\System\Windows.txt
| MD5 | cba48aae7f8ed072c82186c8d5b434f6 |
| SHA1 | 990359fea82241550f330f1360795cd8dc381a96 |
| SHA256 | 4428a3a1c30f21dad58c46271d82fc45e6836fe52cd89acce753224117dba6b5 |
| SHA512 | c69351230d4c8503ecc5aaf263802acaa66f2b5a249e66da22c6284dca67968deb73961c5c40e8b300fb05275aa0fa4cd81e9b4d9f606c5d69554d6fcefc9af4 |
C:\Users\Admin\AppData\Local\0190c5cc6755edc6f533ea7377655365\Admin@FCYEIXNJ_en-US\System\Process.txt
| MD5 | c0e370d5a76db036203a0f30ecd743b2 |
| SHA1 | 3d69ed806946920b90b81145aece57b5aa592407 |
| SHA256 | e9f88dabcf6db4725d4233643fc6fc16f598341b5e95cba09791fb215530666e |
| SHA512 | 94eaa163a9bd5d067f4982a50cd42946bcdbc84e1d0c4ebf988d5f8a5ef63e7acdeeea4cbc2621eeb7b72411a1f8542a1517848cd4ec9fdb25586aa039cc984b |
C:\Users\Admin\AppData\Local\0190c5cc6755edc6f533ea7377655365\Admin@FCYEIXNJ_en-US\System\Process.txt
| MD5 | aa77db19364858bab00ce95516ccd21f |
| SHA1 | f1e10377ab570b2cdcf69b4869341e8f7ca1f447 |
| SHA256 | ee8f76385501c07860a31e22ef66da9ee7f9d09ecf4e88d94d192deb6d992ff1 |
| SHA512 | f65c718b0a3c3527ced9add3adb4da656e18ab0ff8dccf73ac7271f062d4f735e2249d40bf8ef913b82db2d156293abc91039974b8268c3fb0c8d29671387846 |
C:\Users\Admin\AppData\Local\0190c5cc6755edc6f533ea7377655365\Admin@FCYEIXNJ_en-US\System\Process.txt
| MD5 | d137fb9768c5ab5f6f75e13fc1855518 |
| SHA1 | 251ef0da55cfd8fe031a1b6320183b8b5ee710e5 |
| SHA256 | 89f8cd2d041dea1f375f0c3f8340f1a7ef3229e50076f93f22f115c7b21129ef |
| SHA512 | c4bd8c6f03890eb132459db1c15e0a06025857e5cbfe3a7f2583ee893047f47d653743a19a4eeaf1cbe5a7fa6f0dc6c059702637d5bbe77e3853b3b0ef23b09c |
C:\Users\Admin\AppData\Local\0190c5cc6755edc6f533ea7377655365\Admin@FCYEIXNJ_en-US\System\Process.txt
| MD5 | 87ca6ac958a4fe2a79d6921bbd84e0af |
| SHA1 | 7ef6c95f8303b4d1e9670a321707ed6fe048aa67 |
| SHA256 | 7bd3efca77acd0a79578b5b9c0fd470ef0d324c3723fc1161ba6b2cbad353b2a |
| SHA512 | 0858a02ce0eae87d639e2c98a2e6d1a9937a39de786f94503c27a23c7a34828c7b19b2da601910015e33fcacb6ddd74a3c47aea876b1a3c4f2503a9ee7acf829 |
C:\Users\Admin\AppData\Local\6a4443820b599dd34591c67474587ad8\Admin@FCYEIXNJ_en-US\System\Process.txt
| MD5 | 84365d59cd1e9a334fb0c56265c78426 |
| SHA1 | 6f88bd9d7fc4fabc1a7906b47b6a882b097202a5 |
| SHA256 | 7bd5b1bdc735dd463a749cb97cd1c98a3316af9d2c6cb32ead02845646725632 |
| SHA512 | b19b68f19f4e8145269426cb782cc5eda0d0f06fe4795e8f2f188c5ff73acab25117743aa08e08323cbb4b45e6d49485acb7d6fa93f6cc0482d14f536ebbe5ec |
C:\Users\Admin\AppData\Local\6a4443820b599dd34591c67474587ad8\Admin@FCYEIXNJ_en-US\System\Process.txt
| MD5 | 33b30b43675f68f4fd92b2045919cd82 |
| SHA1 | 74f54a90dbbaf1d9c8c912233e084b38cf6a8ee5 |
| SHA256 | 6c4044456d35aff958293510f1ff3332f3628589f1fd6e8d84cd1c3219e0a588 |
| SHA512 | ac9df2af40b7096285234592d28586793657793f9662b44e663e1aa74be0eb42cb3a7e5f1a23cba4f563ca366dbc51301c776d8523255a1e98ceaea8d070a494 |
C:\Users\Admin\AppData\Local\6a4443820b599dd34591c67474587ad8\Admin@FCYEIXNJ_en-US\System\Process.txt
| MD5 | 55252741a8a214c6bf2d08b7d85de557 |
| SHA1 | 4ffbc2a970ee21e825da0e06df9fda68c4aa51cc |
| SHA256 | 099c2e7538d9322302c23de448ba913a25f5fab6077fa6085f602396a74a0a92 |
| SHA512 | 55078508204f9853fddfbffe199a93b2b74cdba6c2d4a9a2754dd294d8eb46767f2c1e3125c30d38c75c75c4148f40bbad127b82a07ffe09a392e1513da33608 |
C:\Users\Admin\AppData\Local\0190c5cc6755edc6f533ea7377655365\Admin@FCYEIXNJ_en-US\System\Windows.txt
| MD5 | 05a814e2f721d1ca12ad0a4280719f91 |
| SHA1 | 89c8f2bf6a20fb7b455a4b946bac024067b24041 |
| SHA256 | 72538c39d4c1f891d0bd5c200e2436e32713c8c81a4452f0e32c3bf832d89c61 |
| SHA512 | 018735405170e0f6dfada7cd30b47a7720a1665d889a33c6ece9d245c7d6138d486a1fbab14cc29605f977e36b7799591bdf5d03bd5d0055c3b356718064757f |