General Info

File name

GandCrab 5.0.3 downloader.js

Full analysis
https://app.any.run/tasks/5c1bed7b-40e0-4619-b6a5-5cc89a754c27
Verdict
Malicious activity
Analysis date
10/10/2018, 12:13:12
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
ransomware
gandcrab
Indicators:

MIME:
text/plain
File info:
ASCII text, with very long lines, with CRLF line terminators
MD5

595a31a4913951d3eb7211618ae75dea

SHA1

16dbfe657ac36a8d84af411f13ebff1ccc5e56ad

SHA256

be6a4997fdf6ea0d74a973ae0a361ebcc4cbbc74a5801e75a76bb52a2b424e34

SSDEEP

12288:lNelh1RLsMUu8HRCTEr45VYYtkG8eAVIsNOd:lNelh1RLsMUu8HRCR3UeAVIsNs

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
on
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Deletes shadow copies
  • wermgr.exe (PID: 2772)
Renames files like Ransomware
  • wermgr.exe (PID: 2772)
Dropped file may contain instructions of ransomware
  • wermgr.exe (PID: 2772)
Actions looks like stealing of personal data
  • wermgr.exe (PID: 2772)
Writes file to Word startup folder
  • wermgr.exe (PID: 2772)
Application was dropped or rewritten from another process
  • dsoyaltj.exe (PID: 3420)
GandCrab keys found
  • wermgr.exe (PID: 2772)
Starts CMD.EXE for commands execution
  • wermgr.exe (PID: 2772)
Reads Internet Cache Settings
  • wermgr.exe (PID: 2772)
Creates files like Ransomware instruction
  • wermgr.exe (PID: 2772)
Executable content was dropped or overwritten
  • WScript.exe (PID: 2816)
Creates files in the user directory
  • wermgr.exe (PID: 2772)
Dropped object may contain TOR URL's
  • wermgr.exe (PID: 2772)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

Screenshots

Processes

Total processes
41
Monitored processes
6
Malicious processes
3
Suspicious processes
0

Behavior graph

+
drop and start start wscript.exe dsoyaltj.exe no specs #GANDCRAB wermgr.exe wmic.exe no specs cmd.exe no specs timeout.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2816
CMD
"C:\Windows\System32\WScript.exe" "C:\Users\admin\AppData\Local\Temp\GandCrab 5.0.3 downloader.js"
Path
C:\Windows\System32\WScript.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft ® Windows Based Script Host
Version
5.8.7600.16385
Modules
Image
c:\windows\system32\wscript.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sxs.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\jscript.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\msisip.dll
c:\windows\system32\wshext.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\scrobj.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\scrrun.dll
c:\windows\system32\wshom.ocx
c:\windows\system32\mpr.dll
c:\windows\system32\wbem\wbemdisp.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\program files\common files\system\ado\msado15.dll
c:\windows\system32\msdart.dll
c:\windows\system32\mlang.dll
c:\windows\system32\propsys.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\sspicli.dll
c:\users\admin\dsoyaltj.exe
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll

PID
3420
CMD
"C:\Users\admin\dsoyaltj.exe"
Path
C:\Users\admin\dsoyaltj.exe
Indicators
No indicators
Parent process
WScript.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
www.sopcast.com
Description
SopCast Main Application
Version
4.2.0.800
Modules
Image
c:\users\admin\dsoyaltj.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mfc42.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\wermgr.exe

PID
2772
CMD
"C:\Windows\System32\wermgr.exe"
Path
C:\Windows\System32\wermgr.exe
Indicators
Parent process
dsoyaltj.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Problem Reporting
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\users\admin\appdata\local\temp\liebert.bmp
c:\windows\system32\wermgr.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\mpr.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
c:\windows\system32\propsys.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\wbem\wmic.exe
c:\windows\system32\iconcodecservice.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll

PID
116
CMD
"C:\Windows\system32\wbem\wmic.exe" shadowcopy delete
Path
C:\Windows\system32\wbem\wmic.exe
Indicators
No indicators
Parent process
wermgr.exe
User
admin
Integrity Level
MEDIUM
Exit code
2147749908
Version:
Company
Microsoft Corporation
Description
WMI Commandline Utility
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\wbem\wmic.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\framedynos.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\common files\microsoft shared\office14\msoxmlmf.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\wbem\wmiutils.dll

PID
3432
CMD
"C:\Windows\System32\cmd.exe" /c timeout -c 5 & del "C:\Windows\System32\wermgr.exe" /f /q
Path
C:\Windows\System32\cmd.exe
Indicators
No indicators
Parent process
wermgr.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\timeout.exe

PID
3888
CMD
timeout -c 5
Path
C:\Windows\system32\timeout.exe
Indicators
No indicators
Parent process
cmd.exe
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
timeout - pauses command processing
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\timeout.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

Registry activity

Total events
568
Read events
533
Write events
35
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
2816
WScript.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2816
WScript.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2772
wermgr.exe
write
HKEY_CURRENT_USER\Software\ex_data\data
ext
2E0078006800610075006E000000
2772
wermgr.exe
write
HKEY_CURRENT_USER\Software\keys_data\data
public
0602000000A40000525341310008000001000100B5B6DF4755F8851F0F3345FD77E8E92425FE5B041E526F201237F099AC99A49091C5207C4A520E426BAEA83CE5B8E2501B914DAE7F11BE92271DCC7C8C9215E90AEFA9AA7070E04E0D2DA1B3B30088359BB2EDE43BAE52FED2626D7A9FE44C04CF7367854CC36197D4CCE92E4CA9C46DB3DE2B8D2AFD9A06EB6116BFB929A148051B9832DFD5A7FB2B0B6DC3B94A728BDD351663F0F61E13D16E8FE9C4D51CED12DBDE6E8E10AA24B65F876BF05D5D11B55C95C1612A4EC46C30C14DBC628FCD56E3EFFE9357D737CEF39EB528F2D8C88A0E99DBD2F71820717663725CE20B70402B653C67D85E3A5D4D78FCE740628CE6CE4F99830527F7F04809BB4FB18EEE
2772
wermgr.exe
write
HKEY_CURRENT_USER\Software\keys_data\data
private
9404000066703A0D6315579762A7879F77BAC972D702C4CAD3CADB9BBDF6172EE50D204B8D870B151374C796ED8DD953DB8E4B97C7DE9125B87C3D57ABF0D9685A20FA2004CB61FA4781EE91C26F00B779FB9EF9957C65BBE08F689405ADC45CEAEB07FB7B606B2619AC1A667EC0D2ABBDAD773D56FEF238F3DB12BEB7026FFC85AF80E3AFA3796A807EBAC46EF676C306E04A7CDD1DC8AD30AB3BCD5F27E84F8F16A1EF1F224B5CB02313F123A5F1B908AF72BBD38C7770F12A0E92DC970F30093AFC1F938AA0FCD2CC05044C66781A51A1B55B70A31B5125CC9CBFF04F45826B75791C4936AFB7ED1599D52FA4CD7F98AD6B50FEC9D5948AA30969A2E856421BDC5203E58602AD6F2E3FB733A81F4A5FB5D387F8C181ECA4D0AB3BB698295D52C22D2D4FAC03A0D41E454A8991E6CB8DFD9FB6C9C6ACC16C43A6529964B7AD50C1BBD390A3B0F83B4789C9505C1D83CB2CC59602921FED79EC89F18213CA3199A255C78E2EEF13A5E09C66FFFBB3A894B986DDAA0A4577524CF2A07DBA549FB88CF3EEDCD026F8919A540BD37E0B52740619BF36DF77EF60D54E4D9FD2A054A7297F500C27E1F35E85FE11583F2E229BEF8355FA242F5D1DE538E07329BE4C919D13BBD524F40536F244086EC5050CDDE4C973687A2B28A1E4E6ADFAC3B35C206D6D36DC750D9F892E22EF466A2D7DC69D2C31E784C79099ADB8267F093F3BF080D259DAA7928A28ACD48CB2B1AD5F41A953CAD1AC9ED2398E2E446D66DA7AA2100277E6E6F08523EB64AE532AD39E05A4CC7FCD50982369966A6B4457FC1F9FBDADBFF5DB684FABE98C8CE3F7DC82701560D4B7A0F5CE4C4D093120254B01380AB2618931F1A1A5273FD77F7A011808A9DBCCFBC89B0169CAB92295FEF9F88278869D64386C6DFA9C9C11990997056F6DDE918D264ABFB0735EEAC0F76D3193B51C0F62DCF0DFEA383DE2BFE4A54A49C71AB187D14239878EE48DC0DE3C331089DCB9B55F59F744E4E319B1DF257EC8D24437F678CA8BC6D99026A435ADF19FAB7185A61C17D8765D6B94268429D23EB6B81D6332082D11A4A320FFE40D37839B7A98D63320FE755B97C1807D2AA454984CA402BED7B52D7ED65D7D11397E21FF313C000FCADF1DA9EF7DCEAE8F15B3750BB03ED852F94B5CCEE0308E6A0673680DE4AFCFD833D3EBC3E40CA079E963AB52246B2FE1E6DB4B4330544625D11787A200CBF5EA815E9E38E3D339F885D5526411354A7D4F1D26CDC2F17402DC988BBB1FF2307FC82D3B973DFFD54CB4FF7E5A33441FE297F926C23E5E792D522177E8DC046AD07D6BAC61BAC69FF5E4DF35D039E09019842160C3F346722CCE75AFFC153D832AC062B4F0C89F2C7A41A07F498D0ACE51CC30BD65C777AC090082AC30FDBBC5D3E55CC3BAFD2E0D6A6532337916799CE8F627119A99F9520E3014984A05264839ADB494C191B2CEAAC993FF24C91B2E3AAE35394C9838A8026B1DAF2E05888F050CFFC80116082BFACF90AFABE0128C16E9A3A5AEDC694E2DA6622020040F3E51D313B89B6D55B46AA5A18D25FD96519152CCE3EF9EBEA343784D5EC2E863C32240D3F7D8018B0D36F8C642E2D0AB52508E1C11ACF40DFDA95856EB8798A09101A9AE35A6674BD40EBCBD15CEBFEA876AB9A4FAA7C04EAE65B3FA8558682C7D276812F712BF8605A1F957952463FFA65D0940A986D271AF229D9E955FB1FAE050C2A590CE277086F3845DFE6E51ADF2BA627FE4E5488B0EFD354655DBED554157350F11FA3CD368F4A045FAC4828C080D06D11B11B7093794D6C2B293A079E97B7865487DE2F2DF7C1FC36E486AE755CF702B2742AC5581EE30994316DF79F3FD35802C4F7F253BCC97E3962BA7CA61E16B3340C459500E891F1685E6EE4D311F17B7C4C5D4FE66FD69593ED292CE878EA724FFC110AACD9DB6E9C5BE3420E071442667347B155F5B6B7D7DD68C9FEB2BED2F33470BF8E1A1C0926A7B7C4BD3A6ACA86C1C0FAB8447A0B7A15DA32E7A3A56F927F95D06C7FAB0B45531CA68311305EA15887630C8A73AF80964EE77DD0CD09B23C8DF429DEA285E709345D48E1AB27025808AE7FC326BC8B69868308D3D7B1C409C2FFAA0207ED48A8AB9D20A71F13BFD91FB594716BB0CC7D4DF3FB9907FED4A673E897C527848BD588DFE2C1AA04A632D646355FA997B2D354FD13736043DD9B645B164E3EA042E881C7C4FB0399C92E8BDCBF971C998B0B149C0C05F24D58F39C056DE49380E5690946E190D232724259E3C743D577B946ECD67EE926668B43C11B716A442A9BD5DE1549A867A214146CF64B2E0395C243958909FD386F247FAA6DD8989CB930AC6C0E183E36E8BEBD020301628A67D29E701F60109C0
2772
wermgr.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2772
wermgr.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2772
wermgr.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\wermgr_RASAPI32
EnableFileTracing
0
2772
wermgr.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\wermgr_RASAPI32
EnableConsoleTracing
0
2772
wermgr.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\wermgr_RASAPI32
FileTracingMask
4294901760
2772
wermgr.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\wermgr_RASAPI32
ConsoleTracingMask
4294901760
2772
wermgr.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\wermgr_RASAPI32
MaxFileSize
1048576
2772
wermgr.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\wermgr_RASAPI32
FileDirectory
%windir%\tracing
2772
wermgr.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\wermgr_RASMANCS
EnableFileTracing
0
2772
wermgr.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\wermgr_RASMANCS
EnableConsoleTracing
0
2772
wermgr.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\wermgr_RASMANCS
FileTracingMask
4294901760
2772
wermgr.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\wermgr_RASMANCS
ConsoleTracingMask
4294901760
2772
wermgr.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\wermgr_RASMANCS
MaxFileSize
1048576
2772
wermgr.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\wermgr_RASMANCS
FileDirectory
%windir%\tracing
2772
wermgr.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2772
wermgr.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2772
wermgr.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US

Files activity

Executable files
1
Suspicious files
265
Text files
221
Unknown types
10

Dropped files

PID
Process
Filename
Type
2816
WScript.exe
C:\Users\admin\dsoyaltj.exe
executable
MD5: 95557a29de4b70a25ce62a03472be684
SHA256: 49b769536224f160b6087dc866edf6445531c6136ab76b9d5079ce622b043200
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: 21cbd43944795e428cf815e1d95a5833
SHA256: c4498e575f0875ccd19e3383d1e4eeab92e19e9f2102c1e03661898b594d8342
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: 0745849f89a8dd262a16edbe48ec2e3f
SHA256: 14f258ac3f5c565ebf84194a845b7863cd31c9e3058bd6527761ec633464ec93
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: 9fe4dad0ff5b037e612c1a2c8aafb22d
SHA256: c1cbdf155d5007938b2b2e014f7eeff13f99c5d1455c9ea537881df80b4f2c1c
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
text
MD5: c023712287367c2720c325cb3ce2ce81
SHA256: 9e1ffe575edfd5baf5aaa7016fbe4917119074e6475d9ef65d1f4116cd04aa1b
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
text
MD5: 7518d278461f7e3a617c951620c5a878
SHA256: 05014edab40dd2091aba05f6161147e86d79a292eeb269518d1f574a8c649c6a
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
text
MD5: 9be064b9045d61d27c15a71a63c6a6df
SHA256: 433648376bcb21ac35208c6b87787936636e1450ab03c388f9a2f84f2d8b0c80
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: 250f05c0104b283527eff1936264cfb1
SHA256: 6e205081f30fd58822c6434bedce79b433b6c1772344db317c5f0f1bb89d160e
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: 2f2a4395783f11b75c9c2e69fb950d8a
SHA256: 06b758b5605dacc10f64ba80a0e8f38a1293cfb819509550479c20d59bb8b656
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
text
MD5: 0a6a485206e714225d3a9eb3ea5ce93e
SHA256: 2b2291c9fabddb875f67394938581fe1136107dae9eac0fb57a7fbd7f69a0c3a
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: ee0c3c9298b52dc5ca7b12f53c78c11e
SHA256: 461ba4b19befcb7d96bb2e6f45c547481006a20abb469194bcdc4d64d1e41f4f
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
text
MD5: a80a1f59d4cc22d9c26b1cec4e306f19
SHA256: 323e1faf45503b4e9f5ee6c48387bd33d1de4dd0b125d01ff1d3069888530119
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
text
MD5: e18836ec6f56b099f7b3c0dfff873fe2
SHA256: b2f87d67845dfe7dece9b90e80e0702d89ac10c1b528eb48a5a61f5bd6e994d4
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: 384c3c512a1f217b75cd73dc751e2573
SHA256: dd148ba32421446a563532ad5b1dca65a2d8a3ad32fb5c5aa9643df7398c0de9
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: ac0550a86f414cab2ad5bcb434c88197
SHA256: b5136c5329472f446dc97fc79941c515f525896f4eaec01ff14d5301fa765534
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: 9c5aabaa506fc186acf08d2eb94acec3
SHA256: 844508b19292fac5497034eb13d1b1f024338fa08814c948c4a5d46298d15b28
2772
wermgr.exe
C:\Users\admin\AppData\Local\Temp\pidor.bmp
image
MD5: 35c35443b6ee3fa5135d3f30161e7a16
SHA256: 6b348b6bf7d18f90a87fcca3292d3338a4ec0fd202554518e2d146f1cf6f9a4f
2772
wermgr.exe
C:\Users\Public\Videos\Sample Videos\Wildlife.wmv.xhaun
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\Public\Videos\Sample Videos\Wildlife.wmv
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\Public\Videos\Sample Videos\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv.xhaun
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg.xhaun
binary
MD5: a8e9a01315ccf6c0f9fa10164333ae11
SHA256: 495e650d497660b32c2546318c2180937ff958c6823deef19b07b1360562654f
2772
wermgr.exe
C:\Users\Public\Recorded TV\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\Public\Recorded TV\Sample Media\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg.xhaun
binary
MD5: 1f5686ba15d8f084fd0a50acb8982c51
SHA256: 3437cbfd990c78a04f4cb47a9d3f25190b1d1a34c28c6d221e3a1e66472cdb01
2772
wermgr.exe
C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg.xhaun
binary
MD5: 08efc9a7ff609dd9419df121a6b75fa3
SHA256: 61d56c70570aaa3179ed173674fb0060cc711d2856d6064e15314c5843ca4aa7
2772
wermgr.exe
C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\Public\Pictures\Sample Pictures\Koala.jpg.xhaun
binary
MD5: 157b2cca6c4a748398ea59653590cf51
SHA256: 5f6e27e3e64e9d29b4d95b0b5f10983e7c6698a0d3353b45193472923875e79f
2772
wermgr.exe
C:\Users\Public\Pictures\Sample Pictures\Koala.jpg
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg.xhaun
binary
MD5: ae7b44d1a9b76f4bd2853839297b51e7
SHA256: f23b3b902d766997737d08c1539e626ff09b97a04fcdc6d10a8c77a1bcbecd28
2772
wermgr.exe
C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg.xhaun
binary
MD5: 49e75b2f63624cca5e6ef76cb7173634
SHA256: 8f2e74ed42d99595c042f9d87d5c650bdf2da0c1f4b9c538adcfcd9a1fa519e4
2772
wermgr.exe
C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\Public\Pictures\Sample Pictures\Desert.jpg.xhaun
binary
MD5: dc4e232a4614b9f403d7155cfdcad1c2
SHA256: 4d014e7c81f4f6ea288b999362dc7767aec95980bfd18bc329334039f9450c46
2772
wermgr.exe
C:\Users\Public\Pictures\Sample Pictures\Desert.jpg
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg.xhaun
binary
MD5: 30374af9400bde9170586be30c7b2780
SHA256: 138a963c2219b5a40198268f5b286dd9df2d407bba4415f28ef57394561c09d3
2772
wermgr.exe
C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\Public\Pictures\Sample Pictures\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\Public\Music\Sample Music\Sleep Away.mp3
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\Public\Music\Sample Music\Sleep Away.mp3.xhaun
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3.xhaun
binary
MD5: a6ebb08ddabaf21dea2badfe6065da92
SHA256: e6d3aa0b00aff3dd6987829c111415ea8c010f9825f93db51c5e3440add8b62f
2772
wermgr.exe
C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\Public\Music\Sample Music\Kalimba.mp3.xhaun
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\Public\Music\Sample Music\Kalimba.mp3
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\Public\Libraries\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\Public\Music\Sample Music\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\Public\Libraries\RecordedTV.library-ms.xhaun
binary
MD5: ab3bdae0853cdb243fa7b7f9e10da7bb
SHA256: de603304bed19b9a3a2e3bfd4d84274ae28bc68fcc4856b8e3c7938f954bd86e
2772
wermgr.exe
C:\Users\Public\Libraries\RecordedTV.library-ms
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\Public\Downloads\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\Public\Pictures\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\Public\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\Public\Documents\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\Public\Favorites\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\Public\Music\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\Public\Videos\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Templates\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\SendTo\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\Searches\Microsoft Outlook.searchconnector-ms.xhaun
binary
MD5: 7edb438190e656d745f5d18c20176021
SHA256: 7b31d534dc9829d6007d9ead67185295e1cc0a06b52b12b8c37d9991b3f0efec
2772
wermgr.exe
C:\Users\admin\Searches\Microsoft OneNote.searchconnector-ms.xhaun
binary
MD5: fdf3032ae58ce1bc97b2a72b2c8d6949
SHA256: 5452d7316d28294a29e31ce6ea9520af7ea560e6d148c2ed0bff91f5c47c7328
2772
wermgr.exe
C:\Users\admin\Searches\Microsoft Outlook.searchconnector-ms
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\Searches\Microsoft OneNote.searchconnector-ms
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\Saved Games\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\Pictures\meansbehind.jpg.xhaun
binary
MD5: cacb963cb7ad3141417148f91d69f72d
SHA256: 8add43a70e3c431d5e27d66133860a62734830e01cf2921002610f080cfa1c0a
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\Searches\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\Pictures\meansbehind.jpg
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\Pictures\designactual.png.xhaun
binary
MD5: c4a70ed4a24e76ba67fefeb9e2d8f1cd
SHA256: 48acf26feb75e586ba968261f150a58ab3f4244abb2cde03f254332637ee0877
2772
wermgr.exe
C:\Users\admin\ntuser.ini.xhaun
binary
MD5: bb3476c631c4ad5cb529e93e411f8bbe
SHA256: 40c9559ec06a6f805d891984ed14238c96f9670c141024b5f56ac03717fbcf20
2772
wermgr.exe
C:\Users\admin\Pictures\bookwill.png.xhaun
mp3
MD5: dd18039b78ee46ea05536929fb0c787f
SHA256: 07984793cd14d0b4bdf2296e8b9cd9bd18f5f2e07fe54665c130eac9d8c60486
2772
wermgr.exe
C:\Users\admin\Pictures\designactual.png
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\ntuser.ini
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\Pictures\bookwill.png
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Spaces.url.xhaun
binary
MD5: a7332f8ea06118232d383c73021c39b7
SHA256: 06c27bfe796cbc7fb37044e67ed708cb513af0a9c370cd4b65bf50bf7272295c
2772
wermgr.exe
C:\Users\admin\Links\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Network Shortcuts\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Spaces.url
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Gallery.url.xhaun
binary
MD5: 9650b01d8bf3445f7114c97bf6526e08
SHA256: b078a1feecf3c017f9eef5031e804ee3c4cc06b342290f43a05d33b85e9e08fc
2772
wermgr.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Mail.url.xhaun
binary
MD5: cb41812c3aa888c570c4a91a0781b2b7
SHA256: b8485ac2527fcbf01cf774a9a006fce886df3df9c7773e8556c007d381c510ee
2772
wermgr.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Gallery.url
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\Favorites\Windows Live\Windows Live Mail.url
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\Favorites\Windows Live\Get Windows Live.url.xhaun
binary
MD5: d52c53cafa727f4921bb9fa0f140a085
SHA256: dead06281c8c1c203e016f52366ac1fcbfe9aa67b6b05e95fbad162e2448fee4
2772
wermgr.exe
C:\Users\admin\Favorites\Windows Live\Get Windows Live.url
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\Favorites\Windows Live\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\Favorites\MSN Websites\MSN.url.xhaun
binary
MD5: 7546e2271b4107392f022de8705cf448
SHA256: cf3534d2a0a9e5123d190edd90b8abcfbf62bfa77a1462ac1d897074bf44410e
2772
wermgr.exe
C:\Users\admin\Favorites\MSN Websites\MSNBC News.url.xhaun
bs
MD5: b8e58a17fd68db7d90c90a66936ea5a0
SHA256: 4b01ec34e38a75e2bd782e975749e1c6172e5344be3060b38ef514f60a8f6c9e
2772
wermgr.exe
C:\Users\admin\Favorites\MSN Websites\MSN.url
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\Favorites\MSN Websites\MSNBC News.url
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\Favorites\MSN Websites\MSN Sports.url.xhaun
gpg
MD5: 50217180138530412f8b629ade8be2e4
SHA256: cd60b1eef635e2d5b4fffb3412fb751ce02548f7e6f73b405a6fb7b319c207e4
2772
wermgr.exe
C:\Users\admin\Favorites\MSN Websites\MSN Sports.url
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\Favorites\MSN Websites\MSN Money.url.xhaun
binary
MD5: e0fe7ee0569414f15e7f8f41a37e430e
SHA256: 9de21473e8cb7f085d5c31c0df987cd3e9ba35b5a1a3d2447f5712e07c47059e
2772
wermgr.exe
C:\Users\admin\Favorites\MSN Websites\MSN Money.url
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\Favorites\MSN Websites\MSN Entertainment.url.xhaun
binary
MD5: 9e90f2a7389f3a812f0cb94e0eb46d40
SHA256: a7985bf3cc8e6d6b291a3d1a3aa1f37d28baba74b1ff5fec87b5fcd95b12ab6b
2772
wermgr.exe
C:\Users\admin\Favorites\MSN Websites\MSN Entertainment.url
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\Favorites\MSN Websites\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft Store.url.xhaun
binary
MD5: a40336e8729cd1c36245235d1c17ecb6
SHA256: adc82ff6a5b4b31a59c1cfac36062f16eb2ad2d009a2379c419ed4b830de0db4
2772
wermgr.exe
C:\Users\admin\Favorites\MSN Websites\MSN Autos.url.xhaun
binary
MD5: fd642468e5e6c2def034086347ba7d65
SHA256: c3c6a8940f0e3f8776424dee4f02bae88cef58719009ca3ac31b0d87858914b9
2772
wermgr.exe
C:\Users\admin\Favorites\MSN Websites\MSN Autos.url
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft Store.url
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Work.url.xhaun
binary
MD5: 3e1288c9fa393af092014c4e3bdbd2e5
SHA256: f90d84712f4dd526ef1d0187ca6108a805d403df43a55bb05d3a122616ea5615
2772
wermgr.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Work.url
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Home.url.xhaun
binary
MD5: ebc2d185ed3057d425140cd4a8b98b5b
SHA256: 7a7e26d6eb427587550e831f87db532b35ffa74a5f6407c54cc55f27dbcd3381
2772
wermgr.exe
C:\Users\admin\Favorites\Microsoft Websites\Microsoft At Home.url
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\Favorites\Microsoft Websites\IE site on Microsoft.com.url.xhaun
binary
MD5: 76d62767482058057777da8bddac9a87
SHA256: cc9fe05d6d8325dc2e7b6f414491af792f1b56d2fbfb4d2b8ddd86dabe032069
2772
wermgr.exe
C:\Users\admin\Favorites\Microsoft Websites\IE site on Microsoft.com.url
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\Favorites\Microsoft Websites\IE Add-on site.url.xhaun
binary
MD5: 3141d1ea044897ca402fe76462757c61
SHA256: 50845bfe9dd8e93a7c45e2e4f131f65e774bdf653fe087c11edcf11c9edf0c6b
2772
wermgr.exe
C:\Users\admin\Favorites\Microsoft Websites\IE Add-on site.url
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\Favorites\Links for United States\USA.gov.url.xhaun
binary
MD5: b1ff3a1525b21ff41c2b47cfe10d894b
SHA256: f51f800fc41db6310e378d28214d6cc1c18cb5a312ebc6cd011f6eea3fd14377
2772
wermgr.exe
C:\Users\admin\Favorites\Microsoft Websites\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\Favorites\Links for United States\USA.gov.url
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\Favorites\Links for United States\GobiernoUSA.gov.url.xhaun
binary
MD5: 386d83a851b540b61b239a75351afac8
SHA256: 0b8109cc04dfa3f051792f202cd37ded0a7885058ec56cbfb1a7d907dbce4383
2772
wermgr.exe
C:\Users\admin\Favorites\Links for United States\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\Favorites\Links\Web Slice Gallery.url.xhaun
binary
MD5: 4f3887341a7f6c81dc15052273ac4196
SHA256: 1b9adf9093483b80180bac45bf732795f9a4ab96e3d4a5287b04a8ae712489af
2772
wermgr.exe
C:\Users\admin\Favorites\Links for United States\GobiernoUSA.gov.url
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\Favorites\Links\Suggested Sites.url.xhaun
binary
MD5: 872f8d8f7eacacc8798dcea94dd32d8d
SHA256: d016b93ce6c39914453bc94a1f3fe7281b290116b25fd54a257c98381181c33f
2772
wermgr.exe
C:\Users\admin\Favorites\Links\Suggested Sites.url
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\Downloads\worthbag.png.xhaun
binary
MD5: 5aa5cdfcf426dadc32eb6da51c50f74f
SHA256: 52ec5482bb461bc53d394267a6efd5d4c86dfe8308112e218fada520a53a2973
2772
wermgr.exe
C:\Users\admin\Favorites\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\Favorites\Links\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\Downloads\worthbag.png
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\Downloads\projectsetting.png.xhaun
binary
MD5: 30c346316e069fcbcc21577e2ce8d184
SHA256: 5bbe1d0362fbb0bbfebc9517acfff15b11b2ef706837df728fae763105e164b1
2772
wermgr.exe
C:\Users\admin\Downloads\projectsetting.png
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\Downloads\drivelevel.jpg.xhaun
binary
MD5: 6d05df293b3db30daeae200b6de713a1
SHA256: 4307e04a157a0bf5dcbee44d37ffa96b1a2e01089b925ef67633472e25b25434
2772
wermgr.exe
C:\Users\admin\Downloads\drivelevel.jpg
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\Downloads\downloadmean.png.xhaun
binary
MD5: 554aae1b9db1d30afb586daf554dee32
SHA256: 19334cc0e9ec1544b253f6776ab7ebff44bae5323d01d689ff6d2b097348616c
2772
wermgr.exe
C:\Users\admin\Downloads\downloadmean.png
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\Downloads\administrationthemselves.png.xhaun
binary
MD5: c28c45c37b9dda09e1703b5bf6d55151
SHA256: ded9b64ed1a7120da1fdb7d9d1443bacb1f941943fb400e7b5aa026e3dccb2b0
2772
wermgr.exe
C:\Users\admin\Downloads\administrationthemselves.png
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\Documents\toldpanel.rtf.xhaun
binary
MD5: 6aecafd8ef0cfaf8570bdebb3c887722
SHA256: 0901b340f7c71140a64c4819aa8612429a8ccb5b4f741994f8c920be5e3f8309
2772
wermgr.exe
C:\Users\admin\Downloads\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\Documents\toldpanel.rtf
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\Documents\rangesay.rtf.xhaun
binary
MD5: b6b13bcdce244e871fb6a0469e48c2c5
SHA256: e1ec6844ca78a7c0eafe65a4f65eec27ad72fa3e120178286440b796a2bb8b8f
2772
wermgr.exe
C:\Users\admin\Documents\rangesay.rtf
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\Documents\Outlook Files\Outlook.pst.xhaun
binary
MD5: 243cd2f68641060499e0c30ae95d0cfa
SHA256: 97bae8b470e6b560d6c3a87160fcfeccaa538b32bef0d668c01b9b0f92603714
2772
wermgr.exe
C:\Users\admin\Documents\Outlook Files\Outlook.pst
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - test.pst.xhaun
binary
MD5: 10a64438415403efd2398bca860be124
SHA256: fef18673825d665770f6774d6ddc22b445fb5f38a46e503c5dd9e6ff05e14747
2772
wermgr.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - test.pst
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst.xhaun
binary
MD5: 76d839256fafe356f377681c286a1455
SHA256: 2cd4d79306647c00031766d5b27bc86059af991511fc277bae19b81ce3a6e44a
2772
wermgr.exe
C:\Users\admin\Documents\Outlook Files\Outlook Data File - NoMail.pst
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\Documents\Outlook Files\[email protected]
binary
MD5: aa2f697d5845d9da34e8c9c64866154f
SHA256: 0f1b40d706a6327c36edd043271d376e14d97e69a6663f4cd9abf57dc2082feb
2772
wermgr.exe
C:\Users\admin\Documents\Outlook Files\[email protected]
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\Documents\Outlook Files\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Unfiled Notes.one.xhaun
gpg
MD5: 409ee993d9c27a1e0227ec85aa0f73a4
SHA256: 6e53621c9aa1d2d6626944092b7fdd1b6c5be323e44cc395a9559486caa3780d
2772
wermgr.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Unfiled Notes.one
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Open Notebook.onetoc2.xhaun
binary
MD5: 4f144310c4411ee9b4889c390788007e
SHA256: b4da44737a4c03fb3f6607df7588e2549bdd90ee684710c6833b32e3bed7265e
2772
wermgr.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\Open Notebook.onetoc2
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\General.one.xhaun
binary
MD5: 7ec995fa9024695898933048d4088b10
SHA256: 614546d1bf2c3417d919f4c291657d816ee3f5ba0ccf1edc492bb63f082df499
2772
wermgr.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\General.one
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\Documents\OneNote Notebooks\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\Pictures\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\Documents\OneNote Notebooks\Personal\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\Videos\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\Documents\cawin.rtf.xhaun
binary
MD5: c24d4316842ab256637bfcfc8f4cecd0
SHA256: 4e4360a270dc331beb24c454ef0a67ff2eb763428eeb1b598a83ea7b1e1442fa
2772
wermgr.exe
C:\Users\admin\Music\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\Documents\cawin.rtf
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\Desktop\thanksagain.png.xhaun
binary
MD5: 117654fadb6c6ddef11e1ad9b69bce76
SHA256: 6cfa45c1eac86b6363735a5c2a1a5756a5142ef338448574bebb480341868a76
2772
wermgr.exe
C:\Users\admin\Documents\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\Desktop\thanksagain.png
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\Desktop\sonmark.png.xhaun
binary
MD5: 74a92b7da735913b6d8807d0576e6b1b
SHA256: 97bdfde4b7d26abeb9c0f3aa6dc74e50c6d63f0b271a9fb2e6b1d1361d95a4c7
2772
wermgr.exe
C:\Users\admin\Desktop\sonmark.png
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\Desktop\priceenergy.rtf.xhaun
binary
MD5: 97c89f8f4a7cf61b502dd2c0ae706f86
SHA256: 0452481dcea86b1defc8b7e5436312d391ef8ebe65f55a6bb51fc3a7b2ebe12c
2772
wermgr.exe
C:\Users\admin\Desktop\priceenergy.rtf
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\Desktop\meetingmini.rtf.xhaun
binary
MD5: 8be1d13f61890d2f056bf3db54710c26
SHA256: fb82293dff64f4a66de776a48643b4b76f1ddb8b09d3adb2d1bd98dc70ce708f
2772
wermgr.exe
C:\Users\admin\Desktop\meetingmini.rtf
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\Desktop\marketingcharge.rtf.xhaun
binary
MD5: e53879e709e5f35a51be54ef43cb90b9
SHA256: a11bbcc337b7fec5023fb880f5a8ee00a2f3714eb08fac8c4da08e55274e3cdb
2772
wermgr.exe
C:\Users\admin\Desktop\marketingcharge.rtf
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\Desktop\jewelryever.png.xhaun
binary
MD5: 7ca8c68e0bc01ccef9bab68e5e0b9ee2
SHA256: b11d2c27dac696effa1fe71d775cb3a718bfab30f4175b635dd5ca1f2cbd29dc
2772
wermgr.exe
C:\Users\admin\Desktop\jewelryever.png
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\Desktop\forwardelements.png.xhaun
binary
MD5: 55d965ab09aa265399842d92bffa6344
SHA256: 4eff58577d5cfd0647b9bc9cf91c75080cc88804d35beb718f83590d6adf7a73
2772
wermgr.exe
C:\Users\admin\Desktop\enginethese.png.xhaun
binary
MD5: 2c4f7fbbfa288150b6af527d1819c782
SHA256: fb2f1c240ece714a3c461571ba53dd2dfbee27871c89d6ba3670e4984df885ae
2772
wermgr.exe
C:\Users\admin\Desktop\enginethese.png
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\Desktop\forwardelements.png
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\Desktop\coverageport.rtf.xhaun
binary
MD5: 24c2167ea0a47dcafa8ca02d25d096e3
SHA256: 8fcec89db0b9a52d529b48c88b49369017eea69947395129224ab9267b11efb5
2772
wermgr.exe
C:\Users\admin\Desktop\coverageport.rtf
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\Desktop\amateurradio.jpg.xhaun
binary
MD5: 405e3f1b95561818104b68a0fb8a0db2
SHA256: 7ca8deb51180c7de645547d2c7dacd304af04cf9a1762b14525400f43c29779c
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\Desktop\couldfixed.jpg.xhaun
binary
MD5: bb8958ffd9b798a3648f3e07512365a0
SHA256: 3d1e4045307b91b5494437911a1e1d884c0fad0479e29df3248a560990659bf4
2772
wermgr.exe
C:\Users\admin\Desktop\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\Contacts\admin.contact.xhaun
binary
MD5: 593581217ac36ff3d0b5c744e4a1df5f
SHA256: c3ae795a9a7720322628b9e1bde7c85b093143b85343bc25acba256ea3361fd4
2772
wermgr.exe
C:\Users\admin\Desktop\couldfixed.jpg
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\Desktop\amateurradio.jpg
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\Contacts\admin.contact
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\Contacts\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\WinRAR\version.dat.xhaun
binary
MD5: 5a2be55a34382e3320b0e0bbd50e50bd
SHA256: 41b294f12e8b8ae538e60a2eb82a130ab313493041fcd003b1fb7366a3bfb785
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\WinRAR\version.dat
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Sun\Java\Deployment\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\ul.conf.xhaun
binary
MD5: 86ef4e6f0a475ec6e244b716d9988a8b
SHA256: f8e51d975fbb419c11c12f163008991747f23a8151ab3c66951ae2eef7fe2a3d
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Sun\Java\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Sun\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\WinRAR\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\ul.conf
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\skypert.conf.xhaun
binary
MD5: ff65d25e83a3756857f26e0596c3dd32
SHA256: dc715c7f16ff87f152ab58772afefad8c6d4dc18e2826b7c22eb3dea81771162
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\ecs.conf.xhaun
binary
MD5: cfec517d093a9a1f2809b9ef1f18a8e4
SHA256: 04eea721a31daa95466c372e6ab7a9284207b1e9b6fb900e164ece308f5c599d
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\ecs.conf
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\skypert.conf
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Skype\shared_httpfe\queue.db.xhaun
binary
MD5: eb32faa8b91402762f8d461d533160a6
SHA256: c8b36f5a39f72a6e9b0ec0bf82e539330bfd6e3e54c5fa63b27d1ed72afcff4d
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Skype\SkypeRT\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Skype\shared_httpfe\queue.db
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\dc.db-journal.xhaun
binary
MD5: 7b5d7ffc00773ae33a08bff788d8a7a5
SHA256: 18538dd54d6fd7576bd6dd7047ecc894382c2dcc200775aa0466b03d9917cdfe
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Skype\shared_httpfe\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\dc.db.xhaun
binary
MD5: 85b491543dcf92f9e42a4f12ecccaa3c
SHA256: e6947e1260a742243f5d39d44f8106debe41ac47ca6f43da2654a94ad837997b
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\dc.db-journal
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\dc.db
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Skype\shared.xml.xhaun
binary
MD5: 9d13ade97625e47b2ff79a11272fcd65
SHA256: 3dc382d26fb7a3c4416cfc058b8ba981dbd5b3ab87add783ec35e53f59b6f9b4
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Skype\shared_dynco\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Skype\DataRv\offline-storage.data.xhaun
binary
MD5: 4acdcb81018d6096c2ac67c6e01d3454
SHA256: a0c60bffd15e20cd3053618f71050e1ee58b8aa0f6bf34e4568100a9fac60209
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Skype\logs\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Skype\shared.xml
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Skype\DataRv\offline-storage.data
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Skype\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\webserver\users.xml.xhaun
binary
MD5: d348fbeaf8d9254031fae836ac4fb890
SHA256: fa4374d0cc39e7f824728073688d7b4ddba4a577fad79bb9d270f923fb237c81
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Skype\DataRv\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\webserver\users.xml
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\webserver\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\wand.dat.xhaun
binary
MD5: 9a59b6a07a7b942abc05766a61cf35aa
SHA256: 77d96cda450d244e230c900ce433e875ba545aa7f62e48807bba62d143ec8c70
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\wand.dat
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\vlink4.dat.xhaun
binary
MD5: f90f2ec66d6849568c3708a9ca8ceacd
SHA256: 45d61b6b73574d719affabfb7df2de826ff0326ea152e4788532079609ebdd32
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\vlink4.dat
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\typed_history.xml.xhaun
binary
MD5: 2ef02ea4c7548821632a971810ca3837
SHA256: 659c9619ab52d558cffa104cb2f65c5d8854aea8ad751cfcab2145c366002de3
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\typed_history.xml
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tasks.xml.xhaun
binary
MD5: 934992436fe78de952cd18474fd07baa
SHA256: 0da20fe29c7a77d2ea31b58e799eaf597f52e1487f97b31b9e528b037586a497
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tips.ini.xhaun
binary
MD5: b144b923bfc4211b588fd9e386517f01
SHA256: 64f573fe48f0710edcf3e476e8692f83a57079b1e409c825299ee5a19c1d4bc3
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tips.ini
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tasks.xml
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\toc.css.xhaun
binary
MD5: c40d2739889f0ce375ac66c9c7ac6151
SHA256: 76c8c9d9f29a67a1436e0aa2c13181f1bc44fee0150a8865236ebafbe3a32d77
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\toc.css
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\tablelayout.css.xhaun
binary
MD5: db6f6a2f3b110ba975e9e63b5a90a99d
SHA256: e919a56ab54cf8882e7644d4fc3cc1d54d4f2eed19123006896d8b3ddc848a6a
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\tablelayout.css
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structuretables.css.xhaun
binary
MD5: 47c849d8ef46c32fda5d7ec602e70dc5
SHA256: 6c60b265e3dd5c4cc1ede71d91fc220a664cb2427023299c2715b9650e42ab3d
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structureinline.css.xhaun
binary
MD5: 8c37f10b1de1c186232d41a64c4ee557
SHA256: 899758724523f0696f9ba4d0031646ff374b65cf61282778652f80eef220aaf1
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structuretables.css
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structureinline.css
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structureblock.css.xhaun
binary
MD5: 074c265b0f00b54e0e648acfc470a05f
SHA256: 1e4e4068aa2031c2de9b4741518cd1584ebf0643007e7450ee50d0f716c3e284
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\structureblock.css
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disabletables.css.xhaun
binary
MD5: 2e2a374128a14c9b242abe74bbe28f93
SHA256: a2a649421592c44e454d7ce2fc9e559c8d4c45423cba656b9603b431207e5b7a
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\outline.css.xhaun
binary
MD5: 0a79b5da23d3c0159ee1f9366f63b0a3
SHA256: 2cfaa83eb3817a46d016b1498a9373faae73976c723eba8a06e54bb9d787f2fd
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\outline.css
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disabletables.css
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablepositioning.css.xhaun
binary
MD5: bc54a0ff53eb7341b22972fe740e7f80
SHA256: 5f44449a84587d9fedb976e756cc642e4d795a209b4d13b5aced91dcf074ee21
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablepositioning.css
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disableforms.css.xhaun
binary
MD5: 8b0d798a0d3bb32ff33555b137aa6456
SHA256: d1fd8f9af1845547946f741fb49728027ffd2804b071c8554f1848da574a86ba
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disableforms.css
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablefloats.css.xhaun
binary
MD5: 829b118df07e6a3d7c6954db7a85af3a
SHA256: 43537419892e513a2206e97e4e732f4d8cbd9a69bb43bd5e387f8fddb0788d52
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablefloats.css
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablebreaks.css.xhaun
binary
MD5: ad21950e7adb0e7efad8bc24929aa4b4
SHA256: 9367f64f10f1070a2577c189ca5338b5b3d7cbc19ef90785d64175b638189e1e
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\disablebreaks.css
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\contrastwb.css.xhaun
binary
MD5: b93dcad5fff59d87040382bc966340e1
SHA256: 70479cd89ae07d161efc33947e4d3b614b50968d9f61c19ab3e5eee103a218f6
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\contrastwb.css
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\contrastbw.css.xhaun
binary
MD5: fe6d5b65acc46127a3b5caa4aa778e62
SHA256: 8caccdae25644f2939352456ddbcbbad56f5987bc6659d86b1b75ccc0fb5e689
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\contrastbw.css
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\classid.css.xhaun
binary
MD5: ff01c1f12dcfd19e9ccb75178e53c83f
SHA256: c96204311c45df685ed5b73b248190c9bdb2b00267694b40676bca5f777b205b
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\altdebugger.css.xhaun
binary
MD5: 269e533b4089e966e5a220b8bd9df6fe
SHA256: 216ad979f1fef45d5f9004f3958c112396674260894730a8e6c95cc126b038d0
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\classid.css
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\altdebugger.css
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\accessibility.css.xhaun
binary
MD5: 74df597a3b918fb40ddc54afbaac4e7f
SHA256: 109387866e9b60e27fa66f90e035ed77aec6e159b441af891d117e525b6cc46b
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\accessibility.css
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\speeddial.ini.xhaun
binary
MD5: 330a455f1ed5a1186b1687fc073f2b38
SHA256: 2c463f150896d5920f95b4e55446e73833d4d603721ec5a8052bb8109b8e2e6d
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\styles\user\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\speeddial.ini
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\autosave.win.bak.xhaun
binary
MD5: 9e7828ef3caff91aa3b29577e3e62f3e
SHA256: cba0408f1f6edc71f080d9f2ea7a461bddd7365f1c523e25cad611e0ac064714
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\autosave.win.bak
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\autosave.win.xhaun
binary
MD5: 39cf51840977498c93225c0031adeab5
SHA256: 25125f84b3a28a6e641c1fa57ef09742c6f5473b790c21ddfb6762a2f52a1c9e
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\autosave.win
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opuntrust.dat.xhaun
binary
MD5: ec56d3fc0be790261d2b55e7ecc66a58
SHA256: c6fd72851814d31ffd59b9f8467797376e9f0135cdbf5df75ea7449595ee4ea2
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opuntrust.dat
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\optrust.dat.xhaun
binary
MD5: 629266bafdd85d17b36a83db61524620
SHA256: 0f86b98281f16ab99928cd1da02ae4ba8c6d33177fb5ae13ed8e73407e51ccd9
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\optrust.dat
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opthumb.dat.xhaun
binary
MD5: 2d97f20f29b8ead87296274d6ad8c7db
SHA256: bfbb57d194cd3ba9f09bb1c86c72fd0b16980e40ebe584b03a8303fdf4a66b26
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opthumb.dat
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opssl6.dat.xhaun
binary
MD5: 73e556e2b9194c565e75e7560fe24629
SHA256: 3919867bae7c05c8fccfff422f973c5960aa0f5463ccbd1a06a1dd07d4b6e1bc
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opssl6.dat
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\oprand.dat.xhaun
ini
MD5: e56385a51218398f292d469d996856b0
SHA256: 8dc6d833599af6e2e8fdd3ffd08a2678b5854d3e106384daf21174c9a25b3ae2
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\oprand.dat
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opicacrt6.dat.xhaun
binary
MD5: c06564a7975cd72b396af6aa03c9e170
SHA256: 58ef9a5b5f8adbdf33eaa00adbf0efe08c2f30588a2a63fd84795e58c9981cc2
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opicacrt6.dat
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\operaprefs.ini.xhaun
binary
MD5: b9866fc4f0dde7dbbdcc219fc6ee8c35
SHA256: 963a1dc71cb130598ab87049a75978b66f2ce7a69c2df9714713a8a8048c8261
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\operaprefs.ini
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcert6.dat.xhaun
binary
MD5: 9a51ab2c7d46c98bb12ac08a7800e6fe
SHA256: ea504937be0e0ce75b3d8bdd5a3b872217eb83ef44b69597e86d9db04f285e80
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcert6.dat
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcacrt6.dat.xhaun
binary
MD5: 0c19a04949793bfcf59322c7dbe2db55
SHA256: 6e252e65dee73e0b65d3026d7df758d6569290e1f78c6186158222301a28e513
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcacrt6.dat
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\handlers.ini.xhaun
binary
MD5: f689f36442841189f62628519b9e64c8
SHA256: 3137047320742b33e0a0b21a7f32a750e2a7ca4de4246a2e464544d08f19d1d4
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\handlers.ini
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\global_history.dat.xhaun
binary
MD5: 295f4aa4b8a92aa6afc5632e43a05414
SHA256: 58b514e8c1d1f53b9bb7702c2cdee1a1a288ffb54408ade22dfb073f926c2000
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\global_history.dat
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\download.dat.xhaun
binary
MD5: bd110e233d7b3e579b0b66f6b020bce9
SHA256: c12178238c46d23dd0081e547bc95ad2c3a6bd0a1049dcbd54061bdc2082a90b
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\download.dat
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\cookies4.dat.xhaun
binary
MD5: 13138e0e377832dc9892898a2ff0e201
SHA256: 13feebab29802da1411cf0ee4a1da4902f15f26e251bdc1e1c60aa0e0875090a
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\cookies4.dat
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\bookmarks.adr.xhaun
binary
MD5: bda0aff4d54d995b6e504e314c9153d5
SHA256: 2c7a3c5234967f0c532cff1b7aab92eace375ae10c6fd411e5d48adc1b360a9d
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\bookmarks.adr
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Zenburn.xml.xhaun
binary
MD5: 11db8021389960663c7af4c127b01539
SHA256: d46025ef4ce345d370e31a6c9dc42e75e89f145c4fb8c44d95180a21bff29bc0
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Opera\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Zenburn.xml
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\vim Dark Blue.xml.xhaun
binary
MD5: 9947b497ccddf59613b3c22dbd87d488
SHA256: fccebbecf3d20d9f089d8d39b1ee5b229649c2d10897ad89a065b7ffaf6025c5
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Vibrant Ink.xml.xhaun
binary
MD5: ea03382cd39219546d89b0985265e440
SHA256: fa92c7e8ac046800d267c9e626563cf1049f7a3e54ce567666d24ba8b97add14
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Twilight.xml.xhaun
binary
MD5: 3aea228ae4f452aa76103b80787b8710
SHA256: a9114046c85c28b0d842fb2f8aefb27f4a5583578d4487ad0fd0e65b46a1d62d
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\vim Dark Blue.xml
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Vibrant Ink.xml
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Solarized.xml.xhaun
binary
MD5: d778d77061eb3cb314c5f7d1ce72d207
SHA256: 2f4ba2c461562f34535a41a6b68eb70eff9e6bf07ed6592a053d795383d2063b
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Solarized-light.xml.xhaun
binary
MD5: 187b1af95fe9d35b3c4f582887c6a8ae
SHA256: 6f04d2d9f1f2f8f7f2e2b9a1f1a4f79ccb46fd91419048706c1dc4957a11ae2a
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Solarized.xml
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Solarized-light.xml
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Twilight.xml
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Plastic Code Wrap.xml.xhaun
pgc
MD5: 7b81a2ae9879922ac0ad3cb465247355
SHA256: c99227445ba08802ef3f2f864c3b43c0d9998fb6c44f9955426f51e759517e10
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Obsidian.xml.xhaun
binary
MD5: 1d96457028edcb02f75c468a39cf5b69
SHA256: 1702cf237b3d776ee509e71a7ddb9a0906a1913533bc3702337ffd0f2595dde8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Ruby Blue.xml.xhaun
binary
MD5: 3473a8030b18b7918b4022096caaa931
SHA256: 9e8806f71ee2781591eac4359255d59c8e66e933fa9eae3db37e001987963850
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Plastic Code Wrap.xml
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Ruby Blue.xml
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\MossyLawn.xml.xhaun
binary
MD5: 031aaa0693a7259d7905fbc07c7143eb
SHA256: fe5dcfb0c875e9cdd5328ee533a5ccb9ac19db12d7eac9eff880066e45def188
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Navajo.xml.xhaun
binary
MD5: 7fec107ecab2a38e621c71d915cf3384
SHA256: c4e36a681d1e348c4ea7eac511ddc0d8a907818000741d9a22df7a45137a6330
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Obsidian.xml
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\MossyLawn.xml
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Navajo.xml
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Mono Industrial.xml.xhaun
binary
MD5: 69715eaba65d51107da6c0a4512c3a9d
SHA256: cfcfa9a46f730dfbc106f7507055585d7ac5b8d43de0847c6f34d288c070bb4f
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Monokai.xml.xhaun
binary
MD5: ef97b325cd4676d893605ddbd23b3107
SHA256: b1cc73f8627422e15a5b3cb9c1b59240fd5ca42f74dc5b487c336968ea91cea2
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Mono Industrial.xml
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Monokai.xml
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\HotFudgeSundae.xml.xhaun
binary
MD5: 91cfbe2bbdc396ff0ceb55e783c925c1
SHA256: 4dda321719c3da570de3f560e763654a24cde32bd2fe87deceab6974b3b006bf
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\khaki.xml.xhaun
binary
MD5: 15b475f8e43c6990eb22e71cc4ea5237
SHA256: 365f6bea3a28c227000748b6dc539c77f6e1baefdd4147d08fd2bd94049a29d1
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\HotFudgeSundae.xml
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\khaki.xml
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Deep Black.xml.xhaun
binary
MD5: 5a8590509fad2b4cbade936cc9fce83b
SHA256: 8065076ef307a37ded3b94bcb1584558ed3aba5c1daffc8d464f2929c78799cc
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Hello Kitty.xml.xhaun
binary
MD5: f278ad7f2817181a4dfe10e988f851b4
SHA256: 256e3f39251d6ebc52f2c2d9b073b1d6dd1095b2e5a46570e3a64521c9ec137b
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Deep Black.xml
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Hello Kitty.xml
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Choco.xml.xhaun
binary
MD5: fe041108a2ef073ce1fc9b28a3db4645
SHA256: 28d1ae1b4511d66d44ab483c36b9f41fe6d5c06a376b15fdfba7929187e61511
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Black board.xml.xhaun
binary
MD5: d67eab916de5ced63b32cf2fb760e939
SHA256: e29ca4d563c3a40d79c665f7413e350706b45db2eed3a93ca341db07b714c2bb
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Black board.xml
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Choco.xml
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Notepad++\plugins\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Notepad++\plugins\config\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Notepad++\functionList.xml.xhaun
binary
MD5: 7cb5f624eca48d477846dc848d7844c0
SHA256: 54968b1ac9ee8af4ec4ea95ba02652a660cbf437bc7637725d94bc272debf0a2
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Bespin.xml.xhaun
binary
MD5: 88a9fcf9008555468ff3a4e334ffc9f4
SHA256: 8d45df25741d87254172ec7736d1f926aecbf916703069997f8dfd5ed026f81f
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Notepad++\themes\Bespin.xml
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Notepad++\functionList.xml
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Notepad++\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Notepad++\contextMenu.xml.xhaun
binary
MD5: 7df5f1988c17b0d873d161e154634942
SHA256: 718ab9315def228c49405e4667b1c9a59ae8735c16b50d10e81ee8caf71cb511
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Notepad++\contextMenu.xml
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\xulstore.json.xhaun
binary
MD5: d6c80234e6ca8c6c88470732ef8797c2
SHA256: dcfb4d4acfe77cfb25b219abce8a4ac5c1ee06ca211fc9b03f41a9c087046b96
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\webappsstore.sqlite.xhaun
binary
MD5: 2e5b4caf12736d4ac6cad0690429f5ef
SHA256: 4f4f1434f028ad8a97209550ed353dcf87ac200f6730d38847d64214e4344e06
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\SystemExtensionsDev\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\profiles.ini.xhaun
vc
MD5: aa4be45818302bf2555b03528de04488
SHA256: 1ae0b483edcde9e990ffaf6066741ce854955f1886a371d4eb0b7a20297bc9b2
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\xulstore.json
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\profiles.ini
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\webappsstore.sqlite
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\failed\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\toFetch\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\failed\tabs.json.xhaun
binary
MD5: 2b7b1b4e0b5f410434230a4e15380ff5
SHA256: fe4aea3b7712f6c99f91a9e0767a860d3df8071c0917a01775fdb77406b51931
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\times.json.xhaun
binary
MD5: 0b55bc63634ccc030aabb5f9954cc3e5
SHA256: 47da72846945b8c56078b09b487cee092166baadac0efe9fe718918dcb35bd57
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\toFetch\tabs.json.xhaun
binary
MD5: 2a52cf030e6692b57e39b325a93a09ae
SHA256: b3e00adac60a761f6d6527f81071cb5f8e2620d260db09076759988a9ecddf4c
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\failed\tabs.json
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\times.json
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\weave\toFetch\tabs.json
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\temporary\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\727688008bsleotcakcliifsittsr%.sqlite.xhaun
binary
MD5: b8802d2b653cdb210225462ebb525da9
SHA256: 3154f8e12974ab09f9039b979edcf00868a842a8e816ebb58b22693deb674659
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage.sqlite.xhaun
binary
MD5: 015371742559507720f7a4e1a9f90fe8
SHA256: 27b1912a9328cbb5292b8d7d536463e648758757c326f7c3978684eae0a9f914
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage.sqlite
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\727688008bsleotcakcliifsittsr%.sqlite
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\727688008bsleotcakcliifsittsr%.files\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3899588440psinninpiFn2g%.sqlite.xhaun
binary
MD5: cd562db22f46986fc76a7d779b8bf261
SHA256: 5687d57019460b35e0a1a3d9ef26696c4f3077b2619950c5c1bd3006a8b47cd5
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3899588440psinninpiFn2g%.sqlite
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.sqlite.xhaun
binary
MD5: 658055e19420a78a2bb2aa5609934f5e
SHA256: 8a935b3630a5374a4d6701ff4a805572437f32758bd892a1d5d2cbcf68654be3
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3899588440psinninpiFn2g%.files\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3345959086bslnoocdkdlaiFs2t%s.sqlite.xhaun
binary
MD5: dddf60983b1bb20e19041fc5ca16304a
SHA256: 5dc7812e7c9d0483d3fbe9aaeb362d5d08eeb2b4d486cda0356ace2758549fd1
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.files\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3345959086bslnoocdkdlaiFs2t%s.sqlite
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.sqlite
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3345959086bslnoocdkdlaiFs2t%s.files\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.files\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite.xhaun
binary
MD5: c8e1e44b9c7b878167984679ff6edc84
SHA256: c2e3401a31f67a2639656f4001ad04dc4849d8daa70af8754077ff291148d978
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1725441852bxlfogcFk2l%isst.files\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite.xhaun
binary
MD5: 89b6da52bcabcbfc8e6d7acb1761bde1
SHA256: 6bee0c121e4def75b1406299c4581a8c37d0bc04aa9d14cf91c4d57955997d7a
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite.xhaun
binary
MD5: 5e8c8b65e63325ccfe9d68537a740133
SHA256: ddbab98a484f8dcd692703ede17da2750e75c7f133e5662b49ad515c10335ff1
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1725441852bxlfogcFk2l%isst.sqlite.xhaun
binary
MD5: 0bd6c06b6dbb0f269e7314ada98affbd
SHA256: 131e68676eb36c62085b2a0ef6a6cb7f1f5a3093cb3358999d18ca92a4e2b03d
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1725441852bxlfogcFk2l%isst.sqlite
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1059394878bslnoicgkullipsFt2s%.sqlite.xhaun
binary
MD5: 6553b917684420c22318f53890abcc9d
SHA256: f088c6846ea97aa2e2b86609cf4c16e925bccfcdc8f721abab1e7d1b1656b3e3
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
dat
MD5: d7a950fefd60dbaa01df2d85fefb3862
SHA256: 75d0b1743f61b76a35b1fedd32378837805de58d79fa950cb6e8164bfa72073a
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1059394878bslnoicgkullipsFt2s%.sqlite
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.sqlite.xhaun
binary
MD5: 6ecaec5b8dd3b5cfa2fb73d6a87b426a
SHA256: 54391bf4d287f9c4c2212806730ebc2184c51a09402290565f0ce98223c3b924
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1059394878bslnoicgkullipsFt2s%.files\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\.metadata-v2.xhaun
ini
MD5: 342c8d86d2622a453d35e28e6d93ee39
SHA256: 2aacbe1d1f1bdb77d76faa27d336e4d09c1f6858c61b4eff96101bd6307a863d
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\.metadata.xhaun
binary
MD5: 87f25607e5d14040faed85bc8ef152db
SHA256: 469b9785bdd91260bc060bca40fe3cf11f22c5e2919fa87d87b40582caf85306
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.sqlite
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\.metadata-v2
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\.metadata
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.files\journals\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.files\1
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.files\1.xhaun
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.sqlite.xhaun
binary
MD5: 442cb92f6b5f8553daeb49ea4e96f372
SHA256: b3e5ae507d10575984b3342c994b70a7c209474a619488616cdf5f4c52327cfe
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\idb\3312185054sbndi_pspte.files\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\.metadata-v2.xhaun
binary
MD5: 699b6c289152e32305565da73b1bfd74
SHA256: be7f6c6f16c5d9e8956dd505dbf308a144e9ab7000391b8df8c7abf5ef6555dd
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\.metadata.xhaun
binary
MD5: 2f3532370cf4655d5ebea080eaf11ac7
SHA256: 0dd2d4578515fa0bbb0a2d8ea0c8d909aac61f2ab2b8daf47b7738549c823f2d
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\.metadata-v2
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+newtab\.metadata
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.files\journals\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.sqlite
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.files\1.xhaun
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.files\1
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\.metadata-v2.xhaun
binary
MD5: c0e98ce32117b70d2fa45ee3e82d81c8
SHA256: b360b993f08dc1f40f4b50bc598b2f73e1ac8b8485da9dcf7f78fc4d2639df7d
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\.metadata.xhaun
binary
MD5: 8a18771c53818f5bc1c56607fc787f4a
SHA256: b72f25dbd262acd8246a732d66dc6e18479240ba405ada2f01004cd674735df0
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\idb\3312185054sbndi_pspte.files\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\.metadata
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\about+home\.metadata-v2
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\default\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\SiteSecurityServiceState.txt.xhaun
binary
MD5: f2bce3062e422eba7657cf009d7b4ab8
SHA256: 32e76d098c009390e81880ae8a9db6cbd90f3794197b8f6b99d7f6b6ecc37f97
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore.jsonlz4.xhaun
binary
MD5: 90aa6104ec89bc5114ef7593f765786e
SHA256: d7cb79ca21f5b7f832ae80988a34d2b0e51a761a91a2e875882d4a5126970110
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore.jsonlz4
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\SiteSecurityServiceState.txt
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\previous.jsonlz4.xhaun
binary
MD5: 8a44e35f17543850ee7d1febbd3f58cc
SHA256: 5d302db95fbedbccb96c152da518d9f3fa9645cc442a0ca8a4bf45e44daa7a81
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json.xhaun
binary
MD5: a943217770649d4de9f5cc13e3dec954
SHA256: 6a9a61e2f0f4fbb7ec6ea634e1647b730fd53647cf9b0fc041deaa0f070d72c4
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4.xhaun
binary
MD5: 2a6931dd532d080dea8f53264f481476
SHA256: a7cd1ccf2fdfb8a501131ef4680d4bca9a3ea625bbd1cea8085af1821ad3b7a7
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionstore-backups\previous.jsonlz4
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\pluginreg.dat.xhaun
binary
MD5: 72a0a6248543b1c4b706233fb3f52f1b
SHA256: 3e04d5c5f8329570fa425ba8c3fef42483026663806e4013f96c410d58f12f6b
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js.xhaun
binary
MD5: 60781765dd0a2020cf282bf1f512a9be
SHA256: 0d064a9eed4968ef7d19bec52c5f726afc62b081d8b1a84f9aa479770fba117e
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\revocations.txt.xhaun
binary
MD5: a37816d751a8a2193201952bac442c4b
SHA256: ce319ca1db00a3b8ab2bd288bb3a4959415c53b6bc9427888f11c12ba22a5add
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\revocations.txt
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\pluginreg.dat
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\places.sqlite.xhaun
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\places.sqlite
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\permissions.sqlite.xhaun
binary
MD5: b195c11991393d8affdfcab0f0db00ec
SHA256: 5913124d5a06f3355db88118bf66dd90dd3384cdd33cb37e7f9a3f0a81af4e8a
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\pkcs11.txt.xhaun
binary
MD5: bd6e2f2f176b0882627a133af2f34147
SHA256: c616380c9e42362b5df6e58434ecfe2175c20651d4d8ec7b2e802f2e083bc5f7
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\pkcs11.txt
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\permissions.sqlite
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\key4.db.xhaun
binary
MD5: 168c29c77aca090eb38eacdc0f689e82
SHA256: 2fd8f495f20fc20e827c4b23060e789e05ad30ad62bf0ef3b9dcd993c31c5f0e
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\minidumps\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\logins.json.xhaun
binary
MD5: 4bbaa59d02d861820fc74360cd21c750
SHA256: 515fa4cf5de6351955723b7b05e6bd02419c071e0b455b21ced5ccfdcf2f85c0
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\logins.json
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\key4.db
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\widevinecdm.dll.lib.xhaun
binary
MD5: e1298f820cad63bfe18030bd87996765
SHA256: 3bb83866798dbef42e345213aeeb9c4d5c4acea8cbe5736f1c7c12ddc65d5c3e
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\handlers.json.xhaun
binary
MD5: 3b535cb107f205fcac5ecb252255195b
SHA256: 6bdb8ee300e42f407fe6f22b55e3b65b5da906adb4920634f0222d0e9c35574b
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\widevinecdm.dll.sig.xhaun
mp3
MD5: 075eb73e6f609066395f523ccb92ab6f
SHA256: b5f5cbef5ee5028b05b63edc109c428bc10bd2a38a8e4e23c2a73b50e9960a9d
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\widevinecdm.dll.sig
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\handlers.json
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\widevinecdm.dll.lib
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\manifest.json.xhaun
binary
MD5: 3eee37712df0b5d4cb60ee86b7b1eb7b
SHA256: 01e02889aa54ce357db89c824fb12f184666865bb1b9d1b7ddd17e16c2d84944
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\LICENSE.txt.xhaun
binary
MD5: 694d8c1aa9a4598ced9284c85fa39ad5
SHA256: 749ebd5197edb98debc1692d9ebb63aae136a056ba833e3f6bf7bf386c4951eb
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-gmpopenh264\1.7.1\gmpopenh264.info.xhaun
binary
MD5: ebb38333d22b88b395fe3e27292d0d7e
SHA256: 8b986bf70b37d666bf5c2cf76b5591481c5d197cee9d046aaa91d87938327eb7
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\LICENSE.txt
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-widevinecdm\1.4.8.1008\manifest.json
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-gmpopenh264\1.7.1\gmpopenh264.info
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-gmpopenh264\1.7.1\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp-gmpopenh264\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\formhistory.sqlite.xhaun
binary
MD5: 6be17be5fc7b354824453468d8675142
SHA256: d34a26d0ec9ff7ca7351822530fd3531aff8287b3823f8fd4ca1e93f0095799b
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp\WINNT_x86-msvc\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\gmp\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\formhistory.sqlite
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\favicons.sqlite
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\favicons.sqlite.xhaun
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\session-state.json.xhaun
binary
MD5: 518d15e5222e24354eb277acca0320c9
SHA256: 2868166438fe984132a47fd267b5b93142590a1e345ba687550082eda560a6b1
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\state.json.xhaun
binary
MD5: e8def5389ca12e7ed7eb1c6ea7291f95
SHA256: 08ff117f144efce22804864b5c3760e207978291a1eefadd176482db7f20e4f7
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions.json.xhaun
binary
MD5: 14c09910a1132c32d9404d2713e88aa7
SHA256: 0737bd370a218553bac45b47c78fcff4f5c906ec6e3a435c06d4cd90655cebb6
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\extensions.json
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\state.json
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\session-state.json
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-09\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-09\1536511076670.6fb1a61f-96c8-4004-a260-a8d32e45a07f.main.jsonlz4.xhaun
binary
MD5: 51cf241221693f9bd2cdfac134105122
SHA256: 15f028d9743f88c17ec2f4dc5d52cdcc87073c259ab75b394601123527e26e15
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-09\1536510464398.048632c6-c96b-486d-b119-7e1a7a9c9e9a.main.jsonlz4.xhaun
binary
MD5: 99c6007a87978f8d1aeaaf7d73b256ac
SHA256: c1f0195a7563204dc2707db6daba88035b92427b65eebc8243d23cff54116563
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-08\1535455254239.6a6d1f6c-b378-42bd-83d4-6375a8d83c94.main.jsonlz4.xhaun
binary
MD5: aa5a64b1aab4bdfcb03076d03f78ce45
SHA256: 9ea103d986833599f059bd9e9df6b0076ed103d5b1aefc50e33099fa77b2964c
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-09\1536510890757.0bd2c0b0-6051-4678-a27c-37f3c0a0c3bf.main.jsonlz4.xhaun
binary
MD5: 3cbbebcda6191e257e5417c18c7118c9
SHA256: 5fe894706ecdfc55eb799735ce8ba928e73fec593f9eb78a8d8e63d9c7a06a8d
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-09\1536511076670.6fb1a61f-96c8-4004-a260-a8d32e45a07f.main.jsonlz4
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-09\1536510890757.0bd2c0b0-6051-4678-a27c-37f3c0a0c3bf.main.jsonlz4
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-09\1536510464398.048632c6-c96b-486d-b119-7e1a7a9c9e9a.main.jsonlz4
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-08\1535454589777.8901d324-d310-406e-8d96-2ba1529e4bea.first-shutdown.jsonlz4.xhaun
binary
MD5: e1f749e626d8240a654f450b5566d58b
SHA256: 5deeccc8aacd4455e376d8fb1ed39f820d29a560389583a312c006466bbad0b1
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-08\1535454589776.07f73e80-2b12-40ae-97b0-fa87f3167670.main.jsonlz4.xhaun
binary
MD5: 5cc606bf67509241f6dbbd8e66249ecb
SHA256: 0bf9066a2ece10cbaa970c5f3d39ec34a8316253823675c34b2230212b0080e9
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-08\1535455254239.6a6d1f6c-b378-42bd-83d4-6375a8d83c94.main.jsonlz4
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-08\1535454589776.07f73e80-2b12-40ae-97b0-fa87f3167670.main.jsonlz4
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-08\1535454589777.8901d324-d310-406e-8d96-2ba1529e4bea.first-shutdown.jsonlz4
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\crashes\store.json.mozlz4.xhaun
binary
MD5: c7ea1381d78c74c4c65147af1706f161
SHA256: 4e038cc831f27893c6658e9fff56b03474a7861b38cd87e76317dccbb8395bad
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-08\1535454581431.ff499cec-8d4b-47de-a059-a9aea3d69a66.main.jsonlz4.xhaun
binary
MD5: f06a2d6183f07a7400a661bd2258f7cf
SHA256: f5d79f9a99f436aa10ebe8887ba45e299f732aae8c285d8ebbebcaf512b3064a
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-08\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-08\1535454589752.05c13197-8f39-40a1-b976-59f6f9c1cc5f.new-profile.jsonlz4.xhaun
binary
MD5: 05dec6863a4048a3ec51b16bb7f351ef
SHA256: 53d295be7f6b1fa58593b5315a04d61184b0e09fc024ed02252fb7f2848842ae
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-08\1535454589752.05c13197-8f39-40a1-b976-59f6f9c1cc5f.new-profile.jsonlz4
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\datareporting\archived\2018-08\1535454581431.ff499cec-8d4b-47de-a059-a9aea3d69a66.main.jsonlz4
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\crashes\store.json.mozlz4
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\content-prefs.sqlite.xhaun
binary
MD5: 47d37f00cb8325caaf6633f7e6d8d233
SHA256: a5c6997f1da5111f47a34b0f0e8d742c974753242e60a7c1385a8299765d2da5
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\crashes\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite.xhaun
binary
MD5: 6a664828dbb978051d7dae7dd4ad5672
SHA256: 8ab5bffceab4d9a1f6f2f21a47ef1d42beebbe0ade1bb9253d08ebf575b1fe94
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\crashes\events\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\content-prefs.sqlite
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\containers.json.xhaun
binary
MD5: f9951e784126cf078558c4cd7b31d2bd
SHA256: e9e38995f696d89adc51068a7705c5df6b9dae1e04111d6eae6434f11c06aaa7
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db.xhaun
binary
MD5: 880e73d2b58481d34a56baad76057f31
SHA256: 70f21d6c0f0b53b97a6f3d885481e90613879fcb437bbcc80a2a015713ad7dca
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\compatibility.ini.xhaun
binary
MD5: 8613024ac0d4736276a4d413a290a0f8
SHA256: f9905704fb68f0fd86694f89ff99389469265b199bad3c01309a4675fca1f5cd
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\containers.json
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\compatibility.ini
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cert9.db
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\blocklists\plugins.json.xhaun
binary
MD5: a352d117305c3e61c24e35907354d549
SHA256: 8737d83333f7ccdd9ea5da3043ca078c318078a9deeb28d70fb966fbcbc51dd1
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\bookmarkbackups\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\blocklists\addons.json.xhaun
binary
MD5: aa532edb487e4e074d1688e1a79af417
SHA256: 307a3a3fd6877959c3a5cf464a017d3d516595f9a8c43d7a678d7992446c9abc
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\bookmarkbackups\bookmarks-2018-08-28_14_uZyx1cMFmZ7ZpL4NneCk2A==.jsonlz4.xhaun
binary
MD5: 90029604a032a464bc45b1ddb3ac5a5b
SHA256: f9fc59b35519efabf45741aa57f8f7c0ab7e7facab084fd8d3d5c3d9f49b8bf8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\bookmarkbackups\bookmarks-2018-08-28_14_uZyx1cMFmZ7ZpL4NneCk2A==.jsonlz4
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\blocklists\plugins.json
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\blocklists\addons.json
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addonStartup.json.lz4.xhaun
binary
MD5: d0beb2da9820c2b8a7be9c57688af0c8
SHA256: 16c35b8d298f30b7dd41ac7917be7ff819d0b536e54e53cc39dcc4423217effc
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\blocklists\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\blocklist.xml.xhaun
binary
MD5: 5cf8bd0923e664a3385db967f4647550
SHA256: 6b2b1d48d5de2dfaa4744882e37aaa9f1ac2229c6d05b81095e2c26a86c64e43
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addonStartup.json.lz4
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\blocklist.xml
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\events\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Pending Pings\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addons.json.xhaun
binary
MD5: 809f9f97e36d6a575b2351f90b4ec23a
SHA256: 81e8f80791bbeac7ff87185e894fd0fc65925cdceaf15d24c9a74a9e17345413
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20180807170231.xhaun
binary
MD5: 7b349445030d1eaf7b8e62c262786d7c
SHA256: a2e27839a5689615d07509896a5edf67821aa4b1b3afe0cb4994f3b1ae81d45d
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Extensions\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\addons.json
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\InstallTime20180807170231
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\UProof\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Word\STARTUP\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Word\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\Normal.dotm.xhaun
binary
MD5: 470c8b89bb57a9e27bab3f66557f10be
SHA256: e1a7a76facf25ac2a1242502cb4b40ce25d7cb6d01cd7ff851bbcd494357a375
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC.xhaun
binary
MD5: 8c8fb8c39093513b056b97e9387651ba
SHA256: 0159213f7c24a2db8b202b1d7e3649fb5b102ac0d82147ff311e9d0c0865c8d6
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Vault\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\NormalEmail.dotm.xhaun
binary
MD5: 603c54b3c7e7b9f7f02aa5f2d32cb396
SHA256: 776033d0563d55aff1214ff9a11fa906fc969af769ce05b28060577f30b0ee4b
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\NormalEmail.dotm
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\Access Parts\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\Access Parts\1033\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\LiveContent\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Stationery\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Speech\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\slimcore-0-4223384469.blog.xhaun
binary
MD5: 2f16ce4ad9083cc5c1f46c727506f5d3
SHA256: 80ec4208527a6380c66b6d8a31f52f0e780e901e1c0ad686d6153ac8d875aed1
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\SystemCertificates\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Templates\LiveContent\Managed\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\slimcore-0-4223384469.blog
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\main.db.xhaun
binary
MD5: e2b27551fd655c266d9e42b0ca94359b
SHA256: d7190752a01f8f04702895471fe51c8d1c857649c5b30dc4464ee983ed904149
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\config.xml.xhaun
binary
MD5: 03bafe1669344a3ab6d0cfbb62342f70
SHA256: d31938ac3e43a649e3494a73346e2089b9e8463c56f0f3acb953cba398a72bd5
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\shared.xml.xhaun
binary
MD5: 5c86dd00e8be4391c262e142e6a53c52
SHA256: ea843936bf741a729df6d2fe1c88948d80954d566bcd4821eb0cadd4a3b40302
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\main.db-journal.xhaun
binary
MD5: 6275dd2cd6270f8a5bfce28e0abffe82
SHA256: d72dbf5eb436cd1781697a23948a77b95618bc6024c1ee4643a90eac98cae09c
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\main.db-journal
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\main.db
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\shared.xml
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\config.xml
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\offline-storage.data-wal.xhaun
binary
MD5: 2420c63050d172bd3a04ec9221a8692b
SHA256: f3a49e6740eab8f99fc1e3b1cef7e7a4055147218a56f62387271a400ff0b5b8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\live#3agabriel.radrigos\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\offline-storage.data-wal
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\offline-storage.data-shm.xhaun
binary
MD5: 534e6072e79ab1e1660b38b0c331f56c
SHA256: 3a0597c0834b297e3736e43355d16b43bc0748875c3e2e659ea9bbbac378cfc6
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\QuotaManager.xhaun
binary
MD5: c959978a7c3172efbb6853eb04e74f54
SHA256: 8ecfef3d3eed80e256f8cf975c070d2b71625fb19a5c352add4ca2b5657f6334
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\offline-storage.data.xhaun
binary
MD5: 2e92e52b3d87b462be5ca5b320e979dd
SHA256: 2232b0e485a28a371ce9688250d883a304f152a1615116c4293b5177e1c58551
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\settings.json.xhaun
binary
MD5: c462c5d33f1b529a9cc98aea74dd5548
SHA256: efe74266616885dfdd2052140bc0a7f4d9a2fd48bc45c4525d803b75fe06a357
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\QuotaManager
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\offline-storage.data-shm
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\settings.json
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\skylib\DataRv\offline-storage.data
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype.msrtc-1-1870167131.blog.xhaun
binary
MD5: 018e56f32df5bf585400fcf17467a175
SHA256: 99a2912a4aee658432cc49366df64e1e3707972d7bb444a516618ef65659a7c4
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype_MediaStackETW-2018.34.1.3-UVA-x86release-U.etl.bak.xhaun
binary
MD5: cfdf85b00ea7136d4da9fd07985ec260
SHA256: 570fc2f39cbc325fa5f1e1601c1f76d7d616f2a8f2f6602423a1a8b45519556f
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype_MediaStackETW-2018.34.1.3-UVA-x86release-U.etl.xhaun
binary
MD5: f67b466cc2716f1ef8e5ff816a08c528
SHA256: bae6c500497ef07df07e505b993f88b20aa7f21cbfe43d52edd6b1abbd384510
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Preferences.xhaun
binary
MD5: af48eb110e13b0a2e48a4524fb623c4a
SHA256: 55a03de894326cfcc830437477fe6b4e2c0ef87b548071890308a73f19cfa879
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype.msrtc-1-1870167131.blog
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Preferences
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype_MediaStackETW-2018.34.1.3-UVA-x86release-U.etl.bak
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype_MediaStackETW-2018.34.1.3-UVA-x86release-U.etl
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype.msrtc-0-2576771366.blog.xhaun
binary
MD5: 469b7954defb22a3f03a4f8f11925cf3
SHA256: 8b94764f987ccbe8bf71f91f53338afec1f3bdab7ac9db99435c838b5497bc82
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\logs\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\MANIFEST-000001.xhaun
binary
MD5: 0bf69bf8a246695d01a6d04f18bf89bc
SHA256: 95b959d056df3ec375ef1cfcac555c5cb69469e9622c51a132d1d029d0b6d503
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\LOG.old.xhaun
binary
MD5: ee77313282a2a680783dfbc61f95645e
SHA256: e4dcd96939fe91bddf85dd9f7a3fd708a35353dd463858aca5bcdb1dbf782d3e
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\media-stack\Skype.msrtc-0-2576771366.blog
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\MANIFEST-000001
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\LOG.old
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000005.ldb.xhaun
binary
MD5: b619832efb553e66794dc53c4b6ad077
SHA256: f6563eae7447a71c1f6c5a6e6bf022347dbd6ae1410bfe57dfffb98e88201db4
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000018.ldb.xhaun
binary
MD5: 81b24415558464d129361545e7b26161
SHA256: 20b1b2794cdc1c0351ed458931e5e3f7b2a6be3a1bc55a2d335dd91c29adf376
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\LOG.xhaun
binary
MD5: abaaa20318876d6c8389bf2b0263cf3c
SHA256: ba01270055368d797098bec0d0a9c65cf963b116290594e2026930530e685534
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000017.log.xhaun
binary
MD5: d653425c4f3dc6071ddc36170ab0f311
SHA256: c77b99dc29d44d17cc3e24db3cb6407b898929a1a0dfb2e725c190f94078f642
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\CURRENT.xhaun
binary
MD5: 99b457af88dbf884a9902c97fb5d7652
SHA256: ba70c1ec961c2a1f0f1c605a32a3d4b0c92581e937ddca27aba490f4cd6e56c0
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000018.ldb
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000017.log
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\LOG
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\CURRENT
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\000005.ldb
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\leveldb\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\LOG.xhaun
binary
MD5: 577ca051f19af88fa9055ce19e7d2494
SHA256: aec5a3dfa062b5687659d4783043f99425c54c724fe9ecbe9fd105a0903063f3
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Local Storage\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\CURRENT.xhaun
binary
MD5: 9ebfc5044e3894e547e205d45c499eb0
SHA256: 8116e1a9c67ddfae1be919c741bf49aae9e2f77389ef25b193ccbd290e72a80a
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\LOG.old.xhaun
binary
MD5: 7fc5b65a075e95c64406d51d1be9b694
SHA256: f79c57d7bd44c7b3123da8f758b22d49664c845b040944f0c2e6c0a16157e1a1
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\MANIFEST-000001.xhaun
binary
MD5: 3788282f04c7cd067cb3ad8bf4bf86a3
SHA256: d6c49f89c9870945db1531dbf89b005ee44902c209d8497f355354523aa1efad
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\LOG
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\LOG.old
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\MANIFEST-000001
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\CURRENT
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\000003.log.xhaun
binary
MD5: 0ee3fae1b4e082e86b45700e6b6bee67
SHA256: 0f04ab91de1f6b4795e7b269a831dbde7bf0e55c9525578a420eef5c231e54cc
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\000003.log
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\file__0.indexeddb.leveldb\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\ecscache.json.xhaun
binary
MD5: d12768131bbfcb9093aa1a0ecb76ea22
SHA256: 124ed12cf3855ba446a02fc66abe5e2dbd36a682e1d465b79185dd439e4e3c73
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\IndexedDB\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\ecscache.json
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\databases\Databases.db.xhaun
binary
MD5: 54ff10eca13a7fbe405488927fa3b21c
SHA256: 65f5d949527832c5b0b0b24790d4ea725a108dc4a795b7b09d8ef88643464d76
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\dictionaries\en-US.bdic.xhaun
binary
MD5: c2af988a616369b3127f6e4623e068ed
SHA256: 059817838b5dcd0d1779cd7713c0c6682a5abc546ff74a00e5597fc2cc1db4e1
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\dictionaries\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\device-info.json.xhaun
binary
MD5: d0b472203c3e7c63ed44a781c8402f9b
SHA256: b1613f586333bff3a0569ad8d16b3d456e40a6544b60834b7b965dd6ee7b2842
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\dictionaries\en-US.bdic
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\device-info.json
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\databases\Databases.db
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\databases\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\index.xhaun
flc
MD5: 28a968b45f5e0fd33b78f84248d5b38d
SHA256: cedbca343d6f7727668b9376e045155c838102857ec38f8471dc0b2d05a2356d
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cookies.xhaun
binary
MD5: 81ddfc04bba0fb3c314d9a5989d55eb5
SHA256: 0befc4e47bf9d73e2cd2b3e2adce57be865f542e92503025f44c3a750a0445ed
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cookies
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\index
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000002.xhaun
binary
MD5: 450acc0a1981da8c0ca273fbc73135b0
SHA256: 2d7496482a329ade8bd277124a4e5893cf39d41affef06a2d325190925766eb6
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000001.xhaun
binary
MD5: f2306a6ea972f920b1f329a1114b8921
SHA256: c676e746b2d36999ac9d54293a6a89e2cb4382a235f74237ab317af83f6ee920
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000004.xhaun
binary
MD5: 7fab33cdf6dadaeb0115d55cd6e1b12f
SHA256: dccf4c1b03f39b9c1b084651d7939df1838198bea79a1874261f13636c46a770
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000003.xhaun
binary
MD5: 0111ee52286f17a133daf7f29379f9c0
SHA256: 9a498ed382632825f15e47ce1e1810beb0c6b6a845d6409fa4b5903ce6c2747e
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000002
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000004
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000003
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\f_000001
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_3
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_3.xhaun
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_2.xhaun
binary
MD5: 0fffbcb7c04224418802a59d3a1ed271
SHA256: 5227e76ab3a5cf7fe23c38458197b3e208a100a89cf65004eeaf2977a0573b9d
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_2
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_0.xhaun
binary
MD5: 9605e29e144b52155ac3b6533ae5ddd3
SHA256: 72e32b7d78315cf91ad9039b021e7b9e5770abdbf640903b1b820ade3febb1b0
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_1.xhaun
binary
MD5: 2fd420d45d180c0106e60629442c9d7f
SHA256: 002414d3ab1b21ddc6349c9b17ad4346d4b4f9922058e2a7df539a2b244c9df5
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_1
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\data_0
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\Cache\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\Preferred.xhaun
binary
MD5: 2cf641e82c2fb8f8a3c5d2e0230c3d95
SHA256: b70b572e16184196c909c438e5ed392c8511abc97513280063d0bd77dfb5aedf
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\54ba308a-6a9a-4e0e-b137-b89d3579498b.xhaun
binary
MD5: c0b48272b82ca5bc198ee6334ea32af9
SHA256: 4d8bf2d3ce37165ad04a18bf4cadc1b82685d3ddd148420a4dab9017e4546bbc
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Publisher\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Skype for Desktop\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Signatures\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Publisher Building Blocks\ContentStore.xml.xhaun
binary
MD5: 1356802e95b6aeeca52604fa8c362c31
SHA256: 561023872e49bff0deaa5af792fe7f94771338501aeb31abd676d7d3c3752ce3
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Publisher Building Blocks\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Publisher Building Blocks\ContentStore.xml
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\Preferred
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\54ba308a-6a9a-4e0e-b137-b89d3579498b
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\PowerPoint\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\29fd2168-360f-422a-a685-e6961ea74ba8.xhaun
binary
MD5: 838ddac91c14d8b9e467fc07cd712765
SHA256: 066c0f7534233f412a4e2c281c164779a7545eb4c9f1fd94b58ab1d927d83a36
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\test.xml.xhaun
binary
MD5: a7b3b4cd9a360bc08dcc225ec25b5a26
SHA256: 36ce21309de7f6f54333236310a9161e6119782b8e76abfaa3b07fe1561054c5
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Proof\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\test.srs.xhaun
binary
MD5: 62aa29d414005bc4f5b671de82a16ea1
SHA256: c2694d2150f7c3390b4d134b2684c04abe3ca2bf6825a6a79fd2e6e3b1535ae5
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\CREDHIST.xhaun
binary
MD5: e6a8a6bd15013d37710782dc71c0dde9
SHA256: c1bc9cde94f74d2a34aed2b708edceedfc002a86e68cf08c707766bddeac593b
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-1302019708-1500728564-335382590-1000\29fd2168-360f-422a-a685-e6961ea74ba8
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Protect\CREDHIST
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\test.xml
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\test.srs
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\OneNote\14.0\Preferences.dat.xhaun
binary
MD5: c3c3479d7aace8e0e10feb39952beb28
SHA256: 9dc2d209b6ba419eaa197ec57300341124707bf277bcfe77cdd0b7bb09d048c9
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\Outlook.srs.xhaun
binary
MD5: 63013db949696630d6a6da978e848e0c
SHA256: 0f12870529dd00cdb6b7059ee0c501e983dd64dafa678571c2ccf726065189e3
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\Outlook.xml.xhaun
binary
MD5: db0ce23e1afae66b7c268cb9e2e6e6c5
SHA256: 4952de17e21825a0ed09379b9f3af08c588d76e4605235c3af207d180f55c31b
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\NoMail.xml.xhaun
binary
MD5: 5f9986af17f65c51f4cedae29e5ab0d7
SHA256: c68a3394ac186e82e410bb2ccfcd4ce4a4a956cc436f7dbe62d43021b76c7d2d
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\OneNote\14.0\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\Outlook.xml
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\Outlook.srs
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\OneNote\14.0\Preferences.dat
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Outlook\NoMail.xml
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\MMC\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Office\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Network\Connections\Pbk\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Office\MSO1033.acl.xhaun
binary
MD5: e53f18c53026dc8770bb139a99c70f53
SHA256: c1b68f4c2792ab091352493acb05754f7e65b61ac9ac276ce1ef34961d9bc71a
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\OneNote\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Network\Connections\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\MMC\taskschd.xhaun
binary
MD5: f43451d3016844b72b902d89008c86bb
SHA256: d4018ac14e9c8b6588d6c4326abcdd1ec5c519f28cb0db94987f7f107cf87bf4
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Network\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Office\MSO1033.acl
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\MMC\taskschd
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Excel\XLSTART\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\HTML Help\hh.dat.xhaun
binary
MD5: 02db14750990812c89cc2e886291353b
SHA256: 45e0ad206b1e082c707bc19d01962be7f873443190a90847afb1113325742d8c
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\HTML Help\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\Built-In Building Blocks.dotx.xhaun
binary
MD5: a602f43315a451ad55ed7fd9a0bb10db
SHA256: 837311af50c593306d9cc9e53c1940bcebfc4a7e6f7a7c6bf3304401a9c56938
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Excel\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\HTML Help\hh.dat
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\Built-In Building Blocks.dotx
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Document Building Blocks\1033\14\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Document Building Blocks\1033\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Document Building Blocks\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\a551dda6b1d5ee0d0c4637af6c004413_90059c37-1320-41a4-b58d-2b75a9850d2f.xhaun
binary
MD5: 70245ec790a2c34d8912eedec09c9af9
SHA256: ad030f918bbd31add3a64aa62e2953b1f645938325b6438dfa2d81a9aa984da6
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\c43c9d3341c1ddc712bbe39db3c78fa5_90059c37-1320-41a4-b58d-2b75a9850d2f.xhaun
binary
MD5: f5876353b91b7f13e87305cb5cd443f4
SHA256: 3168659b6a4c2b4cf6908aac3e183e0dfbeb4bf80ed687b4456c1656e7135ede
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\a551dda6b1d5ee0d0c4637af6c004413_90059c37-1320-41a4-b58d-2b75a9850d2f
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\c43c9d3341c1ddc712bbe39db3c78fa5_90059c37-1320-41a4-b58d-2b75a9850d2f
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\7be1242ebc44e45985bd1ffa382e997c_90059c37-1320-41a4-b58d-2b75a9850d2f.xhaun
binary
MD5: 385745de6813e68a540b5f635b08a9a4
SHA256: d03a072b6515f2a1218b37dede94107a54aa557e4055d7c35543865106449543
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\1f91d2d17ea675d4c2c3192e241743f9_90059c37-1320-41a4-b58d-2b75a9850d2f.xhaun
binary
MD5: 91279a026b74a42c9c0314af6f55675d
SHA256: 538be014efe4e0ea1d4517604795e525eac9880e68a46007a2aac29bee5004e7
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\0f5007522459c86e95ffcc62f32308f1_90059c37-1320-41a4-b58d-2b75a9850d2f.xhaun
binary
MD5: b61ada1032bbbe144a0ab2d89048e956
SHA256: 708baef9ac35dbfed25499bff89b8d3baf203bfd5f73f7ae7358bd87c3628932
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Credentials\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\7be1242ebc44e45985bd1ffa382e997c_90059c37-1320-41a4-b58d-2b75a9850d2f
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\1f91d2d17ea675d4c2c3192e241743f9_90059c37-1320-41a4-b58d-2b75a9850d2f
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\0f5007522459c86e95ffcc62f32308f1_90059c37-1320-41a4-b58d-2b75a9850d2f
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Identities\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\FileZilla\filezilla.xml.xhaun
binary
MD5: d3d1f2eec93a68973e89fdbcaebda5f4
SHA256: 60fc06cb64e2845f7801c4c8cf59e7482822b8364d5db90b35a0b0216d2251a3
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\FileZilla\queue.sqlite3.xhaun
binary
MD5: af1399ea56534237511a587ca8f1770f
SHA256: f61abed62ede7d4988705f7e5e51381aa8679fa59ea0e13110efcb4616bcbd26
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Media Center Programs\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\AddIns\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Identities\{E4CE17A7-FC47-4CD1-8FF6-45436C8F45DB}\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\FileZilla\layout.xml.xhaun
gpg
MD5: 2174dfaf12d84babc32d3024ddf3dee6
SHA256: 938508558f88d1b8f520c13141d838d5c2c556aa8f4a215483cf17bb4a0532e0
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\FileZilla\layout.xml
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\FileZilla\queue.sqlite3
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_AcroARM2_Reader_2274f67c-7a7f-45e3-a23e-aa35d5b91e00_02f147fa-0489-4885-b993-ed9936fcacc0_0.rdy.xhaun
binary
MD5: 453332609a761cc6bea2c8da5f769cf5
SHA256: 36c74f93fb1f6bb838cde4f7bb7be8d899a6b06b40722bc94a6fc643fbd1a9bd
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Adobe\Sonar\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\FileZilla\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_HeadlightsOptinProductFamily_HeadlightsOptinProduct_00000000-0000-0000-0000-000000000000_dc2ece58-8a8b-40bf-98c2-48039a3392bd.log.xhaun
binary
MD5: 41d2c9f9f4762c6a0504088173dcb774
SHA256: f8f518ec4a0180134d7e05364a2b260eb4eb574c9a72407a87174ccc18d30eee
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\LogTransport2.cfg.xhaun
binary
MD5: b6fa9f3618c25f65f5c85994fb25ac4d
SHA256: 39d31450875daf8377fb9b218b0a682eb64a8e2f91a7ae9834ba985b6c552bec
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Adobe\Sonar\Sonar1.0\sonar_policy.xml.xhaun
binary
MD5: 5fbd403dafdd941618825055f9190a0d
SHA256: 2aa1995b6e8aed5af3b9b500c4bd767887c5f08bde7bb05eecd9c4f7ef139ef3
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Adobe\Sonar\Sonar1.0\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Adobe\Sonar\Sonar1.0\sonar_policy.xml
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\FileZilla\filezilla.xml
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\LogTransport2.cfg
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_HeadlightsOptinProductFamily_HeadlightsOptinProduct_00000000-0000-0000-0000-000000000000_dc2ece58-8a8b-40bf-98c2-48039a3392bd.log
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\AssetCache\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Adobe\Headlights\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_AcroARM2_ARM2Update_2274f67c-7a7f-45e3-a23e-aa35d5b91e00_fea03e67-af51-4fcb-b57f-c238867edb9b_0.log.xhaun
binary
MD5: 44403b0716e74ab19642bfe38ff59fcd
SHA256: 5f4a6187e99101f6e29de8d4cfdbe12717eb9811d54fe2a5f5339f3cdfc5e8e3
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Adobe\Linguistics\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\AssetCache\J7D4H966\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Adobe\Flash Player\NativeCache\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_AcroARM2_Reader_2274f67c-7a7f-45e3-a23e-aa35d5b91e00_02f147fa-0489-4885-b993-ed9936fcacc0_0.rdy
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_AcroARM2_ARM2Update_2274f67c-7a7f-45e3-a23e-aa35d5b91e00_fea03e67-af51-4fcb-b57f-c238867edb9b_0.log
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl.xhaun
binary
MD5: 1aefe6944c4054b994f5a6d17e16f38c
SHA256: c69b03638d8e74510b942ab13a6d92191cc463945e2f4d12b698980cd91129e4
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl.xhaun
binary
MD5: 4714665232e786431dbebc102d39813c
SHA256: 5b1845b746bace5602f61f55dc7c7c86f42f77c5f1806dc9f222104f579e0f81
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings.xhaun
binary
MD5: 67b6344e9401e54e0fcd40cdddf3de9d
SHA256: fb1e9839a2ff0abef62f08037ab06da256c02af0e0640255ccfc3cba77be0462
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata.xhaun
binary
MD5: d6f713ac33c11472b403625f17dcdf16
SHA256: 3af5cd151ee0268968a8e548646192802dea01afa43bba537be463fe51a93f24
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\JSCache\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Forms\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Adobe\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Collab\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData.xhaun
binary
MD5: c000d2199af49f4280a02d9ff68889fc
SHA256: 817fb79a375498d378c1b6c1b1bd60d5c031d41596f1a9a197066236b4709a01
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp.xhaun
binary
MD5: 7b930fb935f5069d69bcf80e9e7e5457
SHA256: ae89b14b03cfd1d2d7f6b77ef7f1a0e8e04dd5ed58345c8a6c930546687a3ba8
2772
wermgr.exe
C:\Users\admin\.oracle_jre_usage\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\$Recycle.Bin\S-1-5-21-1302019708-1500728564-335382590-1000\XHAUN-DECRYPT.txt
text
MD5: 7d10ec9b55c69e9c43b68c98d05025de
SHA256: bacac2216c222b7d430760fe0f54a7a864fcc6097b184d199c1b0418abf9c8d8
2772
wermgr.exe
C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp
––
MD5:  ––
SHA256:  ––
3420
dsoyaltj.exe
C:\Users\admin\AppData\Local\Temp\Liebert.bmp
––
MD5:  ––
SHA256:  ––
2772
wermgr.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: 2d0e2c01825f5df1fab86531ee21a5c2
SHA256: 5108d3e185e5f5d089a3229de2aeabe7933a6aaea73dfbd61c632265062b75db

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
127
TCP/UDP connections
119
DNS requests
110
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2772 wermgr.exe POST 510 78.46.98.73:443 https://www.2mmotorsport.biz/content/imgs/imzuim.gif DE
text
html
malicious
2772 wermgr.exe POST 404 217.26.53.161:443 https://www.haargenau.biz/content/assets/soamzukamo.png CH
text
xml
malicious
2772 wermgr.exe POST 404 74.220.215.73:443 https://www.bizziniinfissi.com/content/image/sethmoso.png US
text
html
malicious
2772 wermgr.exe POST 510 136.243.13.215:443 https://www.holzbock.biz/data/images/sezu.png DE
text
html
malicious
2772 wermgr.exe POST 404 46.30.45.85:443 https://www.fliptray.biz/content/pictures/ruesfu.jpg RU
text
html
malicious
2772 wermgr.exe POST 404 192.185.159.253:443 https://www.pizcam.com/wp-content/tmp/sodake.jpg US
text
html
malicious
2772 wermgr.exe POST 404 83.138.82.107:443 https://www.swisswellness.com/uploads/tmp/seessesoso.jpg DE
text
html
malicious
2772 wermgr.exe POST –– 212.59.186.61:443 https://www.hotelweisshorn.com/includes/pics/kemezumo.jpg CH
text
––
––
malicious
2772 wermgr.exe POST 404 83.166.138.7:443 https://www.whitepod.com/wp-content/pics/kemeesdade.gif CH
text
html
malicious
2772 wermgr.exe POST 404 69.16.175.10:443 https://www.hardrockhoteldavos.com/wp-content/image/meda.bmp US
text
html
malicious
2772 wermgr.exe POST 404 104.24.23.22:443 https://www.belvedere-locarno.com/wp-content/images/keesdekemo.jpg US
text
html
malicious
2772 wermgr.exe POST 404 80.244.187.247:443 https://www.hotelfarinet.com/content/pictures/darues.png GB
text
html
malicious
2772 wermgr.exe POST 404 217.26.53.37:443 https://www.hrk-ramoz.com/uploads/imgs/damosehefuth.jpg CH
text
xml
malicious
2772 wermgr.exe POST –– 212.59.186.61:443 https://www.morcote-residenza.com/news/pictures/sekazu.png CH
text
––
––
malicious
2772 wermgr.exe POST 301 136.243.162.140:443 https://www.seitensprungzimmer24.com/includes/assets/thes.jpg DE
text
html
malicious
2772 wermgr.exe GET 404 136.243.162.140:443 https://seitensprungzimmer24.com/includes/assets/thes.jpg DE
html
malicious
2772 wermgr.exe POST 302 213.186.33.5:443 https://www.arbezie-hotel.com/includes/assets/sehede.gif FR
text
html
malicious
2772 wermgr.exe GET 404 213.186.33.50:80 http://www.arbezie.com/includes/assets/sehede.gif FR
html
suspicious
2772 wermgr.exe POST 404 217.26.55.5:443 https://www.aubergemontblanc.com/news/pics/fumoke.bmp CH
text
xml
malicious
2772 wermgr.exe POST 404 93.88.241.198:443 https://www.torhotel.com/wp-content/tmp/damomoth.bmp CH
text
html
malicious
2772 wermgr.exe POST 404 83.137.114.198:443 https://www.alpenlodge.com/data/images/zumoes.png AT
text
html
malicious
2772 wermgr.exe POST 301 79.170.40.230:443 https://www.aparthotelzurich.com/data/imgs/seimdazu.jpg GB
text
html
malicious
2772 wermgr.exe GET –– 199.34.228.59:443 https://www.aparthotelzurich.ch/ US
––
––
malicious
2772 wermgr.exe GET 301 199.34.228.59:80 http://www.aparthotelzurich.ch/ US
html
malicious
2772 wermgr.exe POST –– 199.34.228.70:443 https://www.bnbdelacolline.com/static/pics/somoketh.jpg US
text
––
––
malicious
2772 wermgr.exe POST 301 80.74.144.93:443 https://www.elite-hotel.com/uploads/tmp/kemekefu.jpg CH
text
html
malicious
2772 wermgr.exe GET 404 80.74.144.93:443 https://elite-hotel.com/uploads/tmp/kemekefu.jpg CH
html
malicious
2772 wermgr.exe POST 405 213.186.33.17:443 https://www.bristol-adelboden.com/wp-content/pics/thkehe.gif FR
text
image
malicious
2772 wermgr.exe POST 301 94.126.23.52:443 https://www.nationalzermatt.com/uploads/graphic/esdafu.gif CH
text
html
malicious
2772 wermgr.exe GET 301 94.126.23.52:443 https://www.hotelnationalzermatt.ch/uploads/graphic/esdafu.gif CH
html
malicious
2772 wermgr.exe GET 301 94.126.23.52:443 https://www.nationalzermatt.ch/uploads/graphic/esdafu.gif CH
html
malicious
2772 wermgr.exe GET 404 94.126.23.52:443 https://nationalzermatt.ch/uploads/graphic/esdafu.gif CH
html
malicious
2772 wermgr.exe POST 403 18.202.150.104:443 https://www.waageglarus.com/news/images/dase.jpg US
text
html
malicious
2772 wermgr.exe POST 302 192.185.85.119:443 https://www.limmathof.com/content/pictures/amzuammoda.gif US
text
––
––
malicious
2772 wermgr.exe GET 200 192.185.85.119:443 https://www.limmathof.com/404.html US
html
malicious
2772 wermgr.exe POST 404 217.26.60.27:443 https://www.apartmenthaus.com/static/graphic/amkaso.bmp CH
text
html
malicious
2772 wermgr.exe POST 404 80.74.145.65:443 https://www.berginsel.com/content/tmp/kadekake.gif CH
text
html
malicious
2772 wermgr.exe POST 404 54.72.52.102:443 https://www.chambre-d-hote-chez-fleury.com/data/graphic/fuimdaso.bmp IE
text
html
malicious
2772 wermgr.exe POST 404 54.72.52.102:443 https://www.hotel-blumental.com/wp-content/pictures/eskasoim.png IE
text
html
malicious
2772 wermgr.exe POST 404 185.60.216.35:443 https://www.facebook.com/wp-content/pictures/rukesoth.bmp IE
text
html
whitelisted
2772 wermgr.exe POST 404 173.212.202.129:443 https://www.la-fontaine.com/content/imgs/thesth.jpg DE
text
html
malicious
2772 wermgr.exe POST 404 52.31.170.172:443 https://www.mountainhostel.com/static/image/fues.jpg IE
text
html
malicious
2772 wermgr.exe POST 405 185.199.108.153:443 https://www.hotelalbanareal.com/includes/tmp/momozuke.jpg NL
text
html
malicious
2772 wermgr.exe POST –– 185.81.1.20:443 https://www.luganohoteladmiral.com/static/pics/hemezu.gif IT
text
––
––
malicious
2772 wermgr.exe POST 301 104.31.72.20:443 https://www.bellevuewiesen.com/content/pics/amso.bmp US
text
html
malicious
2772 wermgr.exe GET 404 104.31.72.20:443 https://bellevuewiesen.com/content/pics/amso.bmp US
html
malicious
2772 wermgr.exe POST 404 213.186.33.4:443 https://www.hoteltruite.com/includes/graphic/mofufumoth.jpg FR
text
html
malicious
2772 wermgr.exe POST –– 185.51.191.29:443 https://www.hotelgarni-battello.com/data/tmp/rurufudahe.bmp HU
text
––
––
malicious
2772 wermgr.exe POST 404 149.126.4.15:443 https://www.seminarhotel.com/content/images/zuda.jpg CH
text
html
malicious
2772 wermgr.exe POST 301 80.74.149.162:443 https://www.kroneregensberg.com/includes/graphic/fuhezu.jpg CH
text
––
––
malicious
2772 wermgr.exe GET 302 80.74.149.162:80 http://kroneregensberg.com/ CH
––
––
malicious
2772 wermgr.exe POST 404 217.26.54.189:443 https://www.puurehuus.com/news/pictures/soamseda.jpg CH
text
xml
malicious
2772 wermgr.exe GET –– 80.74.149.162:80 http://kroneregensberg.com/de/ CH
––
––
malicious
2772 wermgr.exe POST 400 52.17.9.185:443 https://www.hotel-zermatt.com/news/image/fuhehe.gif IE
text
––
––
malicious
2772 wermgr.exe POST 404 185.62.170.1:443 https://www.stchristophesa.com/data/pics/kafume.bmp CH
text
html
malicious
2772 wermgr.exe POST 403 104.108.56.45:443 https://www.nh-hotels.com/wp-content/graphic/kaseka.gif NL
text
html
whitelisted
2772 wermgr.exe POST 406 80.74.155.10:443 https://www.schwendelberg.com/content/tmp/sodafu.png CH
text
html
malicious
2772 wermgr.exe POST 302 194.246.118.10:443 https://www.stalden.com/data/images/daamruthda.png CH
text
html
malicious
2772 wermgr.exe GET 200 194.246.118.10:443 https://www.stalden.com/index.cfm? CH
html
malicious
2772 wermgr.exe POST 404 213.129.84.57:443 https://www.vignobledore.com/content/graphic/fukezu.jpg GB
text
html
malicious
2772 wermgr.exe GET 301 194.246.118.10:80 http://www.stalden.com/index.cfm CH
html
malicious
2772 wermgr.exe POST 404 217.26.61.109:443 https://www.eyholz.com/static/pics/ames.gif CH
text
html
malicious
2772 wermgr.exe POST 301 153.92.202.124:443 https://www.flemings-hotel.com/static/image/sehedese.jpg DE
text
html
malicious
2772 wermgr.exe GET 404 153.92.202.124:443 https://www.flemings-hotels.com/static/image/sehedese.jpg DE
html
malicious
2772 wermgr.exe GET 301 153.92.202.124:80 http://www.flemings-hotel.com/static/image/sehedese.jpg DE
html
malicious
2772 wermgr.exe POST 404 81.23.73.70:443 https://www.hiexgeneva.com/data/imgs/kerueszu.gif CH
text
html
malicious
2772 wermgr.exe POST 404 195.141.45.95:443 https://www.petit-paradis.com/static/pics/thkeesfu.jpg CH
text
html
malicious
2772 wermgr.exe POST 404 185.92.220.44:443 https://www.berghaus-toni.com/static/pics/thruamse.gif NL
text
html
malicious
2772 wermgr.exe POST 404 193.246.38.196:443 https://www.hotelglanis.com/includes/assets/sode.gif CH
text
html
malicious
2772 wermgr.exe POST 302 213.186.33.16:443 https://www.16eme.com/includes/images/rukaso.gif FR
text
––
––
malicious
2772 wermgr.exe GET 200 213.186.33.16:443 https://16eme.com/?by_user=31.204.155.49&ref_url=/includes/images/rukaso.gif FR
html
malicious
2772 wermgr.exe POST 200 81.169.242.208:443 https://www.staubbach.com/news/image/seamsodees.bmp DE
text
html
malicious
2772 wermgr.exe POST 404 89.107.184.10:443 https://www.samnaunerhof.com/data/pictures/dethdeim.gif DE
text
html
malicious
2772 wermgr.exe POST 301 217.26.54.21:443 https://www.airporthotelbasel.com/content/graphic/keamdeda.jpg CH
text
––
––
malicious
2772 wermgr.exe GET 404 217.26.54.21:443 https://www.airporthotelbasel.com/en/content/graphic/keamdeda.jpg CH
html
malicious
2772 wermgr.exe POST 404 94.126.23.52:443 https://www.elite-biel.com/includes/graphic/kedeam.png CH
text
html
malicious
2772 wermgr.exe POST 404 188.165.51.93:443 https://www.aubergecouronne.com/news/images/esdekaim.png FR
text
html
malicious
2772 wermgr.exe POST 404 80.74.153.84:443 https://www.le-saint-hubert.com/content/graphic/esmeam.png CH
text
html
malicious
2772 wermgr.exe POST 404 193.246.63.157:443 https://www.bonmont.com/content/tmp/eskefuam.png CH
text
html
malicious
2772 wermgr.exe POST 404 149.126.4.89:443 https://www.cm-lodge.com/static/images/eskadahe.bmp CH
text
html
malicious
2772 wermgr.exe POST 404 54.194.135.189:443 https://www.experimentalchalet.com/data/graphic/kesoru.png IE
text
html
malicious
2772 wermgr.exe POST 301 83.166.138.8:443 https://www.guardagolf.com/includes/image/mese.png CH
text
––
––
malicious
2772 wermgr.exe GET 301 83.166.138.8:443 https://guardagolf.com/includes/image/mese.png CH
––
––
malicious
2772 wermgr.exe GET 301 83.166.138.8:80 http://guardagolf.com/ CH
––
––
malicious
2772 wermgr.exe GET 200 83.166.138.8:443 https://guardagolf.com/ CH
html
malicious
2772 wermgr.exe POST 400 5.144.168.210:443 https://www.hotelchery.com/static/pictures/fuzufurumome.jpg IT
text
html
malicious
2772 wermgr.exe POST 301 194.51.187.23:443 https://www.ibis.com/static/image/imfude.gif FR
text
html
malicious
2772 wermgr.exe GET 404 152.195.39.57:443 https://ibis.accorhotels.com/static/image/imfude.gif US
html
whitelisted
2772 wermgr.exe POST 301 193.200.231.4:443 https://www.mercure.com/news/graphic/sedeme.jpg FR
text
html
malicious
2772 wermgr.exe GET 404 152.195.39.57:443 https://mercure.accorhotels.com/news/graphic/sedeme.jpg US
html
whitelisted
2772 wermgr.exe POST 302 195.201.207.213:443 https://www.hotelolden.com/uploads/pics/demo.png RU
text
––
––
malicious
2772 wermgr.exe GET 404 195.201.207.213:443 https://www.hotelolden.com/de/uploads/pics/demo.png/ RU
html
malicious
2772 wermgr.exe POST 404 185.60.216.35:443 https://www.facebook.com/wp-content/pictures/amdaheamde.jpg IE
text
html
whitelisted
2772 wermgr.exe POST 404 46.32.228.22:443 https://www.huusgstaad.com/uploads/graphic/kaesda.png GB
text
html
malicious
2772 wermgr.exe POST 404 188.165.40.130:443 https://www.hotelrotonde.com/content/assets/esfusodame.bmp FR
text
html
malicious
2772 wermgr.exe POST 404 185.58.214.103:443 https://www.relais-crosets.com/uploads/imgs/fuzu.bmp DK
text
html
malicious
2772 wermgr.exe POST 404 83.166.148.69:443 https://www.lerichemond.com/includes/image/memeim.png CH
text
html
malicious
2772 wermgr.exe POST 404 104.24.23.22:443 https://www.hotellido-lugano.com/static/pics/zuka.bmp US
text
html
malicious
2772 wermgr.exe POST 301 45.60.177.25:443 https://www.alimentarium.org/includes/tmp/momokase.gif US
text
––
––
malicious
2772 wermgr.exe GET 404 45.60.177.25:443 https://www.alimentarium.org/en/includes/tmp/momokase.gif US
html
malicious
2772 wermgr.exe POST 404 80.74.149.78:443 https://www.vitatertia.org/uploads/tmp/hedesofuzu.jpg CH
text
html
malicious
2772 wermgr.exe POST 404 149.126.4.66:443 https://www.lassalle-haus.org/includes/tmp/sedetham.bmp CH
text
html
malicious
2772 wermgr.exe POST 404 52.31.170.172:443 https://www.dermann.org/wp-content/pics/eszuru.png IE
text
html
malicious
2772 wermgr.exe POST 301 178.209.55.26:443 https://www.neuhof.org/content/pictures/zudahethmoim.bmp CH
text
––
––
malicious
2772 wermgr.exe GET 404 178.209.55.26:443 https://www.neuhof.org/content/pictures/zudahethmoim.bmp/ CH
html
malicious
2772 wermgr.exe POST 403 18.202.150.104:443 https://www.osteriadelcentro.net/content/images/ruzusothamru.png US
text
html
malicious
2772 wermgr.exe POST 404 128.65.195.143:443 https://www.cantinesurcoux.net/static/pictures/thamesru.jpg CH
text
html
malicious
2772 wermgr.exe POST 404 145.239.37.26:443 https://www.lacommune.net/content/tmp/dasofu.png FR
text
html
malicious
2772 wermgr.exe POST 404 80.74.138.109:443 https://www.hoteldreirosen.net/static/image/thseka.bmp CH
text
html
malicious
2772 wermgr.exe POST 404 80.74.138.109:443 https://www.hoteldreirosen.net/includes/image/zusofuru.bmp CH
text
html
malicious
2772 wermgr.exe POST 404 80.74.138.109:443 https://www.hoteldreirosen.net/wp-content/assets/dees.bmp CH
text
html
malicious
2772 wermgr.exe POST 301 62.2.99.251:443 https://www.disch.mehrmarken.net/news/pictures/kese.gif CH
text
html
malicious
2772 wermgr.exe GET 200 62.2.99.251:443 https://auto-dealer.com/news/pictures/kese.gif CH
html
malicious
2772 wermgr.exe POST 510 88.198.6.106:443 https://www.gemperle.net/news/assets/fufudeimru.bmp DE
text
html
malicious
2772 wermgr.exe POST 301 62.2.99.251:443 https://www.garage-schwyn.mehrmarken.net/wp-content/pictures/zuru.png CH
text
html
malicious
2772 wermgr.exe GET 200 62.2.99.251:443 https://auto-dealer.com/wp-content/pictures/zuru.png CH
html
malicious
2772 wermgr.exe POST 301 62.2.99.251:443 https://www.ueberland-garage.mehrmarken.net/wp-content/assets/morumeda.gif CH
text
html
malicious
2772 wermgr.exe GET 200 62.2.99.251:443 https://auto-dealer.com/wp-content/assets/morumeda.gif CH
html
malicious
2772 wermgr.exe POST 404 193.246.38.196:443 https://www.calisto.net/data/pics/defueskeam.jpg CH
text
html
malicious
2772 wermgr.exe POST 403 185.230.60.186:443 https://www.r-coiffure.net/news/pictures/daeshesose.jpg unknown
text
html
malicious
2772 wermgr.exe POST 403 18.202.150.104:443 https://www.kreatifs.net/static/graphic/sedakemeseim.png US
text
html
malicious
2772 wermgr.exe POST 404 80.74.155.80:443 https://www.nett-coiffure.ch/content/imgs/hesede.bmp CH
text
html
malicious
2772 wermgr.exe POST 404 94.247.24.38:443 https://www.salon-coiffure-geneve.net/content/graphic/sethfu.bmp FR
text
html
malicious
2772 wermgr.exe POST 404 149.126.4.83:443 https://www.farbecht.net/static/pictures/kemohefuimim.bmp CH
text
html
malicious
2772 wermgr.exe POST 404 80.74.142.130:443 https://www.haaratelier.net/content/pics/moim.jpg CH
text
html
malicious
2772 wermgr.exe POST 404 52.2.192.9:443 https://www.von-arx.net/uploads/pics/mome.bmp US
text
html
malicious
2772 wermgr.exe POST –– 149.202.81.123:443 https://www.celi-vegas-avocats.net/content/image/amzuzusoru.jpg FR
text
––
––
malicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2772 wermgr.exe 78.46.98.73:443 Hetzner Online GmbH DE unknown
2772 wermgr.exe 217.26.53.161:443 Hostpoint AG CH malicious
2772 wermgr.exe 74.220.215.73:443 Unified Layer US malicious
2772 wermgr.exe 136.243.13.215:443 Hetzner Online GmbH DE suspicious
2772 wermgr.exe 46.30.45.85:443 Webzilla B.V. RU suspicious
2772 wermgr.exe 192.185.159.253:443 CyrusOne LLC US malicious
2772 wermgr.exe 83.138.82.107:443 hostNET Medien GmbH DE suspicious
2772 wermgr.exe 212.59.186.61:443 green.ch AG CH malicious
2772 wermgr.exe 83.166.138.7:443 Infomaniak Network SA CH malicious
2772 wermgr.exe 69.16.175.10:443 Highwinds Network Group, Inc. US suspicious
2772 wermgr.exe 104.24.23.22:443 Cloudflare Inc US malicious
2772 wermgr.exe 80.244.187.247:443 UKfastnet Ltd GB suspicious
2772 wermgr.exe 217.26.53.37:443 Hostpoint AG CH suspicious
2772 wermgr.exe 136.243.162.140:443 Hetzner Online GmbH DE suspicious
2772 wermgr.exe 213.186.33.5:443 OVH SAS FR malicious
2772 wermgr.exe 213.186.33.50:80 OVH SAS FR suspicious
2772 wermgr.exe 217.26.55.5:443 Hostpoint AG CH suspicious
2772 wermgr.exe 93.88.241.198:443 Infomaniak Network SA CH malicious
2772 wermgr.exe 83.137.114.198:443 Nessus GmbH AT malicious
2772 wermgr.exe 79.170.40.230:443 Host Europe GmbH GB suspicious
2772 wermgr.exe 199.34.228.59:80 Weebly, Inc. US malicious
2772 wermgr.exe 199.34.228.59:443 Weebly, Inc. US malicious
2772 wermgr.exe 199.34.228.70:443 Weebly, Inc. US malicious
2772 wermgr.exe 80.74.144.93:443 METANET AG CH malicious
2772 wermgr.exe 213.186.33.17:443 OVH SAS FR malicious
2772 wermgr.exe 94.126.23.52:443 METANET AG CH suspicious
2772 wermgr.exe 18.202.150.104:443 US unknown
2772 wermgr.exe 192.185.85.119:443 CyrusOne LLC US suspicious
2772 wermgr.exe 217.26.60.27:443 Hostpoint AG CH suspicious
2772 wermgr.exe 80.74.145.65:443 METANET AG CH malicious
2772 wermgr.exe 54.72.52.102:443 Amazon.com, Inc. IE whitelisted
2772 wermgr.exe 185.60.216.35:443 Facebook, Inc. IE whitelisted
2772 wermgr.exe 173.212.202.129:443 Contabo GmbH DE suspicious
2772 wermgr.exe 52.31.170.172:443 Amazon.com, Inc. IE whitelisted
2772 wermgr.exe 185.199.108.153:443 GitHub, Inc. NL shared
2772 wermgr.exe 185.81.1.20:443 Server Plan S.r.l. IT suspicious
2772 wermgr.exe 104.31.72.20:443 Cloudflare Inc US shared
2772 wermgr.exe 213.186.33.4:443 OVH SAS FR suspicious
2772 wermgr.exe 185.51.191.29:443 ACE Telecom Kft HU suspicious
2772 wermgr.exe 149.126.4.15:443 cyon GmbH CH malicious
2772 wermgr.exe 80.74.149.162:443 METANET AG CH suspicious
2772 wermgr.exe 80.74.149.162:80 METANET AG CH suspicious
2772 wermgr.exe 217.26.54.189:443 Hostpoint AG CH suspicious
2772 wermgr.exe 52.17.9.185:443 Amazon.com, Inc. IE malicious
2772 wermgr.exe 185.62.170.1:443 KRIOS Suisse SA CH malicious
2772 wermgr.exe 104.108.56.45:443 Akamai Technologies, Inc. NL whitelisted
2772 wermgr.exe 80.74.155.10:443 METANET AG CH suspicious
2772 wermgr.exe 194.246.118.10:443 Iway AG CH suspicious
2772 wermgr.exe 194.246.118.10:80 Iway AG CH suspicious
2772 wermgr.exe 213.129.84.57:443 The Bunker Secure Hosting Ltd GB suspicious
2772 wermgr.exe 217.26.61.109:443 Hostpoint AG CH malicious
2772 wermgr.exe 153.92.202.124:443 Mittwald CM Service GmbH und Co.KG DE malicious
2772 wermgr.exe 153.92.202.124:80 Mittwald CM Service GmbH und Co.KG DE malicious
2772 wermgr.exe 81.23.73.70:443 VTX Services SA CH suspicious
2772 wermgr.exe 195.141.45.95:443 Sunrise Communications AG CH malicious
2772 wermgr.exe 185.92.220.44:443 Choopa, LLC NL suspicious
2772 wermgr.exe 193.246.38.196:443 Bluewin CH suspicious
2772 wermgr.exe 213.186.33.16:443 OVH SAS FR malicious
2772 wermgr.exe 81.169.242.208:443 Strato AG DE malicious
2772 wermgr.exe 89.107.184.10:443 TelemaxX Telekommunikation GmbH DE malicious
2772 wermgr.exe 217.26.54.21:443 Hostpoint AG CH malicious
2772 wermgr.exe 188.165.51.93:443 OVH SAS FR suspicious
2772 wermgr.exe 80.74.153.84:443 METANET AG CH malicious
2772 wermgr.exe 193.246.63.157:443 Swisscom (Switzerland) Ltd CH suspicious
2772 wermgr.exe 149.126.4.89:443 cyon GmbH CH malicious
2772 wermgr.exe 54.194.135.189:443 Amazon.com, Inc. IE unknown
2772 wermgr.exe 83.166.138.8:443 Infomaniak Network SA CH suspicious
2772 wermgr.exe 83.166.138.8:80 Infomaniak Network SA CH suspicious
2772 wermgr.exe 5.144.168.210:443 SEEWEB s.r.l. IT malicious
2772 wermgr.exe 194.51.187.23:443 Thales Services SAS FR malicious
2772 wermgr.exe 152.195.39.57:443 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
2772 wermgr.exe 193.200.231.4:443 Orange FR malicious
2772 wermgr.exe 195.201.207.213:443 Awanti Ltd. RU malicious
2772 wermgr.exe 46.32.228.22:443 Host Europe GmbH GB malicious
2772 wermgr.exe 188.165.40.130:443 OVH SAS FR suspicious
2772 wermgr.exe 185.58.214.103:443 mono solutions ApS DK suspicious
2772 wermgr.exe 83.166.148.69:443 Infomaniak Network SA CH malicious
2772 wermgr.exe 45.60.177.25:443 US unknown
2772 wermgr.exe 80.74.149.78:443 METANET AG CH malicious
2772 wermgr.exe 149.126.4.66:443 cyon GmbH CH malicious
2772 wermgr.exe 178.209.55.26:443 Nine Internet Solutions AG CH suspicious
2772 wermgr.exe 128.65.195.143:443 Infomaniak Network SA CH suspicious
2772 wermgr.exe 145.239.37.26:443 OVH SAS FR suspicious
2772 wermgr.exe 80.74.138.109:443 METANET AG CH malicious
2772 wermgr.exe 62.2.99.251:443 Liberty Global Operations B.V. CH malicious
2772 wermgr.exe 88.198.6.106:443 Hetzner Online GmbH DE malicious
2772 wermgr.exe 185.230.60.186:443 –– malicious
2772 wermgr.exe 80.74.155.80:443 METANET AG CH suspicious
2772 wermgr.exe 94.247.24.38:443 ELB Multimedia SARL FR suspicious
2772 wermgr.exe 149.126.4.83:443 cyon GmbH CH suspicious
2772 wermgr.exe 80.74.142.130:443 METANET AG CH malicious
2772 wermgr.exe 52.2.192.9:443 Amazon.com, Inc. US suspicious
2772 wermgr.exe 149.202.81.123:443 OVH SAS FR suspicious

DNS requests

Domain IP Reputation
www.2mmotorsport.biz 78.46.98.73
malicious
www.haargenau.biz 217.26.53.161
malicious
www.bizziniinfissi.com 74.220.215.73
malicious
www.holzbock.biz 136.243.13.215
malicious
www.fliptray.biz 46.30.45.85
malicious
www.pizcam.com 192.185.159.253
malicious
www.swisswellness.com 83.138.82.107
malicious
www.hotelweisshorn.com 212.59.186.61
malicious
www.whitepod.com 83.166.138.7
malicious
www.hardrockhoteldavos.com 69.16.175.10
69.16.175.42
malicious
www.belvedere-locarno.com 104.24.23.22
104.24.22.22
malicious
www.hotelfarinet.com 80.244.187.247
malicious
www.hrk-ramoz.com 217.26.53.37
malicious
www.morcote-residenza.com 212.59.186.61
malicious
www.seitensprungzimmer24.com 136.243.162.140
malicious
seitensprungzimmer24.com 136.243.162.140
malicious
www.arbezie-hotel.com 213.186.33.5
malicious
www.arbezie.com 213.186.33.50
suspicious
www.aubergemontblanc.com 217.26.55.5
malicious
www.torhotel.com 93.88.241.198
malicious
www.alpenlodge.com 83.137.114.198
malicious
www.aparthotelzurich.com 79.170.40.230
malicious
www.aparthotelzurich.ch 199.34.228.59
malicious
www.bnbdelacolline.com 199.34.228.70
malicious
www.elite-hotel.com 80.74.144.93
malicious
elite-hotel.com 80.74.144.93
malicious
www.bristol-adelboden.com 213.186.33.17
malicious
www.nationalzermatt.com 94.126.23.52
malicious
www.hotelnationalzermatt.ch 94.126.23.52
malicious
www.nationalzermatt.ch 94.126.23.52
malicious
nationalzermatt.ch 94.126.23.52
malicious
www.waageglarus.com 18.202.150.104
176.34.137.244
34.242.55.239
34.255.239.119
malicious
www.limmathof.com 192.185.85.119
malicious
www.apartmenthaus.com 217.26.60.27
malicious
www.berginsel.com 80.74.145.65
malicious
www.chambre-d-hote-chez-fleury.com 54.72.52.102
52.31.170.172
malicious
www.hotel-blumental.com 54.72.52.102
52.31.170.172
malicious
www.facebook.com 185.60.216.35
whitelisted
www.la-fontaine.com 173.212.202.129
malicious
www.mountainhostel.com 52.31.170.172
54.72.52.102
malicious
www.hotelalbanareal.com 185.199.108.153
185.199.110.153
185.199.109.153
185.199.111.153
malicious
www.luganohoteladmiral.com 185.81.1.20
malicious
www.geneva.frasershospitality.com No response unknown
www.bellevuewiesen.com 104.31.72.20
104.31.73.20
malicious
bellevuewiesen.com 104.31.72.20
104.31.73.20
malicious
www.hoteltruite.com 213.186.33.4
malicious
www.hotelgarni-battello.com 185.51.191.29
malicious
www.seminarhotel.com 149.126.4.15
malicious
www.kroneregensberg.com 80.74.149.162
malicious
www.puurehuus.com 217.26.54.189
malicious
www.hotel-zermatt.com 52.17.9.185
malicious
www.stchristophesa.com 185.62.170.1
malicious
www.nh-hotels.com 104.108.56.45
whitelisted
www.schwendelberg.com 80.74.155.10
malicious
www.stalden.com 194.246.118.10
malicious
www.vignobledore.com 213.129.84.57
malicious
www.eyholz.com 217.26.61.109
malicious
www.flemings-hotel.com 153.92.202.124
malicious
www.flemings-hotels.com 153.92.202.124
malicious
www.hiexgeneva.com 81.23.73.70
malicious
www.petit-paradis.com 195.141.45.95
malicious
www.berghaus-toni.com 185.92.220.44
malicious
www.hotelglanis.com 193.246.38.196
malicious
www.16eme.com 213.186.33.16
malicious
16eme.com 213.186.33.16
malicious
www.staubbach.com 81.169.242.208
malicious
www.samnaunerhof.com 89.107.184.10
malicious
www.airporthotelbasel.com 217.26.54.21
malicious
www.elite-biel.com 94.126.23.52
malicious
www.aubergecouronne.com 188.165.51.93
malicious
www.le-saint-hubert.com 80.74.153.84
malicious
www.bonmont.com 193.246.63.157
malicious
www.cm-lodge.com 149.126.4.89
malicious
www.experimentalchalet.com 54.194.135.189
34.252.209.207
52.208.97.27
malicious
www.guardagolf.com 83.166.138.8
malicious
guardagolf.com 83.166.138.8
malicious
www.hotelchery.com 5.144.168.210
malicious
www.ibis.com 194.51.187.23
193.200.231.5
malicious
ibis.accorhotels.com 152.195.39.57
unknown
www.mercure.com 193.200.231.4
194.51.187.22
malicious
mercure.accorhotels.com 152.195.39.57
unknown
www.hotelolden.com 195.201.207.213
malicious
www.huusgstaad.com 46.32.228.22
malicious
www.hotelrotonde.com 188.165.40.130
malicious
www.relais-crosets.com 185.58.214.103
185.58.214.101
185.58.214.105
185.58.214.104
185.58.214.100
185.58.214.102
malicious
www.lerichemond.com 83.166.148.69
malicious
www.hotellido-lugano.com 104.24.23.22
104.24.22.22
malicious
www.alimentarium.org 45.60.177.25
malicious
www.vitatertia.org 80.74.149.78
malicious
www.lassalle-haus.org 149.126.4.66
malicious
www.dermann.org 52.31.170.172
54.72.52.102
malicious
www.neuhof.org 178.209.55.26
malicious
www.osteriadelcentro.net 18.202.150.104
176.34.137.244
34.242.55.239
34.255.239.119
malicious
www.cantinesurcoux.net 128.65.195.143
malicious
www.lacommune.net 145.239.37.26
malicious
www.hoteldreirosen.net 80.74.138.109
malicious
www.disch.mehrmarken.net 62.2.99.251
malicious
auto-dealer.com 62.2.99.251
malicious
www.gemperle.net 88.198.6.106
malicious
www.garage-schwyn.mehrmarken.net 62.2.99.251
malicious
www.ueberland-garage.mehrmarken.net 62.2.99.251
malicious
www.calisto.net 193.246.38.196
malicious
www.r-coiffure.net 185.230.60.186
malicious
www.kreatifs.net 18.202.150.104
176.34.137.244
34.242.55.239
34.255.239.119
malicious
www.nett-coiffure.ch 80.74.155.80
malicious
www.salon-coiffure-geneve.net 94.247.24.38
malicious
www.farbecht.net 149.126.4.83
malicious
www.haaratelier.net 80.74.142.130
malicious
www.von-arx.net 52.2.192.9
malicious
www.celi-vegas-avocats.net 149.202.81.123
malicious

Threats

No threats detected.

Debug output strings

No debug info.