Windows Analysis Report
http://xm.b82mx.switchon.pk./#.aHR0cHM6Ly9sb2dpbi1taWNyb3NvZnRvbmxpbmUtY29tLmh1Z3Voc2luZ3MuY29tLz91c2VybmFtZT1haGFuc3NvbkBxaWEucWE=

Overview

General Information

Sample URL:	http://xm.b82mx.switchon.pk./#.aHR0cHM6Ly9sb2dpbi1taWNyb3NvZnRvbmxpbmUtY29tLmh1Z3Voc2luZ3MuY29tLz91c2VybmFtZT1haGFuc3NvbkBxaWEucWE=
Analysis ID:	652378

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for domain / URL

Classification

Signatures

AV Detection

Multi AV Scanner detection for domain / URL

Source: login-microsoftonline-com.huguhsings.com

Virustotal: Detection: 5%

Perma Link

Source: chrome.exe

Memory has grown: Private usage: 1MB later: 28MB

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1Host: xm.b82mx.switchon.pk.Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: accounts.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51504
Source: unknown	Network traffic detected: HTTP traffic on port 51931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51931
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50680
Source: unknown	Network traffic detected: HTTP traffic on port 58201 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51504 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55152 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53006
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58201
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55152
Source: unknown	Network traffic detected: HTTP traffic on port 53006 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50680 -> 443

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.131
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.131
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.131
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.181.227
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.181.227
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.181.227
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.181.227
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.181.227
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.131
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.131
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.131
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.131
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.181.227
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.181.227
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.181.227
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.131
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.131
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.131
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.181.227
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.181.227
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.181.227
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.181.227
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.181.227
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.181.227
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.181.227
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.181.227
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.181.227
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.181.227
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.181.227
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.181.227
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.181.227
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.181.227
Source: unknown	TCP traffic detected without corresponding DNS query: 216.58.212.138
Source: unknown	TCP traffic detected without corresponding DNS query: 216.58.212.138
Source: unknown	TCP traffic detected without corresponding DNS query: 216.58.212.138
Source: unknown	TCP traffic detected without corresponding DNS query: 216.58.212.138
Source: unknown	TCP traffic detected without corresponding DNS query: 216.58.212.138
Source: unknown	TCP traffic detected without corresponding DNS query: 216.58.212.138
Source: unknown	TCP traffic detected without corresponding DNS query: 216.58.212.138
Source: unknown	TCP traffic detected without corresponding DNS query: 216.58.212.138
Source: unknown	TCP traffic detected without corresponding DNS query: 216.58.212.138
Source: unknown	TCP traffic detected without corresponding DNS query: 216.58.212.138
Source: unknown	TCP traffic detected without corresponding DNS query: 216.58.212.138
Source: unknown	TCP traffic detected without corresponding DNS query: 216.58.212.138
Source: unknown	TCP traffic detected without corresponding DNS query: 216.58.212.138
Source: unknown	TCP traffic detected without corresponding DNS query: 216.58.212.138

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\alfredo\AppData\Local\Temp\a0cc4d00-4a14-40d9-a38f-f962074026c6.tmp

Source: classification engine

Classification label: mal48.win@27/69@4/117

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation --single-argument http://xm.b82mx.switchon.pk./#.aHR0cHM6Ly9sb2dpbi1taWNyb3NvZnRvbmxpbmUtY29tLmh1Z3Voc2luZ3MuY29tLz91c2VybmFtZT1haGFuc3NvbkBxaWEucWE=
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1680,17312869768865709007,5265568345248204262,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1680,17312869768865709007,5265568345248204262,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-62B886FB-1E18.pma

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
216.58.212.138	unknown	United States	15169	GOOGLEUS	false
173.249.15.152	xm.b82mx.switchon.pk	Germany	51167	CONTABODE	false
142.250.181.238	unknown	United States	15169	GOOGLEUS	false
142.250.181.227	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.142	clients.l.google.com	United States	15169	GOOGLEUS	false
142.250.186.131	unknown	United States	15169	GOOGLEUS	false
142.250.184.237	accounts.google.com	United States	15169	GOOGLEUS	false
173.194.10.104	unknown	United States	15169	GOOGLEUS	false
172.217.16.131	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.1
127.0.0.1

Contacted Domains

Name	IP	Active
accounts.google.com	142.250.184.237	true
clients.l.google.com	142.250.185.142	true
xm.b82mx.switchon.pk	173.249.15.152	true
clients2.google.com	unknown	unknown
login-microsoftonline-com.huguhsings.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://xm.b82mx.switchon.pk./	false	Avira URL Cloud: safe	unknown

ID:	652378
Product:	CloudBasic
Start time:	09:18:29
Start date:	26.06.2022
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\0f7be02d-d584-4971-8cbc-164c60dba589.tmp	ASCII text, with very long lines, with no line terminators	56EE7010478D18759713F59E1FD7B040	62E6771EF9111A6AD02845F98F2CA570D01CBCC8	3A472D306C2099405F1FAC0C5C64A29C18F68A1A57BE11B03B50433DF8A0053B
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\5016e7fb-f46f-499e-a0e7-abddddd6c9b8.tmp	ASCII text, with very long lines, with no line terminators	3099F398536F50F3D4A3ABB3BDA10291	33C8FC8D1EDA408C15368F97A8C561AEFAAD062B	6A9A9B180C20C90C82D7BCC6D1A76DA47C3EEC07477137E869D997FBB3886FFB
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat	data	FA7200D6F80CD1757911C45559E59C0E	89C6E99BAEC4EBB3E9A97B928FB473D1498EBA88	D9779EA4D6DD544A23C2A1C53146B6A4E596927F47DFA0680B0A7EE751D43BB2
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\0ef28f1c-1ea3-4467-8b3b-e2309fc8bc13.tmp	ASCII text, with very long lines, with no line terminators	3A936E78D5FF1811C5881D52FEE5DB31	38CB7D18996D78103EB6892762FD349D537D4AF9	C8961FA6B14AAA76C35695BB31176E608A51ED123562B78CC03FAE7B03D50B28
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\41d458f1-bda2-4b34-8b66-aa1385b00e2f.tmp	MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel	1B40AC9ABB964672109D49ABFCFE2717	966E224F2887075825D42D2E7E0063BFAA81A99C	503149B1B47F8296DEDB800251DBD9AF614856F0D7E6AB1C03DBC90EBCE53674
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\6afc5c92-7c1b-42d0-824b-09fc68969c79.tmp	ASCII text, with very long lines, with no line terminators	BE212DACD3830B5565D5F26B1E341D02	DA49E2C35DC44F5C9415E9D976879FAB3B0D4BDB	3F72C4A6E6746010B47E8218EFF834C1B55818A5A9E06BEF51D4E58417BE6251
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_1\_metadata\computed_hashes.json	ASCII text, with very long lines, with no line terminators	2E2110A99AD3AE9721A458C95C64C868	72AE17599EDC0B2DC61C41D946E3E296864F2CBA	BB46BA705D5F6F43F66B07EA5DA4CC7CC0BF8FE635CCC4EBBA30A5D4A54158DE
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico (copy)	MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel	1B40AC9ABB964672109D49ABFCFE2717	966E224F2887075825D42D2E7E0063BFAA81A99C	503149B1B47F8296DEDB800251DBD9AF614856F0D7E6AB1C03DBC90EBCE53674
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache	data	8DDEBAC3D907A93E4583E075830DAE50	7EEEE2429CEC4ED921C5C2467292AF2317275EBE	BB5F7EABE5D73F3B22564DC538A8B6D9F9554C170EF0FE072C485D5CA7DE07E3
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)	ASCII text, with very long lines, with no line terminators	1D151ACE8A9930DA4244B9F9B1725566	BF26574653C456A70FA801FF046A6C9745BA708A	ECEA19D852AD79CAEA18C5EF00414F3262559071252FB2A02E68FABFFBFF048C
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)	UTF-8 Unicode text, with very long lines, with no line terminators	E74CC21CADA4D34DA891E1A68E5D3337	952DCDDFBEFBD461ECF15D7D3202B3B8E7B24690	9BC3120FCFD1DB883301E09FDB6AD1CC02E784987DCFE41AEA52A8FB2E183056
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\a5832108-1ef2-45fd-a394-0a896cf1e40a.tmp	very short file (no magic)	5058F1AF8388633F609CADB75A75DC9D	3A52CE780950D4D969792A2559CD519D7EE8C727	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\aba395b1-e8ce-46f0-b6f0-4267b3d6ddb8.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	18B54B34EBC9801F0CFE16A2F4F637AF	A2426D3B07B0CB1741BD6AE389317D7305E7D680	67128C21EED866D15B72D57044ED0E0C4B2D1EF876029020A1D00E259485E9F3
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\b433661d-f17d-4d6b-977d-d5700aedf98f.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	E74CC21CADA4D34DA891E1A68E5D3337	952DCDDFBEFBD461ECF15D7D3202B3B8E7B24690	9BC3120FCFD1DB883301E09FDB6AD1CC02E784987DCFE41AEA52A8FB2E183056
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\c1aa3767-822d-4f57-a499-20f516fd28ce.tmp	ASCII text, with very long lines, with no line terminators	1D151ACE8A9930DA4244B9F9B1725566	BF26574653C456A70FA801FF046A6C9745BA708A	ECEA19D852AD79CAEA18C5EF00414F3262559071252FB2A02E68FABFFBFF048C
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000006.dbtmp	ASCII text	AEFD77F47FB84FAE5EA194496B44C67A	DCFBB6A5B8D05662C4858664F81693BB7F803B82	4166BF17B2DA789B0D0CC5C74203041D98005F5D4EF88C27E8281E00148CD611
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Default\fd6d6910-7834-4e5e-b361-aad7572e463c.tmp	ASCII text, with very long lines, with no line terminators	95325DFB44E506D08132E920FF4A06DC	BD21B0E1849D0F8DC1D2C57EE5BE7F5002FC5844	ABD106908C5B637AE9973336238DC9E6253B3120DFFEC90CA82F14325F4B7590
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Last Browser	data	DE9EF0C5BCC012A3A1131988DEE272D8	FA9CCBDC969AC9E1474FCE773234B28D50951CD8	3615498FBEF408A96BF30E01C318DAC2D5451B054998119080E7FAAC5995F590
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Last Version	ASCII text, with no line terminators	3A0E5D4F452CF99191634D0FFAB744A0	F115BBB898EEFF640D8D19AD44A86C3FCDFFC0AD	B9D528D3AE283039F4700C7E4E790744C58A26353A91B536DD91CBA4F648A35F
C:\Users\alfredo\AppData\Local\Google\Chrome\User Data\Local State (copy)	ASCII text, with very long lines, with no line terminators	56EE7010478D18759713F59E1FD7B040	62E6771EF9111A6AD02845F98F2CA570D01CBCC8	3A472D306C2099405F1FAC0C5C64A29C18F68A1A57BE11B03B50433DF8A0053B
C:\Users\alfredo\AppData\Local\Temp\7704_738841671\_platform_specific\x86_64\pnacl_public_pnacl_json	ASCII text	35D5F285F255682477F4C50E93299146	FB58813C4D785412F05962CD379434669DE79C2B	5424C7B084EC4C8BA0A9C69683E5EE88C325BA28564112CC941CD22E392D8433
C:\Users\alfredo\AppData\Local\Temp\7704_738841671\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_for_eh_o	ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped	604FF8F351A88E7A1DBD7C836378AE86	9D8D89AE9F13D6306E619A4EAAD51EDE91A5F9F3	947E64BE43E821562CE894F1AFCC3D09CD7FF614C107FC94250CD3EA5C943302
C:\Users\alfredo\AppData\Local\Temp\7704_738841671\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_o	ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped	88C08CD63DE9EA244F70BFC53BBCADF6	8F38A113A66B18BAA02E2C995099CF1145A29DAA	127F903CC986466AA5A13C17DFDD37AC99762F81A794180339069F48986BC7A3
C:\Users\alfredo\AppData\Local\Temp\7704_738841671\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_a	current ar archive	4E8BEDA73EB7BD99528BF62B7835A3FA	DC0F263A7B2A649D11FF7B56FE9CFAC44F946036	6B835FD48DF505EB336FF6518CE7B93BB0ED854DADAA5C1EEED48D420291F62C
C:\Users\alfredo\AppData\Local\Temp\7704_738841671\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_dummy_a	current ar archive	F950F89D06C45E63CE9862BE59E937C9	9CFAD34139CC428CE0C07A869C15B71A9632365D	945B1C8A1666CBF05E8B8941B70D9D044BAAFB59B006F728F8995072DE7C4C40
C:\Users\alfredo\AppData\Local\Temp\7704_738841671\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_sz_nexe	ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=4b15de4ab227d5e46213978b8518d53c53ce1db9, stripped	9DC3172630E525854B232FF71499D77C	0082C58EDCE3769E90DB48E7C26090CE706AD434	6AA1DA6C264E0AF4E32A004F4076C7557C6AC6D9C38B0C5DE97302D83FA248C3
C:\Users\alfredo\AppData\Local\Temp\905aeff9-e6c0-434e-b123-93d1b46da840.tmp	Google Chrome extension, version 3	541F52E24FE1EF9F8E12377A6CCAE0C0	189898BB2DCAE7D5A6057BC2D98B8B450AFAEBB6	81E3A4D43A73699E1B7781723F56B8717175C536685C5450122B30789464AD82
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\bg\messages.json	ASCII text, with very long lines	D7A97183BCBD5FB677AA84D464F0C564	CDBB279B864E2C0A51E0892B8714131802586506	76EFAD74EB8256B942727C42261147EB9CCA48DA284DB3CDCE5DC6A3B4346F02
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\ca\messages.json	ASCII text, with very long lines	58BA5F65ED971591D1F9D81848EE31D0	BDA3C8B74653334FC8F060CAFBCEA58DF0113AB7	CDD91587F5AF2C865776B36A5E9A07B10D21B9D911DE0B814B7A1E94B14AE885
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\cs\messages.json	ASCII text, with very long lines	43161EFFA28A0DBFC67B8F7DBE1B5184	FE0A9235A59B51B7F564F14FF564344927F035B8	3A04421DF5218E8ABD3B0E2AFE11E8338D7BDCBCD1ADB122416944B102BC9696
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\da\messages.json	ASCII text, with very long lines	31264DDBF251A95DE82D0A67FA47DB3A	3A48DC7AF26A153594C7849E1D92AAC31296459B	EDB51898A6C73D0090D6916B7B72EBAC71E964EABB5BA7CD68E21966024F0D23
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\de\messages.json	ASCII text, with very long lines	7639B300B40DDAF95318D2177D3265F9	BF9EFDF073231CB3FCFCA5CCCA25B079ECFC45BD	356A9D4ADFEC484DA824E7A72059B724B1686FC90082F4A4B667630436D593B0
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\el\messages.json	ASCII text, with very long lines	3026E922B17DBEE2674FDAEE960DF584	76602B1E3449F1B67DE42FD31A581B0821BFEFF0	876845B5A061FAB3CF2A1466E01015DC40DF8449F1CB4205F575CEBED8717BAD
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\en\messages.json	ASCII text, with very long lines	DBEDF86FA9AFB3A23DBB126674F166D2	5628AFFBCF6F897B9D7FD9C17DEB9AA75036F1CC	C0945DD5FDECAB40C45361BEC068D1996E6AE01196DCE524266D740808F753FE
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\es\messages.json	ASCII text, with very long lines	3F4B0F56C2839839FC3E3270ED4CB7B6	0D74EA655EAE3990E95BD26F6E1467EDF3EB3478	1912EA5E0A62BBC669DC14AB5A5BD5514B0502C483EE1F27C3F8834384187079
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\es_419\messages.json	ASCII text, with very long lines	1FD5DAF46C4D7C4F571C263EC37B943B	A57EE5EF6861F88005C2230EA3D633A1B4CA105A	BCC2CF06F66E9E3BB4B7887D0EE0AE4A72A6C49F4B2A578A7733B78208984417
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\et\messages.json	ASCII text, with very long lines	0293A7BAE6EEE62C4067A80E262D6A2D	E76B07BD49FFBBFB6841B7335CBE7A9620714402	D06F20D4D68D1DBB89EF7D8E405D9499CB2EB2560217CD5B4A51AB1DD50CAB44
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\fi\messages.json	ASCII text, with very long lines	E5BBE7DBBE75F45BDCD49DB8C797106E	0F069D7D19768180945F0D8B67DC71262FD586A2	BFFB2248B4C66306133FA6ECBB1541F44B3BE22CC8D9A338D690E0B1D0C85532
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\fil\messages.json	ASCII text, with very long lines	658DAD2AF2DC3AC1567D84E8B95F68B0	EE1121215960EC5ED5F7B6BDB8E4680731EBF83D	978BA6D814CF290016833BBAC22DC7C05C2C575B1D6429B9BB14F8C2156BCF29
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\fr\messages.json	ASCII text, with very long lines	1E32A78526E3AC8108E73D384F17450B	BFE2E47D888BA530A27DD1BDE25C46433C2A545C	80F6EE69F1E022812BCCC1DE1CDC53772CDF90F4E93224161B23FA607D45136A
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\hi\messages.json	ASCII text, with very long lines	B739E3B798D3EEB8AFB3E368455A8E97	56E206DD0AC7EB7B179911BE3F7DD78059CBD4F3	BA7A53A1398168719F2ACD58CC5FE06AB0B769ECA896D70E7208B18085B42FFA
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\hr\messages.json	ASCII text, with very long lines	9CF848209FF50DBF68F5292B3421831C	D29880B7B15102469123D8747BF645706CE8595B	EA1744C3CFBAA684A31A00067E8493ED114EFF3E878C797C9C55A7B122D855CD
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\hu\messages.json	ASCII text, with very long lines	4AD92AFDE3408FBBE43B0C3C71677650	3488901077F336A3196F9AE116E36DF1674E1ACA	61258FE04C23AE14FDC99EE846CEA71CC703990CC0F80C3934299646E86C475E
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\id\messages.json	ASCII text, with very long lines	9008516AA1D8F8C2B8ECE70B7E4963AD	EA7AD4BE77A80A4B9FB1E59A340010830E494747	89CAB0AF2B53C6ABEB93C8C628DDCBDD286A7A2672FE03440411BB654E3A0675
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\it\messages.json	ASCII text, with very long lines	BB9C32BA62DDA02F9471C64B5F9CF916	9825037D5D9185C58456CDD887C77B10A41D8C84	43A0B113D3773BA78F82BB9E42DDC46F6892D0FBBB351F94A7C105E4A146E9C1
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\ja\messages.json	ASCII text, with very long lines	96C8CBD161D3CE9CB1A46CB2CD0C6583	78BBFCF035B5B620E353C8E520653ADD3F4E7DB8	81D8F1D9F72B3139BC5D9845BCF82990308FB6175D07514D8238B1E6D5D02E8A
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\ko\messages.json	ASCII text, with very long lines	3CAF23A8EA2332D78B725B6C99EC3202	95C3504F55A929449EF2E3AB92014562AACD39AD	BFE72BBC492B9018A599CB6575366696E431E6A38400E4B2ED06EAE3340D3AE5
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\lt\messages.json	ASCII text, with very long lines	41F2D63952202E528DBBB683B480F99C	9DD998542DBE6609299D4A5A25364A32FA7D7865	FF7C083CD1E6134DD8263C634336EB852274BAD1BFAD18762814C42BC65309D8
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\lv\messages.json	ASCII text, with very long lines	1D21ED2D46338636E24401F6E56E326F	24497EDB25724BC4A57823C5CD06F50DB9647DD4	434A375C32B8A21C435511C551F740FD4D170EC528A8F4EFC3D798EA4A07B606
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\nb\messages.json	ASCII text, with very long lines	8F0168B9A546D5A99FD8A262C975C80E	B0718071BD0B7251D4459E9C87DF50C14622FBD6	F03FA7384DF79EBA6E0274D570996030F595A3BF6B781929DD9DB6593262E41F
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\nl\messages.json	ASCII text, with very long lines	E7F74DCE7B6411E4E0D95E9252CF74FA	33CC6C73C5F8D0144C0260C2E5A9BD0DB3EF6477	3564AEF46C01602B19CC29FD8A79676C543427EDE98206D0C91B33AF0CCF3977
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\pl\messages.json	ASCII text, with very long lines	E16649D87E4CA6462192CF78EBE543EC	53097D592B13F3C1370366B25024EA72208B136A	EB435F7460A63576CA1ECB51948E7A3AD5168D2F175AE2B5836D469672923D84
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\pt_BR\messages.json	ASCII text, with very long lines	1F4BC8A5EFD59D61127ABEECD4B6CAE3	8647B4D2D643AE4F784ABDDC50D87A39AD02971A	E1950CBBF056F068EA56160DDB318F3E6232BFBBE096D221C7CA6FCAACE2A8B9
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\pt_PT\messages.json	ASCII text, with very long lines	D80ECE7E4B3741CD9CD29B89D006B864	8F0D587B78E36861ED00524ABF886FA20E14CAE4	C8FF9ACAEA1D3B6F8483339CB40F66BC563CCA8DD87F2337F813C492B20F451B
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\ro\messages.json	ASCII text, with very long lines	D63E66B94A4EA2085D80E76209582FB1	4ECAC3EB64DD6253310A0776E6D42257FC290D77	91A5AAD210C3E0241106E8821B3897EDEFEC9D85033C94DB2324FF3A5FDE5AC7
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\ru\messages.json	UTF-8 Unicode text, with CRLF line terminators	DB2EDF1465946C06BD95C71A1E13AE64	FB4F3ECE9ECECEBBC6CA2A592A15FB9C1FDFB811	FBAF22CE6E16DE174CED8CB5EA3098CCA1C3426A2111FF33BD3E64DA64ED67AB
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\sk\messages.json	UTF-8 Unicode text, with CRLF line terminators	8DF215D1EFBDABB175CCDD68ED8DCB0A	2B374462137A38589A73FDD00A84CBDC7E50F9F4	7FA16AF97E6CFC52EC6008EB679D3F30E7E0C24F9EF2D18A9228EAF4DED9D63B
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\sl\messages.json	UTF-8 Unicode text, with CRLF line terminators	3943FA2A647AECEDFD685408B27139EE	0129DD19D28373359530B3B477FE8A9279DABB7D	18AFF072EE0DF7C3495045435C752A805606E6D5D462EF2321C443F1773F4B3A
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\sr\messages.json	UTF-8 Unicode text, with CRLF line terminators	D485DF17F085B6A37125694F85646FD0	24D51D8642CDC6EFD5D8D7A4430232D8CDE25108	7FFDE34C58E7C376C042DE64DEF6481DAE32BE8B70F0B18EDF536290CBE0C818
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\sv\messages.json	UTF-8 Unicode text, with CRLF line terminators	D372B8204EB743E16F45C7CBD3CAAF37	C96C57219D292B01016B37DCF82E7C79AD0DD1E8	B8BA77E0089B0676545EC16D32468B727812B444F90B33A7A5B748E6C36C4388
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\th\messages.json	UTF-8 Unicode text, with CRLF line terminators	83E2D1E97791A4B2C5C69926EFB629C9	429600425CB0F196DDD717F940E94DBD8BFF2837	2FECA577F43D97BAEEA464741D585892103585208FD0A935B810A03BDCE83C88
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\tr\messages.json	UTF-8 Unicode text, with CRLF line terminators	2CEAE0567B6BB1D240BBAD690A98CA3B	5944346FBD4A0797B13223895995CAB58E9ECD23	A7CB86F30C9C31FE5540282C308BA96ADB4EC16EF98C87129EB88105E5BEF5FC
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\uk\messages.json	UTF-8 Unicode text, with CRLF line terminators	AB0B56120E6B38C42CC3612BE948EF50	8B3F520E5713D9F116D68E71DAEED1F6E8D74629	68ABA284751EB9C856032062EF9B1651E2A1E5CE5FDA0977FFC97D63BA7BED9E
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\vi\messages.json	UTF-8 Unicode text, with CRLF line terminators	7EBB677FEAD8557D3676505225A7249A	F161B4B6001AEAEAB246FF8987F4D992B48D47BE	051F96ED874C11C4A13589B5F68964E4F5B03B52DDA223D56524F2CA23760C04
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\zh_CN\messages.json	UTF-8 Unicode text, with CRLF line terminators	BB73BF561BB79F89D9BF7C67C5AE5C65	2FADD3A1959B29C44830033A35C637D0311A8C9C	D804F2A040D21D7511EFD5213D8E1721D64964A1A0DBB48E21622CEEDC9D967E
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\_locales\zh_TW\messages.json	UTF-8 Unicode text, with CRLF line terminators	5FF50C673CC0C661D615F0CFD0E6DCA0	60DFF98DEAB9C4746B288BDD9C94B3BCAE5EAA85	C6F8C640F3353A7B9B1432A0C139C1AEEC40133800E6C9B467B63991AD660308
C:\Users\alfredo\AppData\Local\Temp\scoped_dir7704_1451311960\CRX_INSTALL\manifest.json	ASCII text	6CA25F3EF585B63F01BCDF8635120704	00C063811E31EA5F9A00F175A71EA25E7821F621	49D9DE983F7436BA786E6E04A5A20C10F41687AE06B266B1B6553F696719563D
C:\Users\alfredo\AppData\Roaming\Microsoft\Spelling\en-US\default.dic	Little-endian UTF-16 Unicode text, with no line terminators	F3B25701FE362EC84616A93A45CE9998	D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB	B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209

Windows Analysis Report
http://xm.b82mx.switchon.pk./#.aHR0cHM6Ly9sb2dpbi1taWNyb3NvZnRvbmxpbmUtY29tLmh1Z3Voc2luZ3MuY29tLz91c2VybmFtZT1haGFuc3NvbkBxaWEucWE=

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Software Vulnerabilities

Networking

System Summary

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report http://xm.b82mx.switchon.pk./#.aHR0cHM6Ly9sb2dpbi1taWNyb3NvZnRvbmxpbmUtY29tLmh1Z3Voc2luZ3MuY29tLz91c2VybmFtZT1haGFuc3NvbkBxaWEucWE=

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Software Vulnerabilities

Networking

System Summary

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
http://xm.b82mx.switchon.pk./#.aHR0cHM6Ly9sb2dpbi1taWNyb3NvZnRvbmxpbmUtY29tLmh1Z3Voc2luZ3MuY29tLz91c2VybmFtZT1haGFuc3NvbkBxaWEucWE=