Malware Analysis Report

2025-01-18 09:17

Sample ID 230808-nl85mscb72
Target 9596390fa3510502294f557f423d576f09e965d5e8eb21ad1878a8f4cbaad1ef
SHA256 9596390fa3510502294f557f423d576f09e965d5e8eb21ad1878a8f4cbaad1ef
Tags
redline logsdiller cloud (tg: @logsdillabot) evasion infostealer spyware stealer themida
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9596390fa3510502294f557f423d576f09e965d5e8eb21ad1878a8f4cbaad1ef

Threat Level: Known bad

The file 9596390fa3510502294f557f423d576f09e965d5e8eb21ad1878a8f4cbaad1ef was found to be: Known bad.

Malicious Activity Summary

redline logsdiller cloud (tg: @logsdillabot) evasion infostealer spyware stealer themida

RedLine

Suspicious use of NtCreateUserProcessOtherParentProcess

Downloads MZ/PE file

Drops file in Drivers directory

Stops running service(s)

Executes dropped EXE

Reads user/profile data of web browsers

Themida packer

Looks up external IP address via web service

Legitimate hosting services abused for malware hosting/C2

Accesses cryptocurrency files/wallets, possible credential harvesting

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in System32 directory

Suspicious use of SetThreadContext

Launches sc.exe

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

Program crash

Suspicious behavior: EnumeratesProcesses

Creates scheduled task(s)

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: LoadsDriver

Modifies data under HKEY_USERS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-08-08 11:30

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-08-08 11:30

Reported

2023-08-08 11:32

Platform

win10-20230703-en

Max time kernel

111s

Max time network

137s

Command Line

C:\Windows\Explorer.EXE

Signatures

RedLine

infostealer redline

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\System32\drivers\etc\hosts C:\Windows\Temp\setup.exe N/A
File created C:\Windows\System32\drivers\etc\hosts C:\Program Files\Google\Chrome\updater.exe N/A

Stops running service(s)

evasion

Reads user/profile data of web browsers

spyware stealer

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cc.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 3480 set thread context of 4944 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2316 set thread context of 1944 N/A C:\Program Files\Google\Chrome\updater.exe C:\Windows\System32\conhost.exe
PID 2316 set thread context of 3088 N/A C:\Program Files\Google\Chrome\updater.exe C:\Windows\explorer.exe

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Google\Chrome\updater.exe C:\Windows\Temp\setup.exe N/A
File created C:\Program Files\Google\Libs\WR64.sys C:\Program Files\Google\Chrome\updater.exe N/A

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\cli.exe

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\9596390fa3510502294f557f423d576f09e965d5e8eb21ad1878a8f4cbaad1ef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9596390fa3510502294f557f423d576f09e965d5e8eb21ad1878a8f4cbaad1ef.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9596390fa3510502294f557f423d576f09e965d5e8eb21ad1878a8f4cbaad1ef.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9596390fa3510502294f557f423d576f09e965d5e8eb21ad1878a8f4cbaad1ef.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 33 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 34 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 35 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 36 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\powercfg.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\powercfg.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\powercfg.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\powercfg.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\cc.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\powercfg.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\powercfg.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\powercfg.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\powercfg.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4804 wrote to memory of 2180 N/A C:\Users\Admin\AppData\Local\Temp\9596390fa3510502294f557f423d576f09e965d5e8eb21ad1878a8f4cbaad1ef.exe C:\Users\Admin\AppData\Local\Temp\mi.exe
PID 4804 wrote to memory of 2180 N/A C:\Users\Admin\AppData\Local\Temp\9596390fa3510502294f557f423d576f09e965d5e8eb21ad1878a8f4cbaad1ef.exe C:\Users\Admin\AppData\Local\Temp\mi.exe
PID 4804 wrote to memory of 2180 N/A C:\Users\Admin\AppData\Local\Temp\9596390fa3510502294f557f423d576f09e965d5e8eb21ad1878a8f4cbaad1ef.exe C:\Users\Admin\AppData\Local\Temp\mi.exe
PID 4804 wrote to memory of 3480 N/A C:\Users\Admin\AppData\Local\Temp\9596390fa3510502294f557f423d576f09e965d5e8eb21ad1878a8f4cbaad1ef.exe C:\Users\Admin\AppData\Local\Temp\cli.exe
PID 4804 wrote to memory of 3480 N/A C:\Users\Admin\AppData\Local\Temp\9596390fa3510502294f557f423d576f09e965d5e8eb21ad1878a8f4cbaad1ef.exe C:\Users\Admin\AppData\Local\Temp\cli.exe
PID 4804 wrote to memory of 3480 N/A C:\Users\Admin\AppData\Local\Temp\9596390fa3510502294f557f423d576f09e965d5e8eb21ad1878a8f4cbaad1ef.exe C:\Users\Admin\AppData\Local\Temp\cli.exe
PID 2180 wrote to memory of 5092 N/A C:\Users\Admin\AppData\Local\Temp\mi.exe C:\Windows\Temp\setup.exe
PID 2180 wrote to memory of 5092 N/A C:\Users\Admin\AppData\Local\Temp\mi.exe C:\Windows\Temp\setup.exe
PID 4804 wrote to memory of 428 N/A C:\Users\Admin\AppData\Local\Temp\9596390fa3510502294f557f423d576f09e965d5e8eb21ad1878a8f4cbaad1ef.exe C:\Users\Admin\AppData\Local\Temp\cc.exe
PID 4804 wrote to memory of 428 N/A C:\Users\Admin\AppData\Local\Temp\9596390fa3510502294f557f423d576f09e965d5e8eb21ad1878a8f4cbaad1ef.exe C:\Users\Admin\AppData\Local\Temp\cc.exe
PID 4804 wrote to memory of 428 N/A C:\Users\Admin\AppData\Local\Temp\9596390fa3510502294f557f423d576f09e965d5e8eb21ad1878a8f4cbaad1ef.exe C:\Users\Admin\AppData\Local\Temp\cc.exe
PID 428 wrote to memory of 1928 N/A C:\Users\Admin\AppData\Local\Temp\cc.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 1928 N/A C:\Users\Admin\AppData\Local\Temp\cc.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1928 wrote to memory of 4344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1928 wrote to memory of 4344 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1928 wrote to memory of 4308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1928 wrote to memory of 4308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1928 wrote to memory of 4308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1928 wrote to memory of 4308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1928 wrote to memory of 4308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1928 wrote to memory of 4308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1928 wrote to memory of 4308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1928 wrote to memory of 4308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1928 wrote to memory of 4308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1928 wrote to memory of 4308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1928 wrote to memory of 4308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1928 wrote to memory of 4308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1928 wrote to memory of 4308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1928 wrote to memory of 4308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1928 wrote to memory of 4308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1928 wrote to memory of 4308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1928 wrote to memory of 4308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1928 wrote to memory of 4308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1928 wrote to memory of 4308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1928 wrote to memory of 4308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1928 wrote to memory of 4308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1928 wrote to memory of 4308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1928 wrote to memory of 4308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1928 wrote to memory of 4308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1928 wrote to memory of 4308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1928 wrote to memory of 4308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1928 wrote to memory of 4308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1928 wrote to memory of 4308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1928 wrote to memory of 4308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1928 wrote to memory of 4308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1928 wrote to memory of 4308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1928 wrote to memory of 4308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1928 wrote to memory of 4308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1928 wrote to memory of 4308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1928 wrote to memory of 4308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1928 wrote to memory of 4308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1928 wrote to memory of 4308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1928 wrote to memory of 4308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1928 wrote to memory of 4308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1928 wrote to memory of 4308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1928 wrote to memory of 704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1928 wrote to memory of 704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1928 wrote to memory of 4448 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1928 wrote to memory of 4448 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1928 wrote to memory of 4448 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1928 wrote to memory of 4448 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1928 wrote to memory of 4448 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1928 wrote to memory of 4448 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1928 wrote to memory of 4448 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Users\Admin\AppData\Local\Temp\9596390fa3510502294f557f423d576f09e965d5e8eb21ad1878a8f4cbaad1ef.exe

"C:\Users\Admin\AppData\Local\Temp\9596390fa3510502294f557f423d576f09e965d5e8eb21ad1878a8f4cbaad1ef.exe"

C:\Users\Admin\AppData\Local\Temp\mi.exe

"C:\Users\Admin\AppData\Local\Temp\mi.exe"

C:\Users\Admin\AppData\Local\Temp\cli.exe

"C:\Users\Admin\AppData\Local\Temp\cli.exe"

C:\Windows\Temp\setup.exe

"C:\Windows\Temp\setup.exe"

C:\Users\Admin\AppData\Local\Temp\cc.exe

"C:\Users\Admin\AppData\Local\Temp\cc.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=59322 --headless --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL" --profile-directory="Default"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd4,0xd8,0xdc,0xb0,0xe0,0x7ffd47d59758,0x7ffd47d59768,0x7ffd47d59778

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=1544 --field-trial-handle=1372,i,16997474491467175042,1098843084490455087,131072 --disable-features=PaintHolding /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --headless --use-angle=swiftshader-webgl --headless --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --mojo-platform-channel-handle=1240 --field-trial-handle=1372,i,16997474491467175042,1098843084490455087,131072 --disable-features=PaintHolding /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --first-renderer-process --remote-debugging-port=59322 --allow-pre-commit-input --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1852 --field-trial-handle=1372,i,16997474491467175042,1098843084490455087,131072 --disable-features=PaintHolding /prefetch:1

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc

C:\Windows\System32\sc.exe

sc stop UsoSvc

C:\Windows\System32\sc.exe

sc stop WaaSMedicSvc

C:\Windows\System32\sc.exe

sc stop wuauserv

C:\Windows\System32\sc.exe

sc stop bits

C:\Windows\System32\sc.exe

sc stop dosvc

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#syxapd#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-dc 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-dc 0

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=59322 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2228 --field-trial-handle=1372,i,16997474491467175042,1098843084490455087,131072 --disable-features=PaintHolding /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=59322 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2212 --field-trial-handle=1372,i,16997474491467175042,1098843084490455087,131072 --disable-features=PaintHolding /prefetch:1

C:\Windows\System32\schtasks.exe

C:\Windows\System32\schtasks.exe /run /tn "GoogleUpdateTaskMachineQC"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=59322 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2512 --field-trial-handle=1372,i,16997474491467175042,1098843084490455087,131072 --disable-features=PaintHolding /prefetch:1

C:\Program Files\Google\Chrome\updater.exe

"C:\Program Files\Google\Chrome\updater.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=59322 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3148 --field-trial-handle=1372,i,16997474491467175042,1098843084490455087,131072 --disable-features=PaintHolding /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=59322 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3308 --field-trial-handle=1372,i,16997474491467175042,1098843084490455087,131072 --disable-features=PaintHolding /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 300

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=3564 --field-trial-handle=1372,i,16997474491467175042,1098843084490455087,131072 --disable-features=PaintHolding /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x3b8

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc

C:\Windows\System32\sc.exe

sc stop UsoSvc

C:\Windows\System32\sc.exe

sc stop WaaSMedicSvc

C:\Windows\System32\sc.exe

sc stop wuauserv

C:\Windows\System32\sc.exe

sc stop bits

C:\Windows\System32\sc.exe

sc stop dosvc

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#syxapd#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-dc 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-dc 0

C:\Windows\System32\conhost.exe

C:\Windows\System32\conhost.exe

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell "Start-Process <#zqznfumcadllhcmt#> powershell <#zqznfumcadllhcmt#> -Verb <#zqznfumcadllhcmt#> runAs" -WindowStyle hidden -Argument 'Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force'

C:\Windows\explorer.exe

C:\Windows\explorer.exe

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /sc daily /st 13:30 /f /tn "AppLaunch" /tr "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -WindowStyle hidden Add-MpPreference -ExclusionPath "C:\ProgramData\sY2NsQjNsETOsATOsIDOsUWOsIWOsMDOsU2NsUWO\MTA1.exe" -Force

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /sc daily /st 13:30 /f /tn WindowsSecurityUpdate_MTA1 /tr "C:\ProgramData\sY2NsQjNsETOsATOsIDOsUWOsIWOsMDOsU2NsUWO\MTA1.exe"

Network

Country Destination Domain Proto
NL 209.250.248.11:33522 tcp
US 8.8.8.8:53 11.248.250.209.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 transfer.sh udp
DE 144.76.136.153:443 transfer.sh tcp
US 8.8.8.8:53 153.136.76.144.in-addr.arpa udp
US 8.8.8.8:53 196.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
NL 216.58.214.14:443 youtube.com tcp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 ogs.google.com udp
US 8.8.8.8:53 apis.google.com udp
DE 172.217.23.206:443 apis.google.com tcp
NL 142.250.179.206:443 ogs.google.com tcp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.250.179.182:443 i.ytimg.com tcp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 206.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 206.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 142.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 182.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.251.36.14:443 play.google.com udp
NL 142.250.179.141:443 accounts.google.com udp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 194.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.251.36.2:443 googleads.g.doubleclick.net tcp
NL 142.251.36.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 2.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 217.14.97.104.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
NL 104.85.1.163:80 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
NL 142.250.179.182:443 i.ytimg.com udp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 163.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 1.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 1.202.248.87.in-addr.arpa udp
US 8.8.8.8:53 63.13.109.52.in-addr.arpa udp
RU 185.159.129.168:80 tcp
US 8.8.8.8:53 1.112.95.208.in-addr.arpa udp
RU 185.149.146.118:80 tcp
RU 77.91.77.144:80 tcp
N/A 127.0.0.1:59322 tcp
N/A 127.0.0.1:59322 tcp
N/A 127.0.0.1:59322 tcp
N/A 127.0.0.1:59322 tcp
US 8.8.8.8:53 pastebin.com udp
US 104.20.68.143:80 pastebin.com tcp
US 104.20.68.143:443 pastebin.com tcp
RU 46.29.235.84:80 46.29.235.84 tcp
US 8.8.8.8:53 143.68.20.104.in-addr.arpa udp
US 8.8.8.8:53 84.235.29.46.in-addr.arpa udp
US 8.8.8.8:53 stratum-eu.rplant.xyz udp
FR 141.94.192.217:17056 stratum-eu.rplant.xyz tcp
US 8.8.8.8:53 217.192.94.141.in-addr.arpa udp
US 8.8.8.8:53 1.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 254.7.248.8.in-addr.arpa udp

Files

memory/4804-121-0x00000000023A0000-0x00000000024A0000-memory.dmp

memory/4804-122-0x00000000041F0000-0x0000000004228000-memory.dmp

memory/4804-123-0x0000000000400000-0x0000000002308000-memory.dmp

memory/4804-125-0x0000000003F20000-0x0000000003F5F000-memory.dmp

memory/4804-124-0x00000000068E0000-0x00000000068F0000-memory.dmp

memory/4804-126-0x00000000738C0000-0x0000000073FAE000-memory.dmp

memory/4804-127-0x00000000068E0000-0x00000000068F0000-memory.dmp

memory/4804-128-0x00000000068E0000-0x00000000068F0000-memory.dmp

memory/4804-129-0x00000000068F0000-0x0000000006DEE000-memory.dmp

memory/4804-130-0x00000000040A0000-0x00000000040D4000-memory.dmp

memory/4804-131-0x0000000004180000-0x0000000004186000-memory.dmp

memory/4804-132-0x000000000C320000-0x000000000C926000-memory.dmp

memory/4804-133-0x000000000C9B0000-0x000000000CABA000-memory.dmp

memory/4804-134-0x00000000068E0000-0x00000000068F0000-memory.dmp

memory/4804-135-0x000000000CAF0000-0x000000000CB02000-memory.dmp

memory/4804-136-0x000000000CB10000-0x000000000CB4E000-memory.dmp

memory/4804-137-0x000000000CCB0000-0x000000000CCFB000-memory.dmp

memory/4804-138-0x00000000023A0000-0x00000000024A0000-memory.dmp

memory/4804-139-0x0000000000400000-0x0000000002308000-memory.dmp

memory/4804-140-0x00000000068E0000-0x00000000068F0000-memory.dmp

memory/4804-141-0x00000000738C0000-0x0000000073FAE000-memory.dmp

memory/4804-143-0x00000000068E0000-0x00000000068F0000-memory.dmp

memory/4804-144-0x000000000CDF0000-0x000000000CE66000-memory.dmp

memory/4804-145-0x000000000CE70000-0x000000000CF02000-memory.dmp

memory/4804-146-0x000000000CF10000-0x000000000CF76000-memory.dmp

memory/4804-147-0x000000000D640000-0x000000000D802000-memory.dmp

memory/4804-149-0x000000000D810000-0x000000000DD3C000-memory.dmp

memory/4804-148-0x00000000068E0000-0x00000000068F0000-memory.dmp

memory/4804-150-0x0000000004130000-0x0000000004180000-memory.dmp

memory/4804-151-0x00000000068E0000-0x00000000068F0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\mi.exe

MD5 80b0b41decb53a01e8c87def18400267
SHA1 885f327c4e91065486137ca96105190f7a29d0f9
SHA256 10d8e7a04d05a2690a7e0cc30c10028eda0af680a8787f24cb9668ccbe46e1e1
SHA512 19bd6c9ab0cfbba34e722f508fcb4a99ae78a0d71ef664b186034c78eda09a61ae63455f7958dd5a50ec6432c822b23582ca7c87309a37fcbbb28e5facf56c8e

C:\Users\Admin\AppData\Local\Temp\mi.exe

MD5 80b0b41decb53a01e8c87def18400267
SHA1 885f327c4e91065486137ca96105190f7a29d0f9
SHA256 10d8e7a04d05a2690a7e0cc30c10028eda0af680a8787f24cb9668ccbe46e1e1
SHA512 19bd6c9ab0cfbba34e722f508fcb4a99ae78a0d71ef664b186034c78eda09a61ae63455f7958dd5a50ec6432c822b23582ca7c87309a37fcbbb28e5facf56c8e

C:\Users\Admin\AppData\Local\Temp\cli.exe

MD5 b78141a544759e1a07740aa28b35584c
SHA1 af95ccd7d12c7ed7bdc6782373302118d2ebe3a8
SHA256 e268b72e92c9d9af52c25f4d7643bd96c84172fadb4e7a300091eb287ee3a35d
SHA512 2f83ef2eaf8951d392f32405dd9c2555be803f63cbdb9118c4204ad148a254a19aa593082a2f5c7a1b962329df08fede026d0715513adf26d838f043fd451959

C:\Users\Admin\AppData\Local\Temp\cli.exe

MD5 b78141a544759e1a07740aa28b35584c
SHA1 af95ccd7d12c7ed7bdc6782373302118d2ebe3a8
SHA256 e268b72e92c9d9af52c25f4d7643bd96c84172fadb4e7a300091eb287ee3a35d
SHA512 2f83ef2eaf8951d392f32405dd9c2555be803f63cbdb9118c4204ad148a254a19aa593082a2f5c7a1b962329df08fede026d0715513adf26d838f043fd451959

memory/3480-163-0x00000000001B0000-0x000000000043B000-memory.dmp

C:\Windows\Temp\setup.exe

MD5 84741bc02d2e9226a943aa03b6a4568d
SHA1 617d01316011faf77fba30d49ae1e86ff988380a
SHA256 fa1f99fdd5beab9a996ff3cb58886dc1811fd6e1ba444aee2d80d0d9b9d5ec93
SHA512 1c95842c88f7d17a07fa2480281cbdff27136525c80a00387536a0843e040adcac37fd13166ab7f48398d28fd297c92d5c0d0ef4066e68297ea9f30179754379

C:\Windows\Temp\setup.exe

MD5 84741bc02d2e9226a943aa03b6a4568d
SHA1 617d01316011faf77fba30d49ae1e86ff988380a
SHA256 fa1f99fdd5beab9a996ff3cb58886dc1811fd6e1ba444aee2d80d0d9b9d5ec93
SHA512 1c95842c88f7d17a07fa2480281cbdff27136525c80a00387536a0843e040adcac37fd13166ab7f48398d28fd297c92d5c0d0ef4066e68297ea9f30179754379

memory/5092-171-0x00007FF62BC70000-0x00007FF62CE96000-memory.dmp

memory/5092-170-0x00007FF62BC70000-0x00007FF62CE96000-memory.dmp

memory/5092-173-0x00007FFD53230000-0x00007FFD5340B000-memory.dmp

memory/5092-174-0x00007FF62BC70000-0x00007FF62CE96000-memory.dmp

memory/5092-175-0x00007FF62BC70000-0x00007FF62CE96000-memory.dmp

memory/5092-176-0x00007FF62BC70000-0x00007FF62CE96000-memory.dmp

memory/5092-179-0x00007FF62BC70000-0x00007FF62CE96000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\cc.exe

MD5 858f82fe9166c34b6709a3adfe6a625f
SHA1 63275e4b77e0fe6fa6f1db716b5963b69b68f8a5
SHA256 8ec2c1bb10e05a5129269488b53a46c6b5be3691c61ef7da7c6eecf1c0444b28
SHA512 1338082ebb6bf658125cd6d72f5885c78865c1abbed50fd10317dacaf41a450eb98b949631f1a1b94a67d335b23cfc0fa78d0d8db3d726adf2a57af50307b89e

memory/428-183-0x0000000000F20000-0x0000000001554000-memory.dmp

memory/5092-182-0x00007FF62BC70000-0x00007FF62CE96000-memory.dmp

memory/428-185-0x0000000000F20000-0x0000000001554000-memory.dmp

memory/428-187-0x0000000003A90000-0x0000000003B00000-memory.dmp

memory/428-184-0x0000000077834000-0x0000000077835000-memory.dmp

memory/428-189-0x00000000738C0000-0x0000000073FAE000-memory.dmp

memory/428-190-0x0000000006510000-0x000000000657C000-memory.dmp

memory/428-191-0x0000000006670000-0x0000000006680000-memory.dmp

memory/3480-192-0x00000000001B0000-0x000000000043B000-memory.dmp

memory/428-193-0x0000000006670000-0x0000000006680000-memory.dmp

memory/428-194-0x0000000006680000-0x0000000006732000-memory.dmp

memory/428-195-0x0000000006760000-0x0000000006782000-memory.dmp

memory/4804-188-0x0000000000400000-0x0000000002308000-memory.dmp

memory/5092-196-0x00007FF62BC70000-0x00007FF62CE96000-memory.dmp

memory/428-198-0x0000000006670000-0x0000000006680000-memory.dmp

memory/428-199-0x0000000006790000-0x0000000006AE0000-memory.dmp

memory/4804-197-0x00000000738C0000-0x0000000073FAE000-memory.dmp

memory/428-232-0x0000000000F20000-0x0000000001554000-memory.dmp

memory/5092-231-0x00007FF62BC70000-0x00007FF62CE96000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\CrashpadMetrics-active.pma

MD5 03c4f648043a88675a920425d824e1b3
SHA1 b98ce64ab5f7a187d19deb8f24ca4ab5d9720a6d
SHA256 f91dbb7c64b4582f529c968c480d2dce1c8727390482f31e4355a27bb3d9b450
SHA512 2473f21cf8747ec981db18fb42726c767bbcca8dd89fd05ffd2d844206a6e86da672967462ac714e6fb43cc84ac35fffcec7ddc43a9357c1f8ed9d14105e9192

memory/5092-237-0x00007FFD53230000-0x00007FFD5340B000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\Local State

MD5 9bee3c3aab7787b58daed1f856864cca
SHA1 d28898fe1ccfd5a861329c14104821b7fd1b6c95
SHA256 5aa5a637f50ca64b3e50647a4f577f51a36650f210f35e00ebd99f041235c9e7
SHA512 f41a1fca99c32b50b53492b3a65484317bf8a6cc3744ee4bddc8ae2a7e0cad57974cc38274eb4b211617d975ac22673ddf5c14ee1641730e34913e2f64506e50

memory/428-243-0x0000000000F20000-0x0000000001554000-memory.dmp

memory/5092-239-0x00007FF62BC70000-0x00007FF62CE96000-memory.dmp

memory/3448-246-0x00007FFD46F80000-0x00007FFD4796C000-memory.dmp

memory/3448-247-0x000002091B2B0000-0x000002091B2C0000-memory.dmp

memory/3448-248-0x000002091B2B0000-0x000002091B2C0000-memory.dmp

memory/3448-249-0x000002091B2F0000-0x000002091B312000-memory.dmp

memory/3448-252-0x000002091B4A0000-0x000002091B516000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_gzvnxcqw.x2m.ps1

MD5 c4ca4238a0b923820dcc509a6f75849b
SHA1 356a192b7913b04c54574d18c28d46e6395428ab
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA512 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

memory/428-265-0x00000000738C0000-0x0000000073FAE000-memory.dmp

memory/428-267-0x0000000000F20000-0x0000000001554000-memory.dmp

memory/3448-270-0x000002091B2B0000-0x000002091B2C0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\Default\Local Storage\leveldb\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\Default\Local Storage\leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\Default\Local Storage\leveldb\LOG

MD5 45e507e6613b40f9aa60a4c0c7656c94
SHA1 428e9b3ce5035c42c57419aa106c4fbb61a013de
SHA256 ab11e1cb7d9646b8691c32d5f77e09209a4d059c8938649f54a1dcf23c8ed6e8
SHA512 fe41170f1fbe949587b3be5af8a5874df2edead2c38cfa6008d8a86b1156e7cec03907587939a1e7d271c7b2286e996fd1538a66172a7b97bad2eff0563751ba

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\Default\Local Storage\leveldb\LOG.old

MD5 c6f050804c48eca40d2d58da89c4f8e0
SHA1 63679b5454ac52692e96426209fa648ead51aa72
SHA256 cb82ccb190bd240ac424a28edbc11d31b26feee0b9f08b0dbe2d4273d490d446
SHA512 36c534631cf8838673646344ff095a96ab2e94fb77d9325db3e3de216e7112e60fc839dda6aae3831b2b60cbe52c267058401f8d84c492ed2736832882f62773

memory/428-309-0x0000000006670000-0x0000000006680000-memory.dmp

memory/3448-313-0x000002091B2B0000-0x000002091B2C0000-memory.dmp

memory/428-312-0x0000000006670000-0x0000000006680000-memory.dmp

memory/3448-317-0x00007FFD46F80000-0x00007FFD4796C000-memory.dmp

memory/428-318-0x0000000006670000-0x0000000006680000-memory.dmp

C:\Windows\system32\drivers\etc\hosts

MD5 2d29fd3ae57f422e2b2121141dc82253
SHA1 c2464c857779c0ab4f5e766f5028fcc651a6c6b7
SHA256 80a60d7ec533d820de20bcedeb41319e7b1def548b6ea73ddbd69455bac4e7a4
SHA512 077a5c554663be7b71f181d961f5c98c732bc296dc015ffee30768a648bee3aad62c39c352cf2947432be19519906aeac7dfaf2557d309bb460732abb7fdbc68

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

MD5 ad5cd538ca58cb28ede39c108acb5785
SHA1 1ae910026f3dbe90ed025e9e96ead2b5399be877
SHA256 c9e6cb04d6c893458d5a7e12eb575cf97c3172f5e312b1f63a667cbbc5f0c033
SHA512 c066c5d9b276a68fa636647bb29aea05bfa2292217bc77f5324d9c1d93117772ee8277e1f7cff91ec8d6b7c05ca078f929cecfdbb09582522a9067f54740af13

memory/3704-324-0x00007FFD46F80000-0x00007FFD4796C000-memory.dmp

memory/3704-328-0x000001D91DBF0000-0x000001D91DC00000-memory.dmp

memory/3704-327-0x000001D91DBF0000-0x000001D91DC00000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 db7f49c5ec4991f254cb48073f6ee1d8
SHA1 26e0a7377027a65fb8d965e1652c0aa60a444e16
SHA256 07ce436507c8c8d2cc12003d857acd0cd43a043722cf2657cda06d276ea323e7
SHA512 b76785b94e32eeef4eb97da8547329441aa713f282c75a8a0c654e047b33fe57081a840261ef8c92b67f750965b9fb651be18f1f186b3f9bbbf6a786888029dd

memory/428-341-0x0000000003C80000-0x0000000003CC2000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\Default\Network\Cookies

MD5 c9ff7748d8fcef4cf84a5501e996a641
SHA1 02867e5010f62f97ebb0cfb32cb3ede9449fe0c9
SHA256 4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988
SHA512 d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73

memory/5092-368-0x00007FF62BC70000-0x00007FF62CE96000-memory.dmp

C:\Program Files\Google\Chrome\updater.exe

MD5 84741bc02d2e9226a943aa03b6a4568d
SHA1 617d01316011faf77fba30d49ae1e86ff988380a
SHA256 fa1f99fdd5beab9a996ff3cb58886dc1811fd6e1ba444aee2d80d0d9b9d5ec93
SHA512 1c95842c88f7d17a07fa2480281cbdff27136525c80a00387536a0843e040adcac37fd13166ab7f48398d28fd297c92d5c0d0ef4066e68297ea9f30179754379

memory/5092-378-0x00007FF62BC70000-0x00007FF62CE96000-memory.dmp

C:\Program Files\Google\Chrome\updater.exe

MD5 84741bc02d2e9226a943aa03b6a4568d
SHA1 617d01316011faf77fba30d49ae1e86ff988380a
SHA256 fa1f99fdd5beab9a996ff3cb58886dc1811fd6e1ba444aee2d80d0d9b9d5ec93
SHA512 1c95842c88f7d17a07fa2480281cbdff27136525c80a00387536a0843e040adcac37fd13166ab7f48398d28fd297c92d5c0d0ef4066e68297ea9f30179754379

memory/4944-431-0x0000000000740000-0x0000000000867000-memory.dmp

memory/4944-444-0x0000000000740000-0x0000000000867000-memory.dmp

memory/4944-445-0x00000000FF200000-0x00000000FF210000-memory.dmp

memory/4944-447-0x00000000FF200000-0x00000000FF210000-memory.dmp

memory/4944-446-0x00000000FF200000-0x00000000FF210000-memory.dmp

memory/4944-448-0x00000000FF200000-0x00000000FF210000-memory.dmp

memory/4944-449-0x00000000FF200000-0x00000000FF210000-memory.dmp

memory/4944-451-0x00000000FF200000-0x00000000FF210000-memory.dmp

memory/4944-452-0x00000000FF200000-0x00000000FF210000-memory.dmp

memory/4944-453-0x00000000FF200000-0x00000000FF210000-memory.dmp

memory/4944-455-0x00000000FF200000-0x00000000FF210000-memory.dmp

memory/4944-454-0x00000000FF200000-0x00000000FF210000-memory.dmp

memory/4944-456-0x00000000FF200000-0x00000000FF210000-memory.dmp

memory/4944-457-0x00000000FF200000-0x00000000FF210000-memory.dmp

memory/4944-458-0x00000000FF200000-0x00000000FF210000-memory.dmp

memory/4944-459-0x00000000FF200000-0x00000000FF210000-memory.dmp

memory/4944-460-0x00000000FF200000-0x00000000FF210000-memory.dmp

memory/4944-461-0x00000000FF200000-0x00000000FF210000-memory.dmp

memory/4944-462-0x00000000FF200000-0x00000000FF210000-memory.dmp

memory/4944-463-0x00000000FF200000-0x00000000FF210000-memory.dmp

memory/4944-466-0x00000000FF200000-0x00000000FF210000-memory.dmp

memory/4944-464-0x00000000FF200000-0x00000000FF210000-memory.dmp

memory/4944-467-0x00000000FF200000-0x00000000FF210000-memory.dmp

memory/4944-465-0x00000000FF200000-0x00000000FF210000-memory.dmp

memory/4944-468-0x00000000FF200000-0x00000000FF210000-memory.dmp

memory/4944-469-0x00000000FF200000-0x00000000FF210000-memory.dmp

memory/4944-472-0x00000000FF200000-0x00000000FF210000-memory.dmp

memory/4944-471-0x00000000FF200000-0x00000000FF210000-memory.dmp

memory/4944-470-0x00000000FF200000-0x00000000FF210000-memory.dmp

memory/4944-473-0x00000000FF200000-0x00000000FF210000-memory.dmp

memory/4944-474-0x00000000FF200000-0x00000000FF210000-memory.dmp

memory/4944-475-0x00000000FF200000-0x00000000FF210000-memory.dmp

memory/4944-476-0x00000000FF200000-0x00000000FF210000-memory.dmp

memory/4944-477-0x00000000FF200000-0x00000000FF210000-memory.dmp

memory/4944-478-0x00000000FF200000-0x00000000FF210000-memory.dmp

memory/4944-480-0x00000000FF200000-0x00000000FF210000-memory.dmp

memory/4944-479-0x00000000FF200000-0x00000000FF210000-memory.dmp

memory/4944-481-0x00000000FF200000-0x00000000FF210000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000001.dbtmp

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\Default\Service Worker\ScriptCache\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\Default\Service Worker\Database\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 e8ad05611b9836ca5d650ff97c47d97b
SHA1 ec56ef9b5b845c60ff71d107234dc463a65cd12b
SHA256 52d735aaeee23be95927c265f87ae9258bdd94e1e5980dc33ef4177843b68246
SHA512 6890bf14c2c76e764835fd7ac4169f4039724d052cefaec7d12d7b38178f2f751fe46a7179d9bd9e724a0effad75d546b293b5499d20658318f836a5b3d7599d

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58a822.TMP

MD5 6f9ecedb8825109f785f6a5b36778e1f
SHA1 a9a76d76c6d72fb053e73c74d9e6bc040a47f6ac
SHA256 82f292278faa8f267c5614f2c6c77e2e6738790e9a6c8bced52d79f3b60c6a2c
SHA512 9f253ee23f82e58fcc3bf4d2b074fe2b746dc5aed6525803736ec96149e42bc7dabd8418f21bda3f80f9c2aeadd9468c65e296d6de19a3e745e5e246ab823c0f

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 aec72672b22b11b613a92703e9779c5d
SHA1 50855f9f4d7cf50d8df814368863faeddee205e7
SHA256 e13fc3323e82aaec1388346359e2070c5c21a8560c7ffa2f3d10c6bb11bf7af9
SHA512 c85b2bba5ecd0fc8fbc884cab26968e7e464fe9f81707821bf66479edea6f1cbb8bf94f6487fb1a1a56ff9307f1d956b5a4119b8d9f4ef32110d818813cf2d93

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\Default\Code Cache\js\index-dir\the-real-index

MD5 10a93b597830fea312e25e29ccc315a8
SHA1 38620be02fad981e18d1468e85a58f4c685d0b26
SHA256 331de06964621a4f8d13cf64ff99714f9a53256fd097f153ddd8cad22bd10db9
SHA512 e02c4f76bd4335acba6b359e1165b828943001bd94ea553c3740dc7281f77d34e8416333dac4a434d0e86e10f9c4df759935098acc308832baf90d3e493a7d85

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\dedcd5ed-d879-4480-9d5c-2f449ea434c8\index-dir\the-real-index

MD5 475e75f6ef633947d2213bcdb6d85335
SHA1 dd941d1d2a9b5e622a0aa7772fbd50a1bb8f0763
SHA256 2703ce8a57a8140c3d2c6ad0bde2dc49d535bb896d7aa9b71c2886652d3b73b2
SHA512 f416b0a5729bed8cb48a885d3f00eca603171a85d7591b53a3beb000db34f42547fd911b29d4b8bec87ecbb86806ccf40bf3c851438dc53c274f6543698c59cd

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\dedcd5ed-d879-4480-9d5c-2f449ea434c8\index-dir\the-real-index~RFe58b2b1.TMP

MD5 c453118fd93f48f327cffb55e27500f5
SHA1 9468f28f324cbaa68dfe0a97bbe5a1a84fed553a
SHA256 6f48a47e8ed192133c951fa4b7247b47e27d65133ae115da2a2d7d7bd4039981
SHA512 7541d1594c63e951e56134ce93af0c7542b6fe885acd9a3622fe785503a541800b146a68dd4770e5061e0d5933bc662a23b5ad394b64e13880c35c5c808e46fc

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 284d09cd4f0e933e5cc8bce614c4eabb
SHA1 67ed7e184b39bddb1ec7bc5d6bca3dfa5db6c154
SHA256 20177693eec8d556ac7e34d2ce20204e00a50277cbccf67757459a93ce699f04
SHA512 e3ff833389d972be5b6eba38490489c58d282cd09ee494e951a991bf39dc23f6e7d946f06e02c73778f08d6c8ad987b84f96697fef6f142c0eb4c2c3cdc872f7

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\Default\Code Cache\js\index-dir\the-real-index

MD5 ff7923a034a5d8954fb129501aa47f40
SHA1 6cb54dd81d7dcd4b46b1a59674b8a5bead0096f4
SHA256 cb69cdd9b60477dc5c934e8d6a0569b17c0b0ea48a1269a1dcf418f3083def42
SHA512 4b5d8a80a1c55c937662b8513f950b0acf81006104c149dfd62003cbbbd48d08f9558b09baa582e04d4d62f7a40517526daad5d562c5a2696669d244f40c1433

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 fab8053e480990da9391a817f6b0eaa8
SHA1 9176fa146ab86ea94ada73cc3469f40975fdfb05
SHA256 f0be4a641a96b37be03f3800ec888ca45de51db034d92e4aa4e9f149c2680d23
SHA512 93f0eac60047a7a0ee1eab678d2415b7a273f2eddc171b59790e86a046d93e312dc38b51dc85373e65d8c8f13666cbbc8a9888205d1cd3f015fcc846eb93ae50

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58b2b1.TMP

MD5 2249b0542fb0e439854032bd81e2dc02
SHA1 6c6dcf181a48c5301d36873b521ecec6bc21ba92
SHA256 4fd7e52ed0c28a89c63654275cfcae6421868a874ab36f03cdfe25e042642434
SHA512 4a7dade9f9d7e89229bbc0a37ea35e1d55eb7e240ffbf9a1a2f3a02ec6cd143e3079f2e5de15656d38f48244343157a4c4a4c4bf8c5e917fab056a44bed8ca14

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\Default\GPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\Default\GPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\Default\DawnCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\Default\DawnCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\Crashpad\settings.dat

MD5 cf9942e2b4bc3d0ca932ae4a05afd5f2
SHA1 b49af5add8d465f5b6df437ab17d627392d14973
SHA256 cecc12bb25f1c269c6d6278346bbcaf9eccf903819b72298662985b11d3ac582
SHA512 a5981bcb92b5ae378178cbd6f61334e003be8270ea7182b85e5ff83e19454444ce255d2a6b9b35ea2d4158935a3ea17d2dfcf7605f975aac1ce7bdb4efdba1e8

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\DevToolsActivePort

MD5 a96ae42825ab9cd4d0e58799664ce99d
SHA1 51bfe208b76dff22fde726a8e4335f71626ec82e
SHA256 0042437335b917e80d08c5505030c0e6d33623b14c6d0363e8265b8789588cbf
SHA512 5407cd476ac501d1dfbda86e1c301bf4579572f4838dc8c5fbae364fe6a1f3e1fc1578ca531fd4e01b5c409e96b9108f7ade915471807956a03f432a5adacd90

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\Default\chrome_debug.log

MD5 66b9db8a1f7b9c48130117b85e2a90fa
SHA1 3138966b1055ad052d9f0d53fd37c52a1457581e
SHA256 4c8a8a2616e1bd2dd9a71921b1f556ec8400bd915df32cf2ec2aae3c3a941407
SHA512 3955021dde347d65132c56dd2218b5d0c3cb13fc3f413ae765c160b5c39e8d1b37a913d88739af763b00c8c01b360006ab8e5b144eb90cade5d32282a8641974

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\Default\Cache\Cache_Data\data_1

MD5 e7ad622b7b01503640dffb9f8f4b93a5
SHA1 1039a27ce7d6854dbdb4ae967e5a0cf7258d5627
SHA256 19520646bf999e4e43a5a39988e54320c61c395a8da60a7c119bd1bd2922564f
SHA512 dc18f99856d746d9ec43fa24e72dde5035b23916f4f02f18d15497ecb10b8fc452fa82bfe244abc0a956ae0ee6661c72d060ff2801468c8e40dd64817d14b10e

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\Default\Code Cache\js\424c53a72ab85bac_0

MD5 3ef74ab4ac69a2384a6ab5766c7fbc25
SHA1 bcd6ddb494e1f49e63e0ff9645c8c8a94d777e84
SHA256 95be12cd1ea727e8a1e35d79576e57c4d995d0b0158424719b18a581dbdc259a
SHA512 e2b15a9960410a6a392867109fa22f6ab2f64cb7d9d0576f92db94d17615586c69289777767dbdc1dcf7e8e04a99028e545aefd43f74781d49b1d76f4549636f

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\Default\Code Cache\js\408242ca35bda2b3_0

MD5 2270266da68040dc4cd6c2a5c58d6336
SHA1 47f0012ed2ffe4ebec94ec5fa2c958bf3ec2674d
SHA256 35c0028a002418b72956d4fe135b525343bbaf5d2dc47df9ec0cdaefc7e1debb
SHA512 dd8aef5e26ae9a1fae33936f8fe7a5445b64766b56253d0cc9d75e70d5f8db24811e039935485e803995da7f2eee5d4fa43927238d46d7c320a48fe536dfe9ad

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\Default\Code Cache\js\3978e55ddeca1efa_0

MD5 8d861c4a4540bda276fdd74072bacece
SHA1 5ef6935e7a11fa64609307d149f132707f1a6ac8
SHA256 b32c4e15054d37ded24960eab911fe8505c244b1ceb584444f9fb7732b40b060
SHA512 f6b9ce55e90d6dc77d3f1d6113e7c234d66733059fee303d77b183d98a962d239754ad7b1e3f6214948d81c147c362cf3a8a5376e68bf5776d7ebe4eb4802db1

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\Default\Code Cache\js\2e64514b9cd267ab_0

MD5 522f55f4f2d1e948bdd622a2baa42c69
SHA1 9db4c9c1bf987ba428b71787259505cf2a342333
SHA256 f329644707dbde67c7585c7be927c673f53d283031f1ae8b9f7ebd612ed3e50b
SHA512 f86e30d440fb8d615256a6b2dc60b65353b08823e59b99e9a2f34d1e3189ff3483703a8e237482921704d998bf138a9b017bb2a9599c203dc4950f40fab8828b

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\Default\Code Cache\js\0268938681f021db_0

MD5 256dec05980bfce1fb542d1c0ff3fb84
SHA1 f4721ed2119a537d744070587ef541e0bdbbb488
SHA256 c9edc05bfcb10234107dc98cd7f134c8479b08d9c1bf3f6830b75c52faf9de29
SHA512 d5c25a76bfbe3aeb8ba7eaac28ebda5c9297406e4eca4474855c7e02dacb33c3a72670636ab6df7c4758aaf3418320d472749cbcc2a50841072b07e6c0457ecb

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\Default\Code Cache\js\00f1c975e25c4afb_0

MD5 ad6e042fe6d56af579b28160dea9e30f
SHA1 f8f1810dfae0707661435c1bbf25c916516e722d
SHA256 1af2b3068f023a411bcdc8c7e3119e850da6f61790a23377dd35db15386af8f3
SHA512 a34d069fde4f7955089da60f04348cbf012dde42d4463f20b41f99e36155637ca603f93fe1e2ae866ea717fd387912e52f1c70b8c4eaaeacd0e200be7e4a3b79

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\Default\Cache\Cache_Data\index

MD5 3f376f2869e383db7433119414409a62
SHA1 221b372a0ed5be4de5c78951c479c121f7b7b0a6
SHA256 cc4b120dc8cb96bb786a69c02a8dd3efb9045d06dde3052e8316bad4070dc083
SHA512 e2a1251c6c97ddfed733c0bdd381f18f6178a992da262de20b6a7fc8779e1e790770e0d83c9b302fafd217535fbcd87400830338f686b232bff55e5b68389eac

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\Default\Cache\Cache_Data\f_000016

MD5 d5671cdf8d49eda138ccd20b45ef8db1
SHA1 e0884e7250d62f4c72f289153c787acdc05cda19
SHA256 d43222e669690ab044106f436717054db5af2769cee372d7368c5a91939c6641
SHA512 d0693f197aa3fd2210dd2981e21796e8f7aa27a1547a31729747cc55c7ebd7b05dfcaf33c27bca6776c189de52137f1ebeab167bbeb9b5b76c3c8ff1889a0558

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\Default\Cache\Cache_Data\f_000015

MD5 05edfcdd07571aff9fa608a073632954
SHA1 b0709f510e24931c993e5c799cee622c80055896
SHA256 76cb3b7faf29793ea64dbbe8216d2cb78b44a83ddd954d443dfd756005ba94aa
SHA512 317f87697d458c049952262c6e78c006d3c6448e1ba235aa41f7e3d4349d31148347d11c97fbfedb7a364042ee2425a64683647153b87d88337dda260a021c00

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\Default\Cache\Cache_Data\f_000014

MD5 406fd8b43c9c6bd2aff386eb7f935ccc
SHA1 845f7c7ff0d3a95a4fcaa0edba690a9f4812b5c4
SHA256 d8d28d57bf6a97e62a9897d1bb17f0448f754e92930aad3717ef454c445486e9
SHA512 18766ad80d759f4c418c9bb4f7b2e80c727fa5bba45cf2f2b6e3233d3d091ba2cbf27e9aba95fb5067a6eeabef8eaee6af2825a86d29d63d39496120f6ac8b0e

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\Default\Cache\Cache_Data\f_000013

MD5 d2ca4aa2c9936406486e9f150930a204
SHA1 08fcf1eced1b6d18026a990876cf014114d0255d
SHA256 035a824483fd8c1ce783451102c50743d8f187d6072ecc3b05c31419454307ce
SHA512 0928d55af6ff3e93690be13aae545a7d5c87bca0a1417a0fe6848fc50e8949c9625e61367c078ac9c96fbe0af9b19f7e8274e29c9ba6d8c933299b9f28947f9d

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\Default\Cache\Cache_Data\f_000012

MD5 4e96db351538d4169bf9b8e46997036a
SHA1 564e83facf1f42b333d0a244e1d89eea5f2f8557
SHA256 ad14c57852be3c18422b078d69ec21d4112d19c6bf26e3c29184fb4c590ce7a8
SHA512 3566dc085f5c7ee75b5a0e7e6ecab4a9391b75c6220fee271faa1a0dcf48396ea685107d9e47370a9b78713f96a73d5002c797a337580df78a303a57a6159581

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\Default\Cache\Cache_Data\f_000011

MD5 789fd4f17cc11ac527dc82ac561b3220
SHA1 83ac8d0ad8661ab3e03844916a339833169fa777
SHA256 5459e6f01b7edde5f425c21808de129b69470ee3099284cb3f9413d835903739
SHA512 742d95bb65dcc72d7ce7056bd4d6f55e2811e98f7a3df6f1b7daef946043183714a8a3049b12a0be8ac21d0b4f6e38f7269960e57b006dfec306158d5a373e78

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\Default\Cache\Cache_Data\f_000010

MD5 db2bafd5a7299458ee228a5f55cafe46
SHA1 495b0477fc5af81b0106cd2e6bda8c80d818095a
SHA256 05cb8f3ad6c20f5a1ffe392b285749c857a8194ed761dfe4a62ce85a02102043
SHA512 8afb1abaccb447157d3045873ee9ec92d6858ce828b8a637d760d38561302e31e79e408d2bad51585a6585bdf0a4b72652e5e6e5799d4f3d171b120d1aba26bb

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\Default\Cache\Cache_Data\f_00000f

MD5 189badc72a668aade50699ae05067c2a
SHA1 5458410fc96bcf08b29f204b05470dad5882afb9
SHA256 896d76b06fe7bc62fa10e8f9091b84584d8fdbd7eaaea1183f7c1e5e3a98c559
SHA512 287ff71f9b6ab261f989792cfee0b99e1745c57e8e8c9c3c55e07592a835008673a9ee5b2099ef9beb6ef4343c10827109b281b2fbed0fe0de1da020723c622b

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\Default\Cache\Cache_Data\f_00000e

MD5 27cd2cadf2c6803021503d69ef6adb59
SHA1 42db3241dceb8e751bc394963be6c3a600c63438
SHA256 d1b75085ea35b7053cf99dcd0764c28eb035f1228ca2fa4393040a0f1f4e3927
SHA512 6f1862d0cf21c62bc047ebcf66fdabe392c18e3a4534206941fa9ccf0e155c51b1dac0d1409b2283de08fe22782b5d8f48d8956fd33c6e0ccb006a8a9f4acfec

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\Default\Cache\Cache_Data\f_00000d

MD5 355dcc3d527c3e9cee6ad0819e479211
SHA1 2e31ed9f7f6214bcc6419de03438c6613357ce56
SHA256 2096b2907f5170ec6a2eb2a418547e187f0e9e03ebd1b4fcf97c948acfb07f7c
SHA512 d61d48c09735e749a7448ac05c577fabdd0b3508aff5acfbd256d141c9dedd209263ecc9d3ef0bfcf80dc83e64115530dba88c608c43f96ec3df366c24a983eb

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\Default\Cache\Cache_Data\f_00000c

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\Default\Cache\Cache_Data\f_00000b

MD5 9f1c899a371951195b4dedabf8fc4588
SHA1 7abeeee04287a2633f5d2fa32d09c4c12e76051b
SHA256 ba60b39bc10f6abd7f7a3a2a9bae5c83a0a6f7787e60115d0e8b4e17578c35f7
SHA512 86e75284beaff4727fae0a46bd8c3a8b4a7c95eceaf45845d5c3c2806139d739c983205b9163e515f6158aa7c3c901554109c92a7acc2c0077b1d22c003dba54

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\Default\Cache\Cache_Data\f_00000a

MD5 99374f3368b192f0ebb50e2ec284e2eb
SHA1 9415121c85654b2bf0a98576c11589ff304665c9
SHA256 85e81bcb282f3c74de592b44362f4adc0271e43743de6bd3c984e59c840d7f28
SHA512 582886a6ff12929ae865e2ceba30e96d0e5a77e2a09b6ba130f2416fc6ac544bc2bd2337df145dabbcae84d13a67e9922a0890c77c40b06149d562116b35a311

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\Default\Cache\Cache_Data\f_000009

MD5 500ecdda9ad3e919a1f41c1588266a1b
SHA1 d5ddf92dc08284a48701a4d3555590bda05f77e0
SHA256 caad3feace9086d27e006d538d2daf4dd50e2b33307232a7db6d5f8c48f73b37
SHA512 5e47a0d0721ec0f9adb5a439ffc98c1b4da780e74270332313f8350f228bdb919d32c4812c6ede84ebae3ead1342c2eaf4c73f4dfca5a87e8887e1b5913c0d9f

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\Default\Cache\Cache_Data\f_000008

MD5 b7ca90dd9f9f9e7baee1457f92508b18
SHA1 521073d166856087e6026de0e883539e669e524c
SHA256 b2659fc464d289e09b18f743c51df0e47a5006f7ea65cd1ace5b63caa07282b4
SHA512 8dcb8c6a9b2d9bcb535a26c9cab2799618b72e62aae8e2069320d7503b0d13c11c07a1cbda0fe13cedf34f2533f9bb0d41be9b347df708d4a5cab34c0e2df5fc

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\Default\Cache\Cache_Data\f_000007

MD5 d453afffdfdc0b4a8dade7dc8c9572d6
SHA1 58059302d94ed9744e739e388d24bde852996908
SHA256 9c34eeebfce83033015f38c7a605d1fed811fb54720409bfe06ad5c2c91fe2d1
SHA512 2678c762ac65b5edebd1ae552e061495f551a4d037d0dfd0732c98c3e197e498a1b020c927e11f2c3dbd388dcd863f83990632581582e20767b8bb1a0b0f6927

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\Default\Cache\Cache_Data\f_000006

MD5 424826f09a5a67968c84db6f4ee00859
SHA1 b0914033d4a81f491210c917fbcd3792fe57b2ba
SHA256 ebba4a15a3a62c95fd4e6db66e2c5915b836db7066327b56c18b8073a8640a87
SHA512 cd172785ed9eb8f5e6697a3e29d36d9bc9a94b59df3983c4b47db10098bb62f172c87069c44fd49ea4a55917c27a568d0c1d1f269db1c8431d356cb686f7d2b1

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\Default\Cache\Cache_Data\f_000005

MD5 5ca9c119403d3c0232849ea215008686
SHA1 06b4fef2dbdc0709c7edcdf8c35bb89d9f020ed2
SHA256 d7d39741765231d5408c5a7166713d079108c1ff4d780095e9aee2218203cc98
SHA512 f8322e578a455743cce7fac74feafb7c37c0d65dcd278dab774f367fcb86563012ffb83bf384dd262be90d83c855b44f22546d8253b4833e886a8fda71beaa95

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\Default\Cache\Cache_Data\f_000004

MD5 da4cec20c30abd49c5b03cb178c6e5f7
SHA1 c7a0efa3f505a46e5e5001e4fccbef753f52c119
SHA256 11a703e00e1246b141133c860527146c54979728745aaa1858c20d819144f56a
SHA512 60279e6b06b7d8994c1abc2e75617ff39562fcdcfb4b3d693d5db6b18e05eaea3bec033857bf1dc357a8e9b5228fbf272efd034f048ce4cefb6b005e18e0d26e

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\Default\Cache\Cache_Data\f_000003

MD5 21808cd0724524589cd4ec1ce26f6d58
SHA1 fc5cc4cb347ed20389626c58a6de396ef1ac5ada
SHA256 1a7608a326717e18f424991b924d9c7319eb273cc3af432585d95ce8b068ca8d
SHA512 36902ff35a1ed469aa9cab3856b1b0057ca7db8ea4d92ca1d129e68f02eebd5322a4e81aec29a2b1c0c289e2f82df13684ccf0305378878494260c4d4e6caf0d

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\Default\Cache\Cache_Data\f_000002

MD5 5a36b769c62011858e4c1b5d79886b40
SHA1 498525e79564e2e8f3a95b0f6a47f9fdcb7a43ae
SHA256 775bc09bf922fb9623c118356e9b39562e6f4049da85462560418364e334d481
SHA512 da431233ebbd6badc5afe77f002c97214d7995ed6377753c632556cf5babe74eb55502350307456a7f74bb7ab9991c3e11d8d231a5c509fbc8070a6427fcfbe4

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\Default\Cache\Cache_Data\f_000001

MD5 b2c7f732a96583a1e962ee77d2325a31
SHA1 095415cafeff37f17e8b8a049bc716d70629206e
SHA256 1bf698ef31832b145f3f58915f72aa315c47232e6fe7bb5f9e7465331ab8e081
SHA512 b57f5ed881a69076fc2162f820162f4e3c8817bb1c13e3303dac876c2d5e9415d395cba8071754995e27425fdd57c53893a26a202b89ca5fbba928f7df7d373d

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\Default\Cache\Cache_Data\data_3

MD5 8e02187b629051a5b420e114a1b56c9c
SHA1 eced0f7d40952d706a39a1561a64b5fcdc770a65
SHA256 796def398d8a406f4c102f348be3192355b14cf2fe6e17d3535a7b4b4899e5e4
SHA512 8e36cd1f6ddf2fe5881c051e761025b57747b91199d161553d828541d34abce31ba6964ce9e7d39d1dc5b103d3bc0f30a36f91963266f1d65bc69fd9ea0d2518

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\Default\Cache\Cache_Data\data_2

MD5 128b34bf8010c49371b8add3c3f0b658
SHA1 a3fe2df53e893c5296ed177528a189145e827ed1
SHA256 6b27cbbc2e5c61af9cd761851c1ae97e4e2628cde5c0ef815a8444c453c67cda
SHA512 467ebcdc56e2e92a7de6f105c9102aa73f76ff03edc34d934184e8aa095e005c5395a0b7779ed90ea83e3374b8e5ebc8f9f4ba56684930287d3cf6ee4a78c463

C:\Users\Admin\AppData\Local\Google\Chrome\User DataIS6QL\Default\Cache\Cache_Data\data_0

MD5 2809081e1e38e20fd56c75e3c9fee1d0
SHA1 5dd3bc6279dfebcfecbbfff10c2dcfb24d6ce289
SHA256 c89c449f52d25eb21b07ac045c18c2fed46b26bda20ec22c469c58066b7e52ef
SHA512 d09f4aae19fc831fe4d37b4e295f68bfddf6028cb62660a2915c9360987e6cb4eed04bf906251693b0f5c450a7189c6a776eb15d0aa3ccc59408a64da3225471