Malware Analysis Report

2025-01-18 07:59

Sample ID 230812-fn5agaab58
Target bea60a6d436d1d750f83f0df89dce0367822b76b3c67a.exe
SHA256 bea60a6d436d1d750f83f0df89dce0367822b76b3c67acfd95ff038870930789
Tags
redline logsdiller cloud (tg: @logsdillabot) evasion infostealer spyware stealer themida persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

bea60a6d436d1d750f83f0df89dce0367822b76b3c67acfd95ff038870930789

Threat Level: Known bad

The file bea60a6d436d1d750f83f0df89dce0367822b76b3c67a.exe was found to be: Known bad.

Malicious Activity Summary

redline logsdiller cloud (tg: @logsdillabot) evasion infostealer spyware stealer themida persistence

Suspicious use of NtCreateUserProcessOtherParentProcess

RedLine

Drops file in Drivers directory

Downloads MZ/PE file

Stops running service(s)

Loads dropped DLL

Executes dropped EXE

Themida packer

Reads user/profile data of web browsers

Adds Run key to start application

Legitimate hosting services abused for malware hosting/C2

Accesses cryptocurrency files/wallets, possible credential harvesting

Looks up external IP address via web service

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

Drops file in System32 directory

Launches sc.exe

Drops file in Program Files directory

Drops file in Windows directory

Program crash

Unsigned PE

Enumerates physical storage devices

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Creates scheduled task(s)

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: LoadsDriver

Suspicious use of WriteProcessMemory

Modifies system certificate store

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-08-12 05:02

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-08-12 05:02

Reported

2023-08-12 05:04

Platform

win7-20230712-en

Max time kernel

49s

Max time network

150s

Command Line

C:\Windows\Explorer.EXE

Signatures

RedLine

infostealer redline

Suspicious use of NtCreateUserProcessOtherParentProcess

Description Indicator Process Target
PID 1360 created 1260 N/A C:\Windows\Temp\setup.exe C:\Windows\Explorer.EXE

Downloads MZ/PE file

Stops running service(s)

evasion

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\mi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cli.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cc.exe N/A

Reads user/profile data of web browsers

spyware stealer

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk N/A N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\cc.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 2916 set thread context of 2320 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\cli.exe

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 C:\Users\Admin\AppData\Local\Temp\bea60a6d436d1d750f83f0df89dce0367822b76b3c67a.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\bea60a6d436d1d750f83f0df89dce0367822b76b3c67a.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\bea60a6d436d1d750f83f0df89dce0367822b76b3c67a.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\bea60a6d436d1d750f83f0df89dce0367822b76b3c67a.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Users\Admin\AppData\Local\Temp\bea60a6d436d1d750f83f0df89dce0367822b76b3c67a.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\AppData\Local\Temp\bea60a6d436d1d750f83f0df89dce0367822b76b3c67a.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bea60a6d436d1d750f83f0df89dce0367822b76b3c67a.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\cc.exe N/A
Token: SeDebugPrivilege N/A N/A N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2780 wrote to memory of 1084 N/A C:\Users\Admin\AppData\Local\Temp\bea60a6d436d1d750f83f0df89dce0367822b76b3c67a.exe C:\Users\Admin\AppData\Local\Temp\mi.exe
PID 2780 wrote to memory of 1084 N/A C:\Users\Admin\AppData\Local\Temp\bea60a6d436d1d750f83f0df89dce0367822b76b3c67a.exe C:\Users\Admin\AppData\Local\Temp\mi.exe
PID 2780 wrote to memory of 1084 N/A C:\Users\Admin\AppData\Local\Temp\bea60a6d436d1d750f83f0df89dce0367822b76b3c67a.exe C:\Users\Admin\AppData\Local\Temp\mi.exe
PID 2780 wrote to memory of 1084 N/A C:\Users\Admin\AppData\Local\Temp\bea60a6d436d1d750f83f0df89dce0367822b76b3c67a.exe C:\Users\Admin\AppData\Local\Temp\mi.exe
PID 2780 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\bea60a6d436d1d750f83f0df89dce0367822b76b3c67a.exe C:\Users\Admin\AppData\Local\Temp\cli.exe
PID 2780 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\bea60a6d436d1d750f83f0df89dce0367822b76b3c67a.exe C:\Users\Admin\AppData\Local\Temp\cli.exe
PID 2780 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\bea60a6d436d1d750f83f0df89dce0367822b76b3c67a.exe C:\Users\Admin\AppData\Local\Temp\cli.exe
PID 2780 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\bea60a6d436d1d750f83f0df89dce0367822b76b3c67a.exe C:\Users\Admin\AppData\Local\Temp\cli.exe
PID 1084 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\mi.exe C:\Windows\Temp\setup.exe
PID 1084 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\mi.exe C:\Windows\Temp\setup.exe
PID 1084 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\mi.exe C:\Windows\Temp\setup.exe
PID 1084 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\mi.exe C:\Windows\Temp\setup.exe
PID 2780 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\bea60a6d436d1d750f83f0df89dce0367822b76b3c67a.exe C:\Users\Admin\AppData\Local\Temp\cc.exe
PID 2780 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\bea60a6d436d1d750f83f0df89dce0367822b76b3c67a.exe C:\Users\Admin\AppData\Local\Temp\cc.exe
PID 2780 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\bea60a6d436d1d750f83f0df89dce0367822b76b3c67a.exe C:\Users\Admin\AppData\Local\Temp\cc.exe
PID 2780 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\bea60a6d436d1d750f83f0df89dce0367822b76b3c67a.exe C:\Users\Admin\AppData\Local\Temp\cc.exe
PID 2916 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2916 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2916 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2916 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2916 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2916 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2916 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2916 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2916 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2916 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\SysWOW64\WerFault.exe
PID 2916 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\SysWOW64\WerFault.exe
PID 2916 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\SysWOW64\WerFault.exe
PID 2916 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\SysWOW64\WerFault.exe
PID 2736 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\cc.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\cc.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\cc.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2736 wrote to memory of 1716 N/A C:\Users\Admin\AppData\Local\Temp\cc.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1716 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1716 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1716 wrote to memory of 1756 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1716 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1716 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1716 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1716 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1716 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1716 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1716 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1716 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1716 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1716 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1716 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1716 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1716 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1716 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1716 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1716 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1716 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1716 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1716 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1716 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1716 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1716 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1716 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1716 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1716 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1716 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1716 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1716 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Users\Admin\AppData\Local\Temp\bea60a6d436d1d750f83f0df89dce0367822b76b3c67a.exe

"C:\Users\Admin\AppData\Local\Temp\bea60a6d436d1d750f83f0df89dce0367822b76b3c67a.exe"

C:\Users\Admin\AppData\Local\Temp\mi.exe

"C:\Users\Admin\AppData\Local\Temp\mi.exe"

C:\Users\Admin\AppData\Local\Temp\cli.exe

"C:\Users\Admin\AppData\Local\Temp\cli.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Temp\setup.exe

"C:\Windows\Temp\setup.exe"

C:\Users\Admin\AppData\Local\Temp\cc.exe

"C:\Users\Admin\AppData\Local\Temp\cc.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 108

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data3K9O8" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data3K9O8\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data3K9O8" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd4,0x7fef70c9758,0x7fef70c9768,0x7fef70c9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=37305 --headless --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data3K9O8" --profile-directory="Default"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --headless --use-angle=swiftshader-webgl --headless --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --mojo-platform-channel-handle=852 --field-trial-handle=1052,i,13237624515824032644,206647796349961563,131072 --disable-features=PaintHolding /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=1212 --field-trial-handle=1052,i,13237624515824032644,206647796349961563,131072 --disable-features=PaintHolding /prefetch:8

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --first-renderer-process --remote-debugging-port=37305 --allow-pre-commit-input --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1564 --field-trial-handle=1052,i,13237624515824032644,206647796349961563,131072 --disable-features=PaintHolding /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=37305 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=1840 --field-trial-handle=1052,i,13237624515824032644,206647796349961563,131072 --disable-features=PaintHolding /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=37305 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1960 --field-trial-handle=1052,i,13237624515824032644,206647796349961563,131072 --disable-features=PaintHolding /prefetch:1

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc

C:\Windows\System32\sc.exe

sc stop UsoSvc

C:\Windows\System32\sc.exe

sc stop WaaSMedicSvc

C:\Windows\System32\sc.exe

sc stop wuauserv

C:\Windows\System32\sc.exe

sc stop bits

C:\Windows\System32\sc.exe

sc stop dosvc

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=37305 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2504 --field-trial-handle=1052,i,13237624515824032644,206647796349961563,131072 --disable-features=PaintHolding /prefetch:1

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#lwilj#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-dc 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-ac 0

C:\Windows\system32\schtasks.exe

"C:\Windows\system32\schtasks.exe" /create /f /sc onlogon /rl highest /ru System /tn GoogleUpdateTaskMachineQC /tr "'C:\Program Files\Google\Chrome\updater.exe'"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=37305 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=1860 --field-trial-handle=1052,i,13237624515824032644,206647796349961563,131072 --disable-features=PaintHolding /prefetch:1

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-ac 0

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=37305 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2536 --field-trial-handle=1052,i,13237624515824032644,206647796349961563,131072 --disable-features=PaintHolding /prefetch:1

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-dc 0

C:\Windows\System32\schtasks.exe

C:\Windows\System32\schtasks.exe /run /tn "GoogleUpdateTaskMachineQC"

C:\Windows\system32\taskeng.exe

taskeng.exe {AA853DCB-9077-4B3C-A9E1-E15893E39334} S-1-5-18:NT AUTHORITY\System:Service:

C:\Program Files\Google\Chrome\updater.exe

"C:\Program Files\Google\Chrome\updater.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=2672 --field-trial-handle=1052,i,13237624515824032644,206647796349961563,131072 --disable-features=PaintHolding /prefetch:8

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc

C:\Windows\System32\sc.exe

sc stop UsoSvc

C:\Windows\System32\sc.exe

sc stop WaaSMedicSvc

C:\Windows\System32\sc.exe

sc stop wuauserv

C:\Windows\System32\sc.exe

sc stop bits

C:\Windows\System32\sc.exe

sc stop dosvc

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#lwilj#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-dc 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-dc 0

C:\Windows\system32\schtasks.exe

"C:\Windows\system32\schtasks.exe" /create /f /sc onlogon /rl highest /ru System /tn GoogleUpdateTaskMachineQC /tr "'C:\Program Files\Google\Chrome\updater.exe'"

C:\Windows\System32\conhost.exe

C:\Windows\System32\conhost.exe

C:\Windows\explorer.exe

C:\Windows\explorer.exe

Network

Country Destination Domain Proto
PL 51.83.170.21:19447 tcp
US 8.8.8.8:53 transfer.sh udp
DE 144.76.136.153:443 transfer.sh tcp
US 8.8.8.8:53 apps.identrust.com udp
US 2.18.121.68:80 apps.identrust.com tcp
US 8.8.8.8:53 www.microsoft.com udp
NL 104.85.1.163:80 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
US 8.8.8.8:53 youtube.com udp
NL 216.58.214.14:443 youtube.com tcp
US 8.8.8.8:53 ogs.google.com udp
US 8.8.8.8:53 apis.google.com udp
DE 172.217.23.206:443 apis.google.com tcp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.250.179.150:443 i.ytimg.com tcp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com udp
NL 142.251.36.14:443 play.google.com udp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 142.251.36.14:443 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.250.179.130:443 googleads.g.doubleclick.net tcp
NL 142.250.179.130:443 googleads.g.doubleclick.net udp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.150:443 i.ytimg.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
US 8.8.8.8:53 stratum-eu.rplant.xyz udp
FR 141.94.192.217:17056 stratum-eu.rplant.xyz tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp

Files

memory/2780-54-0x0000000000220000-0x0000000000249000-memory.dmp

memory/2780-55-0x0000000000250000-0x000000000028F000-memory.dmp

memory/2780-56-0x0000000000400000-0x00000000018D1000-memory.dmp

memory/2780-57-0x0000000005E30000-0x0000000005E70000-memory.dmp

memory/2780-58-0x00000000038A0000-0x00000000038D8000-memory.dmp

memory/2780-59-0x0000000074930000-0x000000007501E000-memory.dmp

memory/2780-60-0x0000000005E30000-0x0000000005E70000-memory.dmp

memory/2780-61-0x0000000005E30000-0x0000000005E70000-memory.dmp

memory/2780-62-0x00000000031A0000-0x00000000031D4000-memory.dmp

memory/2780-63-0x0000000003550000-0x0000000003556000-memory.dmp

memory/2780-64-0x0000000005E30000-0x0000000005E70000-memory.dmp

memory/2780-65-0x0000000000400000-0x00000000018D1000-memory.dmp

memory/2780-66-0x0000000000220000-0x0000000000249000-memory.dmp

memory/2780-67-0x0000000000250000-0x000000000028F000-memory.dmp

memory/2780-68-0x0000000074930000-0x000000007501E000-memory.dmp

memory/2780-69-0x0000000005E30000-0x0000000005E70000-memory.dmp

memory/2780-70-0x0000000005E30000-0x0000000005E70000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\CabD396.tmp

MD5 3ac860860707baaf32469fa7cc7c0192
SHA1 c33c2acdaba0e6fa41fd2f00f186804722477639
SHA256 d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904
SHA512 d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

C:\Users\Admin\AppData\Local\Temp\TarD464.tmp

MD5 4ff65ad929cd9a367680e0e5b1c08166
SHA1 c0af0d4396bd1f15c45f39d3b849ba444233b3a2
SHA256 c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6
SHA512 f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 94b48e5120f8508c042506399c90e7c9
SHA1 02711a59b6d59c8d312a96f0b6254fb93febbb6c
SHA256 a1c9f4638ac2fb2a6f01d4bdf211268cfb0744328ce96762e91b3ef6a92984b4
SHA512 b0e5fa4c78cb445b9aa571bdb912c7c0bb89c5a99896a5650aceaa61688a8f84fb9d9214556ff61692babbdf5cb7fd100a0d51de776c8c9eefc6c5f4079f7038

\Users\Admin\AppData\Local\Temp\mi.exe

MD5 aba23d7f60f40f4dee64fa440d5db6e6
SHA1 dde62462dc7887a6b3ba193eafb50da17ef40e67
SHA256 6398817cc923cfad6178c53c6ba9da1f30c426cd183bfdf86889faba8b4732d6
SHA512 ad89270a47e292c931f47da322c055e168b0c4e28de69a20cbf42db9e60fbd59ceb02c01d1c18b1c931d0f23d19230b1c6390d98f36048a3c581b78ffe75ce40

C:\Users\Admin\AppData\Local\Temp\mi.exe

MD5 aba23d7f60f40f4dee64fa440d5db6e6
SHA1 dde62462dc7887a6b3ba193eafb50da17ef40e67
SHA256 6398817cc923cfad6178c53c6ba9da1f30c426cd183bfdf86889faba8b4732d6
SHA512 ad89270a47e292c931f47da322c055e168b0c4e28de69a20cbf42db9e60fbd59ceb02c01d1c18b1c931d0f23d19230b1c6390d98f36048a3c581b78ffe75ce40

C:\Users\Admin\AppData\Local\Temp\mi.exe

MD5 aba23d7f60f40f4dee64fa440d5db6e6
SHA1 dde62462dc7887a6b3ba193eafb50da17ef40e67
SHA256 6398817cc923cfad6178c53c6ba9da1f30c426cd183bfdf86889faba8b4732d6
SHA512 ad89270a47e292c931f47da322c055e168b0c4e28de69a20cbf42db9e60fbd59ceb02c01d1c18b1c931d0f23d19230b1c6390d98f36048a3c581b78ffe75ce40

\Users\Admin\AppData\Local\Temp\cli.exe

MD5 b78141a544759e1a07740aa28b35584c
SHA1 af95ccd7d12c7ed7bdc6782373302118d2ebe3a8
SHA256 e268b72e92c9d9af52c25f4d7643bd96c84172fadb4e7a300091eb287ee3a35d
SHA512 2f83ef2eaf8951d392f32405dd9c2555be803f63cbdb9118c4204ad148a254a19aa593082a2f5c7a1b962329df08fede026d0715513adf26d838f043fd451959

memory/2780-145-0x000000000D0F0000-0x000000000D37B000-memory.dmp

memory/2916-147-0x0000000000CB0000-0x0000000000F3B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\cli.exe

MD5 b78141a544759e1a07740aa28b35584c
SHA1 af95ccd7d12c7ed7bdc6782373302118d2ebe3a8
SHA256 e268b72e92c9d9af52c25f4d7643bd96c84172fadb4e7a300091eb287ee3a35d
SHA512 2f83ef2eaf8951d392f32405dd9c2555be803f63cbdb9118c4204ad148a254a19aa593082a2f5c7a1b962329df08fede026d0715513adf26d838f043fd451959

memory/2916-153-0x0000000000CB0000-0x0000000000F3B000-memory.dmp

\Windows\Temp\setup.exe

MD5 bc202c47461acbe8bef80e143eb3a364
SHA1 0ef433c2e54c4097f0ac3dc722fb9e4e7b7c2634
SHA256 df144eec828ac28a99d5d148493b3a4c8f36fce79ea7c41c08511ff69d6762bb
SHA512 3bec158714630e6d38867ddba74eda37e036fa2d31c3b3b83229ab593ee85e36c9964aebb31a847bb5b0e65932d8fcfe0860cb6b2a7a31c10204887daa018e08

memory/1084-160-0x0000000004480000-0x00000000056E5000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\cc.exe

MD5 858f82fe9166c34b6709a3adfe6a625f
SHA1 63275e4b77e0fe6fa6f1db716b5963b69b68f8a5
SHA256 8ec2c1bb10e05a5129269488b53a46c6b5be3691c61ef7da7c6eecf1c0444b28
SHA512 1338082ebb6bf658125cd6d72f5885c78865c1abbed50fd10317dacaf41a450eb98b949631f1a1b94a67d335b23cfc0fa78d0d8db3d726adf2a57af50307b89e

C:\Windows\Temp\setup.exe

MD5 bc202c47461acbe8bef80e143eb3a364
SHA1 0ef433c2e54c4097f0ac3dc722fb9e4e7b7c2634
SHA256 df144eec828ac28a99d5d148493b3a4c8f36fce79ea7c41c08511ff69d6762bb
SHA512 3bec158714630e6d38867ddba74eda37e036fa2d31c3b3b83229ab593ee85e36c9964aebb31a847bb5b0e65932d8fcfe0860cb6b2a7a31c10204887daa018e08

\Users\Admin\AppData\Local\Temp\cc.exe

MD5 858f82fe9166c34b6709a3adfe6a625f
SHA1 63275e4b77e0fe6fa6f1db716b5963b69b68f8a5
SHA256 8ec2c1bb10e05a5129269488b53a46c6b5be3691c61ef7da7c6eecf1c0444b28
SHA512 1338082ebb6bf658125cd6d72f5885c78865c1abbed50fd10317dacaf41a450eb98b949631f1a1b94a67d335b23cfc0fa78d0d8db3d726adf2a57af50307b89e

memory/2736-165-0x0000000000D50000-0x0000000001384000-memory.dmp

memory/2736-166-0x0000000000200000-0x0000000000270000-memory.dmp

C:\Windows\Temp\setup.exe

MD5 bc202c47461acbe8bef80e143eb3a364
SHA1 0ef433c2e54c4097f0ac3dc722fb9e4e7b7c2634
SHA256 df144eec828ac28a99d5d148493b3a4c8f36fce79ea7c41c08511ff69d6762bb
SHA512 3bec158714630e6d38867ddba74eda37e036fa2d31c3b3b83229ab593ee85e36c9964aebb31a847bb5b0e65932d8fcfe0860cb6b2a7a31c10204887daa018e08

memory/2780-168-0x0000000000400000-0x00000000018D1000-memory.dmp

memory/2780-171-0x0000000074930000-0x000000007501E000-memory.dmp

memory/1360-170-0x000000013F180000-0x00000001403E5000-memory.dmp

memory/2736-174-0x0000000000D50000-0x0000000001384000-memory.dmp

memory/1360-173-0x000000013F180000-0x00000001403E5000-memory.dmp

memory/1360-177-0x0000000077830000-0x00000000779D9000-memory.dmp

memory/2736-176-0x0000000002A60000-0x0000000002ACC000-memory.dmp

memory/1360-178-0x000000013F180000-0x00000001403E5000-memory.dmp

memory/1360-175-0x000000013F180000-0x00000001403E5000-memory.dmp

memory/2736-181-0x00000000031E0000-0x0000000003220000-memory.dmp

memory/1360-179-0x000000013F180000-0x00000001403E5000-memory.dmp

memory/2736-180-0x0000000074930000-0x000000007501E000-memory.dmp

memory/1360-182-0x000000013F180000-0x00000001403E5000-memory.dmp

memory/2736-183-0x0000000077A20000-0x0000000077A22000-memory.dmp

memory/2736-185-0x00000000031E0000-0x0000000003220000-memory.dmp

memory/2736-184-0x0000000003110000-0x00000000031C2000-memory.dmp

memory/2320-193-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

memory/2320-195-0x0000000000400000-0x0000000000527000-memory.dmp

memory/2320-187-0x0000000000400000-0x0000000000527000-memory.dmp

memory/2320-186-0x0000000000400000-0x0000000000527000-memory.dmp

memory/2320-258-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2320-257-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2320-256-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2320-255-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2320-254-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2320-253-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2320-252-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2320-251-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2320-250-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2320-249-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2320-270-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2320-269-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2320-268-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2320-267-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2320-266-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2320-265-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2320-264-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2320-263-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2320-262-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2320-261-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2320-260-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2320-259-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2320-248-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2320-247-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

\Users\Admin\AppData\Local\Temp\cli.exe

MD5 b78141a544759e1a07740aa28b35584c
SHA1 af95ccd7d12c7ed7bdc6782373302118d2ebe3a8
SHA256 e268b72e92c9d9af52c25f4d7643bd96c84172fadb4e7a300091eb287ee3a35d
SHA512 2f83ef2eaf8951d392f32405dd9c2555be803f63cbdb9118c4204ad148a254a19aa593082a2f5c7a1b962329df08fede026d0715513adf26d838f043fd451959

memory/2320-246-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2320-245-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2320-244-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2320-243-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2320-242-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2320-241-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2320-240-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2320-239-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2320-238-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2320-237-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2320-236-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2320-235-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2320-234-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2320-233-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2320-232-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2320-231-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2320-230-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

\Users\Admin\AppData\Local\Temp\cli.exe

MD5 b78141a544759e1a07740aa28b35584c
SHA1 af95ccd7d12c7ed7bdc6782373302118d2ebe3a8
SHA256 e268b72e92c9d9af52c25f4d7643bd96c84172fadb4e7a300091eb287ee3a35d
SHA512 2f83ef2eaf8951d392f32405dd9c2555be803f63cbdb9118c4204ad148a254a19aa593082a2f5c7a1b962329df08fede026d0715513adf26d838f043fd451959

memory/2320-196-0x0000000000400000-0x0000000000527000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data3K9O8\CrashpadMetrics-active.pma

MD5 03c4f648043a88675a920425d824e1b3
SHA1 b98ce64ab5f7a187d19deb8f24ca4ab5d9720a6d
SHA256 f91dbb7c64b4582f529c968c480d2dce1c8727390482f31e4355a27bb3d9b450
SHA512 2473f21cf8747ec981db18fb42726c767bbcca8dd89fd05ffd2d844206a6e86da672967462ac714e6fb43cc84ac35fffcec7ddc43a9357c1f8ed9d14105e9192

C:\Users\Admin\AppData\Local\Google\Chrome\User Data3K9O8\Local State

MD5 a6ff1c0d1ce8283aa4cd2c107f91e483
SHA1 fee3491111f00c2a75368e80d3c7241602b078e0
SHA256 7b10d47edf4d7bef080d6d6b65ef3b5c2a0467c37e6f5e41de737441ece30b11
SHA512 4cfae86d6eaf87f12c70ef011945fca6b34cd291122208452391221ef6a6f492f5ca67f62b25e34061136bdb581a64a6ebe2af5ba230fb262e488f092cc8364a

memory/2916-297-0x0000000000CB0000-0x0000000000F3B000-memory.dmp

\??\pipe\crashpad_1716_XJHVBCZLJWEISYCP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/1084-314-0x0000000004480000-0x00000000056E5000-memory.dmp

memory/2320-315-0x0000000077A2F000-0x0000000077A30000-memory.dmp

memory/2812-321-0x0000000002250000-0x0000000002258000-memory.dmp

memory/2812-320-0x000000001B150000-0x000000001B432000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data3K9O8\Default\Local Storage\leveldb\MANIFEST-000004

MD5 031d6d1e28fe41a9bdcbd8a21da92df1
SHA1 38cee81cb035a60a23d6e045e5d72116f2a58683
SHA256 b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da
SHA512 e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904

C:\Users\Admin\AppData\Local\Google\Chrome\User Data3K9O8\Default\Local Storage\leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Google\Chrome\User Data3K9O8\Default\Local Storage\leveldb\LOG

MD5 871d2558a49898ca8165d898c0bc5c1b
SHA1 499ddd43a58f8e647b88964409afcdc5b9c87b90
SHA256 8ea76a2df2938e0437f4fccd0493a6b5b6657c2844a8808f393581c538dc94a2
SHA512 dbdc037ce227beb8897ff79a8c63f5637fd4620f218d3002399c54e5266cd0bd0f1d9526ce7409023cb8cb237b888287b415d901f156259accf796acbbf9683d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data3K9O8\Default\Local Storage\leveldb\LOG.old

MD5 988514fc923d5b8040299ac3a531d24f
SHA1 c998e4171741dcc35f992ba638df1919a2432aef
SHA256 6784fa9f8ca570fde0a41b80513f7b612f6d7729a34cb9f921c9b16ba17f8043
SHA512 34362494a11d96de17e943353d25b7bf0c16a470a588028caa868ae1a2ce3add4d9b2430445266b527fd316c390cee58cd128392f89e95a4545e5d9ee2370c46

memory/2736-328-0x0000000002ED0000-0x0000000002F12000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data3K9O8\Default\Network\Cookies

MD5 c9ff7748d8fcef4cf84a5501e996a641
SHA1 02867e5010f62f97ebb0cfb32cb3ede9449fe0c9
SHA256 4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988
SHA512 d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73

memory/2812-350-0x00000000025A4000-0x00000000025A7000-memory.dmp

memory/2812-356-0x00000000025AB000-0x0000000002612000-memory.dmp

memory/2812-355-0x000007FEF3CC0000-0x000007FEF465D000-memory.dmp

memory/2812-357-0x000007FEF3CC0000-0x000007FEF465D000-memory.dmp

memory/2736-360-0x0000000000D50000-0x0000000001384000-memory.dmp

\Users\Admin\AppData\Local\Temp\cli.exe

MD5 b78141a544759e1a07740aa28b35584c
SHA1 af95ccd7d12c7ed7bdc6782373302118d2ebe3a8
SHA256 e268b72e92c9d9af52c25f4d7643bd96c84172fadb4e7a300091eb287ee3a35d
SHA512 2f83ef2eaf8951d392f32405dd9c2555be803f63cbdb9118c4204ad148a254a19aa593082a2f5c7a1b962329df08fede026d0715513adf26d838f043fd451959

memory/1360-361-0x0000000077830000-0x00000000779D9000-memory.dmp

memory/2736-363-0x0000000074930000-0x000000007501E000-memory.dmp

memory/2736-364-0x00000000031E0000-0x0000000003220000-memory.dmp

memory/1360-365-0x000000013F180000-0x00000001403E5000-memory.dmp

memory/2736-366-0x00000000031E0000-0x0000000003220000-memory.dmp

C:\Windows\system32\drivers\etc\hosts

MD5 2b19df2da3af86adf584efbddd0d31c0
SHA1 f1738910789e169213611c033d83bc9577373686
SHA256 58868a299c5cf1167ed3fbc570a449ecd696406410b24913ddbd0f06a32595bd
SHA512 4a1831f42a486a0ad2deef3d348e7220209214699504e29fdfeb2a6f7f25ad1d353158cd05778f76ef755e77ccd94ce9b4a7504039e439e4e90fa7cde589daa6

memory/1820-387-0x000000001B010000-0x000000001B2F2000-memory.dmp

memory/1820-388-0x0000000002510000-0x0000000002518000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\9BFU4RT3EJ38CQ0Z7T9Y.temp

MD5 e51643ccbf4a28b496c6f36f2e885003
SHA1 df6f1a6165d1168e24a3e34d5fb1c5c24f67846d
SHA256 fbc70b3d72ea70d3ecd84612365f48bd0d68b520b22f8de91b68108c4c755ac9
SHA512 852c1562dc097eedb2f30a0452686af8cc72ce32b5cdd6dceecb4220e29c75fb5b08943b857dd10092a637f21a3e8b42bde90800a1dbaddf827719f15a45cab3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data3K9O8\Default\Session Storage\CURRENT~RFf775d0e.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

memory/1820-396-0x0000000002570000-0x00000000025F0000-memory.dmp

memory/1820-393-0x0000000002570000-0x00000000025F0000-memory.dmp

memory/1820-392-0x0000000002570000-0x00000000025F0000-memory.dmp

memory/1820-391-0x000007FEF3C50000-0x000007FEF45ED000-memory.dmp

memory/1820-390-0x0000000002570000-0x00000000025F0000-memory.dmp

memory/1820-389-0x000007FEF3C50000-0x000007FEF45ED000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

MD5 e51643ccbf4a28b496c6f36f2e885003
SHA1 df6f1a6165d1168e24a3e34d5fb1c5c24f67846d
SHA256 fbc70b3d72ea70d3ecd84612365f48bd0d68b520b22f8de91b68108c4c755ac9
SHA512 852c1562dc097eedb2f30a0452686af8cc72ce32b5cdd6dceecb4220e29c75fb5b08943b857dd10092a637f21a3e8b42bde90800a1dbaddf827719f15a45cab3

memory/1820-413-0x000007FEF3C50000-0x000007FEF45ED000-memory.dmp

C:\Windows\Temp\setup.exe

MD5 bc202c47461acbe8bef80e143eb3a364
SHA1 0ef433c2e54c4097f0ac3dc722fb9e4e7b7c2634
SHA256 df144eec828ac28a99d5d148493b3a4c8f36fce79ea7c41c08511ff69d6762bb
SHA512 3bec158714630e6d38867ddba74eda37e036fa2d31c3b3b83229ab593ee85e36c9964aebb31a847bb5b0e65932d8fcfe0860cb6b2a7a31c10204887daa018e08

memory/1360-440-0x0000000077830000-0x00000000779D9000-memory.dmp

memory/1360-448-0x000000013F180000-0x00000001403E5000-memory.dmp

\Program Files\Google\Chrome\updater.exe

MD5 bc202c47461acbe8bef80e143eb3a364
SHA1 0ef433c2e54c4097f0ac3dc722fb9e4e7b7c2634
SHA256 df144eec828ac28a99d5d148493b3a4c8f36fce79ea7c41c08511ff69d6762bb
SHA512 3bec158714630e6d38867ddba74eda37e036fa2d31c3b3b83229ab593ee85e36c9964aebb31a847bb5b0e65932d8fcfe0860cb6b2a7a31c10204887daa018e08

memory/1088-481-0x000000013FF00000-0x0000000141165000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data3K9O8\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Program Files\Google\Chrome\updater.exe

MD5 bc202c47461acbe8bef80e143eb3a364
SHA1 0ef433c2e54c4097f0ac3dc722fb9e4e7b7c2634
SHA256 df144eec828ac28a99d5d148493b3a4c8f36fce79ea7c41c08511ff69d6762bb
SHA512 3bec158714630e6d38867ddba74eda37e036fa2d31c3b3b83229ab593ee85e36c9964aebb31a847bb5b0e65932d8fcfe0860cb6b2a7a31c10204887daa018e08

memory/2268-483-0x000000013FF00000-0x0000000141165000-memory.dmp

memory/2268-484-0x0000000077830000-0x00000000779D9000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data3K9O8\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 16919f3c9cc107607bb29a1ab0ff0b60
SHA1 1a283dd28dcfb56f8fc200a0ef7885febe6a4773
SHA256 dfb69e9bd45390c8436152553c8e284553ecf36d77cce6e48123df3d3f673f07
SHA512 339249d7213f67556201389d313a70b6789c0c6b6a554f3d4bcd77a166c61f2505cfd4dc1f77d8fea810a569b28699066024d4291e07e356935cb18113adb147

C:\Users\Admin\AppData\Local\Google\Chrome\User Data3K9O8\Default\Service Worker\ScriptCache\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data3K9O8\Default\DawnCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data3K9O8\Default\GPUCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data3K9O8\Default\GPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data3K9O8\Default\GPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data3K9O8\Default\Cache\Cache_Data\f_00000f

MD5 5a88808a644c388cfed890b7caf365ea
SHA1 06922d67ca58011c96cb9aa2a58fb163af69d57c
SHA256 c1468edec17a708149178e75cf0e6554104a30d23106fefdc9c8d1e2ae4f6bcf
SHA512 da22e134e33e86575b147e23e787471872574ef0c8a241a6c82facb2470b14af1295899d9cb950b818e266afe7fc0fb760af31af22886f6377ee2f042f7b3cdb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data3K9O8\Default\Cache\Cache_Data\f_000011

MD5 3eff107111d8dfc91e048573b1f227d8
SHA1 dde20da014e819d11e138b346121cc97791e9dcd
SHA256 0e8fc4bbc6a3e0c34adf9ee888b297d516d0db0a9cdc5b3632a01484d418374d
SHA512 223386fb5bd3709b1929a52ead00e81494fe81f822301acbf3920a4292432ffce5dda21c503622f9f373807cd447b7209a8dfd193d4ce8cc44e0b100db8a74fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data3K9O8\Default\Code Cache\js\343f6993e27f1d39_0

MD5 39c4eceb219a8f7c145115aad845e858
SHA1 b4d94275b8ccc08d1d10f0a9623b1e6c4a84a760
SHA256 6199c0a596b7ae6a87471570505dc94779ad3687c11674c5f597381878b2a4de
SHA512 48dd2550ca10a06a596ed594f312a1344a7801f59be6f544303145a28c2fb316a32931dc1a77a9f87073a1800eac341b4c245c0f2dfb4a8debabcc51575eeb6d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data3K9O8\Default\Code Cache\js\2e64514b9cd267ab_0

MD5 5bf723628afcd93e52d5e92f3c2feab4
SHA1 2a9d364e4f011d97acf68f3cd397534875f9d440
SHA256 f8ada49a5791b1c4ea4299899f28cac5bc3f7f9a97c8012c2bc9cafcbcde7c5e
SHA512 8f81ebb9bfeaf53b1c0bc3bd3922f29e8e44015eda25cd566a5c986c11cc80a68585d92ad60a01af1cc14f262cc8ae6c758fe37b2018f615788fc7feab1e0060

C:\Users\Admin\AppData\Local\Google\Chrome\User Data3K9O8\Default\Code Cache\js\2016c72aa5f54f52_0

MD5 103acd27e6400c8c352901a0162d780c
SHA1 aba0977745931b5241055c81e3abdd37fbf74f54
SHA256 18e07057b12ca37076f0e838c565c91fdd9f47ed3b8e6257e6d54715f52fe385
SHA512 cf7578bc1c4722e54bfd177511334e0d036200648e0a135789ae60e57952e9d63d0a3151fa0065da72da71bad9c4ea09f6afcdb07b0ce978fcd0e0af37636e16

C:\Users\Admin\AppData\Local\Google\Chrome\User Data3K9O8\Default\Code Cache\js\10e544c7a72e2f65_0

MD5 2eaeb0a9447a7b0321162998b2fb8cdd
SHA1 bf4d8095176b98c012658d09a8e3d449f0a762a7
SHA256 7a09489d4940f57b46028ffb0e1564e4763071819822d453633a43aeb5e992dd
SHA512 6f4191c932a2490dd490ca13f64c122bcae44ed24eb4a83fb2fff1a0147dacbbeea99d331306f420218dd5351e39e3135b191354d78d766ae760e2585e353bae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data3K9O8\Default\Code Cache\js\06db5837b6c74111_0

MD5 5be95c4c16b9e4d890c7c56e63712beb
SHA1 5efac4286be2b5f27ffd2721e854eefab6ba9c59
SHA256 db5a397a1b2a4af30d774ff395e70e3c44669c03983e7363ac2f1c7d6c2ed1e6
SHA512 b87219ebf4e7afba0187e3dee63e24a85b11d88737f6d804198d0899bc1504ecde6014cd0c3375e35c2468f6e8cd62e098bfd4682eb7feb63e7f3d1c28b2826b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data3K9O8\Default\Cache\Cache_Data\index

MD5 3c17cf1ab299c654efe99f02420c374b
SHA1 27993a1f82f49a4f786051954566ac39a7e74daf
SHA256 7a60c9ac72aef466d71cdadcd27979c5d15b1264cb9980af5dcfaf38432d1493
SHA512 1d609da561b81ef0ad6bbe8d9c634b5e605471a895c1916659b516e2b98f3d099d63ad3dd24d9a968bea67c3d2b768551052f89395c19f6fa4114673595a977f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data3K9O8\Default\Cache\Cache_Data\f_000012

MD5 af5094423f8dcbd63dbbfccd1598be41
SHA1 d5f212b31dc86dd9f1d8f4b012783af961f920b5
SHA256 80b2f6b064b59afdbb209459b8dbede829bfee906baedc0cc60d526bf1bad058
SHA512 41e94ef63d25221daed04e7a81ca491ab9516e2a1f97cb3c705cac172b79dd65c84dc43ad575d14cf176b68c4f1ad58f7d08addf216172f0631ec88e6b100a93

C:\Users\Admin\AppData\Local\Google\Chrome\User Data3K9O8\Default\Cache\Cache_Data\f_000010

MD5 250bdff8769a9791656b1475a293c486
SHA1 31ccb16008e78db499d1cc68cff74ebf1979f1a1
SHA256 aca7dc1db7b861fa7c839ae3c537ed48b098ffedc1151c0fb95e744af1cb7738
SHA512 ba37f07adc32644e34700559f11a654a7862787ab1bb5bd53040c42b16a80f336823dca61e202a07130ad0845335b2d92b404567eded9619b4569d1b544ebcf2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data3K9O8\Default\Cache\Cache_Data\f_00000e

MD5 789fd4f17cc11ac527dc82ac561b3220
SHA1 83ac8d0ad8661ab3e03844916a339833169fa777
SHA256 5459e6f01b7edde5f425c21808de129b69470ee3099284cb3f9413d835903739
SHA512 742d95bb65dcc72d7ce7056bd4d6f55e2811e98f7a3df6f1b7daef946043183714a8a3049b12a0be8ac21d0b4f6e38f7269960e57b006dfec306158d5a373e78

C:\Users\Admin\AppData\Local\Google\Chrome\User Data3K9O8\Default\Cache\Cache_Data\f_00000d

MD5 189badc72a668aade50699ae05067c2a
SHA1 5458410fc96bcf08b29f204b05470dad5882afb9
SHA256 896d76b06fe7bc62fa10e8f9091b84584d8fdbd7eaaea1183f7c1e5e3a98c559
SHA512 287ff71f9b6ab261f989792cfee0b99e1745c57e8e8c9c3c55e07592a835008673a9ee5b2099ef9beb6ef4343c10827109b281b2fbed0fe0de1da020723c622b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data3K9O8\Default\Cache\Cache_Data\f_000008

MD5 9f1c899a371951195b4dedabf8fc4588
SHA1 7abeeee04287a2633f5d2fa32d09c4c12e76051b
SHA256 ba60b39bc10f6abd7f7a3a2a9bae5c83a0a6f7787e60115d0e8b4e17578c35f7
SHA512 86e75284beaff4727fae0a46bd8c3a8b4a7c95eceaf45845d5c3c2806139d739c983205b9163e515f6158aa7c3c901554109c92a7acc2c0077b1d22c003dba54

C:\Users\Admin\AppData\Local\Google\Chrome\User Data3K9O8\Default\Cache\Cache_Data\f_000007

MD5 6a3bb9c5ba28ee73af6c1b53e281b0cf
SHA1 d96e403c99c1707f82ea29c2c1f134e792c64097
SHA256 2f5adfc38558162578ffe112229f10417fbc4b3df025d153d4e22a0c95177740
SHA512 6c4844f70969938339cb6716a834a79e1a8379459c87b983c2518b9cbb560cb2f101aff980f682989928523be6cdc99bde3bfd8137f9c54a58191b900b580fbf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data3K9O8\Default\Cache\Cache_Data\f_000005

MD5 b096dc9a3e4e6748a91abe826cf5d165
SHA1 b115fd9390e39b86a711039745cbad73741d7252
SHA256 7552567793d51609afaac7d5e1b3d2289f1a64a323a84c74c28fe615075e1c3f
SHA512 c075f36473b578f645ab66f1800d6e0a61b66719361c8c730ccb4505c1ab127ce96d5409c0c82aeddbc2bd03bef6c7a905310e4462ac7a0ebb2e07b45cf33a94

memory/2736-689-0x0000000074930000-0x000000007501E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data3K9O8\Default\Cache\Cache_Data\f_000001

MD5 3b8aed7e03d3319d6a4565ea7c447571
SHA1 5f2d140b635c181686ec7e46a7fce1ee15b3c6cd
SHA256 d87aa2af516166a2a0b6248ecfd8fe0c62923fe6c28ad0a2db51a64a6e482b19
SHA512 2e97a0296557b229b2ccb2236d076e5b44c787c2d742a6363f8747ca9c706e6c0bf0dafd9915d1179e36c0cc29f45702b7d358a358ee72685656e171d118493c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data3K9O8\Default\Cache\Cache_Data\data_3

MD5 e3238ce0808e96f41fe85e46cbb31fcd
SHA1 d77ce0026eb64e604cc9b9903bd332a7564f253a
SHA256 ffdee732f15f00e90c314741ac8ce3016d6b0d84a1e78b781af377cc721f5559
SHA512 55144a98aea0a84d158118a8545b420509f0e5d73ebffdb3a42216d110fe7f705927d5f7c01ffa621f05473e5c5f185065e6ad4b8a2735fa3d167bdcf9eb147f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data3K9O8\Default\Cache\Cache_Data\data_2

MD5 b44bfe2d4bfe021892b3085112c96bdb
SHA1 ea5bb931966efb2e6cda13e43acfc2e4c110bcbc
SHA256 aa878479b3b9a743e18b22e7a0766601e30c50502a7015f1b161c081b4d5dcfd
SHA512 c39d5375392c97e03945bf5b8ac61dda2b031c294cd29c1dbd117195df78feaea55eb2281aa9768f06ab753e867d29975c3fd3b432aa643af832532377df81fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data3K9O8\Default\Cache\Cache_Data\data_1

MD5 92ea14bccfc36f7b22cae430ef1ca44f
SHA1 d7b7561922696999c248e794b0282adaddfb2d0b
SHA256 c5f2da50b81819d77e342647b1865632198603e5601d5114ea69d9000f241d4e
SHA512 08d53131ef3e239361d60108be7d3dc6f2a4ef669528d7cb611d87a0aa4ff72ede2274345c8aa155041f258f9bd1ad362a12bb4d715b8caaf4f572189c6a23ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data3K9O8\Default\Cache\Cache_Data\data_0

MD5 9933879e8f4493819158341573ed1379
SHA1 f811d8ccd964d4fcbf479186e59791c7d6f93fd6
SHA256 dca18e39f33c1a3dc7f01cb17f7d3e21c1a5125d605f005ca2a8cdf473f903ac
SHA512 52b95c600282493496e77f57bdc0d9341eb90e2ea359e04a255c6e7e06ae14a1c9f52645cb364abdc170b4b2bac05564b1b2e9df2567d45064e3810fb157c81e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data3K9O8\Crashpad\settings.dat

MD5 6d04fd851158958c3fc1e364385bbdb7
SHA1 cd8c8a35dd8663e8e445f3f320ec1897a21284cc
SHA256 bf51596428771313101c80d50a1c374960f00f16cb7040b7498f8f351e384065
SHA512 92d3734f8f9fca9d50798a38e6eddd622238de273173de8a4d675e624ba2ccd61d6be61f0adb84031c3f6710516ebafca937d2fcf7ae916a7f6dd5f1ab4363fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data3K9O8\Default\Cache\Cache_Data\f_00000c

MD5 2d52125a96fb5a7227c67848bc18f65c
SHA1 a3593c6d8e3b6b458b6bbc2c6423dc76e30a84a3
SHA256 61f3154c19e46e1989d6fadbfe20835d0c9fc47242dc5828e776e3ec667fda24
SHA512 5f151708007cb474e64e8968b1f6b5e5331c434cc237627c6c5c92d1894d020f476ad88461e35fbf383aa46750a9cdcaf3a2ac8fe90570753c73fcf17ac0cbe6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data3K9O8\Default\Cache\Cache_Data\f_00000b

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data3K9O8\Default\Cache\Cache_Data\f_00000a

MD5 7db3096a5ce269d5140afbedb84e0fb7
SHA1 1155014e26835855c4177e8916b0bbcd5e4cca61
SHA256 48662b9313a828746c1ba3edfa196d8ecd6b0ca730848ead5418fcde8da4a809
SHA512 a349f3265db5ebff9e535778ccc92bc846fa9a4175dbf4d9c0e5b77d294ae521eca5f104d45f0eab0bba88120a08103ce997a420ecace703e211796e842ca7dc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data3K9O8\Default\Cache\Cache_Data\f_000009

MD5 c101a8ba729b894927d7d884e4be68a8
SHA1 4bf48f94ff4e50e81c9d83b641af74b3bed580a0
SHA256 544f08482a62485be4acbc443462b01fe16b408b3d154c0cb1ff921a453cee33
SHA512 77483a92abeed799dfb1e782988569875b29eccebfb14e5be353302849ea6f0ac6a6411a72d6da706ec3767a54f12907fd0bfa4646ad4ca1cf4e1e15fbe9a9ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data3K9O8\Default\Cache\Cache_Data\f_000006

MD5 5641d2e6eb6f88f5c306ef14bcda7513
SHA1 1714fcfbf63fc8d860c0edb99ca221ac99194f07
SHA256 d573a0546fac381049946c0b0bdad4c42d2e60b572b79ed8c41e51894d9ef1ab
SHA512 2f4d2220ce860110fb6ad9b438b05d43551577f93f45bc97f56aa80c89e1a369734b64c190335a9df1963c547a5b607c5f8e3e229da906a36ff6f96d387a1774

C:\Users\Admin\AppData\Local\Google\Chrome\User Data3K9O8\Default\Cache\Cache_Data\f_000004

MD5 01af703c52ac5a93685bb3911d6918f1
SHA1 cbb1279745c1c2208fb9b8606e3d3513cd5dc3e7
SHA256 75ecbede729daef7531a6e43dcaf82afd1ac691c5a993231ddbe40254bf01653
SHA512 fbf1f2a3180f001cab1a860425f750010d6932479b343d5848ee0a78e03e29a46a123ee0103560d87df32daa3f6878cde07927e11e0615ad8e3c8e1568b942c6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data3K9O8\Default\Cache\Cache_Data\f_000003

MD5 01af703c52ac5a93685bb3911d6918f1
SHA1 cbb1279745c1c2208fb9b8606e3d3513cd5dc3e7
SHA256 75ecbede729daef7531a6e43dcaf82afd1ac691c5a993231ddbe40254bf01653
SHA512 fbf1f2a3180f001cab1a860425f750010d6932479b343d5848ee0a78e03e29a46a123ee0103560d87df32daa3f6878cde07927e11e0615ad8e3c8e1568b942c6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data3K9O8\Default\Cache\Cache_Data\f_000002

MD5 21808cd0724524589cd4ec1ce26f6d58
SHA1 fc5cc4cb347ed20389626c58a6de396ef1ac5ada
SHA256 1a7608a326717e18f424991b924d9c7319eb273cc3af432585d95ce8b068ca8d
SHA512 36902ff35a1ed469aa9cab3856b1b0057ca7db8ea4d92ca1d129e68f02eebd5322a4e81aec29a2b1c0c289e2f82df13684ccf0305378878494260c4d4e6caf0d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data3K9O8\Default\chrome_debug.log

MD5 15dffabbf9ecd693afc2f540e9242357
SHA1 c097b6aa2aa4dcdb014b8b3b30b13e404acc3345
SHA256 5205d4697b7639fcd57f0de9a1ce21df5aedef382135014b3a4764ebaa130ab1
SHA512 1ba533ad308472a80563c5e30c4f466437f7a4152fd0b6ca456e9e33fdbf3a73a0fd5227d3e5a6acf0aa85f09b864e8f4fdb77e295fa897842d9906b7ab701c0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data3K9O8\DevToolsActivePort

MD5 933c4c9f688be14dbf62a44560cc0120
SHA1 5e746a754111b481046bc763eab1c19f9159e953
SHA256 6b207e8f58ffb691f57f8d178bb0a0375bf5bcd317fe53b901b919d331b4267d
SHA512 805969500f9a8a8bfc30776d323de32b25e519ce484bf8ac932b3e44795a1b2b8ef6fc88dcadd844c5c4055b10ebffd14e45eb2c95f5ebb47cf8d8d22374d121

memory/1088-690-0x000000013FF00000-0x0000000141165000-memory.dmp

memory/2268-692-0x000000013FF00000-0x0000000141165000-memory.dmp

memory/2268-693-0x0000000077830000-0x00000000779D9000-memory.dmp

memory/1728-694-0x0000000019BB0000-0x0000000019E92000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-08-12 05:02

Reported

2023-08-12 05:04

Platform

win10v2004-20230703-en

Max time kernel

150s

Max time network

146s

Command Line

C:\Windows\Explorer.EXE

Signatures

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\System32\drivers\etc\hosts C:\Windows\Temp\setup.exe N/A
File created C:\Windows\System32\drivers\etc\hosts C:\Program Files\Google\Chrome\updater.exe N/A

Stops running service(s)

evasion

Reads user/profile data of web browsers

spyware stealer

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AppLaunch = "\"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe\"" C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\cc.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 3592 set thread context of 3980 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 3604 set thread context of 3544 N/A C:\Program Files\Google\Chrome\updater.exe C:\Windows\System32\conhost.exe
PID 3604 set thread context of 4884 N/A C:\Program Files\Google\Chrome\updater.exe C:\Windows\explorer.exe

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Google\Chrome\Application\debug.log C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Program Files\Google\Chrome\updater.exe C:\Windows\Temp\setup.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\debug.log C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\debug.log C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Program Files\Google\Libs\WR64.sys C:\Program Files\Google\Chrome\updater.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A

Enumerates physical storage devices

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\bea60a6d436d1d750f83f0df89dce0367822b76b3c67a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bea60a6d436d1d750f83f0df89dce0367822b76b3c67a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bea60a6d436d1d750f83f0df89dce0367822b76b3c67a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bea60a6d436d1d750f83f0df89dce0367822b76b3c67a.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\bea60a6d436d1d750f83f0df89dce0367822b76b3c67a.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\cc.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\powercfg.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\powercfg.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\powercfg.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\powercfg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\powercfg.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\powercfg.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\powercfg.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\powercfg.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 33 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 34 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 35 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 36 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3608 wrote to memory of 4200 N/A C:\Users\Admin\AppData\Local\Temp\bea60a6d436d1d750f83f0df89dce0367822b76b3c67a.exe C:\Users\Admin\AppData\Local\Temp\mi.exe
PID 3608 wrote to memory of 4200 N/A C:\Users\Admin\AppData\Local\Temp\bea60a6d436d1d750f83f0df89dce0367822b76b3c67a.exe C:\Users\Admin\AppData\Local\Temp\mi.exe
PID 3608 wrote to memory of 4200 N/A C:\Users\Admin\AppData\Local\Temp\bea60a6d436d1d750f83f0df89dce0367822b76b3c67a.exe C:\Users\Admin\AppData\Local\Temp\mi.exe
PID 3608 wrote to memory of 3592 N/A C:\Users\Admin\AppData\Local\Temp\bea60a6d436d1d750f83f0df89dce0367822b76b3c67a.exe C:\Users\Admin\AppData\Local\Temp\cli.exe
PID 3608 wrote to memory of 3592 N/A C:\Users\Admin\AppData\Local\Temp\bea60a6d436d1d750f83f0df89dce0367822b76b3c67a.exe C:\Users\Admin\AppData\Local\Temp\cli.exe
PID 3608 wrote to memory of 3592 N/A C:\Users\Admin\AppData\Local\Temp\bea60a6d436d1d750f83f0df89dce0367822b76b3c67a.exe C:\Users\Admin\AppData\Local\Temp\cli.exe
PID 3608 wrote to memory of 4700 N/A C:\Users\Admin\AppData\Local\Temp\bea60a6d436d1d750f83f0df89dce0367822b76b3c67a.exe C:\Users\Admin\AppData\Local\Temp\cc.exe
PID 3608 wrote to memory of 4700 N/A C:\Users\Admin\AppData\Local\Temp\bea60a6d436d1d750f83f0df89dce0367822b76b3c67a.exe C:\Users\Admin\AppData\Local\Temp\cc.exe
PID 3608 wrote to memory of 4700 N/A C:\Users\Admin\AppData\Local\Temp\bea60a6d436d1d750f83f0df89dce0367822b76b3c67a.exe C:\Users\Admin\AppData\Local\Temp\cc.exe
PID 4200 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\mi.exe C:\Windows\Temp\setup.exe
PID 4200 wrote to memory of 1996 N/A C:\Users\Admin\AppData\Local\Temp\mi.exe C:\Windows\Temp\setup.exe
PID 3592 wrote to memory of 3980 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 3592 wrote to memory of 3980 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 3592 wrote to memory of 3980 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 3592 wrote to memory of 3980 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 3592 wrote to memory of 3980 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4700 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\cc.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4700 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\cc.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 4272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 4272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 5036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 2232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 2232 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 2120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4876 wrote to memory of 2120 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Users\Admin\AppData\Local\Temp\bea60a6d436d1d750f83f0df89dce0367822b76b3c67a.exe

"C:\Users\Admin\AppData\Local\Temp\bea60a6d436d1d750f83f0df89dce0367822b76b3c67a.exe"

C:\Users\Admin\AppData\Local\Temp\mi.exe

"C:\Users\Admin\AppData\Local\Temp\mi.exe"

C:\Users\Admin\AppData\Local\Temp\cli.exe

"C:\Users\Admin\AppData\Local\Temp\cli.exe"

C:\Users\Admin\AppData\Local\Temp\cc.exe

"C:\Users\Admin\AppData\Local\Temp\cc.exe"

C:\Windows\Temp\setup.exe

"C:\Windows\Temp\setup.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 3608 -ip 3608

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 2784

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 284

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 3592 -ip 3592

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=1684 --field-trial-handle=1452,i,12015974971825521677,13940453524152059445,131072 --disable-features=PaintHolding /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --headless --use-angle=swiftshader-webgl --headless --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --mojo-platform-channel-handle=1284 --field-trial-handle=1452,i,12015974971825521677,13940453524152059445,131072 --disable-features=PaintHolding /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --first-renderer-process --remote-debugging-port=60140 --allow-pre-commit-input --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1976 --field-trial-handle=1452,i,12015974971825521677,13940453524152059445,131072 --disable-features=PaintHolding /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffd454d9758,0x7ffd454d9768,0x7ffd454d9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=60140 --headless --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL" --profile-directory="Default"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=60140 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2404 --field-trial-handle=1452,i,12015974971825521677,13940453524152059445,131072 --disable-features=PaintHolding /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=60140 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2564 --field-trial-handle=1452,i,12015974971825521677,13940453524152059445,131072 --disable-features=PaintHolding /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=60140 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3212 --field-trial-handle=1452,i,12015974971825521677,13940453524152059445,131072 --disable-features=PaintHolding /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=60140 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3268 --field-trial-handle=1452,i,12015974971825521677,13940453524152059445,131072 --disable-features=PaintHolding /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=60140 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3528 --field-trial-handle=1452,i,12015974971825521677,13940453524152059445,131072 --disable-features=PaintHolding /prefetch:1

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc

C:\Windows\System32\sc.exe

sc stop UsoSvc

C:\Windows\System32\sc.exe

sc stop WaaSMedicSvc

C:\Windows\System32\sc.exe

sc stop wuauserv

C:\Windows\System32\sc.exe

sc stop bits

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#lwilj#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }

C:\Windows\System32\sc.exe

sc stop dosvc

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-dc 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-dc 0

C:\Windows\System32\schtasks.exe

C:\Windows\System32\schtasks.exe /run /tn "GoogleUpdateTaskMachineQC"

C:\Program Files\Google\Chrome\updater.exe

"C:\Program Files\Google\Chrome\updater.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=30221 --headless --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataSS8MU" --profile-directory="Default"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataSS8MU" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataSS8MU\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataSS8MU" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffd592346f8,0x7ffd59234708,0x7ffd59234718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1484,14905655380880592222,3145779068508066082,131072 --disable-features=PaintHolding --headless --headless --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --override-use-software-gl-for-tests --mojo-platform-channel-handle=1524 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1484,14905655380880592222,3145779068508066082,131072 --disable-features=PaintHolding --lang=en-US --service-sandbox-type=none --use-gl=swiftshader-webgl --headless --mojo-platform-channel-handle=1752 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=30221 --allow-pre-commit-input --field-trial-handle=1484,14905655380880592222,3145779068508066082,131072 --disable-features=PaintHolding --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1932 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=30221 --allow-pre-commit-input --field-trial-handle=1484,14905655380880592222,3145779068508066082,131072 --disable-features=PaintHolding --disable-gpu-compositing --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=30221 --allow-pre-commit-input --field-trial-handle=1484,14905655380880592222,3145779068508066082,131072 --disable-features=PaintHolding --disable-gpu-compositing --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=30221 --allow-pre-commit-input --field-trial-handle=1484,14905655380880592222,3145779068508066082,131072 --disable-features=PaintHolding --disable-gpu-compositing --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3024 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=30221 --allow-pre-commit-input --field-trial-handle=1484,14905655380880592222,3145779068508066082,131072 --disable-features=PaintHolding --disable-gpu-compositing --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=30221 --allow-pre-commit-input --field-trial-handle=1484,14905655380880592222,3145779068508066082,131072 --disable-features=PaintHolding --disable-gpu-compositing --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=2292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1484,14905655380880592222,3145779068508066082,131072 --disable-features=PaintHolding --lang=en-US --service-sandbox-type=audio --use-gl=swiftshader-webgl --headless --mojo-platform-channel-handle=3396 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x2ec 0x3c4

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell "Start-Process <#tpxvkwjyekqkjngmlif#> powershell <#tpxvkwjyekqkjngmlif#> -Verb <#tpxvkwjyekqkjngmlif#> runAs" -WindowStyle hidden -Argument 'Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc

C:\Windows\System32\sc.exe

sc stop UsoSvc

C:\Windows\System32\sc.exe

sc stop WaaSMedicSvc

C:\Windows\System32\sc.exe

sc stop wuauserv

C:\Windows\System32\sc.exe

sc stop bits

C:\Windows\System32\sc.exe

sc stop dosvc

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-dc 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-dc 0

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#lwilj#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }

C:\Windows\System32\conhost.exe

C:\Windows\System32\conhost.exe

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /sc daily /st 11:34 /f /tn InternetExplorerTask_MTA1 /tr "C:\ProgramData\sY2NsQjNsETOsATOsIDOsUWOsIWOsMDOsU2NsUWO\MTA1.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -WindowStyle hidden Add-MpPreference -ExclusionPath "C:\ProgramData\sY2NsQjNsETOsATOsIDOsUWOsIWOsMDOsU2NsUWO\MTA1.exe" -Force

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /sc daily /st 11:34 /f /tn "AppLaunch" /tr "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\explorer.exe

C:\Windows\explorer.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 240.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 108.211.229.192.in-addr.arpa udp
PL 51.83.170.21:19447 tcp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 21.170.83.51.in-addr.arpa udp
US 8.8.8.8:53 transfer.sh udp
DE 144.76.136.153:443 transfer.sh tcp
US 8.8.8.8:53 153.136.76.144.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
NL 104.85.1.163:80 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 163.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
RU 185.159.129.168:80 tcp
US 8.8.8.8:53 1.208.79.178.in-addr.arpa udp
US 8.8.8.8:53 1.112.95.208.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
NL 216.58.214.14:443 youtube.com tcp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 ogs.google.com udp
US 8.8.8.8:53 apis.google.com udp
RU 185.149.146.118:80 tcp
DE 172.217.23.206:443 apis.google.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 play.google.com udp
NL 142.250.179.150:443 i.ytimg.com tcp
NL 142.251.36.14:443 play.google.com tcp
N/A 127.0.0.1:60140 tcp
N/A 127.0.0.1:60140 tcp
N/A 127.0.0.1:60140 tcp
N/A 127.0.0.1:60140 tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 206.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 206.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 150.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
NL 142.251.36.14:443 play.google.com udp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 2.36.251.142.in-addr.arpa udp
RU 77.91.77.144:80 tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.208.98:443 googleads.g.doubleclick.net tcp
GB 216.58.208.98:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 98.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.250.179.150:443 i.ytimg.com udp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
US 8.8.8.8:53 1.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 254.132.255.8.in-addr.arpa udp
N/A 127.0.0.1:30221 tcp
N/A 127.0.0.1:30221 tcp
N/A 127.0.0.1:30221 tcp
N/A 127.0.0.1:30221 tcp
US 8.8.8.8:53 ogs.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 youtube.com udp
DE 172.217.23.206:443 apis.google.com tcp
NL 216.58.214.14:443 youtube.com tcp
NL 142.250.179.150:443 i.ytimg.com tcp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 194.179.250.142.in-addr.arpa udp
GB 216.58.208.98:443 googleads.g.doubleclick.net tcp
GB 216.58.208.98:443 googleads.g.doubleclick.net udp
NL 142.250.179.150:443 i.ytimg.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
NL 142.251.36.1:443 lh3.googleusercontent.com tcp
NL 142.251.36.1:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 pastebin.com udp
US 172.67.34.170:80 pastebin.com tcp
US 172.67.34.170:443 pastebin.com tcp
RU 46.29.235.84:80 46.29.235.84 tcp
US 8.8.8.8:53 170.34.67.172.in-addr.arpa udp
US 8.8.8.8:53 84.235.29.46.in-addr.arpa udp
NL 142.251.36.1:443 lh3.googleusercontent.com udp
US 8.8.8.8:53 2.77.109.52.in-addr.arpa udp
US 8.8.8.8:53 stratum-eu.rplant.xyz udp
FR 141.94.192.217:17056 stratum-eu.rplant.xyz tcp
US 8.8.8.8:53 217.192.94.141.in-addr.arpa udp
US 8.8.8.8:53 209.143.182.52.in-addr.arpa udp

Files

memory/3608-133-0x0000000001B40000-0x0000000001B69000-memory.dmp

memory/3608-134-0x0000000001B70000-0x0000000001BAF000-memory.dmp

memory/3608-135-0x0000000000400000-0x00000000018D1000-memory.dmp

memory/3608-136-0x0000000006190000-0x00000000061A0000-memory.dmp

memory/3608-137-0x0000000074C60000-0x0000000075410000-memory.dmp

memory/3608-138-0x0000000006190000-0x00000000061A0000-memory.dmp

memory/3608-139-0x00000000061A0000-0x0000000006744000-memory.dmp

memory/3608-140-0x000000000BBD0000-0x000000000C1E8000-memory.dmp

memory/3608-141-0x000000000C1F0000-0x000000000C2FA000-memory.dmp

memory/3608-143-0x000000000C310000-0x000000000C322000-memory.dmp

memory/3608-142-0x0000000006190000-0x00000000061A0000-memory.dmp

memory/3608-144-0x000000000C330000-0x000000000C36C000-memory.dmp

memory/3608-145-0x0000000001B40000-0x0000000001B69000-memory.dmp

memory/3608-146-0x0000000000400000-0x00000000018D1000-memory.dmp

memory/3608-147-0x0000000001B70000-0x0000000001BAF000-memory.dmp

memory/3608-148-0x0000000006190000-0x00000000061A0000-memory.dmp

memory/3608-149-0x0000000074C60000-0x0000000075410000-memory.dmp

memory/3608-150-0x0000000006190000-0x00000000061A0000-memory.dmp

memory/3608-151-0x000000000C530000-0x000000000C5A6000-memory.dmp

memory/3608-152-0x000000000C5B0000-0x000000000C642000-memory.dmp

memory/3608-153-0x000000000C750000-0x000000000C7B6000-memory.dmp

memory/3608-154-0x000000000CE90000-0x000000000D052000-memory.dmp

memory/3608-155-0x000000000D060000-0x000000000D58C000-memory.dmp

memory/3608-156-0x0000000006190000-0x00000000061A0000-memory.dmp

memory/3608-158-0x000000000D7E0000-0x000000000D830000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\mi.exe

MD5 aba23d7f60f40f4dee64fa440d5db6e6
SHA1 dde62462dc7887a6b3ba193eafb50da17ef40e67
SHA256 6398817cc923cfad6178c53c6ba9da1f30c426cd183bfdf86889faba8b4732d6
SHA512 ad89270a47e292c931f47da322c055e168b0c4e28de69a20cbf42db9e60fbd59ceb02c01d1c18b1c931d0f23d19230b1c6390d98f36048a3c581b78ffe75ce40

C:\Users\Admin\AppData\Local\Temp\mi.exe

MD5 aba23d7f60f40f4dee64fa440d5db6e6
SHA1 dde62462dc7887a6b3ba193eafb50da17ef40e67
SHA256 6398817cc923cfad6178c53c6ba9da1f30c426cd183bfdf86889faba8b4732d6
SHA512 ad89270a47e292c931f47da322c055e168b0c4e28de69a20cbf42db9e60fbd59ceb02c01d1c18b1c931d0f23d19230b1c6390d98f36048a3c581b78ffe75ce40

C:\Users\Admin\AppData\Local\Temp\mi.exe

MD5 aba23d7f60f40f4dee64fa440d5db6e6
SHA1 dde62462dc7887a6b3ba193eafb50da17ef40e67
SHA256 6398817cc923cfad6178c53c6ba9da1f30c426cd183bfdf86889faba8b4732d6
SHA512 ad89270a47e292c931f47da322c055e168b0c4e28de69a20cbf42db9e60fbd59ceb02c01d1c18b1c931d0f23d19230b1c6390d98f36048a3c581b78ffe75ce40

C:\Users\Admin\AppData\Local\Temp\cli.exe

MD5 b78141a544759e1a07740aa28b35584c
SHA1 af95ccd7d12c7ed7bdc6782373302118d2ebe3a8
SHA256 e268b72e92c9d9af52c25f4d7643bd96c84172fadb4e7a300091eb287ee3a35d
SHA512 2f83ef2eaf8951d392f32405dd9c2555be803f63cbdb9118c4204ad148a254a19aa593082a2f5c7a1b962329df08fede026d0715513adf26d838f043fd451959

C:\Users\Admin\AppData\Local\Temp\cli.exe

MD5 b78141a544759e1a07740aa28b35584c
SHA1 af95ccd7d12c7ed7bdc6782373302118d2ebe3a8
SHA256 e268b72e92c9d9af52c25f4d7643bd96c84172fadb4e7a300091eb287ee3a35d
SHA512 2f83ef2eaf8951d392f32405dd9c2555be803f63cbdb9118c4204ad148a254a19aa593082a2f5c7a1b962329df08fede026d0715513adf26d838f043fd451959

C:\Users\Admin\AppData\Local\Temp\cli.exe

MD5 b78141a544759e1a07740aa28b35584c
SHA1 af95ccd7d12c7ed7bdc6782373302118d2ebe3a8
SHA256 e268b72e92c9d9af52c25f4d7643bd96c84172fadb4e7a300091eb287ee3a35d
SHA512 2f83ef2eaf8951d392f32405dd9c2555be803f63cbdb9118c4204ad148a254a19aa593082a2f5c7a1b962329df08fede026d0715513adf26d838f043fd451959

memory/3592-174-0x0000000000950000-0x0000000000BDB000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\cc.exe

MD5 858f82fe9166c34b6709a3adfe6a625f
SHA1 63275e4b77e0fe6fa6f1db716b5963b69b68f8a5
SHA256 8ec2c1bb10e05a5129269488b53a46c6b5be3691c61ef7da7c6eecf1c0444b28
SHA512 1338082ebb6bf658125cd6d72f5885c78865c1abbed50fd10317dacaf41a450eb98b949631f1a1b94a67d335b23cfc0fa78d0d8db3d726adf2a57af50307b89e

C:\Users\Admin\AppData\Local\Temp\cc.exe

MD5 858f82fe9166c34b6709a3adfe6a625f
SHA1 63275e4b77e0fe6fa6f1db716b5963b69b68f8a5
SHA256 8ec2c1bb10e05a5129269488b53a46c6b5be3691c61ef7da7c6eecf1c0444b28
SHA512 1338082ebb6bf658125cd6d72f5885c78865c1abbed50fd10317dacaf41a450eb98b949631f1a1b94a67d335b23cfc0fa78d0d8db3d726adf2a57af50307b89e

C:\Windows\Temp\setup.exe

MD5 bc202c47461acbe8bef80e143eb3a364
SHA1 0ef433c2e54c4097f0ac3dc722fb9e4e7b7c2634
SHA256 df144eec828ac28a99d5d148493b3a4c8f36fce79ea7c41c08511ff69d6762bb
SHA512 3bec158714630e6d38867ddba74eda37e036fa2d31c3b3b83229ab593ee85e36c9964aebb31a847bb5b0e65932d8fcfe0860cb6b2a7a31c10204887daa018e08

memory/4700-193-0x00000000778B4000-0x00000000778B6000-memory.dmp

memory/4700-194-0x0000000000A20000-0x0000000001054000-memory.dmp

memory/4700-192-0x0000000000A20000-0x0000000001054000-memory.dmp

memory/4700-197-0x00000000033D0000-0x0000000003440000-memory.dmp

memory/3980-199-0x0000000000400000-0x0000000000527000-memory.dmp

memory/4700-198-0x0000000074C60000-0x0000000075410000-memory.dmp

C:\Windows\Temp\setup.exe

MD5 bc202c47461acbe8bef80e143eb3a364
SHA1 0ef433c2e54c4097f0ac3dc722fb9e4e7b7c2634
SHA256 df144eec828ac28a99d5d148493b3a4c8f36fce79ea7c41c08511ff69d6762bb
SHA512 3bec158714630e6d38867ddba74eda37e036fa2d31c3b3b83229ab593ee85e36c9964aebb31a847bb5b0e65932d8fcfe0860cb6b2a7a31c10204887daa018e08

memory/4700-202-0x0000000003BB0000-0x0000000003BC0000-memory.dmp

C:\Windows\Temp\setup.exe

MD5 bc202c47461acbe8bef80e143eb3a364
SHA1 0ef433c2e54c4097f0ac3dc722fb9e4e7b7c2634
SHA256 df144eec828ac28a99d5d148493b3a4c8f36fce79ea7c41c08511ff69d6762bb
SHA512 3bec158714630e6d38867ddba74eda37e036fa2d31c3b3b83229ab593ee85e36c9964aebb31a847bb5b0e65932d8fcfe0860cb6b2a7a31c10204887daa018e08

memory/4700-204-0x0000000003BB0000-0x0000000003BC0000-memory.dmp

memory/4700-201-0x0000000006030000-0x0000000006052000-memory.dmp

memory/3592-213-0x0000000000950000-0x0000000000BDB000-memory.dmp

memory/3608-208-0x0000000000400000-0x00000000018D1000-memory.dmp

memory/3980-214-0x0000000000400000-0x0000000000527000-memory.dmp

memory/1996-223-0x00007FFD632B0000-0x00007FFD634A5000-memory.dmp

memory/4700-242-0x0000000003BB0000-0x0000000003BC0000-memory.dmp

memory/1996-211-0x00007FF641330000-0x00007FF642595000-memory.dmp

memory/3980-249-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/3980-250-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/3980-251-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/3980-252-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/3980-253-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/3980-254-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/3980-256-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/3980-258-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/3980-257-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/3980-225-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/1996-255-0x00007FF641330000-0x00007FF642595000-memory.dmp

memory/3980-259-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/3980-261-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/1996-260-0x00007FF641330000-0x00007FF642595000-memory.dmp

memory/3980-263-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/3980-262-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/3980-265-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/1996-264-0x00007FF641330000-0x00007FF642595000-memory.dmp

memory/3980-270-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/3980-272-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/3980-273-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/3980-274-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/3592-279-0x0000000000950000-0x0000000000BDB000-memory.dmp

memory/3980-278-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/3980-280-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/1996-277-0x00007FF641330000-0x00007FF642595000-memory.dmp

memory/3980-282-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/3980-286-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/3980-284-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/3980-283-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/3980-285-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/3608-287-0x0000000074C60000-0x0000000075410000-memory.dmp

memory/3980-288-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/3980-289-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/3980-291-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/3980-292-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/3980-293-0x00000000FF250000-0x00000000FF260000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL\Local State

MD5 3b64bfadc42149b3767478ad5e623443
SHA1 78f2ef82f7c6c7147a32abd1d152ff973d1e48da
SHA256 e5fd3b65fb9e21a5fabf23c88b038164d846b9b87791b86471eb5da35bc9eabd
SHA512 afd7a7213d9c277125792a73c562d86ce18d660ad438a2f1bd2edd001b524c3230062b391579fd8f296afa2200199257f6389daae89e02ffbf22f967406892d1

memory/3980-298-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/3980-299-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/3980-300-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/3980-302-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/3980-304-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/3980-303-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/3980-297-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/3980-296-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/3980-294-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/3980-290-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/3980-276-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/1996-271-0x00007FF641330000-0x00007FF642595000-memory.dmp

\??\pipe\crashpad_4876_ICASGSRDRUENCRWI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/3980-275-0x00000000FF250000-0x00000000FF260000-memory.dmp

memory/3980-267-0x00000000FF250000-0x00000000FF260000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL\CrashpadMetrics-active.pma

MD5 03c4f648043a88675a920425d824e1b3
SHA1 b98ce64ab5f7a187d19deb8f24ca4ab5d9720a6d
SHA256 f91dbb7c64b4582f529c968c480d2dce1c8727390482f31e4355a27bb3d9b450
SHA512 2473f21cf8747ec981db18fb42726c767bbcca8dd89fd05ffd2d844206a6e86da672967462ac714e6fb43cc84ac35fffcec7ddc43a9357c1f8ed9d14105e9192

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL\Default\Network\Reporting and NEL

MD5 5d8836dd923e2a50a08390060d1e9c5e
SHA1 0fff27a6d77e5341570fc253d890a614fc02e6bb
SHA256 c342644d171a5d853d619fa47ee49d016a9273f0ea5d176ceae442a6ce0001fc
SHA512 66405f8cd8a8da53c06401a0661e2a9838e1548df9a2dcd0f371c7e82697ba92515c971384a5b33756ae69ef8f16f47589900b222391fc2fd1f8505949921597

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL\Default\Local Storage\leveldb\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL\Default\Local Storage\leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL\Default\Local Storage\leveldb\LOG

MD5 3d23f5de26022510a678d88522829a35
SHA1 a509f4e78856ebff4c54c0f824f6d38a0cdd91b3
SHA256 b8cbcefad329b2e3cdd972485c163a79ff2a621ce14f0ee85918d7dbd370026f
SHA512 a9b22c3888ba1156b85ca5d128bd6077d8a41cc09c16c3ae5aef8e45d5c3a5194ff29aac438f78e6d9e47182653d88aff49f87fc691efb8175317ddf71053d1b

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL\Default\Local Storage\leveldb\LOG.old

MD5 6ef06bc7572d4620082ed43ea96d5710
SHA1 a9a223aca2c0750796980276fcbe8147e0c5e9da
SHA256 d227cef804785aba0b73e14e5718dadaef80a243874455abfbec81edc4e47736
SHA512 2b141e48f1dc56d9e74387b520f36a31f8058bff24b34eca4b4c4ef22b3c492a4bcb80dc0b38dbce82861fa4d499f74b0b765b192e765810ea95e4b74979aec3

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL\Default\Network\TransportSecurity

MD5 ff90ac70d5e5eda7124e50e80e29077d
SHA1 ed4a9d64de624a16b554da7b826a810ba198ad87
SHA256 2908eaa783b7ed53612fa08db9282b9b745b6a971e562243d4eae2fe23b00c2a
SHA512 e89636ee3c6ed81aaed88de66ea96186db70a834626e7f70c273df7ea4bea81baed2693bf443a96e39ff0c2a67d785fae8f2be9ff119c42b3c29c0c58ff18f57

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL\Default\Network\Network Persistent State

MD5 47ff3504b221a3743d9bb276296e3d69
SHA1 25649f5561e07af0c24537b7dfbf246aec358abf
SHA256 2258c4d4dbd3f618171d65ab565bb12fb101b8eb14b1d0ebbf870246cdb5b436
SHA512 56549a67f4af7d7288787b1b2381ccd627aa4a1a704a44ad5c0e6c0502d1ebaf5497705241d27c08ee023cc199834356b8536c463d2350ab3f6bfb5f38869555

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL\Default\Network\Cookies

MD5 c9ff7748d8fcef4cf84a5501e996a641
SHA1 02867e5010f62f97ebb0cfb32cb3ede9449fe0c9
SHA256 4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988
SHA512 d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73

memory/4700-354-0x0000000000A20000-0x0000000001054000-memory.dmp

memory/3980-356-0x00000000778B2000-0x00000000778B3000-memory.dmp

memory/4700-400-0x0000000074C60000-0x0000000075410000-memory.dmp

memory/4700-401-0x0000000003BB0000-0x0000000003BC0000-memory.dmp

memory/4700-402-0x0000000003BB0000-0x0000000003BC0000-memory.dmp

memory/4700-403-0x0000000003BB0000-0x0000000003BC0000-memory.dmp

memory/1996-404-0x00007FFD632B0000-0x00007FFD634A5000-memory.dmp

memory/4700-448-0x0000000003BB0000-0x0000000003BC0000-memory.dmp

memory/1996-456-0x00007FF641330000-0x00007FF642595000-memory.dmp

memory/2348-467-0x0000017EFE0D0000-0x0000017EFE0F2000-memory.dmp

memory/2348-472-0x0000017EFDF50000-0x0000017EFDF60000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_rofwvmuk.5lp.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/2348-461-0x00007FFD43090000-0x00007FFD43B51000-memory.dmp

memory/2348-473-0x0000017EFDF50000-0x0000017EFDF60000-memory.dmp

memory/2348-474-0x0000017EFDF50000-0x0000017EFDF60000-memory.dmp

memory/2348-478-0x00007FFD43090000-0x00007FFD43B51000-memory.dmp

C:\Windows\system32\drivers\etc\hosts

MD5 2d29fd3ae57f422e2b2121141dc82253
SHA1 c2464c857779c0ab4f5e766f5028fcc651a6c6b7
SHA256 80a60d7ec533d820de20bcedeb41319e7b1def548b6ea73ddbd69455bac4e7a4
SHA512 077a5c554663be7b71f181d961f5c98c732bc296dc015ffee30768a648bee3aad62c39c352cf2947432be19519906aeac7dfaf2557d309bb460732abb7fdbc68

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000001.dbtmp

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

MD5 d85ba6ff808d9e5444a4b369f5bc2730
SHA1 31aa9d96590fff6981b315e0b391b575e4c0804a
SHA256 84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f
SHA512 8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 e0a300244e1eb4e58ae7fad8163b363e
SHA1 dc9738521b026c244182fe8d01dbf5ea060d2792
SHA256 e6db36883c535bc6e1f29d72b689578f523fb77a513061851484bb1339e66c1a
SHA512 fdc3003b5b174aa9e33e6b93e3d9805c5dfad5d295e5949bb6052144eb87bf64099abe3399bd530a684a5c6c1370d9b761a5dbff205982546e176988e9b32308

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 2bd7ba394e45808ec0d41f75eccace15
SHA1 3324b165092e1e460bf37f9906d3767449ced394
SHA256 2619131cf9594dd3e4a6edae37b7d760395821f41e92d7f3d46073d71610fc17
SHA512 f7cfb0644b18bbba70839220a84af2b191f8b4154b456038661ebff1abe38e2c9aaa4cd253e5561212fce1e86b923d6275627570fa4fb9b9467865a8187ba104

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL\Default\Service Worker\Database\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

memory/3396-526-0x0000018D1F350000-0x0000018D1F360000-memory.dmp

memory/3396-527-0x0000018D1F350000-0x0000018D1F360000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL\Default\Service Worker\ScriptCache\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

memory/3396-517-0x00007FFD43140000-0x00007FFD43C01000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe583af1.TMP

MD5 8a0076f0105adac8b15bf5004c896ae8
SHA1 7ec1ebd3ee8a4853f29609d91d43ef8374efc4cb
SHA256 26bbad05c4ee427d48649f5577baeb544816d4ded39b928425684b56e1e56d5f
SHA512 94c27e8409802f2ddb8734988b4f0353df69672aa5f9c95caca04afc96618df060c7adfdbb74664a37ebe01ac5cfe52f662579c2ebf24e6e009ec1cc5d5b9f05

memory/3396-539-0x0000018D1F350000-0x0000018D1F360000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 d28a889fd956d5cb3accfbaf1143eb6f
SHA1 157ba54b365341f8ff06707d996b3635da8446f7
SHA256 21e5d7ccf80a293e6ba30ed728846ca19c929c52b96e2c8d34e27cd2234f1d45
SHA512 0b6d88deb9be85722e6a78d5886d49f2caf407a59e128d2b4ed74c1356f9928c40048a62731959f2460e9ff9d9feee311043d2a37abe3bb92c2b76a44281478c

memory/3396-549-0x0000018D1F350000-0x0000018D1F360000-memory.dmp

memory/3396-551-0x00007FFD43140000-0x00007FFD43C01000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL\Default\Code Cache\js\index-dir\the-real-index

MD5 c6d3d6e308da95943a590fc7cc10001f
SHA1 e1badaae68e5fecf4ba7aa22dac1163465162c31
SHA256 7cedef2b7eb42f70099aa2644d19cae401fbd18d5e524515577fa8e24cb6bdce
SHA512 9e0a5967f547dc1de1cb24ae1dfa6379828265d8a91ee51163a2fc82dc123f0e255efb305b0cd9be56c83b60d8ef793b15e722ffbe21eaa4a70f686373aa370a

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL\Default\Code Cache\js\index-dir\the-real-index

MD5 f206b2e53a1dc7a2b885a3148736fad2
SHA1 3ca41beeb472a66306bf86df05b44c35caf6712d
SHA256 5464cdc3fed031e76ba9706415cd2162f2b73f5d75f9c769f156f5e467a0fe83
SHA512 ef01f682cf208f47c5b3d155a19178c7d74c846da826b5d1acb3653f73696d27cbec0b11ce49b48d5dbadee9e27fd9775e8194bb8a2be487c726fe19a47498d2

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5841a8.TMP

MD5 9c01fa2fb733d480e69e4aaaf0ef1690
SHA1 43940aab466100e2a5d93694dd3fb944d3f8e355
SHA256 443cd48c7772d3e0056ced7fef2781a604b6792a0300af271bc6dab8d717bfc1
SHA512 365afcc97d1bb4f5b958d8be07e143cdd7543022774d4793dd940b244d7f7a8c7f10b94689cc60c4760a36b4752b2a2e20f8f7a6f1eef363db08ea0b269d39fd

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 13331f169ea57257799b0cc16624bfe6
SHA1 0802725fd2288d7d41a3818c4e6c49e36aa8e0c6
SHA256 70af03a29aaae087854b4e02d0774d733825eef0e5944fa526e6ece3e4803ef3
SHA512 b048d4252992ff9cbef0dbaad95402dfb7c85a68d4216a9f368452aef1014af0a9d02818e797c1710d9a6900deafe583ab9a7de13cd99634baed7925689d4168

memory/1996-599-0x00007FF641330000-0x00007FF642595000-memory.dmp

memory/1996-600-0x00007FFD632B0000-0x00007FFD634A5000-memory.dmp

C:\Program Files\Google\Chrome\updater.exe

MD5 bc202c47461acbe8bef80e143eb3a364
SHA1 0ef433c2e54c4097f0ac3dc722fb9e4e7b7c2634
SHA256 df144eec828ac28a99d5d148493b3a4c8f36fce79ea7c41c08511ff69d6762bb
SHA512 3bec158714630e6d38867ddba74eda37e036fa2d31c3b3b83229ab593ee85e36c9964aebb31a847bb5b0e65932d8fcfe0860cb6b2a7a31c10204887daa018e08

memory/3604-606-0x00007FF72B720000-0x00007FF72C985000-memory.dmp

memory/3604-607-0x00007FFD632B0000-0x00007FFD634A5000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL\Crashpad\settings.dat

MD5 ecbb419cb1e8d71c816836c1038b4acc
SHA1 8e527bcec0b6b358e704429c775a5667ef82d5af
SHA256 a1e272e775207efcd7a4b4b24945cc07a7503ffd2c610ceca50910b0aab118ef
SHA512 0adbe16efc8171b0a3f2721a175e8e6989db3af038f4f733287d48a6ad5065a7e1b3d1bed0e3ebf006f96fccf94562c44c4c1b535b7b66b4284fbf227aed90a2

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL\DevToolsActivePort

MD5 70df6c78323ac0ac29d4e953971ad20e
SHA1 d8ede5c4bc7f5f497f88ab3d5bd26d52b9adf9f6
SHA256 71e08e8dc47884d95f606b57a2c59f46d6ff33b088f4774880ea5bec19904797
SHA512 69b93ee665863bdddc503e11e09bfec8f1aa9c0044842b7f2bf145d5f57091ff8a6684d168266ad0eef5d82c8d6fc407b537278b294f5e011a5c2eeaaa0dd4dc

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL\Default\Cache\Cache_Data\data_0

MD5 b691bc88742fc1e31aa6aa9bbd1320e3
SHA1 dd85379025032c615de5728f372270b8c11f50cc
SHA256 fa66c105291084bb8bc316811ee6dad8a90e90c07d59099ef750baca68aa0e75
SHA512 7d512d56f3b14a9d6417060a6362e7e70ced3b2197b49984f26e58ec998a7501de6f69063d015c09c7d90eb5dd9faf1549257f7477bd8d07744577e7299295f8

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL\Default\Cache\Cache_Data\data_1

MD5 37bbfd6dc62ac6970daf440a227866c9
SHA1 80364fe178141086069cd8e5b9e23a948ab7ef15
SHA256 3550804026629ebb673969e6d7e01bc61470b077065c4ae416ab2c3bca64eae1
SHA512 0dcf4a6117e438a086764647241e86f471fa91f89edd41a627a604fe57a72fb95cd64e500eb6a6ffcaf5e41e9c6929a87952e07b973dc3b6f22388416c093ac2

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL\Default\Cache\Cache_Data\f_00000c

MD5 189badc72a668aade50699ae05067c2a
SHA1 5458410fc96bcf08b29f204b05470dad5882afb9
SHA256 896d76b06fe7bc62fa10e8f9091b84584d8fdbd7eaaea1183f7c1e5e3a98c559
SHA512 287ff71f9b6ab261f989792cfee0b99e1745c57e8e8c9c3c55e07592a835008673a9ee5b2099ef9beb6ef4343c10827109b281b2fbed0fe0de1da020723c622b

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL\Default\Code Cache\js\cc64f67ebbfc31f7_0

MD5 ac2802b89a1cc72297bd7864d7f8f667
SHA1 114af0a82a95c4c548a55d5f9a0342acb66cb02a
SHA256 cff833bdf4e49e003ed18ac71e7eed9efd835cf34522d68914b66539a9155f72
SHA512 19ca7c21277e219b97d28f2ba264ef00cb76b4641c79d45f0e4545eba011d235f6550a04ef97a27d556160252343ece8305c3e55129e7dacc5d960b217659e3c

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL\Default\Code Cache\js\cbdf1827f4191879_0

MD5 b021e0bf31dd9024bbe576c498c529e1
SHA1 a458f9bc0ba0ef46734d17e289186faf9ba4b37c
SHA256 7526b2ab46bf3a147f07d3864b3c05c2498aeda0e6b681222dc7d5e79d359086
SHA512 ac2ce704be4c43b81060ced1fc6c62461f53e4b0e3b78e290f027a42f9bbf37c0bf3d94603d4a60b090c40d80bb4e3f7b7e2fd360197ba2ad53cae0659818d31

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL\Default\Code Cache\js\a90143e863a915ab_0

MD5 c24aeafef6ade22425fc4374f4631c56
SHA1 8102f277f5f123473be59a10fc7d1f57a95ef7e4
SHA256 b22f5271a62e56caed9b07ad7420cb5caee178836e6d1046c810539e0f79e743
SHA512 f2528170f868590700d73dcbf30d09d76b8923b9704fe3c3adc98c149b90358cf7fa3230dc54d2becaf2d64b74c6f44dc7e7c378e1bd450ba3abcb18297d4d6a

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL\Default\Code Cache\js\9959b4a76f6a689c_0

MD5 3cfdca27779d01dd36c51e7cf7e02ff6
SHA1 8a5175e1e8ab27bc0b8760f5bac3714f129011be
SHA256 d688f2eda273a15bc9e24c10abed0ac3a91357231568b1078cc7579149694d42
SHA512 dee0adcc4922717b6fa3f144964257b5b079d94350cbf0b66600bcc79572c5cba60b239d805b9e78c638373e480fcca83789902616473af66688d689bf40f565

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL\Default\Code Cache\js\8f06aa5ddf25e0d2_0

MD5 c3ab930cb5ef15c6123c2ca4db2ab152
SHA1 4424cb3bc677d5c62cfde28d26be2849571cc2a3
SHA256 48a46b6b32b391056276e1b5d77834ad07f299462a5503a319a4f87679369570
SHA512 c38c278f166a30c708636af1cdbe080b195a8e3bebde1c10f28a8a5270906543948be5aa157fbd6c4179e2a1cfff838fd69fb8f42d13b045aef244d11fb3622e

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL\Default\Code Cache\js\8c5f3f8b8b33bf79_0

MD5 ccffb3bd08125ac4efecc911582b14eb
SHA1 e7769c3f287c8d45ad2ef9be90996680bf857901
SHA256 bcdbf631ea412476e435fd78ff6d86a99449426fe4e07e71fb7f42c336cbb948
SHA512 e746023d5101985c5ceda3dda89861087815266847e5ccd85c00ffef98b1fa73fdb8ea991034b4ed663fb40a49051c84ca57316cbbde3cb27ede679ed6b6f4a8

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL\Default\Code Cache\js\6f0a29a94891d082_0

MD5 64f279179cc6271ca0c18bfa5d9b55b1
SHA1 a79ed2818fd03fec153dde812ad6c880620b073a
SHA256 ce32867ac4a9b8ca6e52278b7a8f71c64a9b816fe00efc8f0c385400133838ba
SHA512 682310676a226ae8a343a6d3ab8fad87327c050f20d8ee4318aaeab7daa7b6f0ca8ef8be07ea9db53d0c107af85d267beca27da353601a4d88a1c1492dfcf0d6

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL\Default\Code Cache\js\6cbc2f6958aacea5_0

MD5 50d4236280b495ff45c1497abf7dceb9
SHA1 eb79487ea1bddbd9abd09e3223a6030f494cd189
SHA256 65dc91bc36107cfee29a2ec81245bb2411d678772191c4159ccf93b755a967e0
SHA512 b2cc65372ae603687de3c16bbd49a886ab01620a7f0268c3e50ce8c105ae17ccfd262bffef739bec90a074458129433c9b22665a5255d426a77b36e22677d3aa

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL\Default\Code Cache\js\60ae0d0fe9088cac_0

MD5 07eca26ca85a99419c18fe46069d8a7f
SHA1 a812aec4f26604f8c7d031ea065cd7b911b9715a
SHA256 99190e50a4affc257b62469c68d5c412b3dbb9d66f04246e281823d55a79c1db
SHA512 4abc8685a2dfb65f7be4801cffbe28c45feff4fd11593f4c27d7cfb75d3edf2fc893e4a1b83bd54f6aa872f1d49cf0d0dd746a9466ae3d71a9204ae9b476f692

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL\Default\Code Cache\js\5b76df05a935e848_0

MD5 265b16c7623791d6f59b2c64d290a4c6
SHA1 298911225e8972ded80869b24c0a4a0edb4966df
SHA256 e05e55e408c9d01085b337884e621798c0fbc41693b615dc93e6f0b2cc17452f
SHA512 ea8d2f07f0098f4d9cd07598164a59f515b20bc542767e441a26f4bf25ce46e56cf9ca171b0d40ca40f1573db17f7908cc8e04682a73aed4d2054a0b26e7714d

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL\Default\Code Cache\js\4ba437eb0c2cc66d_0

MD5 36fb9d6d111e08eb77f11c2357063b70
SHA1 a9d4501326e0ec0df329303ca72876f7126edf83
SHA256 79a09d3f9d01421100f0bb03c81ba893b9eef7f4c7b8dc12c10d0ec0a561ba11
SHA512 d923eceb47eebf84af9cf42a941c4ca1f7a3d9279cbd4e145c23084fc3d3d21438f9c6aff85bc74f1a0e886a184381d42887d0bf180a086bfcffc3fe4c502440

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL\Default\Code Cache\js\343f6993e27f1d39_0

MD5 3c9a03aef58f7cfa7c766ede42abd8bf
SHA1 ea5c68dc472fb00bc1be9c7333c6b890640ac1a3
SHA256 faca76752c8eec68c87ad34f3d92bc8e96014ad266408c5530dba82fe23c492b
SHA512 09524fb39b385d0b86bb6ea7e828e258dd180be061d2f829fcd2ef099f8b56f10f5678e1bbbb9714ce62cffb61c3db4665031151e16c4c68b46226c01894dc5c

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL\Default\Code Cache\js\2e64514b9cd267ab_0

MD5 20ee973ec36715313fdd2d9ce0f845e0
SHA1 84fc207ede33723ba73f3fe729fa65dba5f462ec
SHA256 71433b9124c5f8b1b23160a749a6d1a90f8ba5a9382c2032727e6c6ef1486568
SHA512 0600dd116e3a4644f39915cf347ddbcdbc5de45325207b0fab66c315c5c0ae85b2b51b1c387af72738da8d4238e5da3898186244f281e584674744eb09232f2f

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL\Default\Code Cache\js\2016c72aa5f54f52_0

MD5 e18a40476b4098bfe656b5a1fda4b118
SHA1 3d7c2a1bc4c2b077ef9e61681c67f781d0857a0f
SHA256 9c101ab5ddb22feeb09802bb8c4d55003f19515060a13d6043eb97a6184733d6
SHA512 af3e12d18b7f11c56cd1752cacafaa6801e2a269d26e38d675475fda76ff542e2ccfe56ad5ad619249440f53a355adadf5ffeb3912cd62931f8aa0c37d137f25

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL\Default\Code Cache\js\10e544c7a72e2f65_0

MD5 ed1dca4fcbdf6d36e5138f1201d5e23d
SHA1 446e76922639023d6d3f9226db4232016af6cb6b
SHA256 49f6b26142256b5de04b458eb072809f3fb861e1d595e6ca18464ab80c9afd4a
SHA512 5174eee90489a52e0bc8967abdb6c7f9418ad9c4f63fcb52fa151f648135ae70bb2b6df8fb857d111f05d17ae7401e5e4b8a454f68104cb4a5157886b35841d2

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL\Default\Code Cache\js\06db5837b6c74111_0

MD5 5f57092bfb534c9d59ec5e9f2ae6a39e
SHA1 cfcdc1bbf455d464f564a62777c9c85cc7e0e272
SHA256 f2f833d97ee7b7c95ef7e4647955f0919efcfdd19e407187d91d7829215ee3b4
SHA512 0648f6860f0211ec4bdbb3600df98fe64f7c879af3da93c878a4344dec631c66b3853a7c9d389f509669b68210b80247b43e4b9bef7cfb5e2947cf93893d033e

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL\Default\Cache\Cache_Data\index

MD5 61c42d1b9176b5a91ff5376981425029
SHA1 19c216fe2c2730663a3c8e562a7ceffae1b53898
SHA256 b995768a936bd8c98212a08dcc91fb75f129c345ae37ff15aa3cad824fbfb525
SHA512 5cbc2369e57c0d2e86cd0658f07a6f4f819546a8b9cbceeb157b676de851ec850d766d8d417ed9d282064486b96a7c70aac38ca88b8c928d592d078bef6653d6

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL\Default\Cache\Cache_Data\f_00000d

MD5 250bdff8769a9791656b1475a293c486
SHA1 31ccb16008e78db499d1cc68cff74ebf1979f1a1
SHA256 aca7dc1db7b861fa7c839ae3c537ed48b098ffedc1151c0fb95e744af1cb7738
SHA512 ba37f07adc32644e34700559f11a654a7862787ab1bb5bd53040c42b16a80f336823dca61e202a07130ad0845335b2d92b404567eded9619b4569d1b544ebcf2

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL\Default\Cache\Cache_Data\f_00000b

MD5 2d52125a96fb5a7227c67848bc18f65c
SHA1 a3593c6d8e3b6b458b6bbc2c6423dc76e30a84a3
SHA256 61f3154c19e46e1989d6fadbfe20835d0c9fc47242dc5828e776e3ec667fda24
SHA512 5f151708007cb474e64e8968b1f6b5e5331c434cc237627c6c5c92d1894d020f476ad88461e35fbf383aa46750a9cdcaf3a2ac8fe90570753c73fcf17ac0cbe6

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL\Default\Cache\Cache_Data\f_00000a

MD5 7db3096a5ce269d5140afbedb84e0fb7
SHA1 1155014e26835855c4177e8916b0bbcd5e4cca61
SHA256 48662b9313a828746c1ba3edfa196d8ecd6b0ca730848ead5418fcde8da4a809
SHA512 a349f3265db5ebff9e535778ccc92bc846fa9a4175dbf4d9c0e5b77d294ae521eca5f104d45f0eab0bba88120a08103ce997a420ecace703e211796e842ca7dc

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL\Default\Cache\Cache_Data\f_000009

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL\Default\Cache\Cache_Data\f_000008

MD5 9f1c899a371951195b4dedabf8fc4588
SHA1 7abeeee04287a2633f5d2fa32d09c4c12e76051b
SHA256 ba60b39bc10f6abd7f7a3a2a9bae5c83a0a6f7787e60115d0e8b4e17578c35f7
SHA512 86e75284beaff4727fae0a46bd8c3a8b4a7c95eceaf45845d5c3c2806139d739c983205b9163e515f6158aa7c3c901554109c92a7acc2c0077b1d22c003dba54

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL\Default\Cache\Cache_Data\f_000007

MD5 c101a8ba729b894927d7d884e4be68a8
SHA1 4bf48f94ff4e50e81c9d83b641af74b3bed580a0
SHA256 544f08482a62485be4acbc443462b01fe16b408b3d154c0cb1ff921a453cee33
SHA512 77483a92abeed799dfb1e782988569875b29eccebfb14e5be353302849ea6f0ac6a6411a72d6da706ec3767a54f12907fd0bfa4646ad4ca1cf4e1e15fbe9a9ed

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL\Default\Cache\Cache_Data\f_000006

MD5 6a3bb9c5ba28ee73af6c1b53e281b0cf
SHA1 d96e403c99c1707f82ea29c2c1f134e792c64097
SHA256 2f5adfc38558162578ffe112229f10417fbc4b3df025d153d4e22a0c95177740
SHA512 6c4844f70969938339cb6716a834a79e1a8379459c87b983c2518b9cbb560cb2f101aff980f682989928523be6cdc99bde3bfd8137f9c54a58191b900b580fbf

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL\Default\Cache\Cache_Data\f_000005

MD5 5641d2e6eb6f88f5c306ef14bcda7513
SHA1 1714fcfbf63fc8d860c0edb99ca221ac99194f07
SHA256 d573a0546fac381049946c0b0bdad4c42d2e60b572b79ed8c41e51894d9ef1ab
SHA512 2f4d2220ce860110fb6ad9b438b05d43551577f93f45bc97f56aa80c89e1a369734b64c190335a9df1963c547a5b607c5f8e3e229da906a36ff6f96d387a1774

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL\Default\Cache\Cache_Data\f_000004

MD5 b096dc9a3e4e6748a91abe826cf5d165
SHA1 b115fd9390e39b86a711039745cbad73741d7252
SHA256 7552567793d51609afaac7d5e1b3d2289f1a64a323a84c74c28fe615075e1c3f
SHA512 c075f36473b578f645ab66f1800d6e0a61b66719361c8c730ccb4505c1ab127ce96d5409c0c82aeddbc2bd03bef6c7a905310e4462ac7a0ebb2e07b45cf33a94

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL\Default\Cache\Cache_Data\f_000003

MD5 21808cd0724524589cd4ec1ce26f6d58
SHA1 fc5cc4cb347ed20389626c58a6de396ef1ac5ada
SHA256 1a7608a326717e18f424991b924d9c7319eb273cc3af432585d95ce8b068ca8d
SHA512 36902ff35a1ed469aa9cab3856b1b0057ca7db8ea4d92ca1d129e68f02eebd5322a4e81aec29a2b1c0c289e2f82df13684ccf0305378878494260c4d4e6caf0d

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL\Default\Cache\Cache_Data\f_000002

MD5 01af703c52ac5a93685bb3911d6918f1
SHA1 cbb1279745c1c2208fb9b8606e3d3513cd5dc3e7
SHA256 75ecbede729daef7531a6e43dcaf82afd1ac691c5a993231ddbe40254bf01653
SHA512 fbf1f2a3180f001cab1a860425f750010d6932479b343d5848ee0a78e03e29a46a123ee0103560d87df32daa3f6878cde07927e11e0615ad8e3c8e1568b942c6

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL\Default\Cache\Cache_Data\f_000001

MD5 5a1dc4b8370980d1ebf7c621f2aab266
SHA1 4167b58d3de294dd398b8aaf2ec19e638635d342
SHA256 666480ec5d9846082363a1b14baf3c01b1c9b90c1bfdb59486aae8681ffa729c
SHA512 11a4673ff57275e3b189c5d418421efefac799010c620e344f42dd68fe36c766c25437b6f3ab63098d730d1be6421b6381373a5712f16a1fbd7cb6743630f038

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL\Default\Cache\Cache_Data\data_3

MD5 63b040a7b080b069ef7167ca994c99de
SHA1 1e4799cda5473491414cd788f97d3055de82c37d
SHA256 820fa639b3406085442943ef4d64683d34fd04c75ce18799c9229fe1fb0a0f8a
SHA512 3a68d047362b8404de1592d7408019adecb7c39aade5f132d3e746782d8cfb1498b2d051aa44b1769832db7bb4fca864f319883aa354b5ce0fc61d40cf4282cb

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL\Default\Cache\Cache_Data\data_2

MD5 03dfd1d7deb2599f32f154bcc308a85b
SHA1 33063b54ea01842665a02ccf38483fccaadc1486
SHA256 9aed836e348a067a687716867682851b4d435547b46047138cb6f7279cac7d77
SHA512 f0d7c487574ab35786db24a78fb0c60cf7dd2dcc4f704d333a5d911ba68b69180eebc73056a282ea659727fb40404df183f98269418613f372eb8893ec964455

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZM9CL\Default\DawnCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataSS8MU\Default\GPUCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataSS8MU\Default\GPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataSS8MU\Default\GPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

memory/3604-749-0x00007FF72B720000-0x00007FF72C985000-memory.dmp

memory/3604-750-0x00007FFD632B0000-0x00007FFD634A5000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataSS8MU\Default\Cache\f_000003

MD5 21808cd0724524589cd4ec1ce26f6d58
SHA1 fc5cc4cb347ed20389626c58a6de396ef1ac5ada
SHA256 1a7608a326717e18f424991b924d9c7319eb273cc3af432585d95ce8b068ca8d
SHA512 36902ff35a1ed469aa9cab3856b1b0057ca7db8ea4d92ca1d129e68f02eebd5322a4e81aec29a2b1c0c289e2f82df13684ccf0305378878494260c4d4e6caf0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataSS8MU\Default\Cache\f_000007

MD5 4c99ce926bed7209824e6981f86480b6
SHA1 28d28a728badf2f4c44efb5a0830df49a8a7eca8
SHA256 9c8d100d89c65377133cdc99d7540790dbac2cdc08c54d4bedb10361d003755a
SHA512 5146951a7c3f983354f340acfc0b102a4668026effe99318c06b2be94a097c54b1b6a2e2644e4558ad934bdf2811421fc68a3482eeb807a5dcf275bb14759efc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataSS8MU\Default\Cache\f_00000d

MD5 4e7fc25c12d61f91aee5d255aef1ef5f
SHA1 81950899f12e5c6f1bf44bbb739b57de405bfcf0
SHA256 bd543eccbcee4b0d67cecd991022a3958c88385969d1317af7de2e27272d102f
SHA512 c72352023f29e56e42c2bb8692987fbaaa98cad4b8184af5a23cdff1d84f07dfd0d6ec7029164829762795fd593923e3979c607fed189128f4cba3925d92be9d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataSS8MU\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 61cf49889035d7ef0b4c3bad6ab7e100
SHA1 ed6950ec1a48de6d870938ac66653b4328bb5242
SHA256 be81c6868be4c9dc8a4249f61bce8208957f78634f1ffb34b5206ce067ea5721
SHA512 cfe48da3763de398b743f2f1ca336c55cc809a8348115853ec51e6e6d7477b7fcef401affd51b1d0187a4c60af5a2c82e0e1965719168ac5ad53cf75c7e245c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataSS8MU\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 c0d37152d2c2c4644928dcc2e756dc2d
SHA1 b30093c13801caae016205410d6dfb12d3f61a36
SHA256 02025c8aecb543d4a76cf5f3d7d50e9e125f6c40e32efc75582284294ba4ef3a
SHA512 72364715fafe1c4255e7b0840aa387bbf68c05ad98cf6eac65b9c2114897a595338aa498ff8043767f7516ad547c71f97aa50efd0a285bd6ad99d896b89f2872

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataSS8MU\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 8f95c453062b2f72b5443246c8bf2cb7
SHA1 9f42bf76907b15eecf8276834e76d62e24565272
SHA256 25505f1fae178dff43bb6cd0a4401ad43fa3b5ecb20d5387a3c6d6445db9153e
SHA512 94a8fac707edfec554cfa9fe932100375dba7af256dbb07d52b226b25e662a91fc19a3761b90a3c09f9de85fb0873c1544759208cc0f92d2eb6b68bc240ecf9e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataSS8MU\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 2667cf31425e95dd298423485c59d281
SHA1 2fc77c66b731563f4703527379cd5a424f36dc73
SHA256 1eceb6dae1ff4098904595681ac4accc9518d11de53a4f31dc0c2151ee5d5478
SHA512 953c101881daa13619fd9e62dce4bd5fbb9919641675e8df5783e868805e0a0e77d72ed3a4e1f3e632d0a532bfbdb6ada9bda3f6f3de67ef11c875fff8295d45

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataSS8MU\Default\Cache\f_00000c

MD5 9f1c899a371951195b4dedabf8fc4588
SHA1 7abeeee04287a2633f5d2fa32d09c4c12e76051b
SHA256 ba60b39bc10f6abd7f7a3a2a9bae5c83a0a6f7787e60115d0e8b4e17578c35f7
SHA512 86e75284beaff4727fae0a46bd8c3a8b4a7c95eceaf45845d5c3c2806139d739c983205b9163e515f6158aa7c3c901554109c92a7acc2c0077b1d22c003dba54

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataSS8MU\Default\Cache\f_00000e

MD5 7db3096a5ce269d5140afbedb84e0fb7
SHA1 1155014e26835855c4177e8916b0bbcd5e4cca61
SHA256 48662b9313a828746c1ba3edfa196d8ecd6b0ca730848ead5418fcde8da4a809
SHA512 a349f3265db5ebff9e535778ccc92bc846fa9a4175dbf4d9c0e5b77d294ae521eca5f104d45f0eab0bba88120a08103ce997a420ecace703e211796e842ca7dc

memory/2564-1002-0x00000000028F0000-0x0000000002926000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataSS8MU\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 e1e97fdb4256a4457d4e94ea36658b2c
SHA1 e25b7b242459e92aac1a46dbe2308b99ac9950bb
SHA256 ab15b3aa6278f3ecb7d891825cfed05f50c9ddaabc8e8da6823f896fc6b38002
SHA512 e0793fb9435f5819039839320a0ed40d109d6b800dda51dc69f7f50a5b3e16df907fa14561d346ae54b29e1d211b88c0cbf3f4b83b7d62f86289ac0e5a10ea5a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataSS8MU\Default\Code Cache\js\index-dir\the-real-index

MD5 61be7fdaa118b077f6370244bfefaeeb
SHA1 96027a1519aa589f1dec6030033c42c81ca76736
SHA256 e0968ea70b9723344df0ce3f3ae6e9fe51c044983631f5cf799ab7c7af4805da
SHA512 321fe937e70a63081e32a0ca86fa2a1de2736e759811d2dde3865b30f605305b6f7132df75be6d6d47e9bad79d05a24503e6351570bb3832e0b9e3c21739f64f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataSS8MU\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe589313.TMP

MD5 bea335d3b1f0f67403f233e880e5aded
SHA1 35e99ef37335f55514f7668f41a566acec9796e8
SHA256 7348a217c006d9e62c1239765b5ece6d048acdbd59c569db87b82c9960730a5b
SHA512 3edc566570c7f7b0cc6ce9fb8223b97660e5949ee2d2fb6cba49c9053868c0ba30951b1092ad8db58a043dd1529b65c96a9666efb5fd44177cb8cc6fcaef0140

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataSS8MU\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e8f2349b-6a39-4641-9adf-baba80a5068f\index-dir\the-real-index

MD5 286577ef497a0d933630fde34b2cbcd9
SHA1 f47a1b689159b2aca30e63c8bb9082add8679a7e
SHA256 5bb21876e7aba62096e4b5d175582636b99a74ff76edfb9daf8bc2765f35d942
SHA512 d079ae5adf92daa0a3f54b5fbaa16501a13557462e5baac3dc74a3c4507e91fa419db538cc6eacfa1966b8152aacf924c1a4a4ad5aed772a8b79d5dec752f4b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataSS8MU\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e8f2349b-6a39-4641-9adf-baba80a5068f\index-dir\the-real-index~RFe589323.TMP

MD5 eeb26a79e728691050590cf5f2409014
SHA1 5e767b004d344f64d8f00aa1ac9613be3a486c8b
SHA256 e949d3f4daf7c23b1466e6700c71c2ea2971ddff44cf652728f77716a7ffa75e
SHA512 cb86bbf20170fc5b2eb8953150d6eb586a468e59d5ae1e22d8acfcff0769bcd19323b79186920074eb542f0ed0612dfd8ec97c30eb3a6e2f855552738bfc7b91

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataSS8MU\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c7bc0072-6604-4c3c-abde-7cfb85f7185d\index-dir\the-real-index

MD5 45027bc0703b9f2188a86c4f7fcbc72f
SHA1 a6b9c02d42f2b3bb82242e5941c03d99babdc53b
SHA256 366a449352096d0836408478e78982593b2b9ed1206ab7e5d6f776ab2a9298bf
SHA512 c6869034d9f23152e8bbbbbb115564a1c5ab6e20c9c9652e3ab6bb9b4f9e0598d3ef8e6621a2940e70cd16b435be675dd79bf6901ec851fbdc0856d4787acf6e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataSS8MU\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c7bc0072-6604-4c3c-abde-7cfb85f7185d\index-dir\the-real-index~RFe589323.TMP

MD5 b7d953e363128e67b1290becb166ac69
SHA1 a8e552e6eb7fd7252f0f681be35b6e006e19be01
SHA256 e8d0306ae14fc33a6cc2d7c466be091dbbdeb6fd62ce0e77f7e91d987a311e27
SHA512 2b9dce9c1381bda843bb5ef9750705297314ece0213f5c5a64e57ec5a1be7c8731e63fb9c9cdff96975b99b8594e84a7b7b090ab7b918d05d84f37f307492fa5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataSS8MU\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 3b9042df21b70f6ecd394bf48af3375a
SHA1 e6310445830cc2419d551c5f2c1c9a18fcc99cf2
SHA256 bec16b281b54f870ce7547d9f7796d773a1b86af3766c5f1bde3fb85cd97ad1a
SHA512 e221fd592ab0d5002f8750f51b1ee99a099314b3e1090136c3b3b1ba03d5a9fc5c79e521008626bfc36185bfcb55ec05e75c06128d0f3aac7f92db541ca1defa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataSS8MU\Default\Code Cache\js\index-dir\the-real-index

MD5 ce0ac3a6b76dbd50e833c94a1a8f0148
SHA1 5b1c9084d82e187c61bfbe511752e655e11a8fbd
SHA256 7967c183d7ebb5b12a56d94b7fb2bcab09e24c9cb1d716a987aaa77a147fcbad
SHA512 01e17206219d9376f6ec9c1d600d35b08f242e6896bdc9597b680002ddef02e01d576338cd29fcf9c6a67431365e5c9bb0878b70dbc6fcc150b45bb641b59bd7