Malware Analysis Report

2025-01-18 09:28

Sample ID 230812-hq6x7aae77
Target 1356-60-0x00000000019B0000-0x00000000019E4000-memory.dmp
SHA256 04d9a24fdc94d5ac7a216be4a6763c8d7342f4d2bc6de0ce07c59d1f68b835fa
Tags
logsdiller cloud (tg: @logsdillabot) redline infostealer spyware stealer xmrig evasion miner themida
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

04d9a24fdc94d5ac7a216be4a6763c8d7342f4d2bc6de0ce07c59d1f68b835fa

Threat Level: Known bad

The file 1356-60-0x00000000019B0000-0x00000000019E4000-memory.dmp was found to be: Known bad.

Malicious Activity Summary

logsdiller cloud (tg: @logsdillabot) redline infostealer spyware stealer xmrig evasion miner themida

RedLine

xmrig

Suspicious use of NtCreateUserProcessOtherParentProcess

Redline family

XMRig Miner payload

Stops running service(s)

Downloads MZ/PE file

Drops file in Drivers directory

Themida packer

Executes dropped EXE

Reads user/profile data of web browsers

Looks up external IP address via web service

Accesses cryptocurrency files/wallets, possible credential harvesting

Drops file in System32 directory

Suspicious use of SetThreadContext

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in Program Files directory

Launches sc.exe

Enumerates physical storage devices

Program crash

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: LoadsDriver

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-08-12 06:57

Signatures

Redline family

redline

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-08-12 06:57

Reported

2023-08-12 07:00

Platform

win7-20230712-en

Max time kernel

122s

Max time network

125s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1356-60-0x00000000019B0000-0x00000000019E4000-memory.exe"

Signatures

RedLine

infostealer redline

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1356-60-0x00000000019B0000-0x00000000019E4000-memory.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1356-60-0x00000000019B0000-0x00000000019E4000-memory.exe

"C:\Users\Admin\AppData\Local\Temp\1356-60-0x00000000019B0000-0x00000000019E4000-memory.exe"

Network

Country Destination Domain Proto
PL 51.83.170.21:19447 tcp

Files

memory/2616-54-0x00000000012C0000-0x00000000012F4000-memory.dmp

memory/2616-55-0x0000000074BB0000-0x000000007529E000-memory.dmp

memory/2616-56-0x00000000002F0000-0x00000000002F6000-memory.dmp

memory/2616-57-0x00000000005F0000-0x0000000000630000-memory.dmp

memory/2616-58-0x0000000074BB0000-0x000000007529E000-memory.dmp

memory/2616-59-0x00000000005F0000-0x0000000000630000-memory.dmp

memory/2616-60-0x0000000074BB0000-0x000000007529E000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-08-12 06:57

Reported

2023-08-12 07:00

Platform

win10v2004-20230703-en

Max time kernel

151s

Max time network

154s

Command Line

C:\Windows\Explorer.EXE

Signatures

RedLine

infostealer redline

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\System32\drivers\etc\hosts N/A N/A
File created C:\Windows\System32\drivers\etc\hosts C:\Program Files\Google\Chrome\updater.exe N/A

Stops running service(s)

evasion

Reads user/profile data of web browsers

spyware stealer

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\cc.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 700 set thread context of 3476 N/A C:\Program Files\Google\Chrome\updater.exe C:\Windows\System32\conhost.exe
PID 700 set thread context of 4848 N/A C:\Program Files\Google\Chrome\updater.exe C:\Windows\explorer.exe
PID 2096 set thread context of 4368 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Google\Chrome\updater.exe N/A N/A
File created C:\Program Files\Google\Libs\WR64.sys C:\Program Files\Google\Chrome\updater.exe N/A

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\cli.exe

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1356-60-0x00000000019B0000-0x00000000019E4000-memory.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1356-60-0x00000000019B0000-0x00000000019E4000-memory.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1356-60-0x00000000019B0000-0x00000000019E4000-memory.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1356-60-0x00000000019B0000-0x00000000019E4000-memory.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\1356-60-0x00000000019B0000-0x00000000019E4000-memory.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\cc.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\powercfg.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\powercfg.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\powercfg.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\powercfg.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\powercfg.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\powercfg.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\powercfg.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\powercfg.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4432 wrote to memory of 3792 N/A C:\Users\Admin\AppData\Local\Temp\1356-60-0x00000000019B0000-0x00000000019E4000-memory.exe C:\Users\Admin\AppData\Local\Temp\mi.exe
PID 4432 wrote to memory of 3792 N/A C:\Users\Admin\AppData\Local\Temp\1356-60-0x00000000019B0000-0x00000000019E4000-memory.exe C:\Users\Admin\AppData\Local\Temp\mi.exe
PID 4432 wrote to memory of 3792 N/A C:\Users\Admin\AppData\Local\Temp\1356-60-0x00000000019B0000-0x00000000019E4000-memory.exe C:\Users\Admin\AppData\Local\Temp\mi.exe
PID 4432 wrote to memory of 2096 N/A C:\Users\Admin\AppData\Local\Temp\1356-60-0x00000000019B0000-0x00000000019E4000-memory.exe C:\Users\Admin\AppData\Local\Temp\cli.exe
PID 4432 wrote to memory of 2096 N/A C:\Users\Admin\AppData\Local\Temp\1356-60-0x00000000019B0000-0x00000000019E4000-memory.exe C:\Users\Admin\AppData\Local\Temp\cli.exe
PID 4432 wrote to memory of 2096 N/A C:\Users\Admin\AppData\Local\Temp\1356-60-0x00000000019B0000-0x00000000019E4000-memory.exe C:\Users\Admin\AppData\Local\Temp\cli.exe
PID 4432 wrote to memory of 856 N/A C:\Users\Admin\AppData\Local\Temp\1356-60-0x00000000019B0000-0x00000000019E4000-memory.exe C:\Users\Admin\AppData\Local\Temp\cc.exe
PID 4432 wrote to memory of 856 N/A C:\Users\Admin\AppData\Local\Temp\1356-60-0x00000000019B0000-0x00000000019E4000-memory.exe C:\Users\Admin\AppData\Local\Temp\cc.exe
PID 4432 wrote to memory of 856 N/A C:\Users\Admin\AppData\Local\Temp\1356-60-0x00000000019B0000-0x00000000019E4000-memory.exe C:\Users\Admin\AppData\Local\Temp\cc.exe
PID 3792 wrote to memory of 860 N/A C:\Users\Admin\AppData\Local\Temp\mi.exe C:\Windows\Temp\setup.exe
PID 3792 wrote to memory of 860 N/A C:\Users\Admin\AppData\Local\Temp\mi.exe C:\Windows\Temp\setup.exe
PID 856 wrote to memory of 3516 N/A C:\Users\Admin\AppData\Local\Temp\cc.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 856 wrote to memory of 3516 N/A C:\Users\Admin\AppData\Local\Temp\cc.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3516 wrote to memory of 1996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3516 wrote to memory of 1996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3516 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3516 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3516 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3516 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3516 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3516 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3516 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3516 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3516 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3516 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3516 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3516 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3516 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3516 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3516 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3516 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3516 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3516 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3516 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3516 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3516 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3516 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3516 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3516 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3516 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3516 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3516 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3516 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3516 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3516 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3516 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3516 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3516 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3516 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3516 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3516 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3516 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3516 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3516 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3516 wrote to memory of 4492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3516 wrote to memory of 1828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3516 wrote to memory of 1828 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3516 wrote to memory of 4996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3516 wrote to memory of 4996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3516 wrote to memory of 4996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3516 wrote to memory of 4996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3516 wrote to memory of 4996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3516 wrote to memory of 4996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3516 wrote to memory of 4996 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Users\Admin\AppData\Local\Temp\1356-60-0x00000000019B0000-0x00000000019E4000-memory.exe

"C:\Users\Admin\AppData\Local\Temp\1356-60-0x00000000019B0000-0x00000000019E4000-memory.exe"

C:\Users\Admin\AppData\Local\Temp\mi.exe

"C:\Users\Admin\AppData\Local\Temp\mi.exe"

C:\Users\Admin\AppData\Local\Temp\cli.exe

"C:\Users\Admin\AppData\Local\Temp\cli.exe"

C:\Users\Admin\AppData\Local\Temp\cc.exe

"C:\Users\Admin\AppData\Local\Temp\cc.exe"

C:\Windows\Temp\setup.exe

"C:\Windows\Temp\setup.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=45078 --headless --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU" --profile-directory="Default"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff902569758,0x7ff902569768,0x7ff902569778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --headless --use-angle=swiftshader-webgl --headless --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --mojo-platform-channel-handle=1400 --field-trial-handle=1472,i,4654681408400435583,14878034311172828653,131072 --disable-features=PaintHolding /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=1692 --field-trial-handle=1472,i,4654681408400435583,14878034311172828653,131072 --disable-features=PaintHolding /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --first-renderer-process --remote-debugging-port=45078 --allow-pre-commit-input --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2040 --field-trial-handle=1472,i,4654681408400435583,14878034311172828653,131072 --disable-features=PaintHolding /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=45078 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2368 --field-trial-handle=1472,i,4654681408400435583,14878034311172828653,131072 --disable-features=PaintHolding /prefetch:1

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=45078 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2340 --field-trial-handle=1472,i,4654681408400435583,14878034311172828653,131072 --disable-features=PaintHolding /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=45078 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3152 --field-trial-handle=1472,i,4654681408400435583,14878034311172828653,131072 --disable-features=PaintHolding /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=45078 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3304 --field-trial-handle=1472,i,4654681408400435583,14878034311172828653,131072 --disable-features=PaintHolding /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=45078 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3456 --field-trial-handle=1472,i,4654681408400435583,14878034311172828653,131072 --disable-features=PaintHolding /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=2544 --field-trial-handle=1472,i,4654681408400435583,14878034311172828653,131072 --disable-features=PaintHolding /prefetch:8

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4cc 0x30c

C:\Windows\System32\sc.exe

sc stop UsoSvc

C:\Windows\System32\sc.exe

sc stop WaaSMedicSvc

C:\Windows\System32\sc.exe

sc stop wuauserv

C:\Windows\System32\sc.exe

sc stop bits

C:\Windows\System32\sc.exe

sc stop dosvc

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#lwilj#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-ac 0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=64942 --headless --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data0LL7M" --profile-directory="Default"

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-dc 0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data0LL7M" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data0LL7M\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data0LL7M" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff8fbdb46f8,0x7ff8fbdb4708,0x7ff8fbdb4718

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-dc 0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1468,4964790237127298589,13618449845619126075,131072 --disable-features=PaintHolding --headless --headless --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --override-use-software-gl-for-tests --mojo-platform-channel-handle=1476 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1468,4964790237127298589,13618449845619126075,131072 --disable-features=PaintHolding --lang=en-US --service-sandbox-type=none --use-gl=swiftshader-webgl --headless --mojo-platform-channel-handle=1812 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\schtasks.exe

C:\Windows\System32\schtasks.exe /run /tn "GoogleUpdateTaskMachineQC"

C:\Program Files\Google\Chrome\updater.exe

"C:\Program Files\Google\Chrome\updater.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=64942 --allow-pre-commit-input --field-trial-handle=1468,4964790237127298589,13618449845619126075,131072 --disable-features=PaintHolding --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=64942 --allow-pre-commit-input --field-trial-handle=1468,4964790237127298589,13618449845619126075,131072 --disable-features=PaintHolding --disable-gpu-compositing --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=64942 --allow-pre-commit-input --field-trial-handle=1468,4964790237127298589,13618449845619126075,131072 --disable-features=PaintHolding --disable-gpu-compositing --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=64942 --allow-pre-commit-input --field-trial-handle=1468,4964790237127298589,13618449845619126075,131072 --disable-features=PaintHolding --disable-gpu-compositing --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=64942 --allow-pre-commit-input --field-trial-handle=1468,4964790237127298589,13618449845619126075,131072 --disable-features=PaintHolding --disable-gpu-compositing --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3096 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=64942 --allow-pre-commit-input --field-trial-handle=1468,4964790237127298589,13618449845619126075,131072 --disable-features=PaintHolding --disable-gpu-compositing --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3376 /prefetch:1

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc

C:\Windows\System32\sc.exe

sc stop UsoSvc

C:\Windows\System32\sc.exe

sc stop WaaSMedicSvc

C:\Windows\System32\sc.exe

sc stop wuauserv

C:\Windows\System32\sc.exe

sc stop bits

C:\Windows\System32\sc.exe

sc stop dosvc

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#lwilj#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-dc 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-dc 0

C:\Windows\System32\conhost.exe

C:\Windows\System32\conhost.exe

C:\Windows\explorer.exe

C:\Windows\explorer.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2096 -ip 2096

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 280

Network

Country Destination Domain Proto
US 8.8.8.8:53 126.129.241.8.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
PL 51.83.170.21:19447 tcp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 108.211.229.192.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 21.170.83.51.in-addr.arpa udp
US 8.8.8.8:53 transfer.sh udp
DE 144.76.136.153:443 transfer.sh tcp
US 8.8.8.8:53 153.136.76.144.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 apis.google.com udp
DE 172.217.23.206:443 apis.google.com tcp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
DE 172.217.23.214:443 i.ytimg.com tcp
US 8.8.8.8:53 ogs.google.com udp
NL 142.250.179.206:443 ogs.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 206.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 214.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 206.179.250.142.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
NL 142.251.36.14:443 play.google.com udp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 2.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
DE 172.217.23.194:443 googleads.g.doubleclick.net tcp
DE 172.217.23.194:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 194.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com tcp
N/A 127.0.0.1:45078 tcp
N/A 127.0.0.1:45078 tcp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 ogs.google.com udp
NL 142.250.179.206:443 ogs.google.com tcp
US 8.8.8.8:53 apis.google.com udp
DE 172.217.23.206:443 apis.google.com tcp
US 8.8.8.8:53 64.13.109.52.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 194.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
DE 172.217.23.214:443 i.ytimg.com tcp
N/A 127.0.0.1:45078 tcp
N/A 127.0.0.1:45078 tcp
N/A 127.0.0.1:64942 tcp
N/A 127.0.0.1:64942 tcp
N/A 127.0.0.1:64942 tcp
N/A 127.0.0.1:64942 tcp
US 8.8.8.8:53 stratum-eu.rplant.xyz udp
FR 141.94.192.217:17056 stratum-eu.rplant.xyz tcp
US 8.8.8.8:53 217.192.94.141.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
NL 104.85.1.163:80 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 163.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 1.112.95.208.in-addr.arpa udp
RU 185.159.129.168:80 tcp
RU 185.149.146.118:80 tcp
RU 77.91.77.144:80 tcp

Files

memory/4432-133-0x0000000074940000-0x00000000750F0000-memory.dmp

memory/4432-134-0x0000000000720000-0x0000000000754000-memory.dmp

memory/4432-135-0x000000000AB50000-0x000000000B168000-memory.dmp

memory/4432-136-0x000000000A6D0000-0x000000000A7DA000-memory.dmp

memory/4432-138-0x000000000A610000-0x000000000A622000-memory.dmp

memory/4432-137-0x0000000005060000-0x0000000005070000-memory.dmp

memory/4432-139-0x000000000A670000-0x000000000A6AC000-memory.dmp

memory/4432-140-0x0000000074940000-0x00000000750F0000-memory.dmp

memory/4432-141-0x000000000A980000-0x000000000A9F6000-memory.dmp

memory/4432-142-0x000000000AAA0000-0x000000000AB32000-memory.dmp

memory/4432-143-0x000000000AA00000-0x000000000AA66000-memory.dmp

memory/4432-144-0x000000000BB60000-0x000000000C104000-memory.dmp

memory/4432-145-0x000000000B930000-0x000000000BAF2000-memory.dmp

memory/4432-146-0x000000000C640000-0x000000000CB6C000-memory.dmp

memory/4432-147-0x0000000005060000-0x0000000005070000-memory.dmp

memory/4432-148-0x000000000B8A0000-0x000000000B8F0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\mi.exe

MD5 aba23d7f60f40f4dee64fa440d5db6e6
SHA1 dde62462dc7887a6b3ba193eafb50da17ef40e67
SHA256 6398817cc923cfad6178c53c6ba9da1f30c426cd183bfdf86889faba8b4732d6
SHA512 ad89270a47e292c931f47da322c055e168b0c4e28de69a20cbf42db9e60fbd59ceb02c01d1c18b1c931d0f23d19230b1c6390d98f36048a3c581b78ffe75ce40

C:\Users\Admin\AppData\Local\Temp\mi.exe

MD5 aba23d7f60f40f4dee64fa440d5db6e6
SHA1 dde62462dc7887a6b3ba193eafb50da17ef40e67
SHA256 6398817cc923cfad6178c53c6ba9da1f30c426cd183bfdf86889faba8b4732d6
SHA512 ad89270a47e292c931f47da322c055e168b0c4e28de69a20cbf42db9e60fbd59ceb02c01d1c18b1c931d0f23d19230b1c6390d98f36048a3c581b78ffe75ce40

C:\Users\Admin\AppData\Local\Temp\cli.exe

MD5 b78141a544759e1a07740aa28b35584c
SHA1 af95ccd7d12c7ed7bdc6782373302118d2ebe3a8
SHA256 e268b72e92c9d9af52c25f4d7643bd96c84172fadb4e7a300091eb287ee3a35d
SHA512 2f83ef2eaf8951d392f32405dd9c2555be803f63cbdb9118c4204ad148a254a19aa593082a2f5c7a1b962329df08fede026d0715513adf26d838f043fd451959

C:\Users\Admin\AppData\Local\Temp\cli.exe

MD5 b78141a544759e1a07740aa28b35584c
SHA1 af95ccd7d12c7ed7bdc6782373302118d2ebe3a8
SHA256 e268b72e92c9d9af52c25f4d7643bd96c84172fadb4e7a300091eb287ee3a35d
SHA512 2f83ef2eaf8951d392f32405dd9c2555be803f63cbdb9118c4204ad148a254a19aa593082a2f5c7a1b962329df08fede026d0715513adf26d838f043fd451959

C:\Users\Admin\AppData\Local\Temp\mi.exe

MD5 aba23d7f60f40f4dee64fa440d5db6e6
SHA1 dde62462dc7887a6b3ba193eafb50da17ef40e67
SHA256 6398817cc923cfad6178c53c6ba9da1f30c426cd183bfdf86889faba8b4732d6
SHA512 ad89270a47e292c931f47da322c055e168b0c4e28de69a20cbf42db9e60fbd59ceb02c01d1c18b1c931d0f23d19230b1c6390d98f36048a3c581b78ffe75ce40

C:\Users\Admin\AppData\Local\Temp\cli.exe

MD5 b78141a544759e1a07740aa28b35584c
SHA1 af95ccd7d12c7ed7bdc6782373302118d2ebe3a8
SHA256 e268b72e92c9d9af52c25f4d7643bd96c84172fadb4e7a300091eb287ee3a35d
SHA512 2f83ef2eaf8951d392f32405dd9c2555be803f63cbdb9118c4204ad148a254a19aa593082a2f5c7a1b962329df08fede026d0715513adf26d838f043fd451959

memory/2096-165-0x0000000000510000-0x000000000079B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\cc.exe

MD5 858f82fe9166c34b6709a3adfe6a625f
SHA1 63275e4b77e0fe6fa6f1db716b5963b69b68f8a5
SHA256 8ec2c1bb10e05a5129269488b53a46c6b5be3691c61ef7da7c6eecf1c0444b28
SHA512 1338082ebb6bf658125cd6d72f5885c78865c1abbed50fd10317dacaf41a450eb98b949631f1a1b94a67d335b23cfc0fa78d0d8db3d726adf2a57af50307b89e

C:\Users\Admin\AppData\Local\Temp\cc.exe

MD5 858f82fe9166c34b6709a3adfe6a625f
SHA1 63275e4b77e0fe6fa6f1db716b5963b69b68f8a5
SHA256 8ec2c1bb10e05a5129269488b53a46c6b5be3691c61ef7da7c6eecf1c0444b28
SHA512 1338082ebb6bf658125cd6d72f5885c78865c1abbed50fd10317dacaf41a450eb98b949631f1a1b94a67d335b23cfc0fa78d0d8db3d726adf2a57af50307b89e

memory/856-173-0x0000000000820000-0x0000000000E54000-memory.dmp

memory/4432-178-0x0000000074940000-0x00000000750F0000-memory.dmp

memory/856-177-0x0000000077454000-0x0000000077456000-memory.dmp

memory/856-181-0x0000000000820000-0x0000000000E54000-memory.dmp

C:\Windows\Temp\setup.exe

MD5 bc202c47461acbe8bef80e143eb3a364
SHA1 0ef433c2e54c4097f0ac3dc722fb9e4e7b7c2634
SHA256 df144eec828ac28a99d5d148493b3a4c8f36fce79ea7c41c08511ff69d6762bb
SHA512 3bec158714630e6d38867ddba74eda37e036fa2d31c3b3b83229ab593ee85e36c9964aebb31a847bb5b0e65932d8fcfe0860cb6b2a7a31c10204887daa018e08

memory/856-187-0x0000000000FE0000-0x0000000001050000-memory.dmp

C:\Windows\Temp\setup.exe

MD5 bc202c47461acbe8bef80e143eb3a364
SHA1 0ef433c2e54c4097f0ac3dc722fb9e4e7b7c2634
SHA256 df144eec828ac28a99d5d148493b3a4c8f36fce79ea7c41c08511ff69d6762bb
SHA512 3bec158714630e6d38867ddba74eda37e036fa2d31c3b3b83229ab593ee85e36c9964aebb31a847bb5b0e65932d8fcfe0860cb6b2a7a31c10204887daa018e08

C:\Windows\Temp\setup.exe

MD5 bc202c47461acbe8bef80e143eb3a364
SHA1 0ef433c2e54c4097f0ac3dc722fb9e4e7b7c2634
SHA256 df144eec828ac28a99d5d148493b3a4c8f36fce79ea7c41c08511ff69d6762bb
SHA512 3bec158714630e6d38867ddba74eda37e036fa2d31c3b3b83229ab593ee85e36c9964aebb31a847bb5b0e65932d8fcfe0860cb6b2a7a31c10204887daa018e08

memory/856-192-0x0000000005DA0000-0x0000000005DB0000-memory.dmp

memory/856-193-0x0000000005DA0000-0x0000000005DB0000-memory.dmp

memory/856-191-0x00000000740B0000-0x0000000074860000-memory.dmp

memory/856-194-0x0000000005EC0000-0x0000000005EE2000-memory.dmp

memory/860-196-0x00007FF784120000-0x00007FF785385000-memory.dmp

memory/856-197-0x0000000005DA0000-0x0000000005DB0000-memory.dmp

memory/860-198-0x00007FF9203B0000-0x00007FF9205A5000-memory.dmp

memory/860-195-0x00007FF784120000-0x00007FF785385000-memory.dmp

memory/860-230-0x00007FF784120000-0x00007FF785385000-memory.dmp

memory/860-231-0x00007FF784120000-0x00007FF785385000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU\CrashpadMetrics-active.pma

MD5 03c4f648043a88675a920425d824e1b3
SHA1 b98ce64ab5f7a187d19deb8f24ca4ab5d9720a6d
SHA256 f91dbb7c64b4582f529c968c480d2dce1c8727390482f31e4355a27bb3d9b450
SHA512 2473f21cf8747ec981db18fb42726c767bbcca8dd89fd05ffd2d844206a6e86da672967462ac714e6fb43cc84ac35fffcec7ddc43a9357c1f8ed9d14105e9192

memory/860-232-0x00007FF784120000-0x00007FF785385000-memory.dmp

memory/860-234-0x00007FF784120000-0x00007FF785385000-memory.dmp

memory/860-237-0x00007FF784120000-0x00007FF785385000-memory.dmp

memory/856-238-0x0000000000820000-0x0000000000E54000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU\Local State

MD5 ffa64e058902950b4af975a403e325f1
SHA1 fd0a7296266c10e07d037bf4f26eb0621d9805fb
SHA256 8bac0005d8d10f1642eb57d672b90e7ec5bbd14ff984c1a32ffa9fc4e7cd5733
SHA512 549be5dd2d6a7848221992b59736004c77a1190835cd76993c85d4bf3666f62c6f0240e0eee28558fb1e14ffda541825f477a5b3c74c355b5322dcbb17a5258b

memory/860-239-0x00007FF784120000-0x00007FF785385000-memory.dmp

\??\pipe\crashpad_3516_SCAWPAGJECOHNGQR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/2096-242-0x0000000000510000-0x000000000079B000-memory.dmp

memory/856-245-0x0000000000820000-0x0000000000E54000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU\Default\Local Storage\leveldb\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU\Default\Local Storage\leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU\Default\Local Storage\leveldb\LOG

MD5 4be0456d19a705f77165270e0cd6fda7
SHA1 8bef969b11bdb3b1fd5ae11fa41030443c8b0caf
SHA256 b0d35d7b671f06732da594191b0bf7a9ae4f13963ebc291a86d7e3c091243ef3
SHA512 37529070a2bb7af5269f6fc81027adcccdfdefb05b8e65bfadb658f4536a522bd12984a312a4a4e373f37150fcce92d8a20cb843ce615a97ee74e1834c0a7f52

C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU\Default\Local Storage\leveldb\LOG.old

MD5 783e88090a8b04eb478ab3b963361578
SHA1 fdfecba72958582592c1e279d4df380aaa723265
SHA256 7b5c273ca65b77ea235d59cd63e2c71879c42ceab068e2ac34a09087e3150861
SHA512 2bfdf1b0a01eb417261d09af4870e67c7fa5b8b42ddb0ead4a32bd5f3102d21745bb9edf418a3d7412dd4e41471efb4c605b1cccc0409c7df76b24494dc8c7d2

C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU\Default\Network\TransportSecurity

MD5 88023c0473057c786f65ea781f6a2010
SHA1 33e532a3bcec871c48f2d91411d16430bbe42000
SHA256 3b3e61dc42550da406d7e2abfa027f44d11028931daa1a1be5f81d8c63002933
SHA512 da2d93462bea17bcf29384775b461efd1a43234a1490ab8175f40fb2657ce840382d33da9ab165805642f2f67fc042b1084f020108b8e5282bbb0b948bb826ed

C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU\Default\Network\Reporting and NEL

MD5 3c2722fc783960eba4a8d0497537b288
SHA1 fa65d7cc194cbd23bb59be06ff542991aeabbdd0
SHA256 b4acb21ea7b69aee37febabd97bfee8017721a8c89324073d61bd7ecc7ca0f98
SHA512 5b11b37ea266b5b9627b97bb899fc2bad773ff1883117d8a43d618eb034b09ce8339b2989cd10c65bb1bf5bce52ea44624b5dd93c7477aebff38d78e0099919c

C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU\Default\Network\Network Persistent State

MD5 a90380b39f0ca9b4ade7080f6a3c96ab
SHA1 e2d25cfb150ed856e3b7c4be363409065b6c2e99
SHA256 6d16ef0049f962ee5fbea8107d88eae2587a9a55f8bc590928087008dbf4f630
SHA512 913977542e2096dee82aa8180b3207afb525c4d081e11cedbb8686fcad6e10c4b46b7f8130797ca5a89e726a54e2ccef12c301f55a159ac4a259da2c5f00d89d

C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU\Default\Network\Cookies

MD5 c9ff7748d8fcef4cf84a5501e996a641
SHA1 02867e5010f62f97ebb0cfb32cb3ede9449fe0c9
SHA256 4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988
SHA512 d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73

memory/4976-276-0x0000019D822F0000-0x0000019D82312000-memory.dmp

memory/4976-282-0x00007FF9000B0000-0x00007FF900B71000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_pkf3xi5e.yqk.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/4976-287-0x0000019D9A7E0000-0x0000019D9A7F0000-memory.dmp

memory/4976-288-0x0000019D9A7E0000-0x0000019D9A7F0000-memory.dmp

memory/856-289-0x00000000740B0000-0x0000000074860000-memory.dmp

memory/860-290-0x00007FF784120000-0x00007FF785385000-memory.dmp

memory/856-291-0x0000000005DA0000-0x0000000005DB0000-memory.dmp

memory/856-292-0x0000000005DA0000-0x0000000005DB0000-memory.dmp

memory/856-293-0x0000000005DA0000-0x0000000005DB0000-memory.dmp

memory/860-294-0x00007FF9203B0000-0x00007FF9205A5000-memory.dmp

memory/4976-302-0x0000019D9A7E0000-0x0000019D9A7F0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000001.dbtmp

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

memory/4976-367-0x00007FF9000B0000-0x00007FF900B71000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU\Default\Service Worker\ScriptCache\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU\Default\Service Worker\Database\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 cacfa883e3a06a61a9e036120a27f9e0
SHA1 29e24c4cd95eb9dbc97d0c2a014a25703379205c
SHA256 03d96d43cfa87e2d0b8d1bd4b0946379bf590e0d4eea703067fd2ad17ac28f38
SHA512 d1412102bcbbb3e8675e1d8282069f5bc1a4dd894695449d4fd4b4aa0fe3ebb11dd03d9f4acdfceee90b341433a7f28d5ed162f02ffa9e0002bc39c495f56f1e

C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 23912289a1093f759fe126d8ac340e8a
SHA1 afaf1c355d91189d64911fa316274aaf54c8e283
SHA256 9b1786894c1ebb5939a0df6efc47a7cdc5b47625e6037f13c50f26ff4c2862f7
SHA512 9be6e2c5ce05d0a804b93beb6f1be4543a48a7a99621eba5285a725df0bd96c1123153112428e74cdb64e3f3303212c599894c0253f5fda6540aee8ba55227eb

C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58f085.TMP

MD5 5488ff0f520e0395cfd757edbc9c2578
SHA1 b678a4825a4d191b1b07262943deb01bc2830056
SHA256 6d049fdef586e2a61c2d23a500e1d9cf6e02fdce1d0c553fd285860441f0aa34
SHA512 7a648b07a51d959307cefb3abc2a1b1c2d117f14b4681286364e7e07db70854b11d0e4b75bdf2d92bff43c3d2638694a6be9fa3c98dee32926cf4d01f11d9da3

C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU\Default\Code Cache\js\index-dir\the-real-index

MD5 a67ebbf404bf7cc790cb7e1137ca5862
SHA1 b18277bb9f3c3f9888df7f475c32ed9a928ed4c5
SHA256 643a0791bfb7946c5def454b7e8bb96c81fb544c103049147639dedb2a7c15de
SHA512 6916605b37358f3a33eb0332b6ff49d43395f29da81f3b989678366ea9a7e9845b71d8fdf867a3c4ee03ab6c7734e9c9f5c1f38c388bc6708e5a3a291a8753c5

C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 7c17a0fa94c5cb7bab20d796e3a922c4
SHA1 78a26dee5e803d46ac0743ba96581b501603e0de
SHA256 d7574ad6d91ba4ee90116595bbfc95e2cf8f45eb5282950d5e8b673782938196
SHA512 cf19de4e6e5acac50472f1ab7a440aae6cca14da65c0eb42ba3732f4b792766613e8c788309a9f35d128a34e4e61be028943ab7f48b59f3dc07ef597a7241f49

C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58f4db.TMP

MD5 0ec5e8cadf98c42d825567dc22979990
SHA1 349953ec019aa2ac09f8485188ca04b87bf582e3
SHA256 831792f324974c5cc7cefa13a776991065605d1e98dadcd85e49bf8de87c0bb1
SHA512 27a8022e8e767239b11f10cb9a4695121c97f392543751959ef516499b0ac1937950cbf5882b1f8aa4f50e653da5dfae71202cf7744db34cb03739b9bd557149

C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU\Default\Code Cache\js\index-dir\the-real-index

MD5 d4fcecb21f8f3cd5a78f3f56360e016e
SHA1 24a42a863eab2e194f4499ed09df58309211eb8d
SHA256 7b5e2a4e3e844dd0137209d22e34819803fc46ee1c354044819a02794ad91be8
SHA512 50ffb5efa57abef0e79d0066ca10d137efaa267261eb7e7cec2afeca6dcaad4fac495395e89852a9f01d3f4e90bcb725b6948ab81c021a925545eb3819958b81

C:\Windows\system32\drivers\etc\hosts

MD5 2d29fd3ae57f422e2b2121141dc82253
SHA1 c2464c857779c0ab4f5e766f5028fcc651a6c6b7
SHA256 80a60d7ec533d820de20bcedeb41319e7b1def548b6ea73ddbd69455bac4e7a4
SHA512 077a5c554663be7b71f181d961f5c98c732bc296dc015ffee30768a648bee3aad62c39c352cf2947432be19519906aeac7dfaf2557d309bb460732abb7fdbc68

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

MD5 d85ba6ff808d9e5444a4b369f5bc2730
SHA1 31aa9d96590fff6981b315e0b391b575e4c0804a
SHA256 84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f
SHA512 8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249

memory/3328-454-0x00007FF900010000-0x00007FF900AD1000-memory.dmp

memory/3328-514-0x000001AC3B1B0000-0x000001AC3B1C0000-memory.dmp

memory/3328-479-0x000001AC3B1B0000-0x000001AC3B1C0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU\Default\Cache\Cache_Data\data_0

MD5 82ee463c2350a1c87f1b9da9115147bf
SHA1 bb5703e805eebe804b4e83732a16bab47489f1fd
SHA256 1ca1a261d31a1b040fce6d81f3ec6ca375e7993abc555c21e67f9dc5f08aac8a
SHA512 f5a86a683125bc5b477c8c7526ddb4c9403172d13943fa16c68a26c47620ed50a88344c1ef390fc5fa7f148d7cda635b801694c2f15c0318e7ce4f6bb632f944

C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU\Crashpad\settings.dat

MD5 437423a19fb532b313ec2607288a58ce
SHA1 c7d7f0fd023925910130e813bf82442cb3791af1
SHA256 9c46313532f10556c577c808ebfbfc0c8a599908efa9204822206c6d787ffd2c
SHA512 2c6c54344647f28de97a473c0f1e81d0fb79bc6ce500a327d1886324a73096f55e993e91ef8df3218486b5eef1e1fab04500976cd9ff76f53e04f8976ad59da5

C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU\Default\Cache\Cache_Data\data_1

MD5 18c5b6b764c9eabc0a70b3b519e74a97
SHA1 58b313fd4b2264ccc6fc22a30b9b6f42d2e17308
SHA256 4982e908628eac51a472a5cd1e606d2cbfb07feb820aa5bcbff31e2e320e7dbb
SHA512 3486527b9df15565db212d387191b203874850e937b7f3f7717faedb08f5b3e8d68a8a866635117cd6cced05feec55d83fc21fc9503e0b42eee3d4e3bfa7b926

C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU\DevToolsActivePort

MD5 38699a6bcbabb8fef5ee1c090c0ff89b
SHA1 e3ceb22c96e6b42b3274ae1e1a6108c38c233975
SHA256 ab47e0d4fd464e807133d00abd90bc7ab78c16f47d146d06d83f3db157490bf3
SHA512 9a1c7b6df04036cff1ae3c70374bb0e61db0f3837fc8d212430c3c3ee820248cc346e0585722d0c37a4ad52fdf6acb850e074170977c699a0610950c2f55168a

C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU\Default\Code Cache\js\d9696143b772358e_0

MD5 c0b9df99c1a0f87be15402df09ad6043
SHA1 e1a7ce841b945a73e0263bfadecf8ad706c32a0c
SHA256 4ed9d40223324a66aa19bf4cbf38841882083f78cc5c576f96c69b2c42c12f51
SHA512 055b3f3b3fd3ca8a5c0e9cc3fe20364687f3fe73c144922cec1d6236f720c2310e7b69f037313e62c41cf6e263fb952dda5f2fedf749b97e2106a1c59717289a

C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU\Default\Code Cache\js\cbdf1827f4191879_0

MD5 a7d90afdadce19d4006f259c94d55c70
SHA1 6a37063ad7bc16bbdae6ff8fa100de39cd2da806
SHA256 e4a4e68269ea5f1c400478525d32e8039cfbf2aff459730ad4aec9e45bf7be4f
SHA512 dc351e19a140f3938926362e87d38983964f5b204314b84523daca201f0fe855dbc48a2e40546112c598dbe8201f4b20cd99b5834c96353d0493d4901204e228

C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU\Default\Code Cache\js\a90143e863a915ab_0

MD5 fb2431b65af0bdeb264c0df6599cff89
SHA1 6a1c807f1557b80dfd68b32f88c3db749f16377a
SHA256 5a81558a42423a6132745cd42efe3c93e40009150782589cacef43413821592e
SHA512 96dccd0dd504a529cfd31e94618e3ef184189f5989c2ec432afc929f12cc201d39d374c1843dda8b9ec09f3334dea8a801c18a3ec7c552c3805d6227417d732a

C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU\Default\Code Cache\js\9959b4a76f6a689c_0

MD5 242fbdb86e289c146ad44f04bb72e1e1
SHA1 9014ee17e14ae54710014766305bf036b4a9b20a
SHA256 7a327ad12b2ce019295066e52c96cd5e53b607bdee691d068629154bbe614921
SHA512 1a059a2284c1c710957c6f57d3fb356a9d374e66193caee6973c1e492d30f695a32b061ed3c4b5baa34c542eff8d22787e87134b37475fd333df7d81442f139c

C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU\Default\Code Cache\js\8f06aa5ddf25e0d2_0

MD5 b788aa9f237e6fec633a0442e8cde4bc
SHA1 6a4464d25bd2ae9438e8239998825df560776638
SHA256 d68b2984b7e35485de8e02a4c593c2bc20eee85932ce335f422ab55502fedeb1
SHA512 9d680571384c87120eca02602cfcb9481db27827c82104f7c884a7eb73ac49f5d0587179c742e60c1205b7bdc06d908aa7a7955e0b159a2207193708d4c1b6e3

C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU\Default\Code Cache\js\8c5f3f8b8b33bf79_0

MD5 75ade9759a035a20c6f009b3f3d23e27
SHA1 769ffbf9625ce4b61b6fa86f5bf16dacc801a4c3
SHA256 a6ea506649c0d36f8171512377926245b121ae73e83950c4eeaad058b14d07c9
SHA512 f736e6dcd2d1e22a70c7f0d957d50b4e807a5a25ddb8ac1bd38d04b1f8eda139aff50430293e8c9a6560228ef74cbffcd007467f861e296858ea8e0cec000cd6

C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU\Default\Code Cache\js\6f0a29a94891d082_0

MD5 9c8652c63a954115ecda86e90add01c3
SHA1 e62f76efcf3a980e7473ffeba9e8a2d21c0923b9
SHA256 4aac4fce6626a6bd895bd470a90fcb59ca255d3ccd90d27fbe3d93981f8805f1
SHA512 41ff1fa6fc364d923e3fcf64ca2b4c24ea5931517af73b3f2ade272be0f55811a0efde1efe39d6388c3078040cce947309ad5b202fc96722562d18994d19f8c9

C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU\Default\Code Cache\js\6cbc2f6958aacea5_0

MD5 acc2948cc2015287033a066ffd07846b
SHA1 1f424bb5809bf4e903f675e5f67876edf90ba186
SHA256 2a6f6d276e17d5926575345be3da67ee1ff2d676ea2a9ee98f77949e864423c2
SHA512 bd3411251b20979999da52151c2342021f3c023100b9260c0bd1faa49bd2bf6dba7ae5ddf95d1580db185b3d2cd0c57e4e332e203b4417d6cc35b9cd2df97e7b

C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU\Default\Code Cache\js\60ae0d0fe9088cac_0

MD5 5f62c4e29d11be61651e62e7752b7136
SHA1 2096144d09e29369ed481a45c7d5e2fbe65ca4aa
SHA256 b0b8d35392592496a2bd4a804084befff751dd46b73b52720996e88ee53327c0
SHA512 42b423ebdaebc74c28f478d29a3f2f279d2d569300a3f91ad44457757de7ad6bef8e2d37ec6a156a2f07e45afbc5ae724735dc67d23b7acd499697bab5162329

C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU\Default\Code Cache\js\5b76df05a935e848_0

MD5 c8c8fce50262ba395ddf0c2b20ddf3c2
SHA1 da25e45ff351a61b4f70c60801797ce5d375f521
SHA256 36d6040657f878018c7988d7eeb71d4869994b0a1023682bda00fbb4d5e3b349
SHA512 4953e797029cf8075abf0d04bcb04e981c134eeec03884642c019d4e2002cbcf04b628107f93ad940a39159880cb3914b817239a8ca99bc5177e586f5b35e00c

C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU\Default\Code Cache\js\4ba437eb0c2cc66d_0

MD5 c0fce35745bf7d119a99080a4d151b73
SHA1 6f77d7670f314c91a53733fdf9d5e45a5052bdb4
SHA256 74b2d4808998c51fb4d61ffe192ef179b27be7901b965a0bc80d4310617a986e
SHA512 757048ea4778f756e515eef3df4ae8280d53df7f9145fd59a2cb7c8154711949a8696cd04ca0f78e9e79d27f56eff463386b701db36bc12159293cc9298384a9

memory/3328-558-0x000001AC3B1B0000-0x000001AC3B1C0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU\Default\Code Cache\js\343f6993e27f1d39_0

MD5 d60f1a8a5acc3e6c77e1e6e4764016f5
SHA1 cb1072e2c80fb9f77bd9d9121fe368bdbaa80adf
SHA256 ff581a4b933339c001a82478800324f46e8408f87484a8492eb61eded5bdc28d
SHA512 969e0965c9dc537486ea7cb2e7a59a6458c228202b662ea6ab1b756a403fa1a850620c8a154bddd1db5a9932aac1af7d462911ef0f2b22bd4204264255172bbb

C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU\Default\Code Cache\js\2e64514b9cd267ab_0

MD5 7066513584d5f984594104331c938649
SHA1 9ff5192413ec8622f7ff042eead989ebb3dddb6f
SHA256 7e95a66a9c09d81e5b171da23658d119774a5b494be299a971f1a5e0515ed7bd
SHA512 b92dbdbe9c14c9f1a99db837e7ff0a217dee8571c7e6e556ecf12f39c19d6c925ff90175c2c396912bb89334ac9a09dda48e2bc2677b9e6a9260c951030a4504

C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU\Default\Code Cache\js\2016c72aa5f54f52_0

MD5 e9ab51f75e85063b9d5e07fab6973325
SHA1 db3d1e155dbcb458909e167ba858301a5d129617
SHA256 17deb29e852e2e2a7acebde12822a209b2704e3e3b9e3000c55ae388cc26ed90
SHA512 f431a875281e9971ce59c32dac2cac2199c03b4542c44b64edf2f1819d5ad99f500d4fb8e5289345afb3b01b7ee0c69a9ce12c5dd50f671e189284a91db6bfd2

C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU\Default\Code Cache\js\10e544c7a72e2f65_0

MD5 4816fd2bc4d85eb2b4293222ac96684c
SHA1 a1d57d36324640bcf4f6216c9f2eaebd5d5cbacf
SHA256 bf76f5757ce58ce8ddad6140ce343f005d70b9ee7353273202bcf38ce100713d
SHA512 62bcbee8f48aa69ca0f97147348d457971f29a8a169f1794ef196b4e7d16e2592aba2171f881cec7d6f548aec9c94e327e9058a0bc8cdb171676e0bd5dcc1c6c

C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU\Default\Code Cache\js\0b1095a7af2f7e08_0

MD5 8dfb305cd54ac99f0cdb5e210b3e43ac
SHA1 25a5075e1112e95f6040c6fc71c6d3726aed571f
SHA256 1a063a847d535a4003c0cfb2d8be68e94e1c532e405abea4d30216de9a1aa0fe
SHA512 ec695176b1eae8794ebf784dbfc799b1525f28d6b8dee2a9d8ccaae46e27db1d8064722662919426ba04018fc551ccf5dcdc28645952eae82c1f16bbc4361cd9

C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU\Default\Code Cache\js\06db5837b6c74111_0

MD5 6d17b62d6477e4e0ecf211c246e3ddac
SHA1 ffa3fc57c3d72da4b580826df66364023ecb9004
SHA256 69ef6b4738d92b87d71bd615dba425c872279ee37d1c524a1bcbb855d65ca3f8
SHA512 ea99a8bd1ab34c4f80bb4eaae33fe203192c407fb3be901c570cd1a57c6488a4800f30e15a8c40d135849e10895dbe9bf4d1944bca031b62f1784c9c6d3a53cc

C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU\Default\Cache\Cache_Data\index

MD5 e8afa3ced33137afe5161778dbaa68b2
SHA1 caefc548c14f7251bb24ea29bc16f101a6cf3bfd
SHA256 578085fb6cbeeacd030afdcf39875a4af8434ff827ef352b1569372eb905a73e
SHA512 4baab61e2cf28fab2235e94b696b34170c7a19c74eb7cd6edcda5cdc846c354a79d6e7ccaa21ad7fd426ac76b8d9c84d3aa1253802f1d49334085221274b0a27

C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU\Default\Cache\Cache_Data\f_00000d

MD5 189badc72a668aade50699ae05067c2a
SHA1 5458410fc96bcf08b29f204b05470dad5882afb9
SHA256 896d76b06fe7bc62fa10e8f9091b84584d8fdbd7eaaea1183f7c1e5e3a98c559
SHA512 287ff71f9b6ab261f989792cfee0b99e1745c57e8e8c9c3c55e07592a835008673a9ee5b2099ef9beb6ef4343c10827109b281b2fbed0fe0de1da020723c622b

C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU\Default\Cache\Cache_Data\f_00000c

MD5 2d52125a96fb5a7227c67848bc18f65c
SHA1 a3593c6d8e3b6b458b6bbc2c6423dc76e30a84a3
SHA256 61f3154c19e46e1989d6fadbfe20835d0c9fc47242dc5828e776e3ec667fda24
SHA512 5f151708007cb474e64e8968b1f6b5e5331c434cc237627c6c5c92d1894d020f476ad88461e35fbf383aa46750a9cdcaf3a2ac8fe90570753c73fcf17ac0cbe6

C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU\Default\Cache\Cache_Data\f_00000b

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU\Default\Cache\Cache_Data\f_00000a

MD5 c101a8ba729b894927d7d884e4be68a8
SHA1 4bf48f94ff4e50e81c9d83b641af74b3bed580a0
SHA256 544f08482a62485be4acbc443462b01fe16b408b3d154c0cb1ff921a453cee33
SHA512 77483a92abeed799dfb1e782988569875b29eccebfb14e5be353302849ea6f0ac6a6411a72d6da706ec3767a54f12907fd0bfa4646ad4ca1cf4e1e15fbe9a9ed

C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU\Default\Cache\Cache_Data\f_000009

MD5 7db3096a5ce269d5140afbedb84e0fb7
SHA1 1155014e26835855c4177e8916b0bbcd5e4cca61
SHA256 48662b9313a828746c1ba3edfa196d8ecd6b0ca730848ead5418fcde8da4a809
SHA512 a349f3265db5ebff9e535778ccc92bc846fa9a4175dbf4d9c0e5b77d294ae521eca5f104d45f0eab0bba88120a08103ce997a420ecace703e211796e842ca7dc

C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU\Default\Cache\Cache_Data\f_000008

MD5 b096dc9a3e4e6748a91abe826cf5d165
SHA1 b115fd9390e39b86a711039745cbad73741d7252
SHA256 7552567793d51609afaac7d5e1b3d2289f1a64a323a84c74c28fe615075e1c3f
SHA512 c075f36473b578f645ab66f1800d6e0a61b66719361c8c730ccb4505c1ab127ce96d5409c0c82aeddbc2bd03bef6c7a905310e4462ac7a0ebb2e07b45cf33a94

C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU\Default\Cache\Cache_Data\f_000007

MD5 5641d2e6eb6f88f5c306ef14bcda7513
SHA1 1714fcfbf63fc8d860c0edb99ca221ac99194f07
SHA256 d573a0546fac381049946c0b0bdad4c42d2e60b572b79ed8c41e51894d9ef1ab
SHA512 2f4d2220ce860110fb6ad9b438b05d43551577f93f45bc97f56aa80c89e1a369734b64c190335a9df1963c547a5b607c5f8e3e229da906a36ff6f96d387a1774

C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU\Default\Cache\Cache_Data\f_000006

MD5 9f1c899a371951195b4dedabf8fc4588
SHA1 7abeeee04287a2633f5d2fa32d09c4c12e76051b
SHA256 ba60b39bc10f6abd7f7a3a2a9bae5c83a0a6f7787e60115d0e8b4e17578c35f7
SHA512 86e75284beaff4727fae0a46bd8c3a8b4a7c95eceaf45845d5c3c2806139d739c983205b9163e515f6158aa7c3c901554109c92a7acc2c0077b1d22c003dba54

C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU\Default\Cache\Cache_Data\f_000005

MD5 6a3bb9c5ba28ee73af6c1b53e281b0cf
SHA1 d96e403c99c1707f82ea29c2c1f134e792c64097
SHA256 2f5adfc38558162578ffe112229f10417fbc4b3df025d153d4e22a0c95177740
SHA512 6c4844f70969938339cb6716a834a79e1a8379459c87b983c2518b9cbb560cb2f101aff980f682989928523be6cdc99bde3bfd8137f9c54a58191b900b580fbf

C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU\Default\Cache\Cache_Data\f_000004

MD5 21808cd0724524589cd4ec1ce26f6d58
SHA1 fc5cc4cb347ed20389626c58a6de396ef1ac5ada
SHA256 1a7608a326717e18f424991b924d9c7319eb273cc3af432585d95ce8b068ca8d
SHA512 36902ff35a1ed469aa9cab3856b1b0057ca7db8ea4d92ca1d129e68f02eebd5322a4e81aec29a2b1c0c289e2f82df13684ccf0305378878494260c4d4e6caf0d

C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU\Default\Cache\Cache_Data\f_000003

MD5 01af703c52ac5a93685bb3911d6918f1
SHA1 cbb1279745c1c2208fb9b8606e3d3513cd5dc3e7
SHA256 75ecbede729daef7531a6e43dcaf82afd1ac691c5a993231ddbe40254bf01653
SHA512 fbf1f2a3180f001cab1a860425f750010d6932479b343d5848ee0a78e03e29a46a123ee0103560d87df32daa3f6878cde07927e11e0615ad8e3c8e1568b942c6

C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU\Default\Cache\Cache_Data\f_000002

MD5 01af703c52ac5a93685bb3911d6918f1
SHA1 cbb1279745c1c2208fb9b8606e3d3513cd5dc3e7
SHA256 75ecbede729daef7531a6e43dcaf82afd1ac691c5a993231ddbe40254bf01653
SHA512 fbf1f2a3180f001cab1a860425f750010d6932479b343d5848ee0a78e03e29a46a123ee0103560d87df32daa3f6878cde07927e11e0615ad8e3c8e1568b942c6

C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU\Default\Cache\Cache_Data\f_000001

MD5 8a2f6848b227814393aeae99731ff0aa
SHA1 ba29a899ae33e4a8d93a513f635d941e2bb7ba17
SHA256 3d76542caf6995d24f921e1efa16d34a2553ba9b37504b3ce16a13819ba57973
SHA512 161ef3ba48c3078784ba4cb1d32b8e41f5abeb187585f7985bc23996b9e94ff25353883ec6d995689251e21e35b9a2e31a59547adeb50a8dd5dd862b99307016

C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU\Default\Cache\Cache_Data\data_3

MD5 4b29b41d10f01adc7e969ccc3ae06b0e
SHA1 7e0f56943f19036079981f05a016a0ce13c8216a
SHA256 1495c12dcad5cdce41044a9ef05946c6a0a3b026172bcf7ddf95e1642789d7f3
SHA512 f54b81bf32d24e5d96d6e29ec5da1b76ed5e237a1187d7e28e79dd87605b5fec58b34c9e3ba619a35cfe3337148922a217b8f0597ecc7673cdf0813600a21fce

C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU\Default\Cache\Cache_Data\data_2

MD5 3e5b5e678883642089f097dca8e7315b
SHA1 0f285113d017038ee186569e4daf74d4084870e8
SHA256 a24f1a917bb5ed1fd2b55b06ed0e990626eda83a1f6538cbb59a01126d8c4383
SHA512 9d8095eb300b07f3d62a1cd7e17e6da4bba22175bfd464e742fc7fa0725b241faa92aefaf52ece943c5dc05c242e2ffe25e0d220246ac0018faa7e4da5422c8b

C:\Users\Admin\AppData\Local\Google\Chrome\User DataHZWOU\Default\DawnCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

memory/3328-586-0x00007FF900010000-0x00007FF900AD1000-memory.dmp

memory/860-588-0x00007FF784120000-0x00007FF785385000-memory.dmp

memory/860-590-0x00007FF9203B0000-0x00007FF9205A5000-memory.dmp

memory/700-591-0x00007FF67F760000-0x00007FF6809C5000-memory.dmp

memory/700-592-0x00007FF9203B0000-0x00007FF9205A5000-memory.dmp

memory/700-593-0x00007FF67F760000-0x00007FF6809C5000-memory.dmp

memory/700-594-0x00007FF67F760000-0x00007FF6809C5000-memory.dmp

memory/700-606-0x00007FF67F760000-0x00007FF6809C5000-memory.dmp

memory/700-607-0x00007FF67F760000-0x00007FF6809C5000-memory.dmp

memory/700-608-0x00007FF67F760000-0x00007FF6809C5000-memory.dmp

memory/700-609-0x00007FF67F760000-0x00007FF6809C5000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data0LL7M\Default\Cache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data0LL7M\Default\Cache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

memory/700-621-0x00007FF67F760000-0x00007FF6809C5000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data0LL7M\Default\Cache\f_000002

MD5 21808cd0724524589cd4ec1ce26f6d58
SHA1 fc5cc4cb347ed20389626c58a6de396ef1ac5ada
SHA256 1a7608a326717e18f424991b924d9c7319eb273cc3af432585d95ce8b068ca8d
SHA512 36902ff35a1ed469aa9cab3856b1b0057ca7db8ea4d92ca1d129e68f02eebd5322a4e81aec29a2b1c0c289e2f82df13684ccf0305378878494260c4d4e6caf0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data0LL7M\Default\Cache\f_000003

MD5 4c99ce926bed7209824e6981f86480b6
SHA1 28d28a728badf2f4c44efb5a0830df49a8a7eca8
SHA256 9c8d100d89c65377133cdc99d7540790dbac2cdc08c54d4bedb10361d003755a
SHA512 5146951a7c3f983354f340acfc0b102a4668026effe99318c06b2be94a097c54b1b6a2e2644e4558ad934bdf2811421fc68a3482eeb807a5dcf275bb14759efc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data0LL7M\Default\Cache\f_000005

MD5 6a3bb9c5ba28ee73af6c1b53e281b0cf
SHA1 d96e403c99c1707f82ea29c2c1f134e792c64097
SHA256 2f5adfc38558162578ffe112229f10417fbc4b3df025d153d4e22a0c95177740
SHA512 6c4844f70969938339cb6716a834a79e1a8379459c87b983c2518b9cbb560cb2f101aff980f682989928523be6cdc99bde3bfd8137f9c54a58191b900b580fbf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data0LL7M\Default\Cache\f_000008

MD5 bbc4ab2966896743107bdbfdd9136742
SHA1 121d9562d5682084c275de9dfdc8a9491a115e8b
SHA256 74b38a4018521f7624ef0ceedf95229e4d7e938af20f12b174d004ad159e077d
SHA512 470df9ab62c88d56f025f1042b5cd7b54fa31d22a2cd119811b1f9c83fcc403edf46b0c408463019e0bf3ab2700c63f7b9a97a503c8e9cf9bd5aa41aa0421a6b

memory/700-667-0x00007FF67F760000-0x00007FF6809C5000-memory.dmp

memory/700-675-0x00007FF9203B0000-0x00007FF9205A5000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data0LL7M\Default\Code Cache\js\index-dir\the-real-index

MD5 8dea0d4cd6e47aa788f9511bbbe2c4cf
SHA1 2c96412d8a5c5ac436bbacabe961405e9641ef35
SHA256 46e44d8cd8710f21b9af17c64ba984b06fda78f6e16ad0e0ece0d3ee0e496cde
SHA512 6aed2221c637ced59064c674b797bc064db62df98bcd76ddab76f771eb992a814c27b8e3b0197535bd00b0ab3570f2ba8cb4585d7d003c96ae6b7f8c59387803

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data0LL7M\Default\Code Cache\js\index-dir\the-real-index~RFe59618f.TMP

MD5 7370125eec3f5b3672d1ae31ff39e2f8
SHA1 911f50b080779dc39f97438307d07e0d6722f32f
SHA256 f5b4de44c02e7e3dfdf57c494e76de7fb6d9c9c4224b9b7e165be8b904a2930f
SHA512 a48066b7335f5de91609d4391cdec4ad48e9cfd4b297a206e211220732b9d83d4f48b55117e995d638a1007666b5802c2540c164a9bdd67ac034e74217ecc070

memory/3328-724-0x00007FF9013D0000-0x00007FF901E91000-memory.dmp

memory/3328-725-0x0000021A72980000-0x0000021A72990000-memory.dmp

memory/3328-726-0x0000021A72980000-0x0000021A72990000-memory.dmp

memory/3328-737-0x0000021A72980000-0x0000021A72990000-memory.dmp

memory/856-766-0x00000000740B0000-0x0000000074860000-memory.dmp

memory/3328-781-0x00007FF45B0E0000-0x00007FF45B0F0000-memory.dmp

memory/3328-791-0x0000021A736C0000-0x0000021A736DC000-memory.dmp

memory/3328-794-0x0000021A737A0000-0x0000021A737AA000-memory.dmp

memory/3328-797-0x0000021A73910000-0x0000021A7392C000-memory.dmp

memory/3328-798-0x0000021A738F0000-0x0000021A738FA000-memory.dmp

memory/3328-799-0x0000021A73950000-0x0000021A7396A000-memory.dmp

memory/3328-800-0x00007FF9013D0000-0x00007FF901E91000-memory.dmp

memory/3328-801-0x0000021A73900000-0x0000021A73908000-memory.dmp

memory/3328-802-0x0000021A73930000-0x0000021A73936000-memory.dmp

memory/700-808-0x00007FF67F760000-0x00007FF6809C5000-memory.dmp

memory/700-838-0x00007FF67F760000-0x00007FF6809C5000-memory.dmp

memory/4848-840-0x0000000001000000-0x0000000001020000-memory.dmp

memory/700-839-0x00007FF67F760000-0x00007FF6809C5000-memory.dmp

memory/3476-842-0x00007FF7B1410000-0x00007FF7B143A000-memory.dmp

memory/4848-843-0x00007FF7931C0000-0x00007FF7939AF000-memory.dmp

memory/4848-845-0x00007FF7931C0000-0x00007FF7939AF000-memory.dmp

memory/4368-847-0x0000000000400000-0x0000000000527000-memory.dmp

memory/4368-854-0x0000000000400000-0x0000000000527000-memory.dmp

memory/4368-855-0x00000000FF2F0000-0x00000000FF300000-memory.dmp

memory/4368-857-0x00000000FF2F0000-0x00000000FF300000-memory.dmp

memory/4368-856-0x00000000FF2F0000-0x00000000FF300000-memory.dmp

memory/4368-858-0x00000000FF2F0000-0x00000000FF300000-memory.dmp

memory/4368-859-0x00000000FF2F0000-0x00000000FF300000-memory.dmp

memory/4368-860-0x00000000FF2F0000-0x00000000FF300000-memory.dmp

memory/4368-861-0x00000000FF2F0000-0x00000000FF300000-memory.dmp

memory/4368-862-0x00000000FF2F0000-0x00000000FF300000-memory.dmp

memory/4368-864-0x00000000FF2F0000-0x00000000FF300000-memory.dmp

memory/4368-863-0x00000000FF2F0000-0x00000000FF300000-memory.dmp

memory/4368-865-0x00000000FF2F0000-0x00000000FF300000-memory.dmp

memory/4368-867-0x00000000FF2F0000-0x00000000FF300000-memory.dmp

memory/4368-866-0x00000000FF2F0000-0x00000000FF300000-memory.dmp

memory/4368-868-0x00000000FF2F0000-0x00000000FF300000-memory.dmp

memory/4368-869-0x00000000FF2F0000-0x00000000FF300000-memory.dmp

memory/4368-870-0x00000000FF2F0000-0x00000000FF300000-memory.dmp

memory/4368-871-0x00000000FF2F0000-0x00000000FF300000-memory.dmp

memory/4368-872-0x00000000FF2F0000-0x00000000FF300000-memory.dmp

memory/4368-873-0x00000000FF2F0000-0x00000000FF300000-memory.dmp