Malware Analysis Report

2025-01-18 07:15

Sample ID 230813-k85tysab92
Target 24370dee664ee20b21599b477966ea9a7654a1252c772f5afd50a83c427fa290_JC.exe
SHA256 24370dee664ee20b21599b477966ea9a7654a1252c772f5afd50a83c427fa290
Tags
redline logsdiller cloud (tg: @logsdillabot) evasion infostealer spyware stealer themida
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

24370dee664ee20b21599b477966ea9a7654a1252c772f5afd50a83c427fa290

Threat Level: Known bad

The file 24370dee664ee20b21599b477966ea9a7654a1252c772f5afd50a83c427fa290_JC.exe was found to be: Known bad.

Malicious Activity Summary

redline logsdiller cloud (tg: @logsdillabot) evasion infostealer spyware stealer themida

RedLine

Suspicious use of NtCreateUserProcessOtherParentProcess

Stops running service(s)

Drops file in Drivers directory

Downloads MZ/PE file

Loads dropped DLL

Themida packer

Executes dropped EXE

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in System32 directory

Suspicious use of SetThreadContext

Launches sc.exe

Program crash

Unsigned PE

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Creates scheduled task(s)

Modifies system certificate store

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-08-13 09:17

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-08-13 09:17

Reported

2023-08-13 09:19

Platform

win7-20230712-en

Max time kernel

75s

Max time network

151s

Command Line

C:\Windows\Explorer.EXE

Signatures

RedLine

infostealer redline

Suspicious use of NtCreateUserProcessOtherParentProcess

Description Indicator Process Target
PID 840 created 1276 N/A C:\Windows\Temp\setup.exe C:\Windows\Explorer.EXE
PID 840 created 1276 N/A C:\Windows\Temp\setup.exe C:\Windows\Explorer.EXE
PID 840 created 1276 N/A C:\Windows\Temp\setup.exe C:\Windows\Explorer.EXE
PID 840 created 1276 N/A C:\Windows\Temp\setup.exe C:\Windows\Explorer.EXE

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\System32\drivers\etc\hosts C:\Windows\Temp\setup.exe N/A

Stops running service(s)

evasion

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\mi.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cli.exe N/A
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cc.exe N/A

Reads user/profile data of web browsers

spyware stealer

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
File opened for modification C:\Windows\System32\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Windows\Temp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cc.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 1644 set thread context of 1200 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\cli.exe

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\AppData\Local\Temp\24370dee664ee20b21599b477966ea9a7654a1252c772f5afd50a83c427fa290_JC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 C:\Users\Admin\AppData\Local\Temp\24370dee664ee20b21599b477966ea9a7654a1252c772f5afd50a83c427fa290_JC.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\24370dee664ee20b21599b477966ea9a7654a1252c772f5afd50a83c427fa290_JC.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\24370dee664ee20b21599b477966ea9a7654a1252c772f5afd50a83c427fa290_JC.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\24370dee664ee20b21599b477966ea9a7654a1252c772f5afd50a83c427fa290_JC.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Users\Admin\AppData\Local\Temp\24370dee664ee20b21599b477966ea9a7654a1252c772f5afd50a83c427fa290_JC.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\24370dee664ee20b21599b477966ea9a7654a1252c772f5afd50a83c427fa290_JC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\powercfg.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\powercfg.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\powercfg.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 760 wrote to memory of 696 N/A C:\Users\Admin\AppData\Local\Temp\24370dee664ee20b21599b477966ea9a7654a1252c772f5afd50a83c427fa290_JC.exe C:\Users\Admin\AppData\Local\Temp\mi.exe
PID 760 wrote to memory of 696 N/A C:\Users\Admin\AppData\Local\Temp\24370dee664ee20b21599b477966ea9a7654a1252c772f5afd50a83c427fa290_JC.exe C:\Users\Admin\AppData\Local\Temp\mi.exe
PID 760 wrote to memory of 696 N/A C:\Users\Admin\AppData\Local\Temp\24370dee664ee20b21599b477966ea9a7654a1252c772f5afd50a83c427fa290_JC.exe C:\Users\Admin\AppData\Local\Temp\mi.exe
PID 760 wrote to memory of 696 N/A C:\Users\Admin\AppData\Local\Temp\24370dee664ee20b21599b477966ea9a7654a1252c772f5afd50a83c427fa290_JC.exe C:\Users\Admin\AppData\Local\Temp\mi.exe
PID 760 wrote to memory of 1644 N/A C:\Users\Admin\AppData\Local\Temp\24370dee664ee20b21599b477966ea9a7654a1252c772f5afd50a83c427fa290_JC.exe C:\Users\Admin\AppData\Local\Temp\cli.exe
PID 760 wrote to memory of 1644 N/A C:\Users\Admin\AppData\Local\Temp\24370dee664ee20b21599b477966ea9a7654a1252c772f5afd50a83c427fa290_JC.exe C:\Users\Admin\AppData\Local\Temp\cli.exe
PID 760 wrote to memory of 1644 N/A C:\Users\Admin\AppData\Local\Temp\24370dee664ee20b21599b477966ea9a7654a1252c772f5afd50a83c427fa290_JC.exe C:\Users\Admin\AppData\Local\Temp\cli.exe
PID 760 wrote to memory of 1644 N/A C:\Users\Admin\AppData\Local\Temp\24370dee664ee20b21599b477966ea9a7654a1252c772f5afd50a83c427fa290_JC.exe C:\Users\Admin\AppData\Local\Temp\cli.exe
PID 696 wrote to memory of 840 N/A C:\Users\Admin\AppData\Local\Temp\mi.exe C:\Windows\Temp\setup.exe
PID 696 wrote to memory of 840 N/A C:\Users\Admin\AppData\Local\Temp\mi.exe C:\Windows\Temp\setup.exe
PID 696 wrote to memory of 840 N/A C:\Users\Admin\AppData\Local\Temp\mi.exe C:\Windows\Temp\setup.exe
PID 696 wrote to memory of 840 N/A C:\Users\Admin\AppData\Local\Temp\mi.exe C:\Windows\Temp\setup.exe
PID 1644 wrote to memory of 1200 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1644 wrote to memory of 1200 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1644 wrote to memory of 1200 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1644 wrote to memory of 1200 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1644 wrote to memory of 1200 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1644 wrote to memory of 1200 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1644 wrote to memory of 1200 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1644 wrote to memory of 1200 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1644 wrote to memory of 1200 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1644 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\SysWOW64\WerFault.exe
PID 1644 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\SysWOW64\WerFault.exe
PID 1644 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\SysWOW64\WerFault.exe
PID 1644 wrote to memory of 2036 N/A C:\Users\Admin\AppData\Local\Temp\cli.exe C:\Windows\SysWOW64\WerFault.exe
PID 760 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\24370dee664ee20b21599b477966ea9a7654a1252c772f5afd50a83c427fa290_JC.exe C:\Users\Admin\AppData\Local\Temp\cc.exe
PID 760 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\24370dee664ee20b21599b477966ea9a7654a1252c772f5afd50a83c427fa290_JC.exe C:\Users\Admin\AppData\Local\Temp\cc.exe
PID 760 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\24370dee664ee20b21599b477966ea9a7654a1252c772f5afd50a83c427fa290_JC.exe C:\Users\Admin\AppData\Local\Temp\cc.exe
PID 760 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\24370dee664ee20b21599b477966ea9a7654a1252c772f5afd50a83c427fa290_JC.exe C:\Users\Admin\AppData\Local\Temp\cc.exe
PID 2388 wrote to memory of 2376 N/A C:\Users\Admin\AppData\Local\Temp\cc.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 2376 N/A C:\Users\Admin\AppData\Local\Temp\cc.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 2376 N/A C:\Users\Admin\AppData\Local\Temp\cc.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 2376 N/A C:\Users\Admin\AppData\Local\Temp\cc.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2376 wrote to memory of 2688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2376 wrote to memory of 2688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2376 wrote to memory of 2688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2696 wrote to memory of 1804 N/A C:\Windows\System32\cmd.exe C:\Windows\System32\sc.exe
PID 2696 wrote to memory of 1804 N/A C:\Windows\System32\cmd.exe C:\Windows\System32\sc.exe
PID 2696 wrote to memory of 1804 N/A C:\Windows\System32\cmd.exe C:\Windows\System32\sc.exe
PID 2696 wrote to memory of 2732 N/A C:\Windows\System32\cmd.exe C:\Windows\System32\sc.exe
PID 2696 wrote to memory of 2732 N/A C:\Windows\System32\cmd.exe C:\Windows\System32\sc.exe
PID 2696 wrote to memory of 2732 N/A C:\Windows\System32\cmd.exe C:\Windows\System32\sc.exe
PID 2696 wrote to memory of 1548 N/A C:\Windows\System32\cmd.exe C:\Windows\System32\sc.exe
PID 2696 wrote to memory of 1548 N/A C:\Windows\System32\cmd.exe C:\Windows\System32\sc.exe
PID 2696 wrote to memory of 1548 N/A C:\Windows\System32\cmd.exe C:\Windows\System32\sc.exe
PID 2696 wrote to memory of 2540 N/A C:\Windows\System32\cmd.exe C:\Windows\System32\sc.exe
PID 2696 wrote to memory of 2540 N/A C:\Windows\System32\cmd.exe C:\Windows\System32\sc.exe
PID 2696 wrote to memory of 2540 N/A C:\Windows\System32\cmd.exe C:\Windows\System32\sc.exe
PID 2376 wrote to memory of 2244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2376 wrote to memory of 2244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2376 wrote to memory of 2244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2376 wrote to memory of 2244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2376 wrote to memory of 2244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2376 wrote to memory of 2244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2376 wrote to memory of 2244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2376 wrote to memory of 2244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2376 wrote to memory of 2244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2376 wrote to memory of 2244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2376 wrote to memory of 2244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2376 wrote to memory of 2244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2376 wrote to memory of 2244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2376 wrote to memory of 2244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2376 wrote to memory of 2244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2376 wrote to memory of 2244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Users\Admin\AppData\Local\Temp\24370dee664ee20b21599b477966ea9a7654a1252c772f5afd50a83c427fa290_JC.exe

"C:\Users\Admin\AppData\Local\Temp\24370dee664ee20b21599b477966ea9a7654a1252c772f5afd50a83c427fa290_JC.exe"

C:\Users\Admin\AppData\Local\Temp\mi.exe

"C:\Users\Admin\AppData\Local\Temp\mi.exe"

C:\Users\Admin\AppData\Local\Temp\cli.exe

"C:\Users\Admin\AppData\Local\Temp\cli.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Temp\setup.exe

"C:\Windows\Temp\setup.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 108

C:\Users\Admin\AppData\Local\Temp\cc.exe

"C:\Users\Admin\AppData\Local\Temp\cc.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User DataYEJWB" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User DataYEJWB\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User DataYEJWB" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd4,0x7fef2179758,0x7fef2179768,0x7fef2179778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=38110 --headless --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User DataYEJWB" --profile-directory="Default"

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc

C:\Windows\System32\sc.exe

sc stop UsoSvc

C:\Windows\System32\sc.exe

sc stop WaaSMedicSvc

C:\Windows\System32\sc.exe

sc stop wuauserv

C:\Windows\System32\sc.exe

sc stop bits

C:\Windows\System32\sc.exe

sc stop dosvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --headless --use-angle=swiftshader-webgl --headless --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --mojo-platform-channel-handle=816 --field-trial-handle=1032,i,7748033923070345638,10875601209508780418,131072 --disable-features=PaintHolding /prefetch:2

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#lwilj#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=1208 --field-trial-handle=1032,i,7748033923070345638,10875601209508780418,131072 --disable-features=PaintHolding /prefetch:8

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-ac 0

C:\Windows\system32\schtasks.exe

"C:\Windows\system32\schtasks.exe" /create /f /sc onlogon /rl highest /ru System /tn GoogleUpdateTaskMachineQC /tr "'C:\Program Files\Google\Chrome\updater.exe'"

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-dc 0

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-dc 0

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --first-renderer-process --remote-debugging-port=38110 --allow-pre-commit-input --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1616 --field-trial-handle=1032,i,7748033923070345638,10875601209508780418,131072 --disable-features=PaintHolding /prefetch:1

C:\Windows\System32\schtasks.exe

C:\Windows\System32\schtasks.exe /run /tn "GoogleUpdateTaskMachineQC"

C:\Windows\system32\taskeng.exe

taskeng.exe {F14EF26B-D5A4-44C4-BDD6-56C6D4540D53} S-1-5-18:NT AUTHORITY\System:Service:

C:\Program Files\Google\Chrome\updater.exe

"C:\Program Files\Google\Chrome\updater.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=38110 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=1892 --field-trial-handle=1032,i,7748033923070345638,10875601209508780418,131072 --disable-features=PaintHolding /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=38110 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2404 --field-trial-handle=1032,i,7748033923070345638,10875601209508780418,131072 --disable-features=PaintHolding /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=38110 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=1896 --field-trial-handle=1032,i,7748033923070345638,10875601209508780418,131072 --disable-features=PaintHolding /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=38110 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2552 --field-trial-handle=1032,i,7748033923070345638,10875601209508780418,131072 --disable-features=PaintHolding /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=38110 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=2664 --field-trial-handle=1032,i,7748033923070345638,10875601209508780418,131072 --disable-features=PaintHolding /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=2604 --field-trial-handle=1032,i,7748033923070345638,10875601209508780418,131072 --disable-features=PaintHolding /prefetch:8

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc

C:\Windows\System32\sc.exe

sc stop UsoSvc

C:\Windows\System32\sc.exe

sc stop WaaSMedicSvc

C:\Windows\System32\sc.exe

sc stop wuauserv

C:\Windows\System32\sc.exe

sc stop bits

C:\Windows\System32\sc.exe

sc stop dosvc

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#lwilj#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-dc 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-dc 0

C:\Windows\system32\schtasks.exe

"C:\Windows\system32\schtasks.exe" /create /f /sc onlogon /rl highest /ru System /tn GoogleUpdateTaskMachineQC /tr "'C:\Program Files\Google\Chrome\updater.exe'"

C:\Windows\System32\conhost.exe

C:\Windows\System32\conhost.exe

C:\Windows\explorer.exe

C:\Windows\explorer.exe

Network

Country Destination Domain Proto
PL 51.83.170.21:19447 tcp
US 8.8.8.8:53 transfer.sh udp
DE 144.76.136.153:443 transfer.sh tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 88.221.25.153:80 apps.identrust.com tcp
US 8.8.8.8:53 www.microsoft.com udp
NL 104.85.1.163:80 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
US 8.8.8.8:53 ogs.google.com udp
US 8.8.8.8:53 apis.google.com udp
NL 142.250.179.206:443 ogs.google.com tcp
DE 172.217.23.206:443 apis.google.com tcp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
DE 172.217.23.214:443 i.ytimg.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.251.36.34:443 googleads.g.doubleclick.net tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 142.251.36.34:443 googleads.g.doubleclick.net udp
DE 172.217.23.214:443 i.ytimg.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
NL 142.251.36.10:443 jnn-pa.googleapis.com tcp
NL 142.251.36.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
US 8.8.8.8:53 stratum-eu.rplant.xyz udp
FR 141.94.192.217:17056 stratum-eu.rplant.xyz tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp

Files

memory/760-54-0x0000000000220000-0x0000000000249000-memory.dmp

memory/760-55-0x00000000002D0000-0x000000000030F000-memory.dmp

memory/760-56-0x0000000000400000-0x00000000018CF000-memory.dmp

memory/760-57-0x0000000003500000-0x0000000003538000-memory.dmp

memory/760-60-0x0000000003550000-0x0000000003590000-memory.dmp

memory/760-59-0x0000000003550000-0x0000000003590000-memory.dmp

memory/760-58-0x0000000074830000-0x0000000074F1E000-memory.dmp

memory/760-61-0x00000000035E0000-0x0000000003614000-memory.dmp

memory/760-62-0x00000000034B0000-0x00000000034B6000-memory.dmp

memory/760-63-0x0000000003550000-0x0000000003590000-memory.dmp

memory/760-64-0x0000000000400000-0x00000000018CF000-memory.dmp

memory/760-65-0x0000000000220000-0x0000000000249000-memory.dmp

memory/760-66-0x00000000002D0000-0x000000000030F000-memory.dmp

memory/760-67-0x0000000074830000-0x0000000074F1E000-memory.dmp

memory/760-68-0x0000000003550000-0x0000000003590000-memory.dmp

memory/760-69-0x0000000003550000-0x0000000003590000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\CabCAFF.tmp

MD5 3ac860860707baaf32469fa7cc7c0192
SHA1 c33c2acdaba0e6fa41fd2f00f186804722477639
SHA256 d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904
SHA512 d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

C:\Users\Admin\AppData\Local\Temp\TarFA6B.tmp

MD5 4ff65ad929cd9a367680e0e5b1c08166
SHA1 c0af0d4396bd1f15c45f39d3b849ba444233b3a2
SHA256 c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6
SHA512 f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

C:\Users\Admin\AppData\Local\Temp\mi.exe

MD5 aba23d7f60f40f4dee64fa440d5db6e6
SHA1 dde62462dc7887a6b3ba193eafb50da17ef40e67
SHA256 6398817cc923cfad6178c53c6ba9da1f30c426cd183bfdf86889faba8b4732d6
SHA512 ad89270a47e292c931f47da322c055e168b0c4e28de69a20cbf42db9e60fbd59ceb02c01d1c18b1c931d0f23d19230b1c6390d98f36048a3c581b78ffe75ce40

\Users\Admin\AppData\Local\Temp\mi.exe

MD5 aba23d7f60f40f4dee64fa440d5db6e6
SHA1 dde62462dc7887a6b3ba193eafb50da17ef40e67
SHA256 6398817cc923cfad6178c53c6ba9da1f30c426cd183bfdf86889faba8b4732d6
SHA512 ad89270a47e292c931f47da322c055e168b0c4e28de69a20cbf42db9e60fbd59ceb02c01d1c18b1c931d0f23d19230b1c6390d98f36048a3c581b78ffe75ce40

C:\Users\Admin\AppData\Local\Temp\mi.exe

MD5 aba23d7f60f40f4dee64fa440d5db6e6
SHA1 dde62462dc7887a6b3ba193eafb50da17ef40e67
SHA256 6398817cc923cfad6178c53c6ba9da1f30c426cd183bfdf86889faba8b4732d6
SHA512 ad89270a47e292c931f47da322c055e168b0c4e28de69a20cbf42db9e60fbd59ceb02c01d1c18b1c931d0f23d19230b1c6390d98f36048a3c581b78ffe75ce40

\Users\Admin\AppData\Local\Temp\cli.exe

MD5 b78141a544759e1a07740aa28b35584c
SHA1 af95ccd7d12c7ed7bdc6782373302118d2ebe3a8
SHA256 e268b72e92c9d9af52c25f4d7643bd96c84172fadb4e7a300091eb287ee3a35d
SHA512 2f83ef2eaf8951d392f32405dd9c2555be803f63cbdb9118c4204ad148a254a19aa593082a2f5c7a1b962329df08fede026d0715513adf26d838f043fd451959

memory/760-123-0x000000000C270000-0x000000000C4FB000-memory.dmp

memory/1644-126-0x0000000000860000-0x0000000000AEB000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\cli.exe

MD5 b78141a544759e1a07740aa28b35584c
SHA1 af95ccd7d12c7ed7bdc6782373302118d2ebe3a8
SHA256 e268b72e92c9d9af52c25f4d7643bd96c84172fadb4e7a300091eb287ee3a35d
SHA512 2f83ef2eaf8951d392f32405dd9c2555be803f63cbdb9118c4204ad148a254a19aa593082a2f5c7a1b962329df08fede026d0715513adf26d838f043fd451959

memory/1644-130-0x0000000000860000-0x0000000000AEB000-memory.dmp

C:\Windows\Temp\setup.exe

MD5 bc202c47461acbe8bef80e143eb3a364
SHA1 0ef433c2e54c4097f0ac3dc722fb9e4e7b7c2634
SHA256 df144eec828ac28a99d5d148493b3a4c8f36fce79ea7c41c08511ff69d6762bb
SHA512 3bec158714630e6d38867ddba74eda37e036fa2d31c3b3b83229ab593ee85e36c9964aebb31a847bb5b0e65932d8fcfe0860cb6b2a7a31c10204887daa018e08

memory/696-135-0x0000000004360000-0x00000000055C5000-memory.dmp

C:\Windows\Temp\setup.exe

MD5 bc202c47461acbe8bef80e143eb3a364
SHA1 0ef433c2e54c4097f0ac3dc722fb9e4e7b7c2634
SHA256 df144eec828ac28a99d5d148493b3a4c8f36fce79ea7c41c08511ff69d6762bb
SHA512 3bec158714630e6d38867ddba74eda37e036fa2d31c3b3b83229ab593ee85e36c9964aebb31a847bb5b0e65932d8fcfe0860cb6b2a7a31c10204887daa018e08

\Windows\Temp\setup.exe

MD5 bc202c47461acbe8bef80e143eb3a364
SHA1 0ef433c2e54c4097f0ac3dc722fb9e4e7b7c2634
SHA256 df144eec828ac28a99d5d148493b3a4c8f36fce79ea7c41c08511ff69d6762bb
SHA512 3bec158714630e6d38867ddba74eda37e036fa2d31c3b3b83229ab593ee85e36c9964aebb31a847bb5b0e65932d8fcfe0860cb6b2a7a31c10204887daa018e08

memory/1200-137-0x0000000000400000-0x0000000000527000-memory.dmp

memory/1200-138-0x0000000000400000-0x0000000000527000-memory.dmp

memory/840-141-0x000000013F910000-0x0000000140B75000-memory.dmp

memory/840-145-0x0000000077840000-0x00000000779E9000-memory.dmp

memory/840-144-0x000000013F910000-0x0000000140B75000-memory.dmp

memory/1200-147-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

memory/1200-151-0x0000000000400000-0x0000000000527000-memory.dmp

memory/840-152-0x000000013F910000-0x0000000140B75000-memory.dmp

\Users\Admin\AppData\Local\Temp\cli.exe

MD5 b78141a544759e1a07740aa28b35584c
SHA1 af95ccd7d12c7ed7bdc6782373302118d2ebe3a8
SHA256 e268b72e92c9d9af52c25f4d7643bd96c84172fadb4e7a300091eb287ee3a35d
SHA512 2f83ef2eaf8951d392f32405dd9c2555be803f63cbdb9118c4204ad148a254a19aa593082a2f5c7a1b962329df08fede026d0715513adf26d838f043fd451959

\Users\Admin\AppData\Local\Temp\cli.exe

MD5 b78141a544759e1a07740aa28b35584c
SHA1 af95ccd7d12c7ed7bdc6782373302118d2ebe3a8
SHA256 e268b72e92c9d9af52c25f4d7643bd96c84172fadb4e7a300091eb287ee3a35d
SHA512 2f83ef2eaf8951d392f32405dd9c2555be803f63cbdb9118c4204ad148a254a19aa593082a2f5c7a1b962329df08fede026d0715513adf26d838f043fd451959

memory/840-155-0x000000013F910000-0x0000000140B75000-memory.dmp

memory/840-156-0x000000013F910000-0x0000000140B75000-memory.dmp

memory/840-157-0x000000013F910000-0x0000000140B75000-memory.dmp

memory/840-158-0x000000013F910000-0x0000000140B75000-memory.dmp

memory/1200-159-0x0000000000400000-0x0000000000527000-memory.dmp

memory/1200-164-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/760-163-0x000000000C300000-0x000000000C934000-memory.dmp

\Users\Admin\AppData\Local\Temp\cc.exe

MD5 858f82fe9166c34b6709a3adfe6a625f
SHA1 63275e4b77e0fe6fa6f1db716b5963b69b68f8a5
SHA256 8ec2c1bb10e05a5129269488b53a46c6b5be3691c61ef7da7c6eecf1c0444b28
SHA512 1338082ebb6bf658125cd6d72f5885c78865c1abbed50fd10317dacaf41a450eb98b949631f1a1b94a67d335b23cfc0fa78d0d8db3d726adf2a57af50307b89e

C:\Users\Admin\AppData\Local\Temp\cc.exe

MD5 858f82fe9166c34b6709a3adfe6a625f
SHA1 63275e4b77e0fe6fa6f1db716b5963b69b68f8a5
SHA256 8ec2c1bb10e05a5129269488b53a46c6b5be3691c61ef7da7c6eecf1c0444b28
SHA512 1338082ebb6bf658125cd6d72f5885c78865c1abbed50fd10317dacaf41a450eb98b949631f1a1b94a67d335b23cfc0fa78d0d8db3d726adf2a57af50307b89e

memory/1200-165-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/1200-167-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/1200-169-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/1200-171-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/760-168-0x0000000000400000-0x00000000018CF000-memory.dmp

memory/1200-173-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/1200-172-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/1200-175-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/1200-178-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/1200-180-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

\Users\Admin\AppData\Local\Temp\cli.exe

MD5 b78141a544759e1a07740aa28b35584c
SHA1 af95ccd7d12c7ed7bdc6782373302118d2ebe3a8
SHA256 e268b72e92c9d9af52c25f4d7643bd96c84172fadb4e7a300091eb287ee3a35d
SHA512 2f83ef2eaf8951d392f32405dd9c2555be803f63cbdb9118c4204ad148a254a19aa593082a2f5c7a1b962329df08fede026d0715513adf26d838f043fd451959

memory/1200-181-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/1200-183-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/1200-185-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2388-182-0x00000000010E0000-0x0000000001714000-memory.dmp

memory/1200-186-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/840-184-0x000000013F910000-0x0000000140B75000-memory.dmp

memory/1200-188-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2388-191-0x00000000010E0000-0x0000000001714000-memory.dmp

memory/2388-194-0x0000000077A30000-0x0000000077A32000-memory.dmp

memory/1200-195-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2388-192-0x0000000000100000-0x0000000000170000-memory.dmp

memory/1200-193-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/1200-190-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/760-189-0x0000000074830000-0x0000000074F1E000-memory.dmp

memory/1200-187-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/1200-196-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/1200-198-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/1200-199-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/1200-201-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/1200-203-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/1200-204-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2388-202-0x0000000002BA0000-0x0000000002C0C000-memory.dmp

memory/1200-206-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2388-205-0x00000000735A0000-0x0000000073C8E000-memory.dmp

memory/1644-200-0x0000000000860000-0x0000000000AEB000-memory.dmp

memory/1200-207-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/1200-208-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/1200-209-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/1200-210-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/1200-212-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/696-211-0x0000000004360000-0x00000000055C5000-memory.dmp

memory/1200-214-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/1200-216-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/1200-217-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2388-215-0x0000000001000000-0x0000000001040000-memory.dmp

memory/2388-213-0x0000000001000000-0x0000000001040000-memory.dmp

memory/1200-218-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/1200-220-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/840-219-0x000000013F910000-0x0000000140B75000-memory.dmp

memory/1200-222-0x00000000FFFA0000-0x00000000FFFB0000-memory.dmp

memory/2388-228-0x0000000001000000-0x0000000001040000-memory.dmp

memory/840-238-0x0000000077840000-0x00000000779E9000-memory.dmp

memory/2388-236-0x0000000003470000-0x0000000003522000-memory.dmp

memory/992-259-0x000000001B160000-0x000000001B442000-memory.dmp

memory/992-261-0x0000000002320000-0x0000000002328000-memory.dmp

memory/992-291-0x000007FEF5970000-0x000007FEF630D000-memory.dmp

memory/992-292-0x00000000023E0000-0x0000000002460000-memory.dmp

memory/992-298-0x00000000023E0000-0x0000000002460000-memory.dmp

memory/992-303-0x00000000023E0000-0x0000000002460000-memory.dmp

memory/1200-304-0x0000000077A3F000-0x0000000077A40000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User DataYEJWB\CrashpadMetrics-active.pma

MD5 03c4f648043a88675a920425d824e1b3
SHA1 b98ce64ab5f7a187d19deb8f24ca4ab5d9720a6d
SHA256 f91dbb7c64b4582f529c968c480d2dce1c8727390482f31e4355a27bb3d9b450
SHA512 2473f21cf8747ec981db18fb42726c767bbcca8dd89fd05ffd2d844206a6e86da672967462ac714e6fb43cc84ac35fffcec7ddc43a9357c1f8ed9d14105e9192

memory/992-294-0x00000000023E0000-0x0000000002460000-memory.dmp

memory/992-293-0x000007FEF5970000-0x000007FEF630D000-memory.dmp

memory/992-308-0x000007FEF5970000-0x000007FEF630D000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User DataYEJWB\Local State

MD5 68f72bcd80a28aa08d71e0065fc1ceee
SHA1 1fc43e0fe64841809234fedea19a07d9f468a66c
SHA256 ea323a0bcaa69447908d3aab249218f20e61c1800a6583cf50f3d90e0c3f81e2
SHA512 1e4cd6074450d0aa78b111ba5ae38ef9619088a38ebd194122f16611831793610fe43b7cd7a1fb7940745dc46229d73dc67f6f090c880698d323a188dbffe738

C:\Windows\system32\drivers\etc\hosts

MD5 2b19df2da3af86adf584efbddd0d31c0
SHA1 f1738910789e169213611c033d83bc9577373686
SHA256 58868a299c5cf1167ed3fbc570a449ecd696406410b24913ddbd0f06a32595bd
SHA512 4a1831f42a486a0ad2deef3d348e7220209214699504e29fdfeb2a6f7f25ad1d353158cd05778f76ef755e77ccd94ce9b4a7504039e439e4e90fa7cde589daa6

C:\Users\Admin\AppData\Local\Google\Chrome\User DataYEJWB\Default\Local Storage\leveldb\MANIFEST-000004

MD5 031d6d1e28fe41a9bdcbd8a21da92df1
SHA1 38cee81cb035a60a23d6e045e5d72116f2a58683
SHA256 b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da
SHA512 e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904

C:\Users\Admin\AppData\Local\Google\Chrome\User DataYEJWB\Default\Local Storage\leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\VQJYZEA7W0UVP7HWGIQA.temp

MD5 e5abcbb3ae21f54f9b54866771ca165b
SHA1 035d348d8fe61630fe8f43a30cb072fc4ddb82e5
SHA256 ffcdd9b5a1b86b96f21daef77f5abbd439c90b2ac4877f8bae34165069440583
SHA512 620d4ad45a2da9060d546993f06b7ff52acc193b7fc157e155d9607f9e9675bda55f37527a751a13d0ca657dad7f948c99c76d5589c03fb981966c7814ab1596

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

MD5 e5abcbb3ae21f54f9b54866771ca165b
SHA1 035d348d8fe61630fe8f43a30cb072fc4ddb82e5
SHA256 ffcdd9b5a1b86b96f21daef77f5abbd439c90b2ac4877f8bae34165069440583
SHA512 620d4ad45a2da9060d546993f06b7ff52acc193b7fc157e155d9607f9e9675bda55f37527a751a13d0ca657dad7f948c99c76d5589c03fb981966c7814ab1596

C:\Users\Admin\AppData\Local\Google\Chrome\User DataYEJWB\Default\Local Storage\leveldb\LOG

MD5 6ae00c7c85cf9ca34a076aaf06da4e60
SHA1 9f9b609e4abb7a2971cab181e306b77513069907
SHA256 195b8f9e3f5b30e125571d3981ee2820aa6c83ce9cc2aea0c7105242144bcb0f
SHA512 f9efcd4b1f5b23f0d186f8df51d4d830a509b58bf3be897c204b42b045936d89df0a87690ff97c687c7600a9fc3a050403281de9188112e5566bd2d53b890be1

C:\Users\Admin\AppData\Local\Google\Chrome\User DataYEJWB\Default\Local Storage\leveldb\LOG.old

MD5 9a5fa3edd2c2af71986199fe74033097
SHA1 b4516b6b87ef5387d4bbb585c883cec7fa48c44c
SHA256 c352e18654165e2cdbf584baebf798bbcdd0ae021121a23d89c9a49137782b96
SHA512 c3f06507d460b07215b8881ac0c1f9ac1753ec831446ac236257ab2e0027ed5523549ed9c7b9e51ca945404fde31b5dc36ab114509873cf69760378172879811

\??\pipe\crashpad_2376_NSHVBNJUYZRZIAIB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/1796-331-0x00000000023D0000-0x0000000002450000-memory.dmp

memory/1796-329-0x000007FEF52C0000-0x000007FEF5C5D000-memory.dmp

memory/1796-328-0x00000000022D0000-0x00000000022D8000-memory.dmp

memory/1796-327-0x000000001B150000-0x000000001B432000-memory.dmp

memory/1796-332-0x000007FEF52C0000-0x000007FEF5C5D000-memory.dmp

memory/1796-333-0x00000000023D0000-0x0000000002450000-memory.dmp

memory/1796-334-0x00000000023D0000-0x0000000002450000-memory.dmp

memory/2388-335-0x00000000735A0000-0x0000000073C8E000-memory.dmp

memory/1796-336-0x00000000023D0000-0x0000000002450000-memory.dmp

memory/1796-353-0x000007FEF52C0000-0x000007FEF5C5D000-memory.dmp

C:\Windows\Temp\setup.exe

MD5 bc202c47461acbe8bef80e143eb3a364
SHA1 0ef433c2e54c4097f0ac3dc722fb9e4e7b7c2634
SHA256 df144eec828ac28a99d5d148493b3a4c8f36fce79ea7c41c08511ff69d6762bb
SHA512 3bec158714630e6d38867ddba74eda37e036fa2d31c3b3b83229ab593ee85e36c9964aebb31a847bb5b0e65932d8fcfe0860cb6b2a7a31c10204887daa018e08

memory/2388-357-0x0000000001000000-0x0000000001040000-memory.dmp

memory/840-358-0x0000000077840000-0x00000000779E9000-memory.dmp

memory/840-359-0x000000013F910000-0x0000000140B75000-memory.dmp

memory/2388-360-0x0000000001000000-0x0000000001040000-memory.dmp

\Program Files\Google\Chrome\updater.exe

MD5 bc202c47461acbe8bef80e143eb3a364
SHA1 0ef433c2e54c4097f0ac3dc722fb9e4e7b7c2634
SHA256 df144eec828ac28a99d5d148493b3a4c8f36fce79ea7c41c08511ff69d6762bb
SHA512 3bec158714630e6d38867ddba74eda37e036fa2d31c3b3b83229ab593ee85e36c9964aebb31a847bb5b0e65932d8fcfe0860cb6b2a7a31c10204887daa018e08

C:\Program Files\Google\Chrome\updater.exe

MD5 bc202c47461acbe8bef80e143eb3a364
SHA1 0ef433c2e54c4097f0ac3dc722fb9e4e7b7c2634
SHA256 df144eec828ac28a99d5d148493b3a4c8f36fce79ea7c41c08511ff69d6762bb
SHA512 3bec158714630e6d38867ddba74eda37e036fa2d31c3b3b83229ab593ee85e36c9964aebb31a847bb5b0e65932d8fcfe0860cb6b2a7a31c10204887daa018e08

memory/1888-367-0x0000000077840000-0x00000000779E9000-memory.dmp

memory/3032-366-0x000000013F3B0000-0x0000000140615000-memory.dmp

memory/1888-370-0x000000013F3B0000-0x0000000140615000-memory.dmp

memory/2388-375-0x0000000002E60000-0x0000000002EA2000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User DataYEJWB\Default\Network\Cookies

MD5 c9ff7748d8fcef4cf84a5501e996a641
SHA1 02867e5010f62f97ebb0cfb32cb3ede9449fe0c9
SHA256 4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988
SHA512 d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73

C:\Users\Admin\AppData\Local\Google\Chrome\User DataYEJWB\Default\Session Storage\CURRENT~RFf77c255.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User DataYEJWB\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Google\Chrome\User DataYEJWB\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 08170d89ef3ed5972b908b0b2ffc65e0
SHA1 3beb59dadea4f29b8aa8a0da1b4a56e20561d27c
SHA256 3f8bbf456d53329e55cb32195a139b8ada0faebf54a234d1dd5d8a056fdc170d
SHA512 220284faf7b8513cf6aad61badd1747fd26edbb1c8b43a80239b4eb5c46eacf075dd860110149c608f778d41c4fc875774b9e119ac84607207a34a3bd86d0f5c

C:\Users\Admin\AppData\Local\Google\Chrome\User DataYEJWB\Default\Service Worker\ScriptCache\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

memory/3032-632-0x000000013F3B0000-0x0000000140615000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User DataYEJWB\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 26675f9048c3563e1435800debd6f205
SHA1 5abe02342c6b1d80e619b7a015984909dbdf9220
SHA256 100bcc5283c0ad361ff4c426c6ff6461dec0a9d81b7007c28422a08332ea56a0
SHA512 97aa27a924e6c1f22bff911bd9c86ab42d870bf041ddf3d2baf503e223260719d3f0abfe485f25bad7e93996497758c7970b6d7e95e6cd521a93dae4793bc4ac

C:\Users\Admin\AppData\Local\Google\Chrome\User DataYEJWB\Default\DawnCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User DataYEJWB\Default\GPUCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Google\Chrome\User DataYEJWB\Default\GPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Google\Chrome\User DataYEJWB\Default\GPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Google\Chrome\User DataYEJWB\DevToolsActivePort

MD5 eb27386aaed575f1fac6386ca695331e
SHA1 66c97e0d120ad26edea9f2bf6442012b9ac4971f
SHA256 2a4d0273db8ad6235672566a720142a02ab0c1f98d5cc46da51b35db822942d8
SHA512 fdfd0ab08aee0dc8f615a9ccfd608199397f16e3de28fbb9c7a2f7737ba8b2f25dfcb9bc264fc6b918782af0cc84c572666ce9098e19f90e2c126d5d727c8018

C:\Users\Admin\AppData\Local\Google\Chrome\User DataYEJWB\Crashpad\settings.dat

MD5 ef4f4ff3bed486086e24e285567052c5
SHA1 355ab2021e5b534f2aa5d21a57f78b2a7e42b914
SHA256 f1aebec0afef8eabbc39ea0cf8f820e21171abbdf0d8280bcc8d171f0e7174e2
SHA512 10d96b19724b5c969f14fd12afcddcf976590a198457ba887dae7b15b89c7d1be3e45e79b9eb0b9275f333931e3c807d7e7cb6f2f94b5ff8884b72bf002fcec3

C:\Users\Admin\AppData\Local\Google\Chrome\User DataYEJWB\Default\Code Cache\js\15d5afedde7ff219_0

MD5 9d81f80a8f629ea1afd4a6ef3ef53873
SHA1 ba98f7b410df121b61d6f67c19ae1e015cc4f505
SHA256 2a7c4a851a18b1c6ab38f409c6a43b9612f173f3a77a7b174bccceaa43f1ff93
SHA512 4ce0c1cee80c7ef7301891fc4f0c68397069eebc90f9f5e96913a030c1ea422e8fbcb29c6f6440f139c67218f923ad292ad7268195c0a7c4d6d45be33d095803

C:\Users\Admin\AppData\Local\Google\Chrome\User DataYEJWB\Default\Code Cache\js\10e544c7a72e2f65_0

MD5 976ee2f69e19d2e2890d12afb91a1c59
SHA1 195ad10ed736773aa98f581602f0d34d9dd5d167
SHA256 09a063e0af5b9db4d205aa520a866c4ad7372006985466662897cdde3863e6ff
SHA512 52841e75f48f115dd2096458ae2fa9232f7f6164a02482de3ef4b266c3c906964bc871dfa3088429ef1a19e1d178bcf6e0b6bb74076ac5c4bf94dd67ba2e7b08

C:\Users\Admin\AppData\Local\Google\Chrome\User DataYEJWB\Default\Code Cache\js\06db5837b6c74111_0

MD5 a746ecbb4ef680a8b07a472ff590ba42
SHA1 6b96473c16df8311be4f87b6248d213ae1dd9aa2
SHA256 e4bcc1fb6eedd36f2f518e63a6ab15bb6f189f11549c156887f9c1dd8fd56a96
SHA512 1cef3ec522add0dd65edc9be27a90be2be6e42071b414a976f767d5ee2ee4f5a5bd27e8f7767728f2e7e07e41c8f30801e6d64d7030476d691c23250922db756

C:\Users\Admin\AppData\Local\Google\Chrome\User DataYEJWB\Default\Cache\Cache_Data\index

MD5 2ae26f6c7d41a8033dc95112fb3ca38d
SHA1 3702563cb19f9ef22eda1d9b20fd75b79f47ed01
SHA256 e094069337de4722b3b6c8be3aa028239b98c5e467c68746cddcd4892e80e52b
SHA512 bece00e028eba4eaa18f184164eaea1cf7c62f612b4ee2ae1e66fda41561587ae5cddd625ab1e1e1e8c2320338c9db200d1b4810e9414fea441ffb89cccb0b4d

C:\Users\Admin\AppData\Local\Google\Chrome\User DataYEJWB\Default\Cache\Cache_Data\f_000014

MD5 767ffe2da148ab1b56e1cf31badb0dbf
SHA1 167aad2ec09c24ed963dc9984a1a205e3e2e8afb
SHA256 81b047bf6c7780a0f934eaa977ad932d96c4e3672ae6280769695bdfc834094a
SHA512 baa0ed9eaee8057e9ecac62de3d6fef6c8d19f67581b43a174e08b174ff52182b29f96a51a0aa742f5a5ae9af878501b5d08a93f87c5362f3ce8e00594491f5d

C:\Users\Admin\AppData\Local\Google\Chrome\User DataYEJWB\Default\Cache\Cache_Data\f_000013

MD5 3eff107111d8dfc91e048573b1f227d8
SHA1 dde20da014e819d11e138b346121cc97791e9dcd
SHA256 0e8fc4bbc6a3e0c34adf9ee888b297d516d0db0a9cdc5b3632a01484d418374d
SHA512 223386fb5bd3709b1929a52ead00e81494fe81f822301acbf3920a4292432ffce5dda21c503622f9f373807cd447b7209a8dfd193d4ce8cc44e0b100db8a74fd

C:\Users\Admin\AppData\Local\Google\Chrome\User DataYEJWB\Default\Cache\Cache_Data\f_000012

MD5 789fd4f17cc11ac527dc82ac561b3220
SHA1 83ac8d0ad8661ab3e03844916a339833169fa777
SHA256 5459e6f01b7edde5f425c21808de129b69470ee3099284cb3f9413d835903739
SHA512 742d95bb65dcc72d7ce7056bd4d6f55e2811e98f7a3df6f1b7daef946043183714a8a3049b12a0be8ac21d0b4f6e38f7269960e57b006dfec306158d5a373e78

C:\Users\Admin\AppData\Local\Google\Chrome\User DataYEJWB\Default\Cache\Cache_Data\f_000011

MD5 e59ab3396f84d2d9ba952b2b1442e497
SHA1 70e39789f988dd41a756d33d6bc255927081538c
SHA256 f7b5ba36ab1a6d9c3e5e70828b6fcb39a5321af1867a86ff947a5319eafee915
SHA512 0f0788cbac0b0427e5d6f7a0ebc2315a69125b4374836fd560539ee5eab5bac13442daffdaab81b7ef37cf0d2ccef80868faffc0d4a58acb6b0bcc8512e0a9e5

C:\Users\Admin\AppData\Local\Google\Chrome\User DataYEJWB\Default\Cache\Cache_Data\f_000010

MD5 8a9c9f9e7669238e7503ef92889f7ab0
SHA1 1baaea34153f6e1715bf2a2dcf6d633a9f599fb2
SHA256 c5a05fe21d05a893cfac8128764d30663ccd45a339fdf36d2673f93b03854b5e
SHA512 09ad23b20baaa702a56b11bfaa59c52ef539c5e701cd57d88f4250be627b765f47d712dd241f197ca16d02bba7f865d8024d9267bc36920a2c359652ce471dd1

C:\Users\Admin\AppData\Local\Google\Chrome\User DataYEJWB\Default\Cache\Cache_Data\f_00000f

MD5 250bdff8769a9791656b1475a293c486
SHA1 31ccb16008e78db499d1cc68cff74ebf1979f1a1
SHA256 aca7dc1db7b861fa7c839ae3c537ed48b098ffedc1151c0fb95e744af1cb7738
SHA512 ba37f07adc32644e34700559f11a654a7862787ab1bb5bd53040c42b16a80f336823dca61e202a07130ad0845335b2d92b404567eded9619b4569d1b544ebcf2

C:\Users\Admin\AppData\Local\Google\Chrome\User DataYEJWB\Default\Cache\Cache_Data\f_00000e

MD5 189badc72a668aade50699ae05067c2a
SHA1 5458410fc96bcf08b29f204b05470dad5882afb9
SHA256 896d76b06fe7bc62fa10e8f9091b84584d8fdbd7eaaea1183f7c1e5e3a98c559
SHA512 287ff71f9b6ab261f989792cfee0b99e1745c57e8e8c9c3c55e07592a835008673a9ee5b2099ef9beb6ef4343c10827109b281b2fbed0fe0de1da020723c622b

C:\Users\Admin\AppData\Local\Google\Chrome\User DataYEJWB\Default\Cache\Cache_Data\f_00000d

MD5 7db3096a5ce269d5140afbedb84e0fb7
SHA1 1155014e26835855c4177e8916b0bbcd5e4cca61
SHA256 48662b9313a828746c1ba3edfa196d8ecd6b0ca730848ead5418fcde8da4a809
SHA512 a349f3265db5ebff9e535778ccc92bc846fa9a4175dbf4d9c0e5b77d294ae521eca5f104d45f0eab0bba88120a08103ce997a420ecace703e211796e842ca7dc

C:\Users\Admin\AppData\Local\Google\Chrome\User DataYEJWB\Default\Cache\Cache_Data\f_00000c

MD5 9f1c899a371951195b4dedabf8fc4588
SHA1 7abeeee04287a2633f5d2fa32d09c4c12e76051b
SHA256 ba60b39bc10f6abd7f7a3a2a9bae5c83a0a6f7787e60115d0e8b4e17578c35f7
SHA512 86e75284beaff4727fae0a46bd8c3a8b4a7c95eceaf45845d5c3c2806139d739c983205b9163e515f6158aa7c3c901554109c92a7acc2c0077b1d22c003dba54

C:\Users\Admin\AppData\Local\Google\Chrome\User DataYEJWB\Default\Cache\Cache_Data\f_00000b

MD5 e497db3e0ac04435cdbf5eb9882cd5bc
SHA1 34afed04221cf89195b6c3d2d994078057a522b9
SHA256 de5123dc7b89b60201d77a6511dc11738ae6df6da2ecaa4debc533470f536ea0
SHA512 d69e6ee3a796550b05a3f60f9d45369584e8d208c7c4230438e94bec6bb037c7024595a4718f79075f75caaab4ab588766f570fe280942f20114084cb2642795

C:\Users\Admin\AppData\Local\Google\Chrome\User DataYEJWB\Default\Cache\Cache_Data\f_00000a

MD5 af4564a0fc9e3b162abff0021dbc6b0b
SHA1 566fd9daf84c3a0718666ad3a818510cc8b6456c
SHA256 2399106c9fa4c4ceaacf0080cb23946bc0b779ed62e6ac959e4327f6547a340c
SHA512 b0b87f3988a99586a98aa4931ab3f463a0aeb24232078174ac54d777e7cd24c634b4224182e10b2c34885a7154a40d1018679cec07a01699c1f82aaf730ce9c8

C:\Users\Admin\AppData\Local\Google\Chrome\User DataYEJWB\Default\Cache\Cache_Data\f_000009

MD5 2d52125a96fb5a7227c67848bc18f65c
SHA1 a3593c6d8e3b6b458b6bbc2c6423dc76e30a84a3
SHA256 61f3154c19e46e1989d6fadbfe20835d0c9fc47242dc5828e776e3ec667fda24
SHA512 5f151708007cb474e64e8968b1f6b5e5331c434cc237627c6c5c92d1894d020f476ad88461e35fbf383aa46750a9cdcaf3a2ac8fe90570753c73fcf17ac0cbe6

C:\Users\Admin\AppData\Local\Google\Chrome\User DataYEJWB\Default\Cache\Cache_Data\f_000008

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Google\Chrome\User DataYEJWB\Default\Cache\Cache_Data\f_000007

MD5 c101a8ba729b894927d7d884e4be68a8
SHA1 4bf48f94ff4e50e81c9d83b641af74b3bed580a0
SHA256 544f08482a62485be4acbc443462b01fe16b408b3d154c0cb1ff921a453cee33
SHA512 77483a92abeed799dfb1e782988569875b29eccebfb14e5be353302849ea6f0ac6a6411a72d6da706ec3767a54f12907fd0bfa4646ad4ca1cf4e1e15fbe9a9ed

C:\Users\Admin\AppData\Local\Google\Chrome\User DataYEJWB\Default\Cache\Cache_Data\f_000006

MD5 6a3bb9c5ba28ee73af6c1b53e281b0cf
SHA1 d96e403c99c1707f82ea29c2c1f134e792c64097
SHA256 2f5adfc38558162578ffe112229f10417fbc4b3df025d153d4e22a0c95177740
SHA512 6c4844f70969938339cb6716a834a79e1a8379459c87b983c2518b9cbb560cb2f101aff980f682989928523be6cdc99bde3bfd8137f9c54a58191b900b580fbf

C:\Users\Admin\AppData\Local\Google\Chrome\User DataYEJWB\Default\Cache\Cache_Data\f_000005

MD5 5641d2e6eb6f88f5c306ef14bcda7513
SHA1 1714fcfbf63fc8d860c0edb99ca221ac99194f07
SHA256 d573a0546fac381049946c0b0bdad4c42d2e60b572b79ed8c41e51894d9ef1ab
SHA512 2f4d2220ce860110fb6ad9b438b05d43551577f93f45bc97f56aa80c89e1a369734b64c190335a9df1963c547a5b607c5f8e3e229da906a36ff6f96d387a1774

C:\Users\Admin\AppData\Local\Google\Chrome\User DataYEJWB\Default\Cache\Cache_Data\f_000004

MD5 b096dc9a3e4e6748a91abe826cf5d165
SHA1 b115fd9390e39b86a711039745cbad73741d7252
SHA256 7552567793d51609afaac7d5e1b3d2289f1a64a323a84c74c28fe615075e1c3f
SHA512 c075f36473b578f645ab66f1800d6e0a61b66719361c8c730ccb4505c1ab127ce96d5409c0c82aeddbc2bd03bef6c7a905310e4462ac7a0ebb2e07b45cf33a94

C:\Users\Admin\AppData\Local\Google\Chrome\User DataYEJWB\Default\Cache\Cache_Data\f_000003

MD5 21808cd0724524589cd4ec1ce26f6d58
SHA1 fc5cc4cb347ed20389626c58a6de396ef1ac5ada
SHA256 1a7608a326717e18f424991b924d9c7319eb273cc3af432585d95ce8b068ca8d
SHA512 36902ff35a1ed469aa9cab3856b1b0057ca7db8ea4d92ca1d129e68f02eebd5322a4e81aec29a2b1c0c289e2f82df13684ccf0305378878494260c4d4e6caf0d

C:\Users\Admin\AppData\Local\Google\Chrome\User DataYEJWB\Default\Cache\Cache_Data\f_000002

MD5 01af703c52ac5a93685bb3911d6918f1
SHA1 cbb1279745c1c2208fb9b8606e3d3513cd5dc3e7
SHA256 75ecbede729daef7531a6e43dcaf82afd1ac691c5a993231ddbe40254bf01653
SHA512 fbf1f2a3180f001cab1a860425f750010d6932479b343d5848ee0a78e03e29a46a123ee0103560d87df32daa3f6878cde07927e11e0615ad8e3c8e1568b942c6

C:\Users\Admin\AppData\Local\Google\Chrome\User DataYEJWB\Default\Cache\Cache_Data\data_3

MD5 006478fa144f22d5d0785e4f81763031
SHA1 6e36403a32b03e32ad6f345a0798fa4c63ad38ab
SHA256 edf9d1e86d8cce528dbccaa0deb6f2ac133d5097bd081979f120145e5e048199
SHA512 33770b69f48f9bf310ac7913ba70a7199571d13038dd44341c903e4fc6d9f4c4505a41dd93fccb3e35888e9699c5a50a9a3755273abdd940472cdaff7a0906d6

C:\Users\Admin\AppData\Local\Google\Chrome\User DataYEJWB\Default\Cache\Cache_Data\data_2

MD5 0f04f5de23eee288642c90c266d101c2
SHA1 adf6d4b7e2823ca8c9ada028474b435b363c044c
SHA256 15ded1d038d0f85ab0b513ad71072949b7defeeb987d7b8fa20d87939e53d6da
SHA512 e473cf7a5a95859522f2b735940a44e7ad47d252d9f8325bf66921e6ad6f3604fc9ec8706832f8d0061f6e4378ca0b711dac544ae5cdbfa4602a8200a2dda803

C:\Users\Admin\AppData\Local\Google\Chrome\User DataYEJWB\Default\Cache\Cache_Data\data_1

MD5 adc96342d540d4e6cc8f4268a670847f
SHA1 bab3172d2fa9989508d32d1352ce869c2f1a9ba9
SHA256 4bb57d9566b6ff9ff1ad01d151bbc78918a40c4a2666ff3651717d8f2b28c0a5
SHA512 63aced661d8660a2f2093effcf58d3c1cea7036b7f7a879c9a73cfc22037a11eeb9ccf32b8ed8e5d676e83624bf53e76b697e84621168809003ac5059a4927d2

C:\Users\Admin\AppData\Local\Google\Chrome\User DataYEJWB\Default\Cache\Cache_Data\data_0

MD5 927debe3b332057ea0132941ef3eee59
SHA1 8403f43507965135c7c3c639d825620b2720effc
SHA256 16901357c602125b3ac7f89aeef39708e263b67b93f73dbd1673f77420265c61
SHA512 e77019437d1c8e78f8eae69f0ac15df64e76f2dddcf5e9324764663e155a87953f142424c6d7ec3bc62456d5d9d52f867af0b9aae6d2791edb925fa5de4d63e4

C:\Users\Admin\AppData\Local\Google\Chrome\User DataYEJWB\Default\chrome_debug.log

MD5 3e77956fabdcb6f7609b81957ea00120
SHA1 7bf13c1f8d89ddbf02c889377ec75ebfe5e703b1
SHA256 926fa1e1c8a82e1ec0f130d18539ea69e44815f6187f5cda27523a02c51a2081
SHA512 a0ef1e135ad61b8967bbe4710d571c43d5381e7c6e16cbca9e1ed9073c931ba5a8298be9d8ac493a494fe0ed298c0da64802824b258c4439aff4e2fa5c9e3432

Analysis: behavioral2

Detonation Overview

Submitted

2023-08-13 09:17

Reported

2023-08-13 09:19

Platform

win10v2004-20230703-en

Max time kernel

142s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\24370dee664ee20b21599b477966ea9a7654a1252c772f5afd50a83c427fa290_JC.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\24370dee664ee20b21599b477966ea9a7654a1252c772f5afd50a83c427fa290_JC.exe

"C:\Users\Admin\AppData\Local\Temp\24370dee664ee20b21599b477966ea9a7654a1252c772f5afd50a83c427fa290_JC.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 400 -ip 400

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 400 -s 1844

Network

Country Destination Domain Proto
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 1.202.248.87.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 108.211.229.192.in-addr.arpa udp
PL 51.83.170.21:19447 tcp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 21.170.83.51.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 254.49.247.8.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 11.173.189.20.in-addr.arpa udp

Files

memory/400-133-0x0000000003610000-0x0000000003639000-memory.dmp

memory/400-134-0x0000000003640000-0x000000000367F000-memory.dmp

memory/400-135-0x0000000000400000-0x00000000018CF000-memory.dmp

memory/400-137-0x0000000006230000-0x0000000006240000-memory.dmp

memory/400-136-0x0000000074650000-0x0000000074E00000-memory.dmp

memory/400-138-0x0000000006230000-0x0000000006240000-memory.dmp

memory/400-139-0x0000000006240000-0x00000000067E4000-memory.dmp

memory/400-140-0x00000000067F0000-0x0000000006E08000-memory.dmp

memory/400-141-0x0000000006E10000-0x0000000006F1A000-memory.dmp

memory/400-142-0x0000000006230000-0x0000000006240000-memory.dmp

memory/400-143-0x0000000006F20000-0x0000000006F32000-memory.dmp

memory/400-144-0x0000000006F40000-0x0000000006F7C000-memory.dmp

memory/400-145-0x0000000000400000-0x00000000018CF000-memory.dmp

memory/400-146-0x0000000003610000-0x0000000003639000-memory.dmp

memory/400-147-0x0000000003640000-0x000000000367F000-memory.dmp

memory/400-148-0x0000000074650000-0x0000000074E00000-memory.dmp

memory/400-149-0x0000000006230000-0x0000000006240000-memory.dmp

memory/400-150-0x0000000007140000-0x00000000071B6000-memory.dmp

memory/400-151-0x00000000071C0000-0x0000000007252000-memory.dmp

memory/400-152-0x0000000007360000-0x00000000073C6000-memory.dmp

memory/400-153-0x0000000007BD0000-0x0000000007C20000-memory.dmp

memory/400-154-0x0000000007C30000-0x0000000007DF2000-memory.dmp

memory/400-155-0x0000000007E00000-0x000000000832C000-memory.dmp

memory/400-156-0x0000000006230000-0x0000000006240000-memory.dmp

memory/400-160-0x0000000000400000-0x00000000018CF000-memory.dmp

memory/400-161-0x0000000074650000-0x0000000074E00000-memory.dmp