Malware Analysis Report

2025-04-14 07:24

Sample ID 230915-pqktaabe9y
Target 47e7130a0faffe94a7692ffeffea59e68ba5687a17cee17ad2d846326f7b942b
SHA256 47e7130a0faffe94a7692ffeffea59e68ba5687a17cee17ad2d846326f7b942b
Tags
amadey dcrat djvu fabookie redline smokeloader logsdiller cloud (tg: @logsdillabot) lux3 pub1 up3 backdoor discovery evasion infostealer persistence ransomware rat spyware stealer themida trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

47e7130a0faffe94a7692ffeffea59e68ba5687a17cee17ad2d846326f7b942b

Threat Level: Known bad

The file 47e7130a0faffe94a7692ffeffea59e68ba5687a17cee17ad2d846326f7b942b was found to be: Known bad.

Malicious Activity Summary

amadey dcrat djvu fabookie redline smokeloader logsdiller cloud (tg: @logsdillabot) lux3 pub1 up3 backdoor discovery evasion infostealer persistence ransomware rat spyware stealer themida trojan

RedLine

Djvu Ransomware

Detect Fabookie payload

Fabookie

SmokeLoader

DcRat

Detected Djvu ransomware

Amadey

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Downloads MZ/PE file

Loads dropped DLL

Modifies file permissions

Checks BIOS information in registry

Executes dropped EXE

Checks computer location settings

Themida packer

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Adds Run key to start application

Looks up external IP address via web service

Checks whether UAC is enabled

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

Program crash

Unsigned PE

Enumerates physical storage devices

Modifies registry class

Suspicious use of UnmapMainImage

Suspicious behavior: LoadsDriver

Suspicious behavior: MapViewOfSection

Suspicious behavior: GetForegroundWindowSpam

Checks SCSI registry key(s)

Suspicious behavior: EnumeratesProcesses

Uses Task Scheduler COM API

Creates scheduled task(s)

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-09-15 12:32

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-09-15 12:32

Reported

2023-09-15 12:34

Platform

win10v2004-20230915-en

Max time kernel

147s

Max time network

164s

Command Line

"C:\Users\Admin\AppData\Local\Temp\47e7130a0faffe94a7692ffeffea59e68ba5687a17cee17ad2d846326f7b942b.exe"

Signatures

Amadey

trojan amadey

DcRat

rat infostealer dcrat

Detect Fabookie payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected Djvu ransomware

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Djvu Ransomware

ransomware djvu

Fabookie

spyware stealer fabookie

RedLine

infostealer redline

SmokeLoader

trojan backdoor smokeloader

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\cc.exe N/A

Downloads MZ/PE file

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\cc.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\AppData\Local\Temp\cc.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\EB60.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\577f58beff\yiueea.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\D9E9.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Reads user/profile data of web browsers

spyware stealer

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SysHelper = "\"C:\\Users\\Admin\\AppData\\Local\\12109cd6-33f4-41a5-a693-45f724a17b03\\D9E9.exe\" --AutoStart" C:\Users\Admin\AppData\Local\Temp\D9E9.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\cc.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A api.2ip.ua N/A N/A
N/A api.2ip.ua N/A N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\cc.exe N/A

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\D9E9.exe

Checks SCSI registry key(s)

Description Indicator Process Target
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\1000074001\toolspub2.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\47e7130a0faffe94a7692ffeffea59e68ba5687a17cee17ad2d846326f7b942b.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\EE20.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\EE20.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\1000074001\toolspub2.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\47e7130a0faffe94a7692ffeffea59e68ba5687a17cee17ad2d846326f7b942b.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\47e7130a0faffe94a7692ffeffea59e68ba5687a17cee17ad2d846326f7b942b.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\EE20.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\1000074001\toolspub2.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2344688013-2965468717-2034126-1000\{FBAC3B72-C186-4CDA-B9EA-325798C2D749} C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\47e7130a0faffe94a7692ffeffea59e68ba5687a17cee17ad2d846326f7b942b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\47e7130a0faffe94a7692ffeffea59e68ba5687a17cee17ad2d846326f7b942b.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\D06F.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\D199.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of UnmapMainImage

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3268 wrote to memory of 1272 N/A N/A C:\Users\Admin\AppData\Local\Temp\D06F.exe
PID 3268 wrote to memory of 1272 N/A N/A C:\Users\Admin\AppData\Local\Temp\D06F.exe
PID 3268 wrote to memory of 1272 N/A N/A C:\Users\Admin\AppData\Local\Temp\D06F.exe
PID 3268 wrote to memory of 5048 N/A N/A C:\Users\Admin\AppData\Local\Temp\D199.exe
PID 3268 wrote to memory of 5048 N/A N/A C:\Users\Admin\AppData\Local\Temp\D199.exe
PID 3268 wrote to memory of 5048 N/A N/A C:\Users\Admin\AppData\Local\Temp\D199.exe
PID 3268 wrote to memory of 3004 N/A N/A C:\Users\Admin\AppData\Local\Temp\D3EC.exe
PID 3268 wrote to memory of 3004 N/A N/A C:\Users\Admin\AppData\Local\Temp\D3EC.exe
PID 3268 wrote to memory of 3004 N/A N/A C:\Users\Admin\AppData\Local\Temp\D3EC.exe
PID 3268 wrote to memory of 4196 N/A N/A C:\Windows\system32\regsvr32.exe
PID 3268 wrote to memory of 4196 N/A N/A C:\Windows\system32\regsvr32.exe
PID 4196 wrote to memory of 4664 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 4196 wrote to memory of 4664 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 4196 wrote to memory of 4664 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 3268 wrote to memory of 4896 N/A N/A C:\Users\Admin\AppData\Local\Temp\D9E9.exe
PID 3268 wrote to memory of 4896 N/A N/A C:\Users\Admin\AppData\Local\Temp\D9E9.exe
PID 3268 wrote to memory of 4896 N/A N/A C:\Users\Admin\AppData\Local\Temp\D9E9.exe
PID 4896 wrote to memory of 3460 N/A C:\Users\Admin\AppData\Local\Temp\D9E9.exe C:\Users\Admin\AppData\Local\Temp\D9E9.exe
PID 4896 wrote to memory of 3460 N/A C:\Users\Admin\AppData\Local\Temp\D9E9.exe C:\Users\Admin\AppData\Local\Temp\D9E9.exe
PID 4896 wrote to memory of 3460 N/A C:\Users\Admin\AppData\Local\Temp\D9E9.exe C:\Users\Admin\AppData\Local\Temp\D9E9.exe
PID 4896 wrote to memory of 3460 N/A C:\Users\Admin\AppData\Local\Temp\D9E9.exe C:\Users\Admin\AppData\Local\Temp\D9E9.exe
PID 4896 wrote to memory of 3460 N/A C:\Users\Admin\AppData\Local\Temp\D9E9.exe C:\Users\Admin\AppData\Local\Temp\D9E9.exe
PID 4896 wrote to memory of 3460 N/A C:\Users\Admin\AppData\Local\Temp\D9E9.exe C:\Users\Admin\AppData\Local\Temp\D9E9.exe
PID 4896 wrote to memory of 3460 N/A C:\Users\Admin\AppData\Local\Temp\D9E9.exe C:\Users\Admin\AppData\Local\Temp\D9E9.exe
PID 4896 wrote to memory of 3460 N/A C:\Users\Admin\AppData\Local\Temp\D9E9.exe C:\Users\Admin\AppData\Local\Temp\D9E9.exe
PID 4896 wrote to memory of 3460 N/A C:\Users\Admin\AppData\Local\Temp\D9E9.exe C:\Users\Admin\AppData\Local\Temp\D9E9.exe
PID 4896 wrote to memory of 3460 N/A C:\Users\Admin\AppData\Local\Temp\D9E9.exe C:\Users\Admin\AppData\Local\Temp\D9E9.exe
PID 3004 wrote to memory of 1324 N/A C:\Users\Admin\AppData\Local\Temp\D3EC.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 3004 wrote to memory of 1324 N/A C:\Users\Admin\AppData\Local\Temp\D3EC.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 3004 wrote to memory of 1324 N/A C:\Users\Admin\AppData\Local\Temp\D3EC.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 3004 wrote to memory of 1324 N/A C:\Users\Admin\AppData\Local\Temp\D3EC.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 3004 wrote to memory of 1324 N/A C:\Users\Admin\AppData\Local\Temp\D3EC.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 3004 wrote to memory of 1324 N/A C:\Users\Admin\AppData\Local\Temp\D3EC.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 3004 wrote to memory of 1324 N/A C:\Users\Admin\AppData\Local\Temp\D3EC.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 3004 wrote to memory of 1324 N/A C:\Users\Admin\AppData\Local\Temp\D3EC.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 3268 wrote to memory of 4100 N/A N/A C:\Users\Admin\AppData\Local\Temp\E6DB.exe
PID 3268 wrote to memory of 4100 N/A N/A C:\Users\Admin\AppData\Local\Temp\E6DB.exe
PID 3268 wrote to memory of 4880 N/A N/A C:\Users\Admin\AppData\Local\Temp\EB60.exe
PID 3268 wrote to memory of 4880 N/A N/A C:\Users\Admin\AppData\Local\Temp\EB60.exe
PID 3268 wrote to memory of 4880 N/A N/A C:\Users\Admin\AppData\Local\Temp\EB60.exe
PID 3268 wrote to memory of 3632 N/A N/A C:\Users\Admin\AppData\Local\Temp\EE20.exe
PID 3268 wrote to memory of 3632 N/A N/A C:\Users\Admin\AppData\Local\Temp\EE20.exe
PID 3268 wrote to memory of 3632 N/A N/A C:\Users\Admin\AppData\Local\Temp\EE20.exe
PID 4880 wrote to memory of 4216 N/A C:\Users\Admin\AppData\Local\Temp\EB60.exe C:\Users\Admin\AppData\Local\Temp\577f58beff\yiueea.exe
PID 4880 wrote to memory of 4216 N/A C:\Users\Admin\AppData\Local\Temp\EB60.exe C:\Users\Admin\AppData\Local\Temp\577f58beff\yiueea.exe
PID 4880 wrote to memory of 4216 N/A C:\Users\Admin\AppData\Local\Temp\EB60.exe C:\Users\Admin\AppData\Local\Temp\577f58beff\yiueea.exe
PID 3460 wrote to memory of 3320 N/A C:\Users\Admin\AppData\Local\Temp\D9E9.exe C:\Windows\SysWOW64\icacls.exe
PID 3460 wrote to memory of 3320 N/A C:\Users\Admin\AppData\Local\Temp\D9E9.exe C:\Windows\SysWOW64\icacls.exe
PID 3460 wrote to memory of 3320 N/A C:\Users\Admin\AppData\Local\Temp\D9E9.exe C:\Windows\SysWOW64\icacls.exe
PID 4216 wrote to memory of 3292 N/A C:\Users\Admin\AppData\Local\Temp\577f58beff\yiueea.exe C:\Windows\SysWOW64\schtasks.exe
PID 4216 wrote to memory of 3292 N/A C:\Users\Admin\AppData\Local\Temp\577f58beff\yiueea.exe C:\Windows\SysWOW64\schtasks.exe
PID 4216 wrote to memory of 3292 N/A C:\Users\Admin\AppData\Local\Temp\577f58beff\yiueea.exe C:\Windows\SysWOW64\schtasks.exe
PID 4216 wrote to memory of 1276 N/A C:\Users\Admin\AppData\Local\Temp\577f58beff\yiueea.exe C:\Windows\SysWOW64\cmd.exe
PID 4216 wrote to memory of 1276 N/A C:\Users\Admin\AppData\Local\Temp\577f58beff\yiueea.exe C:\Windows\SysWOW64\cmd.exe
PID 4216 wrote to memory of 1276 N/A C:\Users\Admin\AppData\Local\Temp\577f58beff\yiueea.exe C:\Windows\SysWOW64\cmd.exe
PID 1276 wrote to memory of 1860 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 1276 wrote to memory of 1860 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 1276 wrote to memory of 1860 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
PID 1276 wrote to memory of 2284 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cacls.exe
PID 1276 wrote to memory of 2284 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cacls.exe
PID 1276 wrote to memory of 2284 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cacls.exe
PID 1276 wrote to memory of 3260 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cacls.exe
PID 1276 wrote to memory of 3260 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cacls.exe
PID 1276 wrote to memory of 3260 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cacls.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\47e7130a0faffe94a7692ffeffea59e68ba5687a17cee17ad2d846326f7b942b.exe

"C:\Users\Admin\AppData\Local\Temp\47e7130a0faffe94a7692ffeffea59e68ba5687a17cee17ad2d846326f7b942b.exe"

C:\Users\Admin\AppData\Local\Temp\D06F.exe

C:\Users\Admin\AppData\Local\Temp\D06F.exe

C:\Users\Admin\AppData\Local\Temp\D199.exe

C:\Users\Admin\AppData\Local\Temp\D199.exe

C:\Users\Admin\AppData\Local\Temp\D3EC.exe

C:\Users\Admin\AppData\Local\Temp\D3EC.exe

C:\Windows\system32\regsvr32.exe

regsvr32 /s C:\Users\Admin\AppData\Local\Temp\D70A.dll

C:\Windows\SysWOW64\regsvr32.exe

/s C:\Users\Admin\AppData\Local\Temp\D70A.dll

C:\Users\Admin\AppData\Local\Temp\D9E9.exe

C:\Users\Admin\AppData\Local\Temp\D9E9.exe

C:\Users\Admin\AppData\Local\Temp\D9E9.exe

C:\Users\Admin\AppData\Local\Temp\D9E9.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\E6DB.exe

C:\Users\Admin\AppData\Local\Temp\E6DB.exe

C:\Users\Admin\AppData\Local\Temp\EB60.exe

C:\Users\Admin\AppData\Local\Temp\EB60.exe

C:\Users\Admin\AppData\Local\Temp\EE20.exe

C:\Users\Admin\AppData\Local\Temp\EE20.exe

C:\Users\Admin\AppData\Local\Temp\577f58beff\yiueea.exe

"C:\Users\Admin\AppData\Local\Temp\577f58beff\yiueea.exe"

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN yiueea.exe /TR "C:\Users\Admin\AppData\Local\Temp\577f58beff\yiueea.exe" /F

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Users\Admin\AppData\Local\12109cd6-33f4-41a5-a693-45f724a17b03" /deny *S-1-1-0:(OI)(CI)(DE,DC)

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "yiueea.exe" /P "Admin:N"&&CACLS "yiueea.exe" /P "Admin:R" /E&&echo Y|CACLS "..\577f58beff" /P "Admin:N"&&CACLS "..\577f58beff" /P "Admin:R" /E&&Exit

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" echo Y"

C:\Windows\SysWOW64\cacls.exe

CACLS "yiueea.exe" /P "Admin:N"

C:\Windows\SysWOW64\cacls.exe

CACLS "yiueea.exe" /P "Admin:R" /E

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" echo Y"

C:\Windows\SysWOW64\cacls.exe

CACLS "..\577f58beff" /P "Admin:N"

C:\Users\Admin\AppData\Local\Temp\1000073001\aafg31.exe

"C:\Users\Admin\AppData\Local\Temp\1000073001\aafg31.exe"

C:\Windows\SysWOW64\cacls.exe

CACLS "..\577f58beff" /P "Admin:R" /E

C:\Users\Admin\AppData\Local\Temp\D9E9.exe

"C:\Users\Admin\AppData\Local\Temp\D9E9.exe" --Admin IsNotAutoStart IsNotTask

C:\Users\Admin\AppData\Local\Temp\D9E9.exe

"C:\Users\Admin\AppData\Local\Temp\D9E9.exe" --Admin IsNotAutoStart IsNotTask

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 2432 -ip 2432

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 568

C:\Users\Admin\AppData\Local\Temp\cc.exe

"C:\Users\Admin\AppData\Local\Temp\cc.exe"

C:\Users\Admin\AppData\Local\Temp\577f58beff\yiueea.exe

C:\Users\Admin\AppData\Local\Temp\577f58beff\yiueea.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=64784 --headless --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User DataZHSRQ" --profile-directory="Default"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User DataZHSRQ" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User DataZHSRQ\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User DataZHSRQ" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffd13999758,0x7ffd13999768,0x7ffd13999778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --headless --use-angle=swiftshader-webgl --headless --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --mojo-platform-channel-handle=1356 --field-trial-handle=1456,i,1184293818248678719,12710388263924290830,131072 --disable-features=PaintHolding /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=1676 --field-trial-handle=1456,i,1184293818248678719,12710388263924290830,131072 --disable-features=PaintHolding /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --first-renderer-process --remote-debugging-port=64784 --allow-pre-commit-input --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2036 --field-trial-handle=1456,i,1184293818248678719,12710388263924290830,131072 --disable-features=PaintHolding /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=64784 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2364 --field-trial-handle=1456,i,1184293818248678719,12710388263924290830,131072 --disable-features=PaintHolding /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=64784 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2324 --field-trial-handle=1456,i,1184293818248678719,12710388263924290830,131072 --disable-features=PaintHolding /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=64784 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3140 --field-trial-handle=1456,i,1184293818248678719,12710388263924290830,131072 --disable-features=PaintHolding /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=64784 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3296 --field-trial-handle=1456,i,1184293818248678719,12710388263924290830,131072 --disable-features=PaintHolding /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --headless --lang=en-US --remote-debugging-port=64784 --allow-pre-commit-input --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3344 --field-trial-handle=1456,i,1184293818248678719,12710388263924290830,131072 --disable-features=PaintHolding /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=3684 --field-trial-handle=1456,i,1184293818248678719,12710388263924290830,131072 --disable-features=PaintHolding /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x490 0x500

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-handle=3880 --field-trial-handle=1456,i,1184293818248678719,12710388263924290830,131072 --disable-features=PaintHolding /prefetch:8

C:\Users\Admin\AppData\Local\Temp\BD48.exe

C:\Users\Admin\AppData\Local\Temp\BD48.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=43792 --headless --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataUTSIX" --profile-directory="Default"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataUTSIX" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataUTSIX\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataUTSIX" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffd132b46f8,0x7ffd132b4708,0x7ffd132b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1476,14108597072379667460,1144629767661864184,131072 --disable-features=PaintHolding --headless --headless --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --override-use-software-gl-for-tests --mojo-platform-channel-handle=1484 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1476,14108597072379667460,1144629767661864184,131072 --disable-features=PaintHolding --lang=en-US --service-sandbox-type=none --use-gl=swiftshader-webgl --headless --mojo-platform-channel-handle=1700 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=43792 --allow-pre-commit-input --field-trial-handle=1476,14108597072379667460,1144629767661864184,131072 --disable-features=PaintHolding --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=43792 --allow-pre-commit-input --field-trial-handle=1476,14108597072379667460,1144629767661864184,131072 --disable-features=PaintHolding --disable-gpu-compositing --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=43792 --allow-pre-commit-input --field-trial-handle=1476,14108597072379667460,1144629767661864184,131072 --disable-features=PaintHolding --disable-gpu-compositing --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=43792 --allow-pre-commit-input --field-trial-handle=1476,14108597072379667460,1144629767661864184,131072 --disable-features=PaintHolding --disable-gpu-compositing --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3096 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=43792 --allow-pre-commit-input --field-trial-handle=1476,14108597072379667460,1144629767661864184,131072 --disable-features=PaintHolding --disable-gpu-compositing --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=43792 --allow-pre-commit-input --field-trial-handle=1476,14108597072379667460,1144629767661864184,131072 --disable-features=PaintHolding --disable-gpu-compositing --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3384 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\1000074001\toolspub2.exe

"C:\Users\Admin\AppData\Local\Temp\1000074001\toolspub2.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1476,14108597072379667460,1144629767661864184,131072 --disable-features=PaintHolding --lang=en-US --service-sandbox-type=audio --use-gl=swiftshader-webgl --headless --mojo-platform-channel-handle=3696 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\577f58beff\yiueea.exe

C:\Users\Admin\AppData\Local\Temp\577f58beff\yiueea.exe

C:\Users\Admin\AppData\Local\Temp\1000074001\toolspub2.exe

"C:\Users\Admin\AppData\Local\Temp\1000074001\toolspub2.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 54.120.234.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 potunulit.org udp
US 188.114.96.0:80 potunulit.org tcp
US 8.8.8.8:53 colisumy.com udp
US 8.8.8.8:53 0.96.114.188.in-addr.arpa udp
US 8.8.8.8:53 colisumy.com udp
MD 176.123.9.142:14845 tcp
US 38.181.25.43:3325 tcp
US 8.8.8.8:53 api.2ip.ua udp
NL 162.0.217.254:443 api.2ip.ua tcp
US 8.8.8.8:53 142.9.123.176.in-addr.arpa udp
US 8.8.8.8:53 43.25.181.38.in-addr.arpa udp
US 8.8.8.8:53 254.217.0.162.in-addr.arpa udp
BG 193.42.32.101:80 193.42.32.101 tcp
RU 79.137.192.18:80 79.137.192.18 tcp
US 8.8.8.8:53 101.32.42.193.in-addr.arpa udp
GB 51.38.95.107:42494 tcp
US 8.8.8.8:53 api-alajman.com udp
GB 193.32.208.75:443 api-alajman.com tcp
US 8.8.8.8:53 18.192.137.79.in-addr.arpa udp
US 8.8.8.8:53 107.95.38.51.in-addr.arpa udp
US 8.8.8.8:53 75.208.32.193.in-addr.arpa udp
US 8.8.8.8:53 101.15.18.104.in-addr.arpa udp
US 8.8.8.8:53 101.14.18.104.in-addr.arpa udp
RU 79.137.192.18:80 79.137.192.18 tcp
US 8.8.8.8:53 z.nnnaajjjgc.com udp
MU 156.236.72.121:443 z.nnnaajjjgc.com tcp
US 95.214.27.254:80 tcp
US 8.8.8.8:53 121.72.236.156.in-addr.arpa udp
US 8.8.8.8:53 147.174.42.23.in-addr.arpa udp
US 8.8.8.8:53 176.25.221.88.in-addr.arpa udp
US 8.8.8.8:53 transfer.sh udp
DE 144.76.136.153:443 transfer.sh tcp
US 8.8.8.8:53 153.136.76.144.in-addr.arpa udp
US 8.8.8.8:53 app.nnnaajjjgc.com udp
HK 154.221.26.108:80 app.nnnaajjjgc.com tcp
US 8.8.8.8:53 108.26.221.154.in-addr.arpa udp
US 8.8.8.8:53 gudintas.at udp
AR 190.224.203.37:80 gudintas.at tcp
US 95.214.27.254:80 tcp
AR 190.224.203.37:80 gudintas.at tcp
US 8.8.8.8:53 37.203.224.190.in-addr.arpa udp
AR 190.224.203.37:80 gudintas.at tcp
US 8.8.8.8:53 126.179.238.8.in-addr.arpa udp
AR 190.224.203.37:80 gudintas.at tcp
AR 190.224.203.37:80 gudintas.at tcp
AR 190.224.203.37:80 gudintas.at tcp
AR 190.224.203.37:80 gudintas.at tcp
AR 190.224.203.37:80 gudintas.at tcp
AR 190.224.203.37:80 gudintas.at tcp
AR 190.224.203.37:80 gudintas.at tcp
AR 190.224.203.37:80 gudintas.at tcp
AR 190.224.203.37:80 gudintas.at tcp
N/A 224.0.0.251:5353 udp
AR 190.224.203.37:80 gudintas.at tcp
N/A 127.0.0.1:64784 tcp
N/A 127.0.0.1:64784 tcp
N/A 127.0.0.1:64784 tcp
N/A 127.0.0.1:64784 tcp
AR 190.224.203.37:80 gudintas.at tcp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 youtube.com udp
DE 172.217.23.206:443 apis.google.com tcp
US 8.8.8.8:53 ogs.google.com udp
NL 216.58.214.14:443 youtube.com tcp
AR 190.224.203.37:80 gudintas.at tcp
US 8.8.8.8:53 196.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 206.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.251.36.54:443 i.ytimg.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.250.179.141:443 accounts.google.com udp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 54.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 34.36.251.142.in-addr.arpa udp
AR 190.224.203.37:80 gudintas.at tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.251.39.98:443 googleads.g.doubleclick.net tcp
NL 142.251.39.98:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 98.39.251.142.in-addr.arpa udp
US 95.214.27.254:80 tcp
US 8.8.8.8:53 yt3.ggpht.com udp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
US 8.8.8.8:53 i4.ytimg.com udp
NL 142.251.36.54:443 i.ytimg.com udp
GB 216.58.208.110:443 i4.ytimg.com tcp
AR 190.224.203.37:80 gudintas.at tcp
US 8.8.8.8:53 1.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 110.208.58.216.in-addr.arpa udp
NL 142.251.36.1:443 yt3.ggpht.com udp
AR 190.224.203.37:80 gudintas.at tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
DE 172.217.23.202:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 static.doubleclick.net udp
NL 142.251.36.6:443 static.doubleclick.net tcp
DE 172.217.23.202:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 202.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 6.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com tcp
AR 190.224.203.37:80 gudintas.at tcp
US 8.8.8.8:53 h170700.srv22.test-hf.su udp
RU 91.227.16.22:80 h170700.srv22.test-hf.su tcp
AR 190.224.203.37:80 gudintas.at tcp
US 8.8.8.8:53 22.16.227.91.in-addr.arpa udp
AR 190.224.203.37:80 gudintas.at tcp
AR 190.224.203.37:80 gudintas.at tcp
AR 190.224.203.37:80 gudintas.at tcp
NL 142.251.36.54:443 i.ytimg.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com udp
NL 142.251.39.98:443 googleads.g.doubleclick.net tcp
NL 142.251.39.98:443 googleads.g.doubleclick.net udp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.54:443 i.ytimg.com udp
GB 216.58.208.110:443 i4.ytimg.com tcp
NL 142.251.36.1:443 yt3.ggpht.com udp
US 95.214.27.254:80 tcp
N/A 127.0.0.1:43792 tcp
N/A 127.0.0.1:43792 tcp
N/A 127.0.0.1:43792 tcp
N/A 127.0.0.1:43792 tcp
US 95.214.27.254:80 tcp
US 8.8.8.8:53 host-file-host6.com udp
US 8.8.8.8:53 host-host-file8.com udp
NL 194.169.175.127:80 host-host-file8.com tcp
US 8.8.8.8:53 127.175.169.194.in-addr.arpa udp
US 8.8.8.8:53 2.173.189.20.in-addr.arpa udp
US 95.214.27.254:80 tcp

Files

memory/1808-1-0x0000000000900000-0x0000000000A00000-memory.dmp

memory/1808-2-0x00000000008C0000-0x00000000008C9000-memory.dmp

memory/1808-3-0x0000000000400000-0x0000000000712000-memory.dmp

memory/3268-4-0x00000000026F0000-0x0000000002706000-memory.dmp

memory/1808-5-0x0000000000400000-0x0000000000712000-memory.dmp

memory/1808-8-0x00000000008C0000-0x00000000008C9000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\D06F.exe

MD5 fc55462468d1a34e514d01aa30c0a5cd
SHA1 168e4cd58a14f9e4591d49877ab5cb08e9a142a0
SHA256 74ccc20216ebd15c3f9c937b7b40653a8c04537a15c95bb46f381c40e0ff194b
SHA512 e2ba1facb596a2e54284b6556bb6a485cc213deae1b270f71e283412c4ba58aff78cff349ab329e110c09455c531f2d1b65b1cbb1c23ed0cd74647bfba7f4b6d

C:\Users\Admin\AppData\Local\Temp\D06F.exe

MD5 fc55462468d1a34e514d01aa30c0a5cd
SHA1 168e4cd58a14f9e4591d49877ab5cb08e9a142a0
SHA256 74ccc20216ebd15c3f9c937b7b40653a8c04537a15c95bb46f381c40e0ff194b
SHA512 e2ba1facb596a2e54284b6556bb6a485cc213deae1b270f71e283412c4ba58aff78cff349ab329e110c09455c531f2d1b65b1cbb1c23ed0cd74647bfba7f4b6d

C:\Users\Admin\AppData\Local\Temp\D199.exe

MD5 ed6778e6fe0c07587f4892c807d7f883
SHA1 3a94caa9336934ca2b12173b24fa815ea963edcb
SHA256 a9f19ec6eec891e21b885a04030995a5c996f0b673c6425ee28b0ef6c70d2898
SHA512 b3fffd8485429cbe7c87a6eda24af95d2f497d3d3b47656ea3930c2ced6344f9b13099d419503f0c3dc40661111dac8df1d91eed66f448d58e0880c766859544

C:\Users\Admin\AppData\Local\Temp\D199.exe

MD5 ed6778e6fe0c07587f4892c807d7f883
SHA1 3a94caa9336934ca2b12173b24fa815ea963edcb
SHA256 a9f19ec6eec891e21b885a04030995a5c996f0b673c6425ee28b0ef6c70d2898
SHA512 b3fffd8485429cbe7c87a6eda24af95d2f497d3d3b47656ea3930c2ced6344f9b13099d419503f0c3dc40661111dac8df1d91eed66f448d58e0880c766859544

memory/1272-22-0x00000000005A0000-0x00000000005D0000-memory.dmp

memory/1272-21-0x0000000000400000-0x0000000000445000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\D3EC.exe

MD5 c7b34cc95676afe2b43fce196202d3fa
SHA1 92eb09a6883ef684d3d175ece6599a61266bada9
SHA256 8d5bfbac46cfe1f428ba5905fbb0252b08e71d7061b32c3a90d20f451df72060
SHA512 0e581a66baba515995b3513698cdf5bd8c6119ea4ce3c3b0f9b7bcf58cbef4eb27188ef976f8f2aaef7b5cd673fb2718df6d4133fc891ccc207d136babbeaa16

memory/1272-30-0x0000000075220000-0x00000000759D0000-memory.dmp

memory/5048-29-0x0000000002080000-0x00000000020B0000-memory.dmp

memory/5048-32-0x0000000000400000-0x0000000000445000-memory.dmp

memory/1272-35-0x0000000002310000-0x0000000002316000-memory.dmp

memory/5048-36-0x0000000002310000-0x0000000002316000-memory.dmp

memory/5048-37-0x0000000075220000-0x00000000759D0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\D3EC.exe

MD5 c7b34cc95676afe2b43fce196202d3fa
SHA1 92eb09a6883ef684d3d175ece6599a61266bada9
SHA256 8d5bfbac46cfe1f428ba5905fbb0252b08e71d7061b32c3a90d20f451df72060
SHA512 0e581a66baba515995b3513698cdf5bd8c6119ea4ce3c3b0f9b7bcf58cbef4eb27188ef976f8f2aaef7b5cd673fb2718df6d4133fc891ccc207d136babbeaa16

C:\Users\Admin\AppData\Local\Temp\D70A.dll

MD5 e0286fab4e36e2523d461e6294395e22
SHA1 f0a6ac98bb771e720ac3683a75f7ec3af7ad75cd
SHA256 a03129d4c88ef87b55f37dcc126c02ffb9231800655eb0885936b2764577d919
SHA512 7d637411a7566053b2bf37b75e907052af66b8a404499afa9b23477bfc318952bb94837b8aa9c14e16156afa080cba0ca91663e068a482953b3576daf8c4f467

memory/1272-41-0x0000000004B90000-0x00000000051A8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\D70A.dll

MD5 e0286fab4e36e2523d461e6294395e22
SHA1 f0a6ac98bb771e720ac3683a75f7ec3af7ad75cd
SHA256 a03129d4c88ef87b55f37dcc126c02ffb9231800655eb0885936b2764577d919
SHA512 7d637411a7566053b2bf37b75e907052af66b8a404499afa9b23477bfc318952bb94837b8aa9c14e16156afa080cba0ca91663e068a482953b3576daf8c4f467

C:\Users\Admin\AppData\Local\Temp\D9E9.exe

MD5 d27125ae65af3a6ce086eeae8fa41521
SHA1 70209d54e90908fc10f99af3cb38620bd744f93b
SHA256 4745aee336bf0a92efae4475d6a541fbd9cc91b65532a26a1810b49ad5f8dbea
SHA512 93f941a68d8eaea98d146520f786773e688bf5673ab37110efe065e05f9af6f81c43e050e90b20348b92888abc519e2094bcce37e22ab9a4a0e439c8dd88b68e

memory/4664-49-0x0000000010000000-0x0000000010243000-memory.dmp

memory/4664-53-0x0000000001260000-0x0000000001266000-memory.dmp

memory/1272-54-0x0000000004B80000-0x0000000004B90000-memory.dmp

memory/1272-56-0x0000000005300000-0x000000000534C000-memory.dmp

memory/4896-57-0x0000000002500000-0x000000000259C000-memory.dmp

memory/4896-58-0x00000000025A0000-0x00000000026BB000-memory.dmp

memory/5048-52-0x0000000005270000-0x00000000052AC000-memory.dmp

memory/5048-50-0x0000000004A10000-0x0000000004A20000-memory.dmp

memory/5048-48-0x0000000005250000-0x0000000005262000-memory.dmp

memory/3460-59-0x0000000000400000-0x0000000000537000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\D9E9.exe

MD5 d27125ae65af3a6ce086eeae8fa41521
SHA1 70209d54e90908fc10f99af3cb38620bd744f93b
SHA256 4745aee336bf0a92efae4475d6a541fbd9cc91b65532a26a1810b49ad5f8dbea
SHA512 93f941a68d8eaea98d146520f786773e688bf5673ab37110efe065e05f9af6f81c43e050e90b20348b92888abc519e2094bcce37e22ab9a4a0e439c8dd88b68e

memory/3460-61-0x0000000000400000-0x0000000000537000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\D9E9.exe

MD5 d27125ae65af3a6ce086eeae8fa41521
SHA1 70209d54e90908fc10f99af3cb38620bd744f93b
SHA256 4745aee336bf0a92efae4475d6a541fbd9cc91b65532a26a1810b49ad5f8dbea
SHA512 93f941a68d8eaea98d146520f786773e688bf5673ab37110efe065e05f9af6f81c43e050e90b20348b92888abc519e2094bcce37e22ab9a4a0e439c8dd88b68e

memory/3460-62-0x0000000000400000-0x0000000000537000-memory.dmp

memory/1272-45-0x00000000051B0000-0x00000000052BA000-memory.dmp

memory/3460-63-0x0000000000400000-0x0000000000537000-memory.dmp

memory/1324-64-0x0000000000400000-0x0000000000430000-memory.dmp

memory/1272-65-0x0000000075220000-0x00000000759D0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\E6DB.exe

MD5 2f212322c6b6d7db7250d0c282271925
SHA1 01676375932ea61ffb5128c244c0ecc7cb335a01
SHA256 3073eaf746e904b1e653992e78f7c5f95b3f9ad0989e4611412b038348c1afa1
SHA512 2dc544c11d9fb985b915d4af5ec2025468c6ca112c2301f161fd81577b24bdc28b2bf0e81979a7e4048e70ed8216fcac35cb055fd81b5b341e48c5ef8f2e446f

memory/1324-68-0x0000000075220000-0x00000000759D0000-memory.dmp

memory/1324-66-0x0000000000FD0000-0x0000000000FD6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\E6DB.exe

MD5 2f212322c6b6d7db7250d0c282271925
SHA1 01676375932ea61ffb5128c244c0ecc7cb335a01
SHA256 3073eaf746e904b1e653992e78f7c5f95b3f9ad0989e4611412b038348c1afa1
SHA512 2dc544c11d9fb985b915d4af5ec2025468c6ca112c2301f161fd81577b24bdc28b2bf0e81979a7e4048e70ed8216fcac35cb055fd81b5b341e48c5ef8f2e446f

memory/4100-72-0x0000029ED48B0000-0x0000029ED4960000-memory.dmp

memory/4100-73-0x00007FFD11F50000-0x00007FFD12A11000-memory.dmp

memory/4100-74-0x0000029ED4FE0000-0x0000029ED4FF0000-memory.dmp

memory/4100-77-0x0000029ED6690000-0x0000029ED66AA000-memory.dmp

memory/4100-78-0x0000029ED4FC0000-0x0000029ED4FC6000-memory.dmp

memory/1324-76-0x0000000004E10000-0x0000000004E20000-memory.dmp

memory/4100-79-0x0000029ED66B0000-0x0000029ED6738000-memory.dmp

memory/4100-75-0x0000029ED4FB0000-0x0000029ED4FB8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\EB60.exe

MD5 55f845c433e637594aaf872e41fda207
SHA1 1188348ca7e52f075e7d1d0031918c2cea93362e
SHA256 f9f9b154f928549c7a4b484909f41352048ce8148c678f4ec32c807c1d173a39
SHA512 5a9b5e83b41041259060e3a29163cdd5ed271c5d476fa455b40ec9bc32bf4bcddaf3aa1ba23faacc2669be420acb905677ec4fcfb3d69e7b9f7908ae5cbd18a4

C:\Users\Admin\AppData\Local\Temp\EB60.exe

MD5 55f845c433e637594aaf872e41fda207
SHA1 1188348ca7e52f075e7d1d0031918c2cea93362e
SHA256 f9f9b154f928549c7a4b484909f41352048ce8148c678f4ec32c807c1d173a39
SHA512 5a9b5e83b41041259060e3a29163cdd5ed271c5d476fa455b40ec9bc32bf4bcddaf3aa1ba23faacc2669be420acb905677ec4fcfb3d69e7b9f7908ae5cbd18a4

memory/5048-92-0x0000000075220000-0x00000000759D0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\EE20.exe

MD5 cb77680df3b88a997837d29478d8a9fa
SHA1 698ea26835510137871b261181e00ca26f1a96a7
SHA256 8bbbf51d4c5404915d1b306121e0226d1f23e88acf635c8cb4f4461dbe142838
SHA512 670dbaf3bfd723aff6b3e7f3fbbaf5db684ff0f2241b65acd8895197f801af63882bdb64ef084ea7781e0f8ec703f9bf1e80c042fa05b634382e79a10c212a81

C:\Users\Admin\AppData\Local\Temp\EE20.exe

MD5 cb77680df3b88a997837d29478d8a9fa
SHA1 698ea26835510137871b261181e00ca26f1a96a7
SHA256 8bbbf51d4c5404915d1b306121e0226d1f23e88acf635c8cb4f4461dbe142838
SHA512 670dbaf3bfd723aff6b3e7f3fbbaf5db684ff0f2241b65acd8895197f801af63882bdb64ef084ea7781e0f8ec703f9bf1e80c042fa05b634382e79a10c212a81

C:\Users\Admin\AppData\Local\Temp\577f58beff\yiueea.exe

MD5 55f845c433e637594aaf872e41fda207
SHA1 1188348ca7e52f075e7d1d0031918c2cea93362e
SHA256 f9f9b154f928549c7a4b484909f41352048ce8148c678f4ec32c807c1d173a39
SHA512 5a9b5e83b41041259060e3a29163cdd5ed271c5d476fa455b40ec9bc32bf4bcddaf3aa1ba23faacc2669be420acb905677ec4fcfb3d69e7b9f7908ae5cbd18a4

C:\Users\Admin\AppData\Local\Temp\577f58beff\yiueea.exe

MD5 55f845c433e637594aaf872e41fda207
SHA1 1188348ca7e52f075e7d1d0031918c2cea93362e
SHA256 f9f9b154f928549c7a4b484909f41352048ce8148c678f4ec32c807c1d173a39
SHA512 5a9b5e83b41041259060e3a29163cdd5ed271c5d476fa455b40ec9bc32bf4bcddaf3aa1ba23faacc2669be420acb905677ec4fcfb3d69e7b9f7908ae5cbd18a4

C:\Users\Admin\AppData\Local\Temp\577f58beff\yiueea.exe

MD5 55f845c433e637594aaf872e41fda207
SHA1 1188348ca7e52f075e7d1d0031918c2cea93362e
SHA256 f9f9b154f928549c7a4b484909f41352048ce8148c678f4ec32c807c1d173a39
SHA512 5a9b5e83b41041259060e3a29163cdd5ed271c5d476fa455b40ec9bc32bf4bcddaf3aa1ba23faacc2669be420acb905677ec4fcfb3d69e7b9f7908ae5cbd18a4

memory/4664-102-0x0000000002F60000-0x000000000307A000-memory.dmp

memory/5048-103-0x0000000004A10000-0x0000000004A20000-memory.dmp

memory/1272-106-0x0000000004B80000-0x0000000004B90000-memory.dmp

memory/3632-107-0x00000000007D0000-0x00000000008D0000-memory.dmp

memory/3632-108-0x00000000007C0000-0x00000000007C9000-memory.dmp

memory/3632-110-0x0000000000400000-0x0000000000712000-memory.dmp

memory/4664-112-0x0000000003080000-0x000000000317F000-memory.dmp

memory/4664-113-0x0000000003080000-0x000000000317F000-memory.dmp

memory/4664-115-0x0000000003080000-0x000000000317F000-memory.dmp

memory/4664-116-0x0000000003080000-0x000000000317F000-memory.dmp

memory/5048-117-0x0000000005440000-0x00000000054B6000-memory.dmp

memory/5048-118-0x00000000054C0000-0x0000000005552000-memory.dmp

memory/5048-120-0x0000000005560000-0x00000000055C6000-memory.dmp

memory/5048-121-0x0000000005C50000-0x00000000061F4000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1000073001\aafg31.exe

MD5 b236b8e5bab2445e09876a88d83a995a
SHA1 3278af413aad4772a57a4c33418d504f958465d9
SHA256 ac81724fd3a660ce17e5d5b2b560285e4725f93ecc4d9ed9fcfab041532914c2
SHA512 3d62f525db2d7058a4540f2f4825df9cb211ea7bee399285762af0d8234021605288e8cf15e12fe6d721ead82059fa1fbf7c7a7b672a968888fc8cbe0e478da5

C:\Users\Admin\AppData\Local\Temp\1000073001\aafg31.exe

MD5 b236b8e5bab2445e09876a88d83a995a
SHA1 3278af413aad4772a57a4c33418d504f958465d9
SHA256 ac81724fd3a660ce17e5d5b2b560285e4725f93ecc4d9ed9fcfab041532914c2
SHA512 3d62f525db2d7058a4540f2f4825df9cb211ea7bee399285762af0d8234021605288e8cf15e12fe6d721ead82059fa1fbf7c7a7b672a968888fc8cbe0e478da5

C:\Users\Admin\AppData\Local\Temp\1000073001\aafg31.exe

MD5 b236b8e5bab2445e09876a88d83a995a
SHA1 3278af413aad4772a57a4c33418d504f958465d9
SHA256 ac81724fd3a660ce17e5d5b2b560285e4725f93ecc4d9ed9fcfab041532914c2
SHA512 3d62f525db2d7058a4540f2f4825df9cb211ea7bee399285762af0d8234021605288e8cf15e12fe6d721ead82059fa1fbf7c7a7b672a968888fc8cbe0e478da5

memory/3460-135-0x0000000000400000-0x0000000000537000-memory.dmp

memory/4396-136-0x00007FF74E540000-0x00007FF74E578000-memory.dmp

memory/1272-137-0x0000000006420000-0x00000000065E2000-memory.dmp

memory/1272-138-0x00000000065F0000-0x0000000006B1C000-memory.dmp

C:\Users\Admin\AppData\Local\12109cd6-33f4-41a5-a693-45f724a17b03\D9E9.exe

MD5 d27125ae65af3a6ce086eeae8fa41521
SHA1 70209d54e90908fc10f99af3cb38620bd744f93b
SHA256 4745aee336bf0a92efae4475d6a541fbd9cc91b65532a26a1810b49ad5f8dbea
SHA512 93f941a68d8eaea98d146520f786773e688bf5673ab37110efe065e05f9af6f81c43e050e90b20348b92888abc519e2094bcce37e22ab9a4a0e439c8dd88b68e

C:\Users\Admin\AppData\Local\Temp\D9E9.exe

MD5 d27125ae65af3a6ce086eeae8fa41521
SHA1 70209d54e90908fc10f99af3cb38620bd744f93b
SHA256 4745aee336bf0a92efae4475d6a541fbd9cc91b65532a26a1810b49ad5f8dbea
SHA512 93f941a68d8eaea98d146520f786773e688bf5673ab37110efe065e05f9af6f81c43e050e90b20348b92888abc519e2094bcce37e22ab9a4a0e439c8dd88b68e

memory/3460-140-0x0000000000400000-0x0000000000537000-memory.dmp

memory/3268-144-0x00000000084E0000-0x00000000084F6000-memory.dmp

memory/2744-145-0x00000000024C0000-0x0000000002553000-memory.dmp

memory/3632-149-0x0000000000400000-0x0000000000712000-memory.dmp

memory/1324-147-0x0000000075220000-0x00000000759D0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\D9E9.exe

MD5 d27125ae65af3a6ce086eeae8fa41521
SHA1 70209d54e90908fc10f99af3cb38620bd744f93b
SHA256 4745aee336bf0a92efae4475d6a541fbd9cc91b65532a26a1810b49ad5f8dbea
SHA512 93f941a68d8eaea98d146520f786773e688bf5673ab37110efe065e05f9af6f81c43e050e90b20348b92888abc519e2094bcce37e22ab9a4a0e439c8dd88b68e

memory/4100-154-0x0000029ED4FE0000-0x0000029ED4FF0000-memory.dmp

memory/2432-153-0x0000000000400000-0x0000000000537000-memory.dmp

memory/2432-155-0x0000000000400000-0x0000000000537000-memory.dmp

memory/4100-151-0x00007FFD11F50000-0x00007FFD12A11000-memory.dmp

memory/2432-159-0x0000000000400000-0x0000000000537000-memory.dmp

memory/1324-164-0x0000000004E10000-0x0000000004E20000-memory.dmp

memory/5048-165-0x0000000006BC0000-0x0000000006C10000-memory.dmp

memory/4396-173-0x0000000003680000-0x00000000037B1000-memory.dmp

memory/4396-170-0x0000000003500000-0x0000000003671000-memory.dmp

memory/5048-174-0x0000000075220000-0x00000000759D0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\cc.exe

MD5 2edbbbf500448a2e906b6f60f3115858
SHA1 2044c7522fa475432868dd560d97b045f5bc9795
SHA256 874e2ffa85bf4a2b66018cf8fc27fb5338d7f111cf4471bf5c2df6dbf3d3e1d6
SHA512 22eed409c76140ea9c60a9899891ae33c727a17541512d691ef580b19a2d1a2c48d837c48c0e6efb8c370d6b62d0cdd15a4fd208fcff13cc6c63e922874c60a7

C:\Users\Admin\AppData\Local\Temp\cc.exe

MD5 2edbbbf500448a2e906b6f60f3115858
SHA1 2044c7522fa475432868dd560d97b045f5bc9795
SHA256 874e2ffa85bf4a2b66018cf8fc27fb5338d7f111cf4471bf5c2df6dbf3d3e1d6
SHA512 22eed409c76140ea9c60a9899891ae33c727a17541512d691ef580b19a2d1a2c48d837c48c0e6efb8c370d6b62d0cdd15a4fd208fcff13cc6c63e922874c60a7

memory/1448-184-0x00000000004C0000-0x0000000000C16000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\577f58beff\yiueea.exe

MD5 55f845c433e637594aaf872e41fda207
SHA1 1188348ca7e52f075e7d1d0031918c2cea93362e
SHA256 f9f9b154f928549c7a4b484909f41352048ce8148c678f4ec32c807c1d173a39
SHA512 5a9b5e83b41041259060e3a29163cdd5ed271c5d476fa455b40ec9bc32bf4bcddaf3aa1ba23faacc2669be420acb905677ec4fcfb3d69e7b9f7908ae5cbd18a4

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\AppLaunch.exe.log

MD5 6bb82e63cdf8de9d79154002b8987663
SHA1 45a4870c3dbff09b9ea31d4ab2909e6ee86908a7
SHA256 57261cbea6f3d4a3755ec9cc56fa0adadb77b159fc7103c9e80e34d4d443b51e
SHA512 c55ffb0c9dca0c2e35e31f382089c7221cc518b6931df5b321cfa11a2a9923e8ea7560312cecfee532a912d2d2fcd02db620a2dc4d41e5094b0e14dfc6b51a05

C:\Users\Admin\AppData\Local\Temp\cc.exe

MD5 2edbbbf500448a2e906b6f60f3115858
SHA1 2044c7522fa475432868dd560d97b045f5bc9795
SHA256 874e2ffa85bf4a2b66018cf8fc27fb5338d7f111cf4471bf5c2df6dbf3d3e1d6
SHA512 22eed409c76140ea9c60a9899891ae33c727a17541512d691ef580b19a2d1a2c48d837c48c0e6efb8c370d6b62d0cdd15a4fd208fcff13cc6c63e922874c60a7

memory/1324-187-0x0000000075220000-0x00000000759D0000-memory.dmp

memory/1448-189-0x0000000077DC4000-0x0000000077DC6000-memory.dmp

memory/1448-190-0x00000000004C0000-0x0000000000C16000-memory.dmp

memory/4396-191-0x0000000003680000-0x00000000037B1000-memory.dmp

memory/1272-193-0x0000000075220000-0x00000000759D0000-memory.dmp

memory/1448-194-0x00000000004C0000-0x0000000000C16000-memory.dmp

memory/1448-195-0x00000000004C0000-0x0000000000C16000-memory.dmp

C:\Users\Admin\AppData\Roaming\rgcsced

MD5 cb77680df3b88a997837d29478d8a9fa
SHA1 698ea26835510137871b261181e00ca26f1a96a7
SHA256 8bbbf51d4c5404915d1b306121e0226d1f23e88acf635c8cb4f4461dbe142838
SHA512 670dbaf3bfd723aff6b3e7f3fbbaf5db684ff0f2241b65acd8895197f801af63882bdb64ef084ea7781e0f8ec703f9bf1e80c042fa05b634382e79a10c212a81

memory/4928-199-0x0000000000400000-0x0000000000487000-memory.dmp

memory/4928-202-0x0000000000400000-0x0000000000487000-memory.dmp

memory/1448-201-0x00000000004C0000-0x0000000000C16000-memory.dmp

memory/4928-203-0x0000000000400000-0x0000000000487000-memory.dmp

memory/4928-204-0x0000000000CC0000-0x0000000000D30000-memory.dmp

memory/4928-206-0x0000000075230000-0x00000000759E0000-memory.dmp

memory/4928-205-0x0000000005550000-0x00000000055BC000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\06bf4d49ec9bbe3600bb171d3a047bb2

MD5 c9ff7748d8fcef4cf84a5501e996a641
SHA1 02867e5010f62f97ebb0cfb32cb3ede9449fe0c9
SHA256 4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988
SHA512 d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZHSRQ\CrashpadMetrics-active.pma

MD5 03c4f648043a88675a920425d824e1b3
SHA1 b98ce64ab5f7a187d19deb8f24ca4ab5d9720a6d
SHA256 f91dbb7c64b4582f529c968c480d2dce1c8727390482f31e4355a27bb3d9b450
SHA512 2473f21cf8747ec981db18fb42726c767bbcca8dd89fd05ffd2d844206a6e86da672967462ac714e6fb43cc84ac35fffcec7ddc43a9357c1f8ed9d14105e9192

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZHSRQ\Local State

MD5 5b313286479e62d6890a374b9fc1637d
SHA1 e65e7f384c839e5b05891098bf1b04ca30f70180
SHA256 59612f945d055077288eaffdd5e3c5b55d2b4b43a7e80ba1ab9bcea9e6967ba3
SHA512 165a216ec8eb74dd6195243986c1b3a161994cf09385a924cd005f49936677450ab0b6b1f29d604c09982cbf0be6c5923a5bd81eb198761652b983299ec82cd1

\??\pipe\crashpad_4644_SJXCNZTZZRVWYBNE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZHSRQ\Default\Local Storage\leveldb\LOG

MD5 058467540866cb2cae1535be5a445d61
SHA1 73fa87d02ce8b164c5b2ef01c8423db6381c0d5e
SHA256 be3efcbe7021ff1796e833fd9d2dcf240454f8507d82a429b8c25e3ff0689e32
SHA512 ddb2a5010a8594ee58be743b0f843093c7e7a72faa68389df8c554e86cae3966c94f2a2f2aceaee32542b1264443afe324cd1459406ce430ee894d2afbe0a56d

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZHSRQ\Default\Network\06bf4d49ec9bbe3600bb171d3a047bb2

MD5 c9ff7748d8fcef4cf84a5501e996a641
SHA1 02867e5010f62f97ebb0cfb32cb3ede9449fe0c9
SHA256 4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988
SHA512 d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZHSRQ\Default\Local Storage\leveldb\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZHSRQ\Default\Local Storage\leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZHSRQ\Default\Local Storage\leveldb\LOG.old

MD5 17e56d128fb8a42b6ed6e1fa488d61d9
SHA1 1fe8554ebfc84f1322806b8521984ce44c1b548b
SHA256 a33b70bfa6c13c286d8ae063fbecebfe0f4d6b564ea26dd6d069625bf304acb7
SHA512 958b24cdb4192cbd0de73a61423df69d957b1197763c9ddd90b1a6ed5caff28cee34492037cfcc6fec0a8645d29fde88cbfc9576fb7be360cf73b478f8b0ecf9

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZHSRQ\Default\Network\TransportSecurity

MD5 55303cdd0fca2add562bf5e4345f9bd9
SHA1 d31765f4988f4141911ad6223e70011fe52dab4c
SHA256 288374036cada712825f4162e3745fa64d1af3148b35d5c26ea9739d3a900c60
SHA512 2a54b543bc33f66556f09dee53c45a0c2227a823ea3107f5c97045bde403423ff677f09100391851f9207ef590b18b9b62a5474ebb3b6de5ffe9aa8d442e00e0

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZHSRQ\Default\Network\Reporting and NEL

MD5 c47d6603a05fba21ce9ec2bea1d66de5
SHA1 98dd157e5854a13cea7e94ef37b23e3bcb916dec
SHA256 a1f316ac9358474d70e680a78e63f5f5152c14c2b7ee7249553ceeee0cf63e25
SHA512 3b60410675178cf3ff6e8f371e87e9d127bbbf470cb04711b00f5d1ebf812c82def1ce6dafaa21657757c8f208ab0ff093e511903d0777d9613471f44784ad87

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZHSRQ\Default\Network\Network Persistent State

MD5 07a83488d6a2288c6efca037a940f78b
SHA1 3c3276d4d92263a7ff0fa679d0e8e495574ab670
SHA256 e6e0b32cf0272184bf6512a744f1694b6fe3c2c756ea29a7496b1ab44de92353
SHA512 a32bf1df933b7935bb115fc7143c2613e0c23ecf9652a66464fcb73af1a6c1afeb40cdeed9118fc1c230292f0a54d24a702b0828f961f2211dfab337cc078a67

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZHSRQ\Default\Network\Cookies

MD5 c9ff7748d8fcef4cf84a5501e996a641
SHA1 02867e5010f62f97ebb0cfb32cb3ede9449fe0c9
SHA256 4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988
SHA512 d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZHSRQ\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 f73d23884df01be990595a640f62bde3
SHA1 962f194c1c2ee0907cebada7e69630fdccb0cb33
SHA256 01cd437529fc09cad6af9e163bff71fe5f7b1c329dcbe659fcf15234220c9a98
SHA512 a0e4f815a05cb23aafc72644cc5640ef4ec52460f3ae188623b4053d1e086208b0197d15a825084c3463952421bc4bc74491a990d3f5d373d77d0e9c28bfdee1

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZHSRQ\Default\Service Worker\Database\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZHSRQ\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58a6da.TMP

MD5 61a9b6750670c728d9acf50bd6b4e0a1
SHA1 0ccd73814841d504c6a93f806b2254395503e6bf
SHA256 255a6980cab771ea674549a8f12eace01d4181cfa332e6da9d8315ce5dfc03d4
SHA512 b569ede50f9d2e53ad8650af646c892197733a8d4017686591efa3702f782f6b6d2c03b3da3759c2096f8d3fd954be9f1fb7d12f5afa58fd3405a9ead05bc512

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZHSRQ\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\71698776-eabe-4fd4-8c8d-aa5ed89b2c74\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZHSRQ\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000001.dbtmp

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZHSRQ\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 037c3b5a4def82b510c5abb0e88333bc
SHA1 79052c31c5f0de9e845bcaad4916c6d6a591783e
SHA256 1d25a2e7ac7d4df738e1948ab30d2aedaa824d94d38eab6f38a295457a0a5540
SHA512 9bd2a0f776ac4fbd1b1d018d3c938ad2916e67f592f307ac1f36e7e8dcfec71e2adaf5e9cdd6fcd53bb260ff540815214aa45ca9c6c1fc761633775eded8bc6f

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZHSRQ\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 5ce2dbf76e3e5c45253e539b0aaa4d25
SHA1 96cd3fabffa90f4edd04a2ebeaf68a6aa0303000
SHA256 8e9d7f6cf15dc4128372b3531a04a1474d1074bf5e8b597e45fea96e83dae866
SHA512 f6f374ba81c40b1c82742d1c702d625c3c274871f540e7ba416fa3829242955195bc2eb0f7fc0bbff05de511fbcf6a9f3f551cffbc538dd21e2cff4fc88f1ae1

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZHSRQ\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 9d30d87a9623cd22eea401cdf2bc1e92
SHA1 e56804e9025e6dc492d6106398962a5b77f0d896
SHA256 67a0b15823344e75942a1ae200ef78dfd3fa0465b685c829daa15ecf33e9ec1c
SHA512 5405d5433cc5d36226f37e7f33c4c5f5b17982d635746bb7d95aa464ae504615bc79d163e6b40cff747a3f251dc5084514682c3f8e36012b339e6e0fab3d6cd7

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZHSRQ\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58b541.TMP

MD5 66c8af90e1591838e6737e5ee5af7a0f
SHA1 045ae3a77603c3133c6ca699fe6590b34f737eb0
SHA256 8df2e8aaef739186d175bb0390e4c402b5155414bb6b9fc67686b6dc7fc1614d
SHA512 c0f2ec436268bd4a760c930ff0f8da5303e2dbeed65ffa32062aad0f6211800a49ceb10a052a9ad27c11d5e59be6787c43e7d69affbda89b45529cae6a4b7030

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZHSRQ\Default\Code Cache\js\index-dir\the-real-index~RFe58b551.TMP

MD5 1bb8289011661cd3cf4a8d8725efa317
SHA1 9dca8f8b8d07c20fb19cb2ec197bef15409bfa3e
SHA256 81e65b3c5abeee34190cf4c1c1321c432355498a1fc5ea93f458bf0771dd641e
SHA512 b12a9b9a469bf4468e26971030a9ec82a4549fd6ed65dc49720dd2ba8dd551ba8589cdce935448366211bc72bbde4ad4a2b28d6c45a817ac73522d9a59951977

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZHSRQ\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\573227e6-6bef-42bc-9e19-316cfb5d5711\index-dir\the-real-index

MD5 1bb0b0c88af1b1c458d33fcc22e64626
SHA1 915081aba902b7d876b81ee295e48280be3a79c0
SHA256 9f33f91c48757a917d632187150bd383bffb0737f58fda8015d12475c0e90afd
SHA512 e16a61f62b5158fdb26ebae2349601d7d07a78c102801f9cdaf7ca2cf89e2739a880890a7c94029c0cbcd1048b36c12c332151d93930f21eeaf49ecf1eb96c02

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZHSRQ\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\573227e6-6bef-42bc-9e19-316cfb5d5711\index-dir\the-real-index~RFe58b551.TMP

MD5 12a22ffc9e5c0f36683deb563b828c83
SHA1 693417c8b3949b10b519c9bb14a5bc4ed9068f7c
SHA256 a55745e374d8ed81e69af86ad46e440fa8b8d33b1e814075b566e684047fb0ec
SHA512 99e4d37340d454b956c6a315e4f87a1fe51e6874cfceb698f80516f255ac151c5f5ab71065b5e0f999ad49e4b4da78c2926d6724974b449f27e7c17cbb325965

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZHSRQ\Default\Code Cache\js\index-dir\the-real-index

MD5 3d5eb95679fa1801758214c3ea0f04ce
SHA1 9a4875394cc5011fd6ed68780ee233df8d5f4236
SHA256 40369415b6bad52787334430751c3c95b95c6955eecc742be66b8ffb736a511d
SHA512 a645cdeae82e02f0903c51ed569eb8f3733478cef04528a8cd5c700158d12165f22024799eabc4c34ed14258bfadbd1b844303951177e9966ed7b8bf58fc0e47

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZHSRQ\Default\Cache\Cache_Data\f_000009

MD5 f829a51ef8ae3fa5d8c92702674ae95b
SHA1 2b66d13224f985ccdb945b5ba9a957659925fd6e
SHA256 b66d4df8aa7408ed11d690af813f1bf98bc1b94c4901dac791d47b47c4ee6b8b
SHA512 3616e155dc4a1a36af7b787bcbcc51ef90195e3f897ec520b45c4289e20ccdaa773aaa8e9f8c7bbcfe2b014407d8f2e1f69e64b9eb305bfeba739cfed1fc2a45

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZHSRQ\Default\Cache\Cache_Data\f_000008

MD5 0bbbb294e81f769dcd211cf105d38523
SHA1 5f69e302181398ab01e2ebeb238f5a5dd2df812f
SHA256 2dec792acf1105a53b1c8b174dbc6dafe100ee6885aed247eb5cd36902c90c78
SHA512 4e6c06e5ecb131e69907e1f0cce2a20420a351bcd7ab0602577077ccc8edff588b1176fb31a2e4c09e9e5d5460663f95549a07451f095d45312a0f86969533b4

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZHSRQ\Default\Cache\Cache_Data\f_000007

MD5 988d7e7658cf9792f05bbcac3905f8f2
SHA1 5d58bd5ae00d36ba67c9ae5e294828b00793d9ed
SHA256 066aca3681b0fa4f2621e36dbb29b22fab5b381cdcd97d3d4a2e53e2fd45bce6
SHA512 435c99a3eb65609ef8b2e6d139283a406b409a2e4a190a956750330e3b82b0f0ed97f2bbd1c27c5ee347ca9bff5b8a9b7d978eddb15854d9341867f565c398d3

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZHSRQ\Default\Cache\Cache_Data\f_000006

MD5 d574939016c1b0511053c934958d9a25
SHA1 1ebb35cd6af10fce71dcd4778c9bbcd9822ef999
SHA256 ad0ad0fb63aff674e004faa8c826d6523a79532133fc07eb9a2ee5a1d367ec66
SHA512 48758079cd42e05da63126f5119d15a4f79520095d062b67490b637df8fc12d567eaa2ec9c083d747093fbefedc651fbb3a2bc4f2fbbab9b5a09379626a40ceb

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZHSRQ\Default\Cache\Cache_Data\f_000005

MD5 5927c0de61be67b0ec439909ae3e708f
SHA1 5ddebd6d1f2746f63dd2132b418804567150685d
SHA256 5e1d6d330dad169aeda005c9abbab1c62b9dc23f060ca3ea1c9f49eebfc80e38
SHA512 bf6161f025676d370221ef0da686fd510f479a00c8d91e2dc75d7178e27c904ec75c9816bd5b3e940c996774964d5c6368047e0d1bec226f97981a5b53174f79

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZHSRQ\Default\Cache\Cache_Data\f_000004

MD5 117b6fa9275a2447a08de6f831448580
SHA1 b1c629759a6cc823b7ea8722a1215e58df804f8e
SHA256 ceb83e479cbf7789242592a3898cd1b815db08de8fe76e194b5857c3cca8649c
SHA512 de7e62959b10325461bf6f75734fd07ef6155e8066107c8d23e98067d656b2e4c8567b939cbaf1720e031a9f4da9536e2bf923ab7c7746f7bf210f887b0e0f78

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZHSRQ\Default\Cache\Cache_Data\f_000003

MD5 5927c0de61be67b0ec439909ae3e708f
SHA1 5ddebd6d1f2746f63dd2132b418804567150685d
SHA256 5e1d6d330dad169aeda005c9abbab1c62b9dc23f060ca3ea1c9f49eebfc80e38
SHA512 bf6161f025676d370221ef0da686fd510f479a00c8d91e2dc75d7178e27c904ec75c9816bd5b3e940c996774964d5c6368047e0d1bec226f97981a5b53174f79

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZHSRQ\Default\Cache\Cache_Data\f_000002

MD5 299efa539d68d5381b066190c8d98151
SHA1 e82481d465a57d97e6ebcc4991a9fe3f26b57818
SHA256 7be90bc3b447858addf49c8ace729871272525d8552a725342ebbc2e890cca6d
SHA512 08dd1d565c844c7ce1b5c9b6ac5af41292d6dad240b3c2f2066d10d80b39c4192c39103089a9363d254ac43e393512616605e474316673caa4dd926ec6ccfc36

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZHSRQ\Default\Cache\Cache_Data\f_000001

MD5 b38618d73414464c59d36b97cc192b46
SHA1 75df2cccc016c2d27734f5ecfcfdd870b96cc06f
SHA256 160e9bf125ca8f8576df7a0116f3678a8189e7e9328f4fa89d4bc4f226fefb61
SHA512 abc1824b7af9fcb7309c30d625de66394a2c123d0b138307d0e8f953d28cea1bd6241b1110c584228a057f76406f29519abc2ad9074687b2d9384f8884140861

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZHSRQ\Default\Cache\Cache_Data\data_3

MD5 bfad8afdb2fa728d0c12a2015d18c254
SHA1 eb233f050040402a42918ac16090d04c9d704dda
SHA256 f5c7d23879533712dbde6ab73cc3b9e319e942c369e1050228d13dc77b36b7ad
SHA512 4f4043c7148f25f8252ce4d807e15d827954fdeb7fccd15717194b0db3984c10101fca6f4725a6e093b480a34af8ff1ce1af24f97cd8de48bd886af640a130be

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZHSRQ\Default\Cache\Cache_Data\data_2

MD5 029663a259356155cb7f5cab0d85d038
SHA1 392259ec652864da544facf7b22b1b29340a7cd3
SHA256 5a7fa33ae41330750bd5fb83abdc9750e24b152221f2f2c5dded4c3a2b3d10ff
SHA512 f5af3e055ea9dd1a962223790387c76ea52858859f943806f73426a556dfc4cf9525cbfed16cfea84ec77c300d2322fd3e44d782241846152b1c4947cc8c8e5c

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZHSRQ\Default\Cache\Cache_Data\data_1

MD5 7d4a15cf99fcbb61063acaf27e363cd7
SHA1 ea3b20ea506907df17381cff5b6fec08c0c9ce9d
SHA256 ee9e31167bd51abf7d8104b4a16f39ac1b53b9a954e5083498bb4190595c5e9a
SHA512 ca48b2fda72d0dd8a9b9474f3940741146ca26356722ae862d754162a139c587eaeb5cff7757aa48d9c0598bf8b5d93461c65073fc6b83967788761ef2f2e52c

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZHSRQ\Default\Cache\Cache_Data\data_0

MD5 c70cac40b8250689529daa249af95e4d
SHA1 487a6ccd4d33cdf1dd87ffd9b032ad9bed057bc7
SHA256 a28c879f4da3d292cc3c2e2035e1f413b4793f4e1050c2986e41c82ed57dbc0e
SHA512 55db24484aadfe306bc038541a0d0792fd906c0ca932f01663c292a19b2c497267b38f2d3c70aa844a11a36e4ae70d5fb9a3e459ae1fe9c596a574320984d907

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZHSRQ\Crashpad\settings.dat

MD5 1778150b2d1099d62a5d02766c70da62
SHA1 c485dff65832043051a3262740f6a21dd36a0f8e
SHA256 8f5feb046e94b34e3c440efe557d9eca77490c4176bb4afa07903e47e2b018b6
SHA512 c4a7321e4c29b53cb1254d17b064d8165dcd1167d0e18f2aa73823d20affc535b8ef010265d597796fee5f7994ab0f81bffd63da893570bf903492404195880a

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZHSRQ\DevToolsActivePort

MD5 29e500ec65b1deaedf3db19a476c93df
SHA1 f6f805972e255181ca9226dc26f26c7e782b9a23
SHA256 70e17219f88ab5bf73649ba5810af7492f3a482c71ba31556f3407b0aa4bb800
SHA512 7766a240104003b523c3aca875ffeb3497251f36559ead4e68510c882ac03a0cac128dc257fb2b6150ab402e89ea2f302a4403c1638cb9830b8792bc8fbbd51f

C:\Users\Admin\AppData\Local\Google\Chrome\User DataZHSRQ\Default\DawnCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataUTSIX\Default\GPUCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataUTSIX\Default\GPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataUTSIX\Default\GPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataUTSIX\Default\Cache\f_000003

MD5 117b6fa9275a2447a08de6f831448580
SHA1 b1c629759a6cc823b7ea8722a1215e58df804f8e
SHA256 ceb83e479cbf7789242592a3898cd1b815db08de8fe76e194b5857c3cca8649c
SHA512 de7e62959b10325461bf6f75734fd07ef6155e8066107c8d23e98067d656b2e4c8567b939cbaf1720e031a9f4da9536e2bf923ab7c7746f7bf210f887b0e0f78

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataUTSIX\Default\Cache\f_000004

MD5 3275a2ca76dc8f815c70a4debc38bfc3
SHA1 9663dfc792adb040b3592ded101a4245dac871f1
SHA256 ebe640f85df69db0097a2809b7989e98e8dc3ecc07452e9428d2f84667f1c8f4
SHA512 5e44bd94fc0c7b8e8de9a4366eeafccd8b5b230de233d925284bfb0b813c42cc27c1fab7e3bc738bc7fc0cb41c198ee03eb38dffd76bedb594a6ac4ccd996fde

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataUTSIX\Default\Cache\f_000002

MD5 b38618d73414464c59d36b97cc192b46
SHA1 75df2cccc016c2d27734f5ecfcfdd870b96cc06f
SHA256 160e9bf125ca8f8576df7a0116f3678a8189e7e9328f4fa89d4bc4f226fefb61
SHA512 abc1824b7af9fcb7309c30d625de66394a2c123d0b138307d0e8f953d28cea1bd6241b1110c584228a057f76406f29519abc2ad9074687b2d9384f8884140861

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataUTSIX\Default\Cache\f_000005

MD5 d574939016c1b0511053c934958d9a25
SHA1 1ebb35cd6af10fce71dcd4778c9bbcd9822ef999
SHA256 ad0ad0fb63aff674e004faa8c826d6523a79532133fc07eb9a2ee5a1d367ec66
SHA512 48758079cd42e05da63126f5119d15a4f79520095d062b67490b637df8fc12d567eaa2ec9c083d747093fbefedc651fbb3a2bc4f2fbbab9b5a09379626a40ceb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataUTSIX\Default\Cache\f_000007

MD5 988d7e7658cf9792f05bbcac3905f8f2
SHA1 5d58bd5ae00d36ba67c9ae5e294828b00793d9ed
SHA256 066aca3681b0fa4f2621e36dbb29b22fab5b381cdcd97d3d4a2e53e2fd45bce6
SHA512 435c99a3eb65609ef8b2e6d139283a406b409a2e4a190a956750330e3b82b0f0ed97f2bbd1c27c5ee347ca9bff5b8a9b7d978eddb15854d9341867f565c398d3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataUTSIX\Default\Cache\f_00000b

MD5 af3fd9112cfc0b1aec8c5b5774af2e91
SHA1 0d400af10b489087ecfd48cd27fe372b615f0525
SHA256 faf28e677b1fac070c57c3cd187606128c4fd1b5a3886c146d3348719dae3bcf
SHA512 ef8e5ca22d5a89795c65e3d457eebfdf69ab976cd6d3f7470051b3e8a7d915cc2265b55da6ddf8dd00e633d59b937de7629d7627575eb6d6c11a70c3af6e4047

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataUTSIX\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 644b927e4f94947c32930018f57b2b4f
SHA1 832f93f694237cffd2d388933e2b277d4c73d522
SHA256 eed1844cfa93daaaf173cd41c7a978ed053fbece5e9b1b22db01205c4a03ad63
SHA512 b9a4f6e53821a676437fccfa82b72d31c116729239bd2a034800a0667cbbc5a3e0afa18879efc60abffdef630a9b28b6dc419e50445788012fe5e124472287ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataUTSIX\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 baf9fa311088aa9ad23cbf1e8353e3ba
SHA1 0e7a4f725e788a07940a18b4edfa7c95dba0c3b6
SHA256 12749d0377e6a8b8a3dde1b211b25a7a6c01502f3e4fa8c1ed092eeb348f0f19
SHA512 a0e10fbda954c12e95959263d431b4bb40814773c5231ba297ed8c946deb442000a9a8be6b8fbeefac53345f32c2f1bdba473dc12c55e7771506d4511c1c7a74

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataUTSIX\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 912d9799f8eaee905079bde03bf944c8
SHA1 02643e2e7f6a1e4c819ecb00a42e5126a03b1181
SHA256 559448cece7e1f7dd7a28b34c8cb754b8d730c0a26ef967a3af56403976f221a
SHA512 baa5985e27bb4f09e8cdbefd54c95d535c9781b460b1e684db3f1e8423618cf88269dfee493862dd4c782878a10d7caeb1dee212063ac9376546be66561613c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataUTSIX\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 48a9aeb8ba06fafc0d79d2016a4ad44e
SHA1 a0b6af2ef990a2d7ef55209ad33b74ec8cbec640
SHA256 d04bb97c7a2d84d7031f95192c59bf279163b594157ae17d173185945802d36d
SHA512 992bccdc14d7651f2ee29214d20171cb6c9629564f15d82d2cdbcbb37b7b007518ee0823277a4c19bf85c83eb25c1f8c641fefc61fb89dd05c48e85c32cf1081

C:\Users\Admin\AppData\Local\Temp\1000074001\toolspub2.exe

MD5 a137245d8bc8109c4bc3df6e2b37d327
SHA1 ed8973e65b2aacb60683787831de37e7c805fa6c
SHA256 f342950ea78a3910911df852de530912090acea09b895e299d4ba0132ee146ee
SHA512 5d83e91ac5862c62d5b90418a75feaedcffb01aa2a396d1cb71c11d9dfbfb0e415d38687ce0736b7159f874835ace02f27d11067b2ab6b81f58a948f10fabc00

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataUTSIX\Default\Cache\f_00000c

MD5 9f1c899a371951195b4dedabf8fc4588
SHA1 7abeeee04287a2633f5d2fa32d09c4c12e76051b
SHA256 ba60b39bc10f6abd7f7a3a2a9bae5c83a0a6f7787e60115d0e8b4e17578c35f7
SHA512 86e75284beaff4727fae0a46bd8c3a8b4a7c95eceaf45845d5c3c2806139d739c983205b9163e515f6158aa7c3c901554109c92a7acc2c0077b1d22c003dba54

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataUTSIX\Default\Cache\f_00000e

MD5 52129e62d5eb39c400e5e8ffc3f513c4
SHA1 f39c492c3c726ea266f2362ebc8902b53d0a677e
SHA256 37357ff2feb91efca153a9b27888fc16ba4e4eab4bf3d9371f9a7569d51542ed
SHA512 df751708c513cae8f07db74efd0d42ad1a855efbf9b192db54ada84cf38113d5b8aae6cbea630482731739086cec8d8062c4f13ab5ed45f8bae735c4c5cf2cee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataUTSIX\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe590342.TMP

MD5 d873f32e315bf4805feece0c49b2c300
SHA1 ce758f42aac55b75b32a15807033c6612880fef3
SHA256 c0ef7b40112369125d4c0f5173ebb30cd168a1af706d73b20989698c41102cd2
SHA512 4c0ff80edc82981f73a18ce6c5e7a7f28bf4eca5682d663ff808c4572b0b79841b1b839dc170f4d276e20488d7430ecac54d07eeaa97c6651cfe881005dbd4c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataUTSIX\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\69bf904f-b29b-47d3-a955-4537c901c240\index-dir\the-real-index

MD5 347abc62b75f9c302be2a0e752d1a7bd
SHA1 6b0c9e86bf691ab81b06cfae6be117611c09f083
SHA256 d997e14a6cb62657c03ac91633e16885d69bbf754676c37bc96bccab7c754f45
SHA512 c0af6a2c964e44ad4bdd56aabb19efd9fdfd83b1e318e1d42eb285bc7fe9b61de215b1454283478e30c4808d7f1c5f2c5bdfd472a9a59961d37730c29762664f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataUTSIX\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\69bf904f-b29b-47d3-a955-4537c901c240\index-dir\the-real-index~RFe590371.TMP

MD5 d93de734a8698d08b817679a671dc1c5
SHA1 9bab72b710a52e447de7ca5967438101458accc4
SHA256 46bb3cac1c436233539c3c1416312b81c0c77609dede3f7cd65269b465689ea6
SHA512 d874a2f04db5a9201eeaa03d6be80c976cf85190053f8945222f95b56b10d145b7bb18ba025817bc67bb462e49ac195acd61a2a746632bc31330bdc6444556c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataUTSIX\Default\Cache\f_000015

MD5 236df4b6091f1a89b5a89ceb8179eb42
SHA1 489293dc1f1f5d365ecc362cc98af260e98e67f4
SHA256 37387b6d45102bf4ac9fbcec531b0c1c4910226d66e561279e46b7d9dd9b208a
SHA512 db76b4d52df9deb370f4bf2ab58bfd178fe54a50ecdbf52c0f85c4262ffd680e5e1c20a533c93d21fa046484f88e4350e7591d483363a2f94b99b952eedc5c99

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataUTSIX\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 8e25258b11c1fa23620bc1ea7c527aa1
SHA1 09012c2c583edda28143285394bacb0d15a38356
SHA256 201e7cf46aaabd746b67dd597e473427ae59f83269e32be6b2d8bc833c73b20f
SHA512 7f2500c41aeda39c8eb36fa2e6683de7c918385c1b154b33b80dd88b6f008d6da773738da7f8bf806e515a6180e09bd4dd482ab6555ca635ee67c87843f9ca4e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataUTSIX\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 643142c71a44b44a531b24de0c90bc63
SHA1 b84f391216bcd0d56d7256e061380397243951a0
SHA256 31158a1e803046bdebb5f0174186fc66a042740894ef8876af68af296ff57159
SHA512 858b8fb96b325ef7006424934d52901b750504d1d22aabca85d292557bd8dcb2502d11a6dae6a399cbb1e3dfa9d4dfa7af365eb79781aa801743ba30139a50ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataUTSIX\Default\Code Cache\js\index-dir\the-real-index

MD5 45afbd23096dff735c51beea49fa4f9d
SHA1 f8f0acaac72f2a6b6bf3d4d1fc0c818f9dff92ab
SHA256 4f7e78aad5875bf919f3dbb0867f43aa0fc20a48baac46e007d246f638eb48c3
SHA512 f81491ce23b5cc53a30c4d6abed613fe1afea77db11687106b5d0406bc0ee4e5bf4c66f0b2f39125143f7fd68dade327236790d3f4230fbb295b5e52b65693f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataUTSIX\Default\Code Cache\js\index-dir\the-real-index~RFe590342.TMP

MD5 b47a8f708d371cd6daebbf9ceb6f8fa1
SHA1 233c58a0a3d44f12cb3dad9a47c0fe77904bd32b
SHA256 975185b1e3f4577bfd69c88863398bc94a9bd3a8f3d29e70fa3ae5984e9caf92
SHA512 515a87a6d678d95ccacc565bd262dd5c2c5162f914d4621af09d0353bd4212cb7b4234f72df70f6f7b03c808572ae53aba729351d75a69130eecc8b5e5b4e7f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User DataUTSIX\Default\Cache\f_00000f

MD5 21dc60631385b40632f8614ea68b38bd
SHA1 37835a51d3179efb17df38b454103ff7f0a15e33
SHA256 50614d956ae125db1b18e061630f72ca8db2a324f71a52e3d2b58e09db95c1d7
SHA512 c770e763b28e811a40e1340bbb297602ed6b99dd0a4817f52729fd8447c8b28f06a71a338f7bf9f22104f2543e509bd57cfd6955e0133f0417255fcf8b5ea681

memory/5632-1036-0x0000000000400000-0x0000000000409000-memory.dmp

memory/3268-1044-0x00000000080F0000-0x0000000008106000-memory.dmp

memory/5632-1045-0x0000000000400000-0x0000000000409000-memory.dmp

memory/5680-1052-0x0000000000400000-0x00000000004FE000-memory.dmp

memory/5680-1055-0x0000000000400000-0x00000000004FE000-memory.dmp