Malware Analysis Report

2024-11-30 02:06

Sample ID 240330-kgehpace52
Target https://github.com/abdiiiel/EL-Cr6ckeds
Tags
rhadamanthys stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://github.com/abdiiiel/EL-Cr6ckeds was found to be: Known bad.

Malicious Activity Summary

rhadamanthys stealer

Rhadamanthys

Suspicious use of NtCreateUserProcessOtherParentProcess

Drops file in Drivers directory

Executes dropped EXE

Suspicious use of SetThreadContext

Program crash

Modifies registry class

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

GoLang User-Agent

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Modifies data under HKEY_USERS

Uses Task Scheduler COM API

Creates scheduled task(s)

Enumerates system info in registry

NTFS ADS

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-30 08:34

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-30 08:34

Reported

2024-03-30 08:36

Platform

win11-20240221-en

Max time kernel

114s

Max time network

119s

Command Line

sihost.exe

Signatures

Rhadamanthys

stealer rhadamanthys

Suspicious use of NtCreateUserProcessOtherParentProcess

Description Indicator Process Target
PID 3920 created 2812 N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe C:\Windows\system32\sihost.exe

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\drivers\etc\hosts C:\Users\Admin\AppData\Local\Temp\Temp1_NcCrack_Loader.zip\NcCrack_Loader.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\ProgramData\driver1.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 4988 set thread context of 3920 N/A C:\ProgramData\driver1.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

GoLang User-Agent

Description Indicator Process Target
HTTP User-Agent header Go-http-client/1.1 N/A N/A
HTTP User-Agent header Go-http-client/1.1 N/A N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133562612797875496" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\NcCrack_Loader.zip:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2684 wrote to memory of 1464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 2340 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 3420 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 1868 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Windows\system32\sihost.exe

sihost.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/abdiiiel/EL-Cr6ckeds

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9c9139758,0x7ff9c9139768,0x7ff9c9139778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1820,i,697064956982916359,7501552664452552088,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=1820,i,697064956982916359,7501552664452552088,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2176 --field-trial-handle=1820,i,697064956982916359,7501552664452552088,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2976 --field-trial-handle=1820,i,697064956982916359,7501552664452552088,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2996 --field-trial-handle=1820,i,697064956982916359,7501552664452552088,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=5052 --field-trial-handle=1820,i,697064956982916359,7501552664452552088,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 --field-trial-handle=1820,i,697064956982916359,7501552664452552088,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 --field-trial-handle=1820,i,697064956982916359,7501552664452552088,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2412 --field-trial-handle=1820,i,697064956982916359,7501552664452552088,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 --field-trial-handle=1820,i,697064956982916359,7501552664452552088,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1820,i,697064956982916359,7501552664452552088,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\AppData\Local\Temp\Temp1_NcCrack_Loader.zip\NcCrack_Loader.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_NcCrack_Loader.zip\NcCrack_Loader.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -WindowStyle hidden -Command "Add-MpPreference -ExclusionPath \"C:\ProgramData\Microsoft\\\""

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -WindowStyle hidden -Command "Add-MpPreference -ExclusionPath \"C:\ProgramData\""

C:\Windows\System32\Wbem\wmic.exe

wmic csproduct get uuid

C:\ProgramData\driver1.exe

C:\ProgramData\driver1.exe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe"

C:\Windows\SysWOW64\dialer.exe

"C:\Windows\system32\dialer.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3920 -ip 3920

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 488

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 3920 -ip 3920

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 524

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

C:\Windows\system32\schtasks.exe

schtasks /create /tn WinDriver /tr C:\ProgramData\Microsoft\WinDriver.cmd /sc onstart /ru SYSTEM

C:\Windows\system32\schtasks.exe

schtasks /create /tn WinDriver /tr C:\ProgramData\Microsoft\WinDriver.cmd /sc onstart /ru SYSTEM

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
DE 140.82.121.4:443 github.com tcp
DE 140.82.121.4:443 github.com tcp
DE 140.82.121.4:443 github.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 185.199.108.133:443 objects.githubusercontent.com tcp
NL 142.250.179.202:443 content-autofill.googleapis.com tcp
NL 142.250.179.202:443 content-autofill.googleapis.com tcp
US 185.199.108.133:443 objects.githubusercontent.com tcp
US 185.199.108.133:443 objects.githubusercontent.com tcp
US 140.82.114.22:443 collector.github.com tcp
US 140.82.114.22:443 collector.github.com tcp
US 140.82.114.22:443 collector.github.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
DE 140.82.121.5:443 api.github.com tcp
NL 142.250.179.202:443 content-autofill.googleapis.com udp
US 104.20.138.65:443 tinyurl.com tcp
US 104.20.138.65:443 tinyurl.com tcp
N/A 224.0.0.251:5353 udp
US 162.159.130.233:443 cdn.discordapp.com tcp
RU 89.23.97.199:1445 89.23.97.199 tcp
RU 89.23.97.199:1444 89.23.97.199 tcp
GB 23.213.251.133:443 cxcs.microsoft.net tcp
GB 2.18.66.41:443 www.bing.com tcp

Files

\??\pipe\crashpad_2684_ZMTDWJENXKAJEODI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ab129008eef447086f4075ddc5078099
SHA1 7c62d8c1d50d643ab6ce1289dec200a448cd7936
SHA256 85afaf805cf5a9df1e263cdeb2dc6dfd687af6158f405a348ad6ba8baee5c8f7
SHA512 cc28d315e395a4e075d631cdb49ea49933585bfb463f517edf64dc55c94c972fc2a4405c1866560b5e73c0374895171109e9b22bf6183f2ae5e293899fe8f3a7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ea43f0020b133a80ba931208641b77d7
SHA1 f69c4214637239468deffe9f871bd6d1a7ca3160
SHA256 eee5a634f0d569e87256bbc84d881572ba7bf1ed06c012a33c0331f2799acd14
SHA512 a3564b2abc51669fda4526a4545e55cd6e61ea223ff3e213d37f8bd66483b2791e9d1a153bcaa30a44a160634ea789b9b345eeda4d6ff0151373d7c5eafd831b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 88e5cb49d4d2fd351f6540e9f5c052f8
SHA1 ace64d3677d57a92d8bbc3155485b4596a2be0d8
SHA256 ee9400ee2f0581936c089119074547ac8b3ff158c5c46971826cbd9ae53cd2a1
SHA512 42df30bac6c73716b465756a07980d596133f93122399b92f98850f30a29e3b275026d91537ad46c176d5dab72c97fc88e45594df62b77f46d2f0f01a2dc3f80

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 b5826ab4d93855c717963e54392bee07
SHA1 c7492ac84a5c0e9dcb682189fdab030f375c73e6
SHA256 60446b56e56422ce8a57bde40532d98428159ee65667ae5077c3bcdedd7ce516
SHA512 3e8dee8174987be63e743381f2d7786a604ed2fe0a0022d04a962c252819fb0bac52384ff148352bc2eac82698b8e5862d4065ee23e96c0914ec58ada8a8be76

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6abad23b96cd8fb289003dd5f5e3eeb2
SHA1 f27fd7d781547e5901fb17e7d17c0f37b794cc66
SHA256 eb21e347972337353dc58985ceabb4068984d7a3b2312348233704cba9a9e0e2
SHA512 4661b7ad8c1bf7aed5d1704aa8b0db55ae26e003cc3d24d916b9b1f06cf18a2e8e751956cb3f568a9c40b30dae70399acc8d123dcd8e91e72a71654084f742f7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 705d66a4f49cc565375b7eb53b9cf605
SHA1 555c0b33acc6c6b436e79f1413c326971580e8a0
SHA256 47e64e863d612d79221a4fa234e9beb69c7d686f78e2f082062732ad2c67bad8
SHA512 47c5c1a13541cf4050e8888125d190da8385d77ccf883fab73b206cf2366b934f0177a6ed96c9e5ab47c21223a38448b3ea48e17ea600c472907802e6d1f637c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4515499fc42bf994c7e0241a5c95f32a
SHA1 55c4395d8dd4a141c6964749ce5eac5d89c76928
SHA256 e83bfcf95e12fa1370dc94255c60ac48a41f3d80474ed8c8a208b86a462db400
SHA512 a6b92d6af03ef8da218abf37246927244f4b509e03b8b83a6acc541ec8f16dc75f981497dab420026ad166d5b9e46cc401e757c3cb7d1fad0f529642f94d0cd5

C:\Users\Admin\Downloads\NcCrack_Loader.zip.crdownload

MD5 04080c560c3230e46bedb6c414997e91
SHA1 44764c0da6c18973809b8d26b7171efb0797ae1f
SHA256 590426a6559f3571dc7d0b3d9c4a22630f96ca543e3f5cbba2640dd8b8ef5819
SHA512 f9c0a9ff8bd391f710bac9f00aa4e8ad18a0f90de8ece98c00d826adbfc57d1072e950f1c6112dbb09096962a664f1ea5efa560028819a783411e47e0cb3b3c4

C:\Users\Admin\Downloads\NcCrack_Loader.zip:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 4397d6c229736094be75c4ae850309e1
SHA1 b6999ebed74f1f27b39c8ca0e9d731e1fdef2ac7
SHA256 ebceae4428b019538888b03da53ff27282b09e9b5ece191f6b0137c47db7ce54
SHA512 1be470d818df80da2886ead2fe95b0e84b297c64e67e63ed6eba50c3c8a58cf38faf7009911ec79ff83272aafd7acd86bee56c4a3dc509e4e8b1904840059da2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8417a8267708b42589ba6773216e2054
SHA1 e9cf3ebf2a903689e1b756695f9b44d562578b14
SHA256 4489b48a1a36a4407b20e86b4cf28bf830bd20cf07903f09f0748bb50e046ecf
SHA512 102ef52759f619005f8d58b0ee761dc779c0ac19b221108aedecc4155bdc04c41f5b09f476f754ee467e493196ac25e4944dcfcf4b52a3e4cf0d550e0ff43e0f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe583832.TMP

MD5 5f24b69c186ee956227f6e3ca09e0751
SHA1 dd9e74ca8442a0bd813f990f6987a051a6e4b80e
SHA256 833db3b29aa2661905e6c229998fc0c64a03f4cce35898fc9b1744c15baa8ba8
SHA512 695b0d5e09822df3134b5f05ea2e5d3a0eebcbc0f0f247922049c4cc6b8adf149544e4d8d1579b1cb0c0da2d8caf286eeeb27079a2111a6f7a38c8806072dd7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 dd098463df226f6bd435483cc4f8c327
SHA1 c9fd967d44f3441c6dca7c2362ed03c4c6eb2e7b
SHA256 7531a030bb15642a1d8d03387dd0ef19d90700d137e4ddee9218dc09829433ef
SHA512 ac041a5f26ff40627bc49593acb0b03ba3431fa6e8b6970fb0d3867ec0321130552d786b002d40bf6622fbe90dcd7a1d4d3c47e04eeb0cb56c2aad838c7d38e7

memory/2352-238-0x000002813EFD0000-0x000002813EFF2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_exxamdqq.utg.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/2352-247-0x00007FF9B3D10000-0x00007FF9B47D2000-memory.dmp

memory/2352-248-0x000002813EF70000-0x000002813EF80000-memory.dmp

memory/2352-249-0x000002813EF70000-0x000002813EF80000-memory.dmp

memory/2352-250-0x000002813EF70000-0x000002813EF80000-memory.dmp

memory/2352-253-0x00007FF9B3D10000-0x00007FF9B47D2000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

MD5 627073ee3ca9676911bee35548eff2b8
SHA1 4c4b68c65e2cab9864b51167d710aa29ebdcff2e
SHA256 85b280a39fc31ba1e15fb06102a05b8405ff3b82feb181d4170f04e466dd647c
SHA512 3c5f6c03e253b83c57e8d6f0334187dbdcdf4fa549eecd36cbc1322dca6d3ca891dc6a019c49ec2eafb88f82d0434299c31e4dfaab123acb42e0546218f311fb

memory/2076-255-0x00007FF9B3D10000-0x00007FF9B47D2000-memory.dmp

memory/2076-256-0x000001DFE9A00000-0x000001DFE9A10000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 1a9fa92a4f2e2ec9e244d43a6a4f8fb9
SHA1 9910190edfaccece1dfcc1d92e357772f5dae8f7
SHA256 0ee052d5333fd5fd86bc84856fec98e045f077a7ac8051651bf7c521b9706888
SHA512 5d2361476fa22200e6f83883efe7dcb8c3fe7dae8d56e04e28a36e9ae1270c327b6aa161d92b239593da7661289d002c574446ecfd6bd19928209aae25e3ef64

memory/2076-266-0x000001DFE9A00000-0x000001DFE9A10000-memory.dmp

memory/2076-267-0x000001DFE9A00000-0x000001DFE9A10000-memory.dmp

memory/2076-269-0x00007FF9B3D10000-0x00007FF9B47D2000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 eb9e91651a2fa8e27f9e68f66bfe4a03
SHA1 ebfd7273f3572da5965a2274658352b9a43c2f16
SHA256 91b7b1ef757724da8400045d3b5e8f404c018893f5bc63e29ba0afef684825d4
SHA512 5b894e046c34eb02b98709781267135643cc7a857ffc20054731374c45e20a38ab59d148806c010eb516a06b310f021703b6d49a9440dc722c5357fd04a2eb61

C:\ProgramData\driver1.exe

MD5 638441e77a23459d4056ead6482a073c
SHA1 173d98ceb34d8b273d81d0f7a7238e9452489236
SHA256 2c6b82e9412a9512460007661739e416016b02d096f27fd704dda4565fdccb89
SHA512 400092921ce49b866c5ca8abd027674794715a99b30d4945458ba59556ffc517f4aab961f116573af2980e4b3dea720bd22910d22147bfa358be7256a89349d0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f011cd96e056072fc87e270a8044709d
SHA1 affc5c10a93a40a500182d5fa2324a7975d9bfee
SHA256 7b416cf2ad4c467f076d29f5e1c4f6f6ae62df98c05e48dffa4f1bcd56f54906
SHA512 8b62e5cf32c45a3007b19887ff5eed08324c0ec5cbf009f2e6c558a3ce7c72bd34f71249718c783cf7b19098249f0ebd76c22de75151c6cfce036ff8dd03c2ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 31b60ca6d5185d4ca50c2e23233c319d
SHA1 186b0ce09cf62a3cc9908b3ce169f255f0b2d190
SHA256 7fe5b5234207eb0ad40a96aad6e34ef23ce498706d48ddf60be596864e9ba674
SHA512 fd4d8a956303456bb9c874a30cc4a0b8f6c3bffe284312b9de25eeb8c63572e539f192bc7821fddc23353bc6deb013d40b1f53e93d3b999a09c4118c26c74c38

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 4c7e13f7bd4489362c437fc66d0847a7
SHA1 ef7b66b61dc84c9f3ea87945657d6a765f6a8400
SHA256 bc0f8d91f67371c4a7f6df32a9a028bc800dfc74402aef353764ecc5167864b7
SHA512 06edae1f2de1e27f8a304eb795f7bb7b2edd4515886247dd415d51163729f55f261a465a629b53e43b4dfabe3150ed4854f1aa9ed5152d170bd5f044a95d9759

memory/4988-376-0x00007FF777EB0000-0x00007FF778301000-memory.dmp

memory/3920-377-0x0000000001170000-0x00000000011DD000-memory.dmp

memory/4988-378-0x00007FF777EB0000-0x00007FF778301000-memory.dmp

memory/3920-380-0x0000000001170000-0x00000000011DD000-memory.dmp

memory/3920-381-0x0000000001170000-0x00000000011DD000-memory.dmp

memory/3920-382-0x0000000004190000-0x0000000004590000-memory.dmp

memory/3920-383-0x0000000004190000-0x0000000004590000-memory.dmp

memory/3920-384-0x0000000004190000-0x0000000004590000-memory.dmp

memory/3920-385-0x00007FF9D8480000-0x00007FF9D8689000-memory.dmp

memory/3920-386-0x0000000004190000-0x0000000004590000-memory.dmp

memory/3920-388-0x00000000768C0000-0x0000000076B12000-memory.dmp

memory/3108-389-0x0000000000360000-0x0000000000369000-memory.dmp

memory/3108-391-0x0000000002390000-0x0000000002790000-memory.dmp

memory/3108-392-0x0000000002390000-0x0000000002790000-memory.dmp

memory/3108-393-0x00007FF9D8480000-0x00007FF9D8689000-memory.dmp

memory/3108-395-0x0000000002390000-0x0000000002790000-memory.dmp

memory/3108-396-0x00000000768C0000-0x0000000076B12000-memory.dmp

memory/3108-397-0x00007FF9D8480000-0x00007FF9D8689000-memory.dmp

memory/3920-398-0x0000000004190000-0x0000000004590000-memory.dmp

memory/3108-399-0x0000000002390000-0x0000000002790000-memory.dmp

memory/3108-400-0x00007FF9D8480000-0x00007FF9D8689000-memory.dmp