Analysis Overview
Threat Level: Known bad
The file https://github.com/Lachine1/xmrig-scripts/raw/main/linux.sh was found to be: Known bad.
Malicious Activity Summary
xmrig
XMRig Miner payload
Blocklisted process makes network request
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
Drops file in System32 directory
Drops file in Windows directory
Command and Scripting Interpreter: PowerShell
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
NTFS ADS
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious behavior: LoadsDriver
Modifies registry class
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-12 12:16
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-12 12:16
Reported
2024-07-12 12:47
Platform
win11-20240709-en
Max time kernel
1800s
Max time network
1801s
Command Line
Signatures
XMRig Miner payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
xmrig
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Videos\xmrig\xmrig-6.21.3\xmrig.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133652602411819235" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \Registry\User\S-1-5-21-95457810-830748662-4054918673-1000_Classes\NotificationData | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\GroupByKey:PID = "0" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 3a002e80aba36ff8d270c74f9c99fcbf05467f3a260001002600efbe11000000eff29cd118d2da0129a9d7d218d2da01f81d850619d2da0114000000 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\Mode = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\FFlags = "1092616257" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\FFlags = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\GroupView = "0" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\IconSize = "96" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000050000001800000030f125b7ef471a10a5f102608c9eebac0a000000a0000000b474dbf787420341afbaf1b13dcd75cf64000000a000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000900444648b4cd1118b70080036b11a030300000078000000 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Videos" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\LogicalViewMode = "3" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\GroupByDirection = "1" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "2" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-95457810-830748662-4054918673-1000\{88D7A32C-E820-44AF-BF3C-5F917808AB12} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Local\Temp\5d03095d-b35d-4a3d-8928-be38d85929fa.tmp:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Lachine1/xmrig-scripts/raw/main/linux.sh
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe075fcc40,0x7ffe075fcc4c,0x7ffe075fcc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1768,i,4924427362135946409,8395404510710546486,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1764 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1988,i,4924427362135946409,8395404510710546486,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2064 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,4924427362135946409,8395404510710546486,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2476 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,4924427362135946409,8395404510710546486,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3132 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3104,i,4924427362135946409,8395404510710546486,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3284 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4372,i,4924427362135946409,8395404510710546486,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4104 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4360,i,4924427362135946409,8395404510710546486,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4352 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4776,i,4924427362135946409,8395404510710546486,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4736 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4804,i,4924427362135946409,8395404510710546486,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4812 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe" "C:\Users\Admin\Videos\windows.ps1"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=984,i,4924427362135946409,8395404510710546486,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4660 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4876,i,4924427362135946409,8395404510710546486,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2704 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5300,i,4924427362135946409,8395404510710546486,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5312 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5332,i,4924427362135946409,8395404510710546486,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5460 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5208,i,4924427362135946409,8395404510710546486,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5540 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3516,i,4924427362135946409,8395404510710546486,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5748 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5292,i,4924427362135946409,8395404510710546486,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4420 /prefetch:1
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "-Command" "if((Get-ExecutionPolicy ) -ne 'AllSigned') { Set-ExecutionPolicy -Scope Process Bypass }; & 'C:\Users\Admin\Videos\windows.ps1'"
C:\Users\Admin\Videos\xmrig\xmrig-6.21.3\xmrig.exe
"C:\Users\Admin\Videos\xmrig\xmrig-6.21.3\xmrig.exe" -o xmrpool.eu:3333 -u 88tYpqdgCC1da3kLmaVyZhEUndHhuTQH2d1wnA7uPKLHaA5Ri9tU8pmR7SMuhR7emSDLRYnjUkTouQDkU4jr8UFwJawxoxs --cpu-priority 8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.109.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.16.238:443 | lens.google.com | tcp |
| US | 104.21.38.221:443 | goo.su | tcp |
| US | 104.21.38.221:443 | goo.su | tcp |
| US | 104.21.38.221:443 | goo.su | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| RU | 77.88.21.119:443 | mc.yandex.com | tcp |
| RU | 95.163.52.67:443 | top-fwz1.mail.ru | tcp |
| RU | 88.212.202.52:443 | counter.yadro.ru | tcp |
| GB | 172.217.169.74:443 | content-autofill.googleapis.com | tcp |
| DE | 151.236.71.248:443 | st.top100.ru | tcp |
| RU | 81.19.89.18:443 | kraken.rambler.ru | tcp |
| RU | 81.19.89.18:443 | kraken.rambler.ru | tcp |
| RU | 95.163.52.89:443 | privacy-cs.mail.ru | tcp |
| US | 8.8.8.8:53 | 18.89.19.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.52.163.95.in-addr.arpa | udp |
| RU | 95.163.52.89:443 | privacy-cs.mail.ru | tcp |
| US | 74.125.250.129:19302 | stun3.l.google.com | udp |
| US | 74.125.250.129:19302 | stun3.l.google.com | udp |
| US | 74.125.250.129:19302 | stun3.l.google.com | udp |
| US | 104.21.38.221:443 | goo.su | udp |
| US | 104.21.38.221:443 | goo.su | udp |
| GB | 88.208.215.108:443 | pastelink.net | tcp |
| GB | 88.208.215.108:443 | pastelink.net | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| ID | 103.145.227.179:443 | pastelink.id | tcp |
| ID | 103.145.227.179:443 | pastelink.id | tcp |
| ID | 103.145.227.179:443 | pastelink.id | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| ID | 103.145.227.179:443 | pastelink.id | udp |
| GB | 79.127.237.132:443 | fonts.bunny.net | tcp |
| GB | 79.127.237.132:443 | fonts.bunny.net | tcp |
| GB | 172.217.169.74:443 | content-autofill.googleapis.com | tcp |
| GB | 172.217.169.74:443 | content-autofill.googleapis.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| DE | 157.90.33.71:443 | g0wow.net | tcp |
| DE | 157.90.33.71:443 | g0wow.net | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.108.133:443 | objects.githubusercontent.com | tcp |
| GB | 51.89.217.80:3333 | xmrpool.eu | tcp |
Files
\??\pipe\crashpad_4900_FLHGMQEDMCFYXHZW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 146cc469b74c521d69e38001c327167c |
| SHA1 | 495bbeef2f30ebb1a6d388e054dfb3050253a1d2 |
| SHA256 | 480c32c1f28e55bdcd42d62530639147aa929c5de0013ea834de2cc0f79e539d |
| SHA512 | 194021d0fbac0402f6f71249e1965b8448d5cca136c015a21ea726c2a7cebf2876b0bf4f7e8355fb441cd87bde984c89792fa32ea03a403f12df8522934070bf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2f85d06a5b58d18548526d7d9dbf0a96 |
| SHA1 | 0802230f92917f06f2cc78ac20186e4f2c02b42e |
| SHA256 | 60d5e0da0e18c3c3ec0b051d618beea472a8dee9fee23864cb3a2aecb5c7f437 |
| SHA512 | 2ad8d4cce59af00da34d9f19dade4eee2a5992e6a83578ed5099258ef6c1d7c2c035992f0d76a35a097cb587ad1255314b44717465eb63b71a51ebcb75b0e9bb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ff6663ce118233d56dac67340d0e470e |
| SHA1 | 94bcc1a25b898fba500e86bfde5081ca1f666dc0 |
| SHA256 | 0097479d8a7845fb70d97e27c87be2e163e8e0762f4f57c517df0a3c566a1402 |
| SHA512 | 06dd8418d0f5a17db323056ea648d72d14bba571916bf3361ad78eb1910288c6d63005cde2e4f76822a0b19a84d7d30839ddb768b5b262d6a0b5b04ad0a32b35 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b4cc41977c93b6b1d4d70a7ea7932579 |
| SHA1 | 2ee9dfbf36dbe27a60dc95a3354494dc209681fb |
| SHA256 | dcc3b2b163fb5c9d54b4b7ef07833abf4faa385dcea9daf8edb8fba5ea9b4968 |
| SHA512 | 0246189dc1be5e20b6a72b629585b2dc7191bdec12e125edc954f85e7ca520500bdd29ec4bd0437e3a69158a3c10a307aef6c2b1faac7b8446d6360ec272a6c0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d8e06e686cc71f50b3f315cf77d5ea6c |
| SHA1 | 7dbc3595fb4e3f7a0bcbd4bd47b2a8f37c843e43 |
| SHA256 | 0fc44ec2463143dcf97eb0724c49e35e6ed6af85e9148e3f6ddd257eb95f8781 |
| SHA512 | 4997985c15af22fac6c7e50fdb1df6a473d92a5292b73463aeb9b29beb33d41142cf5ccac4a72e2af9f491c6d8aead4728e7a09914f7fd5b242227ab6355619b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | de89c5cecde0fb3bd67e711ee9561f22 |
| SHA1 | ce4ee2ae7b542cced1bf5e2e2f0d35ec7a281b37 |
| SHA256 | 6e7bcf5f52acbb829007dcefdcda5cf8cc25b2fbfa944e2b4483826eb2072e33 |
| SHA512 | cc52c8a3f957a7362b45e5dd123f0bbeed4ee1d01d69245eaa4a292ab1a009e9dbd369adc908064cfcf435afa8a0707d7ade7072daa06c2735f7d009a195784c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 90b2013707babab672a64fa17716d2da |
| SHA1 | dfa133be9affc5213806fc7d4232ff0e6e8ffe1b |
| SHA256 | 2188ed6a7fffc13f806b54adaa36340bc0564344dc4845fc127f0b671922bdce |
| SHA512 | 508558d0f3eb3c4f778f20bd750d3c4d773ab1aacc07fd6ce9752472a2bcc6714510f663509b10ac271bc0d688ff08df13cca915f8c09e194a58272ca90b685c |
C:\Users\Admin\AppData\Local\Temp\5d03095d-b35d-4a3d-8928-be38d85929fa.tmp:Zone.Identifier
| MD5 | 443ea2dadbdd404834e85371bfe17999 |
| SHA1 | d9064a33597994d405d7ccb8126c12782bce886a |
| SHA256 | 6ed512da301d5e8373213540c799352231484de9320f21964f65dd1ee025d19f |
| SHA512 | 0dd46f19ff2fb69a9637ac9d0f26eaa5d730a491aa518770c9f289f39d397fb0f2525afc646644241ddbe9e9886325f2ad4ca0ab49183d79a2c80a82ad8eb11d |
C:\Users\Admin\AppData\Local\Temp\5d03095d-b35d-4a3d-8928-be38d85929fa.tmp
| MD5 | 38181352d7fdf3fbbecc10ddfcfaddde |
| SHA1 | 7917d0c3d29c549ca9993187d4161cd9b1302585 |
| SHA256 | 1448fa49ba79b57f6381b21b450937882f3508b3d7c906a1c80f476b7fb8bea4 |
| SHA512 | cc44b3c7a9322e1314fbbb034e7d57fd557dc675eb8dbf9fbe7c9ceff4760bf6f9fa2bf05102d80f13680b9cda8b3f84db32b89a0970c7115081cb5fc0c8dede |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 86af88128787f860e44cb22a271ea6a9 |
| SHA1 | db25f27055674fc2b31e7dfe374618228c35ef88 |
| SHA256 | a7edb11e43e71e64db9f6970243cef6e2f0e32ffecc09833bd02a4a79d17e20a |
| SHA512 | 3835bd0345a69f68b2cec7eb7516a7564f1ccc5153039e8ba371f3feeb374eecb234e053241fe46636346551032c50a4ce08c1df6315244cc436b68fb8456ace |
memory/3548-95-0x00007FFDF1713000-0x00007FFDF1715000-memory.dmp
memory/3548-96-0x000001AE92BE0000-0x000001AE92C18000-memory.dmp
memory/3548-97-0x00007FFDF1710000-0x00007FFDF21D2000-memory.dmp
memory/3548-98-0x000001AEAE4E0000-0x000001AEAE52A000-memory.dmp
memory/3548-99-0x00007FFDF1710000-0x00007FFDF21D2000-memory.dmp
memory/3548-100-0x000001AEAE490000-0x000001AEAE49E000-memory.dmp
memory/3548-101-0x000001AEAE530000-0x000001AEAE568000-memory.dmp
memory/3548-106-0x000001AEAE4C0000-0x000001AEAE4C8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_gncqsht0.mxf.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/3548-115-0x000001AEAE890000-0x000001AEAE8B2000-memory.dmp
memory/3548-116-0x000001AEAE790000-0x000001AEAE798000-memory.dmp
memory/3548-117-0x000001AEAE7A0000-0x000001AEAE7A8000-memory.dmp
memory/3548-119-0x000001AEAE9D0000-0x000001AEAE9F6000-memory.dmp
memory/3548-118-0x000001AEAD3C0000-0x000001AEAD3C8000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9f1b2d2cd5c410be3bf6515ccf92df75 |
| SHA1 | 874777618ff5df92d5cfb5dd9becb03706ba9cb6 |
| SHA256 | 946a186046ae0f55817f070577ccafd2341b70912b48f949a886e5a2ad68c3d1 |
| SHA512 | 142fdbadab8a34138a5bcabba8a81fb23cad0fc87baa0299d64d489b6344bd0c5efa9ab02e6a9d40d890901122f840347f274fd96d5bc1f069335eb56c20ee02 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 7fcd3f952c407b15bb4a265f3f44607d |
| SHA1 | bdf78cd30136a743742e8c3b3f9e611448884159 |
| SHA256 | 7bb3be809fcc329f026154a23ed1c46894e3ce0908c08c1f812a049a840ebd9f |
| SHA512 | 6e9e33a4b7e96cd4009ee06da516dab2f220b44abd77aa694b87258ac7f90fcbe27321af3e15ced5e961a59f76474c9ce5a3e2833cf90713d83c16257e3c0b0f |
memory/3548-136-0x00007FFDF1713000-0x00007FFDF1715000-memory.dmp
memory/3548-137-0x00007FFDF1710000-0x00007FFDF21D2000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 60d2aa2ac3740e9daa6099bb0f91df2d |
| SHA1 | a41e5278e71a5221556f4868cbe82c7884094ba1 |
| SHA256 | 29e2035185c78f8a0ca51c62431a7f642b1ef4865d114ba11dd5774d31a35c8c |
| SHA512 | 27b1a649ad6b3348434cd5936466dd3d9243b4c7f7b4fff3147ed2b22dd6c7806974ae0bd19560a022ea6e2af715916ccff2d2a20099ca60c023f56f17359bf3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c69231974fd1631ef743a48a26bf0dab |
| SHA1 | c372659ae91acec1d1734d0dddbce6766a732d89 |
| SHA256 | a317b6a9a2e51ab09e3e8e86322e58c36cf9a7729bfe2e4a6854477a1f48c110 |
| SHA512 | c31872ad68e68ccaab27df0e4e55130a55581a4acfd3949d8fd78522e22e628976db297a6fa4683ddf4d282273ea145c7380cb8e5ef9a5a16d3c5f3e6146d457 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3a0016f18ef747a9c490b9aeb5a5b61c |
| SHA1 | 4544d58819f1bcb20ddf98874fbc78dc2d5e23c1 |
| SHA256 | 928a158f819f66d8856a3fb07b09fa88642e01ed16cb600cde32617fa2015971 |
| SHA512 | bdbb825f402aae59aaefa580d4640ff2446ae67e6fba0094da2e4b1593948c11e9e178828c66e59d08248ba1063b2221cc28dd5a9c33167198fae160269b2788 |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
| MD5 | b5ad5caaaee00cb8cf445427975ae66c |
| SHA1 | dcde6527290a326e048f9c3a85280d3fa71e1e22 |
| SHA256 | b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8 |
| SHA512 | 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
| MD5 | d222b77a61527f2c177b0869e7babc24 |
| SHA1 | 3f23acb984307a4aeba41ebbb70439c97ad1f268 |
| SHA256 | 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747 |
| SHA512 | d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c0d4f4b87e8cdaceb65cca942199107e |
| SHA1 | c700fb3eec5bc72b6dd5b650d8a4d468cde20aa0 |
| SHA256 | af734d070deb948800740fc4ad10b962a23d4f27f58b5b710d345a9c7ca882ea |
| SHA512 | 358e2040ef81f31f023a457bc4f7953967c0ab104b9cd808ab486170e59a05dbf18a5d4a601fdb675524c8ab3ec89afa95cc55c2e151ec84e6a38e3679d6db17 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.exc
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a2b8d50cf1cb00925e68b787c60b018a |
| SHA1 | fab3f9acfae5c7dbff566795c7c31f84a05a4aff |
| SHA256 | d1951dbb28e4bb8c51e3c0af400649502ffe0b4beeb9406943a2889e0dcd0b42 |
| SHA512 | 2561649c97c9ec69a13dc0808c8f68b656a975cb76eea3e593e08d0dd0d4ebd1e3e349ee8d879d73bbd254fa43b46ccb810b214fd5d9a5a3952514e0ddaa675d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c0d1bd529252efdad6f862bcbacaaa70 |
| SHA1 | f7efaff2deb5c6978dfadbc21f0df784088b1063 |
| SHA256 | b722fbf67f8bf97d4b9df9afe975a14bcf2708d52832607b91ab039979e33af0 |
| SHA512 | 21175b570b191dc93a3c26b7c4e0289f0ec6a80c4efbdf8e637f2b5e68a638c6fa7506b0ff0d9518dcbda5717f86e5ea1915c7f8f8bc1fe7f0bd9ac9c2560c6c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b5ac7748db592157a2e78f2b9012a45b |
| SHA1 | a452be6aacbac657b6fea3199c3b3fc70c7e81d1 |
| SHA256 | fe7e9326894c9f882fa7ef8d966d7490dee81133eb1ecca1f719a911fabc89a2 |
| SHA512 | 19b85f99ba799c60cfdbc9bc0e0cdfc895f91cf33341404231f1b91bd9a6aae1066deed72a3bb4a92a8596af612f7a6eab074022d7f2954c2f561a385582c9d3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e911c7937cd5db457a60c4adf90e21ad |
| SHA1 | f67a3b7bcf11a9fea1da28190d0db53e68944c33 |
| SHA256 | d8db2c84ecb9d980c5d0dd8e79ae22c4350de1dd0bef07738aae8c2e38ae75a4 |
| SHA512 | aa0399ec73fe2fba3ca128d5e38f5b2fb024e04cc22819a6adea0ce4619b93882ba4587c790e00221b6760cbaebc171c7ad49b28920aa4d667f47f4e03d100d4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 94431cb5c56d4118cf050ba23a16f0eb |
| SHA1 | 7f3eea50941b52adcab19ad4658ae8d0395bda4c |
| SHA256 | 2710cce4404926a682bdf4e2f6f0611280faf674fa30df1084a84cfe64feed79 |
| SHA512 | e206925aece3057113e17a60ee1b74661f3b5ad795f6faa6eb8a74b69b4a0293551fa8678643e15577ab005af2edc2a07cfc514663a307764eac178d26d9818b |
memory/3548-302-0x000001AEADC00000-0x000001AEADC12000-memory.dmp
memory/3548-303-0x000001AEADC60000-0x000001AEADC9C000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9e4a0baf93b34fd7ef925bcead37ceea |
| SHA1 | 6bdae1aa8704b83a92c62a35866ff8a9088a01ec |
| SHA256 | fa8b861f7f47f003c50a678d9bb99837e8a062d1f8c67b490d9846f65c95be5b |
| SHA512 | 62c98a89980afaa9f9013b0e930317a595c0ff123da3dff634721f00de644510412383784467ad6dff7e62c842d4ba6ca389eb446187b8574da184529370135c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 398b5368400142f67dca89df02d27d85 |
| SHA1 | e475241c0814bce1b1606daf3e1b439dee423959 |
| SHA256 | 3bcc87e2273d9cbcdeeeae3df8694ed20cecbbc810cc88cd0867d425b672d685 |
| SHA512 | 5b49bc32dc2200db4a80c4b0cbcd883640a28a971e36e105892116750e15840fdbadfc7e243fa456f8359c6653d4ee6ee1bdac9a84011436f1ffb6531406609f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 904b7a97fb0d1eff3fa0c11205bc55ac |
| SHA1 | 8356ab7a0fbcec078899086fc5931bd21f44ed85 |
| SHA256 | 6c7777bdd3b64879ee00ef99ab78f6194a77f04287f3464030b8b8417af8e19d |
| SHA512 | ef0cefdd23806f5e66ce4b252d2c6eac19b25b71299fef077f06b27119268035fe429305d728a91f2486a9a74677882fff83b2e6f202027d88cfe6f4da197726 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2c52b5b856fc3ff6296197bb179440c9 |
| SHA1 | 8928190f2e56ad2bd78d304206a2e0296198aa35 |
| SHA256 | dfb182893c2391093fb1a65edbd748b32617c9586e2b1fe743e07dd5f801d5fd |
| SHA512 | d000b20cc82aa0dc06a8fe9a80f7d870fafc64dca6560ef4ba0a9d345495d32cd090b088d693374e20e6368913de67038b89811b383699f5edd07f6548637ec0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5bc41e11ef65db36802f1ee772019548 |
| SHA1 | 6056c8e4f3cca413640523980713b5d06667e308 |
| SHA256 | d0b41416036b8e08c0cb122738013b6856f2c5fe78ee8eafcde5f232efa5b9dd |
| SHA512 | 5d0a1b03ea84426a47378a7a17a9427c1ac31a8f219c1d0ad79456d72fa84482858db53ddaef2787600d0ba5882c7b380c9163dd8c5f990388bee2004fb890a1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 019315e8cc9477e3834e2a1c8d6cc567 |
| SHA1 | fef4658904f0b2056bc990db88278bcd49ffb464 |
| SHA256 | daa1d02cdd01092c03f632085b5b0832626c506f5629a6a4cc35fbf198df6d6f |
| SHA512 | 4689410aec45c6833e52b360713c8be95a272f5b70cd18748acd81d972d9ac38825c8f618a90e7c36b14e1090b0feb62ce220b9143fd4ec33da6f180dfae8d3a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 21d7f3991df66db8e8e7cc1b3d314ec7 |
| SHA1 | dfff8574df75ed557c9a69360b4ec5ed9d8aeffe |
| SHA256 | ba494ddf5131b62df0fb40664515c7644509f1ac49ad5f0ed6530565c5f44bba |
| SHA512 | 414ee07e4d639e99b58111355bcd051f8acb9677e3f9a002069b3752698ca6a8e2bdbf939c590578aa683f0598c0c9e09cc4e2631a0c992d44d4b00fedb4f7ff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5b09a72a645087141483f592bc0bccf5 |
| SHA1 | fdffd85880b80bc60c0478a686ed1c29791958c8 |
| SHA256 | 30ccfe4e7cbc2f0be888873ecc3e8bf2b13ea694b4f74604b21a613403eca994 |
| SHA512 | 1471d621aaea291c4b1ed6438fcebeb7b3b1d76f4385697aeeb8047f7b47edaacb260715e0961a4c0122fb6d46ec1bf4c5a63bfbd4ee66823f9def4889827aa0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7b4889ad5558244ef588ef0d45846fe5 |
| SHA1 | eab5706c9d052f29465d72c9270fca96913a6ee7 |
| SHA256 | 1054314c4ce88cb802489a5ec21ace196f32b7cc4697454b0542e05206c77a33 |
| SHA512 | 81d9169daac30724df2cd824d397a8a94f169df0030cd9c77a9eedfb51cd4cd30eaff2c00946d999c3d47c33cbc2cdccb096c945caeb91cceeb2b86b0ca9c407 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 63bdb30d6cdecde1544813517f3159ce |
| SHA1 | 68db7ff626ce115dfc9ebc38418e9a2c5e6a81f0 |
| SHA256 | ba062761c7e3053ec13c5acb9ee023788609e2fee2b498698489cccdf461cad7 |
| SHA512 | 1a54c283a10667906d4a89d2a01b8581e16cb055dd29dc2d4b9a4fb79baf5e075adc000ef1ba5414121333f2552f68f54a34fc49375afcc57ac749d51b636230 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4434628c86c9329d72526b5388d87d28 |
| SHA1 | 2a57933946c1b583f853756312c448999f669fe2 |
| SHA256 | 30690ed4c99fcf03f6797d6e2ab3737a01e321bbb4bd0e85214c46528f90cbc5 |
| SHA512 | 20c6647574d5cbb3e99ed498eb5c2de3f7b87c302d8551d1fb680539dbf18fe7e404e6173ec87e2068bea3b9a212506524e71193f1e20b10b2eabb6dabbe9229 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4eec91babd03d7f0dfe5c08974c0a646 |
| SHA1 | 6589153fdd95fd169bd2eaf7ccc4de824890ca08 |
| SHA256 | a135f977f4bd279e5645a92baa985007280a4e7ee037f1d00bb3a3933994913e |
| SHA512 | 46c04ae270fe88b7fdc0be8c2ca34197c13b821188348ab03db79bcc47e530ae652f68a6f7c80b66252746f72598e46ba521860a443bb07131dc1ae589bea615 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 57fd6db5bc29c27928942675825778f8 |
| SHA1 | db9b26e5f7dec733e9cf7eeb2ebd3c6cbe8804c2 |
| SHA256 | c0eae490db1db388404396a5e9925c4980cd767f39ecc543477e731472555396 |
| SHA512 | 42bf3f667794e0009bce93aa10d4c70b679ad71cd9c7705ce5304e767bd10f5cb12172de4387d689bf038f8cf449f3149b100dcf5b5f5fed70294eb98cff6c3f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6407dbc42c134466cef3a217144ab51f |
| SHA1 | dfea6a5e9c209cf15be962aeab1fc8ed21fad38e |
| SHA256 | 1f56c157390d20cb2769bf5e8f3f3c8edcf7d6fa6a7bcb6c0e2a5e44d6e67964 |
| SHA512 | f994100d0b7870117d725f1079b0db5756f2d712a65443d601e1a2f4127ed2199214e3f3b626542e942a3b3a79555f8e9c84112b97018d686de638011fff9d77 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 09e8614bd872f731f367dd7cb1b90b40 |
| SHA1 | 1928bbf4de8b677d51c661b2dfc19efc31643d1f |
| SHA256 | ca29ac953a3f7d6ca198f779b1bf27937e92fd41af030c42b1b0c0f0c7ef7984 |
| SHA512 | f19511bb73de711b0a3500321104ff14bc47a570f3373df347ecfd5de23960f4666f299b5af300518b8e1086716ff53d44ad0226aa31426c56039524f8dbc350 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 3063ca84b506e9b96e3f8ddeefaa8d5c |
| SHA1 | fb8a93cd89b407b5947f600140582a44fd25356b |
| SHA256 | 86bc41c3c0015646e8de0044a4fbc9cc4c39f5a001a846ebfd2a3ad0072b1cb6 |
| SHA512 | 5a19e957eab47fd92f35a5f74029b33b6b34561f45e8d4b7d562b75c4f31f85a344f49b84c27cbbb62426cef128380503419da8527f628f7231287093ffcde10 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 023acf9ed4ce9a3a0637d328cfa2b5d1 |
| SHA1 | 719da8b77d9d25c4e69a80d03394c2e8eb9f7d61 |
| SHA256 | e39b6babd26cdc90c5f80fac3d43c2a7ad6f20d81b6843f7ed1389cbecefdd19 |
| SHA512 | 9121f4cb6bfc07817518beb5ed0cf9eb2c743cccb35bb54297e2b0d823eb5ea92712202f3106e4603ebe3bdbac4d6e7c5a3a8324484439e84bce058a5bc2cbdc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 08789a336e99a353c61353b2dba61ad9 |
| SHA1 | 24e8df16ebc89f6dfd7d57530e087b8f3fe91744 |
| SHA256 | caad8a9c15ecb0b4cd797363983725e41057300605786312d543e3cba73fa438 |
| SHA512 | 04795ff549f63393098aa8d069a1ed20fec91d35ceea5fa0e6a39d58500457d2e772db762818e4e706a4ad23078d1b2e84e1334de92cc097e00a01b25c35ae5f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e645393402c89008f6c81eb53ab9609e |
| SHA1 | 7f6cc2477a0c1a0d6f9c1f7bc13d1f1e2f05fbb8 |
| SHA256 | 4b0a870db54edcbee15da5f09eb9570be47eab12399cee7bf44482c693c28521 |
| SHA512 | b71d49b536dff4ccd226dfe1d192b878c318c6ffb01b9e464d730b01a761b42b3c0fcd48c563982893e2066eaeb340755347d91b0d2652dc495c72c31b48f206 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | fb8307239d9382794c2d9f41f6b4d146 |
| SHA1 | 756d91ec2618093d8c025baf259e6bbde0d9675d |
| SHA256 | 621612dffc3ac73829ac95c6f7cc074c20ab534dce1ff9fa8127d9059cf08065 |
| SHA512 | abb0f3ccde906fa7091847463e76080b1b7a50425b9c56d07c6194fc8e13face4606c155cd2029dcc8f1913ca20ce453ff248b88fdf39d5781088886cda8f3be |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | 63d29c93fc9322cf1d588839eff603f8 |
| SHA1 | a6d324fc36dcffbb384248821a3e85871db6ff65 |
| SHA256 | 65db03a6d2f9b4daaa283aea1b81a55ea267d6532fab18fe69470f9046fcc003 |
| SHA512 | 81e93d155c0d57accfbb443749701a8fb0c8c34cae75c3568af21e07fa2abbd2bf491f9e293ecd94960ddeec874fa3add943cb62e40821922c221b6f69cf036d |
C:\Users\Admin\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\3548.xml
| MD5 | 2df3a26141808fb6111bff8572492af8 |
| SHA1 | 74b49bf47a30269b5443eeeca0431d75177cf8ef |
| SHA256 | df3d3a0c51dc7b23d49e25018ab47df5532c8c0759f202dff2eb4db882f23b40 |
| SHA512 | bdf8363cae7e98714e5208f12d1582e316122507a962ff832ba6a59e33a9138687d267c78c26f4c097fd815683623ada0e736fe4703bed7fe57273c8b63c629c |
C:\Users\Admin\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\3548.xml~RFe5c1506.TMP
| MD5 | e0307335305ef9c30e2bd1107acdf287 |
| SHA1 | 10edcb717509bff94a6e7eb85a39bcb3c8dcea18 |
| SHA256 | a35af3a7a766f5ceb0a550baea39d2f383b4776be606df13e087bb2c7ae8d23e |
| SHA512 | 10e918b73900c1cdc1179f57a0155aec31be6fdf8e6bf30658d6a1b5d01ed0ea2c69115415f00dce1a150816e90d764a3d7d6120d29e535ebb95229c24fda260 |
memory/3548-637-0x00007FFDF1710000-0x00007FFDF21D2000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
| MD5 | 5ae39bd90c74ff0891e264b26ba2b5a1 |
| SHA1 | a5f2aeb1ccd089de66850fb5275732ae6c2da82f |
| SHA256 | 1725b5722f6ced3f94ea8bd214e8d1ca7f7ce63400e301dc354513b6bc1ba6ca |
| SHA512 | 0382893609cbbd28d2d8c579d3a647dd94167a52db7c1589f7d2a1464ca06b16bd2bf10882c0e658978a602115c3b7a589d7cd8047293ab41adc4883c7a9087f |
C:\Users\Admin\Videos\windows.ps1
| MD5 | 02911560b0ab7585e9e0a15c8a933e42 |
| SHA1 | 27a2dd8e26d79d1de118a4730dc3328a7a4c57fb |
| SHA256 | 628492f8d036fc32f355cbd8cfed732e22401a3842d01b57aeb6f7221a388f89 |
| SHA512 | 53a698e80a79b5f07a3b42679eb341d608a9d88066a87c2533ba9ee9008caa9bdcb11502b8b230e0474bda3984fa05cd21906042997ace67df7996e2003b2b5e |
memory/1900-651-0x000002912E220000-0x000002912E232000-memory.dmp
memory/1900-652-0x000002912E210000-0x000002912E21A000-memory.dmp
C:\Users\Admin\Videos\xmrig\xmrig-6.21.3\xmrig.exe
| MD5 | c0f8959614ae06561216158d78a787e5 |
| SHA1 | 73167d1fd0cee1c96a6505606d21cbfe4369eb00 |
| SHA256 | e199d88569fb54346d5fa20ee7b59b2ea6f16f4ecca3ea1e1c937b11aab7b2b0 |
| SHA512 | a24fcf344d08c64ac301d5e4979f062b5e28e8e4acf1d2790916149ffe7726b0c4a11e0775aeba6b841d2d5081e1bd13e2b80390bf9bfbc44d67e54ec07cd746 |
memory/1476-679-0x000001F22C230000-0x000001F22C250000-memory.dmp
memory/1900-680-0x000002912E690000-0x000002912E79A000-memory.dmp