Malware Analysis Report

2024-10-16 05:31

Sample ID 240712-pfyx6avfqf
Target https://github.com/Lachine1/xmrig-scripts/raw/main/linux.sh
Tags
xmrig execution miner
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://github.com/Lachine1/xmrig-scripts/raw/main/linux.sh was found to be: Known bad.

Malicious Activity Summary

xmrig execution miner

xmrig

XMRig Miner payload

Blocklisted process makes network request

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Drops file in System32 directory

Drops file in Windows directory

Command and Scripting Interpreter: PowerShell

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

NTFS ADS

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious behavior: LoadsDriver

Modifies registry class

Suspicious use of WriteProcessMemory

Modifies data under HKEY_USERS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-12 12:16

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-12 12:16

Reported

2024-07-12 12:47

Platform

win11-20240709-en

Max time kernel

1800s

Max time network

1801s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Lachine1/xmrig-scripts/raw/main/linux.sh

Signatures

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Videos\xmrig\xmrig-6.21.3\xmrig.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133652602411819235" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \Registry\User\S-1-5-21-95457810-830748662-4054918673-1000_Classes\NotificationData C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\GroupByKey:PID = "0" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 3a002e80aba36ff8d270c74f9c99fcbf05467f3a260001002600efbe11000000eff29cd118d2da0129a9d7d218d2da01f81d850619d2da0114000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\Mode = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\FFlags = "1092616257" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\FFlags = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\GroupView = "0" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\IconSize = "96" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000050000001800000030f125b7ef471a10a5f102608c9eebac0a000000a0000000b474dbf787420341afbaf1b13dcd75cf64000000a000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000900444648b4cd1118b70080036b11a030300000078000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Videos" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\LogicalViewMode = "3" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\GroupByDirection = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "2" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-95457810-830748662-4054918673-1000\{88D7A32C-E820-44AF-BF3C-5F917808AB12} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell C:\Program Files\Google\Chrome\Application\chrome.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Local\Temp\5d03095d-b35d-4a3d-8928-be38d85929fa.tmp:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Videos\xmrig\xmrig-6.21.3\xmrig.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4900 wrote to memory of 408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 4268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 2808 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 2356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 2356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 2356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 2356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 2356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 2356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 2356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 2356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 2356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 2356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 2356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 2356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 2356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 2356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 2356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 2356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 2356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 2356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 2356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 2356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 2356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 2356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 2356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 2356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 2356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 2356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 2356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 2356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 2356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4900 wrote to memory of 2356 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Lachine1/xmrig-scripts/raw/main/linux.sh

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe075fcc40,0x7ffe075fcc4c,0x7ffe075fcc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1768,i,4924427362135946409,8395404510710546486,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1764 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1988,i,4924427362135946409,8395404510710546486,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2064 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,4924427362135946409,8395404510710546486,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2476 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,4924427362135946409,8395404510710546486,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3132 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3104,i,4924427362135946409,8395404510710546486,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3284 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4372,i,4924427362135946409,8395404510710546486,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4104 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4360,i,4924427362135946409,8395404510710546486,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4352 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4776,i,4924427362135946409,8395404510710546486,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4736 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4804,i,4924427362135946409,8395404510710546486,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4812 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe" "C:\Users\Admin\Videos\windows.ps1"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=984,i,4924427362135946409,8395404510710546486,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4660 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4876,i,4924427362135946409,8395404510710546486,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2704 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5300,i,4924427362135946409,8395404510710546486,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5312 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5332,i,4924427362135946409,8395404510710546486,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5460 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5208,i,4924427362135946409,8395404510710546486,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5540 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3516,i,4924427362135946409,8395404510710546486,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5748 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5292,i,4924427362135946409,8395404510710546486,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4420 /prefetch:1

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "-Command" "if((Get-ExecutionPolicy ) -ne 'AllSigned') { Set-ExecutionPolicy -Scope Process Bypass }; & 'C:\Users\Admin\Videos\windows.ps1'"

C:\Users\Admin\Videos\xmrig\xmrig-6.21.3\xmrig.exe

"C:\Users\Admin\Videos\xmrig\xmrig-6.21.3\xmrig.exe" -o xmrpool.eu:3333 -u 88tYpqdgCC1da3kLmaVyZhEUndHhuTQH2d1wnA7uPKLHaA5Ri9tU8pmR7SMuhR7emSDLRYnjUkTouQDkU4jr8UFwJawxoxs --cpu-priority 8

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.109.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
GB 172.217.16.238:443 lens.google.com tcp
US 104.21.38.221:443 goo.su tcp
US 104.21.38.221:443 goo.su tcp
US 104.21.38.221:443 goo.su udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
RU 77.88.21.119:443 mc.yandex.com tcp
RU 95.163.52.67:443 top-fwz1.mail.ru tcp
RU 88.212.202.52:443 counter.yadro.ru tcp
GB 172.217.169.74:443 content-autofill.googleapis.com tcp
DE 151.236.71.248:443 st.top100.ru tcp
RU 81.19.89.18:443 kraken.rambler.ru tcp
RU 81.19.89.18:443 kraken.rambler.ru tcp
RU 95.163.52.89:443 privacy-cs.mail.ru tcp
US 8.8.8.8:53 18.89.19.81.in-addr.arpa udp
US 8.8.8.8:53 89.52.163.95.in-addr.arpa udp
RU 95.163.52.89:443 privacy-cs.mail.ru tcp
US 74.125.250.129:19302 stun3.l.google.com udp
US 74.125.250.129:19302 stun3.l.google.com udp
US 74.125.250.129:19302 stun3.l.google.com udp
US 104.21.38.221:443 goo.su udp
US 104.21.38.221:443 goo.su udp
GB 88.208.215.108:443 pastelink.net tcp
GB 88.208.215.108:443 pastelink.net tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
ID 103.145.227.179:443 pastelink.id tcp
ID 103.145.227.179:443 pastelink.id tcp
ID 103.145.227.179:443 pastelink.id tcp
US 216.239.34.36:443 region1.google-analytics.com udp
ID 103.145.227.179:443 pastelink.id udp
GB 79.127.237.132:443 fonts.bunny.net tcp
GB 79.127.237.132:443 fonts.bunny.net tcp
GB 172.217.169.74:443 content-autofill.googleapis.com tcp
GB 172.217.169.74:443 content-autofill.googleapis.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
DE 157.90.33.71:443 g0wow.net tcp
DE 157.90.33.71:443 g0wow.net tcp
US 216.239.34.36:443 region1.google-analytics.com udp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.133:443 objects.githubusercontent.com tcp
GB 51.89.217.80:3333 xmrpool.eu tcp

Files

\??\pipe\crashpad_4900_FLHGMQEDMCFYXHZW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 146cc469b74c521d69e38001c327167c
SHA1 495bbeef2f30ebb1a6d388e054dfb3050253a1d2
SHA256 480c32c1f28e55bdcd42d62530639147aa929c5de0013ea834de2cc0f79e539d
SHA512 194021d0fbac0402f6f71249e1965b8448d5cca136c015a21ea726c2a7cebf2876b0bf4f7e8355fb441cd87bde984c89792fa32ea03a403f12df8522934070bf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2f85d06a5b58d18548526d7d9dbf0a96
SHA1 0802230f92917f06f2cc78ac20186e4f2c02b42e
SHA256 60d5e0da0e18c3c3ec0b051d618beea472a8dee9fee23864cb3a2aecb5c7f437
SHA512 2ad8d4cce59af00da34d9f19dade4eee2a5992e6a83578ed5099258ef6c1d7c2c035992f0d76a35a097cb587ad1255314b44717465eb63b71a51ebcb75b0e9bb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ff6663ce118233d56dac67340d0e470e
SHA1 94bcc1a25b898fba500e86bfde5081ca1f666dc0
SHA256 0097479d8a7845fb70d97e27c87be2e163e8e0762f4f57c517df0a3c566a1402
SHA512 06dd8418d0f5a17db323056ea648d72d14bba571916bf3361ad78eb1910288c6d63005cde2e4f76822a0b19a84d7d30839ddb768b5b262d6a0b5b04ad0a32b35

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b4cc41977c93b6b1d4d70a7ea7932579
SHA1 2ee9dfbf36dbe27a60dc95a3354494dc209681fb
SHA256 dcc3b2b163fb5c9d54b4b7ef07833abf4faa385dcea9daf8edb8fba5ea9b4968
SHA512 0246189dc1be5e20b6a72b629585b2dc7191bdec12e125edc954f85e7ca520500bdd29ec4bd0437e3a69158a3c10a307aef6c2b1faac7b8446d6360ec272a6c0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d8e06e686cc71f50b3f315cf77d5ea6c
SHA1 7dbc3595fb4e3f7a0bcbd4bd47b2a8f37c843e43
SHA256 0fc44ec2463143dcf97eb0724c49e35e6ed6af85e9148e3f6ddd257eb95f8781
SHA512 4997985c15af22fac6c7e50fdb1df6a473d92a5292b73463aeb9b29beb33d41142cf5ccac4a72e2af9f491c6d8aead4728e7a09914f7fd5b242227ab6355619b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 de89c5cecde0fb3bd67e711ee9561f22
SHA1 ce4ee2ae7b542cced1bf5e2e2f0d35ec7a281b37
SHA256 6e7bcf5f52acbb829007dcefdcda5cf8cc25b2fbfa944e2b4483826eb2072e33
SHA512 cc52c8a3f957a7362b45e5dd123f0bbeed4ee1d01d69245eaa4a292ab1a009e9dbd369adc908064cfcf435afa8a0707d7ade7072daa06c2735f7d009a195784c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 90b2013707babab672a64fa17716d2da
SHA1 dfa133be9affc5213806fc7d4232ff0e6e8ffe1b
SHA256 2188ed6a7fffc13f806b54adaa36340bc0564344dc4845fc127f0b671922bdce
SHA512 508558d0f3eb3c4f778f20bd750d3c4d773ab1aacc07fd6ce9752472a2bcc6714510f663509b10ac271bc0d688ff08df13cca915f8c09e194a58272ca90b685c

C:\Users\Admin\AppData\Local\Temp\5d03095d-b35d-4a3d-8928-be38d85929fa.tmp:Zone.Identifier

MD5 443ea2dadbdd404834e85371bfe17999
SHA1 d9064a33597994d405d7ccb8126c12782bce886a
SHA256 6ed512da301d5e8373213540c799352231484de9320f21964f65dd1ee025d19f
SHA512 0dd46f19ff2fb69a9637ac9d0f26eaa5d730a491aa518770c9f289f39d397fb0f2525afc646644241ddbe9e9886325f2ad4ca0ab49183d79a2c80a82ad8eb11d

C:\Users\Admin\AppData\Local\Temp\5d03095d-b35d-4a3d-8928-be38d85929fa.tmp

MD5 38181352d7fdf3fbbecc10ddfcfaddde
SHA1 7917d0c3d29c549ca9993187d4161cd9b1302585
SHA256 1448fa49ba79b57f6381b21b450937882f3508b3d7c906a1c80f476b7fb8bea4
SHA512 cc44b3c7a9322e1314fbbb034e7d57fd557dc675eb8dbf9fbe7c9ceff4760bf6f9fa2bf05102d80f13680b9cda8b3f84db32b89a0970c7115081cb5fc0c8dede

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 86af88128787f860e44cb22a271ea6a9
SHA1 db25f27055674fc2b31e7dfe374618228c35ef88
SHA256 a7edb11e43e71e64db9f6970243cef6e2f0e32ffecc09833bd02a4a79d17e20a
SHA512 3835bd0345a69f68b2cec7eb7516a7564f1ccc5153039e8ba371f3feeb374eecb234e053241fe46636346551032c50a4ce08c1df6315244cc436b68fb8456ace

memory/3548-95-0x00007FFDF1713000-0x00007FFDF1715000-memory.dmp

memory/3548-96-0x000001AE92BE0000-0x000001AE92C18000-memory.dmp

memory/3548-97-0x00007FFDF1710000-0x00007FFDF21D2000-memory.dmp

memory/3548-98-0x000001AEAE4E0000-0x000001AEAE52A000-memory.dmp

memory/3548-99-0x00007FFDF1710000-0x00007FFDF21D2000-memory.dmp

memory/3548-100-0x000001AEAE490000-0x000001AEAE49E000-memory.dmp

memory/3548-101-0x000001AEAE530000-0x000001AEAE568000-memory.dmp

memory/3548-106-0x000001AEAE4C0000-0x000001AEAE4C8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_gncqsht0.mxf.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/3548-115-0x000001AEAE890000-0x000001AEAE8B2000-memory.dmp

memory/3548-116-0x000001AEAE790000-0x000001AEAE798000-memory.dmp

memory/3548-117-0x000001AEAE7A0000-0x000001AEAE7A8000-memory.dmp

memory/3548-119-0x000001AEAE9D0000-0x000001AEAE9F6000-memory.dmp

memory/3548-118-0x000001AEAD3C0000-0x000001AEAD3C8000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9f1b2d2cd5c410be3bf6515ccf92df75
SHA1 874777618ff5df92d5cfb5dd9becb03706ba9cb6
SHA256 946a186046ae0f55817f070577ccafd2341b70912b48f949a886e5a2ad68c3d1
SHA512 142fdbadab8a34138a5bcabba8a81fb23cad0fc87baa0299d64d489b6344bd0c5efa9ab02e6a9d40d890901122f840347f274fd96d5bc1f069335eb56c20ee02

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 7fcd3f952c407b15bb4a265f3f44607d
SHA1 bdf78cd30136a743742e8c3b3f9e611448884159
SHA256 7bb3be809fcc329f026154a23ed1c46894e3ce0908c08c1f812a049a840ebd9f
SHA512 6e9e33a4b7e96cd4009ee06da516dab2f220b44abd77aa694b87258ac7f90fcbe27321af3e15ced5e961a59f76474c9ce5a3e2833cf90713d83c16257e3c0b0f

memory/3548-136-0x00007FFDF1713000-0x00007FFDF1715000-memory.dmp

memory/3548-137-0x00007FFDF1710000-0x00007FFDF21D2000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 60d2aa2ac3740e9daa6099bb0f91df2d
SHA1 a41e5278e71a5221556f4868cbe82c7884094ba1
SHA256 29e2035185c78f8a0ca51c62431a7f642b1ef4865d114ba11dd5774d31a35c8c
SHA512 27b1a649ad6b3348434cd5936466dd3d9243b4c7f7b4fff3147ed2b22dd6c7806974ae0bd19560a022ea6e2af715916ccff2d2a20099ca60c023f56f17359bf3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c69231974fd1631ef743a48a26bf0dab
SHA1 c372659ae91acec1d1734d0dddbce6766a732d89
SHA256 a317b6a9a2e51ab09e3e8e86322e58c36cf9a7729bfe2e4a6854477a1f48c110
SHA512 c31872ad68e68ccaab27df0e4e55130a55581a4acfd3949d8fd78522e22e628976db297a6fa4683ddf4d282273ea145c7380cb8e5ef9a5a16d3c5f3e6146d457

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3a0016f18ef747a9c490b9aeb5a5b61c
SHA1 4544d58819f1bcb20ddf98874fbc78dc2d5e23c1
SHA256 928a158f819f66d8856a3fb07b09fa88642e01ed16cb600cde32617fa2015971
SHA512 bdbb825f402aae59aaefa580d4640ff2446ae67e6fba0094da2e4b1593948c11e9e178828c66e59d08248ba1063b2221cc28dd5a9c33167198fae160269b2788

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 b5ad5caaaee00cb8cf445427975ae66c
SHA1 dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256 b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA512 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 d222b77a61527f2c177b0869e7babc24
SHA1 3f23acb984307a4aeba41ebbb70439c97ad1f268
SHA256 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512 d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c0d4f4b87e8cdaceb65cca942199107e
SHA1 c700fb3eec5bc72b6dd5b650d8a4d468cde20aa0
SHA256 af734d070deb948800740fc4ad10b962a23d4f27f58b5b710d345a9c7ca882ea
SHA512 358e2040ef81f31f023a457bc4f7953967c0ab104b9cd808ab486170e59a05dbf18a5d4a601fdb675524c8ab3ec89afa95cc55c2e151ec84e6a38e3679d6db17

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.exc

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a2b8d50cf1cb00925e68b787c60b018a
SHA1 fab3f9acfae5c7dbff566795c7c31f84a05a4aff
SHA256 d1951dbb28e4bb8c51e3c0af400649502ffe0b4beeb9406943a2889e0dcd0b42
SHA512 2561649c97c9ec69a13dc0808c8f68b656a975cb76eea3e593e08d0dd0d4ebd1e3e349ee8d879d73bbd254fa43b46ccb810b214fd5d9a5a3952514e0ddaa675d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c0d1bd529252efdad6f862bcbacaaa70
SHA1 f7efaff2deb5c6978dfadbc21f0df784088b1063
SHA256 b722fbf67f8bf97d4b9df9afe975a14bcf2708d52832607b91ab039979e33af0
SHA512 21175b570b191dc93a3c26b7c4e0289f0ec6a80c4efbdf8e637f2b5e68a638c6fa7506b0ff0d9518dcbda5717f86e5ea1915c7f8f8bc1fe7f0bd9ac9c2560c6c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b5ac7748db592157a2e78f2b9012a45b
SHA1 a452be6aacbac657b6fea3199c3b3fc70c7e81d1
SHA256 fe7e9326894c9f882fa7ef8d966d7490dee81133eb1ecca1f719a911fabc89a2
SHA512 19b85f99ba799c60cfdbc9bc0e0cdfc895f91cf33341404231f1b91bd9a6aae1066deed72a3bb4a92a8596af612f7a6eab074022d7f2954c2f561a385582c9d3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e911c7937cd5db457a60c4adf90e21ad
SHA1 f67a3b7bcf11a9fea1da28190d0db53e68944c33
SHA256 d8db2c84ecb9d980c5d0dd8e79ae22c4350de1dd0bef07738aae8c2e38ae75a4
SHA512 aa0399ec73fe2fba3ca128d5e38f5b2fb024e04cc22819a6adea0ce4619b93882ba4587c790e00221b6760cbaebc171c7ad49b28920aa4d667f47f4e03d100d4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 94431cb5c56d4118cf050ba23a16f0eb
SHA1 7f3eea50941b52adcab19ad4658ae8d0395bda4c
SHA256 2710cce4404926a682bdf4e2f6f0611280faf674fa30df1084a84cfe64feed79
SHA512 e206925aece3057113e17a60ee1b74661f3b5ad795f6faa6eb8a74b69b4a0293551fa8678643e15577ab005af2edc2a07cfc514663a307764eac178d26d9818b

memory/3548-302-0x000001AEADC00000-0x000001AEADC12000-memory.dmp

memory/3548-303-0x000001AEADC60000-0x000001AEADC9C000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9e4a0baf93b34fd7ef925bcead37ceea
SHA1 6bdae1aa8704b83a92c62a35866ff8a9088a01ec
SHA256 fa8b861f7f47f003c50a678d9bb99837e8a062d1f8c67b490d9846f65c95be5b
SHA512 62c98a89980afaa9f9013b0e930317a595c0ff123da3dff634721f00de644510412383784467ad6dff7e62c842d4ba6ca389eb446187b8574da184529370135c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 398b5368400142f67dca89df02d27d85
SHA1 e475241c0814bce1b1606daf3e1b439dee423959
SHA256 3bcc87e2273d9cbcdeeeae3df8694ed20cecbbc810cc88cd0867d425b672d685
SHA512 5b49bc32dc2200db4a80c4b0cbcd883640a28a971e36e105892116750e15840fdbadfc7e243fa456f8359c6653d4ee6ee1bdac9a84011436f1ffb6531406609f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 904b7a97fb0d1eff3fa0c11205bc55ac
SHA1 8356ab7a0fbcec078899086fc5931bd21f44ed85
SHA256 6c7777bdd3b64879ee00ef99ab78f6194a77f04287f3464030b8b8417af8e19d
SHA512 ef0cefdd23806f5e66ce4b252d2c6eac19b25b71299fef077f06b27119268035fe429305d728a91f2486a9a74677882fff83b2e6f202027d88cfe6f4da197726

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2c52b5b856fc3ff6296197bb179440c9
SHA1 8928190f2e56ad2bd78d304206a2e0296198aa35
SHA256 dfb182893c2391093fb1a65edbd748b32617c9586e2b1fe743e07dd5f801d5fd
SHA512 d000b20cc82aa0dc06a8fe9a80f7d870fafc64dca6560ef4ba0a9d345495d32cd090b088d693374e20e6368913de67038b89811b383699f5edd07f6548637ec0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5bc41e11ef65db36802f1ee772019548
SHA1 6056c8e4f3cca413640523980713b5d06667e308
SHA256 d0b41416036b8e08c0cb122738013b6856f2c5fe78ee8eafcde5f232efa5b9dd
SHA512 5d0a1b03ea84426a47378a7a17a9427c1ac31a8f219c1d0ad79456d72fa84482858db53ddaef2787600d0ba5882c7b380c9163dd8c5f990388bee2004fb890a1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 019315e8cc9477e3834e2a1c8d6cc567
SHA1 fef4658904f0b2056bc990db88278bcd49ffb464
SHA256 daa1d02cdd01092c03f632085b5b0832626c506f5629a6a4cc35fbf198df6d6f
SHA512 4689410aec45c6833e52b360713c8be95a272f5b70cd18748acd81d972d9ac38825c8f618a90e7c36b14e1090b0feb62ce220b9143fd4ec33da6f180dfae8d3a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 21d7f3991df66db8e8e7cc1b3d314ec7
SHA1 dfff8574df75ed557c9a69360b4ec5ed9d8aeffe
SHA256 ba494ddf5131b62df0fb40664515c7644509f1ac49ad5f0ed6530565c5f44bba
SHA512 414ee07e4d639e99b58111355bcd051f8acb9677e3f9a002069b3752698ca6a8e2bdbf939c590578aa683f0598c0c9e09cc4e2631a0c992d44d4b00fedb4f7ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5b09a72a645087141483f592bc0bccf5
SHA1 fdffd85880b80bc60c0478a686ed1c29791958c8
SHA256 30ccfe4e7cbc2f0be888873ecc3e8bf2b13ea694b4f74604b21a613403eca994
SHA512 1471d621aaea291c4b1ed6438fcebeb7b3b1d76f4385697aeeb8047f7b47edaacb260715e0961a4c0122fb6d46ec1bf4c5a63bfbd4ee66823f9def4889827aa0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7b4889ad5558244ef588ef0d45846fe5
SHA1 eab5706c9d052f29465d72c9270fca96913a6ee7
SHA256 1054314c4ce88cb802489a5ec21ace196f32b7cc4697454b0542e05206c77a33
SHA512 81d9169daac30724df2cd824d397a8a94f169df0030cd9c77a9eedfb51cd4cd30eaff2c00946d999c3d47c33cbc2cdccb096c945caeb91cceeb2b86b0ca9c407

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 63bdb30d6cdecde1544813517f3159ce
SHA1 68db7ff626ce115dfc9ebc38418e9a2c5e6a81f0
SHA256 ba062761c7e3053ec13c5acb9ee023788609e2fee2b498698489cccdf461cad7
SHA512 1a54c283a10667906d4a89d2a01b8581e16cb055dd29dc2d4b9a4fb79baf5e075adc000ef1ba5414121333f2552f68f54a34fc49375afcc57ac749d51b636230

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4434628c86c9329d72526b5388d87d28
SHA1 2a57933946c1b583f853756312c448999f669fe2
SHA256 30690ed4c99fcf03f6797d6e2ab3737a01e321bbb4bd0e85214c46528f90cbc5
SHA512 20c6647574d5cbb3e99ed498eb5c2de3f7b87c302d8551d1fb680539dbf18fe7e404e6173ec87e2068bea3b9a212506524e71193f1e20b10b2eabb6dabbe9229

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4eec91babd03d7f0dfe5c08974c0a646
SHA1 6589153fdd95fd169bd2eaf7ccc4de824890ca08
SHA256 a135f977f4bd279e5645a92baa985007280a4e7ee037f1d00bb3a3933994913e
SHA512 46c04ae270fe88b7fdc0be8c2ca34197c13b821188348ab03db79bcc47e530ae652f68a6f7c80b66252746f72598e46ba521860a443bb07131dc1ae589bea615

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 57fd6db5bc29c27928942675825778f8
SHA1 db9b26e5f7dec733e9cf7eeb2ebd3c6cbe8804c2
SHA256 c0eae490db1db388404396a5e9925c4980cd767f39ecc543477e731472555396
SHA512 42bf3f667794e0009bce93aa10d4c70b679ad71cd9c7705ce5304e767bd10f5cb12172de4387d689bf038f8cf449f3149b100dcf5b5f5fed70294eb98cff6c3f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6407dbc42c134466cef3a217144ab51f
SHA1 dfea6a5e9c209cf15be962aeab1fc8ed21fad38e
SHA256 1f56c157390d20cb2769bf5e8f3f3c8edcf7d6fa6a7bcb6c0e2a5e44d6e67964
SHA512 f994100d0b7870117d725f1079b0db5756f2d712a65443d601e1a2f4127ed2199214e3f3b626542e942a3b3a79555f8e9c84112b97018d686de638011fff9d77

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 09e8614bd872f731f367dd7cb1b90b40
SHA1 1928bbf4de8b677d51c661b2dfc19efc31643d1f
SHA256 ca29ac953a3f7d6ca198f779b1bf27937e92fd41af030c42b1b0c0f0c7ef7984
SHA512 f19511bb73de711b0a3500321104ff14bc47a570f3373df347ecfd5de23960f4666f299b5af300518b8e1086716ff53d44ad0226aa31426c56039524f8dbc350

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3063ca84b506e9b96e3f8ddeefaa8d5c
SHA1 fb8a93cd89b407b5947f600140582a44fd25356b
SHA256 86bc41c3c0015646e8de0044a4fbc9cc4c39f5a001a846ebfd2a3ad0072b1cb6
SHA512 5a19e957eab47fd92f35a5f74029b33b6b34561f45e8d4b7d562b75c4f31f85a344f49b84c27cbbb62426cef128380503419da8527f628f7231287093ffcde10

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 023acf9ed4ce9a3a0637d328cfa2b5d1
SHA1 719da8b77d9d25c4e69a80d03394c2e8eb9f7d61
SHA256 e39b6babd26cdc90c5f80fac3d43c2a7ad6f20d81b6843f7ed1389cbecefdd19
SHA512 9121f4cb6bfc07817518beb5ed0cf9eb2c743cccb35bb54297e2b0d823eb5ea92712202f3106e4603ebe3bdbac4d6e7c5a3a8324484439e84bce058a5bc2cbdc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 08789a336e99a353c61353b2dba61ad9
SHA1 24e8df16ebc89f6dfd7d57530e087b8f3fe91744
SHA256 caad8a9c15ecb0b4cd797363983725e41057300605786312d543e3cba73fa438
SHA512 04795ff549f63393098aa8d069a1ed20fec91d35ceea5fa0e6a39d58500457d2e772db762818e4e706a4ad23078d1b2e84e1334de92cc097e00a01b25c35ae5f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e645393402c89008f6c81eb53ab9609e
SHA1 7f6cc2477a0c1a0d6f9c1f7bc13d1f1e2f05fbb8
SHA256 4b0a870db54edcbee15da5f09eb9570be47eab12399cee7bf44482c693c28521
SHA512 b71d49b536dff4ccd226dfe1d192b878c318c6ffb01b9e464d730b01a761b42b3c0fcd48c563982893e2066eaeb340755347d91b0d2652dc495c72c31b48f206

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 fb8307239d9382794c2d9f41f6b4d146
SHA1 756d91ec2618093d8c025baf259e6bbde0d9675d
SHA256 621612dffc3ac73829ac95c6f7cc074c20ab534dce1ff9fa8127d9059cf08065
SHA512 abb0f3ccde906fa7091847463e76080b1b7a50425b9c56d07c6194fc8e13face4606c155cd2029dcc8f1913ca20ce453ff248b88fdf39d5781088886cda8f3be

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 63d29c93fc9322cf1d588839eff603f8
SHA1 a6d324fc36dcffbb384248821a3e85871db6ff65
SHA256 65db03a6d2f9b4daaa283aea1b81a55ea267d6532fab18fe69470f9046fcc003
SHA512 81e93d155c0d57accfbb443749701a8fb0c8c34cae75c3568af21e07fa2abbd2bf491f9e293ecd94960ddeec874fa3add943cb62e40821922c221b6f69cf036d

C:\Users\Admin\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\3548.xml

MD5 2df3a26141808fb6111bff8572492af8
SHA1 74b49bf47a30269b5443eeeca0431d75177cf8ef
SHA256 df3d3a0c51dc7b23d49e25018ab47df5532c8c0759f202dff2eb4db882f23b40
SHA512 bdf8363cae7e98714e5208f12d1582e316122507a962ff832ba6a59e33a9138687d267c78c26f4c097fd815683623ada0e736fe4703bed7fe57273c8b63c629c

C:\Users\Admin\AppData\Local\Microsoft_Corporation\powershell_ise.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\3548.xml~RFe5c1506.TMP

MD5 e0307335305ef9c30e2bd1107acdf287
SHA1 10edcb717509bff94a6e7eb85a39bcb3c8dcea18
SHA256 a35af3a7a766f5ceb0a550baea39d2f383b4776be606df13e087bb2c7ae8d23e
SHA512 10e918b73900c1cdc1179f57a0155aec31be6fdf8e6bf30658d6a1b5d01ed0ea2c69115415f00dce1a150816e90d764a3d7d6120d29e535ebb95229c24fda260

memory/3548-637-0x00007FFDF1710000-0x00007FFDF21D2000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

MD5 5ae39bd90c74ff0891e264b26ba2b5a1
SHA1 a5f2aeb1ccd089de66850fb5275732ae6c2da82f
SHA256 1725b5722f6ced3f94ea8bd214e8d1ca7f7ce63400e301dc354513b6bc1ba6ca
SHA512 0382893609cbbd28d2d8c579d3a647dd94167a52db7c1589f7d2a1464ca06b16bd2bf10882c0e658978a602115c3b7a589d7cd8047293ab41adc4883c7a9087f

C:\Users\Admin\Videos\windows.ps1

MD5 02911560b0ab7585e9e0a15c8a933e42
SHA1 27a2dd8e26d79d1de118a4730dc3328a7a4c57fb
SHA256 628492f8d036fc32f355cbd8cfed732e22401a3842d01b57aeb6f7221a388f89
SHA512 53a698e80a79b5f07a3b42679eb341d608a9d88066a87c2533ba9ee9008caa9bdcb11502b8b230e0474bda3984fa05cd21906042997ace67df7996e2003b2b5e

memory/1900-651-0x000002912E220000-0x000002912E232000-memory.dmp

memory/1900-652-0x000002912E210000-0x000002912E21A000-memory.dmp

C:\Users\Admin\Videos\xmrig\xmrig-6.21.3\xmrig.exe

MD5 c0f8959614ae06561216158d78a787e5
SHA1 73167d1fd0cee1c96a6505606d21cbfe4369eb00
SHA256 e199d88569fb54346d5fa20ee7b59b2ea6f16f4ecca3ea1e1c937b11aab7b2b0
SHA512 a24fcf344d08c64ac301d5e4979f062b5e28e8e4acf1d2790916149ffe7726b0c4a11e0775aeba6b841d2d5081e1bd13e2b80390bf9bfbc44d67e54ec07cd746

memory/1476-679-0x000001F22C230000-0x000001F22C250000-memory.dmp

memory/1900-680-0x000002912E690000-0x000002912E79A000-memory.dmp