Malware Analysis Report

2024-11-30 20:13

Sample ID 240509-ks9szahf2w
Target https://github.com
Tags
redline zgrat github_crypted discovery infostealer rat spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://github.com was found to be: Known bad.

Malicious Activity Summary

redline zgrat github_crypted discovery infostealer rat spyware stealer

RedLine

Detect ZGRat V1

RedLine payload

ZGRat

Reads user/profile data of web browsers

Executes dropped EXE

Loads dropped DLL

.NET Reactor proctector

Legitimate hosting services abused for malware hosting/C2

Checks installed software on the system

Accesses cryptocurrency files/wallets, possible credential harvesting

Enumerates connected drives

Suspicious use of SetThreadContext

Enumerates physical storage devices

Modifies data under HKEY_USERS

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Checks SCSI registry key(s)

Modifies registry class

Modifies system certificate store

NTFS ADS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Checks processor information in registry

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-09 08:53

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-09 08:53

Reported

2024-05-09 08:57

Platform

win11-20240426-en

Max time kernel

282s

Max time network

261s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com

Signatures

Detect ZGRat V1

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

ZGRat

rat zgrat

.NET Reactor proctector

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\Launcher.exe N/A

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\S: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\e: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\p: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\q: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\F: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\j: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\o: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\u: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\r: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\t: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\n: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\w: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\a: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\D: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\x: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\z: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\l: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\s: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\i: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\k: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\m: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\v: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\y: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\b: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\g: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\h: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\SearchIndexer.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\SearchIndexer.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A camo.githubusercontent.com N/A N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\taskmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{01BE4CFB-129A-452B-A209-F9D40B3B84A5} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000005d59fa9eea1da01 C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-123 = "Microsoft Word Document" C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithList C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-140 = "Microsoft OneNote Section" C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Windows\system32\SearchFilterHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\ActiveMovie C:\Windows\system32\SearchFilterHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\OpenWithList C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-142 = "Microsoft OneNote Table Of Contents" C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\wshext.dll,-4802 = "VBScript Script File" C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{F81B1B56-7613-4EE4-BC05-1FAB5DE5C07E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000006ac9b6aaeea1da01 C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft C:\Windows\system32\SearchFilterHost.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{1E589E9D-8A8D-46D9-A2F9-E6D4F8161EE9} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000008a962f91eea1da01 C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{3DBEE9A1-C471-4B95-BBCA-F39310064458} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000351617aaeea1da01 C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithList C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\OpenWithList C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{33154C99-BF49-443D-A73C-303A23ABBE97} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000098d15a9eea1da01 C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\OpenWithList C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\OpenWithList C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2 C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2T C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device C:\Windows\system32\SearchFilterHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia C:\Windows\system32\SearchFilterHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-177 = "Microsoft PowerPoint Macro-Enabled Slide Show" C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\OpenWithList C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie C:\Windows\system32\SearchFilterHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft C:\Windows\system32\SearchFilterHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9926 = "M3U file" C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\OpenWithList C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9909 = "Windows Media Audio/Video file" C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{E46787A1-4629-4423-A693-BE1F003B2742} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000023efbdaaeea1da01 C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\OpenWithList C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133597183960910793" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-111 = "Microsoft Excel Macro-Enabled Template" C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-174 = "Microsoft PowerPoint Presentation" C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\OpenWithList C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\ieframe.dll,-24585 = "Cascading Style Sheet Document" C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{97E467B4-98C6-4F19-9588-161B7773D6F6} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000a46e2891eea1da01 C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\OpenWithList C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-178 = "OpenDocument Presentation" C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\OpenWithList C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{5383EF74-273B-4278-AB0C-CDAA9FD5369E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000b6e8b2a9eea1da01 C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-103 = "Microsoft Excel Macro-Enabled Worksheet" C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-194 = "Microsoft Excel Add-In" C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9938 = "3GPP2 Audio/Video" C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{8082C5E6-4C27-48EC-A809-B8E1122E8F97} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000000adae8aaeea1da01 C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\OpenWithList C:\Windows\System32\SearchProtocolHost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9902 = "Movie Clip" C:\Windows\System32\SearchProtocolHost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v C:\Windows\System32\SearchProtocolHost.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2994005945-4089876968-1367784197-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064\Blob = 0b000000010000004800000054006900740061006e00690075006d00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f00720069007400790000000200000001000000cc0000001c0000006c00000001000000000000000000000000000000010000007b00340031003700340034004200450034002d0031003100430035002d0034003900340043002d0041003200310033002d004200410030004300450039003400340039003300380045007d00000000004d006900630072006f0073006f0066007400200045006e00680061006e006300650064002000430072007900700074006f0067007200610070006800690063002000500072006f00760069006400650072002000760031002e00300000000000030000000100000014000000f1a578c4cb5de79a370893983fd4da8b67b2b06420000000010000000a03000030820306308201eea003020102020867f7beb96a4c2798300d06092a864886f70d01010b0500302e312c302a06035504030c23546974616e69756d20526f6f7420436572746966696361746520417574686f72697479301e170d3233303331343130333532305a170d3236303631373130333532305a302e312c302a06035504030c23546974616e69756d20526f6f7420436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a028201010086e4577a5861ce819177d005fa51d5515a936c610ccfcbde5332cd151da647ee881a245c9b02833b02af3d76fe20bd3bfaf7a20973e72ebd9440d09d8c3d2713bdf0d09feb9532acd7a42da2a952daa86a2a88ee427d30959d90bfba05276aa02998a6986fc01306629b79b8405d1f1fa6d9a42f827afc7566340dc2de27012b94bb4a27b3cb1c219a3cb2c14203f34451bd626520edd4dbcc414f593f2acbc48479f7143cbe139cfd129c913e5303dc20f94c44358901b69a848d7ea02e308a311560ac00ae009a29109aeed9713dd8919b97ed598058e17f0726c7a020f710abc06291dfaaf181c6be6a76c89cb68eb0b0ec1cd95f326c7e55588bfd76c5190203010001a328302630130603551d25040c300a06082b06010505070301300f0603551d130101ff040530030101ff300d06092a864886f70d01010b0500038201010070851293d757e982797dc5f7f27da894ef0cdb329f06a6096e0cf604b0e54711560ef40f5282082e210f55a3db41f312548b7611f5f0dacea3c78b13f6fc243c02b106665be69e184088415b273999b877bee353a248cec7eeb5a095c2174bc9526cafe3372c59dbfbe758134ed351e5147273fec68577ae4552a6f99ac80ca8d0ee422af528858c6be81cb0a8031ab0ae83c0eb5564f4e87a5c06295d3903eee2fdf92d62a7f4d4054deaa79bcaebda4e8b1a6efd42aef9d01c7075728cb13aa8557c85a72532b5e2d6c3e55041c9867ca8f562bbd2ab0c3710d83173ec3781d1dcaac5c6e07ee726624dfdc5814cffd336e17932f89beb9cf7fdbee9bebf61 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Git_Launcher.7z:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\Panel.zip:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: 33 N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3552 wrote to memory of 2384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 2384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3392 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3552 wrote to memory of 3156 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffeb9adab58,0x7ffeb9adab68,0x7ffeb9adab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1508 --field-trial-handle=1764,i,9685559549834282302,3787107157567569556,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1764,i,9685559549834282302,3787107157567569556,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2140 --field-trial-handle=1764,i,9685559549834282302,3787107157567569556,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2992 --field-trial-handle=1764,i,9685559549834282302,3787107157567569556,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3004 --field-trial-handle=1764,i,9685559549834282302,3787107157567569556,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3944 --field-trial-handle=1764,i,9685559549834282302,3787107157567569556,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4372 --field-trial-handle=1764,i,9685559549834282302,3787107157567569556,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4648 --field-trial-handle=1764,i,9685559549834282302,3787107157567569556,131072 /prefetch:8

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /0

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\SearchIndexer.exe /Embedding

C:\Windows\System32\SearchProtocolHost.exe

"C:\Windows\System32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"

C:\Windows\system32\SearchFilterHost.exe

"C:\Windows\system32\SearchFilterHost.exe" 828 2632 2716 812 {0E5DCEC5-7795-4E38-9621-94DFD9F9A421}

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1608 --field-trial-handle=1764,i,9685559549834282302,3787107157567569556,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1476 --field-trial-handle=1764,i,9685559549834282302,3787107157567569556,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4584 --field-trial-handle=1764,i,9685559549834282302,3787107157567569556,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 --field-trial-handle=1764,i,9685559549834282302,3787107157567569556,131072 /prefetch:8

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap29858:80:7zEvent3856

C:\Windows\system32\SearchFilterHost.exe

"C:\Windows\system32\SearchFilterHost.exe" 828 2712 2684 812 {85EE815A-7738-4808-A14A-3AD87E32A3BF}

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1468 --field-trial-handle=1764,i,9685559549834282302,3787107157567569556,131072 /prefetch:2

C:\Users\Admin\Desktop\Launcher.exe

"C:\Users\Admin\Desktop\Launcher.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4572 --field-trial-handle=1764,i,9685559549834282302,3787107157567569556,131072 /prefetch:1

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 --field-trial-handle=1764,i,9685559549834282302,3787107157567569556,131072 /prefetch:8

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /0

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2320 --field-trial-handle=1764,i,9685559549834282302,3787107157567569556,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 --field-trial-handle=1764,i,9685559549834282302,3787107157567569556,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5044 --field-trial-handle=1764,i,9685559549834282302,3787107157567569556,131072 /prefetch:8

C:\Windows\System32\DataExchangeHost.exe

C:\Windows\System32\DataExchangeHost.exe -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap19970:68:7zEvent26511

C:\Users\Admin\Desktop\Panel\Panel.exe

"C:\Users\Admin\Desktop\Panel\Panel.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\Desktop\Panel\Panel.exe

"C:\Users\Admin\Desktop\Panel\Panel.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\Desktop\Panel\Panel.exe

"C:\Users\Admin\Desktop\Panel\Panel.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ffeb9adab58,0x7ffeb9adab68,0x7ffeb9adab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1540 --field-trial-handle=1848,i,14051839990986592655,14186632955878940092,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1848,i,14051839990986592655,14186632955878940092,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2220 --field-trial-handle=1848,i,14051839990986592655,14186632955878940092,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3064 --field-trial-handle=1848,i,14051839990986592655,14186632955878940092,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3092 --field-trial-handle=1848,i,14051839990986592655,14186632955878940092,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4148 --field-trial-handle=1848,i,14051839990986592655,14186632955878940092,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4188 --field-trial-handle=1848,i,14051839990986592655,14186632955878940092,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4548 --field-trial-handle=1848,i,14051839990986592655,14186632955878940092,131072 /prefetch:8

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /0

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.133:443 user-images.githubusercontent.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
GB 142.250.200.42:443 content-autofill.googleapis.com tcp
US 140.82.113.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
N/A 224.0.0.251:5353 udp
GB 104.86.110.120:443 tcp
US 8.8.8.8:53 browser.pipe.aria.microsoft.com udp
BE 2.17.107.123:443 r.bing.com tcp
BE 2.17.107.123:443 r.bing.com tcp
BE 2.17.107.123:443 r.bing.com tcp
BE 2.17.107.123:443 r.bing.com tcp
BE 2.17.107.123:443 r.bing.com tcp
BE 2.17.107.123:443 r.bing.com tcp
US 52.168.117.174:443 browser.pipe.aria.microsoft.com tcp
US 8.8.8.8:53 174.117.168.52.in-addr.arpa udp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 142.250.200.42:443 content-autofill.googleapis.com udp
US 91.90.195.152:80 tcp
US 91.90.195.152:80 91.90.195.152 tcp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.215:443 github.com tcp
US 104.21.86.70:443 auctiongutollyjkui.shop tcp
US 172.67.180.137:443 acceptabledcooeprs.shop tcp
US 188.114.96.2:443 obsceneclassyjuwks.shop tcp
US 172.67.148.231:443 zippyfinickysofwps.shop tcp
US 104.21.30.191:443 miniaturefinerninewjs.shop tcp
US 172.67.213.139:443 plaintediousidowsko.shop tcp
US 104.21.44.201:443 sweetsquarediaslw.shop tcp
US 172.67.183.72:443 holicisticscrarws.shop tcp
US 104.21.72.135:443 boredimperissvieos.shop tcp
GB 20.26.156.215:443 github.com tcp
NO 20.100.11.101:42074 tcp
NO 20.100.11.101:42074 tcp
NO 20.100.11.101:42074 tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp

Files

\??\pipe\crashpad_3552_VCASOZQZPJFIJUUD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

memory/3408-150-0x0000027B03FA0000-0x0000027B03FA1000-memory.dmp

memory/3408-151-0x0000027B03FA0000-0x0000027B03FA1000-memory.dmp

memory/3408-152-0x0000027B03FA0000-0x0000027B03FA1000-memory.dmp

memory/3408-156-0x0000027B03FA0000-0x0000027B03FA1000-memory.dmp

memory/3408-162-0x0000027B03FA0000-0x0000027B03FA1000-memory.dmp

memory/3408-161-0x0000027B03FA0000-0x0000027B03FA1000-memory.dmp

memory/3408-160-0x0000027B03FA0000-0x0000027B03FA1000-memory.dmp

memory/3408-159-0x0000027B03FA0000-0x0000027B03FA1000-memory.dmp

memory/3408-158-0x0000027B03FA0000-0x0000027B03FA1000-memory.dmp

memory/3408-157-0x0000027B03FA0000-0x0000027B03FA1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 fca2d48f333f68363fdf1648c2714078
SHA1 40e13f122847f97618b83151456cbad6382eca25
SHA256 d84e506957df190e3dce8b86fe179c9a9af8f387a512483142ef619e7f9e2f44
SHA512 90cfdb64eacf4c4649fc482945012d875c8918257f65a74f4e251b88e5a3a589eb6c15d3c60a555175cbb8c19f6dd48bd2f04a625fa18af827dc4f15d115257b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0c4ec6f4078113af50159ac704f2184c
SHA1 e44e3ad8ce90a014a2270723713c392e343051a7
SHA256 9b7ea1039f4ed10208da9f8811868a4100617ae299fd8ccb5619f2789acd50e2
SHA512 24ccc6fb07eb9c4f5c9ba7f8d567dc696c10274d834b75f31371f8682e13ee8f9bddc69ca66c9e92ee1bb6760ac04dfee9592e84902177f0fc875bd933c93211

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\90249b0e-f818-4ade-9880-1a03ae38fcda.tmp

MD5 2d76255b2778179cac550b6acbdf7d54
SHA1 cb43c07a4ace60b924d02ec7061b00041247b82e
SHA256 1dc9a53e9186af7cbfdbccd2aff0fc5fe4e92eacad73d274ecfe3fbcd5f051cd
SHA512 9478e7ce01692445d490c563f3596b39f85a98b65292845196d0cd0673b411eb5274211cb9e1261cf7afccd59d4e94838558130715f042e30c723a4322bd71b7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4c8f63bc43bccd9df81cbb2c0174e37a
SHA1 32f603e96c5168e10badbc19e1ba5617a9441da7
SHA256 9730cf812e70790c99a70fe801ecb5548b40a32a15aa15ea90abbcf77b7b005b
SHA512 42cd1343630fbf5d72a47171180ebddc211797bef7af1b4ebc4d66d311a68dcfed1887c18000b82efd26bf780cbb1bb08d0f4df34476e207a3d36f504f4b4863

memory/4112-207-0x0000022919180000-0x0000022919190000-memory.dmp

memory/4112-223-0x0000022919280000-0x0000022919290000-memory.dmp

memory/4112-239-0x000002291D5E0000-0x000002291D5E8000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 37a6baec8bf3cda5343d988daddc8df1
SHA1 7ff9441ce5a4ba02e6ce1f73aeb1cdf1f2a4e074
SHA256 0651057bfec5907e6c1a0c849abd84a20388b956697d42aeef0ad7c9d1933848
SHA512 0b1cdcf4ae5feaac8f47ab1a67e5fd76c484a37d4836fb9a9a80d9b1c8652481ef9d9859f9bd3e43940ba3d97002c82917f4ceaa7af6bfbc126a6467f85e027d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6d91a81648d2277c466d54226f022376
SHA1 dbd0e561798c93562031f06b8c7d93bfa2f5b9b7
SHA256 73b890ca63755812db11c18e01e7573c69769a0de4ff0dca387b7de3c4afb45d
SHA512 22cc042b7bfa4f3869256ddcc184bedd245e845b2722267c9fbebdb4361b969995513c74bc45928708ce41e49970ec69acf2ba98f1d0dc5bb43efca6d20bbc0e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

MD5 675c3cc9eeb511d43db6635bf1b515f9
SHA1 b5a3bc916093bf35af9cb26f45f79c229db4d70b
SHA256 827caf07904c9ca524acf5d97bcaf1f11c84ffdb1fc2e7f683e1dc80648ed58c
SHA512 6e82a416ca6d79ed2402382326d8621d9828b420daad5ff0a93f2de13598213b52ed7fc9f6a59dc6bb71bfb6a1bb13be3d54581e2d26ecb0dbf0bb2ecc894197

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

MD5 8852cfc3d33f08671c7df96fdadcc54a
SHA1 53a286b6ff6e215c90fb9d0a9a3078ffe1d364ed
SHA256 2b907730278b227f45035e1f5fc78cf47c018a97145d8728efe190546481fa83
SHA512 20ceb5526d323a609348bd7d9ae6ad0d9416eb637ff55e5f7bb9cf73a2be92c5f0ee7aab1da7cf43835552034a97a49c3d7076b4d4d00c376ec902b4dc50df97

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

MD5 54a5ca74a6d9c531ec2c366edd7be658
SHA1 c4d01c1cfd3c190fd9ac918eb5a3bebaf41b29d6
SHA256 9f3cb2edebc4754956da013e3e4fa9735d5d5cdbd5f02a7c9869a8ada5bf190d
SHA512 b8670bb7a6496e8e6a09dbcb974ace55451be9c937f178803891129bd33f9545119924dffffa84f13dc87a753df0e9d66e104e5df72f9d6911c619c835d78e2d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

MD5 12b3b06a215a92b61047d4d676009d5c
SHA1 bfaffa1420406892f96c14563413c12b22d5578d
SHA256 ebddde1fdfe55665db44af96d9a914ea833d5c74b510150b0aafcc6598c8ec72
SHA512 5f597b93c1bd9e9be7d7aa42ec1a69d1183d164096046af276546f907c7796cd5d1ea80d152ac8cab76f1ddf3a6e3d51ed74c6dc97d467a4f5519dbad8d42ea8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 662233d867779437daf7d14ed1c8232e
SHA1 0fa7814e937372cdb0f2247cd45105b317adacd6
SHA256 0d46fb738c3ddc25b296af7e5df23a909d1e3d36af60dd012d4f783a58fb31e6
SHA512 80a39b288519e784c6cabc6e96db90ce837ea185b6861ef1192a2ce9d8a9a14bd5ba09d4ac3f6e027530d4e30367e75c21ee234d22ed30ff9db2e13416fd4c3c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

MD5 8b2813296f6e3577e9ac2eb518ac437e
SHA1 6c8066353b4d463018aa1e4e9bb9bf2e9a7d9a86
SHA256 befb3b0471067ac66b93fcdba75c11d743f70a02bb9f5eef7501fa874686319d
SHA512 a1ed4d23dfbe981bf749c2008ab55a3d76e8f41801a09475e7e0109600f288aa20036273940e8ba70a172dec57eec56fe7c567cb941ba71edae080f2fdcc1e0c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 867d8f273aa9df56da4f21aea01f9846
SHA1 a12f7bbe3dc82d9d69f4a3d35563bc9b18688d29
SHA256 d1ef3adafe12aa8a17518365835c1fbac39fa6dd6ab3c01298d9566952bd6d69
SHA512 b560617235fe584fc4d480c350df0b1b08b79929e6453c8f6fde3d8ec2104f5618dd1951909524442100e0bf809b2ccecc587ccd194eaf1dbace1aa2c3dc4440

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 b237179599d01bb84f5b652dc5fae5c9
SHA1 11e0f926fe7b6885e416106e7bd3756b41b937df
SHA256 3e5ef22021335f329e0e89b20b8d246040d84e581541a0b3740faba21d14f264
SHA512 075e460ef5cbae7c0bf5eafa3bbbf7e4a2b82f645bd551d60a7076a959e8b07ad5a5358fd236a8cfd6880c3ade9a60f8bbdb0fe72d762f266c06e1a64f27cce2

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

MD5 cd0e79648d9bd090cc154fefada48165
SHA1 2488b8400ccb46208e5768bba200ad371f0c18cf
SHA256 6e0bac436262b09364d20a2b6267dd06d857a3c0976e75d418cd483004406aa7
SHA512 bfb8e67bacb53e3b4797256f3ebb46fb294b944621f6db6faf12a75fd4a7d6ad852a86e367388b426d25294ac1abef16d0adc8c532db54564bcaa74b83bd549b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 83c25b25597b38f2b22de0ebc8f28edb
SHA1 609f5d31f45074af02fc19a4f21bd93c92398d53
SHA256 d40da44863486cc94a7dc218f65fa2d01b84caba5808ea1860e3789692dec360
SHA512 dab6afd9fe3443dfd4cc7f67d93fff8cd1cc5a29166ffe52f519a08ad72a83f4330dedb90117f75364eca23931949438fc7f663aa459b03622ba4f50409f07c7

C:\Users\Admin\Downloads\Git_Launcher.7z.crdownload

MD5 65e2cb42d2a6c9528c5b3acd81c72796
SHA1 8148149b389d3d8b6e53be58efc71104bf6215a3
SHA256 7ad7029872f7362d97f6ab9414e90ff28fda5c4edb46b722846eddbf65435e92
SHA512 baa9fd53607ef8948fe1072ffc908e0149af21411f6d5685744017fc388ab94f8311467b4b2ee88963a0eae9c71c6bc2184342d76c2278e5360ab6dab3cd363a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b1d0335b91cb7ec0f468bbcf0e6c0caf
SHA1 fec0002e9bb3e15de1a87718644e245952a807f1
SHA256 3afc6c1091511489892433771cb7cf90a71f8e0342b6202e8a1057f151c50107
SHA512 e5fa93b8d9b83cd405864c38d612d69be04364cc77a65b6e755340c181d324525e69b696ef9f0d40ea0c0d3ba2d571921c6058ca39caae41ea82b05d0fbbcb75

C:\Users\Admin\Downloads\Git_Launcher.7z

MD5 8098453916685d07a08f4f2b8d97f859
SHA1 cff71e1bb89b9e49684671f48c4ca12d10797690
SHA256 828e59b9ce497dc7920c8244a3f664b8e229e9dedf8a5fb80ffff777beebf9e4
SHA512 0532be77ce3d6725e5d27e247aa6b27a6580be57b33617617b9e34476a34b73e35b05d04dbe21278fc435335c960184666e73579f7388a21e00f1a108fc46e81

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 e494b8babd53f910befcfea6949b3f06
SHA1 9a8fedfc504f3cd82f7ea5cf8a7bdbbc46867282
SHA256 b6b37dd672180b5e50fa457d65a7fc8d867031b40e71269351c26abac90e12be
SHA512 1e5f67b4a0463ff49b118c19356c25fb38f764d9e81d14b4841a6f333bcecc69cebc99c6c582ece150896334f8dd8664da0707ec2f9479e1a0c137dc44464198

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58c5cc.TMP

MD5 1a581faa4720b1e4a2153cdd485e116f
SHA1 e8d36d7dc0f11357cc46cb9b22be806c0ba5b827
SHA256 ed64645f41a3eab882d00c15dd53baa9a74d3f69c01f4e738b410605e5a7ff6b
SHA512 d066a3b4c086ab97646ad4f2aa9ba2102e6cacecc0d85deb644923251fccd56b5e9174c5ac23164e2b84b315910076205f551f44897d82c25f4f3c00fc8d42d3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 54abc6f813bd0fe6f52409da7dd6480a
SHA1 8d8227ace2d8f235f8e944a0bdcf51f3ea82ec0e
SHA256 525fab4bf94d60f16b24217841120006e7d34777746722318a282d757bff7dc5
SHA512 7581e96f863a72c10c36dd81513ba8086af8a2009f8ba195c3ab53bc0c7301a3a09b408ec3f79a559a870184f519e51cd17538d3e002f5a3a509e7e9c98d990e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 486675d25dcf8399afd2e788ece31fd3
SHA1 1a96b9ec6df11cfa27f4e650da517ab895db0746
SHA256 375ed96e35ee1b79d43002218d5559e5a3277f763ff0600b7263a21deeea2a55
SHA512 7c48e2dcfd972ac0d00cf73ecfc127dd74012b83c7e3681e61b251fb166cabe7797d5eac84056b7e0a959f6e2ce0a9296ecad68399f7b295100e229806ccc1a3

memory/4916-1809-0x000002A64C980000-0x000002A64C990000-memory.dmp

memory/4916-1810-0x000002A64C980000-0x000002A64C990000-memory.dmp

memory/4916-1811-0x000002A64C980000-0x000002A64C990000-memory.dmp

memory/4916-1812-0x000002A64C980000-0x000002A64C990000-memory.dmp

memory/4916-1814-0x000002A64C980000-0x000002A64C990000-memory.dmp

memory/4916-1813-0x000002A64C980000-0x000002A64C990000-memory.dmp

memory/4916-1815-0x000002A64C980000-0x000002A64C990000-memory.dmp

memory/4916-1819-0x000002A64C980000-0x000002A64C990000-memory.dmp

memory/4916-1820-0x000002A64C980000-0x000002A64C990000-memory.dmp

memory/4916-1818-0x000002A64C980000-0x000002A64C990000-memory.dmp

memory/4916-1824-0x000002A64C980000-0x000002A64C990000-memory.dmp

memory/4916-1823-0x000002A64C980000-0x000002A64C990000-memory.dmp

memory/4916-1822-0x000002A64C980000-0x000002A64C990000-memory.dmp

memory/4916-1821-0x000002A64C980000-0x000002A64C990000-memory.dmp

memory/4916-1817-0x000002A64C980000-0x000002A64C990000-memory.dmp

memory/4916-1816-0x000002A64C980000-0x000002A64C990000-memory.dmp

memory/4916-1825-0x000002A64C980000-0x000002A64C990000-memory.dmp

memory/4916-1826-0x000002A64C980000-0x000002A64C990000-memory.dmp

memory/4916-1827-0x000002A64C980000-0x000002A64C990000-memory.dmp

memory/4916-1828-0x000002A64C980000-0x000002A64C990000-memory.dmp

memory/4916-1829-0x000002A64C980000-0x000002A64C990000-memory.dmp

C:\Users\Admin\Desktop\Launcher.exe

MD5 303ab0737b1da8872c590cd160912c51
SHA1 9730f371d78a48bf48d26c6f8bf95b0bfbbac329
SHA256 ea936ecf48158aeef5ad85521d42c4588f1815f7175ed37dadb122b08c1eba6b
SHA512 e62ef47b14532dd4393ed2db7267a52072cbb6e2f4fb29d5f0548e709285192aa33d085a9a5aff4c5b20b9bfb1412597c709578cbbe87709455015dceee8a3bf

memory/2996-1971-0x0000000000280000-0x0000000000666000-memory.dmp

memory/2996-1972-0x00000000050F0000-0x000000000518C000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

MD5 ec52a780fb628756883539d1daf3f68f
SHA1 cbfa20c69acbb5b75a16c81d12127be1ebcd47ae
SHA256 4db0f4e2991abbcf13c1fa0094672e2b3f453797e271a846a0eb3b4ffd6ebfce
SHA512 5191b287f7d15d882ced2bba912a327c351a29dfc4b457172f3f5886b60eb6d7683c6ca51c9734cc0385da9514d271d674313c049db5b0adec1b05a1a1ca29fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

MD5 9a21c78c3cfb129f395919dfb35bd678
SHA1 65e66cd7c7dbae0fa6f5346a1413414bae531d06
SHA256 f336b0f4882f58bcc4ffcea8aeb064c3f2999836ccb269eecc140bb401bbdf23
SHA512 8005c6594dd227e5dcd0e1a9dca2757c1e94ac1ee01f23f01130900f67382b5123b265ecd7f79ec01914ad8d8f743318fa2ba6fa70fa18a5597a9f492ccde04c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

MD5 7739350f11f36ec3a07b82584b42ab38
SHA1 d97e0e76a362e5fce9c47b7b01dab53db50963d8
SHA256 d84e9971e8c344b9ff5a5968e7252270757f211f0d408e26c12693729068ed75
SHA512 2cb436985e382ec17390a1f8a7c112bdf18206c66d845934a14f9c84781200828e05c57cef5d4128a9d9b96778042ecb7ba2c031563c78ee9b8ec41accf8a537

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

MD5 063fe934b18300c766e7279114db4b67
SHA1 d7e71855cf6e8d1e7fbaa763223857f50cd1d4bd
SHA256 8745914e0214bcd9d2e6a841f0679a81084ef3fc3d99125876bee26653f4253e
SHA512 9d0dfc21306b3a56c2ecdf1265392271969e3765e161e117c8765125b34793e24458217cf6514b364f351f47e65baaaf5856be0d13406a789f844d6ba8c7075f

memory/2996-2116-0x0000000005230000-0x0000000005472000-memory.dmp

memory/2996-2117-0x00000000065A0000-0x0000000006732000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Protect544cd51a.dll

MD5 544cd51a596619b78e9b54b70088307d
SHA1 4769ddd2dbc1dc44b758964ed0bd231b85880b65
SHA256 dfce2d4d06de6452998b3c5b2dc33eaa6db2bd37810d04e3d02dc931887cfddd
SHA512 f56d8b81022bb132d40aa78596da39b5c212d13b84b5c7d2c576bbf403924f1d22e750de3b09d1be30aea359f1b72c5043b19685fc9bf06d8040bfee16b17719

memory/2996-2123-0x0000000004B80000-0x0000000004B90000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d88c9422a275a9299eeda972918c7a06
SHA1 8e5f4d52f11c14bd4c027cedd21ccccaa950a87f
SHA256 4ed68e6e6052ff4dcd04f51f860a3696df9975cd6e4a0ace731e22602e1617e1
SHA512 102f337ffbc3690a02531fd337c40c17afac222aa71cd63a0b813a3acf301d115c598152367cf835e9a928ea5e82e6bf2d1ad2adea141a60d2571e02f5e2847f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 59513ba291dc7dbc3e75e62dcd677a4e
SHA1 e8994320e50ef0e023d585d4ef6d61ef423fac95
SHA256 79392094dd88739944bda642039da7e9b0aba62de8a55758069734563a384375
SHA512 4067a37ac9e4d6bc9edf30aa5b9261b4cedd718d8be35797d7c9403ded3b461c083ccad62a12b072589411c6e581cd42d5e31c086797b75ee76163ed52ed5eb1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 e2375be0933931e066b4f0782c2e3b42
SHA1 af22070c55862efd6a40446612c4ceeefb1e3ef9
SHA256 6de94a66b2373f450c0ddd0d7868b8191c7ebd8b91581c8762661f228147de36
SHA512 53d0eb255c1816e60a40ab2cd3a765fae01336ccc1ca8c7c212fdd773c2704a0b344a4423f3ed973d0255488565b67438d71661589b4f5e6c02e118534ed1ffc

C:\Users\Admin\Desktop\Rmb.dll

MD5 8b23fb9dd8cdf72b7c8a598fe9e1336c
SHA1 1e006bc7b3874d1cdd409cf40f5766ab2b61c19e
SHA256 8d11e254e2aca73da95da065cf2e548198a9594f11a72c5b21fad5086491e35b
SHA512 0e4e380fbb4dffa03b7c65756c634d4726ea104f1693ed2ad405322e0b78f8fc583c83bcb67ca5c63fec695fa4ca22bd5b5edb814e24c918f5ab7766104ea91f

C:\Users\Admin\Desktop\GAC_MSIL\System.Runtime.Serialization.Resources\3.0.0.0_ru_b77a5c561934e089\System.RunTime.Serialization.Resources.dll

MD5 82a32eab0d80fa06b84611bbca25b407
SHA1 05c57b6416e61e040065ab64a5330293b94abc9c
SHA256 694dd69376a641cc560d7de4d10e5d89d9203c9606ac908e1754a6404101d5bc
SHA512 c90ae21920a3b8f0d53ee5a7e9d41c2376ed3e9e049ac57d0d8db3dc7175cc5ca554de553e4759259dc3c1e28e2071415bc501e7383df95bd7dbd8b7d2226e61

C:\Users\Admin\Desktop\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.Resources\2.0.0.0_ru_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll

MD5 dbb7f4d1c86c401476c92fc9c5767733
SHA1 126555f4bca20896319f50038e2b020a03cd4b5d
SHA256 009629bcc0ec4afa6f685768272dc237bee42b3d03f62e40c94cbe30f883f672
SHA512 a88c77cd09f8f9609654717f0f83a17e0254babbe062a7a34442e66ccf76b5e4831eb2591312abcf2c360f6884a690456227ba9628703829f02dd3978cf2a3a4

C:\Users\Admin\Desktop\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

MD5 874e3bfe4b786a42f1239889320ec4b8
SHA1 e7f136e150da59a0d11cfa0f4c1d392fd37199d7
SHA256 2bf678c227d377ca86e2f18cb51e608e8187d0fc6865256024c90af2824cef47
SHA512 3523919cd97ac7096835cd792121acdc3dbb6a697519c10c78071ad14a0018dbddcee392122deb8bccab2abf867816d318d44e59173a61f0bad2f895bd31f9ff

C:\Users\Admin\Desktop\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll

MD5 e747a3d82a6b601a3d5c27e2074ed5c7
SHA1 d2b18c58ea3d3e1b1404c8e2c8625cd8ab97ff8e
SHA256 125a6c2d36c7e31ed538964978f2fca3285e71c3c91b8777a17832eb0ca06e91
SHA512 89fe1016ae92a3f8aa228b02a4c671e40761dbfdfdd49736dd49cd4d5844ea42267e7b9f2a110e92c1319b271fbfa9837c231ef0d99ea430b750b7c5dec606f0

C:\Users\Admin\Desktop\GAC_MSIL\System.Runtime.Remoting.Resources\2.0.0.0_ru_b77a5c561934e089\System.Runtime.Remoting.resources.dll

MD5 1d82ddb2156992dc85d6a8a4e0ef346b
SHA1 9cee8f32615cce8d3a4b5b0c8ca797773c6aa36e
SHA256 aeab4d7000bd6d0688274148bef46400403436c635db6c365a68b9d7f0df84b3
SHA512 a97f52583a0add58705d47fb2585e887d0344bf46b9f7da97f9201ea496ff0a3d34750838d7f83cefa5556bb50299f58e6af6e1017e8c9e9ece51da860977c6c

C:\Users\Admin\Desktop\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

MD5 822daf1fc4591618d72d3059d55392b8
SHA1 f9f4df1f7d56715d96b423c8f85c5afb482a7754
SHA256 d3a28300fd31d08ab8d75948bf6963fc6dccb4ed3873bb332da99f5e62ad43cd
SHA512 dbeb617003a5f86df51c1dbf5bef9aa5fa82cc4228aae31556958c589b7f0b28fcce681b0469ad2ab56893ffa857a7a5d69471defef34a3716923095a9f68f8a

C:\Users\Admin\Desktop\GAC_MSIL\System.Resources\2.0.0.0_ru_b77a5c561934e089\system.resources.dll

MD5 b1dedceba06dfa1aea9709f111ad24db
SHA1 45e8c87a82b1ff0c9115e821dede7a706ff7c427
SHA256 45510ee8168a6b8e9f1cffa77bde6e5a7596dedc9c689e0d44458240ef71c027
SHA512 923068d39497e0c9be2dc94a07e9d83f75407624786a7e2476b7bf2452056cf4e87b9b883aa5325218941891793b45d5543b8cb6c8c97cd0f357b3163b52ca3c

C:\Users\Admin\Desktop\GAC_MSIL\System.Printing.Resources\3.0.0.0_ru_31bf3856ad364e35\System.Printing.resources.dll

MD5 c3ab9b23aee920744385988edba6c5ca
SHA1 7aeffe3eeeb6df9d3160c39f6b9a8b43156bd3b9
SHA256 95cbebe9d63f124986268808a698cc18981e66f09e57f5512064d49fa7d4d8f2
SHA512 69fd11e3275962b93bd1e3c7e18e3d511116077b5dade7454682d1d39bdb0a5ade83d5a17bf94f0e89aa00af0643174649ca71a3e9840b3a997fc615ae8f66a1

C:\Users\Admin\Desktop\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll

MD5 03ea41b17f2c043dc5d161eaab29d21c
SHA1 c404bf4b5b7d1b3610c6a8b11f23e95fea9204a8
SHA256 7c60d637c66956c06731a116e5ab825b6f4c9bc58b641230405bd482262dba97
SHA512 9d0feabef95b42d0ae0b31bd954ee217fc50a43316c15a7f8d7a13ddc35010f43553e95e3bd1b9c2fa50ba3e5ccfe2e70d7285435089a004f502dd684bfc61a2

C:\Users\Admin\Desktop\GAC_MSIL\System.Messaging.Resources\2.0.0.0_ru_b03f5f7f11d50a3a\System.Messaging.resources.dll

MD5 75bcd768329f76fd7d8e2132ee091852
SHA1 cb3ebb840606358b984f724e71112967c480dd22
SHA256 de28d22edcfbb1170bda74fb39489a5117bc9cf1d81504ef3a375d48f05ac794
SHA512 e7982d4ca4ddae9aca1a2a399f25a7e8f48057b36624e1e1d418ffe703778f2d3ed73dc37cfb65969d37fb2a5a79fff08c04f467a03aca69fbf747b6aa32f9f6

C:\Users\Admin\Desktop\GAC_MSIL\System.Management.Resources\2.0.0.0_ru_b03f5f7f11d50a3a\System.Management.resources.dll

MD5 8af733ca868a08629bccf0a1b5db3f3f
SHA1 08bce9a5c2c296c9b38f10a325072a387ee492ac
SHA256 4c2fb2b71e5e031d29055a4f513a30a73607d03870a8e1938a870da691069b13
SHA512 e6ff36c6b6d50f098764bcaa9365c733fecfb0d7bf3bf07543320bc902a486b7bd5d8440f93eb76ea07e8404939c1cd025b15df71d4fa042426bc0fbdb421cfe

C:\Users\Admin\Desktop\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll

MD5 5d48595669dc6ecf86525d47254e1a08
SHA1 06d32b3ccac9434e438a973ab133e1cf3b3afa9d
SHA256 d438d6ff99d0aec77adb718a84dc41f0b62add375730d2b4e97514aa0aa0b85a
SHA512 edd149be5fcbb19670eae940fada6588243ac8cdfcea56be3e193d02cf8a36f9364fde170043dc80d50e2aaa7b665f68519e1761281d561516965955fe619e20

C:\Users\Admin\Desktop\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_ru_31bf3856ad364e35\System.Management.Automation.Resources.dll

MD5 8d8ce21e443690b99c89588829d4504c
SHA1 8b8670ddf6a1c41632a2401896c6a8767fe6b986
SHA256 a23c69384f523300d8c2921a4e96a2373a6ca97af1a4afe53f10a37e58ccd766
SHA512 d276280608ea86d0e632cd86d72746b76f8f3c75346376ca42ec1516ab1d6319b9d1b58b437133f535741098fd3568f1578e499de3b36653007aafc3aaa6fcd5

C:\Users\Admin\Desktop\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

MD5 193acae3e5b7b28fa9ac53c7716be025
SHA1 b48c74d4d3395dfe0e1624f5cdf62af60cfd094f
SHA256 7791e51ea2c96c7ebd535c465dc0aae9e2de924fba5ab115c0fd39f51a3d8af1
SHA512 c2a04ab7576446c846b29e60bd7da8a0c21b35acf63dd2af62e2ad90e81dba6d146346defda73045910f26b84d66fef2b828b66e49aa28c67bd43876899395c1

C:\Users\Admin\Desktop\GAC_MSIL\System.Security.Resources\2.0.0.0_ru_b03f5f7f11d50a3a\System.Security.resources.dll

MD5 fd944e11fcb98f5d93c08e3eeb6962e3
SHA1 73d0f6c73402eb1aa292dc2e72e6850a0d8dd1c8
SHA256 f15c961c4c963dec71903e9a68ef7feb79dd65dff538e54f1f00b52aa8823750
SHA512 de3517f0bf1df7ebc58f00a437a46ce7abe570de4441c365508954294680770f8739af58e2f268e2730f36be9eb8272e9c43c18728fd4eb2c1253e19535fb72d

C:\Users\Admin\Desktop\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll

MD5 d326212b161c425f156f19bbbaedac71
SHA1 39b1a9ef15d01ae2b0ec206e00a1d373f91364b6
SHA256 239b4f9db0e2d01657f0356ad1edb124e2341b47a9326efbe34cc15f7a143bfa
SHA512 8e43bcdbc534a59d0585fa0578c5a086091f69bde2d147059612e1682a79d4cc9a40b6ff69190a244600d425d9e8c3bd1ec1ac0e88a565592be039ca871fbef2

C:\Users\Admin\Desktop\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll

MD5 945cfef1271ba2f8e7629a8d394a4aa6
SHA1 ee8b15a329be0f29e10b73e2aca5c53cf92ef386
SHA256 ad186bc9130c8501246e37724351f522e405584f5963343f076390953627f505
SHA512 9fbe7648a559b1949e4565267024cc75e4f1315c90ad03f67286e13cf34dac0b2d075741902819505d6844156d7dfbebb82975ccf810e3141d76973a22d5b86b

C:\Users\Admin\Desktop\GAC_MSIL\System.ServiceModel.Resources\3.0.0.0_ru_b77a5c561934e089\System.ServiceModel.Resources.dll

MD5 6386b2939a730eb9ceddc815d9c3e4d2
SHA1 5afa1948f63a05c7dd4c2c6c4fac657efd2df326
SHA256 bd33363dc8801155e1039bcc899bcee0478ea3c2af47ce10cb63fc3a5abf646e
SHA512 4b26c74d4dcc1fd2f960ff36c89bd213b71041a235c67f9879768a9aa989ef9c6d3f7a183fc28afb0622deae112dd6f35394882d8d72566e1328ecac77755eb0

C:\Users\Admin\Desktop\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll

MD5 867036f810d0ad098e13bb65a4c06844
SHA1 23ed2a2ed21743a9b0ec6333ae88247166fcf154
SHA256 c4f2d1de5746a2983f8b34c1822275856b51bac41b678e4b6fc43e409afa8150
SHA512 668e1c7c87f6e7308a9e7388fd3e3be18694e5351d3ce5e0cf1b2e5a23dc26b7ce7c6b5d1625ee051ebaf1085ec0b6e919a1b89334542d278b01c3b77d052e19

C:\Users\Admin\Desktop\GAC_MSIL\System.ServiceModel.Web.Resources\3.5.0.0_ru_31bf3856ad364e35\System.ServiceModel.Web.resources.dll

MD5 a7f1a814126521296d5d6686bfaea343
SHA1 ad6885d52fe2ff8ec813896a8cd57003f5c8db1b
SHA256 94e7f54a32216555335dede73a47d2705cfbe1f969cdae0d6d61bc4634509d73
SHA512 39327d3acba752526ae6dde2bc08073ae0f6925864d39f5b4761e2ebc8b705e90abd9cbee6eabe23af0b4a01d4b357eda05c88aed22173053eee39d9f1542c43

C:\Users\Admin\Desktop\GAC_MSIL\System.ServiceProcess.Resources\2.0.0.0_ru_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll

MD5 a5d628748698cc65de25293440d91dc7
SHA1 0bb60c4bcc4c0a58d5149bd1edf18c1c2cff647b
SHA256 ddcbb9eba192439e30b24a1cf681e79af6d52c6986aee960110c8b443eb2aa8c
SHA512 f6999c80e333bf1b351086aace28287f48fccc31aa9cbe9779311d536d15d5e338772a04ee586a522d14508f4c322ced664a077cfdffc6c214bd640d6213c347

C:\Users\Admin\Desktop\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll

MD5 6ca7d39d5e569cc91538dd29b88fdaea
SHA1 c669667bb4d7870bc8bb65365d30071eb7fb86fe
SHA256 1c6dd7935a15c026f69c6f687f21b83d06c69fa089ed26b10fe2a08e68fe1acb
SHA512 dc43da507c93a121235134b7acc4508bcd45bb9084852d4d39ab508c53fc41a44d386340c303865c1200d43b0f5c1a401d98958fea9fa6ddab10c3fbd0587610

C:\Users\Admin\Desktop\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll

MD5 2a0d351ecc21174da00b1c608a46641c
SHA1 3bde7727c39dd71663543dda492e50342e11d7a7
SHA256 fe6a541f847158411bf902366f59079e93872f9aee3edb121be6faf06760c48c
SHA512 cb8487a814e9d46449b74a8d0cfff4bf3ef9216642a3ab37b891a7b3b7958e291b4fcb42dc8d6a021de71dc2aa0c41fd382342a55a98e6c332665c33281852e9

C:\Users\Admin\Desktop\GAC_MSIL\System.IdentityModel.Resources\3.0.0.0_ru_b77a5c561934e089\System.IdentityModel.Resources.dll

MD5 ddcbbf5755259fcf2bb93e90beb6c0cc
SHA1 694f056fe2b4d2f79c788240aa96f16ecaedc588
SHA256 1c26f9d7aaf17049f50903ca8ff670d5a16acaaee7b2d689cd81b0b59bb164ea
SHA512 cb154500f6a97d4c7d4d80a94edf1cc389463241f002f4ce530f6b6d915d09bf3ca8ad1265f31d2b30e7c693d313bd4a97049e61a8cfde4a552103cbb9c6d567

C:\Users\Admin\Desktop\GAC_MSIL\System.Drawing.Resources\2.0.0.0_ru_b03f5f7f11d50a3a\System.Drawing.resources.dll

MD5 399b8bf04fb9f145c477cda7a2746221
SHA1 961e8e3e020da8375ab073b11fadf71133ebd7fc
SHA256 405ebf760d53a7c514f247d52011c622419238da04db71d283b1f650ad4c8897
SHA512 8ffa1bafa36f6d43ce5d1410b7b3901a43c8ec4beb5ffa49cead12d3d4c03fadebb0d3c20fd8166bec99bad5b9d0d01e839a46faa841058102494876a079ebb3

C:\Users\Admin\Desktop\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

MD5 ea89b7746d77d659fb4f400463d07905
SHA1 1270639075579857e7a9ad04557f807be7cfde65
SHA256 909db0321ca2b9c7ae84d9f0bd82e5510a637cc55750cd889abf6ac8cce065a1
SHA512 de9859a5632c8d5569b1b77d2a19f0a781c464bfa4bf48aa2a641934ac8ecbc79dec40e849ee67d2731feafbcad5bd0520299b16ed9af752c2fea7d8f8ec4555

C:\Users\Admin\Desktop\GAC_MSIL\System.DirectoryServices.Protocols.Resources\2.0.0.0_ru_b03f5f7f11d50a3a\System.DirectoryServices.Protocols.resources.dll

MD5 931f74ad8feb1b3e0e80061b1df6b722
SHA1 2fa7b71f2761d2e00c4982fc4735b9b247940e41
SHA256 07f72c84459fb944e94d238f10b497b998c75a2b3010e8013f0b63aaf6725f20
SHA512 af0eb7b33df00d635fc0754ae8e300638a591f91b9f86811406e6a75054a138c67a06f2a8a3ed595de671ec93c0d23a7dd98226649479724ffac1934b59fd63d

C:\Users\Admin\Desktop\GAC_MSIL\System.DirectoryServices.AccountManagement.Resources\3.5.0.0_ru_b77a5c561934e089\System.DirectoryServices.AccountManagement.resources.dll

MD5 1ead48fb86b90262bbdd4a45332a4c28
SHA1 563cb961c184192090f46c4bfb2135e36adb801b
SHA256 f3acb5dce03b0673f76e8caf4ff1d57f6c0e871e1b8675066775fc12baea1eab
SHA512 b950fe86710fe424b25e6e041d47478ca71183fb0f7d9fc24cd7b718a931f68154f2bbf4d70f2e3798f1bb52f4993bb2f045bdf9fabb0ca4e4e451d629ab7e9f

C:\Users\Admin\Desktop\GAC_MSIL\System.Design.Resources\2.0.0.0_ru_b03f5f7f11d50a3a\System.Design.resources.dll

MD5 a8bee07004d285f162bd5db0adcc9896
SHA1 598b78714323a20b61b6fd5f15c1596839246ac5
SHA256 0ff163651fab3939472bbf0eafcdb61fb5d0468eb11ba610a26a59a7f3ea047e
SHA512 7ebb72cc2cc7fa5c44d649e845b58f8b70759597ef105104ef67521fab8c9307705966012b210d0036da4a5b5f9c335d7d8668258cbc6493ec5214ad4bf5fddf

C:\Users\Admin\Desktop\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

MD5 ad60e55d8ceac84be42e8f8b0d035df6
SHA1 0e7addcafddb70a46af51e6fe782047125e93079
SHA256 7a201c6605c014215c259cc81941a4723ccddab3b690467979d4a73cd03b2525
SHA512 27a9d2b6f6f807c498519184b6700ebcd185ba6e4bd1bdbd2cab6ea46555fba144eba65f96c1226664dcfc4d5e662c3f946b4eeb51c478a7567b71dc9d15bf7b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e92b1f5613441557b2b2a187e0ab6375
SHA1 a4fb6400350c5930188794c692274fb98bb272ce
SHA256 f90be5efec0677b8f0b557509f3e904fc24ddcb5843a5b25b197dbee2c49a65f
SHA512 8c746e8189a9c7fcc10bfd034a8d962ac2d03d753a1af1919b05510fb978583c43108d2f63cf6f0c440c70f5b4aaef935f18075221d8dfa5fc1c30aa14ff643d

C:\Users\Admin\Desktop\GAC_MSIL\System.DirectoryServices.Resources\2.0.0.0_ru_b03f5f7f11d50a3a\System.DirectoryServices.resources.dll

MD5 4aa3ac206007f0f65c6fe69cd77af11c
SHA1 a6dc359b9e86915a020a3fdfba15b7999400b5aa
SHA256 da856d87b95cfed5953db6389234fd3989b408f0063050e05b3c4f978183af2e
SHA512 6e2fac07e0b5d2e05e2a87e06dfe7843c6108897be77cff94ea0f95a940ae16ddbdc2a5b68faf0eefbf6a4be81cd5c0d30876cfede544cd2dc2de19d5c702e42

C:\Users\Admin\Desktop\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

MD5 e61dffb78cbcfa0377fc3e4d5a48b81d
SHA1 381aaa136a2af243950c305aa0148c8544caea70
SHA256 5981b3206418ba7ae727abcaaaa2c893622ed02d917d99c73854fbc5c657257d
SHA512 19c9a405e4fcc9e0045745ed05987585a67ec76421d1a4d1c101d5bf602015178ff1cf718c474845d32220d6e865e85eeee2b9b98e7fdb1e03f96e38e273940e

C:\Users\Admin\Desktop\GAC_MSIL\System.Drawing.Design.Resources\2.0.0.0_ru_b03f5f7f11d50a3a\System.Drawing.Design.resources.dll

MD5 558e61a94a7b91fecd407a1836f99649
SHA1 6882932cf5fb21352e911f4dbcac080799e560b1
SHA256 4b171bd67a82cdda2eef512dfbb23d75af139d54320d5502d02a5e343cae4c72
SHA512 45e5a39fb66d9966ae4d2298010d6cbc02be27e41f5f22ce139fe23d84a9f489d6305625ca36a287889f58e82a6515fdb6451a8ae8d2cdf9d66072c2b749b816

C:\Users\Admin\Desktop\GAC_MSIL\System.EnterpriseServices.Resources\2.0.0.0_ru_b03f5f7f11d50a3a\System.EnterpriseServices.resources.dll

MD5 3c6406c3129d57ce43647c34ad0ace74
SHA1 4d9f1a8c5e9c60f4e7855e090589446ee68d1751
SHA256 fcef12dbc13bb56a51359b9a5c0701f2f00105f87e7d448d329ad64a3bcd8180
SHA512 ef5f62fb712c9d58592da9d8a54d33ac65acd4d2274860c56d1aa7cae2956b62d94147bcba56175fd9d7c41962003a9a9badf9d5252816aaa3c000305cf82849

C:\Users\Admin\Desktop\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll

MD5 59a779ae890f7896ea3661fe19898d07
SHA1 168c5a629ccfb3f7af5ddc380bd04570971914a0
SHA256 090151f16c740286303200a0ce9fc880499945ca6bcb2fb90434ebe12ca7eb11
SHA512 d4856740e0b7b19c5a5e3fdf63309e8d4f2cd3b9656db7f5335021f0e1534d0cea2cf965610b2e2a73e6e692cb73965d855d69bb62d5b988b4ba8e53943f9bdf

C:\Users\Admin\Desktop\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll

MD5 26b3b6d1152e20e7146f65ace0865932
SHA1 941c7b90459c473ea62bf63c04d0b7bb1a9a2ad3
SHA256 56b47593297837623c63a11997ffb3b9221208c47b6a6bb78a1b91a0b65d3b3d
SHA512 7955b454f329f82d5868bb2dca5cb6bc1bcbf817b3614b8991967b48c91367c28ed36436d3f60832ccdb872d00513de04ed399bb7e71ef9da5d959b0fb904fe6

C:\Users\Admin\Desktop\GAC_MSIL\System.IO.Log.Resources\3.0.0.0_ru_b03f5f7f11d50a3a\System.IO.Log.Resources.dll

MD5 07c7b8b40b96777eccb1997d46983f3e
SHA1 f9a8c7425a06b64fe26b4738e7a2aa3db1b85358
SHA256 24052402ae018c59c0a9b5b94a5442515739883fced70c63fd6535ea4711c1fd
SHA512 d11fd2b0cc770c8c74a7a7b4456db0708fe5a835426cdbf99fc5375f62522a01251c692666ff3a56184a1d83e6f0630452a572639b0f175ce6e9277fced702d9

C:\Users\Admin\Desktop\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

MD5 91d8ab2f4928e87c4c37f51d5fc35384
SHA1 3bfc5bda7fbcde568907449bb81bc94c4be7c886
SHA256 e7375167115bbb4ef56fd91c7b10e8e79f7ce11f40ced2f2d8d18c2a9823b2e2
SHA512 9539eeadb2816dbec8d828e5d090a9b35dd06145d0ebc7bc2ed4de1ddb8f9a86e882cfca98121254843d6deef66c2b101d12f2d8a725e85bcdd1664ed3436aec

C:\Users\Admin\Desktop\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_en_31bf3856ad364e35\System.Management.Automation.Resources.dll

MD5 1edd1805695d0359f26427ae951f8c49
SHA1 d4773123e9a60d514355faecbeafc6d9972237e0
SHA256 b2e9e74e216e6a52ab692204ef41c3009b1fc84e51735d9368622fe83a66922a
SHA512 289b36c93a5390701f07a15307835fb4fdf07e8dc505e4b73b4ae677a4822ca6b1edf80d07fbd97949ff82772223872bd0467050199726532755be8946c03342

C:\Users\Admin\Desktop\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

MD5 02847208f9283ba23677b106f6acfb7b
SHA1 222fb9bb202ae0f5c7481706639333827863f6be
SHA256 1bea286317b65bc733f99ad3dd952dcaa76e71e4b9c8f9724a5ca0b5e5158fdb
SHA512 d4a5126dcec23bffdc44b8d26d1a563ef2600115cd9377ff8fdfea818655cf374f61eb3c4eaba7f6507565e20240da3685a5f828e6ce5c8405abdd68b3cfb870

C:\Users\Admin\Desktop\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll

MD5 ac1c88a9b04bb838121c7c320053faeb
SHA1 f962209be4e81335e21ada6c60cccb9b995e2598
SHA256 45e27863e503bb76b473becf0958dadbbdbe34d521f75741488d8d4f8efe12d4
SHA512 4b1781f73e7774364c28bbac888631046bbe473253039b7fc0c93051ad951e4e6edd1b7165190ce1f18831b1c24c52e590596e4ce9baade34bb153df681a8988

C:\Users\Admin\Desktop\GAC_MSIL\System.ServiceModel.Install.Resources\3.0.0.0_ru_b77a5c561934e089\System.ServiceModel.Install.Resources.dll

MD5 90f4f8940d186a243efdf641b4e46e42
SHA1 f9ee5a670dc9975d333385b691bf8343e5d40e64
SHA256 c482ca56810bbb57751a62e8de47e1e1b6e2863eb2304fd8722acd9e40d7a684
SHA512 71515130d09a7bd74410a2123e9d642dfc0261aa66833accc1e984ea8fb7b20016920993ec3cb4c7817ef2a2dab76686d7b4e40a20b4a058b89d81e7e9b43def

C:\Users\Admin\Desktop\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

MD5 97c7fa2ba12b04bb5362fd36ddc020e8
SHA1 e2ee39b3c288bacc1e9d074541fd46177e9367dc
SHA256 a4ed7d2dd9cc2ef26ed4edd67009c66af4f84d5ececafa279d0fe13429e49eef
SHA512 f3b30db785323008ab73f9cfbf0ba4076a98ca8ac930cffb6e8f60e1211c4d496d204a3f543d59f676bc27c4918a21e7b40c00a380c8769fd45a897fd68021ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0cba16863506229014eef0da0e3ff525
SHA1 6cdd1b5048548e962c9e6cf9a692a8f1af9a4bad
SHA256 0c2e74df9a11757d0b42ef20dc99c54b66507692311c418da88db8279e521bda
SHA512 da2b565b143d1e755b03c1bfef304581623fc56125dcf2df6d7f2076e35682c503809358cca5d35d65912f220ebe420f78fb97eb41df70ae1ff0a0e00d5ff05a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 29d5546faeec6055f21fa9ba7122d81b
SHA1 608f74f34e15952d609f4671ce8805e83ae664a1
SHA256 630e4b09a82f757eb00991900520e18a2f401f3942b681eff287807d29fba52a
SHA512 507c02e7a32f85686d1b3d0142ab58f7aa48b0d2d990ea9775c8e9887ba48bc4c6587a08a7d996ccce9c6657970c48ae2e4a34a5f41675bc5cc907a4d0c3a8ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 115811fa3596ada7478618fc37ab936c
SHA1 651d538156389ae49746f28f9d900b28fbd31455
SHA256 9b572838c14077eafde81889e2ace5e13b4ea1bc31cc481affc2323de3565b33
SHA512 942dc712ca9bd988186423c275b842abbf2af77b4cdfc4b31699bc061abf936557bfe35a64732befbf27d6021807b9623f936304ae1deaa26d6d3f57c9d7d51d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 eed4a9416a05fc466a4c63df88eb5dee
SHA1 3b03986deada6e083a43890a6f23eadcbd23987e
SHA256 91d37be0bbe812ca3cbc9d41ad1256838afc176c261a3090f343e6d8ff481062
SHA512 8572665d4fae4fdd5d9739a81bb7e263925bda760fb9c778ec0a72b5b5e3955a017b14e95eca251ade461a2518c92788dbfc0a80598bebf18a55d48d64836fa0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9441bb93ec653ba3_0

MD5 21d45f24c235b3ded67fb885b9a72c13
SHA1 29d91122d1c4376adff9bc46a5849b17b57db365
SHA256 c5cdf4deb77d68a9c7e46b005ab7a09e0ada2a32fb8f6ed0f6512e2cd48efaf4
SHA512 4a0fd1ff4648a78d5ecb60d36b7843c0fd8ac62982d4a5992cfe39d3766dcecd56312489adf2c814634771f784d9be662a89e3a3b1a1ea811ded8bd4cc06b378

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\73728e289ccef197_0

MD5 ecacbf77d388507ac5bf52e700bf97ff
SHA1 d5fbd6c0a701541086449d0cb1319fc4644be149
SHA256 939fe832d4ca52e03a29a5f0b738607717d91a87ecfb9f6c67c42ccdecf71f9f
SHA512 58915e6eb1c823606823fedb2252faa9f6f6965767550566a6b17154d9797e15bab2bf7da3bf1d8d1e1d1ec94824e9de4e2a627065d0155cab282d74b46bfce1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\dac519eebb4a7a0f_0

MD5 0d8e387317203e81b358c9bbe79362cc
SHA1 f5971a671ea67779530403ed762e312b07ab89d8
SHA256 b4260049760dab929553e26eb2f7090f7fa747a8bb816b38a72e3efbf39fb3a9
SHA512 8a4757772b19e56c7bc9f71d24a121acef3fddc481a535ac33cea5431a00e5fd486c7da644b6a7a7ab9bcecfb12992c058803eb12797a076822f34e5f8c38f0d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f5ccb442c8b8f9e9_0

MD5 d43989ebaeb6695163a35f169603c504
SHA1 ad3d954c1917bbfae3fdfa14a6973f4c4e100f59
SHA256 778a689c24070b5ddbee593382d2d4213e14994d29118e389085cf2f0529e685
SHA512 e4a5596c829516b2de1f6219ca14865bb06f0ace276a389223edda1e1eb994c864154a48c3eb4d93f46d6d83fb8001c9e55076eb801e47479377fe02f584d5f9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\286a1787eb6b73cf_0

MD5 ea8a8e18de131acab89d8a1bd29a6112
SHA1 14ed7b27f070db322fdf868de0012110ad019396
SHA256 d1d02e78cc65dc8718bacfc1d0505ae75a01f2558a46382272dd3ab462eb0998
SHA512 a13b81fd813cc3cb474d35df68f306155e693410bcb437ebd1798916cf6d3db70076386a298cc904d3963fb71cf607aea43503ed4fe8eddee4240c906681a539

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8b09cd648ed7a0a9_0

MD5 09685c4517ef872ad6b0f32c94478c6f
SHA1 3d7bc287e321ba223c327592fa0580f55bc8a04b
SHA256 89fce37e725d65deaec05b9fcf6ff903c77fd057d9d0434ab645b862fc76c09f
SHA512 fd7df865b7db74f5119c137dff2248bcf8f58e98f6e7f4687c1ab37bdd6e549bb693ef15594933b45eb252b339aa2474753da648ffd2338adf17548505fe69ae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

MD5 79867b26676a270b5334239c88921181
SHA1 3eef0d38cf46cbcd1eddedfaabfab17fcdc979bb
SHA256 139c8c2143bf1ad507baa5ddea8813f1479a999aed16d814c8eccb7df43d92e6
SHA512 730a64a37d0a08a137e7731682977d7c4a4956c6a8f742a956d33cfdad636fb9a5c5e75ddafa726b4ed1f1e38fdbd361f27f64b1094504ce26b6c40f4b8bdfb8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

MD5 c0b1bd1e8ad97209d5fe83e0b13d2409
SHA1 44faa296e55a457262547c399bfab36c04e99cc2
SHA256 9b864d611eea81171dd0a090d4b450e35e5569223cb9fcf12035f9ba857548fc
SHA512 52e144be101bcf9f5c3adfcfebb098cdc978dd81973269aa7d7b9156364ccb337efb55df708679924703fe492e4c507796edd45dc526c562e7294c2bee710da3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

MD5 b06fa3dfc52a8b8307d2b0cbc039a5bb
SHA1 26588a72932890663c6316230f630e52f5038fc9
SHA256 2ceb1cfc5718d43f62baa9b802554f79e4029384a625c01eada3c508a3c518ec
SHA512 271e62ea541a0b17c1e52dd79bfdfc35641abe1750013daa237441e2751839edfccde0e42f6f67235989d608dc27094c86c442c7c584248d0b9ad251edf57837

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\34fe86bcf42f4dd8_0

MD5 0a28980539a4c340422027ffab960fd0
SHA1 5075e2968b283fa6f83be49e26e43376f2597afb
SHA256 ad1c878de7393d7a0bd1b0b9a86cf05f3557b906eb15f242d69d2f0a18add7dc
SHA512 67834a3a717f5d7aed437a4f3f09ebbc07deca3f7b3049d3c231fbf0dda92c667b6982e513150945856de7639dd2d3065ec7370e3ff187ea0131de387cf951ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fdae633638f9155f_0

MD5 a3b96ecf6f841b04bf263edca0755c6a
SHA1 779280ae782a78412df6448edb43136c1fb6eacb
SHA256 bba0f7629192d5e9e687897914b1378f48a60fe5f7ea22d4b68774c4858ddf64
SHA512 e949b23ce0adbd2e0560e0b186bc1cbb6525631dd37c4c9df44ad653d1f645ae23aee2ae5964c2c74c9bbbe7dc8b97e8ea40706dc45c65686fd079b2e0ed5c6b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0a76502c15b2cf7d_0

MD5 0c8a4dcf0ebb2b62f33321b6ad6cf28e
SHA1 db2f16c59ac314933a519bd07e915bdd8bbdfbab
SHA256 0e5681fdcb7740ff5461039d55d834f4c7587694731c1740da6ace75d11418df
SHA512 24843138372ca7aa159102abe723da50411aaa9b0e3240125881b90ced1117f900e82f03df4dc6e3b65971586b847cfce86398130371e57be0efe1dd30755c47

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1e1331237e75dbdd_0

MD5 ac992d2c76912a269807b233b9bcacbb
SHA1 a58c38e971970b7c366a680bc78b782979b3f93e
SHA256 c8436493f82174d4cd936d5ff373266c4dd0e5960e69eceee7f39f0c847f2166
SHA512 4ba8a3c9a21df38695021d6a85d6f6c0014ed9cf4b38c14e277d710870e5c8ef3a46020c54014710328d269daedff23003de84ff6a8a533509ca4edb2bef5c61

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\07753ce00fa3d8da_0

MD5 52236883995604067f6a844877426170
SHA1 178b3f8fb13b2b3e81e990a1b25e8f5e5c27cd57
SHA256 c535c9b46280827af0ab2ff0ca91d319073892f5fb0738d359d3f4acf4e30ff0
SHA512 30f58c85659d8b5b51a9e682e78fbc4e66d284bc2a44992dc43ac3b38bd2ed7ea06b02cf2cd304d297205b89f7839bf5904d0a116aa98dc9534a76c6a2d29ce7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\bd8f6d4dc79c48fd_0

MD5 e71b363c8f1cec7631f814fcbc46697f
SHA1 122592a60b5103e4b66022f7a4e20befab88b93d
SHA256 702125d21faec3c16ab1e49d9cce9e38f1cc35c501bb92930612a23ea3e8f3d2
SHA512 4c0e0220517e524d4b19d2977766698bb2f3d645016f6b11e81d9293681591e6d70d0aef035f2a9058bdaf9f609cfcb91440ed1e486f24103d1d3f5d86890bb2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\29ee49a9e002c15f_0

MD5 ee9534409c28f0fe8c82af8a42ccc57a
SHA1 97a16a947b45714586b602557aa421a2dde01e2b
SHA256 31005f29c60dd02146f1bec8ffd076e86ec45083a87fe60be794434a1d1c49f3
SHA512 0c98cbee3ccc67799256d81899db5bf8fb56e3607647d988d1f3e16ec7eff974f29f017463aaeeb1ffd67693412c8b28ce4fc23876138cf86a09f85a75fdf820

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6ea01d9ed7e88907_0

MD5 8460dbfa0937fc2f4a56763a462c7776
SHA1 b9f5c04f948623ac57689ec5cf27d5c87f3af3d1
SHA256 3e4cf7febf415f852f65f9b89992fbac922b18ce7d1c0ca13d7f6a666a281306
SHA512 f07d986922329e900a4bec6c5da48f8a5bfb36c2e922f5f4fc4616ed7795c47966041970047790ff41e980461721999d0a77d307bca4b123276c60c69e0a8355

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\bdab77cef9a22778_0

MD5 5faa344cd894d79b9a3bd2e03ebbff54
SHA1 8fb16c24f0f1aff1898ed68b8a6a6c87e6dc9fca
SHA256 e3e2fb87357c043ac1ee826e0fd51d906048dd10ac975f2a908af9019a0f8519
SHA512 15ef0a4a3856ea08994495337855e06f471c33d038707b952e53031ec353bda67575081c916f036b41751af6be9106ebf46e400e00ea233dfe94c7301d8d6c2d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f66233e72c393c10_0

MD5 64319fecc3fff33ca27d4e20440dc22a
SHA1 df02cf03823b4f342cce8cbb9d2c4ac4687598d5
SHA256 3e864e37c43c71e6ba16af0729d09c8555c7b954ca52d7e3c92cf9bb032bf6e0
SHA512 e5d46b70b23ca384caf847ce59726323c5acbd9adf23105e5f577a30139a56f7e9cbe633677cf62eb10728f2b6b9339aa63fbd9030b9a96240f00e1fccfaa27f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\851e7ef6acc6ac4a_0

MD5 5aac7964d2c1a911e594ace0a84f4ad9
SHA1 8978b68c19f6310959def0b63e1a5e1e9a8a1cc0
SHA256 c30837c68c4bdec9e42224fcffa45fdc0f1ebf42ad146915fbc0122aaa691360
SHA512 ec533e86e9bc99be3ffb4cc9b72eeb1369094439f26f955792f6d09137431418036a06187759a6059c9c83df48e35a43dd62b12b458c3c8fcd139e35bbbd0f5d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\84ef792e97c5476a_0

MD5 5ce798dfc6ee8fa0e4298a23e5a6e835
SHA1 b569d8043243ec9997befdb5a84bac3c5263ff82
SHA256 c8a33e7d5de7bbbf136edb8a485fcd25b79b68e3d4d867a8755b17e3ab0d8b51
SHA512 3b0fb482ee3344376feb07fa674d589db0cdc37aea2f67316418929d96f1af9db020e3e95ff30332c6321ab8f2581f227328db61ac6ea43236551482cc630ac5

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 c57dbe9a11537c4de6bf728a278ae5ff
SHA1 47c4587a52abfc96a6fe4830d0adaf9c690ba304
SHA256 5ffb10341a4efa3780fcdf73a2940fb4379123208351bba53301e6551dcadc2b
SHA512 70f4d0e28ff85bdf6f1b24529e80c6b4da9c46eb3f288be60ce49178d594a849b7b5fc61ba1280b40c9892f20d494264b0ca5d72b5a2ee1ac567615ddcd2132c

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 f278c339dd22c4c816b71e5c36864927
SHA1 ca39a24d3367b2d5800c0ba453952e28992ae760
SHA256 41634a74283c81dd80acc41f428a1ad3ef4fd9b6fd4e330fec534441b60a09d4
SHA512 ece45e4391f30383fa97419111be920a091a69ac74af65df0aedb12436934a4504e2e34dee272c8a6ee77cb38a6bde9b5c11adc899f4e193600ea06ceca5482a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 794aacf0ac3ccaef1469b7045d98140c
SHA1 1868fd04661cc84f0f410ffe2afc32aabe5aaaf5
SHA256 1ac0e42becdf7492c9864d9e32c9faa9a6dd3610845ca06043c330bd24609b07
SHA512 4395b53ae17aa1e7c5d9b65a0da93d4a4baead7a6d06f7061e9cf43d9e164b09db4f085a0670af0c91ce2002216651eef529376a76524a8f54f90df8fa06f7a9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 00d29f379386e0871b6b38c704b70b16
SHA1 c9e8546c1ecf57193a7f6423c5528c907e8e994d
SHA256 8b4a76a13f9499d523f245978021d917a0d05683ee5abc11f738ee9ffa94d5e4
SHA512 fa8a4f05f00cee2c152f3321d00e6ae771ac4b9880e745bbeea2643c9a383bc92ef3647b1efa72b63a4054d43c1acf6672d459d1abea35a8e9e6dd823b26d69d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 fd18d2f2b1cdea2b4b8691c9f97bf517
SHA1 c51f07cb0766403042d77d09259662be0ef7d09e
SHA256 c0e7ce5556d5225105c4d5ba29ef976495bceead50a61281c462cc4580aeed48
SHA512 45c595daf74592f9f3ea827f113d4e437a067deadf50ba2fbb7323cffd962074c09600f8b75872814d2df4ae04bacb9f6fcb14c21f9957f7baffef985b642481

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f4b2ac642e67d2440da3e34da7c59e21
SHA1 2662539ddac7bc9b260e3559bee2a2892001cf97
SHA256 d2c2ff4f972aaeaa704552600c88a9aef490893d5548e5326c72a7c6b993a26f
SHA512 9a0232716c74d078cb2e2a23c91423770c6e70faf5c72b2467f1727617a7ea4f6b619843489648227d24eeac8d59950c71afbf7a2276e66964d35a27685eb16c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0e035c8109ae997524a14f2c886a82e6
SHA1 fa3b7b388aa412917fafa370718986b4f94c9d82
SHA256 eb3bd1cb57ec53b22c0cdc4e8d673948ab331162af436f09a72482ceb28a93e9
SHA512 c3a7473b8f1f7238042fd1f67345cc24358847d1e445594537401dd2c42a84cc2feaa819d4ccc71292ba7168abac4365144740a8c50154263bbda6d4aba50bc2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 fb01d2b271cb39433ed6f98ab3a16d8d
SHA1 d41e83b69d301d63f5711db91c31be6da797448a
SHA256 19b109e00396c2c70dd3666d9fec623fc5bdae62a68490f11e4ef2743ccad5b9
SHA512 369f50eb5dd08f643ee38102a22c4663e43d3ebeecf394f4a4a88e5ba3d781997796f293f933a7b40850b223921fe7a6e5cdf8aaf4819937ee610cb090941af2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 944dd405b9f55a5dab481dc2529080c2
SHA1 7cb3f28afd30dceb04b98a37f336fec6167cc2b6
SHA256 a8ff7c28ce4ab8ed007b4388e1d697e511fd35c1f77f3adf73203606432beb9d
SHA512 7d39763e9cabef70d14a58615513d63163ad9b24d71c7ab9d3978489b7b25380785ab1660bf4f1e42a8827b892272147942e9206e4087bc380c07403e4999e36

memory/920-2600-0x0000000000400000-0x0000000000452000-memory.dmp

memory/920-2601-0x00000000053B0000-0x0000000005956000-memory.dmp

memory/920-2602-0x0000000004EA0000-0x0000000004F32000-memory.dmp

memory/920-2603-0x0000000004E50000-0x0000000004E5A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Tmp15B7.tmp

MD5 1420d30f964eac2c85b2ccfe968eebce
SHA1 bdf9a6876578a3e38079c4f8cf5d6c79687ad750
SHA256 f3327793e3fd1f3f9a93f58d033ed89ce832443e2695beca9f2b04adba049ed9
SHA512 6fcb6ce148e1e246d6805502d4914595957061946751656567a5013d96033dd1769a22a87c45821e7542cde533450e41182cee898cd2ccf911c91bc4822371a8

memory/920-2618-0x0000000005A60000-0x0000000005AD6000-memory.dmp

memory/920-2619-0x0000000006260000-0x000000000627E000-memory.dmp

memory/920-2622-0x00000000068A0000-0x0000000006EB8000-memory.dmp

memory/920-2624-0x0000000006330000-0x0000000006342000-memory.dmp

memory/920-2623-0x00000000063F0000-0x00000000064FA000-memory.dmp

memory/920-2626-0x0000000006500000-0x000000000654C000-memory.dmp

memory/920-2625-0x0000000006390000-0x00000000063CC000-memory.dmp

memory/920-2644-0x0000000006640000-0x00000000066A6000-memory.dmp

memory/920-2647-0x0000000007220000-0x0000000007270000-memory.dmp

memory/920-2665-0x0000000007690000-0x0000000007852000-memory.dmp

memory/920-2666-0x0000000007D90000-0x00000000082BC000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 70d71a8e6de346273f661713fef08260
SHA1 77e16840ad31f349b12bd2ac26dab516df0d214e
SHA256 4ea985719d0c20e08ad74f0c00cbda357ee9809f332c3ffe6094829c698104ed
SHA512 e57c5c4697079476cbc0bbd7384cd778c9861917da2eaaee20f48355ff9b0568b949dcfb82948aca619867e3cc23cc40156f897a7bc539c7b6382a5e4419ebe3