Malware Analysis Report

2024-09-22 16:38

Sample ID 230307-fe484sgc5t
Target 108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe
SHA256 108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61
Tags
babadeda crypter evasion loader trojan phobos ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61

Threat Level: Known bad

The file 108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe was found to be: Known bad.

Malicious Activity Summary

babadeda crypter evasion loader trojan phobos ransomware

Phobos

Babadeda Crypter

Babadeda

Executes dropped EXE

Loads dropped DLL

Checks whether UAC is enabled

Maps connected drives based on registry

Enumerates physical storage devices

Program crash

Checks processor information in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK Matrix V6

Analysis: static1

Detonation Overview

Reported

2023-03-07 04:48

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-03-07 04:48

Reported

2023-03-07 04:50

Platform

win7-20230220-en

Max time kernel

151s

Max time network

33s

Command Line

"C:\Users\Admin\AppData\Local\Temp\108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe"

Signatures

Babadeda

loader crypter babadeda

Babadeda Crypter

Description Indicator Process Target
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Temp\108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier C:\Users\Admin\AppData\Local\Temp\108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe

"C:\Users\Admin\AppData\Local\Temp\108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe"

C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe

"C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 764

Network

N/A

Files

\Users\Admin\AppData\Local\Temp\BRL000007f0\BRC80.tmp

MD5 c5dc46c377c927c8e91b18cde57cf0fc
SHA1 22ce8600d4dbaf9af6eded556d390212274911d1
SHA256 a53f9dbbe62911ddc088a10bc8d10b5d8b30ed999438e788b6bfe24f0ba6e2b8
SHA512 f208b88f84b9fea0fc184926551eb60f843e997390ceed7cfde5ff7bb7c6b6bcd47a0d5021a92064e57e6b400bbbe21cec93fa2358728a29c35d2bc147cc1432

\Users\Admin\AppData\Local\Temp\BRL000007f0\BRD2C.tmp

MD5 122a3741699fb5c0950273245c9dea15
SHA1 811f9149e3310a8e6521da156f92f3aaab012145
SHA256 f675eba3b22e0a2238ec4961d99de3bacca0ab553ab26eecb49800a12a9371ab
SHA512 567c480f70fdc78769ae45bf83b6632f7ab380ebeb00689028d39ff03840c8b778149a3fafe1dab2ac77a1fd17a23b09f58774b1c5e791bfd33b99528225eccc

\Users\Admin\AppData\Local\Temp\BRL000007f0\BRE56.tmp

MD5 08ad4cd2a940379f1dcdbdb9884a1375
SHA1 c302b7589ba4f05c6429e7f89ad0cb84dd9dfbac
SHA256 78827e2b1ef0aad4f8b1b42d0964064819aa22bfcd537ebaacb30d817edc06d8
SHA512 f37bd071994c31b361090a149999e8b2d4a7839f19ea63e1d4563aada1371be37f2bfcc474e24de95ff77ca4124a39580c9f711e2fbe54265713ab76f631835a

\Users\Admin\AppData\Local\Temp\BRL000007f0\BREB4.tmp

MD5 f5cec0e851d679bc6cfe5923c8cdd5c8
SHA1 5eee0f3192e2656d0891e363a5d69f61f457b186
SHA256 ac0976f2a6f221045d0fd22bb32bab0c8439d186acd118ad0faa2d69cbd2840e
SHA512 226f47164392ee339412f8ee5dad3faf40e26c52e2ae039826323ea0ef66d23776b1e972cd6f817e7dea1da0f87f20d3b6c7380fd8e891ec21a2f13dfc4915f8

\Users\Admin\AppData\Local\Temp\BRL000007f0\BREE4.tmp

MD5 a6f7a08b0676f0564a51b5c47973e635
SHA1 d56f5f9e2580b81717317da6582da9d379426d5b
SHA256 5dd27e845af9333ad7b907a37ab3d239b75be6ccc1f51ef4b21e59b037ce778c
SHA512 1101813034db327af1c16d069a4dfa91ab97ee8188f9ed1a6da9d25558866e7e9af59102e58127e64441d3e4a768b2ad788fd0e5a16db994a14637bfbade2954

\Users\Admin\AppData\Local\Temp\BRL000007f0\BRF81.tmp

MD5 c04970b55bcf614f24ca75b1de641ae2
SHA1 52b182caef513ed1c36f28eb45cedb257fa8ce40
SHA256 5ddee4aab3cf33e505f52199d64809125b26de04fb9970ca589cd8619c859d80
SHA512 a5f2660e336bf74a1936fb2e1c724220d862632907f5fd690b365009ac3e1bf35fa6689071f3da4049e495f340ff83f8438b79079ef1f248b9dcaedbdd5d3e40

\Users\Admin\AppData\Local\Temp\BRL000007f0\BRFC0.tmp

MD5 77fe66d74901495f4b41a5918acd02ff
SHA1 ce5bbd53152cd5b03df8bcc232a1aea36a012764
SHA256 b017168c69ef40115141813e47122391602e1af28af342c56495b09f1c3c7522
SHA512 cc6e323d0076577a0a04dbe2c33d90dc616cb5ec3637d3df67cbf169766ca2e6de567fcff4f32938fd6118d98e4796642a3010b7264f0ae247fa8f0fe079bd70

\Users\Admin\AppData\Local\Temp\BRL000007f0\BR108C.tmp

MD5 d74aadd701bfacc474c431acab7b9265
SHA1 8a2b424d1f949430ddc1faddee3e9ccb79c95de2
SHA256 f1029f5cca3dabfeffe2c9db6ad84a9ff0f64f5b2fb85cb6ab348740f756e07d
SHA512 0ef85e311fb4843997fd5f87f0a2eec9715e26eae76bfb7bb701d8c043720aeaf7f4825d25187bf35e0a9f00def15ed071120128805445f1330c07c3e0ea5ced

\Users\Admin\AppData\Local\Temp\BRL000007f0\BR11D5.tmp

MD5 0700f3dbe367287ce10472cffbd3d7d1
SHA1 079790389532599ce04fd82c2b89db5e4dedf26c
SHA256 77e46a6a8fbc079cdb1d3ee299af36c3d1881d38d93c4e0551f114965cdaf10f
SHA512 28eb67d348c8e9e36032d041315b6ee790d2e9021a3a657a7fe33c66ad1f8daa5b3e0833a2a432cb4a4c5795fea5a80a1810440fb441b6f0d56cf0d00d3e0a17

\Users\Admin\AppData\Local\Temp\BRL000007f0\BR1233.tmp

MD5 924b90c3d9e645dfad53f61ea4e91942
SHA1 65d397199ff191e5078095036e49f08376f9ae4e
SHA256 41788435f245133ec5511111e2c5d52f7515e359876180067e0b5ba85c729322
SHA512 76833708828c8f3fad941abeea158317aff98cf0691b5d5dfa4bca15279cdad1cc23a771258e4de41cf12a58f7033a3ee08b0b5eb834d22be568ea98b183ccd9

\Users\Admin\AppData\Local\Temp\BRL000007f0\BR1254.tmp

MD5 77c853090012e97f6ce9212e66ef8a5e
SHA1 69425ae525ceff28c14e4855c002db432421ca92
SHA256 122debc552cb9a54704c3bb4a363b2494df16f0797642e0dee84712282d4df21
SHA512 17b62a1defc291a8af7b7e701ca7ab1a0d72605c6595a52c89b8e94c4a49e2d037931371e9966ac66dc764e968dca3728633e81545d8ba6aba09d8f39a6f914c

C:\Users\Admin\AppData\Local\Temp\Tech tool store\msvcp140_atomic_wait.dll

MD5 bfa69730b83fe5abc5c1a44ad71b2112
SHA1 2917d847156758420c9782ab8e376ded3d6e9b09
SHA256 05ec94cb5bc764418374882d1fff9050685fca86ec71101ff27f2422a2d39213
SHA512 c419255af407b4180d405823f3a3c2a5ac4cc4e8ab686ba83c0c1efad6eacb23024215918a686756a6cf96d1f170db54462cbe6a434d847204c665da8138aa9f

C:\Users\Admin\AppData\Local\Temp\Tech tool store\msvcp140_codecvt_ids.dll

MD5 2407353dfd054b3ad48cc4c3befdc361
SHA1 45a96fe92ed3d1b55a96bc536067a0931e2f0aeb
SHA256 e723a4a146e95fcaf68b8d0d425f5641e9ebeb70afa4cc8eb658d0f27ab97327
SHA512 352301249309919a0edd7fddde5c663dd2893a92277dc26f71d344b33f217a4182d841179035345399dd1f1356a5bb5326092db6a91cd24cc5a4468cd97c1544

C:\Users\Admin\AppData\Local\Temp\Tech tool store\NlogExt.dll

MD5 1a75878dea8f5580c25e0b9f1c734949
SHA1 20d4c35f95b4d608aa73897680b3f0ceb219d37f
SHA256 1b393ad82fbe93add01c73613156cecd98f9668f5ed8a0faa04704a510b7bf2e
SHA512 6e65f45ef099d21beaf429e0e0c6c6122e64d27f6932afd2a2459fc6cafb5af58efb45440cc1e3f51ac7678748af85cb9e878e68efa3505980f115dc6a272ac2

C:\Users\Admin\AppData\Local\Temp\Tech tool store\Rate.info

MD5 b1eec5c6b26ecfc6a974757087e3d2af
SHA1 b61648dfdb68b40d1b6f491bb96f494f5e34f5c1
SHA256 c6d14ae1d22ead7db02768a974d8f9380f88beaedc5b0becbcd361ae805a2e00
SHA512 8f2edf6a5b649df864873323e7fae1a475050d6d603165c8322061805f7b4a7b42b349b3800d59cb6fdaa6561a5e6afee18b42b77eff41bb93aa0f503dea5219

C:\Users\Admin\AppData\Local\Temp\Tech tool store\settings.dat

MD5 02aa61f22deb85d2bb9215a936dea9b3
SHA1 3cf45cb7646600bff9380ceb037e5f48b0a31146
SHA256 5954e948dca63d51b08cea89a33e595c14333728a206a4ae78e4651893f7e6f7
SHA512 fbc80a77912b437a0e3d5d43b01def9a7d646eac944e7866a7df7701a1d18de31ee9ab4c1feac0d9ae0dc5b20f4099dfbe4373673cb50545503d53cda50ffbc4

C:\Users\Admin\AppData\Local\Temp\Tech tool store\skin.ico

MD5 bd185b875af6e53f699096e2fe95cbbb
SHA1 7b59c7707159fc489bcc477acd61248e1c4a155d
SHA256 0a326b06aab1fa6ba3939db15e82cb5f4387ce9c163c6a8458acc8c79abd5490
SHA512 e9c7d2ff9a691b8981e95a9279209afc7652c4daa99e346437419b13266cc97f44e1af554b4dd2a5c2608da44ee18b6ca329a7d1e3a9fd8df58c84d08ee07090

C:\Users\Admin\AppData\Local\Temp\Tech tool store\sqlite3.dll

MD5 c86d13c52aa1c7d0e39cc9f6d20ccd22
SHA1 8622a443874feebb2e5cdb9792a447acb97f78af
SHA256 7fdc0ad5ee9678eb66448b121beba9597ca6742d4474ff75d080a5c5014ec9c9
SHA512 ea629707a590a3494f63d17e6d4b74f9fc3341216f3fada2f1a1e5c318f83149130ea87afb8eb87168428ed21dc0c4cd4612bf66517ec67874e9a75c694e6af6

C:\Users\Admin\AppData\Local\Temp\Tech tool store\ssleay32.dll

MD5 cb3150e7da1cd829ddc3ca863c7f5360
SHA1 21cb84c6c40577103eab9bfe47936b80195410d5
SHA256 7780130478823cd2cd22a104968c66065397e86335f29a96b1e67de2f32a6036
SHA512 2fb546fbaf9cee534b648a48ee5c135b6911d1f14a0dc450f61975bc7a6f57ff685b7ee9d37d06a5137d87d55d7a9dd76b4141e5ecc93edd1a3efd50881b6cd7

C:\Users\Admin\AppData\Local\Temp\Tech tool store\StormLib.dll

MD5 09c4266b11233aedaff9bbb97ff7dc50
SHA1 212f6f2df299f8f1c4c481bb92e9e958d48421e3
SHA256 f52d1ed4c1350bf7726ad3ef926329267e35bf67bd938e5e1aae324dcef31469
SHA512 b17e865ec5a8caf5bca88857ea3bad0dfc5d9fd0448ee52671876202b1870783a5de8f2d76b9d5363aeeb89b383314c8d65769674bd9b911551cdaa5c8654dcb

C:\Users\Admin\AppData\Local\Temp\Tech tool store\Themes_v6.txt

MD5 95d94ab71ff2d1d22401ad824ff67b0c
SHA1 c26c2061c256e9ffbe413cea4f41153422dc9deb
SHA256 42f9de7641098ff03b904d2981209bc085064560efd03be68a08f3d552ea2b63
SHA512 d8dc7cf66183c84482116c0df60c330c0bf6090c1c4d45a7ad1e77d1fd7cbdcde803e5b3186d916f06d6a1f032878d811f2e54547bf4327b79d52ae526ab9d13

C:\Users\Admin\AppData\Local\Temp\Tech tool store\ucrtbase.dll

MD5 5dafe0bfb955e780b3d50da4524b752f
SHA1 91c0d9fabe748d373215ba21b90278671b5f8957
SHA256 6255112c9978c07a05c6feaee01cf4be74b2920dc7017fbc1a42f8f5d23c20f9
SHA512 37fd37f3ad87838f596d1e8e497fe66d1a1c4128625ab456ec850179dd1e1f33cf4945d0faaf6cdbd1ed586ecfb7ff3e7cf10a88a823cc5eb06c2fc4fa16bff3

C:\Users\Admin\AppData\Local\Temp\Tech tool store\unins000.msg

MD5 a5e1c77434480346133faf90a3ff8bf2
SHA1 f7771ebc1d19475f1a83d769f276557b676f03c0
SHA256 b1718d2001564b8be91d99edde12899305de4286455b2507017b64af3441c22e
SHA512 d4b60886b35f1c7be0b14f6be044829a55b78921b6c0542ee5d2deb2252dbc7fbb3f99c28d2930f1c655a7b4cc49571feb51dac53d1698cff8d17598eedc2f42

C:\Users\Admin\AppData\Local\Temp\Tech tool store\vccorlib140.dll

MD5 ae13e4f8338173a979135141e0dfb02f
SHA1 6fc365c1b18d34f6c1c0a691a4e527f2748f7efd
SHA256 7e3211bfcd4698140ce90e6664e044f7c7c8100c5b7bf1cec161df32fc412056
SHA512 22051878786454be0f8732aeab51a89651db255339ce95a358cc8f8a2072e5ef661606b58d54581186b422cbc9af7a5c4d3c45e0b9fd76efa7287f8f306fb98e

C:\Users\Admin\AppData\Local\Temp\Tech tool store\vcruntime140.dll

MD5 ba65db6bfef78a96aee7e29f1449bf8a
SHA1 06c7beb9fd1f33051b0e77087350903c652f4b77
SHA256 141690572594dbd3618a4984712e9e36fc09c9906bb845ce1a9531ac8f7ad493
SHA512 ca63eeac10ef55d7e2e55479b25cf394e58aef1422951f361f762ab667f72a3454f55afc04e967e8cdd20cf3eebe97083e0438ea941916a09e7d091818ea830e

C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseEraser.dll

MD5 a24e87f34a9a5160738b7f94094f67bb
SHA1 983e421b7a2d13e3b9ccf22ff4aa28f1a18f192c
SHA256 7545370cc82a2e70a147ee5cdb50b2c994a46f6e7708db9500a2a0c66ee63ba0
SHA512 eff167149195fe45cb5ca8964854c338a1a3ce85de339f9c14148e9bb806b29d3d882aa2c843423a772a69138ce3b8990780db21b9c001af23c0ec77fa327900

C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseDefrag.dll

MD5 2213b5d523f45f4d51bee0b36e8865b1
SHA1 033efeba679c27f4053c01d346573b4d79706b79
SHA256 fc5588ec517efbd7b4f95ceffab07160eba47dcd97f72f6327c3a004c61af7c9
SHA512 61d3b833c53a5d371cab281a5884e5fa85c8c2e7abeb0e36ed88dc1835ae00a8cc8db6f6f77cf4a6acdf795dc42595bf7d52bbed4f96bf658f9d25b63c1273fd

C:\Users\Admin\AppData\Local\Temp\Tech tool store\unins000.dat

MD5 6766f5a4458049bd1d4e2c910cec0c37
SHA1 f14bb0b2c5d7d28417944f0b3cade69feffdfffa
SHA256 1c81ca1be6edc12dfa8a2189d846a207a0adcd53a1a3cb462a466bf28a531b13
SHA512 1a813025cbe7c3e86ce0f196e57be11f4701fdd1869863be878eab62f6532c91d4f5744f9e13e1f93a25169518c0f6e33abceeffcff3fa045b830c0a7fcfc78f

C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe

MD5 1459f9d0c62412b9df206c7e819fbf62
SHA1 daddb63d6b1a191e896a01ada7ea79dabf686655
SHA256 75569178b9ff9f2719e17d2d270322151ffc63f8eaac774a64f6c627014451d8
SHA512 924d14ba741b64a813e566864b098e0a426e48412942945d2034ab685548794ca93a4d759fc098f5e8e4df80146a82572bbfe09c7599a109a1dc4837259da5c2

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-console-l1-1-0.dll

MD5 22df48515382f53b828728892c65e62d
SHA1 f834220481f9acab2fce917bd6271705c3300872
SHA256 97955d1f5134350fbe6c829061e01106304978651979f4ecd5ec146bfc70d36b
SHA512 97507029a6d0057812da1a917b14e021747a1e13e4a1406e73d4f330f0fd1b9822f6300a5030d2aca8063da6da2a5a1e6e9a5a2c8ca612401188713e779fa608

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-console-l1-2-0.dll

MD5 f7af7ee5d48b5540f0e67f12529def2e
SHA1 1d0a54735213f2002918784dc5fc75ee6e7c3578
SHA256 78ff02af7995e0535ee34ddc0d28e8a2fe01404c186530cb3f2d57d683365a80
SHA512 189d60feee6dded1d369585a4fd0305729dfc352697501e7355fba80d279d151cc0f3a3358928b05a91964d14e59eeccfbdda415cf289281c0cb2c246a7d09b2

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-debug-l1-1-0.dll

MD5 bf8a71efcaa8260de58ab657dbf624c6
SHA1 48a1e8fd73c0b16304f0fafd6e7f6b5efb476314
SHA256 c3003ff52917dbac5d3feec1bdea8ad4163893ec2d320f904b6d3698a6dbc7bc
SHA512 e1284fe0c7f42204043320322dbbaadfe194aae4eef0aa863b25176107ec9900a2a0dfe4778b7ca5960d6b187e7cc61e028bd02ae0dae20a90591e33165dbc0f

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-datetime-l1-1-0.dll

MD5 b669e6de4647cd31009b15d5edd7c999
SHA1 16f05edfa04378e99d906e9162b502c99d8ddb61
SHA256 4e560ebdfe0bc1193a0f3feaac35634b0655829d5cc7e79d113f3a994f16d3ed
SHA512 afc8ac85c8fa15fbb3e72b8192314b8ca7eaa0a686ef77747adadd0b902260f2cb0482f76012cfd5023a12a7c0d89b973af97bd4f208389d8ca26005fe4e16dd

C:\Users\Admin\AppData\Local\Temp\Tech tool store\zlib1.dll

MD5 7cfdbfec8b16876767f5895fae94f6cd
SHA1 49644b75dc5ef3e1f6e122f8b6e5569b74b1e2a5
SHA256 322062f0287317d3f41180bf79e54c4ddf4646a08fcd55263fd05ad56b8e1cba
SHA512 02a10c91098b79cf4b53dfeb595283cd0bcd5b70ddc803f401600d321a54d3ce51ec24962473a47b9679b573a2223ff7f02be57866bfd961cea3f1a81bcea683

C:\Users\Admin\AppData\Local\Temp\Tech tool store\WJSLib.dll

MD5 76a9b2927a16463c71d88790ba1be60e
SHA1 4494e7416d86bdeb11bf5142267142013439a46b
SHA256 056f9e8ba070febe644dd042fbeac034362a8071e327e6aaa972129be60dec76
SHA512 6881b7090dac0932d4c81ca59d04aa6e8e56e45ec16dea3699c11c36f85955024144b16bf47c30b4a6251882a79b63685221037b9921773586e5ee31a37c9d67

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-errorhandling-l1-1-0.dll

MD5 1a456489a0e26cf602d4af97fd537b0c
SHA1 fa62a55a403ee92b1d5f31ce2c5cc65e2de03247
SHA256 3e8d67f3978e40a636c5fa86c310801d6d6b74127e556c57ff6fde8e1d7b706d
SHA512 04a61c6d79c72d729d602c4a5d069c73cd92b0586d988056b2f2cebf88bac5723c1928d4a1a08fe13151ba9905cc28aeafbe344c829fadc66f138aac43e8c147

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-file-l1-1-0.dll

MD5 977831a443ea30ac8cb70f4a069a2795
SHA1 b07313dc2760c524d1bae783e81a7f18743bff87
SHA256 f6eb872448b5147e59f373eee8a9852d1afc5eecb967f713a7f7acb4939e9a63
SHA512 0c17bb97188b6b2aaa49fb3cef94053bf20e7b587cca9307ec4a4e166f4703d17a50c12148b3112cb5d98088bfd186adacb8c55c3d8a634ead2dad93b70b5f18

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-file-l1-2-0.dll

MD5 86279521328398e87699d248628eb13a
SHA1 e4d4c39bda90635f1f5c2fc58b1304e2daac9caf
SHA256 3c9b67616fd0ceb3dd92e605918b08556683ebab5537aa76dff300fbd54b0337
SHA512 2cc328955611ad8369ff9facf9c1aabe99a20c3ded2977ad86c69e0f54acd78fa6f572ed688625c8c63016826a10b3578e3c186ef2b39c4bf393ab5e399913a6

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-file-l2-1-0.dll

MD5 422adad24e8da100f85bf3de86b5f302
SHA1 7004b3ed8663b5890cd25e1a7899a766be912728
SHA256 e04642684dc7376839c570bc11e9b46cae14420f1a85f7562fd2c4d656a22956
SHA512 e689ecb1a1cb1e7735cb6a961fd054d87bcad01acf76950b14a3bf4e08ddb7a8d31805c203374ee081a4ec13c40b25b3dc83b3895b9bfbd9c135673e98e6ee63

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-handle-l1-1-0.dll

MD5 c8d52cde743f4559e6eda1472ad44277
SHA1 09a19c5c5bc45dbf5391d882015b47cdad4b5631
SHA256 d2926dcb85ab577be75ecab1fc8dcd062318f147e0a9262a3b807bb5acb62beb
SHA512 3a031f282303cf664c6ab04c1561598595ef776799005d8ac7ae091ffd140e4d1d1e23b9f6783618c2bae4dc4d1cf741fdb3f83390d6854de97d85af4c940b23

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-heap-l1-1-0.dll

MD5 6e306654a55454e40889407e9334da0c
SHA1 0612894d9fbd8f92299541535f78db05fba3a78e
SHA256 eb02fc995bb92b214dd684e24c1060735f61ad4884ccb4aafa86c7c1de66d621
SHA512 f5a6980824cbfa82c47b20581658eb9fa8eeb2dbcf6bf9b148fe09099a3b131c2a4cc2a129135e708fb72f1cc43f083f93fc85a0e03209b75dfcc09106b977ac

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-interlocked-l1-1-0.dll

MD5 8dcf3111501ed0a01855ebb328537bf7
SHA1 2134bca1fa16133632a1b3f28fc38edc15e933ac
SHA256 76f092341fbef40d5f35f70bab55f2eeb3e70a9b60f46043b342ceab7f79cef1
SHA512 4cb596ca11b4941571f3b998c98707bdf45ad608c9f661e0f0ae528fdb797190c9bb22e58ff65a98e52e3e51396f4c8b22229eefe54f0a73eb49c79d07ce1604

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-libraryloader-l1-1-0.dll

MD5 b0537a9eccc0f909c0715fc93b473d8d
SHA1 79e9929c83f5f73314c52f26be4147a74aa80e23
SHA256 8784c4912a2f391d5f0c79b38f48baf88e98bf4fa61614ccb9232d9bd1e4ad54
SHA512 d68e50361566e8800afb5fae32c65c90d2ac7877f9a02f3e2e6af61ccd8f99b484c808a9ba62ec9e4727481798b3d3f4f74d19b16c6ed80536cf89351071bab6

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-localization-l1-2-0.dll

MD5 602a35b140d9d68d7b3e488896158365
SHA1 f1ba615abb54ff786ddbc74dffffd56394bfc892
SHA256 43b98f74476c86107c8317749f54a107e2955696e4f79d3d02683dd7034d1d52
SHA512 4388947f90838cae8b5f8137c9ed2a099028b4341da8c574d536c6ad096bad0e217e105f0367750c70e3d3ca4857255b674955c71ecff0fda9c47a4b1951b8b6

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-memory-l1-1-0.dll

MD5 98b1e6d052cee5ccbb7e5af795b9f48c
SHA1 357ef3f8011d7e7f1d4cb30beae58d24d6b05085
SHA256 5c950723ff3118801884df67b6a14543978263a2d2a0437d8c8b2fe8ef3925d4
SHA512 31d961ada87eedfc4c1bb8938b0c4b44842153f4450f48a0c1dc12208f5c1ba62b076ef91a0dbd1c3f98d1e96517904b95e072002c50d2873c8638ddb25417d7

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-namedpipe-l1-1-0.dll

MD5 a8f889870885c5784afd47f5e3d33eed
SHA1 494b86c51c8908d17e563c80da0d42350aaf1155
SHA256 8979fe86afe23035caedd5df135786da2b28c095b69ce0179b6484fd680c9b91
SHA512 bb18675a9b311e4c34806ec834886659a95207a4ec9b48b082f5fa0e05f016b9f946db29c7aa20662b4090c7f42a606f9f3a5df48d7ed20c5b404ccf91a1b7eb

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-processenvironment-l1-1-0.dll

MD5 56813b784a1f8cdabedcc10de6e84864
SHA1 b636ba140e1ba7de5e59932702e7b4e53025d651
SHA256 98ee724aa3f5a8ec4f3f8596be5aba5cd19b556f88ef9fbaff1569051a4d0dc1
SHA512 f11739be9ff624044035678cf39b91d28a53f1ac56342baf985a4328da4c64c81107d7e1787ee50efb382472e4d46bb21c520918b8831edc7f6b3db70befa068

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-processthreads-l1-1-0.dll

MD5 2557484c75d4507688b68a64882e0022
SHA1 ff78c6d44f7474d98402f8e17cfce5d712c41b95
SHA256 50b3e4ffee430c1b45f0ca75959936608f756ae5eb0352e8f3f5f69c5adfaa20
SHA512 e1c502e889664a46acaf0d8cab5d5082f46ad3f6f1a24ec702ec5174d077fff51cce7f80b13c5c22704937ce380ec3b14c088955d94eef1050d293c078869870

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-processthreads-l1-1-1.dll

MD5 a07afa26ab56a8d3b8b16591a1962005
SHA1 2b6f3143487f747911ee20f039f1ffb1381858ac
SHA256 6be230837149dc2a8c7772142a674c3f90930a55da7f91d791942d8276d5440b
SHA512 b77b277d10cf6b8d209679684ead55b4347caef3213acdccdee35b5d4fe0e3fc136daf057830512c5473c4653a8d66357927c4b7d204c07d7508f792299d7fe9

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-profile-l1-1-0.dll

MD5 258caf72fd7c60586b4bacfee6b37872
SHA1 4a473ff7cdf254336cf2ff3ddeb03bd047b35af5
SHA256 04c0a5392a18a7555635cde23f9111ea4da550c309827b725a74bb6fd4f0cc64
SHA512 121a366f79ca1c9212d109d1f72a53b31f0bf0394b947949e2a0191629ace8ed107118e512bc8f4e9b43a84b6c936422372be2ff497f2cf13276217b15d079c5

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-rtlsupport-l1-1-0.dll

MD5 cec2f0ac232cd07d217299386118692b
SHA1 7cd8218afc5ccf528bb2807168e11e5820c8bddd
SHA256 a5f4f23b01cac69058b7ec0e30b470f90bfc6d40de20e618c3045bf06e4a2cfd
SHA512 e06fc36de71caec6732d2553b5afcd6daf0b8eb4f1aea7d6f6c2ae00b3e3f4172c932458ebb6644e41dd26a48b66dbe935a40bcee68aa7cad4af155befe7019f

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-string-l1-1-0.dll

MD5 01cbaa0aafba1275cc23c29f139d399e
SHA1 5ca1434545c02c3f34bc9facf9b2eecc89ec3a24
SHA256 dcb3fc36c43a402b4b35644f1e7f6d6db31ef8d0a731c3b882e2cf3201a6714c
SHA512 f5a3d05690bf409d2b8d7eb96ac4fde1e2d27add79945d6d9f2482ee61c6698ee0e167e9677a61a435d99175979e8651f34b92a6d057236254a0a2ba1a9cc79f

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-synch-l1-1-0.dll

MD5 efbbbcef1514840d5ad9d8c084a0147e
SHA1 d046a440556ff7b9857963d86dd050ccd6b0533c
SHA256 9c1d190c85b9ccfb171d3db4ec363c97a3452bb365dd75dbda5ec9cad1a5d803
SHA512 fe78850b3acaa725f4a3f65fccc3c2644ef43eebe3c0083c0d4e9e967cfb230d966dee87dcd8a27f4dc452d7e72ea7efb24ab7b9dbcd58ab81f78d0d110829bc

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-synch-l1-2-0.dll

MD5 ed215daa7493bf93c5eadef178a261e0
SHA1 b20c8dc7ba00f98a326f5f4fd55329b72f8e5699
SHA256 8b7c8fc657e0dab0f2506001ca4bb76e675ffd18a2b4d9c1e03b876e008a7a26
SHA512 3ed052eada11c3dc44f81f330bd2a2526170515bc6a90281872a93ee49f9add8c9ad36b9a9e9185e251d664c1694d06625e0148e113addc32e53d705d2655f03

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-sysinfo-l1-1-0.dll

MD5 aed0b2511a396bb258a7bc7bb646b951
SHA1 151b08d20538990b894afef34de451708b5f334e
SHA256 fb7ffa16bfdf7392535b8e78a86db89ed9032f67a16b127a105582fab118cf2b
SHA512 dd7cdb5f401dce1566e331a3184ebd2c71f6d2dc4eb59f384bfb2daea8ce8a146d7449d989da2193abf30cd568e67bc932e28c8b93c7d6beceac0c7cb9ae1f5c

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-timezone-l1-1-0.dll

MD5 a9c7db516186c8e367fed757e238c61a
SHA1 1318d6496e7146e773aca85be6d0e9b87a09e284
SHA256 ded52bac23633a03341969c5b98b0d94d24fa3284c1ddd0c489e453b39cec659
SHA512 6aad003287afe86abccf34f6b15338c0c7380f4837805d919064a26380d2f3f7698515f927c148e618c12f0943d3621184bebc70a8b07eed64ad88689fbcc5cb

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-util-l1-1-0.dll

MD5 7294cef433dd8afa73982ea96dbd6f6a
SHA1 c73b123197e6ad47b13febeafa912fdad566c8ee
SHA256 21c57c8ae9407cedb50bcebf7f844a5933d274676f3194a87997672c7177cadb
SHA512 24048bd06f0a3ce593eadab4fee4e26aa339faba52ae52dd36f0c66ee5d7c166f68fff8ff5dbfffde26588351ca4b6de033528dd4b0a15b0afe3ddcaf13b8661

C:\Users\Admin\AppData\Local\Temp\Tech tool store\API-MS-Win-core-xstate-l2-1-0.dll

MD5 d911ac41d48ce1f57cf82d77476960f3
SHA1 b0437d8fcc3835f642280680677fe65af70cdb90
SHA256 e98e9ea1645b11f2fe6f21bddfd6dd5d58a3f158c7501f4534793da3eaccee3a
SHA512 a5edf14e0c88ffee32455ba9508d07614bbdd9cb3916c89d88a1b8dc7d6c05e9894e2ba2dbba6ccc68fda30928a078f3b650ec563f633b9ff6e3b4cba5db1c91

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-crt-conio-l1-1-0.dll

MD5 6e044455d104db0a31983ba722394d00
SHA1 aec808b8c70326506b7a07241b6aac817ca8bfa6
SHA256 7b5d400a141f363f553f61fa11e94a6851d1eeb510cb7988012862ed13208c97
SHA512 eb092e48f9bc4edac67ba5cc11199ad06f313a37df1b29053e105843519a59ada48915a5448d74d464cd1b05e0750c0f4339e6aed6390b31acbeff2d84f9b166

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-crt-convert-l1-1-0.dll

MD5 c6385b316bb04ca36d76b077eeb9a61e
SHA1 fc376f68798fecd41fb1c936eed1bce3f2ee6bef
SHA256 060636cfc58587b4344a6d0ff4f44dd77266f2bbdb877cb50cb1b44a7e3969bc
SHA512 bddf0f34bedb17ecf1d270a0613f27d174ae04f920192d7d1af6c15245175318b29691e748c36e2ce0a3027495b2f5a0bb688ae16095fad9dcd8c283b6d1b1d4

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-crt-environment-l1-1-0.dll

MD5 311e582d5d3d8421e883c4a8248eacc8
SHA1 c99e61d1446fce0f883a2aad261af22d77953a59
SHA256 369cc4d3bb05f4160a0bc9683feb1df2e94d02f061e4b23d53c3a6e2230cd5e4
SHA512 050ed1310e667e6bb22bb7952794745df1eee0c78f18240cc2217e748a11213d094b48153964c3da0ad8141da1709ece637315633396c77c035bb0565fa981b4

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-crt-filesystem-l1-1-0.dll

MD5 10731d3320c12abb62d3866d7e728cce
SHA1 df4e131c825d1ca5cd14e00e5c04785d6ca508f7
SHA256 9f3eb90963916194f167e98e049707b14fa84a3f11cb8cc7b940d95956601700
SHA512 7eeef98682872fd95a38a03435546349c8488607e59870086b486b807e8b53893603175d9ad0f3b80c1924381daca8d14868a6079988a944b005783b4e2e358e

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-crt-heap-l1-1-0.dll

MD5 cf5f256e8cd76ba85e6c3047f078814a
SHA1 b7cde77313ceaae76a46c1111b33b3d8f47c4214
SHA256 9382fc8d5cbcc23c5d05e6f48f4188af3f96efbbdc5a7ec05b37e252440ecfc1
SHA512 856eff4fff1d11a725af9c3e5ceac6d02a89297a16e97edec171839aa12c468fc37d60ec5df06d507cee695f71b7fbd4bc0ba51b7934d886e66a43b249e62da5

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-crt-locale-l1-1-0.dll

MD5 60ffdc3ef20b127e3fd14a0719328c34
SHA1 b510833350328f79a79fa464ea9d5e9455643659
SHA256 43c9ea4ddecf2f34852559cf0b40b5261e6701d3743ab219f48d43a312707ad9
SHA512 caef6ee08c9f6fabecef1f0be37ab34e2d4dc22f15a775b2f0dcacda1f0fcdf2259399e6fbab85f0f00e8e4b03d77fe88b85b901a9ba2f775a50f2da724da26e

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-crt-math-l1-1-0.dll

MD5 78dfcb76dc8b42411dbc682f78f5c6eb
SHA1 e50f6719fee44c70518cf8442737a688b5f45e62
SHA256 8673dd898f899de831fc3052c8b8254b7b85ee7f2b9b6c422736668689c9b14f
SHA512 968bb3bc952f4057f74c9c8825fcc2db34b9c56166ee39db3bab3d4ecf51fb65af250a8a65340274a1a0c0eed73b6c8962df5d2fce586c1ef4e19706edd5e6e1

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-crt-multibyte-l1-1-0.dll

MD5 a11597ab7e11d673c8f0b9082f16abb6
SHA1 09efc61cea01812db305cfa8b8ff95b4acad3b1d
SHA256 e2c9693500cc7ce5cba81f81a68abf2ca783e187cfbaa9b52dd6c157c940a854
SHA512 3fd3b0ebed8e97bf4c6dfa4ff2ce3c9b5e82905c2d8d674da64f4e3a9b0362c8b35f10895445d34b008b00c77b7d5ea079416d34b10ccce99fe6c7da6d17d72c

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-crt-private-l1-1-0.dll

MD5 8f2b23d0d913fca49fb5b9a715a73519
SHA1 6adde370204c8fde3979f707fa6306f831dea8ec
SHA256 722edc4fcf0cedc233f56227848b25318e2c211d5b3a4944fc294551f80d2652
SHA512 bc8e7b572fbb9a5cc5110617b1bb525fb41f0f435dfff7a332571785d50dfd43449fbacdd3c2ffe64539a26fbd33147f1b219f167b55eb7825249eb3237188da

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-crt-process-l1-1-0.dll

MD5 48e6bb6df76fc8f009b066f588b13c1f
SHA1 1db7352875992737effbc487252ccfa09ac3dc53
SHA256 253caf243f9fd21f45c052384ed08f4c10ed0da0dc3ac55aa1c9e4249e1103d9
SHA512 0c4ad3cfd90515c27efdb7e9fac2082e5a33a006f38c5be526e7a85d3046b28424c10d59ad88bda72ec07445231dffda47326de2451df65a2cddec791bf83623

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-crt-runtime-l1-1-0.dll

MD5 8bd7a27e6ca969d3eb46086d411ce05d
SHA1 3bbf6f55853b1487debca58d7cb5c877d0abd517
SHA256 8edc95578b8c9ca93a65907e428fa2b57fef8370b902912689332bc61094904c
SHA512 fee8359398efe6a995a214d4e47de43aba12d33bb9cb1de18659d332d94ef83a4a77618b6caa9f455b0c6da4c10ab459209d483b9e778d9b522771ca692ca454

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-crt-stdio-l1-1-0.dll

MD5 f681a45c47ebb2c56c1465677ec33ff3
SHA1 06bf7798c51325cf1806e14dea56ff98b05b7846
SHA256 3a03d727d291be57057587227273af410eda935438d8a0a165ec63ae772809af
SHA512 eeb05f1af7e1c714c658e9aa06e8c6dbeeb5f2e8dcf3fdb7b9b408018e41402d83893472114e0cf6d3a9a3bf54ec45c4f7a4840a09570d190277aa3514681ab8

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-crt-string-l1-1-0.dll

MD5 00446e48d60abf044acc72b46d5c3afb
SHA1 0ccc0c5034ac063e1d4af851b0de1f4ea99aff97
SHA256 82d26998b4b3c26dbc1c1fff9d6106109a081205081d3c0669e59d20d918bc5a
SHA512 69114f0efb3c853bffb55c15e5ad1b7919057a676056d57634a6a39916e232cde2dcdc49ea0f9751ddea6550ffa58f84b1f8918b3c9fd7e88c8b8f7eb4afeaf2

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-crt-time-l1-1-0.dll

MD5 376b4a7a02f20ed3aede05039ec3daf0
SHA1 c9149b37f85cfc724bedc0ecd543d95280055de1
SHA256 b0b8fc7de3641c3f23d30a4792c8584db33db6133ee29135c70bb504e80e4a2c
SHA512 ff7fba7cd8c9b55c1c87104d7d9074ef0eed524b02480ecf2c80e5cd489c568e1ed63bc62699a03272cab3dcbf20e6437e1f47ce112bcb3336d27ed2790430c5

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-crt-utility-l1-1-0.dll

MD5 6376bf5bac3f0208f0a5d11415ccd444
SHA1 c3fe96e51c3f3e622dcedd2ddf8d23f9442361b8
SHA256 e36763df57cd26ec2b4d52e27de51a4ca6f18caf86cbac8307bf4817705f9a0e
SHA512 9614e423c850bdb584f18555825214d42106966b1ee71e75ba7407591aa5de407b43909ce972e1923df82e9a0e953597fe19646296962194ebeb1579493d91c2

C:\Users\Admin\AppData\Local\Temp\Tech tool store\BootPack.wpk

MD5 4f001d0e372baef55838f46888e460e4
SHA1 50450528413983b274823b87214ce6b92aace3ad
SHA256 bd4c6e3fca00c524ffdf8b1f4b491a78041f9f7e871aa1da506b341c509cea5f
SHA512 f4d01c4f9f13dad555083f04994b64408b8a705bddc28e608368d71fb0b39a79f472a0a46aeb943c4c317177e4f61fdef613c194b75e19aa0f77e216190fd0a8

C:\Users\Admin\AppData\Local\Temp\Tech tool store\bz2.dll

MD5 bb1ea7cade180a0c012c2289c7d820cc
SHA1 67a17ae0aed053d8fb071450dff8f843a1255112
SHA256 30998439b2fbc620f3f87799f8a98e8519f26b227bf498877b11dfb52147b698
SHA512 3b10462ae03ea57bfad298c4d59da247b8ad971aeec0c9ad439a72b1756ee627fba23fe9044df9a8301b0fe1099bbb9988869ccce1102314052a49bf0cbdf317

C:\Users\Admin\AppData\Local\Temp\Tech tool store\cm

MD5 b56ff480a051053678aa4d4a45cbc2b8
SHA1 9bf6cf9994ecd0ccc5cb8832efdb95c3eb2cdd14
SHA256 ae8592271f22f64e62cf67e82cd31feaf2ec192ae5387af464b82093c97ce1e0
SHA512 6763a10e884cff05c7f6b36ce5b4d88594594cfbfc252eee4d5e573f30d96614f42783898b348e7a7886e57bf8ee36289c3f2ba8a44959538267f5612d87fa07

C:\Users\Admin\AppData\Local\Temp\Tech tool store\concrt140.dll

MD5 ccadf05c27e94a9e1a9ad9794aa05514
SHA1 6d0dd40402d62dc4e78c56605c72f700ea12a8ce
SHA256 768646418668e5b4840610305790ad6f981e85ac65123ab7a952b198c24c28fd
SHA512 e0205e2f694301e4603a633691fa551911b6d42f3559ea5d57065eb73e9ca2edeee76384122724b1c9cf0f5534835172cd201f2e8491a5ae84d104c9ef3138e1

C:\Users\Admin\AppData\Local\Temp\Tech tool store\DefragOptions.ini

MD5 a0eac4d8f4ee86740825896d8165532f
SHA1 0788f2da879b57ed54d77bc179a4858a35b3df61
SHA256 c0d303506cb38836309d910d2d4131d9c161c9c19387db375eaee3812524a1ea
SHA512 64a62416c65aede86a2402569e00ece1fda6eebc35f6b6e25dad0dc7033df46bba938e74cfb0405c47662d8a457a11f569d4b90013cab911440eb268707a5381

C:\Users\Admin\AppData\Local\Temp\Tech tool store\DManager.dll

MD5 ebffe71ff23b7a95dd5075f34a547d70
SHA1 5d9469960555810ec002274dec79d449885bef22
SHA256 6739072f5ae3eb2ce528fa35fdb47002f80a048a34ddfb9b8266e3ac552f2c08
SHA512 bc6dcd365e2a8e58099c73b43f9466a5b7a6a6d74ea35b834e80fb9dbc285ed296742b8e2c52fb49836cec81cf17d448e6dbe0a32cdcae12267469247db289be

C:\Users\Admin\AppData\Local\Temp\Tech tool store\fileshredder.ico

MD5 d8e48de3e5710fabd066c2bc02445c02
SHA1 d5b86bff4cd388659633ac3d6969fee82aed3bdc
SHA256 1d1e9558edef4ce724f93f80dc96fa5d7306d341f89bcbe61694900a409a2e9b
SHA512 baf61410094ad50ea8de5918d1688c902ee8366cb6c26ca3fc23fc6c2207001adbef05d2c58a1355ad80b9ce790618ccd98580a6e23364a6e3c850cc1adbe8ed

C:\Users\Admin\AppData\Local\Temp\Tech tool store\libeay32.dll

MD5 50ef8016e3829379b64d151b51c66550
SHA1 765ec0e6955d1e07ec71f491ef73aca4129d0553
SHA256 4fdbb8990fe87a49d6103c1cb4665805b34fae04a98e21626dd5afc306db6259
SHA512 63246737baeb5beaf4a79622d9998617b45349f118ecd869f6d1399b28dc611f47cb6fb54f508d90ecca06423719fe600375098abc188fa078c69b794c676dee

C:\Users\Admin\AppData\Local\Temp\Tech tool store\libmap.dll

MD5 53634bc76f19ea065981ac1b02225df9
SHA1 7d1cb4ae535c30d2443c4b8f14927300c8449839
SHA256 e9053b628bf89440e0ad4874a5c234fe058539f20f9bf02d36c7492fed70857a
SHA512 3b46f34b4d370f44f219f0a404ae1f9a53897ddaabfb7665197dc16b538a13d9ee89af7053fd74998dc38321af8f076759f535d5a855f6ff5212d88704c79d3a

C:\Users\Admin\AppData\Local\Temp\Tech tool store\License.txt

MD5 4a0f1a666912e64f1ba811fc24d7135f
SHA1 dcbadd9698e306f0cd6e80737fc44f53336cf36c
SHA256 d6b418c619ba7456b594dff10c3face4ac28609a64f2bf5e635292d7ff4f57e5
SHA512 36eba1cc1c0ac8d5fee7e88fd90b01ee800945ebed45ef92adf64e4aa356a2afe9acc6b07cae478cc467ca62b4a7895cecc3af9bbdf93c2a9c2271253ed00342

C:\Users\Admin\AppData\Local\Temp\Tech tool store\msvcp120.dll

MD5 fd5cabbe52272bd76007b68186ebaf00
SHA1 efd1e306c1092c17f6944cc6bf9a1bfad4d14613
SHA256 87c42ca155473e4e71857d03497c8cbc28fa8ff7f2c8d72e8a1f39b71078f608
SHA512 1563c8257d85274267089cd4aeac0884a2a300ff17f84bdb64d567300543aa9cd57101d8408d0077b01a600ddf2e804f7890902c2590af103d2c53ff03d9e4a5

C:\Users\Admin\AppData\Local\Temp\Tech tool store\msvcp140.dll

MD5 fdd04dbbcf321eee5f4dd67266f476b0
SHA1 65ffdfe2664a29a41fcf5039229ccecad5b825b9
SHA256 21570bcb7a77e856f3113235d2b05b2b328d4bb71b4fd9ca4d46d99adac80794
SHA512 04cfc3097fbce6ee1b7bac7bd63c3cffe7dca16f0ec9cd8fe657d8b7ebd06dcba272ff472f98c6385c3cfb9b1ac3f47be8ca6d3ea80ab4aeed44a0e2ce3185dd

C:\Users\Admin\AppData\Local\Temp\Tech tool store\msvcp140_1.dll

MD5 4d10412f92fa6962ea7ebfaaf17b29a4
SHA1 cef3d60b9f5f1ed81fd3fb3273f89814d9fba7bd
SHA256 72f358aa9cae44582b6207333b94655e0c41c00095b0a50879f4c2b1bdf7b5cd
SHA512 a8b8508d1069f0e4171d532aba262c4fc9e45310501e6fec506b3b902945f21521b782da267ce3838beae134dbb6efc45d33bd8e672547b4b2ef6a7ae2bab14b

C:\Users\Admin\AppData\Local\Temp\Tech tool store\msvcp140_2.dll

MD5 0e7bbf00d2659db77d82d04e64dd90fa
SHA1 a121f7bfcac3e14e83eae2118a5ffe6eea439ccd
SHA256 6ff622279f62296d3aeca95c0daca7cee8fb50354f53740a1808cdc6efdcea80
SHA512 c150e80887e34b364b252ef9e4a6bd198a3586b2895bf6d5a7e872901a715db6d5f34ce6b7fdcef4b77d45380089db79543d309cf6b9ca2bd0f44bdafea12cc2

\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe

MD5 1459f9d0c62412b9df206c7e819fbf62
SHA1 daddb63d6b1a191e896a01ada7ea79dabf686655
SHA256 75569178b9ff9f2719e17d2d270322151ffc63f8eaac774a64f6c627014451d8
SHA512 924d14ba741b64a813e566864b098e0a426e48412942945d2034ab685548794ca93a4d759fc098f5e8e4df80146a82572bbfe09c7599a109a1dc4837259da5c2

C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe

MD5 1459f9d0c62412b9df206c7e819fbf62
SHA1 daddb63d6b1a191e896a01ada7ea79dabf686655
SHA256 75569178b9ff9f2719e17d2d270322151ffc63f8eaac774a64f6c627014451d8
SHA512 924d14ba741b64a813e566864b098e0a426e48412942945d2034ab685548794ca93a4d759fc098f5e8e4df80146a82572bbfe09c7599a109a1dc4837259da5c2

C:\Users\Admin\AppData\Local\Temp\Tech tool store\sqlite3.dll

MD5 c86d13c52aa1c7d0e39cc9f6d20ccd22
SHA1 8622a443874feebb2e5cdb9792a447acb97f78af
SHA256 7fdc0ad5ee9678eb66448b121beba9597ca6742d4474ff75d080a5c5014ec9c9
SHA512 ea629707a590a3494f63d17e6d4b74f9fc3341216f3fada2f1a1e5c318f83149130ea87afb8eb87168428ed21dc0c4cd4612bf66517ec67874e9a75c694e6af6

\Users\Admin\AppData\Local\Temp\Tech tool store\sqlite3.dll

MD5 c86d13c52aa1c7d0e39cc9f6d20ccd22
SHA1 8622a443874feebb2e5cdb9792a447acb97f78af
SHA256 7fdc0ad5ee9678eb66448b121beba9597ca6742d4474ff75d080a5c5014ec9c9
SHA512 ea629707a590a3494f63d17e6d4b74f9fc3341216f3fada2f1a1e5c318f83149130ea87afb8eb87168428ed21dc0c4cd4612bf66517ec67874e9a75c694e6af6

C:\Users\Admin\AppData\Local\Temp\Tech tool store\NlogExt.dll

MD5 1a75878dea8f5580c25e0b9f1c734949
SHA1 20d4c35f95b4d608aa73897680b3f0ceb219d37f
SHA256 1b393ad82fbe93add01c73613156cecd98f9668f5ed8a0faa04704a510b7bf2e
SHA512 6e65f45ef099d21beaf429e0e0c6c6122e64d27f6932afd2a2459fc6cafb5af58efb45440cc1e3f51ac7678748af85cb9e878e68efa3505980f115dc6a272ac2

\Users\Admin\AppData\Local\Temp\Tech tool store\bz2.dll

MD5 bb1ea7cade180a0c012c2289c7d820cc
SHA1 67a17ae0aed053d8fb071450dff8f843a1255112
SHA256 30998439b2fbc620f3f87799f8a98e8519f26b227bf498877b11dfb52147b698
SHA512 3b10462ae03ea57bfad298c4d59da247b8ad971aeec0c9ad439a72b1756ee627fba23fe9044df9a8301b0fe1099bbb9988869ccce1102314052a49bf0cbdf317

C:\Users\Admin\AppData\Local\Temp\Tech tool store\bz2.dll

MD5 bb1ea7cade180a0c012c2289c7d820cc
SHA1 67a17ae0aed053d8fb071450dff8f843a1255112
SHA256 30998439b2fbc620f3f87799f8a98e8519f26b227bf498877b11dfb52147b698
SHA512 3b10462ae03ea57bfad298c4d59da247b8ad971aeec0c9ad439a72b1756ee627fba23fe9044df9a8301b0fe1099bbb9988869ccce1102314052a49bf0cbdf317

\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-crt-convert-l1-1-0.dll

MD5 c6385b316bb04ca36d76b077eeb9a61e
SHA1 fc376f68798fecd41fb1c936eed1bce3f2ee6bef
SHA256 060636cfc58587b4344a6d0ff4f44dd77266f2bbdb877cb50cb1b44a7e3969bc
SHA512 bddf0f34bedb17ecf1d270a0613f27d174ae04f920192d7d1af6c15245175318b29691e748c36e2ce0a3027495b2f5a0bb688ae16095fad9dcd8c283b6d1b1d4

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-crt-convert-l1-1-0.dll

MD5 c6385b316bb04ca36d76b077eeb9a61e
SHA1 fc376f68798fecd41fb1c936eed1bce3f2ee6bef
SHA256 060636cfc58587b4344a6d0ff4f44dd77266f2bbdb877cb50cb1b44a7e3969bc
SHA512 bddf0f34bedb17ecf1d270a0613f27d174ae04f920192d7d1af6c15245175318b29691e748c36e2ce0a3027495b2f5a0bb688ae16095fad9dcd8c283b6d1b1d4

\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-crt-stdio-l1-1-0.dll

MD5 f681a45c47ebb2c56c1465677ec33ff3
SHA1 06bf7798c51325cf1806e14dea56ff98b05b7846
SHA256 3a03d727d291be57057587227273af410eda935438d8a0a165ec63ae772809af
SHA512 eeb05f1af7e1c714c658e9aa06e8c6dbeeb5f2e8dcf3fdb7b9b408018e41402d83893472114e0cf6d3a9a3bf54ec45c4f7a4840a09570d190277aa3514681ab8

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-crt-stdio-l1-1-0.dll

MD5 f681a45c47ebb2c56c1465677ec33ff3
SHA1 06bf7798c51325cf1806e14dea56ff98b05b7846
SHA256 3a03d727d291be57057587227273af410eda935438d8a0a165ec63ae772809af
SHA512 eeb05f1af7e1c714c658e9aa06e8c6dbeeb5f2e8dcf3fdb7b9b408018e41402d83893472114e0cf6d3a9a3bf54ec45c4f7a4840a09570d190277aa3514681ab8

\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-crt-string-l1-1-0.dll

MD5 00446e48d60abf044acc72b46d5c3afb
SHA1 0ccc0c5034ac063e1d4af851b0de1f4ea99aff97
SHA256 82d26998b4b3c26dbc1c1fff9d6106109a081205081d3c0669e59d20d918bc5a
SHA512 69114f0efb3c853bffb55c15e5ad1b7919057a676056d57634a6a39916e232cde2dcdc49ea0f9751ddea6550ffa58f84b1f8918b3c9fd7e88c8b8f7eb4afeaf2

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-crt-string-l1-1-0.dll

MD5 00446e48d60abf044acc72b46d5c3afb
SHA1 0ccc0c5034ac063e1d4af851b0de1f4ea99aff97
SHA256 82d26998b4b3c26dbc1c1fff9d6106109a081205081d3c0669e59d20d918bc5a
SHA512 69114f0efb3c853bffb55c15e5ad1b7919057a676056d57634a6a39916e232cde2dcdc49ea0f9751ddea6550ffa58f84b1f8918b3c9fd7e88c8b8f7eb4afeaf2

\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-crt-heap-l1-1-0.dll

MD5 cf5f256e8cd76ba85e6c3047f078814a
SHA1 b7cde77313ceaae76a46c1111b33b3d8f47c4214
SHA256 9382fc8d5cbcc23c5d05e6f48f4188af3f96efbbdc5a7ec05b37e252440ecfc1
SHA512 856eff4fff1d11a725af9c3e5ceac6d02a89297a16e97edec171839aa12c468fc37d60ec5df06d507cee695f71b7fbd4bc0ba51b7934d886e66a43b249e62da5

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-crt-heap-l1-1-0.dll

MD5 cf5f256e8cd76ba85e6c3047f078814a
SHA1 b7cde77313ceaae76a46c1111b33b3d8f47c4214
SHA256 9382fc8d5cbcc23c5d05e6f48f4188af3f96efbbdc5a7ec05b37e252440ecfc1
SHA512 856eff4fff1d11a725af9c3e5ceac6d02a89297a16e97edec171839aa12c468fc37d60ec5df06d507cee695f71b7fbd4bc0ba51b7934d886e66a43b249e62da5

\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-file-l1-2-0.dll

MD5 86279521328398e87699d248628eb13a
SHA1 e4d4c39bda90635f1f5c2fc58b1304e2daac9caf
SHA256 3c9b67616fd0ceb3dd92e605918b08556683ebab5537aa76dff300fbd54b0337
SHA512 2cc328955611ad8369ff9facf9c1aabe99a20c3ded2977ad86c69e0f54acd78fa6f572ed688625c8c63016826a10b3578e3c186ef2b39c4bf393ab5e399913a6

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-file-l1-2-0.dll

MD5 86279521328398e87699d248628eb13a
SHA1 e4d4c39bda90635f1f5c2fc58b1304e2daac9caf
SHA256 3c9b67616fd0ceb3dd92e605918b08556683ebab5537aa76dff300fbd54b0337
SHA512 2cc328955611ad8369ff9facf9c1aabe99a20c3ded2977ad86c69e0f54acd78fa6f572ed688625c8c63016826a10b3578e3c186ef2b39c4bf393ab5e399913a6

\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-processthreads-l1-1-1.dll

MD5 a07afa26ab56a8d3b8b16591a1962005
SHA1 2b6f3143487f747911ee20f039f1ffb1381858ac
SHA256 6be230837149dc2a8c7772142a674c3f90930a55da7f91d791942d8276d5440b
SHA512 b77b277d10cf6b8d209679684ead55b4347caef3213acdccdee35b5d4fe0e3fc136daf057830512c5473c4653a8d66357927c4b7d204c07d7508f792299d7fe9

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-processthreads-l1-1-1.dll

MD5 a07afa26ab56a8d3b8b16591a1962005
SHA1 2b6f3143487f747911ee20f039f1ffb1381858ac
SHA256 6be230837149dc2a8c7772142a674c3f90930a55da7f91d791942d8276d5440b
SHA512 b77b277d10cf6b8d209679684ead55b4347caef3213acdccdee35b5d4fe0e3fc136daf057830512c5473c4653a8d66357927c4b7d204c07d7508f792299d7fe9

\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-synch-l1-2-0.dll

MD5 ed215daa7493bf93c5eadef178a261e0
SHA1 b20c8dc7ba00f98a326f5f4fd55329b72f8e5699
SHA256 8b7c8fc657e0dab0f2506001ca4bb76e675ffd18a2b4d9c1e03b876e008a7a26
SHA512 3ed052eada11c3dc44f81f330bd2a2526170515bc6a90281872a93ee49f9add8c9ad36b9a9e9185e251d664c1694d06625e0148e113addc32e53d705d2655f03

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-synch-l1-2-0.dll

MD5 ed215daa7493bf93c5eadef178a261e0
SHA1 b20c8dc7ba00f98a326f5f4fd55329b72f8e5699
SHA256 8b7c8fc657e0dab0f2506001ca4bb76e675ffd18a2b4d9c1e03b876e008a7a26
SHA512 3ed052eada11c3dc44f81f330bd2a2526170515bc6a90281872a93ee49f9add8c9ad36b9a9e9185e251d664c1694d06625e0148e113addc32e53d705d2655f03

\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-localization-l1-2-0.dll

MD5 602a35b140d9d68d7b3e488896158365
SHA1 f1ba615abb54ff786ddbc74dffffd56394bfc892
SHA256 43b98f74476c86107c8317749f54a107e2955696e4f79d3d02683dd7034d1d52
SHA512 4388947f90838cae8b5f8137c9ed2a099028b4341da8c574d536c6ad096bad0e217e105f0367750c70e3d3ca4857255b674955c71ecff0fda9c47a4b1951b8b6

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-localization-l1-2-0.dll

MD5 602a35b140d9d68d7b3e488896158365
SHA1 f1ba615abb54ff786ddbc74dffffd56394bfc892
SHA256 43b98f74476c86107c8317749f54a107e2955696e4f79d3d02683dd7034d1d52
SHA512 4388947f90838cae8b5f8137c9ed2a099028b4341da8c574d536c6ad096bad0e217e105f0367750c70e3d3ca4857255b674955c71ecff0fda9c47a4b1951b8b6

\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-file-l2-1-0.dll

MD5 422adad24e8da100f85bf3de86b5f302
SHA1 7004b3ed8663b5890cd25e1a7899a766be912728
SHA256 e04642684dc7376839c570bc11e9b46cae14420f1a85f7562fd2c4d656a22956
SHA512 e689ecb1a1cb1e7735cb6a961fd054d87bcad01acf76950b14a3bf4e08ddb7a8d31805c203374ee081a4ec13c40b25b3dc83b3895b9bfbd9c135673e98e6ee63

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-file-l2-1-0.dll

MD5 422adad24e8da100f85bf3de86b5f302
SHA1 7004b3ed8663b5890cd25e1a7899a766be912728
SHA256 e04642684dc7376839c570bc11e9b46cae14420f1a85f7562fd2c4d656a22956
SHA512 e689ecb1a1cb1e7735cb6a961fd054d87bcad01acf76950b14a3bf4e08ddb7a8d31805c203374ee081a4ec13c40b25b3dc83b3895b9bfbd9c135673e98e6ee63

\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-timezone-l1-1-0.dll

MD5 a9c7db516186c8e367fed757e238c61a
SHA1 1318d6496e7146e773aca85be6d0e9b87a09e284
SHA256 ded52bac23633a03341969c5b98b0d94d24fa3284c1ddd0c489e453b39cec659
SHA512 6aad003287afe86abccf34f6b15338c0c7380f4837805d919064a26380d2f3f7698515f927c148e618c12f0943d3621184bebc70a8b07eed64ad88689fbcc5cb

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-timezone-l1-1-0.dll

MD5 a9c7db516186c8e367fed757e238c61a
SHA1 1318d6496e7146e773aca85be6d0e9b87a09e284
SHA256 ded52bac23633a03341969c5b98b0d94d24fa3284c1ddd0c489e453b39cec659
SHA512 6aad003287afe86abccf34f6b15338c0c7380f4837805d919064a26380d2f3f7698515f927c148e618c12f0943d3621184bebc70a8b07eed64ad88689fbcc5cb

\Users\Admin\AppData\Local\Temp\Tech tool store\ucrtbase.dll

MD5 5dafe0bfb955e780b3d50da4524b752f
SHA1 91c0d9fabe748d373215ba21b90278671b5f8957
SHA256 6255112c9978c07a05c6feaee01cf4be74b2920dc7017fbc1a42f8f5d23c20f9
SHA512 37fd37f3ad87838f596d1e8e497fe66d1a1c4128625ab456ec850179dd1e1f33cf4945d0faaf6cdbd1ed586ecfb7ff3e7cf10a88a823cc5eb06c2fc4fa16bff3

C:\Users\Admin\AppData\Local\Temp\Tech tool store\ucrtbase.DLL

MD5 5dafe0bfb955e780b3d50da4524b752f
SHA1 91c0d9fabe748d373215ba21b90278671b5f8957
SHA256 6255112c9978c07a05c6feaee01cf4be74b2920dc7017fbc1a42f8f5d23c20f9
SHA512 37fd37f3ad87838f596d1e8e497fe66d1a1c4128625ab456ec850179dd1e1f33cf4945d0faaf6cdbd1ed586ecfb7ff3e7cf10a88a823cc5eb06c2fc4fa16bff3

\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-crt-runtime-l1-1-0.dll

MD5 8bd7a27e6ca969d3eb46086d411ce05d
SHA1 3bbf6f55853b1487debca58d7cb5c877d0abd517
SHA256 8edc95578b8c9ca93a65907e428fa2b57fef8370b902912689332bc61094904c
SHA512 fee8359398efe6a995a214d4e47de43aba12d33bb9cb1de18659d332d94ef83a4a77618b6caa9f455b0c6da4c10ab459209d483b9e778d9b522771ca692ca454

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-crt-runtime-l1-1-0.dll

MD5 8bd7a27e6ca969d3eb46086d411ce05d
SHA1 3bbf6f55853b1487debca58d7cb5c877d0abd517
SHA256 8edc95578b8c9ca93a65907e428fa2b57fef8370b902912689332bc61094904c
SHA512 fee8359398efe6a995a214d4e47de43aba12d33bb9cb1de18659d332d94ef83a4a77618b6caa9f455b0c6da4c10ab459209d483b9e778d9b522771ca692ca454

\Users\Admin\AppData\Local\Temp\Tech tool store\vcruntime140.dll

MD5 ba65db6bfef78a96aee7e29f1449bf8a
SHA1 06c7beb9fd1f33051b0e77087350903c652f4b77
SHA256 141690572594dbd3618a4984712e9e36fc09c9906bb845ce1a9531ac8f7ad493
SHA512 ca63eeac10ef55d7e2e55479b25cf394e58aef1422951f361f762ab667f72a3454f55afc04e967e8cdd20cf3eebe97083e0438ea941916a09e7d091818ea830e

C:\Users\Admin\AppData\Local\Temp\Tech tool store\VCRUNTIME140.dll

MD5 ba65db6bfef78a96aee7e29f1449bf8a
SHA1 06c7beb9fd1f33051b0e77087350903c652f4b77
SHA256 141690572594dbd3618a4984712e9e36fc09c9906bb845ce1a9531ac8f7ad493
SHA512 ca63eeac10ef55d7e2e55479b25cf394e58aef1422951f361f762ab667f72a3454f55afc04e967e8cdd20cf3eebe97083e0438ea941916a09e7d091818ea830e

\Users\Admin\AppData\Local\Temp\Tech tool store\zlib1.dll

MD5 7cfdbfec8b16876767f5895fae94f6cd
SHA1 49644b75dc5ef3e1f6e122f8b6e5569b74b1e2a5
SHA256 322062f0287317d3f41180bf79e54c4ddf4646a08fcd55263fd05ad56b8e1cba
SHA512 02a10c91098b79cf4b53dfeb595283cd0bcd5b70ddc803f401600d321a54d3ce51ec24962473a47b9679b573a2223ff7f02be57866bfd961cea3f1a81bcea683

C:\Users\Admin\AppData\Local\Temp\Tech tool store\zlib1.dll

MD5 7cfdbfec8b16876767f5895fae94f6cd
SHA1 49644b75dc5ef3e1f6e122f8b6e5569b74b1e2a5
SHA256 322062f0287317d3f41180bf79e54c4ddf4646a08fcd55263fd05ad56b8e1cba
SHA512 02a10c91098b79cf4b53dfeb595283cd0bcd5b70ddc803f401600d321a54d3ce51ec24962473a47b9679b573a2223ff7f02be57866bfd961cea3f1a81bcea683

\Users\Admin\AppData\Local\Temp\Tech tool store\StormLib.dll

MD5 09c4266b11233aedaff9bbb97ff7dc50
SHA1 212f6f2df299f8f1c4c481bb92e9e958d48421e3
SHA256 f52d1ed4c1350bf7726ad3ef926329267e35bf67bd938e5e1aae324dcef31469
SHA512 b17e865ec5a8caf5bca88857ea3bad0dfc5d9fd0448ee52671876202b1870783a5de8f2d76b9d5363aeeb89b383314c8d65769674bd9b911551cdaa5c8654dcb

C:\Users\Admin\AppData\Local\Temp\Tech tool store\StormLib.dll

MD5 09c4266b11233aedaff9bbb97ff7dc50
SHA1 212f6f2df299f8f1c4c481bb92e9e958d48421e3
SHA256 f52d1ed4c1350bf7726ad3ef926329267e35bf67bd938e5e1aae324dcef31469
SHA512 b17e865ec5a8caf5bca88857ea3bad0dfc5d9fd0448ee52671876202b1870783a5de8f2d76b9d5363aeeb89b383314c8d65769674bd9b911551cdaa5c8654dcb

\Users\Admin\AppData\Local\Temp\Tech tool store\NlogExt.dll

MD5 1a75878dea8f5580c25e0b9f1c734949
SHA1 20d4c35f95b4d608aa73897680b3f0ceb219d37f
SHA256 1b393ad82fbe93add01c73613156cecd98f9668f5ed8a0faa04704a510b7bf2e
SHA512 6e65f45ef099d21beaf429e0e0c6c6122e64d27f6932afd2a2459fc6cafb5af58efb45440cc1e3f51ac7678748af85cb9e878e68efa3505980f115dc6a272ac2

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-crt-math-l1-1-0.dll

MD5 78dfcb76dc8b42411dbc682f78f5c6eb
SHA1 e50f6719fee44c70518cf8442737a688b5f45e62
SHA256 8673dd898f899de831fc3052c8b8254b7b85ee7f2b9b6c422736668689c9b14f
SHA512 968bb3bc952f4057f74c9c8825fcc2db34b9c56166ee39db3bab3d4ecf51fb65af250a8a65340274a1a0c0eed73b6c8962df5d2fce586c1ef4e19706edd5e6e1

\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-crt-math-l1-1-0.dll

MD5 78dfcb76dc8b42411dbc682f78f5c6eb
SHA1 e50f6719fee44c70518cf8442737a688b5f45e62
SHA256 8673dd898f899de831fc3052c8b8254b7b85ee7f2b9b6c422736668689c9b14f
SHA512 968bb3bc952f4057f74c9c8825fcc2db34b9c56166ee39db3bab3d4ecf51fb65af250a8a65340274a1a0c0eed73b6c8962df5d2fce586c1ef4e19706edd5e6e1

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-crt-utility-l1-1-0.dll

MD5 6376bf5bac3f0208f0a5d11415ccd444
SHA1 c3fe96e51c3f3e622dcedd2ddf8d23f9442361b8
SHA256 e36763df57cd26ec2b4d52e27de51a4ca6f18caf86cbac8307bf4817705f9a0e
SHA512 9614e423c850bdb584f18555825214d42106966b1ee71e75ba7407591aa5de407b43909ce972e1923df82e9a0e953597fe19646296962194ebeb1579493d91c2

\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-crt-utility-l1-1-0.dll

MD5 6376bf5bac3f0208f0a5d11415ccd444
SHA1 c3fe96e51c3f3e622dcedd2ddf8d23f9442361b8
SHA256 e36763df57cd26ec2b4d52e27de51a4ca6f18caf86cbac8307bf4817705f9a0e
SHA512 9614e423c850bdb584f18555825214d42106966b1ee71e75ba7407591aa5de407b43909ce972e1923df82e9a0e953597fe19646296962194ebeb1579493d91c2

C:\Users\Admin\AppData\Local\Temp\Tech tool store\MSVCP140.dll

MD5 fdd04dbbcf321eee5f4dd67266f476b0
SHA1 65ffdfe2664a29a41fcf5039229ccecad5b825b9
SHA256 21570bcb7a77e856f3113235d2b05b2b328d4bb71b4fd9ca4d46d99adac80794
SHA512 04cfc3097fbce6ee1b7bac7bd63c3cffe7dca16f0ec9cd8fe657d8b7ebd06dcba272ff472f98c6385c3cfb9b1ac3f47be8ca6d3ea80ab4aeed44a0e2ce3185dd

C:\Users\Admin\AppData\Local\Temp\Tech tool store\libmap.dll

MD5 53634bc76f19ea065981ac1b02225df9
SHA1 7d1cb4ae535c30d2443c4b8f14927300c8449839
SHA256 e9053b628bf89440e0ad4874a5c234fe058539f20f9bf02d36c7492fed70857a
SHA512 3b46f34b4d370f44f219f0a404ae1f9a53897ddaabfb7665197dc16b538a13d9ee89af7053fd74998dc38321af8f076759f535d5a855f6ff5212d88704c79d3a

\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-crt-environment-l1-1-0.dll

MD5 311e582d5d3d8421e883c4a8248eacc8
SHA1 c99e61d1446fce0f883a2aad261af22d77953a59
SHA256 369cc4d3bb05f4160a0bc9683feb1df2e94d02f061e4b23d53c3a6e2230cd5e4
SHA512 050ed1310e667e6bb22bb7952794745df1eee0c78f18240cc2217e748a11213d094b48153964c3da0ad8141da1709ece637315633396c77c035bb0565fa981b4

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-crt-environment-l1-1-0.dll

MD5 311e582d5d3d8421e883c4a8248eacc8
SHA1 c99e61d1446fce0f883a2aad261af22d77953a59
SHA256 369cc4d3bb05f4160a0bc9683feb1df2e94d02f061e4b23d53c3a6e2230cd5e4
SHA512 050ed1310e667e6bb22bb7952794745df1eee0c78f18240cc2217e748a11213d094b48153964c3da0ad8141da1709ece637315633396c77c035bb0565fa981b4

\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-crt-time-l1-1-0.dll

MD5 376b4a7a02f20ed3aede05039ec3daf0
SHA1 c9149b37f85cfc724bedc0ecd543d95280055de1
SHA256 b0b8fc7de3641c3f23d30a4792c8584db33db6133ee29135c70bb504e80e4a2c
SHA512 ff7fba7cd8c9b55c1c87104d7d9074ef0eed524b02480ecf2c80e5cd489c568e1ed63bc62699a03272cab3dcbf20e6437e1f47ce112bcb3336d27ed2790430c5

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-crt-time-l1-1-0.dll

MD5 376b4a7a02f20ed3aede05039ec3daf0
SHA1 c9149b37f85cfc724bedc0ecd543d95280055de1
SHA256 b0b8fc7de3641c3f23d30a4792c8584db33db6133ee29135c70bb504e80e4a2c
SHA512 ff7fba7cd8c9b55c1c87104d7d9074ef0eed524b02480ecf2c80e5cd489c568e1ed63bc62699a03272cab3dcbf20e6437e1f47ce112bcb3336d27ed2790430c5

\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-crt-filesystem-l1-1-0.dll

MD5 10731d3320c12abb62d3866d7e728cce
SHA1 df4e131c825d1ca5cd14e00e5c04785d6ca508f7
SHA256 9f3eb90963916194f167e98e049707b14fa84a3f11cb8cc7b940d95956601700
SHA512 7eeef98682872fd95a38a03435546349c8488607e59870086b486b807e8b53893603175d9ad0f3b80c1924381daca8d14868a6079988a944b005783b4e2e358e

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-crt-filesystem-l1-1-0.dll

MD5 10731d3320c12abb62d3866d7e728cce
SHA1 df4e131c825d1ca5cd14e00e5c04785d6ca508f7
SHA256 9f3eb90963916194f167e98e049707b14fa84a3f11cb8cc7b940d95956601700
SHA512 7eeef98682872fd95a38a03435546349c8488607e59870086b486b807e8b53893603175d9ad0f3b80c1924381daca8d14868a6079988a944b005783b4e2e358e

\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-crt-locale-l1-1-0.dll

MD5 60ffdc3ef20b127e3fd14a0719328c34
SHA1 b510833350328f79a79fa464ea9d5e9455643659
SHA256 43c9ea4ddecf2f34852559cf0b40b5261e6701d3743ab219f48d43a312707ad9
SHA512 caef6ee08c9f6fabecef1f0be37ab34e2d4dc22f15a775b2f0dcacda1f0fcdf2259399e6fbab85f0f00e8e4b03d77fe88b85b901a9ba2f775a50f2da724da26e

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-crt-locale-l1-1-0.dll

MD5 60ffdc3ef20b127e3fd14a0719328c34
SHA1 b510833350328f79a79fa464ea9d5e9455643659
SHA256 43c9ea4ddecf2f34852559cf0b40b5261e6701d3743ab219f48d43a312707ad9
SHA512 caef6ee08c9f6fabecef1f0be37ab34e2d4dc22f15a775b2f0dcacda1f0fcdf2259399e6fbab85f0f00e8e4b03d77fe88b85b901a9ba2f775a50f2da724da26e

\Users\Admin\AppData\Local\Temp\Tech tool store\msvcp140.dll

MD5 fdd04dbbcf321eee5f4dd67266f476b0
SHA1 65ffdfe2664a29a41fcf5039229ccecad5b825b9
SHA256 21570bcb7a77e856f3113235d2b05b2b328d4bb71b4fd9ca4d46d99adac80794
SHA512 04cfc3097fbce6ee1b7bac7bd63c3cffe7dca16f0ec9cd8fe657d8b7ebd06dcba272ff472f98c6385c3cfb9b1ac3f47be8ca6d3ea80ab4aeed44a0e2ce3185dd

memory/1764-773-0x00000000003F0000-0x00000000003F1000-memory.dmp

memory/2032-774-0x0000000000D60000-0x0000000001033000-memory.dmp

memory/2032-775-0x0000000075180000-0x000000007518E000-memory.dmp

memory/2032-776-0x0000000066680000-0x000000006668E000-memory.dmp

memory/2032-778-0x0000000067C80000-0x0000000067D0C000-memory.dmp

memory/2032-777-0x00000000710C0000-0x00000000710DF000-memory.dmp

memory/2032-780-0x0000000066C40000-0x0000000066C4B000-memory.dmp

memory/2032-781-0x0000000064540000-0x0000000064591000-memory.dmp

memory/2032-783-0x0000000067E00000-0x0000000067E1B000-memory.dmp

memory/2032-782-0x0000000066C00000-0x0000000066C14000-memory.dmp

memory/2032-779-0x0000000074E00000-0x0000000074E0B000-memory.dmp

memory/1764-784-0x0000000005480000-0x0000000005481000-memory.dmp

memory/1764-785-0x0000000000400000-0x0000000000D2F000-memory.dmp

memory/2032-786-0x0000000000D60000-0x0000000001033000-memory.dmp

memory/2032-797-0x0000000000D60000-0x0000000001033000-memory.dmp

memory/2032-808-0x0000000000D60000-0x0000000001033000-memory.dmp

memory/2032-819-0x0000000000D60000-0x0000000001033000-memory.dmp

memory/2032-830-0x0000000000D60000-0x0000000001033000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-03-07 04:48

Reported

2023-03-07 04:50

Platform

win10v2004-20230220-en

Max time kernel

144s

Max time network

110s

Command Line

"C:\Users\Admin\AppData\Local\Temp\108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe"

Signatures

Babadeda

loader crypter babadeda

Babadeda Crypter

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Phobos

ransomware phobos

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\AppData\Local\Temp\108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe N/A

Maps connected drives based on registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier C:\Users\Admin\AppData\Local\Temp\108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Temp\108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe

"C:\Users\Admin\AppData\Local\Temp\108cfca8867eb4f94082cddacf63fbdd8369b0991873a20afc3210f2d5e4ec61.exe"

C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe

"C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe"

C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe

"C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe"

Network

Country Destination Domain Proto
NL 173.223.113.164:443 tcp
US 209.197.3.8:80 tcp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 76.38.195.152.in-addr.arpa udp
US 8.8.8.8:53 199.176.139.52.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 209.197.3.8:80 tcp
IE 20.54.89.15:443 tcp
US 13.89.178.27:443 tcp
US 8.8.8.8:53 97.97.242.52.in-addr.arpa udp
US 8.8.8.8:53 2.36.159.162.in-addr.arpa udp
US 8.8.8.8:53 86.8.109.52.in-addr.arpa udp
US 8.8.8.8:53 176.122.125.40.in-addr.arpa udp
US 93.184.220.29:80 tcp
US 209.197.3.8:80 tcp
US 8.8.8.8:53 161.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\BRL000012ec\BR8B8B.tmp

MD5 c5dc46c377c927c8e91b18cde57cf0fc
SHA1 22ce8600d4dbaf9af6eded556d390212274911d1
SHA256 a53f9dbbe62911ddc088a10bc8d10b5d8b30ed999438e788b6bfe24f0ba6e2b8
SHA512 f208b88f84b9fea0fc184926551eb60f843e997390ceed7cfde5ff7bb7c6b6bcd47a0d5021a92064e57e6b400bbbe21cec93fa2358728a29c35d2bc147cc1432

C:\Users\Admin\AppData\Local\Temp\BRL000012ec\BR8C48.tmp

MD5 122a3741699fb5c0950273245c9dea15
SHA1 811f9149e3310a8e6521da156f92f3aaab012145
SHA256 f675eba3b22e0a2238ec4961d99de3bacca0ab553ab26eecb49800a12a9371ab
SHA512 567c480f70fdc78769ae45bf83b6632f7ab380ebeb00689028d39ff03840c8b778149a3fafe1dab2ac77a1fd17a23b09f58774b1c5e791bfd33b99528225eccc

C:\Users\Admin\AppData\Local\Temp\BRL000012ec\BR8D24.tmp

MD5 08ad4cd2a940379f1dcdbdb9884a1375
SHA1 c302b7589ba4f05c6429e7f89ad0cb84dd9dfbac
SHA256 78827e2b1ef0aad4f8b1b42d0964064819aa22bfcd537ebaacb30d817edc06d8
SHA512 f37bd071994c31b361090a149999e8b2d4a7839f19ea63e1d4563aada1371be37f2bfcc474e24de95ff77ca4124a39580c9f711e2fbe54265713ab76f631835a

C:\Users\Admin\AppData\Local\Temp\BRL000012ec\BR8D82.tmp

MD5 f5cec0e851d679bc6cfe5923c8cdd5c8
SHA1 5eee0f3192e2656d0891e363a5d69f61f457b186
SHA256 ac0976f2a6f221045d0fd22bb32bab0c8439d186acd118ad0faa2d69cbd2840e
SHA512 226f47164392ee339412f8ee5dad3faf40e26c52e2ae039826323ea0ef66d23776b1e972cd6f817e7dea1da0f87f20d3b6c7380fd8e891ec21a2f13dfc4915f8

C:\Users\Admin\AppData\Local\Temp\BRL000012ec\BR8DA3.tmp

MD5 a6f7a08b0676f0564a51b5c47973e635
SHA1 d56f5f9e2580b81717317da6582da9d379426d5b
SHA256 5dd27e845af9333ad7b907a37ab3d239b75be6ccc1f51ef4b21e59b037ce778c
SHA512 1101813034db327af1c16d069a4dfa91ab97ee8188f9ed1a6da9d25558866e7e9af59102e58127e64441d3e4a768b2ad788fd0e5a16db994a14637bfbade2954

C:\Users\Admin\AppData\Local\Temp\BRL000012ec\BR8E5F.tmp

MD5 c04970b55bcf614f24ca75b1de641ae2
SHA1 52b182caef513ed1c36f28eb45cedb257fa8ce40
SHA256 5ddee4aab3cf33e505f52199d64809125b26de04fb9970ca589cd8619c859d80
SHA512 a5f2660e336bf74a1936fb2e1c724220d862632907f5fd690b365009ac3e1bf35fa6689071f3da4049e495f340ff83f8438b79079ef1f248b9dcaedbdd5d3e40

C:\Users\Admin\AppData\Local\Temp\BRL000012ec\BR8E70.tmp

MD5 77fe66d74901495f4b41a5918acd02ff
SHA1 ce5bbd53152cd5b03df8bcc232a1aea36a012764
SHA256 b017168c69ef40115141813e47122391602e1af28af342c56495b09f1c3c7522
SHA512 cc6e323d0076577a0a04dbe2c33d90dc616cb5ec3637d3df67cbf169766ca2e6de567fcff4f32938fd6118d98e4796642a3010b7264f0ae247fa8f0fe079bd70

C:\Users\Admin\AppData\Local\Temp\BRL000012ec\BR8FA9.tmp

MD5 d74aadd701bfacc474c431acab7b9265
SHA1 8a2b424d1f949430ddc1faddee3e9ccb79c95de2
SHA256 f1029f5cca3dabfeffe2c9db6ad84a9ff0f64f5b2fb85cb6ab348740f756e07d
SHA512 0ef85e311fb4843997fd5f87f0a2eec9715e26eae76bfb7bb701d8c043720aeaf7f4825d25187bf35e0a9f00def15ed071120128805445f1330c07c3e0ea5ced

C:\Users\Admin\AppData\Local\Temp\BRL000012ec\BR91AE.tmp

MD5 0700f3dbe367287ce10472cffbd3d7d1
SHA1 079790389532599ce04fd82c2b89db5e4dedf26c
SHA256 77e46a6a8fbc079cdb1d3ee299af36c3d1881d38d93c4e0551f114965cdaf10f
SHA512 28eb67d348c8e9e36032d041315b6ee790d2e9021a3a657a7fe33c66ad1f8daa5b3e0833a2a432cb4a4c5795fea5a80a1810440fb441b6f0d56cf0d00d3e0a17

C:\Users\Admin\AppData\Local\Temp\BRL000012ec\BR91ED.tmp

MD5 924b90c3d9e645dfad53f61ea4e91942
SHA1 65d397199ff191e5078095036e49f08376f9ae4e
SHA256 41788435f245133ec5511111e2c5d52f7515e359876180067e0b5ba85c729322
SHA512 76833708828c8f3fad941abeea158317aff98cf0691b5d5dfa4bca15279cdad1cc23a771258e4de41cf12a58f7033a3ee08b0b5eb834d22be568ea98b183ccd9

C:\Users\Admin\AppData\Local\Temp\BRL000012ec\BR922D.tmp

MD5 77c853090012e97f6ce9212e66ef8a5e
SHA1 69425ae525ceff28c14e4855c002db432421ca92
SHA256 122debc552cb9a54704c3bb4a363b2494df16f0797642e0dee84712282d4df21
SHA512 17b62a1defc291a8af7b7e701ca7ab1a0d72605c6595a52c89b8e94c4a49e2d037931371e9966ac66dc764e968dca3728633e81545d8ba6aba09d8f39a6f914c

C:\Users\Admin\AppData\Local\Temp\Tech tool store\msvcp140_atomic_wait.dll

MD5 bfa69730b83fe5abc5c1a44ad71b2112
SHA1 2917d847156758420c9782ab8e376ded3d6e9b09
SHA256 05ec94cb5bc764418374882d1fff9050685fca86ec71101ff27f2422a2d39213
SHA512 c419255af407b4180d405823f3a3c2a5ac4cc4e8ab686ba83c0c1efad6eacb23024215918a686756a6cf96d1f170db54462cbe6a434d847204c665da8138aa9f

C:\Users\Admin\AppData\Local\Temp\Tech tool store\msvcp140_codecvt_ids.dll

MD5 2407353dfd054b3ad48cc4c3befdc361
SHA1 45a96fe92ed3d1b55a96bc536067a0931e2f0aeb
SHA256 e723a4a146e95fcaf68b8d0d425f5641e9ebeb70afa4cc8eb658d0f27ab97327
SHA512 352301249309919a0edd7fddde5c663dd2893a92277dc26f71d344b33f217a4182d841179035345399dd1f1356a5bb5326092db6a91cd24cc5a4468cd97c1544

C:\Users\Admin\AppData\Local\Temp\Tech tool store\NlogExt.dll

MD5 1a75878dea8f5580c25e0b9f1c734949
SHA1 20d4c35f95b4d608aa73897680b3f0ceb219d37f
SHA256 1b393ad82fbe93add01c73613156cecd98f9668f5ed8a0faa04704a510b7bf2e
SHA512 6e65f45ef099d21beaf429e0e0c6c6122e64d27f6932afd2a2459fc6cafb5af58efb45440cc1e3f51ac7678748af85cb9e878e68efa3505980f115dc6a272ac2

C:\Users\Admin\AppData\Local\Temp\Tech tool store\settings.dat

MD5 02aa61f22deb85d2bb9215a936dea9b3
SHA1 3cf45cb7646600bff9380ceb037e5f48b0a31146
SHA256 5954e948dca63d51b08cea89a33e595c14333728a206a4ae78e4651893f7e6f7
SHA512 fbc80a77912b437a0e3d5d43b01def9a7d646eac944e7866a7df7701a1d18de31ee9ab4c1feac0d9ae0dc5b20f4099dfbe4373673cb50545503d53cda50ffbc4

C:\Users\Admin\AppData\Local\Temp\Tech tool store\skin.ico

MD5 bd185b875af6e53f699096e2fe95cbbb
SHA1 7b59c7707159fc489bcc477acd61248e1c4a155d
SHA256 0a326b06aab1fa6ba3939db15e82cb5f4387ce9c163c6a8458acc8c79abd5490
SHA512 e9c7d2ff9a691b8981e95a9279209afc7652c4daa99e346437419b13266cc97f44e1af554b4dd2a5c2608da44ee18b6ca329a7d1e3a9fd8df58c84d08ee07090

C:\Users\Admin\AppData\Local\Temp\Tech tool store\ssleay32.dll

MD5 cb3150e7da1cd829ddc3ca863c7f5360
SHA1 21cb84c6c40577103eab9bfe47936b80195410d5
SHA256 7780130478823cd2cd22a104968c66065397e86335f29a96b1e67de2f32a6036
SHA512 2fb546fbaf9cee534b648a48ee5c135b6911d1f14a0dc450f61975bc7a6f57ff685b7ee9d37d06a5137d87d55d7a9dd76b4141e5ecc93edd1a3efd50881b6cd7

C:\Users\Admin\AppData\Local\Temp\Tech tool store\StormLib.dll

MD5 09c4266b11233aedaff9bbb97ff7dc50
SHA1 212f6f2df299f8f1c4c481bb92e9e958d48421e3
SHA256 f52d1ed4c1350bf7726ad3ef926329267e35bf67bd938e5e1aae324dcef31469
SHA512 b17e865ec5a8caf5bca88857ea3bad0dfc5d9fd0448ee52671876202b1870783a5de8f2d76b9d5363aeeb89b383314c8d65769674bd9b911551cdaa5c8654dcb

C:\Users\Admin\AppData\Local\Temp\Tech tool store\sqlite3.dll

MD5 c86d13c52aa1c7d0e39cc9f6d20ccd22
SHA1 8622a443874feebb2e5cdb9792a447acb97f78af
SHA256 7fdc0ad5ee9678eb66448b121beba9597ca6742d4474ff75d080a5c5014ec9c9
SHA512 ea629707a590a3494f63d17e6d4b74f9fc3341216f3fada2f1a1e5c318f83149130ea87afb8eb87168428ed21dc0c4cd4612bf66517ec67874e9a75c694e6af6

C:\Users\Admin\AppData\Local\Temp\Tech tool store\Rate.info

MD5 b1eec5c6b26ecfc6a974757087e3d2af
SHA1 b61648dfdb68b40d1b6f491bb96f494f5e34f5c1
SHA256 c6d14ae1d22ead7db02768a974d8f9380f88beaedc5b0becbcd361ae805a2e00
SHA512 8f2edf6a5b649df864873323e7fae1a475050d6d603165c8322061805f7b4a7b42b349b3800d59cb6fdaa6561a5e6afee18b42b77eff41bb93aa0f503dea5219

C:\Users\Admin\AppData\Local\Temp\Tech tool store\Themes_v6.txt

MD5 95d94ab71ff2d1d22401ad824ff67b0c
SHA1 c26c2061c256e9ffbe413cea4f41153422dc9deb
SHA256 42f9de7641098ff03b904d2981209bc085064560efd03be68a08f3d552ea2b63
SHA512 d8dc7cf66183c84482116c0df60c330c0bf6090c1c4d45a7ad1e77d1fd7cbdcde803e5b3186d916f06d6a1f032878d811f2e54547bf4327b79d52ae526ab9d13

C:\Users\Admin\AppData\Local\Temp\Tech tool store\vccorlib140.dll

MD5 ae13e4f8338173a979135141e0dfb02f
SHA1 6fc365c1b18d34f6c1c0a691a4e527f2748f7efd
SHA256 7e3211bfcd4698140ce90e6664e044f7c7c8100c5b7bf1cec161df32fc412056
SHA512 22051878786454be0f8732aeab51a89651db255339ce95a358cc8f8a2072e5ef661606b58d54581186b422cbc9af7a5c4d3c45e0b9fd76efa7287f8f306fb98e

C:\Users\Admin\AppData\Local\Temp\Tech tool store\vcruntime140.dll

MD5 ba65db6bfef78a96aee7e29f1449bf8a
SHA1 06c7beb9fd1f33051b0e77087350903c652f4b77
SHA256 141690572594dbd3618a4984712e9e36fc09c9906bb845ce1a9531ac8f7ad493
SHA512 ca63eeac10ef55d7e2e55479b25cf394e58aef1422951f361f762ab667f72a3454f55afc04e967e8cdd20cf3eebe97083e0438ea941916a09e7d091818ea830e

C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseEraser.dll

MD5 a24e87f34a9a5160738b7f94094f67bb
SHA1 983e421b7a2d13e3b9ccf22ff4aa28f1a18f192c
SHA256 7545370cc82a2e70a147ee5cdb50b2c994a46f6e7708db9500a2a0c66ee63ba0
SHA512 eff167149195fe45cb5ca8964854c338a1a3ce85de339f9c14148e9bb806b29d3d882aa2c843423a772a69138ce3b8990780db21b9c001af23c0ec77fa327900

C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseDefrag.dll

MD5 2213b5d523f45f4d51bee0b36e8865b1
SHA1 033efeba679c27f4053c01d346573b4d79706b79
SHA256 fc5588ec517efbd7b4f95ceffab07160eba47dcd97f72f6327c3a004c61af7c9
SHA512 61d3b833c53a5d371cab281a5884e5fa85c8c2e7abeb0e36ed88dc1835ae00a8cc8db6f6f77cf4a6acdf795dc42595bf7d52bbed4f96bf658f9d25b63c1273fd

C:\Users\Admin\AppData\Local\Temp\Tech tool store\unins000.msg

MD5 a5e1c77434480346133faf90a3ff8bf2
SHA1 f7771ebc1d19475f1a83d769f276557b676f03c0
SHA256 b1718d2001564b8be91d99edde12899305de4286455b2507017b64af3441c22e
SHA512 d4b60886b35f1c7be0b14f6be044829a55b78921b6c0542ee5d2deb2252dbc7fbb3f99c28d2930f1c655a7b4cc49571feb51dac53d1698cff8d17598eedc2f42

C:\Users\Admin\AppData\Local\Temp\Tech tool store\unins000.dat

MD5 6766f5a4458049bd1d4e2c910cec0c37
SHA1 f14bb0b2c5d7d28417944f0b3cade69feffdfffa
SHA256 1c81ca1be6edc12dfa8a2189d846a207a0adcd53a1a3cb462a466bf28a531b13
SHA512 1a813025cbe7c3e86ce0f196e57be11f4701fdd1869863be878eab62f6532c91d4f5744f9e13e1f93a25169518c0f6e33abceeffcff3fa045b830c0a7fcfc78f

C:\Users\Admin\AppData\Local\Temp\Tech tool store\ucrtbase.dll

MD5 5dafe0bfb955e780b3d50da4524b752f
SHA1 91c0d9fabe748d373215ba21b90278671b5f8957
SHA256 6255112c9978c07a05c6feaee01cf4be74b2920dc7017fbc1a42f8f5d23c20f9
SHA512 37fd37f3ad87838f596d1e8e497fe66d1a1c4128625ab456ec850179dd1e1f33cf4945d0faaf6cdbd1ed586ecfb7ff3e7cf10a88a823cc5eb06c2fc4fa16bff3

C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe

MD5 1459f9d0c62412b9df206c7e819fbf62
SHA1 daddb63d6b1a191e896a01ada7ea79dabf686655
SHA256 75569178b9ff9f2719e17d2d270322151ffc63f8eaac774a64f6c627014451d8
SHA512 924d14ba741b64a813e566864b098e0a426e48412942945d2034ab685548794ca93a4d759fc098f5e8e4df80146a82572bbfe09c7599a109a1dc4837259da5c2

C:\Users\Admin\AppData\Local\Temp\Tech tool store\WJSLib.dll

MD5 76a9b2927a16463c71d88790ba1be60e
SHA1 4494e7416d86bdeb11bf5142267142013439a46b
SHA256 056f9e8ba070febe644dd042fbeac034362a8071e327e6aaa972129be60dec76
SHA512 6881b7090dac0932d4c81ca59d04aa6e8e56e45ec16dea3699c11c36f85955024144b16bf47c30b4a6251882a79b63685221037b9921773586e5ee31a37c9d67

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-console-l1-2-0.dll

MD5 f7af7ee5d48b5540f0e67f12529def2e
SHA1 1d0a54735213f2002918784dc5fc75ee6e7c3578
SHA256 78ff02af7995e0535ee34ddc0d28e8a2fe01404c186530cb3f2d57d683365a80
SHA512 189d60feee6dded1d369585a4fd0305729dfc352697501e7355fba80d279d151cc0f3a3358928b05a91964d14e59eeccfbdda415cf289281c0cb2c246a7d09b2

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-datetime-l1-1-0.dll

MD5 b669e6de4647cd31009b15d5edd7c999
SHA1 16f05edfa04378e99d906e9162b502c99d8ddb61
SHA256 4e560ebdfe0bc1193a0f3feaac35634b0655829d5cc7e79d113f3a994f16d3ed
SHA512 afc8ac85c8fa15fbb3e72b8192314b8ca7eaa0a686ef77747adadd0b902260f2cb0482f76012cfd5023a12a7c0d89b973af97bd4f208389d8ca26005fe4e16dd

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-libraryloader-l1-1-0.dll

MD5 b0537a9eccc0f909c0715fc93b473d8d
SHA1 79e9929c83f5f73314c52f26be4147a74aa80e23
SHA256 8784c4912a2f391d5f0c79b38f48baf88e98bf4fa61614ccb9232d9bd1e4ad54
SHA512 d68e50361566e8800afb5fae32c65c90d2ac7877f9a02f3e2e6af61ccd8f99b484c808a9ba62ec9e4727481798b3d3f4f74d19b16c6ed80536cf89351071bab6

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-processthreads-l1-1-0.dll

MD5 2557484c75d4507688b68a64882e0022
SHA1 ff78c6d44f7474d98402f8e17cfce5d712c41b95
SHA256 50b3e4ffee430c1b45f0ca75959936608f756ae5eb0352e8f3f5f69c5adfaa20
SHA512 e1c502e889664a46acaf0d8cab5d5082f46ad3f6f1a24ec702ec5174d077fff51cce7f80b13c5c22704937ce380ec3b14c088955d94eef1050d293c078869870

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-processenvironment-l1-1-0.dll

MD5 56813b784a1f8cdabedcc10de6e84864
SHA1 b636ba140e1ba7de5e59932702e7b4e53025d651
SHA256 98ee724aa3f5a8ec4f3f8596be5aba5cd19b556f88ef9fbaff1569051a4d0dc1
SHA512 f11739be9ff624044035678cf39b91d28a53f1ac56342baf985a4328da4c64c81107d7e1787ee50efb382472e4d46bb21c520918b8831edc7f6b3db70befa068

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-namedpipe-l1-1-0.dll

MD5 a8f889870885c5784afd47f5e3d33eed
SHA1 494b86c51c8908d17e563c80da0d42350aaf1155
SHA256 8979fe86afe23035caedd5df135786da2b28c095b69ce0179b6484fd680c9b91
SHA512 bb18675a9b311e4c34806ec834886659a95207a4ec9b48b082f5fa0e05f016b9f946db29c7aa20662b4090c7f42a606f9f3a5df48d7ed20c5b404ccf91a1b7eb

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-memory-l1-1-0.dll

MD5 98b1e6d052cee5ccbb7e5af795b9f48c
SHA1 357ef3f8011d7e7f1d4cb30beae58d24d6b05085
SHA256 5c950723ff3118801884df67b6a14543978263a2d2a0437d8c8b2fe8ef3925d4
SHA512 31d961ada87eedfc4c1bb8938b0c4b44842153f4450f48a0c1dc12208f5c1ba62b076ef91a0dbd1c3f98d1e96517904b95e072002c50d2873c8638ddb25417d7

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-localization-l1-2-0.dll

MD5 602a35b140d9d68d7b3e488896158365
SHA1 f1ba615abb54ff786ddbc74dffffd56394bfc892
SHA256 43b98f74476c86107c8317749f54a107e2955696e4f79d3d02683dd7034d1d52
SHA512 4388947f90838cae8b5f8137c9ed2a099028b4341da8c574d536c6ad096bad0e217e105f0367750c70e3d3ca4857255b674955c71ecff0fda9c47a4b1951b8b6

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-interlocked-l1-1-0.dll

MD5 8dcf3111501ed0a01855ebb328537bf7
SHA1 2134bca1fa16133632a1b3f28fc38edc15e933ac
SHA256 76f092341fbef40d5f35f70bab55f2eeb3e70a9b60f46043b342ceab7f79cef1
SHA512 4cb596ca11b4941571f3b998c98707bdf45ad608c9f661e0f0ae528fdb797190c9bb22e58ff65a98e52e3e51396f4c8b22229eefe54f0a73eb49c79d07ce1604

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-heap-l1-1-0.dll

MD5 6e306654a55454e40889407e9334da0c
SHA1 0612894d9fbd8f92299541535f78db05fba3a78e
SHA256 eb02fc995bb92b214dd684e24c1060735f61ad4884ccb4aafa86c7c1de66d621
SHA512 f5a6980824cbfa82c47b20581658eb9fa8eeb2dbcf6bf9b148fe09099a3b131c2a4cc2a129135e708fb72f1cc43f083f93fc85a0e03209b75dfcc09106b977ac

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-handle-l1-1-0.dll

MD5 c8d52cde743f4559e6eda1472ad44277
SHA1 09a19c5c5bc45dbf5391d882015b47cdad4b5631
SHA256 d2926dcb85ab577be75ecab1fc8dcd062318f147e0a9262a3b807bb5acb62beb
SHA512 3a031f282303cf664c6ab04c1561598595ef776799005d8ac7ae091ffd140e4d1d1e23b9f6783618c2bae4dc4d1cf741fdb3f83390d6854de97d85af4c940b23

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-file-l2-1-0.dll

MD5 422adad24e8da100f85bf3de86b5f302
SHA1 7004b3ed8663b5890cd25e1a7899a766be912728
SHA256 e04642684dc7376839c570bc11e9b46cae14420f1a85f7562fd2c4d656a22956
SHA512 e689ecb1a1cb1e7735cb6a961fd054d87bcad01acf76950b14a3bf4e08ddb7a8d31805c203374ee081a4ec13c40b25b3dc83b3895b9bfbd9c135673e98e6ee63

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-file-l1-2-0.dll

MD5 86279521328398e87699d248628eb13a
SHA1 e4d4c39bda90635f1f5c2fc58b1304e2daac9caf
SHA256 3c9b67616fd0ceb3dd92e605918b08556683ebab5537aa76dff300fbd54b0337
SHA512 2cc328955611ad8369ff9facf9c1aabe99a20c3ded2977ad86c69e0f54acd78fa6f572ed688625c8c63016826a10b3578e3c186ef2b39c4bf393ab5e399913a6

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-rtlsupport-l1-1-0.dll

MD5 cec2f0ac232cd07d217299386118692b
SHA1 7cd8218afc5ccf528bb2807168e11e5820c8bddd
SHA256 a5f4f23b01cac69058b7ec0e30b470f90bfc6d40de20e618c3045bf06e4a2cfd
SHA512 e06fc36de71caec6732d2553b5afcd6daf0b8eb4f1aea7d6f6c2ae00b3e3f4172c932458ebb6644e41dd26a48b66dbe935a40bcee68aa7cad4af155befe7019f

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-profile-l1-1-0.dll

MD5 258caf72fd7c60586b4bacfee6b37872
SHA1 4a473ff7cdf254336cf2ff3ddeb03bd047b35af5
SHA256 04c0a5392a18a7555635cde23f9111ea4da550c309827b725a74bb6fd4f0cc64
SHA512 121a366f79ca1c9212d109d1f72a53b31f0bf0394b947949e2a0191629ace8ed107118e512bc8f4e9b43a84b6c936422372be2ff497f2cf13276217b15d079c5

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-processthreads-l1-1-1.dll

MD5 a07afa26ab56a8d3b8b16591a1962005
SHA1 2b6f3143487f747911ee20f039f1ffb1381858ac
SHA256 6be230837149dc2a8c7772142a674c3f90930a55da7f91d791942d8276d5440b
SHA512 b77b277d10cf6b8d209679684ead55b4347caef3213acdccdee35b5d4fe0e3fc136daf057830512c5473c4653a8d66357927c4b7d204c07d7508f792299d7fe9

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-file-l1-1-0.dll

MD5 977831a443ea30ac8cb70f4a069a2795
SHA1 b07313dc2760c524d1bae783e81a7f18743bff87
SHA256 f6eb872448b5147e59f373eee8a9852d1afc5eecb967f713a7f7acb4939e9a63
SHA512 0c17bb97188b6b2aaa49fb3cef94053bf20e7b587cca9307ec4a4e166f4703d17a50c12148b3112cb5d98088bfd186adacb8c55c3d8a634ead2dad93b70b5f18

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-synch-l1-1-0.dll

MD5 efbbbcef1514840d5ad9d8c084a0147e
SHA1 d046a440556ff7b9857963d86dd050ccd6b0533c
SHA256 9c1d190c85b9ccfb171d3db4ec363c97a3452bb365dd75dbda5ec9cad1a5d803
SHA512 fe78850b3acaa725f4a3f65fccc3c2644ef43eebe3c0083c0d4e9e967cfb230d966dee87dcd8a27f4dc452d7e72ea7efb24ab7b9dbcd58ab81f78d0d110829bc

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-synch-l1-2-0.dll

MD5 ed215daa7493bf93c5eadef178a261e0
SHA1 b20c8dc7ba00f98a326f5f4fd55329b72f8e5699
SHA256 8b7c8fc657e0dab0f2506001ca4bb76e675ffd18a2b4d9c1e03b876e008a7a26
SHA512 3ed052eada11c3dc44f81f330bd2a2526170515bc6a90281872a93ee49f9add8c9ad36b9a9e9185e251d664c1694d06625e0148e113addc32e53d705d2655f03

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-string-l1-1-0.dll

MD5 01cbaa0aafba1275cc23c29f139d399e
SHA1 5ca1434545c02c3f34bc9facf9b2eecc89ec3a24
SHA256 dcb3fc36c43a402b4b35644f1e7f6d6db31ef8d0a731c3b882e2cf3201a6714c
SHA512 f5a3d05690bf409d2b8d7eb96ac4fde1e2d27add79945d6d9f2482ee61c6698ee0e167e9677a61a435d99175979e8651f34b92a6d057236254a0a2ba1a9cc79f

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-errorhandling-l1-1-0.dll

MD5 1a456489a0e26cf602d4af97fd537b0c
SHA1 fa62a55a403ee92b1d5f31ce2c5cc65e2de03247
SHA256 3e8d67f3978e40a636c5fa86c310801d6d6b74127e556c57ff6fde8e1d7b706d
SHA512 04a61c6d79c72d729d602c4a5d069c73cd92b0586d988056b2f2cebf88bac5723c1928d4a1a08fe13151ba9905cc28aeafbe344c829fadc66f138aac43e8c147

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-debug-l1-1-0.dll

MD5 bf8a71efcaa8260de58ab657dbf624c6
SHA1 48a1e8fd73c0b16304f0fafd6e7f6b5efb476314
SHA256 c3003ff52917dbac5d3feec1bdea8ad4163893ec2d320f904b6d3698a6dbc7bc
SHA512 e1284fe0c7f42204043320322dbbaadfe194aae4eef0aa863b25176107ec9900a2a0dfe4778b7ca5960d6b187e7cc61e028bd02ae0dae20a90591e33165dbc0f

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-console-l1-1-0.dll

MD5 22df48515382f53b828728892c65e62d
SHA1 f834220481f9acab2fce917bd6271705c3300872
SHA256 97955d1f5134350fbe6c829061e01106304978651979f4ecd5ec146bfc70d36b
SHA512 97507029a6d0057812da1a917b14e021747a1e13e4a1406e73d4f330f0fd1b9822f6300a5030d2aca8063da6da2a5a1e6e9a5a2c8ca612401188713e779fa608

C:\Users\Admin\AppData\Local\Temp\Tech tool store\zlib1.dll

MD5 7cfdbfec8b16876767f5895fae94f6cd
SHA1 49644b75dc5ef3e1f6e122f8b6e5569b74b1e2a5
SHA256 322062f0287317d3f41180bf79e54c4ddf4646a08fcd55263fd05ad56b8e1cba
SHA512 02a10c91098b79cf4b53dfeb595283cd0bcd5b70ddc803f401600d321a54d3ce51ec24962473a47b9679b573a2223ff7f02be57866bfd961cea3f1a81bcea683

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-sysinfo-l1-1-0.dll

MD5 aed0b2511a396bb258a7bc7bb646b951
SHA1 151b08d20538990b894afef34de451708b5f334e
SHA256 fb7ffa16bfdf7392535b8e78a86db89ed9032f67a16b127a105582fab118cf2b
SHA512 dd7cdb5f401dce1566e331a3184ebd2c71f6d2dc4eb59f384bfb2daea8ce8a146d7449d989da2193abf30cd568e67bc932e28c8b93c7d6beceac0c7cb9ae1f5c

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-crt-convert-l1-1-0.dll

MD5 c6385b316bb04ca36d76b077eeb9a61e
SHA1 fc376f68798fecd41fb1c936eed1bce3f2ee6bef
SHA256 060636cfc58587b4344a6d0ff4f44dd77266f2bbdb877cb50cb1b44a7e3969bc
SHA512 bddf0f34bedb17ecf1d270a0613f27d174ae04f920192d7d1af6c15245175318b29691e748c36e2ce0a3027495b2f5a0bb688ae16095fad9dcd8c283b6d1b1d4

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-crt-environment-l1-1-0.dll

MD5 311e582d5d3d8421e883c4a8248eacc8
SHA1 c99e61d1446fce0f883a2aad261af22d77953a59
SHA256 369cc4d3bb05f4160a0bc9683feb1df2e94d02f061e4b23d53c3a6e2230cd5e4
SHA512 050ed1310e667e6bb22bb7952794745df1eee0c78f18240cc2217e748a11213d094b48153964c3da0ad8141da1709ece637315633396c77c035bb0565fa981b4

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-crt-filesystem-l1-1-0.dll

MD5 10731d3320c12abb62d3866d7e728cce
SHA1 df4e131c825d1ca5cd14e00e5c04785d6ca508f7
SHA256 9f3eb90963916194f167e98e049707b14fa84a3f11cb8cc7b940d95956601700
SHA512 7eeef98682872fd95a38a03435546349c8488607e59870086b486b807e8b53893603175d9ad0f3b80c1924381daca8d14868a6079988a944b005783b4e2e358e

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-crt-conio-l1-1-0.dll

MD5 6e044455d104db0a31983ba722394d00
SHA1 aec808b8c70326506b7a07241b6aac817ca8bfa6
SHA256 7b5d400a141f363f553f61fa11e94a6851d1eeb510cb7988012862ed13208c97
SHA512 eb092e48f9bc4edac67ba5cc11199ad06f313a37df1b29053e105843519a59ada48915a5448d74d464cd1b05e0750c0f4339e6aed6390b31acbeff2d84f9b166

C:\Users\Admin\AppData\Local\Temp\Tech tool store\API-MS-Win-core-xstate-l2-1-0.dll

MD5 d911ac41d48ce1f57cf82d77476960f3
SHA1 b0437d8fcc3835f642280680677fe65af70cdb90
SHA256 e98e9ea1645b11f2fe6f21bddfd6dd5d58a3f158c7501f4534793da3eaccee3a
SHA512 a5edf14e0c88ffee32455ba9508d07614bbdd9cb3916c89d88a1b8dc7d6c05e9894e2ba2dbba6ccc68fda30928a078f3b650ec563f633b9ff6e3b4cba5db1c91

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-util-l1-1-0.dll

MD5 7294cef433dd8afa73982ea96dbd6f6a
SHA1 c73b123197e6ad47b13febeafa912fdad566c8ee
SHA256 21c57c8ae9407cedb50bcebf7f844a5933d274676f3194a87997672c7177cadb
SHA512 24048bd06f0a3ce593eadab4fee4e26aa339faba52ae52dd36f0c66ee5d7c166f68fff8ff5dbfffde26588351ca4b6de033528dd4b0a15b0afe3ddcaf13b8661

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-core-timezone-l1-1-0.dll

MD5 a9c7db516186c8e367fed757e238c61a
SHA1 1318d6496e7146e773aca85be6d0e9b87a09e284
SHA256 ded52bac23633a03341969c5b98b0d94d24fa3284c1ddd0c489e453b39cec659
SHA512 6aad003287afe86abccf34f6b15338c0c7380f4837805d919064a26380d2f3f7698515f927c148e618c12f0943d3621184bebc70a8b07eed64ad88689fbcc5cb

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-crt-heap-l1-1-0.dll

MD5 cf5f256e8cd76ba85e6c3047f078814a
SHA1 b7cde77313ceaae76a46c1111b33b3d8f47c4214
SHA256 9382fc8d5cbcc23c5d05e6f48f4188af3f96efbbdc5a7ec05b37e252440ecfc1
SHA512 856eff4fff1d11a725af9c3e5ceac6d02a89297a16e97edec171839aa12c468fc37d60ec5df06d507cee695f71b7fbd4bc0ba51b7934d886e66a43b249e62da5

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-crt-locale-l1-1-0.dll

MD5 60ffdc3ef20b127e3fd14a0719328c34
SHA1 b510833350328f79a79fa464ea9d5e9455643659
SHA256 43c9ea4ddecf2f34852559cf0b40b5261e6701d3743ab219f48d43a312707ad9
SHA512 caef6ee08c9f6fabecef1f0be37ab34e2d4dc22f15a775b2f0dcacda1f0fcdf2259399e6fbab85f0f00e8e4b03d77fe88b85b901a9ba2f775a50f2da724da26e

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-crt-math-l1-1-0.dll

MD5 78dfcb76dc8b42411dbc682f78f5c6eb
SHA1 e50f6719fee44c70518cf8442737a688b5f45e62
SHA256 8673dd898f899de831fc3052c8b8254b7b85ee7f2b9b6c422736668689c9b14f
SHA512 968bb3bc952f4057f74c9c8825fcc2db34b9c56166ee39db3bab3d4ecf51fb65af250a8a65340274a1a0c0eed73b6c8962df5d2fce586c1ef4e19706edd5e6e1

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-crt-stdio-l1-1-0.dll

MD5 f681a45c47ebb2c56c1465677ec33ff3
SHA1 06bf7798c51325cf1806e14dea56ff98b05b7846
SHA256 3a03d727d291be57057587227273af410eda935438d8a0a165ec63ae772809af
SHA512 eeb05f1af7e1c714c658e9aa06e8c6dbeeb5f2e8dcf3fdb7b9b408018e41402d83893472114e0cf6d3a9a3bf54ec45c4f7a4840a09570d190277aa3514681ab8

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-crt-string-l1-1-0.dll

MD5 00446e48d60abf044acc72b46d5c3afb
SHA1 0ccc0c5034ac063e1d4af851b0de1f4ea99aff97
SHA256 82d26998b4b3c26dbc1c1fff9d6106109a081205081d3c0669e59d20d918bc5a
SHA512 69114f0efb3c853bffb55c15e5ad1b7919057a676056d57634a6a39916e232cde2dcdc49ea0f9751ddea6550ffa58f84b1f8918b3c9fd7e88c8b8f7eb4afeaf2

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-crt-runtime-l1-1-0.dll

MD5 8bd7a27e6ca969d3eb46086d411ce05d
SHA1 3bbf6f55853b1487debca58d7cb5c877d0abd517
SHA256 8edc95578b8c9ca93a65907e428fa2b57fef8370b902912689332bc61094904c
SHA512 fee8359398efe6a995a214d4e47de43aba12d33bb9cb1de18659d332d94ef83a4a77618b6caa9f455b0c6da4c10ab459209d483b9e778d9b522771ca692ca454

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-crt-process-l1-1-0.dll

MD5 48e6bb6df76fc8f009b066f588b13c1f
SHA1 1db7352875992737effbc487252ccfa09ac3dc53
SHA256 253caf243f9fd21f45c052384ed08f4c10ed0da0dc3ac55aa1c9e4249e1103d9
SHA512 0c4ad3cfd90515c27efdb7e9fac2082e5a33a006f38c5be526e7a85d3046b28424c10d59ad88bda72ec07445231dffda47326de2451df65a2cddec791bf83623

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-crt-private-l1-1-0.dll

MD5 8f2b23d0d913fca49fb5b9a715a73519
SHA1 6adde370204c8fde3979f707fa6306f831dea8ec
SHA256 722edc4fcf0cedc233f56227848b25318e2c211d5b3a4944fc294551f80d2652
SHA512 bc8e7b572fbb9a5cc5110617b1bb525fb41f0f435dfff7a332571785d50dfd43449fbacdd3c2ffe64539a26fbd33147f1b219f167b55eb7825249eb3237188da

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-crt-multibyte-l1-1-0.dll

MD5 a11597ab7e11d673c8f0b9082f16abb6
SHA1 09efc61cea01812db305cfa8b8ff95b4acad3b1d
SHA256 e2c9693500cc7ce5cba81f81a68abf2ca783e187cfbaa9b52dd6c157c940a854
SHA512 3fd3b0ebed8e97bf4c6dfa4ff2ce3c9b5e82905c2d8d674da64f4e3a9b0362c8b35f10895445d34b008b00c77b7d5ea079416d34b10ccce99fe6c7da6d17d72c

C:\Users\Admin\AppData\Local\Temp\Tech tool store\fileshredder.ico

MD5 d8e48de3e5710fabd066c2bc02445c02
SHA1 d5b86bff4cd388659633ac3d6969fee82aed3bdc
SHA256 1d1e9558edef4ce724f93f80dc96fa5d7306d341f89bcbe61694900a409a2e9b
SHA512 baf61410094ad50ea8de5918d1688c902ee8366cb6c26ca3fc23fc6c2207001adbef05d2c58a1355ad80b9ce790618ccd98580a6e23364a6e3c850cc1adbe8ed

C:\Users\Admin\AppData\Local\Temp\Tech tool store\DManager.dll

MD5 ebffe71ff23b7a95dd5075f34a547d70
SHA1 5d9469960555810ec002274dec79d449885bef22
SHA256 6739072f5ae3eb2ce528fa35fdb47002f80a048a34ddfb9b8266e3ac552f2c08
SHA512 bc6dcd365e2a8e58099c73b43f9466a5b7a6a6d74ea35b834e80fb9dbc285ed296742b8e2c52fb49836cec81cf17d448e6dbe0a32cdcae12267469247db289be

C:\Users\Admin\AppData\Local\Temp\Tech tool store\libeay32.dll

MD5 50ef8016e3829379b64d151b51c66550
SHA1 765ec0e6955d1e07ec71f491ef73aca4129d0553
SHA256 4fdbb8990fe87a49d6103c1cb4665805b34fae04a98e21626dd5afc306db6259
SHA512 63246737baeb5beaf4a79622d9998617b45349f118ecd869f6d1399b28dc611f47cb6fb54f508d90ecca06423719fe600375098abc188fa078c69b794c676dee

C:\Users\Admin\AppData\Local\Temp\Tech tool store\DefragOptions.ini

MD5 a0eac4d8f4ee86740825896d8165532f
SHA1 0788f2da879b57ed54d77bc179a4858a35b3df61
SHA256 c0d303506cb38836309d910d2d4131d9c161c9c19387db375eaee3812524a1ea
SHA512 64a62416c65aede86a2402569e00ece1fda6eebc35f6b6e25dad0dc7033df46bba938e74cfb0405c47662d8a457a11f569d4b90013cab911440eb268707a5381

C:\Users\Admin\AppData\Local\Temp\Tech tool store\concrt140.dll

MD5 ccadf05c27e94a9e1a9ad9794aa05514
SHA1 6d0dd40402d62dc4e78c56605c72f700ea12a8ce
SHA256 768646418668e5b4840610305790ad6f981e85ac65123ab7a952b198c24c28fd
SHA512 e0205e2f694301e4603a633691fa551911b6d42f3559ea5d57065eb73e9ca2edeee76384122724b1c9cf0f5534835172cd201f2e8491a5ae84d104c9ef3138e1

C:\Users\Admin\AppData\Local\Temp\Tech tool store\cm

MD5 b56ff480a051053678aa4d4a45cbc2b8
SHA1 9bf6cf9994ecd0ccc5cb8832efdb95c3eb2cdd14
SHA256 ae8592271f22f64e62cf67e82cd31feaf2ec192ae5387af464b82093c97ce1e0
SHA512 6763a10e884cff05c7f6b36ce5b4d88594594cfbfc252eee4d5e573f30d96614f42783898b348e7a7886e57bf8ee36289c3f2ba8a44959538267f5612d87fa07

C:\Users\Admin\AppData\Local\Temp\Tech tool store\bz2.dll

MD5 bb1ea7cade180a0c012c2289c7d820cc
SHA1 67a17ae0aed053d8fb071450dff8f843a1255112
SHA256 30998439b2fbc620f3f87799f8a98e8519f26b227bf498877b11dfb52147b698
SHA512 3b10462ae03ea57bfad298c4d59da247b8ad971aeec0c9ad439a72b1756ee627fba23fe9044df9a8301b0fe1099bbb9988869ccce1102314052a49bf0cbdf317

C:\Users\Admin\AppData\Local\Temp\Tech tool store\BootPack.wpk

MD5 4f001d0e372baef55838f46888e460e4
SHA1 50450528413983b274823b87214ce6b92aace3ad
SHA256 bd4c6e3fca00c524ffdf8b1f4b491a78041f9f7e871aa1da506b341c509cea5f
SHA512 f4d01c4f9f13dad555083f04994b64408b8a705bddc28e608368d71fb0b39a79f472a0a46aeb943c4c317177e4f61fdef613c194b75e19aa0f77e216190fd0a8

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-crt-utility-l1-1-0.dll

MD5 6376bf5bac3f0208f0a5d11415ccd444
SHA1 c3fe96e51c3f3e622dcedd2ddf8d23f9442361b8
SHA256 e36763df57cd26ec2b4d52e27de51a4ca6f18caf86cbac8307bf4817705f9a0e
SHA512 9614e423c850bdb584f18555825214d42106966b1ee71e75ba7407591aa5de407b43909ce972e1923df82e9a0e953597fe19646296962194ebeb1579493d91c2

C:\Users\Admin\AppData\Local\Temp\Tech tool store\api-ms-win-crt-time-l1-1-0.dll

MD5 376b4a7a02f20ed3aede05039ec3daf0
SHA1 c9149b37f85cfc724bedc0ecd543d95280055de1
SHA256 b0b8fc7de3641c3f23d30a4792c8584db33db6133ee29135c70bb504e80e4a2c
SHA512 ff7fba7cd8c9b55c1c87104d7d9074ef0eed524b02480ecf2c80e5cd489c568e1ed63bc62699a03272cab3dcbf20e6437e1f47ce112bcb3336d27ed2790430c5

C:\Users\Admin\AppData\Local\Temp\Tech tool store\libmap.dll

MD5 53634bc76f19ea065981ac1b02225df9
SHA1 7d1cb4ae535c30d2443c4b8f14927300c8449839
SHA256 e9053b628bf89440e0ad4874a5c234fe058539f20f9bf02d36c7492fed70857a
SHA512 3b46f34b4d370f44f219f0a404ae1f9a53897ddaabfb7665197dc16b538a13d9ee89af7053fd74998dc38321af8f076759f535d5a855f6ff5212d88704c79d3a

C:\Users\Admin\AppData\Local\Temp\Tech tool store\License.txt

MD5 4a0f1a666912e64f1ba811fc24d7135f
SHA1 dcbadd9698e306f0cd6e80737fc44f53336cf36c
SHA256 d6b418c619ba7456b594dff10c3face4ac28609a64f2bf5e635292d7ff4f57e5
SHA512 36eba1cc1c0ac8d5fee7e88fd90b01ee800945ebed45ef92adf64e4aa356a2afe9acc6b07cae478cc467ca62b4a7895cecc3af9bbdf93c2a9c2271253ed00342

C:\Users\Admin\AppData\Local\Temp\Tech tool store\msvcp120.dll

MD5 fd5cabbe52272bd76007b68186ebaf00
SHA1 efd1e306c1092c17f6944cc6bf9a1bfad4d14613
SHA256 87c42ca155473e4e71857d03497c8cbc28fa8ff7f2c8d72e8a1f39b71078f608
SHA512 1563c8257d85274267089cd4aeac0884a2a300ff17f84bdb64d567300543aa9cd57101d8408d0077b01a600ddf2e804f7890902c2590af103d2c53ff03d9e4a5

C:\Users\Admin\AppData\Local\Temp\Tech tool store\msvcp140.dll

MD5 fdd04dbbcf321eee5f4dd67266f476b0
SHA1 65ffdfe2664a29a41fcf5039229ccecad5b825b9
SHA256 21570bcb7a77e856f3113235d2b05b2b328d4bb71b4fd9ca4d46d99adac80794
SHA512 04cfc3097fbce6ee1b7bac7bd63c3cffe7dca16f0ec9cd8fe657d8b7ebd06dcba272ff472f98c6385c3cfb9b1ac3f47be8ca6d3ea80ab4aeed44a0e2ce3185dd

C:\Users\Admin\AppData\Local\Temp\Tech tool store\msvcp140_1.dll

MD5 4d10412f92fa6962ea7ebfaaf17b29a4
SHA1 cef3d60b9f5f1ed81fd3fb3273f89814d9fba7bd
SHA256 72f358aa9cae44582b6207333b94655e0c41c00095b0a50879f4c2b1bdf7b5cd
SHA512 a8b8508d1069f0e4171d532aba262c4fc9e45310501e6fec506b3b902945f21521b782da267ce3838beae134dbb6efc45d33bd8e672547b4b2ef6a7ae2bab14b

C:\Users\Admin\AppData\Local\Temp\Tech tool store\msvcp140_2.dll

MD5 0e7bbf00d2659db77d82d04e64dd90fa
SHA1 a121f7bfcac3e14e83eae2118a5ffe6eea439ccd
SHA256 6ff622279f62296d3aeca95c0daca7cee8fb50354f53740a1808cdc6efdcea80
SHA512 c150e80887e34b364b252ef9e4a6bd198a3586b2895bf6d5a7e872901a715db6d5f34ce6b7fdcef4b77d45380089db79543d309cf6b9ca2bd0f44bdafea12cc2

C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe

MD5 1459f9d0c62412b9df206c7e819fbf62
SHA1 daddb63d6b1a191e896a01ada7ea79dabf686655
SHA256 75569178b9ff9f2719e17d2d270322151ffc63f8eaac774a64f6c627014451d8
SHA512 924d14ba741b64a813e566864b098e0a426e48412942945d2034ab685548794ca93a4d759fc098f5e8e4df80146a82572bbfe09c7599a109a1dc4837259da5c2

C:\Users\Admin\AppData\Local\Temp\Tech tool store\sqlite3.dll

MD5 c86d13c52aa1c7d0e39cc9f6d20ccd22
SHA1 8622a443874feebb2e5cdb9792a447acb97f78af
SHA256 7fdc0ad5ee9678eb66448b121beba9597ca6742d4474ff75d080a5c5014ec9c9
SHA512 ea629707a590a3494f63d17e6d4b74f9fc3341216f3fada2f1a1e5c318f83149130ea87afb8eb87168428ed21dc0c4cd4612bf66517ec67874e9a75c694e6af6

C:\Users\Admin\AppData\Local\Temp\Tech tool store\libmap.dll

MD5 53634bc76f19ea065981ac1b02225df9
SHA1 7d1cb4ae535c30d2443c4b8f14927300c8449839
SHA256 e9053b628bf89440e0ad4874a5c234fe058539f20f9bf02d36c7492fed70857a
SHA512 3b46f34b4d370f44f219f0a404ae1f9a53897ddaabfb7665197dc16b538a13d9ee89af7053fd74998dc38321af8f076759f535d5a855f6ff5212d88704c79d3a

C:\Users\Admin\AppData\Local\Temp\Tech tool store\NlogExt.dll

MD5 1a75878dea8f5580c25e0b9f1c734949
SHA1 20d4c35f95b4d608aa73897680b3f0ceb219d37f
SHA256 1b393ad82fbe93add01c73613156cecd98f9668f5ed8a0faa04704a510b7bf2e
SHA512 6e65f45ef099d21beaf429e0e0c6c6122e64d27f6932afd2a2459fc6cafb5af58efb45440cc1e3f51ac7678748af85cb9e878e68efa3505980f115dc6a272ac2

C:\Users\Admin\AppData\Local\Temp\Tech tool store\libmap.dll

MD5 53634bc76f19ea065981ac1b02225df9
SHA1 7d1cb4ae535c30d2443c4b8f14927300c8449839
SHA256 e9053b628bf89440e0ad4874a5c234fe058539f20f9bf02d36c7492fed70857a
SHA512 3b46f34b4d370f44f219f0a404ae1f9a53897ddaabfb7665197dc16b538a13d9ee89af7053fd74998dc38321af8f076759f535d5a855f6ff5212d88704c79d3a

C:\Users\Admin\AppData\Local\Temp\Tech tool store\NlogExt.dll

MD5 1a75878dea8f5580c25e0b9f1c734949
SHA1 20d4c35f95b4d608aa73897680b3f0ceb219d37f
SHA256 1b393ad82fbe93add01c73613156cecd98f9668f5ed8a0faa04704a510b7bf2e
SHA512 6e65f45ef099d21beaf429e0e0c6c6122e64d27f6932afd2a2459fc6cafb5af58efb45440cc1e3f51ac7678748af85cb9e878e68efa3505980f115dc6a272ac2

C:\Users\Admin\AppData\Local\Temp\Tech tool store\sqlite3.dll

MD5 c86d13c52aa1c7d0e39cc9f6d20ccd22
SHA1 8622a443874feebb2e5cdb9792a447acb97f78af
SHA256 7fdc0ad5ee9678eb66448b121beba9597ca6742d4474ff75d080a5c5014ec9c9
SHA512 ea629707a590a3494f63d17e6d4b74f9fc3341216f3fada2f1a1e5c318f83149130ea87afb8eb87168428ed21dc0c4cd4612bf66517ec67874e9a75c694e6af6

C:\Users\Admin\AppData\Local\Temp\Tech tool store\MSVCP140.dll

MD5 fdd04dbbcf321eee5f4dd67266f476b0
SHA1 65ffdfe2664a29a41fcf5039229ccecad5b825b9
SHA256 21570bcb7a77e856f3113235d2b05b2b328d4bb71b4fd9ca4d46d99adac80794
SHA512 04cfc3097fbce6ee1b7bac7bd63c3cffe7dca16f0ec9cd8fe657d8b7ebd06dcba272ff472f98c6385c3cfb9b1ac3f47be8ca6d3ea80ab4aeed44a0e2ce3185dd

C:\Users\Admin\AppData\Local\Temp\Tech tool store\zlib1.dll

MD5 7cfdbfec8b16876767f5895fae94f6cd
SHA1 49644b75dc5ef3e1f6e122f8b6e5569b74b1e2a5
SHA256 322062f0287317d3f41180bf79e54c4ddf4646a08fcd55263fd05ad56b8e1cba
SHA512 02a10c91098b79cf4b53dfeb595283cd0bcd5b70ddc803f401600d321a54d3ce51ec24962473a47b9679b573a2223ff7f02be57866bfd961cea3f1a81bcea683

C:\Users\Admin\AppData\Local\Temp\Tech tool store\zlib1.dll

MD5 7cfdbfec8b16876767f5895fae94f6cd
SHA1 49644b75dc5ef3e1f6e122f8b6e5569b74b1e2a5
SHA256 322062f0287317d3f41180bf79e54c4ddf4646a08fcd55263fd05ad56b8e1cba
SHA512 02a10c91098b79cf4b53dfeb595283cd0bcd5b70ddc803f401600d321a54d3ce51ec24962473a47b9679b573a2223ff7f02be57866bfd961cea3f1a81bcea683

C:\Users\Admin\AppData\Local\Temp\Tech tool store\vcruntime140.dll

MD5 ba65db6bfef78a96aee7e29f1449bf8a
SHA1 06c7beb9fd1f33051b0e77087350903c652f4b77
SHA256 141690572594dbd3618a4984712e9e36fc09c9906bb845ce1a9531ac8f7ad493
SHA512 ca63eeac10ef55d7e2e55479b25cf394e58aef1422951f361f762ab667f72a3454f55afc04e967e8cdd20cf3eebe97083e0438ea941916a09e7d091818ea830e

C:\Users\Admin\AppData\Local\Temp\Tech tool store\bz2.dll

MD5 bb1ea7cade180a0c012c2289c7d820cc
SHA1 67a17ae0aed053d8fb071450dff8f843a1255112
SHA256 30998439b2fbc620f3f87799f8a98e8519f26b227bf498877b11dfb52147b698
SHA512 3b10462ae03ea57bfad298c4d59da247b8ad971aeec0c9ad439a72b1756ee627fba23fe9044df9a8301b0fe1099bbb9988869ccce1102314052a49bf0cbdf317

C:\Users\Admin\AppData\Local\Temp\Tech tool store\cm

MD5 b56ff480a051053678aa4d4a45cbc2b8
SHA1 9bf6cf9994ecd0ccc5cb8832efdb95c3eb2cdd14
SHA256 ae8592271f22f64e62cf67e82cd31feaf2ec192ae5387af464b82093c97ce1e0
SHA512 6763a10e884cff05c7f6b36ce5b4d88594594cfbfc252eee4d5e573f30d96614f42783898b348e7a7886e57bf8ee36289c3f2ba8a44959538267f5612d87fa07

C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe

MD5 1459f9d0c62412b9df206c7e819fbf62
SHA1 daddb63d6b1a191e896a01ada7ea79dabf686655
SHA256 75569178b9ff9f2719e17d2d270322151ffc63f8eaac774a64f6c627014451d8
SHA512 924d14ba741b64a813e566864b098e0a426e48412942945d2034ab685548794ca93a4d759fc098f5e8e4df80146a82572bbfe09c7599a109a1dc4837259da5c2

C:\Users\Admin\AppData\Local\Temp\Tech tool store\vcruntime140.dll

MD5 ba65db6bfef78a96aee7e29f1449bf8a
SHA1 06c7beb9fd1f33051b0e77087350903c652f4b77
SHA256 141690572594dbd3618a4984712e9e36fc09c9906bb845ce1a9531ac8f7ad493
SHA512 ca63eeac10ef55d7e2e55479b25cf394e58aef1422951f361f762ab667f72a3454f55afc04e967e8cdd20cf3eebe97083e0438ea941916a09e7d091818ea830e

C:\Users\Admin\AppData\Local\Temp\Tech tool store\bz2.dll

MD5 bb1ea7cade180a0c012c2289c7d820cc
SHA1 67a17ae0aed053d8fb071450dff8f843a1255112
SHA256 30998439b2fbc620f3f87799f8a98e8519f26b227bf498877b11dfb52147b698
SHA512 3b10462ae03ea57bfad298c4d59da247b8ad971aeec0c9ad439a72b1756ee627fba23fe9044df9a8301b0fe1099bbb9988869ccce1102314052a49bf0cbdf317

C:\Users\Admin\AppData\Local\Temp\Tech tool store\StormLib.dll

MD5 09c4266b11233aedaff9bbb97ff7dc50
SHA1 212f6f2df299f8f1c4c481bb92e9e958d48421e3
SHA256 f52d1ed4c1350bf7726ad3ef926329267e35bf67bd938e5e1aae324dcef31469
SHA512 b17e865ec5a8caf5bca88857ea3bad0dfc5d9fd0448ee52671876202b1870783a5de8f2d76b9d5363aeeb89b383314c8d65769674bd9b911551cdaa5c8654dcb

C:\Users\Admin\AppData\Local\Temp\Tech tool store\VCRUNTIME140.dll

MD5 ba65db6bfef78a96aee7e29f1449bf8a
SHA1 06c7beb9fd1f33051b0e77087350903c652f4b77
SHA256 141690572594dbd3618a4984712e9e36fc09c9906bb845ce1a9531ac8f7ad493
SHA512 ca63eeac10ef55d7e2e55479b25cf394e58aef1422951f361f762ab667f72a3454f55afc04e967e8cdd20cf3eebe97083e0438ea941916a09e7d091818ea830e

C:\Users\Admin\AppData\Local\Temp\Tech tool store\msvcp140.dll

MD5 fdd04dbbcf321eee5f4dd67266f476b0
SHA1 65ffdfe2664a29a41fcf5039229ccecad5b825b9
SHA256 21570bcb7a77e856f3113235d2b05b2b328d4bb71b4fd9ca4d46d99adac80794
SHA512 04cfc3097fbce6ee1b7bac7bd63c3cffe7dca16f0ec9cd8fe657d8b7ebd06dcba272ff472f98c6385c3cfb9b1ac3f47be8ca6d3ea80ab4aeed44a0e2ce3185dd

C:\Users\Admin\AppData\Local\Temp\Tech tool store\StormLib.dll

MD5 09c4266b11233aedaff9bbb97ff7dc50
SHA1 212f6f2df299f8f1c4c481bb92e9e958d48421e3
SHA256 f52d1ed4c1350bf7726ad3ef926329267e35bf67bd938e5e1aae324dcef31469
SHA512 b17e865ec5a8caf5bca88857ea3bad0dfc5d9fd0448ee52671876202b1870783a5de8f2d76b9d5363aeeb89b383314c8d65769674bd9b911551cdaa5c8654dcb

memory/4260-823-0x0000000002E20000-0x0000000002E21000-memory.dmp

memory/4260-826-0x0000000008770000-0x0000000008D40000-memory.dmp

memory/4260-824-0x0000000008D40000-0x0000000008DFC000-memory.dmp

memory/4844-828-0x00000000001F0000-0x00000000004C3000-memory.dmp

memory/4844-831-0x0000000074F40000-0x0000000074F4E000-memory.dmp

memory/4844-833-0x0000000066680000-0x000000006668E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Tech tool store\Rate.info

MD5 b1eec5c6b26ecfc6a974757087e3d2af
SHA1 b61648dfdb68b40d1b6f491bb96f494f5e34f5c1
SHA256 c6d14ae1d22ead7db02768a974d8f9380f88beaedc5b0becbcd361ae805a2e00
SHA512 8f2edf6a5b649df864873323e7fae1a475050d6d603165c8322061805f7b4a7b42b349b3800d59cb6fdaa6561a5e6afee18b42b77eff41bb93aa0f503dea5219

C:\Users\Admin\AppData\Local\Temp\Tech tool store\BootPack.wpk

MD5 4f001d0e372baef55838f46888e460e4
SHA1 50450528413983b274823b87214ce6b92aace3ad
SHA256 bd4c6e3fca00c524ffdf8b1f4b491a78041f9f7e871aa1da506b341c509cea5f
SHA512 f4d01c4f9f13dad555083f04994b64408b8a705bddc28e608368d71fb0b39a79f472a0a46aeb943c4c317177e4f61fdef613c194b75e19aa0f77e216190fd0a8

C:\Users\Admin\AppData\Local\Temp\Tech tool store\skin.ico

MD5 bd185b875af6e53f699096e2fe95cbbb
SHA1 7b59c7707159fc489bcc477acd61248e1c4a155d
SHA256 0a326b06aab1fa6ba3939db15e82cb5f4387ce9c163c6a8458acc8c79abd5490
SHA512 e9c7d2ff9a691b8981e95a9279209afc7652c4daa99e346437419b13266cc97f44e1af554b4dd2a5c2608da44ee18b6ca329a7d1e3a9fd8df58c84d08ee07090

C:\Users\Admin\AppData\Local\Temp\Tech tool store\settings.dat

MD5 02aa61f22deb85d2bb9215a936dea9b3
SHA1 3cf45cb7646600bff9380ceb037e5f48b0a31146
SHA256 5954e948dca63d51b08cea89a33e595c14333728a206a4ae78e4651893f7e6f7
SHA512 fbc80a77912b437a0e3d5d43b01def9a7d646eac944e7866a7df7701a1d18de31ee9ab4c1feac0d9ae0dc5b20f4099dfbe4373673cb50545503d53cda50ffbc4

C:\Users\Admin\AppData\Local\Temp\Tech tool store\unins000.dat

MD5 6766f5a4458049bd1d4e2c910cec0c37
SHA1 f14bb0b2c5d7d28417944f0b3cade69feffdfffa
SHA256 1c81ca1be6edc12dfa8a2189d846a207a0adcd53a1a3cb462a466bf28a531b13
SHA512 1a813025cbe7c3e86ce0f196e57be11f4701fdd1869863be878eab62f6532c91d4f5744f9e13e1f93a25169518c0f6e33abceeffcff3fa045b830c0a7fcfc78f

C:\Users\Admin\AppData\Local\Temp\Tech tool store\unins000.msg

MD5 a5e1c77434480346133faf90a3ff8bf2
SHA1 f7771ebc1d19475f1a83d769f276557b676f03c0
SHA256 b1718d2001564b8be91d99edde12899305de4286455b2507017b64af3441c22e
SHA512 d4b60886b35f1c7be0b14f6be044829a55b78921b6c0542ee5d2deb2252dbc7fbb3f99c28d2930f1c655a7b4cc49571feb51dac53d1698cff8d17598eedc2f42

C:\Users\Admin\AppData\Local\Temp\Tech tool store\Themes_v6.txt

MD5 95d94ab71ff2d1d22401ad824ff67b0c
SHA1 c26c2061c256e9ffbe413cea4f41153422dc9deb
SHA256 42f9de7641098ff03b904d2981209bc085064560efd03be68a08f3d552ea2b63
SHA512 d8dc7cf66183c84482116c0df60c330c0bf6090c1c4d45a7ad1e77d1fd7cbdcde803e5b3186d916f06d6a1f032878d811f2e54547bf4327b79d52ae526ab9d13

C:\Users\Admin\AppData\Local\Temp\Tech tool store\License.txt

MD5 4a0f1a666912e64f1ba811fc24d7135f
SHA1 dcbadd9698e306f0cd6e80737fc44f53336cf36c
SHA256 d6b418c619ba7456b594dff10c3face4ac28609a64f2bf5e635292d7ff4f57e5
SHA512 36eba1cc1c0ac8d5fee7e88fd90b01ee800945ebed45ef92adf64e4aa356a2afe9acc6b07cae478cc467ca62b4a7895cecc3af9bbdf93c2a9c2271253ed00342

C:\Users\Admin\AppData\Local\Temp\Tech tool store\fileshredder.ico

MD5 d8e48de3e5710fabd066c2bc02445c02
SHA1 d5b86bff4cd388659633ac3d6969fee82aed3bdc
SHA256 1d1e9558edef4ce724f93f80dc96fa5d7306d341f89bcbe61694900a409a2e9b
SHA512 baf61410094ad50ea8de5918d1688c902ee8366cb6c26ca3fc23fc6c2207001adbef05d2c58a1355ad80b9ce790618ccd98580a6e23364a6e3c850cc1adbe8ed

C:\Users\Admin\AppData\Local\Temp\Tech tool store\DefragOptions.ini

MD5 a0eac4d8f4ee86740825896d8165532f
SHA1 0788f2da879b57ed54d77bc179a4858a35b3df61
SHA256 c0d303506cb38836309d910d2d4131d9c161c9c19387db375eaee3812524a1ea
SHA512 64a62416c65aede86a2402569e00ece1fda6eebc35f6b6e25dad0dc7033df46bba938e74cfb0405c47662d8a457a11f569d4b90013cab911440eb268707a5381

memory/4844-834-0x00000000710C0000-0x00000000710DF000-memory.dmp

memory/4844-845-0x0000000067C80000-0x0000000067D0C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Tech tool store\sqlite3.dll

MD5 c86d13c52aa1c7d0e39cc9f6d20ccd22
SHA1 8622a443874feebb2e5cdb9792a447acb97f78af
SHA256 7fdc0ad5ee9678eb66448b121beba9597ca6742d4474ff75d080a5c5014ec9c9
SHA512 ea629707a590a3494f63d17e6d4b74f9fc3341216f3fada2f1a1e5c318f83149130ea87afb8eb87168428ed21dc0c4cd4612bf66517ec67874e9a75c694e6af6

C:\Users\Admin\AppData\Local\Temp\Tech tool store\WiseTurbo.exe

MD5 1459f9d0c62412b9df206c7e819fbf62
SHA1 daddb63d6b1a191e896a01ada7ea79dabf686655
SHA256 75569178b9ff9f2719e17d2d270322151ffc63f8eaac774a64f6c627014451d8
SHA512 924d14ba741b64a813e566864b098e0a426e48412942945d2034ab685548794ca93a4d759fc098f5e8e4df80146a82572bbfe09c7599a109a1dc4837259da5c2

C:\Users\Admin\AppData\Local\Temp\Tech tool store\bz2.dll

MD5 bb1ea7cade180a0c012c2289c7d820cc
SHA1 67a17ae0aed053d8fb071450dff8f843a1255112
SHA256 30998439b2fbc620f3f87799f8a98e8519f26b227bf498877b11dfb52147b698
SHA512 3b10462ae03ea57bfad298c4d59da247b8ad971aeec0c9ad439a72b1756ee627fba23fe9044df9a8301b0fe1099bbb9988869ccce1102314052a49bf0cbdf317

memory/4844-858-0x0000000066C00000-0x0000000066C14000-memory.dmp

memory/4844-859-0x0000000067E00000-0x0000000067E1B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Tech tool store\vcruntime140.dll

MD5 ba65db6bfef78a96aee7e29f1449bf8a
SHA1 06c7beb9fd1f33051b0e77087350903c652f4b77
SHA256 141690572594dbd3618a4984712e9e36fc09c9906bb845ce1a9531ac8f7ad493
SHA512 ca63eeac10ef55d7e2e55479b25cf394e58aef1422951f361f762ab667f72a3454f55afc04e967e8cdd20cf3eebe97083e0438ea941916a09e7d091818ea830e

memory/4260-860-0x0000000009340000-0x0000000009353000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Tech tool store\msvcp140.dll

MD5 fdd04dbbcf321eee5f4dd67266f476b0
SHA1 65ffdfe2664a29a41fcf5039229ccecad5b825b9
SHA256 21570bcb7a77e856f3113235d2b05b2b328d4bb71b4fd9ca4d46d99adac80794
SHA512 04cfc3097fbce6ee1b7bac7bd63c3cffe7dca16f0ec9cd8fe657d8b7ebd06dcba272ff472f98c6385c3cfb9b1ac3f47be8ca6d3ea80ab4aeed44a0e2ce3185dd

C:\Users\Admin\AppData\Local\Temp\Tech tool store\zlib1.dll

MD5 7cfdbfec8b16876767f5895fae94f6cd
SHA1 49644b75dc5ef3e1f6e122f8b6e5569b74b1e2a5
SHA256 322062f0287317d3f41180bf79e54c4ddf4646a08fcd55263fd05ad56b8e1cba
SHA512 02a10c91098b79cf4b53dfeb595283cd0bcd5b70ddc803f401600d321a54d3ce51ec24962473a47b9679b573a2223ff7f02be57866bfd961cea3f1a81bcea683

C:\Users\Admin\AppData\Local\Temp\Tech tool store\StormLib.dll

MD5 09c4266b11233aedaff9bbb97ff7dc50
SHA1 212f6f2df299f8f1c4c481bb92e9e958d48421e3
SHA256 f52d1ed4c1350bf7726ad3ef926329267e35bf67bd938e5e1aae324dcef31469
SHA512 b17e865ec5a8caf5bca88857ea3bad0dfc5d9fd0448ee52671876202b1870783a5de8f2d76b9d5363aeeb89b383314c8d65769674bd9b911551cdaa5c8654dcb

C:\Users\Admin\AppData\Local\Temp\Tech tool store\libmap.dll

MD5 53634bc76f19ea065981ac1b02225df9
SHA1 7d1cb4ae535c30d2443c4b8f14927300c8449839
SHA256 e9053b628bf89440e0ad4874a5c234fe058539f20f9bf02d36c7492fed70857a
SHA512 3b46f34b4d370f44f219f0a404ae1f9a53897ddaabfb7665197dc16b538a13d9ee89af7053fd74998dc38321af8f076759f535d5a855f6ff5212d88704c79d3a

C:\Users\Admin\AppData\Local\Temp\Tech tool store\NlogExt.dll

MD5 1a75878dea8f5580c25e0b9f1c734949
SHA1 20d4c35f95b4d608aa73897680b3f0ceb219d37f
SHA256 1b393ad82fbe93add01c73613156cecd98f9668f5ed8a0faa04704a510b7bf2e
SHA512 6e65f45ef099d21beaf429e0e0c6c6122e64d27f6932afd2a2459fc6cafb5af58efb45440cc1e3f51ac7678748af85cb9e878e68efa3505980f115dc6a272ac2

memory/4844-850-0x0000000064540000-0x0000000064591000-memory.dmp

memory/4844-847-0x0000000066C40000-0x0000000066C4B000-memory.dmp

memory/4844-846-0x0000000074C00000-0x0000000074C0B000-memory.dmp

memory/2124-861-0x0000000002BD0000-0x0000000002BD1000-memory.dmp

memory/4260-862-0x0000000000400000-0x0000000000D2F000-memory.dmp

memory/2124-863-0x0000000000400000-0x0000000000D2F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\BRL000012ec\BR8B8B.tmp

MD5 c5dc46c377c927c8e91b18cde57cf0fc
SHA1 22ce8600d4dbaf9af6eded556d390212274911d1
SHA256 a53f9dbbe62911ddc088a10bc8d10b5d8b30ed999438e788b6bfe24f0ba6e2b8
SHA512 f208b88f84b9fea0fc184926551eb60f843e997390ceed7cfde5ff7bb7c6b6bcd47a0d5021a92064e57e6b400bbbe21cec93fa2358728a29c35d2bc147cc1432

C:\Users\Admin\AppData\Local\Temp\BRL000012ec\BR922D.tmp

MD5 77c853090012e97f6ce9212e66ef8a5e
SHA1 69425ae525ceff28c14e4855c002db432421ca92
SHA256 122debc552cb9a54704c3bb4a363b2494df16f0797642e0dee84712282d4df21
SHA512 17b62a1defc291a8af7b7e701ca7ab1a0d72605c6595a52c89b8e94c4a49e2d037931371e9966ac66dc764e968dca3728633e81545d8ba6aba09d8f39a6f914c

C:\Users\Admin\AppData\Local\Temp\BRL000012ec\BR91ED.tmp

MD5 924b90c3d9e645dfad53f61ea4e91942
SHA1 65d397199ff191e5078095036e49f08376f9ae4e
SHA256 41788435f245133ec5511111e2c5d52f7515e359876180067e0b5ba85c729322
SHA512 76833708828c8f3fad941abeea158317aff98cf0691b5d5dfa4bca15279cdad1cc23a771258e4de41cf12a58f7033a3ee08b0b5eb834d22be568ea98b183ccd9

C:\Users\Admin\AppData\Local\Temp\BRL000012ec\BR91AE.tmp

MD5 0700f3dbe367287ce10472cffbd3d7d1
SHA1 079790389532599ce04fd82c2b89db5e4dedf26c
SHA256 77e46a6a8fbc079cdb1d3ee299af36c3d1881d38d93c4e0551f114965cdaf10f
SHA512 28eb67d348c8e9e36032d041315b6ee790d2e9021a3a657a7fe33c66ad1f8daa5b3e0833a2a432cb4a4c5795fea5a80a1810440fb441b6f0d56cf0d00d3e0a17

C:\Users\Admin\AppData\Local\Temp\BRL000012ec\BR8FA9.tmp

MD5 d74aadd701bfacc474c431acab7b9265
SHA1 8a2b424d1f949430ddc1faddee3e9ccb79c95de2
SHA256 f1029f5cca3dabfeffe2c9db6ad84a9ff0f64f5b2fb85cb6ab348740f756e07d
SHA512 0ef85e311fb4843997fd5f87f0a2eec9715e26eae76bfb7bb701d8c043720aeaf7f4825d25187bf35e0a9f00def15ed071120128805445f1330c07c3e0ea5ced

C:\Users\Admin\AppData\Local\Temp\BRL000012ec\BR8E70.tmp

MD5 77fe66d74901495f4b41a5918acd02ff
SHA1 ce5bbd53152cd5b03df8bcc232a1aea36a012764
SHA256 b017168c69ef40115141813e47122391602e1af28af342c56495b09f1c3c7522
SHA512 cc6e323d0076577a0a04dbe2c33d90dc616cb5ec3637d3df67cbf169766ca2e6de567fcff4f32938fd6118d98e4796642a3010b7264f0ae247fa8f0fe079bd70

C:\Users\Admin\AppData\Local\Temp\BRL000012ec\BR8E5F.tmp

MD5 c04970b55bcf614f24ca75b1de641ae2
SHA1 52b182caef513ed1c36f28eb45cedb257fa8ce40
SHA256 5ddee4aab3cf33e505f52199d64809125b26de04fb9970ca589cd8619c859d80
SHA512 a5f2660e336bf74a1936fb2e1c724220d862632907f5fd690b365009ac3e1bf35fa6689071f3da4049e495f340ff83f8438b79079ef1f248b9dcaedbdd5d3e40

C:\Users\Admin\AppData\Local\Temp\BRL000012ec\BR8D82.tmp

MD5 f5cec0e851d679bc6cfe5923c8cdd5c8
SHA1 5eee0f3192e2656d0891e363a5d69f61f457b186
SHA256 ac0976f2a6f221045d0fd22bb32bab0c8439d186acd118ad0faa2d69cbd2840e
SHA512 226f47164392ee339412f8ee5dad3faf40e26c52e2ae039826323ea0ef66d23776b1e972cd6f817e7dea1da0f87f20d3b6c7380fd8e891ec21a2f13dfc4915f8

C:\Users\Admin\AppData\Local\Temp\BRL000012ec\BR8DA3.tmp

MD5 a6f7a08b0676f0564a51b5c47973e635
SHA1 d56f5f9e2580b81717317da6582da9d379426d5b
SHA256 5dd27e845af9333ad7b907a37ab3d239b75be6ccc1f51ef4b21e59b037ce778c
SHA512 1101813034db327af1c16d069a4dfa91ab97ee8188f9ed1a6da9d25558866e7e9af59102e58127e64441d3e4a768b2ad788fd0e5a16db994a14637bfbade2954

memory/4844-887-0x00000000001F0000-0x00000000004C3000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\BRL000012ec\BR8D24.tmp

MD5 08ad4cd2a940379f1dcdbdb9884a1375
SHA1 c302b7589ba4f05c6429e7f89ad0cb84dd9dfbac
SHA256 78827e2b1ef0aad4f8b1b42d0964064819aa22bfcd537ebaacb30d817edc06d8
SHA512 f37bd071994c31b361090a149999e8b2d4a7839f19ea63e1d4563aada1371be37f2bfcc474e24de95ff77ca4124a39580c9f711e2fbe54265713ab76f631835a

C:\Users\Admin\AppData\Local\Temp\BRL000012ec\BR8C48.tmp

MD5 122a3741699fb5c0950273245c9dea15
SHA1 811f9149e3310a8e6521da156f92f3aaab012145
SHA256 f675eba3b22e0a2238ec4961d99de3bacca0ab553ab26eecb49800a12a9371ab
SHA512 567c480f70fdc78769ae45bf83b6632f7ab380ebeb00689028d39ff03840c8b778149a3fafe1dab2ac77a1fd17a23b09f58774b1c5e791bfd33b99528225eccc

memory/4844-888-0x0000000074F40000-0x0000000074F4E000-memory.dmp

memory/4844-890-0x00000000710C0000-0x00000000710DF000-memory.dmp

memory/4844-889-0x0000000066680000-0x000000006668E000-memory.dmp

memory/4844-891-0x0000000067C80000-0x0000000067D0C000-memory.dmp

memory/4844-892-0x0000000074C00000-0x0000000074C0B000-memory.dmp

memory/4844-893-0x0000000066C40000-0x0000000066C4B000-memory.dmp

memory/4844-894-0x0000000064540000-0x0000000064591000-memory.dmp

memory/4844-896-0x0000000067E00000-0x0000000067E1B000-memory.dmp

memory/4844-895-0x0000000066C00000-0x0000000066C14000-memory.dmp