Analysis Overview
SHA256
a44158be4e5c309a426ee067132a3c82eaf700447253e7830fec9f5ce5262819
Threat Level: Known bad
The file PandorahVNC 1.8.6 Fixed.7z was found to be: Known bad.
Malicious Activity Summary
ArrowRat
Arrowrat family
Modifies Installed Components in the registry
Loads dropped DLL
Executes dropped EXE
Checks computer location settings
Enumerates connected drives
Suspicious use of SetThreadContext
Enumerates physical storage devices
Unsigned PE
Suspicious use of SendNotifyMessage
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Suspicious behavior: AddClipboardFormatListener
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-10-16 17:58
Signatures
Arrowrat family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-10-16 17:58
Reported
2023-10-16 18:02
Platform
win10v2004-20230915-en
Max time kernel
140s
Max time network
162s
Command Line
Signatures
ArrowRat
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\PandorahVNC 1.8.6 Fixed\PandorahVNC.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\PandorahVNC 1.8.6 Fixed\PandorahVNC.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\PandorahVNC 1.8.6 Fixed\Client.exe | N/A |
Loads dropped DLL
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 1056 set thread context of 3884 | N/A | C:\Users\Admin\AppData\Local\Temp\PandorahVNC 1.8.6 Fixed\Client.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Capabilities | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities | C:\Windows\explorer.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Windows\explorer.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "23" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\0 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\0\0 | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\0 | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\UserStartTime = "133392317458800015" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4eikK = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Speech_OneCore\\Recognizers\\Tokens\\MS-1033-110-WINMO-DNN" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "23" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "23" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "56" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\0\0\0 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\0\0 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\PandorahVNC 1.8.6 Fixed\Client.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\PandorahVNC 1.8.6 Fixed\Client.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\PandorahVNC 1.8.6 Fixed\PandorahVNC.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\PandorahVNC 1.8.6 Fixed\Client.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\PandorahVNC 1.8.6 Fixed\PandorahVNC.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\PandorahVNC 1.8.6 Fixed\PandorahVNC.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\PandorahVNC 1.8.6 Fixed\Client.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\PandorahVNC 1.8.6 Fixed.7z"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Temp\PandorahVNC 1.8.6 Fixed\" -spe -an -ai#7zMap5714:124:7zEvent7240
C:\Users\Admin\AppData\Local\Temp\PandorahVNC 1.8.6 Fixed\PandorahVNC.exe
"C:\Users\Admin\AppData\Local\Temp\PandorahVNC 1.8.6 Fixed\PandorahVNC.exe"
C:\Windows\SysWOW64\explorer.exe
"C:\Windows\System32\explorer.exe" C:\Users\Admin\AppData\Local\Temp\PandorahVNC 1.8.6 Fixed
C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
C:\Users\Admin\AppData\Local\Temp\PandorahVNC 1.8.6 Fixed\Client.exe
"C:\Users\Admin\AppData\Local\Temp\PandorahVNC 1.8.6 Fixed\Client.exe"
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" Client 127.0.0.1 1337 sZHtwFBDY
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SysWOW64\explorer.exe
"C:\Windows\System32\explorer.exe" C:\Users\Admin\AppData\Local\Temp\PandorahVNC 1.8.6 Fixed
C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.177.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.211.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.22.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.65.42.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp | |
| N/A | 127.0.0.1:1337 | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\PandorahVNC 1.8.6 Fixed\PandorahVNC.exe
| MD5 | f1984279714a111cb603f71457042255 |
| SHA1 | d7b0b12dba09db0bfa318a2d62a1ac6781313112 |
| SHA256 | e6986e80395ec6fb4fc2450dd4de5ea81ba8d489a1464a1108a98f6541967af6 |
| SHA512 | 5f2aee19063150d540477fa920677cafac2304bbe5febbde0e0e0a299da437fa7a7eae0629f36e6cbe3cf456c686195b3acfac34a4a079c20ae9eacff9fdf33f |
C:\Users\Admin\AppData\Local\Temp\PandorahVNC 1.8.6 Fixed\PandorahVNC.exe
| MD5 | f1984279714a111cb603f71457042255 |
| SHA1 | d7b0b12dba09db0bfa318a2d62a1ac6781313112 |
| SHA256 | e6986e80395ec6fb4fc2450dd4de5ea81ba8d489a1464a1108a98f6541967af6 |
| SHA512 | 5f2aee19063150d540477fa920677cafac2304bbe5febbde0e0e0a299da437fa7a7eae0629f36e6cbe3cf456c686195b3acfac34a4a079c20ae9eacff9fdf33f |
C:\Users\Admin\AppData\Local\Temp\PandorahVNC 1.8.6 Fixed\PandorahVNC.exe.config
| MD5 | a1c2a2870001b66db41bcb020bff1c2d |
| SHA1 | 8c54c6a3564c8892aa9baa15573682e64f3659d9 |
| SHA256 | 0aa9e3ab5c88c5761120206eff5c6e35c90288290b3647a942059705ef5b75e5 |
| SHA512 | b3bf53120203cfaa951f301b532849cb382d2404c9503916bc1ca39925a9a1530b01045f341fc75d47d65130d0187dcbbf4288b9ef46aa81624b59ba7802794b |
memory/3796-56-0x0000000000C70000-0x000000000117C000-memory.dmp
memory/3796-55-0x00000000750B0000-0x0000000075860000-memory.dmp
memory/3796-57-0x0000000005A80000-0x0000000005A92000-memory.dmp
memory/3796-58-0x00000000060D0000-0x0000000006674000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\PandorahVNC 1.8.6 Fixed\DevExpress.Utils.v21.2.dll
| MD5 | 9ce1f7fb40d7c257536b6eefbaf50fdb |
| SHA1 | 022664d1870fec449fa0fc69abc854e4ac8bf165 |
| SHA256 | 6e28b52f542833d5aeacee111ebcbb35af5ab080ef542172a9dc9f0f1004da44 |
| SHA512 | 14deb1593111ca6a67c41abb60ee2105286dfce34ab525d6d57b9233f083dfdd3b1a8865d5515ac23fe0f401d85dbe973e020fef015e7adb3efda8f8ab9fe572 |
C:\Users\Admin\AppData\Local\Temp\PandorahVNC 1.8.6 Fixed\DevExpress.Utils.v21.2.dll
| MD5 | 9ce1f7fb40d7c257536b6eefbaf50fdb |
| SHA1 | 022664d1870fec449fa0fc69abc854e4ac8bf165 |
| SHA256 | 6e28b52f542833d5aeacee111ebcbb35af5ab080ef542172a9dc9f0f1004da44 |
| SHA512 | 14deb1593111ca6a67c41abb60ee2105286dfce34ab525d6d57b9233f083dfdd3b1a8865d5515ac23fe0f401d85dbe973e020fef015e7adb3efda8f8ab9fe572 |
C:\Users\Admin\AppData\Local\Temp\PandorahVNC 1.8.6 Fixed\DevExpress.Utils.v21.2.dll
| MD5 | 9ce1f7fb40d7c257536b6eefbaf50fdb |
| SHA1 | 022664d1870fec449fa0fc69abc854e4ac8bf165 |
| SHA256 | 6e28b52f542833d5aeacee111ebcbb35af5ab080ef542172a9dc9f0f1004da44 |
| SHA512 | 14deb1593111ca6a67c41abb60ee2105286dfce34ab525d6d57b9233f083dfdd3b1a8865d5515ac23fe0f401d85dbe973e020fef015e7adb3efda8f8ab9fe572 |
memory/3796-62-0x0000000007850000-0x0000000008A14000-memory.dmp
memory/3796-63-0x0000000006000000-0x0000000006092000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\PandorahVNC 1.8.6 Fixed\DevExpress.Data.v21.2.dll
| MD5 | ba67d6f97a1602d7851e13811f34b257 |
| SHA1 | 5a40175c27510f1bb59f32f3fea37ff1ff5e2414 |
| SHA256 | 4f6510675493bbbc8e0870245247c0219456b51d0044237c4c861a67834a337e |
| SHA512 | 57b22c6a1425e8b0e637bdc15994902e5623d1921a6a2a0bad00dec1e2f97911d9904fac0c06c3bd3ec3cf9523e263cd2e8e12fd8748f66f867ebc3dce85c22a |
C:\Users\Admin\AppData\Local\Temp\PandorahVNC 1.8.6 Fixed\DevExpress.Data.v21.2.dll
| MD5 | ba67d6f97a1602d7851e13811f34b257 |
| SHA1 | 5a40175c27510f1bb59f32f3fea37ff1ff5e2414 |
| SHA256 | 4f6510675493bbbc8e0870245247c0219456b51d0044237c4c861a67834a337e |
| SHA512 | 57b22c6a1425e8b0e637bdc15994902e5623d1921a6a2a0bad00dec1e2f97911d9904fac0c06c3bd3ec3cf9523e263cd2e8e12fd8748f66f867ebc3dce85c22a |
C:\Users\Admin\AppData\Local\Temp\PandorahVNC 1.8.6 Fixed\DevExpress.Data.v21.2.dll
| MD5 | ba67d6f97a1602d7851e13811f34b257 |
| SHA1 | 5a40175c27510f1bb59f32f3fea37ff1ff5e2414 |
| SHA256 | 4f6510675493bbbc8e0870245247c0219456b51d0044237c4c861a67834a337e |
| SHA512 | 57b22c6a1425e8b0e637bdc15994902e5623d1921a6a2a0bad00dec1e2f97911d9904fac0c06c3bd3ec3cf9523e263cd2e8e12fd8748f66f867ebc3dce85c22a |
memory/3796-67-0x0000000006BB0000-0x00000000070D2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\PandorahVNC 1.8.6 Fixed\DevExpress.XtraEditors.v21.2.dll
| MD5 | e6bdc7adbfa92810e66497d3561c5e2b |
| SHA1 | c9379603d4fcfad4e1874f956247428f27e5ce79 |
| SHA256 | 19d4e54a19fc830f8f4b6911fe76d74400fe23798a40b5941114437462b90ca9 |
| SHA512 | 5c9d19b6e4521386162de18004103cc4ad9e2fea91ac4434f8c125cdb5b35335e9659fd19f5507b849a768f96154db90869db336aa76d9b9e760e254f01c7dfc |
C:\Users\Admin\AppData\Local\Temp\PandorahVNC 1.8.6 Fixed\DevExpress.XtraEditors.v21.2.dll
| MD5 | e6bdc7adbfa92810e66497d3561c5e2b |
| SHA1 | c9379603d4fcfad4e1874f956247428f27e5ce79 |
| SHA256 | 19d4e54a19fc830f8f4b6911fe76d74400fe23798a40b5941114437462b90ca9 |
| SHA512 | 5c9d19b6e4521386162de18004103cc4ad9e2fea91ac4434f8c125cdb5b35335e9659fd19f5507b849a768f96154db90869db336aa76d9b9e760e254f01c7dfc |
C:\Users\Admin\AppData\Local\Temp\PandorahVNC 1.8.6 Fixed\DevExpress.XtraEditors.v21.2.dll
| MD5 | e6bdc7adbfa92810e66497d3561c5e2b |
| SHA1 | c9379603d4fcfad4e1874f956247428f27e5ce79 |
| SHA256 | 19d4e54a19fc830f8f4b6911fe76d74400fe23798a40b5941114437462b90ca9 |
| SHA512 | 5c9d19b6e4521386162de18004103cc4ad9e2fea91ac4434f8c125cdb5b35335e9659fd19f5507b849a768f96154db90869db336aa76d9b9e760e254f01c7dfc |
memory/3796-71-0x00000000091B0000-0x0000000009938000-memory.dmp
memory/3796-72-0x0000000006730000-0x0000000006740000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\PandorahVNC 1.8.6 Fixed\DevExpress.Data.Desktop.v21.2.dll
| MD5 | 6674898c963081e76c7168d45b1a57cd |
| SHA1 | 97717ef70d9bdde1568cf544fb3b2402321c1b25 |
| SHA256 | d769d543d9166e40bca4decf4b5ee758b4b652064790879780cc1521571763b2 |
| SHA512 | 32021dd7e2595e2fac0bc6e6a4502d67543266714415888c267168c8ed34612a57a30ed0b07cf7cc78339626220c5d2a8770f5aeaaffd3367433046593500242 |
C:\Users\Admin\AppData\Local\Temp\PandorahVNC 1.8.6 Fixed\DevExpress.Data.Desktop.v21.2.dll
| MD5 | 6674898c963081e76c7168d45b1a57cd |
| SHA1 | 97717ef70d9bdde1568cf544fb3b2402321c1b25 |
| SHA256 | d769d543d9166e40bca4decf4b5ee758b4b652064790879780cc1521571763b2 |
| SHA512 | 32021dd7e2595e2fac0bc6e6a4502d67543266714415888c267168c8ed34612a57a30ed0b07cf7cc78339626220c5d2a8770f5aeaaffd3367433046593500242 |
C:\Users\Admin\AppData\Local\Temp\PandorahVNC 1.8.6 Fixed\DevExpress.Data.Desktop.v21.2.dll
| MD5 | 6674898c963081e76c7168d45b1a57cd |
| SHA1 | 97717ef70d9bdde1568cf544fb3b2402321c1b25 |
| SHA256 | d769d543d9166e40bca4decf4b5ee758b4b652064790879780cc1521571763b2 |
| SHA512 | 32021dd7e2595e2fac0bc6e6a4502d67543266714415888c267168c8ed34612a57a30ed0b07cf7cc78339626220c5d2a8770f5aeaaffd3367433046593500242 |
memory/3796-76-0x00000000069D0000-0x0000000006A80000-memory.dmp
memory/3796-77-0x0000000006B90000-0x0000000006B9A000-memory.dmp
memory/3796-78-0x0000000006730000-0x0000000006740000-memory.dmp
memory/3796-79-0x0000000008D70000-0x0000000008D9E000-memory.dmp
memory/3796-80-0x0000000008DE0000-0x0000000008E18000-memory.dmp
memory/3796-81-0x00000000750B0000-0x0000000075860000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\PandorahVNC 1.8.6 Fixed\DevExpress.XtraBars.v21.2.dll
| MD5 | 73b7ae515035721d1b30d3ad00628be0 |
| SHA1 | dce18955cd395858cace1ce58a29abc4fbb805de |
| SHA256 | 9f788e7aa3f1a2be7f02419a8fd74114e5e2a7bb134810aa6cf762cbc91c1a56 |
| SHA512 | 4c018f1bbf3eb947410d4910208b050b60e722854066e970e9963fc79ca17fc26e64d2f3b7555657576950d036623b0d6c67a78a009feda02d4c30eeb114d1dc |
C:\Users\Admin\AppData\Local\Temp\PandorahVNC 1.8.6 Fixed\DevExpress.XtraBars.v21.2.dll
| MD5 | 73b7ae515035721d1b30d3ad00628be0 |
| SHA1 | dce18955cd395858cace1ce58a29abc4fbb805de |
| SHA256 | 9f788e7aa3f1a2be7f02419a8fd74114e5e2a7bb134810aa6cf762cbc91c1a56 |
| SHA512 | 4c018f1bbf3eb947410d4910208b050b60e722854066e970e9963fc79ca17fc26e64d2f3b7555657576950d036623b0d6c67a78a009feda02d4c30eeb114d1dc |
C:\Users\Admin\AppData\Local\Temp\PandorahVNC 1.8.6 Fixed\DevExpress.XtraBars.v21.2.dll
| MD5 | 73b7ae515035721d1b30d3ad00628be0 |
| SHA1 | dce18955cd395858cace1ce58a29abc4fbb805de |
| SHA256 | 9f788e7aa3f1a2be7f02419a8fd74114e5e2a7bb134810aa6cf762cbc91c1a56 |
| SHA512 | 4c018f1bbf3eb947410d4910208b050b60e722854066e970e9963fc79ca17fc26e64d2f3b7555657576950d036623b0d6c67a78a009feda02d4c30eeb114d1dc |
memory/3796-85-0x000000000CD30000-0x000000000D3AC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\PandorahVNC 1.8.6 Fixed\DevExpress.XtraGrid.v21.2.dll
| MD5 | f65ebb9d378cf034eb5d8d0742ca95d1 |
| SHA1 | ad883ba15f66287c749239fbec20bf4fef91b0f9 |
| SHA256 | 35674b0093a4134505ff3cf40c3b07ab428c152f7ba41f93dd1775b6013b87c2 |
| SHA512 | ac347de3933f3a3214a33a593ad2f963d6427b69685332982707002296b595707595a6e5e3662f44447f6247fdddb0298479d600a2672ed1dcbb50a520467609 |
C:\Users\Admin\AppData\Local\Temp\PandorahVNC 1.8.6 Fixed\DevExpress.XtraGrid.v21.2.dll
| MD5 | f65ebb9d378cf034eb5d8d0742ca95d1 |
| SHA1 | ad883ba15f66287c749239fbec20bf4fef91b0f9 |
| SHA256 | 35674b0093a4134505ff3cf40c3b07ab428c152f7ba41f93dd1775b6013b87c2 |
| SHA512 | ac347de3933f3a3214a33a593ad2f963d6427b69685332982707002296b595707595a6e5e3662f44447f6247fdddb0298479d600a2672ed1dcbb50a520467609 |
C:\Users\Admin\AppData\Local\Temp\PandorahVNC 1.8.6 Fixed\DevExpress.XtraGrid.v21.2.dll
| MD5 | f65ebb9d378cf034eb5d8d0742ca95d1 |
| SHA1 | ad883ba15f66287c749239fbec20bf4fef91b0f9 |
| SHA256 | 35674b0093a4134505ff3cf40c3b07ab428c152f7ba41f93dd1775b6013b87c2 |
| SHA512 | ac347de3933f3a3214a33a593ad2f963d6427b69685332982707002296b595707595a6e5e3662f44447f6247fdddb0298479d600a2672ed1dcbb50a520467609 |
memory/3796-89-0x000000000D3B0000-0x000000000D744000-memory.dmp
memory/3796-90-0x0000000008F40000-0x0000000008F60000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\PandorahVNC 1.8.6 Fixed\DevExpress.XtraLayout.v21.2.dll
| MD5 | 012422aff6771f7be353109f08bf4684 |
| SHA1 | 535a3054abf0ef1f6c2a220bd9741962c8e58dbe |
| SHA256 | dc2e06f341325a7c65c121e443d0ca3dd0a1ea5ee5ed21ae51029303394de00f |
| SHA512 | a3ca2f8d991a3823b58f81bfa5c08b7c44a985d029d8838ac501a08bef3cb90ceee3fdbb0e6d2b66544061b05e8fe3563d3868b0d3266b3b280cc39e0b2f5c1b |
C:\Users\Admin\AppData\Local\Temp\PandorahVNC 1.8.6 Fixed\DevExpress.XtraLayout.v21.2.dll
| MD5 | 012422aff6771f7be353109f08bf4684 |
| SHA1 | 535a3054abf0ef1f6c2a220bd9741962c8e58dbe |
| SHA256 | dc2e06f341325a7c65c121e443d0ca3dd0a1ea5ee5ed21ae51029303394de00f |
| SHA512 | a3ca2f8d991a3823b58f81bfa5c08b7c44a985d029d8838ac501a08bef3cb90ceee3fdbb0e6d2b66544061b05e8fe3563d3868b0d3266b3b280cc39e0b2f5c1b |
C:\Users\Admin\AppData\Local\Temp\PandorahVNC 1.8.6 Fixed\DevExpress.XtraLayout.v21.2.dll
| MD5 | 012422aff6771f7be353109f08bf4684 |
| SHA1 | 535a3054abf0ef1f6c2a220bd9741962c8e58dbe |
| SHA256 | dc2e06f341325a7c65c121e443d0ca3dd0a1ea5ee5ed21ae51029303394de00f |
| SHA512 | a3ca2f8d991a3823b58f81bfa5c08b7c44a985d029d8838ac501a08bef3cb90ceee3fdbb0e6d2b66544061b05e8fe3563d3868b0d3266b3b280cc39e0b2f5c1b |
memory/3796-94-0x000000000DB90000-0x000000000DD9E000-memory.dmp
memory/3796-95-0x000000000D750000-0x000000000DAA4000-memory.dmp
memory/3796-96-0x000000000E530000-0x000000000E5DA000-memory.dmp
memory/3796-97-0x0000000006730000-0x0000000006740000-memory.dmp
memory/3796-98-0x0000000006730000-0x0000000006740000-memory.dmp
memory/3796-99-0x0000000006730000-0x0000000006740000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\PandorahVNC 1.8.6 Fixed\AsmResolver.DotNet.dll
| MD5 | 6b6109d97c2c08e06e4fcf80d24b4dce |
| SHA1 | a811ec710fcbb6d43b35f5a943c58258bee43d7d |
| SHA256 | f066cdd5dcd0eb2ca082ad30b1240bdc4d9c76ef80caf81651a827238e79b226 |
| SHA512 | 408a929c1c5cc0825a28dd7c129898c5b762b701fe46a0ca395c16cecf54f41b4f9b9155fbb41f0c591f4d22889a43b7d2e4c33d13314420e68366552f609cc6 |
C:\Users\Admin\AppData\Local\Temp\PandorahVNC 1.8.6 Fixed\AsmResolver.DotNet.dll
| MD5 | 6b6109d97c2c08e06e4fcf80d24b4dce |
| SHA1 | a811ec710fcbb6d43b35f5a943c58258bee43d7d |
| SHA256 | f066cdd5dcd0eb2ca082ad30b1240bdc4d9c76ef80caf81651a827238e79b226 |
| SHA512 | 408a929c1c5cc0825a28dd7c129898c5b762b701fe46a0ca395c16cecf54f41b4f9b9155fbb41f0c591f4d22889a43b7d2e4c33d13314420e68366552f609cc6 |
C:\Users\Admin\AppData\Local\Temp\PandorahVNC 1.8.6 Fixed\AsmResolver.DotNet.dll
| MD5 | 6b6109d97c2c08e06e4fcf80d24b4dce |
| SHA1 | a811ec710fcbb6d43b35f5a943c58258bee43d7d |
| SHA256 | f066cdd5dcd0eb2ca082ad30b1240bdc4d9c76ef80caf81651a827238e79b226 |
| SHA512 | 408a929c1c5cc0825a28dd7c129898c5b762b701fe46a0ca395c16cecf54f41b4f9b9155fbb41f0c591f4d22889a43b7d2e4c33d13314420e68366552f609cc6 |
memory/3796-103-0x000000000E750000-0x000000000E7CE000-memory.dmp
memory/3796-104-0x000000000E180000-0x000000000E19A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\PandorahVNC 1.8.6 Fixed\AsmResolver.PE.dll
| MD5 | a8a09cdbacc2aaff5eba75c0f7e22635 |
| SHA1 | 571facc8b653745f08bd62511106d648fa6875e4 |
| SHA256 | dfb80e5bc73b640c20d930f9ace66bd55476ea34f1027331ff6d8df0c10fbc3e |
| SHA512 | 30a33556d56acbc5e8b1ef50b3922f8624255ec95c25831e8c064efdc2e5696b5026273303213d943983136422ee500e7d2d6b0f55515ff6f5de5e1268809e30 |
C:\Users\Admin\AppData\Local\Temp\PandorahVNC 1.8.6 Fixed\AsmResolver.PE.dll
| MD5 | a8a09cdbacc2aaff5eba75c0f7e22635 |
| SHA1 | 571facc8b653745f08bd62511106d648fa6875e4 |
| SHA256 | dfb80e5bc73b640c20d930f9ace66bd55476ea34f1027331ff6d8df0c10fbc3e |
| SHA512 | 30a33556d56acbc5e8b1ef50b3922f8624255ec95c25831e8c064efdc2e5696b5026273303213d943983136422ee500e7d2d6b0f55515ff6f5de5e1268809e30 |
memory/3796-108-0x000000000E6D0000-0x000000000E722000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\PandorahVNC 1.8.6 Fixed\AsmResolver.PE.dll
| MD5 | a8a09cdbacc2aaff5eba75c0f7e22635 |
| SHA1 | 571facc8b653745f08bd62511106d648fa6875e4 |
| SHA256 | dfb80e5bc73b640c20d930f9ace66bd55476ea34f1027331ff6d8df0c10fbc3e |
| SHA512 | 30a33556d56acbc5e8b1ef50b3922f8624255ec95c25831e8c064efdc2e5696b5026273303213d943983136422ee500e7d2d6b0f55515ff6f5de5e1268809e30 |
C:\Users\Admin\AppData\Local\Temp\PandorahVNC 1.8.6 Fixed\AsmResolver.dll
| MD5 | 5bedce9a21e6c1177630d5109bd5a18a |
| SHA1 | 2f34c95cb011eefb0819ad7f42da86fe239b0739 |
| SHA256 | 05dffab67a19f7925b13b3d68e6e8c72015ff920664c5e26a3d18fe2b10f9c47 |
| SHA512 | 2c2a8a4925174ca5ac4b42434f9d7cd82d7c3a95fafd242f3435c13114a98daf4f15b1ec8c48be74341f70d800c80072f85ecec4b193e06ba379dfc0a6f02958 |
C:\Users\Admin\AppData\Local\Temp\PandorahVNC 1.8.6 Fixed\AsmResolver.dll
| MD5 | 5bedce9a21e6c1177630d5109bd5a18a |
| SHA1 | 2f34c95cb011eefb0819ad7f42da86fe239b0739 |
| SHA256 | 05dffab67a19f7925b13b3d68e6e8c72015ff920664c5e26a3d18fe2b10f9c47 |
| SHA512 | 2c2a8a4925174ca5ac4b42434f9d7cd82d7c3a95fafd242f3435c13114a98daf4f15b1ec8c48be74341f70d800c80072f85ecec4b193e06ba379dfc0a6f02958 |
C:\Users\Admin\AppData\Local\Temp\PandorahVNC 1.8.6 Fixed\AsmResolver.dll
| MD5 | 5bedce9a21e6c1177630d5109bd5a18a |
| SHA1 | 2f34c95cb011eefb0819ad7f42da86fe239b0739 |
| SHA256 | 05dffab67a19f7925b13b3d68e6e8c72015ff920664c5e26a3d18fe2b10f9c47 |
| SHA512 | 2c2a8a4925174ca5ac4b42434f9d7cd82d7c3a95fafd242f3435c13114a98daf4f15b1ec8c48be74341f70d800c80072f85ecec4b193e06ba379dfc0a6f02958 |
memory/3796-112-0x000000000E2E0000-0x000000000E2F4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\PandorahVNC 1.8.6 Fixed\AsmResolver.PE.File.dll
| MD5 | 71437beaf0306a777814de1c56234842 |
| SHA1 | f8b1a61a07ab07c8565988b04f614aa77f28b456 |
| SHA256 | 514078545cb23a0841785378d3e9fdff31d0a214e80513d630b7b95243b4d464 |
| SHA512 | 7666bdb81250b8e212fe890919e2b6765ba0ae2c547192614419c3d2f066f0db63d252dab044bd72d549a638e41c7775d7efb1c7c2cd071e02ae344f789644de |
C:\Users\Admin\AppData\Local\Temp\PandorahVNC 1.8.6 Fixed\AsmResolver.PE.File.dll
| MD5 | 71437beaf0306a777814de1c56234842 |
| SHA1 | f8b1a61a07ab07c8565988b04f614aa77f28b456 |
| SHA256 | 514078545cb23a0841785378d3e9fdff31d0a214e80513d630b7b95243b4d464 |
| SHA512 | 7666bdb81250b8e212fe890919e2b6765ba0ae2c547192614419c3d2f066f0db63d252dab044bd72d549a638e41c7775d7efb1c7c2cd071e02ae344f789644de |
C:\Users\Admin\AppData\Local\Temp\PandorahVNC 1.8.6 Fixed\AsmResolver.PE.File.dll
| MD5 | 71437beaf0306a777814de1c56234842 |
| SHA1 | f8b1a61a07ab07c8565988b04f614aa77f28b456 |
| SHA256 | 514078545cb23a0841785378d3e9fdff31d0a214e80513d630b7b95243b4d464 |
| SHA512 | 7666bdb81250b8e212fe890919e2b6765ba0ae2c547192614419c3d2f066f0db63d252dab044bd72d549a638e41c7775d7efb1c7c2cd071e02ae344f789644de |
memory/3796-116-0x000000000E030000-0x000000000E040000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\PandorahVNC 1.8.6 Fixed\Stub.bin
| MD5 | 52cf7937369803694284f5047c3ec1c5 |
| SHA1 | fae5a134b78e52e7dfd46b8bd04c01e1b044b709 |
| SHA256 | 3b2ab6f350d355c4457c0e0e7cdf43f58d71259c7ca243caf75fcee5bf265a6d |
| SHA512 | fcefb2e3bc3a51c4c94093da253231d05364084bb533ed64eb9c406e30ec9fedba9d665c4fa27c2965a7cbda82ced6a672f6b926d626d49e01ef7ed4be591efa |
memory/3796-118-0x000000000E040000-0x000000000E048000-memory.dmp
memory/1056-124-0x000001EFDF900000-0x000001EFDF92E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\PandorahVNC 1.8.6 Fixed\Client.exe
| MD5 | 3a86bed64b2012a452fd647207b2eda6 |
| SHA1 | b720bdeeccc036fd3d0bcfff1ae75dd3ef9af9c4 |
| SHA256 | fb06e37dfdf873b4d9b6f2e8aa51a87bc7da829613ec3bc4c9b1928f6702059b |
| SHA512 | 94ca69676abd82964cb87b71e84c015fcfdc06108af76360ea9cdea4aa6c0e05747a3f3c1f00886146ba8c68fe362f0281addafc824277e1823e4861aae8ca30 |
C:\Users\Admin\AppData\Local\Temp\PandorahVNC 1.8.6 Fixed\Client.exe
| MD5 | 3a86bed64b2012a452fd647207b2eda6 |
| SHA1 | b720bdeeccc036fd3d0bcfff1ae75dd3ef9af9c4 |
| SHA256 | fb06e37dfdf873b4d9b6f2e8aa51a87bc7da829613ec3bc4c9b1928f6702059b |
| SHA512 | 94ca69676abd82964cb87b71e84c015fcfdc06108af76360ea9cdea4aa6c0e05747a3f3c1f00886146ba8c68fe362f0281addafc824277e1823e4861aae8ca30 |
memory/3884-125-0x0000000000400000-0x0000000000418000-memory.dmp
memory/1056-126-0x00007FF9A1650000-0x00007FF9A2111000-memory.dmp
memory/1056-127-0x000001EFF9DA0000-0x000001EFF9DB0000-memory.dmp
memory/3884-128-0x00000000750B0000-0x0000000075860000-memory.dmp
memory/3884-129-0x00000000058B0000-0x000000000594C000-memory.dmp
memory/3884-130-0x0000000005A30000-0x0000000005A40000-memory.dmp
memory/3884-131-0x0000000006090000-0x00000000060F6000-memory.dmp
memory/3884-134-0x0000000006A80000-0x0000000006AD0000-memory.dmp
memory/1056-137-0x00007FF9A1650000-0x00007FF9A2111000-memory.dmp
memory/2276-138-0x0000000003570000-0x0000000003571000-memory.dmp
memory/4628-145-0x000001DC21570000-0x000001DC21590000-memory.dmp
memory/4628-147-0x000001DC21530000-0x000001DC21550000-memory.dmp
memory/4628-150-0x000001DC21940000-0x000001DC21960000-memory.dmp
memory/1056-159-0x000001EFF9DA0000-0x000001EFF9DB0000-memory.dmp
memory/3884-160-0x00000000750B0000-0x0000000075860000-memory.dmp
memory/3884-161-0x0000000005A30000-0x0000000005A40000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133419529080987876.txt
| MD5 | 62d81c2e1e8b21733f95af2a596e4b18 |
| SHA1 | 91c005ecc5ae4171f450c43c02d1ba532b4474c6 |
| SHA256 | a5596f83717bf64653b95ffe6ec38f20e40fd928456d5e254a53a440804d80b6 |
| SHA512 | c7f349acf55694ff696750c30a25c265ff07ced95e4d2a88fa2829d047ca3b3007dc824613a8c403c7613085aca4212155afe03f8f237c0d7781fd87e1fb8a7c |
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PR67AA1Y\microsoft.windows[1].xml
| MD5 | 82b066a0c26e9c3c026d421e012a093e |
| SHA1 | 2e4493ff239034dd93befa48a286616fa1222526 |
| SHA256 | a4c381833e51949fd261b3e7bf72873bddc61d6eaf01a83a89beda5877338d64 |
| SHA512 | 4fb425137bcab122288af0df6dd2774fb9179f9c178c8c7b738e6e293d8dbe0aff97a879f42670d07c5bbc69935104b8bdcef8fd7efaee48949dd354af626feb |
memory/1632-178-0x000001C231700000-0x000001C231720000-memory.dmp
memory/1632-186-0x000001C2316A0000-0x000001C2316C0000-memory.dmp
memory/1632-189-0x000001C231AB0000-0x000001C231AD0000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PR67AA1Y\microsoft.windows[1].xml
| MD5 | 82b066a0c26e9c3c026d421e012a093e |
| SHA1 | 2e4493ff239034dd93befa48a286616fa1222526 |
| SHA256 | a4c381833e51949fd261b3e7bf72873bddc61d6eaf01a83a89beda5877338d64 |
| SHA512 | 4fb425137bcab122288af0df6dd2774fb9179f9c178c8c7b738e6e293d8dbe0aff97a879f42670d07c5bbc69935104b8bdcef8fd7efaee48949dd354af626feb |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133419529080987876.txt
| MD5 | 62d81c2e1e8b21733f95af2a596e4b18 |
| SHA1 | 91c005ecc5ae4171f450c43c02d1ba532b4474c6 |
| SHA256 | a5596f83717bf64653b95ffe6ec38f20e40fd928456d5e254a53a440804d80b6 |
| SHA512 | c7f349acf55694ff696750c30a25c265ff07ced95e4d2a88fa2829d047ca3b3007dc824613a8c403c7613085aca4212155afe03f8f237c0d7781fd87e1fb8a7c |
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PR67AA1Y\microsoft.windows[1].xml
| MD5 | 82b066a0c26e9c3c026d421e012a093e |
| SHA1 | 2e4493ff239034dd93befa48a286616fa1222526 |
| SHA256 | a4c381833e51949fd261b3e7bf72873bddc61d6eaf01a83a89beda5877338d64 |
| SHA512 | 4fb425137bcab122288af0df6dd2774fb9179f9c178c8c7b738e6e293d8dbe0aff97a879f42670d07c5bbc69935104b8bdcef8fd7efaee48949dd354af626feb |
memory/8-208-0x000001B0D4C40000-0x000001B0D4C60000-memory.dmp
memory/8-210-0x000001B0D4C00000-0x000001B0D4C20000-memory.dmp
memory/8-212-0x000001B0D5010000-0x000001B0D5030000-memory.dmp
memory/3796-218-0x0000000006730000-0x0000000006740000-memory.dmp
memory/4088-225-0x0000028C7F540000-0x0000028C7F560000-memory.dmp
memory/4088-227-0x0000028C7F500000-0x0000028C7F520000-memory.dmp
memory/4088-229-0x0000028C7F900000-0x0000028C7F920000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PR67AA1Y\microsoft.windows[1].xml
| MD5 | 82b066a0c26e9c3c026d421e012a093e |
| SHA1 | 2e4493ff239034dd93befa48a286616fa1222526 |
| SHA256 | a4c381833e51949fd261b3e7bf72873bddc61d6eaf01a83a89beda5877338d64 |
| SHA512 | 4fb425137bcab122288af0df6dd2774fb9179f9c178c8c7b738e6e293d8dbe0aff97a879f42670d07c5bbc69935104b8bdcef8fd7efaee48949dd354af626feb |
memory/4964-246-0x000002CF7CC70000-0x000002CF7CC90000-memory.dmp
memory/4964-249-0x000002CF7CC30000-0x000002CF7CC50000-memory.dmp
memory/4964-253-0x000002CF7D040000-0x000002CF7D060000-memory.dmp
memory/3796-260-0x0000000006730000-0x0000000006740000-memory.dmp