Analysis Overview
SHA256
ac74f6db722a46ef37291aa464e142b81d8c7de8627f64918d333b738af694c6
Threat Level: Known bad
The file Anarchy Panel 4.7_adrikadi.exe was found to be: Known bad.
Malicious Activity Summary
Process spawned unexpected child process
Detect ZGRat V1
StormKitty
ZGRat
AsyncRat
Modifies Windows Defender Real-time Protection settings
Stealerium
StormKitty payload
Renames multiple (2036) files with added filename extension
Async RAT payload
Grants admin privileges
Checks computer location settings
Windows security modification
Executes dropped EXE
.NET Reactor proctector
Reads user/profile data of web browsers
Loads dropped DLL
Drops startup file
Looks up geolocation information via web service
Accesses Microsoft Outlook profiles
Looks up external IP address via web service
Sets desktop wallpaper using registry
Drops file in System32 directory
Drops file in Program Files directory
Launches sc.exe
Unsigned PE
Enumerates physical storage devices
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
outlook_office_path
Creates scheduled task(s)
outlook_win_path
Checks SCSI registry key(s)
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: GetForegroundWindowSpam
Checks processor information in registry
Modifies system certificate store
Gathers system information
Runs net.exe
Suspicious use of FindShellTrayWindow
Suspicious behavior: AddClipboardFormatListener
Modifies registry class
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Suspicious use of SendNotifyMessage
Gathers network information
Enumerates system info in registry
Enumerates processes with tasklist
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-10-29 04:39
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2023-10-29 04:38
Reported
2023-10-29 05:09
Platform
win10v2004-20231020-en
Max time kernel
1802s
Max time network
1151s
Command Line
Signatures
AsyncRat
Detect ZGRat V1
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Windows Defender Real-time Protection settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection | C:\Users\Admin\Desktop\Infected.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1" | C:\Users\Admin\Desktop\Infected.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1" | C:\Users\Admin\Desktop\Infected.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1" | C:\Users\Admin\Desktop\Infected.exe | N/A |
Process spawned unexpected child process
| Description | Indicator | Process | Target |
| Parent C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE is not expected to spawn this process | N/A | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE |
Stealerium
StormKitty
StormKitty payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
ZGRat
Async RAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Grants admin privileges
Renames multiple (2036) files with added filename extension
.NET Reactor proctector
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\Infected.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Infected.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\DECRYPT.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
Reads user/profile data of web browsers
Windows security modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Features\TamperProtection = "0" | C:\Users\Admin\Desktop\Infected.exe | N/A |
Accesses Microsoft Outlook profiles
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Desktop\Infected.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Desktop\Infected.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Desktop\Infected.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | icanhazip.com | N/A | N/A |
| N/A | ip-api.com | N/A | N/A |
Looks up geolocation information via web service
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00002.jrs | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5\ | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat | C:\Windows\System32\svchost.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\oVcBLd9.png" | C:\Users\Admin\Desktop\Infected.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\7-Zip\Lang\ug.txt | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\MicrosoftAccount.scale-100.png | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteAppList.targetsize-32.png | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\rhp_world_icon.png | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File created | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\MusicStoreLogo.scale-125_contrast-white.png | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\WideTile.scale-400.png | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-100_kzf8qxf38zg5c\Assets\Images\SkypeTile.scale-100_contrast-white.png | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-16_contrast-black.png | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\MedTile.scale-125.png | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-white\LargeTile.scale-200_contrast-white.png | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\CP1258.TXT | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\vlc.mo | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_Cloud.png | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-256_altform-lightunplated.png | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_neutral_split.scale-100_8wekyb3d8bbwe\AppxBlockMap.xml | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionGroupMedTile.scale-125.png | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.802.31.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\JSByteCodeCache_64 | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File created | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarAppList.targetsize-30.png | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\7.png | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalAppList.targetsize-256_altform-unplated.png | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square44x44\PaintAppList.targetsize-24.png | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-80.png | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File created | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxAccountsStoreLogo.scale-100.png | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File created | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailAppList.targetsize-20.png | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File created | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\LTR\contrast-white\MedTile.scale-125.png | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-72_altform-unplated_contrast-black.png | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-72_contrast-black.png | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-72_altform-unplated_contrast-black.png | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-64_altform-unplated.png | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File created | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailAppList.targetsize-36.png | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\SplashScreen.scale-100_contrast-white.png | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLUEPRNT\THMBNAIL.PNG | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_neutral_split.scale-100_8wekyb3d8bbwe\images\Square150x150Logo.scale-100.png | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File created | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarWideTile.scale-125.png | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-24_contrast-white.png | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\logo.scale-200_contrast-white.png | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-40_contrast-white.png | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNotePageSmallTile.scale-400.png | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-256_altform-lightunplated.png | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File created | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\ArchiveToastQuickAction.scale-80.png | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-white\MedTile.scale-100.png | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\improved-office-to-pdf-2x.png | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\release | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\LargeTile.scale-100.png | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File created | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailAppList.targetsize-72_altform-unplated.png | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-black_targetsize-48.png | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\open_original_form.gif | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\new_icons.png | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\lib\resources.jar | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppxManifest.xml | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-black_targetsize-32.png | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\Logo.scale-100_contrast-white.png | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\sample-thumb.png | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSmallTile.scale-125.png | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-black\PeopleAppList.targetsize-48_altform-unplated.png | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteNewNoteMedTile.scale-200.png | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-80_altform-unplated.png | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-black\MedTile.scale-200_contrast-black.png | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\email\themes\dark\adobe_logo.png | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-black_targetsize-36.png | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-40.png | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNotebookWideTile.scale-200.png | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themeless\organize_poster.jpg | C:\Users\Admin\Desktop\Infected.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\hy.txt | C:\Users\Admin\Desktop\Infected.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0 | C:\Users\Admin\Desktop\Infected.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Users\Admin\Desktop\Infected.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
Gathers network information
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\system32\NETSTAT.EXE | N/A |
| N/A | N/A | C:\Windows\system32\ipconfig.exe | N/A |
Gathers system information
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\systeminfo.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 = 19002f433a5c000000000000000000000000000000000000000000 | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "23" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = ffffffff | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CacheLimit = "51200" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "56" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\0 = 50003100000000005d57962510004c6f63616c003c0009000400efbe545754885d5797252e000000a5e10100000001000000000000000000000000000000a30a00004c006f00630061006c00000014000000 | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings | C:\Windows\system32\mspaint.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CacheVersion = "1" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\NumberOfSubdomains = "0" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "23" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "0" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "56" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings | C:\Windows\system32\mspaint.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState\EdpState = "0" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "23" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "23" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0 = 7800310000000000545754881100557365727300640009000400efbe874f77485d57eb242e000000c70500000000010000000000000000003a0000000000c6c5230055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000 | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic" | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe110000000e94a93b7703da010d4ef23f7703da0162a3ef427703da0114000000 | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\NumberOfSubdomains = "1" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "56" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\MRUListEx = 00000000ffffffff | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "56" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\0\0 = 4e003100000000005d579525100054656d7000003a0009000400efbe545754885d5795252e000000a6e1010000000100000000000000000000000000000034c82401540065006d007000000014000000 | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 | C:\Users\Admin\Desktop\Infected.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\Desktop\Infected.exe | N/A |
Runs net.exe
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Infected.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Infected.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
outlook_office_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Desktop\Infected.exe | N/A |
outlook_win_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\Desktop\Infected.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Anarchy Panel 4.7_adrikadi.exe
"C:\Users\Admin\AppData\Local\Temp\Anarchy Panel 4.7_adrikadi.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\AppData\Local\Temp\Anarchy Panel 4.7_adrikadi.exe
"C:\Users\Admin\AppData\Local\Temp\Anarchy Panel 4.7_adrikadi.exe"
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Temp\" -an -ai#7zMap22206:132:7zEvent32460
C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe
"C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe"
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Users\Admin\Desktop\Infected.exe
"C:\Users\Admin\Desktop\Infected.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "Infected" /tr '"C:\Users\Admin\AppData\Roaming\Infected.exe"' & exit
C:\Windows\system32\schtasks.exe
schtasks /create /f /sc onlogon /rl highest /tn "Infected" /tr '"C:\Users\Admin\AppData\Roaming\Infected.exe"'
C:\Windows\SYSTEM32\cmd.exe
"cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\findstr.exe
findstr All
C:\Windows\system32\netsh.exe
netsh wlan show profile
C:\Windows\SYSTEM32\cmd.exe
"cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\netsh.exe
netsh wlan show networks mode=bssid
C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\RestartSend.png" /ForceBootstrapPaint3D
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\RestartSend.png" /ForceBootstrapPaint3D
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\NewInstall.TTS"
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n /f "C:\Users\Admin\Desktop\WriteConvertFrom.dotx"
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe
OfficeC2RClient.exe /error PID=3760 ProcessName="Microsoft Word" UIType=3 ErrorSource=0x8b10082a ErrorCode=0x80004005 ShowUI=1
C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Pictures\SetRedo.png" /ForceBootstrapPaint3D
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Pictures\CheckpointShow.jpeg" /ForceBootstrapPaint3D
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
C:\Windows\system32\dashost.exe
dashost.exe {dbab9c3c-5039-4b5a-9e42d5f0e1d5b830}
C:\Windows\SYSTEM32\cmd.exe
"cmd"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell" Get-MpPreference -verbose
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add - MpPreference - ExclusionExtension ".exe"
C:\Windows\SYSTEM32\cmd.exe
"cmd.exe"
C:\Windows\system32\systeminfo.exe
systeminfo
C:\Windows\system32\HOSTNAME.EXE
hostname
C:\Windows\system32\net.exe
net user
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 user
C:\Windows\system32\net.exe
net localgroup
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 localgroup
C:\Windows\system32\net.exe
net localgroup administrators
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 localgroup administrators
C:\Windows\system32\net.exe
net user guest
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 user guest
C:\Windows\system32\net.exe
net user administrator
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 user administrator
C:\Windows\system32\tasklist.exe
tasklist /svc
C:\Windows\system32\ipconfig.exe
ipconfig /all
C:\Windows\system32\ROUTE.EXE
route print
C:\Windows\system32\ARP.EXE
arp -a
C:\Windows\system32\NETSTAT.EXE
netstat -an
C:\Windows\system32\ipconfig.exe
ipconfig /displaydns
C:\Windows\system32\sc.exe
sc query type= service state= all
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Users\Admin\Desktop\DECRYPT.exe
"C:\Users\Admin\Desktop\DECRYPT.exe"
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.Windows.Search_cw5n1h2txyewy
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.142.81.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.1.85.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.110.54.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.14.97.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:3232 | tcp | |
| N/A | 127.0.0.1:3232 | tcp | |
| N/A | 127.0.0.1:3232 | tcp | |
| N/A | 127.0.0.1:3232 | tcp | |
| N/A | 127.0.0.1:3232 | tcp | |
| N/A | 127.0.0.1:3232 | tcp | |
| N/A | 127.0.0.1:3232 | tcp | |
| N/A | 127.0.0.1:3232 | tcp | |
| N/A | 127.0.0.1:3232 | tcp | |
| N/A | 127.0.0.1:3232 | tcp | |
| US | 8.8.8.8:53 | icanhazip.com | udp |
| US | 104.18.115.97:80 | icanhazip.com | tcp |
| US | 8.8.8.8:53 | 97.115.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | 1.112.95.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.mylnikov.org | udp |
| US | 172.67.196.114:443 | api.mylnikov.org | tcp |
| US | 8.8.8.8:53 | 114.196.67.172.in-addr.arpa | udp |
| N/A | 127.0.0.1:3232 | tcp | |
| N/A | 127.0.0.1:3232 | tcp | |
| N/A | 127.0.0.1:3232 | tcp | |
| N/A | 127.0.0.1:3232 | tcp | |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa | udp |
| US | 8.8.8.8:53 | 98.142.81.104.in-addr.arpa | udp |
| N/A | 127.0.0.1:3232 | tcp | |
| N/A | 127.0.0.1:3232 | tcp | |
| N/A | 127.0.0.1:3232 | tcp | |
| N/A | 127.0.0.1:3232 | tcp | |
| N/A | 127.0.0.1:3232 | tcp | |
| N/A | 127.0.0.1:3232 | tcp | |
| N/A | 127.0.0.1:3232 | tcp | |
| US | 8.8.8.8:53 | i.imgur.com | udp |
| NL | 199.232.148.193:443 | i.imgur.com | tcp |
| US | 8.8.8.8:53 | 193.148.232.199.in-addr.arpa | udp |
Files
memory/884-0-0x000001CA6D990000-0x000001CA6D991000-memory.dmp
memory/884-1-0x000001CA6D990000-0x000001CA6D991000-memory.dmp
memory/884-2-0x000001CA6D990000-0x000001CA6D991000-memory.dmp
memory/884-6-0x000001CA6D990000-0x000001CA6D991000-memory.dmp
memory/884-7-0x000001CA6D990000-0x000001CA6D991000-memory.dmp
memory/884-8-0x000001CA6D990000-0x000001CA6D991000-memory.dmp
memory/884-9-0x000001CA6D990000-0x000001CA6D991000-memory.dmp
memory/884-10-0x000001CA6D990000-0x000001CA6D991000-memory.dmp
memory/884-11-0x000001CA6D990000-0x000001CA6D991000-memory.dmp
memory/884-12-0x000001CA6D990000-0x000001CA6D991000-memory.dmp
memory/5092-13-0x000001E907A40000-0x000001E907A50000-memory.dmp
memory/5092-29-0x000001E907B40000-0x000001E907B50000-memory.dmp
memory/5092-45-0x000001E90FE70000-0x000001E90FE71000-memory.dmp
memory/5092-47-0x000001E90FEA0000-0x000001E90FEA1000-memory.dmp
memory/5092-48-0x000001E90FEA0000-0x000001E90FEA1000-memory.dmp
memory/5092-49-0x000001E90FFB0000-0x000001E90FFB1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe
| MD5 | 94bac1a0cc0dbac256f0d3b4c90648c2 |
| SHA1 | 4abcb8a31881e88322f6a37cbb24a14a80c6eef2 |
| SHA256 | 50c2dba1d961e09cb8df397b71bd3b6a32d0ee6dbe886e7309305dc4ba968f94 |
| SHA512 | 30ecee38d5d641abaf73e09a23c614cb3b8b84aa1f8ff1818e92c1f2b51bf6841d3e51564aecb5efd01a3d98db88f0938e7dd4ee9c74ca5477785c33c969ffd9 |
C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe
| MD5 | 94bac1a0cc0dbac256f0d3b4c90648c2 |
| SHA1 | 4abcb8a31881e88322f6a37cbb24a14a80c6eef2 |
| SHA256 | 50c2dba1d961e09cb8df397b71bd3b6a32d0ee6dbe886e7309305dc4ba968f94 |
| SHA512 | 30ecee38d5d641abaf73e09a23c614cb3b8b84aa1f8ff1818e92c1f2b51bf6841d3e51564aecb5efd01a3d98db88f0938e7dd4ee9c74ca5477785c33c969ffd9 |
C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe.config
| MD5 | 3d441f780367944d267e359e4786facd |
| SHA1 | d3a4ba9ffc555bbc66207dfdaf3b2d569371f7b5 |
| SHA256 | 49648bbe8ec16d572b125fff1f0e7faa19e1e8c315fd2a1055d6206860a960c9 |
| SHA512 | 5f17ec093cdce3dbe2cb62fec264b3285aabe7352c1d65ec069ffbc8a17a9b684850fe38c1ffd8b0932199c820881d255c8d1e6000cbbe85587c98e88c9acb90 |
memory/2692-113-0x00007FFC71110000-0x00007FFC71BD1000-memory.dmp
memory/2692-114-0x0000000000E00000-0x000000000449E000-memory.dmp
memory/2692-115-0x000000001F090000-0x000000001F0A0000-memory.dmp
memory/2692-116-0x00000000064E0000-0x00000000064E1000-memory.dmp
memory/2692-117-0x00007FFC71110000-0x00007FFC71BD1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Costura\C5730A4C0FDD612A5678E51A536CE09E\64\sqlite.interop.dll
| MD5 | 56a504a34d2cfbfc7eaa2b68e34af8ad |
| SHA1 | 426b48b0f3b691e3bb29f465aed9b936f29fc8cc |
| SHA256 | 9309fb2a3f326d0f2cc3f2ab837cfd02e4f8cb6b923b3b2be265591fd38f4961 |
| SHA512 | 170c3645083d869e2368ee16325d7edaeba2d8f1d3d4a6a1054cfdd8616e03073772eeae30c8f79a93173825f83891e7b0e4fd89ef416808359f715a641747d7 |
memory/2692-124-0x000000001EF40000-0x000000001EF52000-memory.dmp
memory/2692-125-0x000000001F590000-0x000000001FB78000-memory.dmp
memory/2692-126-0x000000001FB80000-0x000000001FF40000-memory.dmp
memory/2692-127-0x000000001F090000-0x000000001F0A0000-memory.dmp
memory/2692-128-0x000000001F090000-0x000000001F0A0000-memory.dmp
memory/2692-129-0x000000001F090000-0x000000001F0A0000-memory.dmp
memory/2692-130-0x000000001F090000-0x000000001F0A0000-memory.dmp
memory/2692-131-0x000000001F090000-0x000000001F0A0000-memory.dmp
memory/2692-132-0x0000000023800000-0x0000000023A52000-memory.dmp
memory/2692-133-0x0000000023E90000-0x0000000023FDE000-memory.dmp
memory/2692-134-0x0000000024130000-0x0000000024144000-memory.dmp
memory/2692-135-0x000000001F090000-0x000000001F0A0000-memory.dmp
memory/2692-136-0x000000001F090000-0x000000001F0A0000-memory.dmp
memory/2692-137-0x000000001F090000-0x000000001F0A0000-memory.dmp
memory/2692-138-0x000000001F090000-0x000000001F0A0000-memory.dmp
memory/2692-139-0x0000000024180000-0x0000000024192000-memory.dmp
memory/2692-140-0x00000000242C0000-0x0000000024538000-memory.dmp
memory/2692-146-0x00000000200D0000-0x00000000200DA000-memory.dmp
memory/2692-151-0x000000001F090000-0x000000001F0A0000-memory.dmp
memory/2692-152-0x000000001F090000-0x000000001F0A0000-memory.dmp
memory/2692-153-0x0000000025300000-0x000000002541E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\bhatrussia.url
| MD5 | 96cec2ff3bc1281c3b541d549538c9fb |
| SHA1 | 3080d0f1e71aca0d10925f692c7f700a6fa16d76 |
| SHA256 | cd064a6f7aa46315dea10e6d73bc0416c4954bc8c3fee19a39a2c88c49f3e8ae |
| SHA512 | bf4798a45851d7c0555474e20d26a6fda8112c9be895f674dea49902b5dc3b4d5d9ce9bc5361f16d9b8508198a3f36733b4991cc72553dad3f698e0e0a87a653 |
C:\Users\Admin\AppData\Local\Temp\blackhatrussia.url
| MD5 | ef657464ae10c35ee89c6bfb900d83af |
| SHA1 | 1c68b493f87316260e99e3b5b1983fdec0c701b8 |
| SHA256 | cfd230d01d6c362a1005d5a530f1807a65ef8497a1246c43c0dfcd5a62022cbf |
| SHA512 | 80964f8716653eadf15fcea9bfec0800c4beeee6bc1155b421d51fde813d7752f33a6b33622c1f9f4b5c576c168c6f173349caf03f8e76525aa32251c0d340de |
C:\Users\Admin\AppData\Local\Temp\Home - cybergoons.url
| MD5 | ef51820e228c5bbcf9aabe92e747782e |
| SHA1 | b33c7c782205e69471257703f6cb70b1357ce474 |
| SHA256 | 59ac2d12ea4559253fa25f2d367f75b7689bb7b772965101903063f646ae9b4d |
| SHA512 | 3d2e8ce0d822636ce3a78edf63d4935638446a9bd0eff88e85daeab4d6be00f10d32a9f74afa11af56fbefaebb7534a64339a2de3f416cc0c670122bc5b9abd9 |
C:\Users\Admin\AppData\Local\Temp\learn all kind of hacking.url
| MD5 | 7ade4a739cbd8f44d0ef52a2f1bc6e7b |
| SHA1 | 20753d483e1a84cb248ba2c0fb72d44137d7d73f |
| SHA256 | cc7649ed53c65e4851ace414529564fe16801bb2bed4cb15588bfd6b4ac13616 |
| SHA512 | 5850c3d064c9d616854a47b4bd398b76494f1fbe9b356ec5e15879f97dc67970168196ec6b177fa71d15d25d25757a29319cbf9697f3a80461aa62b431d53851 |
C:\Users\Admin\AppData\Local\Temp\Home - blankhack.url
| MD5 | 4a4418c24d2f2a9deee8046363bdd28f |
| SHA1 | 4532c81bb5e66e2f976581a6cb251ab642ada551 |
| SHA256 | 55dfe247f8fd6a8b0b66b3cb61feeae96d0b357338cd95771e89897aac1a6839 |
| SHA512 | b6f01a2b8333dc1926a829271a557ed99f6a69bef5fbc9c32231da11089ef1190981f7ad5de377a6b928988609bee38322b6b4e0e9cfb813e98f7a807b062764 |
C:\Users\Admin\AppData\Local\Temp\gbpast - Login.url
| MD5 | 4a4f5be9370e206241bb73bfc2367f3c |
| SHA1 | 3d837fdcaa5e3bf04b57600cecb56a9ff34dd8f2 |
| SHA256 | 210f2ee620fe51acdbe59bba7bb4acbde397034818b09156f6f0874b016a5b18 |
| SHA512 | 2ba13fe029ac6c5bcfdecf4f9ff6bdbcd64a1129e845c94944b3b35143b8270b8e024b28302750b2214ef82371a70e59fce4226907af240f60d6ad78fb668054 |
C:\Users\Admin\AppData\Local\Temp\Usrs.p12
| MD5 | 553be3f9f0251864cab5a22cf75b80f3 |
| SHA1 | de5d2e9471323eee6cd0520f3b9821c9c5ba26b3 |
| SHA256 | 1540a1eb1976ab9398e2abae7176f49da644c0ad72a4be92b41edd531f836e07 |
| SHA512 | 3488bd2ec00f3dfa115e1a9ec38c899a8ae627907c7cc2f91a8088d258e60615ede1adf5671a2e7e7583c550e70b9641b9f2d5a5fb60b84ac47962d558284cdf |
C:\Users\Admin\AppData\Local\VyLcvAjyZL9oUxnI4mJV\Anarchy_Panel.exe_Url_bhennukkrj4ap4ybumzdxwrmvm3shh42\4.7.0.0\user.config
| MD5 | 4b01719ab493b81d429c574dbaca15ef |
| SHA1 | 719ef1e4e6616a3d8afce09de7f89ddcf186a3a3 |
| SHA256 | 33ce546b728989bc9ff5dd4c487a87723e5eb7b3953b7cb56e747747411b6c54 |
| SHA512 | 4d5293d8b58c793bbbe6dedc061cb4fd3e7302771ee91789240ecf80f2f79d08dffc36d148f755107a3d12de6037ab18c57cb42494de80a40d90b64bb04ef234 |
C:\Users\Admin\AppData\Local\VyLcvAjyZL9oUxnI4mJV\Anarchy_Panel.exe_Url_bhennukkrj4ap4ybumzdxwrmvm3shh42\4.7.0.0\user.config
| MD5 | 495d368baef768dd527dd8b772702c87 |
| SHA1 | 20ceb83c7076024e0491f169173607aa4a2e3931 |
| SHA256 | 38f1820a88401c8e117bfeca56a11aa06dc806a175203e86f323dc6fb81fb3cf |
| SHA512 | 75770717f4bc7c9bdd13d747fdcd6306c38423b1b5d908b5d7cdf4da1b7bbe722f65bb52e63c61ca6da89981d8f5a99035c1d610a0fdacb706a046520c291d18 |
C:\Users\Admin\Desktop\Infected.exe
| MD5 | c067081c04ccec5fc228b9a00448cad7 |
| SHA1 | 6c04378c11ea48885b1918705b95fe7e741785b1 |
| SHA256 | 92f44bd3908fef5e650ce08ac27a20a96c3c413960c3b2e307baf8a3a7d88470 |
| SHA512 | d3dde16a807568b3160a2abc0c7b96955e62db3dfc91941d1b86fd8bfd92f407791eb6c54d9ab341658c02da37e76329fd8580600d1aaab62b32a412a93a9964 |
C:\Users\Admin\Desktop\Infected.exe
| MD5 | c067081c04ccec5fc228b9a00448cad7 |
| SHA1 | 6c04378c11ea48885b1918705b95fe7e741785b1 |
| SHA256 | 92f44bd3908fef5e650ce08ac27a20a96c3c413960c3b2e307baf8a3a7d88470 |
| SHA512 | d3dde16a807568b3160a2abc0c7b96955e62db3dfc91941d1b86fd8bfd92f407791eb6c54d9ab341658c02da37e76329fd8580600d1aaab62b32a412a93a9964 |
memory/1140-194-0x0000000000B10000-0x0000000000B26000-memory.dmp
memory/1140-195-0x00007FFC71110000-0x00007FFC71BD1000-memory.dmp
memory/1140-196-0x00000000012E0000-0x00000000012F0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Plugins\oYsKwDG.dll
| MD5 | a718955297276f2349b7644447736e08 |
| SHA1 | 377388d115b77aff357dcaf92b6aeb6286b1460d |
| SHA256 | 54ec206c8fe8ff27b3fb02ef892b8e6bc4b6abfff2fe08f5f57175c64f1d3220 |
| SHA512 | a3c2ded0cdc4e62adac92a569d6cd4db0c3647e663700f019a9de27e738eb2672e5cccec19af15633a3cd25a882452ff5ce39c17f67dc3ed6653b9e0ad063641 |
C:\Users\Admin\AppData\Local\Temp\Plugins\0guo3zbo66fqoG.dll
| MD5 | e4ebcf76ff80ef398d3ab77d577f4c08 |
| SHA1 | cb9e6b30a63d50ae87610f6855b64abfb25691d2 |
| SHA256 | 9661b1abc9a3e95e591c49c3838a64a066a2ff3c6de08d8aa7b541c4a75cd8e5 |
| SHA512 | 8f37cedd987dd14181fdfa861b8a95271868dac21aa9df80bd6daa831ae20f4b4965c8be3e36f32aa220bd37ded11a7568ae237c9c9641bb4fc087f6fe104b01 |
C:\Users\Admin\AppData\Local\Temp\Plugins\59Zp7paEHDF7luJ.dll
| MD5 | 15e3d44d37439f3ac8574ac1c9789ec2 |
| SHA1 | bb3ef30e9f4496198f412738579966210ade36e0 |
| SHA256 | 5db4c26057a05bb75ff7892fb60fd76620fc2228811d913d152a0aa4ec9db7a5 |
| SHA512 | ff358c9896792017ff7e91f1dedffd9d75a099c5b852da19599799aeca20b6b269267ff7c12c918a2530fe1a79a12bc8796c4eb3914c97faba3eba27388abde1 |
C:\Users\Admin\AppData\Local\Temp\Plugins\EVa7gBMKoaHmLC.dll
| MD5 | 64a3d908b8a5feff2bccfc67f3a67dbd |
| SHA1 | a17d7e5fa57c99a067cac459cb507b625dac254e |
| SHA256 | 6ea1ae7ab496666c0117fc20e704bfb6104b13cfb0408073a09689f863fa64b1 |
| SHA512 | 66374d720230799bea6ac6cfe3faadc37fd775a49d40c04facae1caf1ec658956bbda54ba75287d7128b19b97971bd933a64469da8e0884225c5a8d8b9423ccc |
C:\Users\Admin\AppData\Local\Temp\Plugins\eMTYbTz0gueNs4.dll
| MD5 | 5dfbcfbbf9e2ae7db23e252808699ffb |
| SHA1 | a1d429292fe73aeb5abab10304e1ae8c1262b26d |
| SHA256 | 929e5f15e9ceca03c80b2d174283cb25bf47adfe4693f5c01f622416c9f6d03c |
| SHA512 | 9ee63080781577e0d818a27d026024f96161bb7b132dc0c130fabbe2d6c3b7758868fff5a4ad68efeb4d08f964e2f69417022751880a443f7f920aa4f40f5c09 |
C:\Users\Admin\AppData\Local\Temp\Plugins\CjETR6GpGXqM.dll
| MD5 | b0fc0ba80f8ec9586ff397412c512d9f |
| SHA1 | 0f6051b71b715a47be1fa16683201413905629a3 |
| SHA256 | 13db80a0211ba9bf59a1e43bdb2fffa91de5c7f38bd469c4824b5e06245a0234 |
| SHA512 | 222a365ae567c6c773ca2b99b82795916839cc5c9ba8eb019bf6713108720c2793303ef6612b64488f4584602cec84c0b48a02fe709db0250bf377d07e002d7d |
C:\Users\Admin\AppData\Local\Temp\Plugins\fzAgyDYa.dll
| MD5 | a5770798b7a6465f5b5a8c19d7d707ee |
| SHA1 | ca67e9591d2f757cbbfacb55f27aec6485b10ee6 |
| SHA256 | f855353a618af8a53504b5188c05d3a09fb1ff85763e0cd15c53dee82d7c6119 |
| SHA512 | 64da7687e83c6ff4d1c1cdc644ffff53333f745e82f169beb529d55ec5be6f21658d27c6e01744147c00f834978260e86ea627a5f2981f27305afb69a7b467dc |
C:\Users\Admin\AppData\Local\Temp\Plugins\mML6WKMqdxjDGA.dll
| MD5 | e03b206eec8a7efbd1a47909071226e5 |
| SHA1 | 21163989ea524920e874bc7932adfcd5e94f854e |
| SHA256 | 778877431354a9584325dadb663be077f757227eaae8bcad33e4bf26efd6b965 |
| SHA512 | 831ed74419f1b4c3250fbff20be16ed7058a851d7168a17e8a4dcf284a19412feee42a8c198af34b37571de33a80c48ac855f5d018ea9e2cfdcd846b832155ff |
C:\Users\Admin\AppData\Local\Temp\Plugins\mGWHaG2Jn.dll
| MD5 | 8f98206f577160f950d456d1190c8d32 |
| SHA1 | defced38fce00775c4616b420fa674d77f946eff |
| SHA256 | 2bde0293c982fb6266c683ecaa2c90372d26d9a2786726874a2cfb89dcc68324 |
| SHA512 | 432c2b6759701754616273633c966332e718dbb10a9a7eab0d7c57ffdc9be95b5e1b16b6e291301ac7aa6d1de48a46d30f08729e45d6634b1849f41c78e92d91 |
C:\Users\Admin\AppData\Local\Temp\Plugins\KNTmoSnG.dll
| MD5 | 738c096a9bc38e21a9aa59ebc356c80d |
| SHA1 | 139756ad201a537461a6bb8524a4b89a63b1b1b9 |
| SHA256 | 300a5551f7be89c5f03c0b70fa7dafb7f84c6394dac68bee95169e985e7786f0 |
| SHA512 | 294c34f0716861fa67ba571bf7a8614613a1746e9f2935ba0c86eb1897dff858ea1f7fb44f1b6ec87cc709f4933a912dcd3eadd5d0b208c72985aa47e1f214f2 |
C:\Users\Admin\AppData\Local\Temp\Plugins\G3nl0mDcABnDuZ.dll
| MD5 | 97b8bec4c47286e333cc2bedacf7338e |
| SHA1 | 764bbd0307924b71ca89538b42996208d10c9b91 |
| SHA256 | 060d467cbeb0a58696287c052f3dd9b3597331b1c812e3e2882d6c232f8511de |
| SHA512 | a40970622a594533349e75fc2022314ba21f05fc82709d6eaba82f4a2bc343c960029ad2825cfc034ce82622722127d149993bff88982f02d6dd6b5b1fb60fbf |
C:\Users\Admin\AppData\Local\Temp\Plugins\FBSyChwp.dll
| MD5 | 0d41ccfaa8e7ef96248b8270d1a44d08 |
| SHA1 | 6ee22bdb91d3a18e0b45b6590eb69bc9a0b02326 |
| SHA256 | 0ea38d0d964815e2b84748a78bd5a829ae01586478e5f17b976f1ae763c8dec3 |
| SHA512 | a0f236f6dbeb1763fb1c198616de65b907a3a5edf7ed9435c2ad0b5826d84e9d2f25e96aba4e8b681ef495612cf0e04e929427a92d332164ace89e797bcb0e0e |
memory/1140-210-0x000000001C9D0000-0x000000001CA46000-memory.dmp
memory/1140-211-0x000000001CA50000-0x000000001CF1C000-memory.dmp
memory/1140-212-0x0000000002D80000-0x0000000002D9E000-memory.dmp
memory/1140-213-0x00007FFC71110000-0x00007FFC71BD1000-memory.dmp
memory/1140-215-0x00000000012E0000-0x00000000012F0000-memory.dmp
memory/1140-449-0x000000001B0D0000-0x000000001B1F2000-memory.dmp
memory/1140-465-0x0000000002F40000-0x0000000002F62000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmpBFB0.tmp.dat
| MD5 | 4bd8313fab1caf1004295d44aab77860 |
| SHA1 | 0b84978fd191001c7cf461063ac63b243ffb7283 |
| SHA256 | 604e2ecd34c77664dae4ceb0dab0b3e4bb6afb2778d3ed21f8d8791edd1408d9 |
| SHA512 | ca96d92a8abbd3a762e19f8e77514ee0018b7e5dc21493c37e83e22047b3cc892eced2fc80b78e6861bb972e20b93007eb46bcb7b562965be2bfa98a24c2ed65 |
C:\Users\Admin\AppData\Local\Temp\places.raw
| MD5 | 2f10e51eb8ee17afada46574a5c6627a |
| SHA1 | a954969300d6e0a228a6aa71ff51271a1540b7f9 |
| SHA256 | 1a8273d038a869c6f9f0c063e145b9f0cb9c78c200568f499c79c298bebee1be |
| SHA512 | 1ad88f1547b4c92257f73ea7c4797a822cd71d0d6d365741dc79845bead1760819eb247cad163f6ee4e7ff531a79d12b4e7f60d778902067ab956ccf56030538 |
C:\Users\Admin\AppData\Local\Temp\tmpBFF9.tmp.dat
| MD5 | 90a1d4b55edf36fa8b4cc6974ed7d4c4 |
| SHA1 | aba1b8d0e05421e7df5982899f626211c3c4b5c1 |
| SHA256 | 7cf3e9e8619904e72ea6608cc43e9b6c9f8aa2af02476f60c2b3daf33075981c |
| SHA512 | ea0838be754e1258c230111900c5937d2b0788f90bbf7c5f82b2ceda7868e50afb86c301f313267eaa912778da45755560b5434885521bf915967a7863922ae2 |
C:\Users\Admin\AppData\Local\Temp\tmpBFF8.tmp.dat
| MD5 | c9ff7748d8fcef4cf84a5501e996a641 |
| SHA1 | 02867e5010f62f97ebb0cfb32cb3ede9449fe0c9 |
| SHA256 | 4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988 |
| SHA512 | d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73 |
C:\Users\Admin\AppData\Local\Temp\tmpBFF7.tmp.dat
| MD5 | 02d2c46697e3714e49f46b680b9a6b83 |
| SHA1 | 84f98b56d49f01e9b6b76a4e21accf64fd319140 |
| SHA256 | 522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9 |
| SHA512 | 60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac |
C:\Users\Admin\AppData\Local\Temp\tmpC029.tmp.dat
| MD5 | d367ddfda80fdcf578726bc3b0bc3e3c |
| SHA1 | 23fcd5e4e0e5e296bee7e5224a8404ecd92cf671 |
| SHA256 | 0b8607fdf72f3e651a2a8b0ac7be171b4cb44909d76bb8d6c47393b8ea3d84a0 |
| SHA512 | 40e9239e3f084b4b981431817ca282feb986cf49227911bf3d68845baf2ee626b564c8fabe6e13b97e6eb214da1c02ca09a62bcf5e837900160cf479c104bf77 |
memory/2692-575-0x000000002A410000-0x000000002A4C2000-memory.dmp
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif
| MD5 | 5a7c1b78dfb14ac7998a75d40b92c3f4 |
| SHA1 | 03f72828cbb9c0382de7dc609e278ccec1a7716a |
| SHA256 | 9fa0ba50e0d580b203f7b5baefb7319567b827a30dea1c20f1bd5068df69c279 |
| SHA512 | ffa283ecdace7010f7f995a2cb97541f5864ba686a11afde728b38dfe28dcdadbd59c1fc5f62c7f4d85b5f1cea6064228d447cce90d9bfb5a234af37e1f265e3 |
C:\Program Files\Java\jre-1.8\COPYRIGHT
| MD5 | 47b0a2f749bc41ea2ed69137daec9c41 |
| SHA1 | 6f6f85ceba9acb59a573583ffd9532e68daf0429 |
| SHA256 | b99f739360157b7fa5004ff57911e09f563e5eb5c60b10b46fd47567ec43f3ef |
| SHA512 | 74bafc146c3e337a4964b0a669bcfaf8df4ba7cd6f61e0b878f761259a79867e832f57d5e1aced2659e6ebda32a593d60fadd74d09330a1c6b84083b6ed3d85a |
C:\Program Files\Java\jre-1.8\LICENSE
| MD5 | 7630446a67a822e879e2f0bb8e0bdd6d |
| SHA1 | e822848b7b96061e4d026dc2300ce91eded5bfbc |
| SHA256 | 6b057d8bf87b173648aef2ea79c984a5e77b686d7f37894e049f5e85943a43ba |
| SHA512 | a89ac32ebc6ce974e143919fbaabfa71e2774ea65a0cbb01d9f85e2c8ec4349064763e718c26ca210a6f60eecf3599adf2c7b937e5d54acd14d8c4b55672f252 |
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt
| MD5 | 0a1c927745f82b77ab835b25e3d5e51c |
| SHA1 | 4c716bf3b21a3f1b7f6c344624a9bc735b55ebeb |
| SHA256 | 41f4bd4e0b149ebbaa6416c23bebf2344a85235f380099c619e1615428dd44cb |
| SHA512 | c0a821833bee6f906f28d73fd3eb8e88e320aedef4f38b117d3e27d10ff267c7b1312ec8d00850fb781b20d3b6e2aa66e74238c40e3f533c332cfb520cee8d8d |
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt
| MD5 | 37ff4ef4329f1f638df53801f475312d |
| SHA1 | 2b151840e3fd1749ad2d62bd0da0fed30169e712 |
| SHA256 | bcccea06cfa7e56b2062bbe7528823adeefb9ff24ccc094267d976237dd378e8 |
| SHA512 | e7a48d0c6ac3b64e76b54fe784e916e8e0fdf8600875ffd7fa50ad4883d4e47ab363f420ed3816e13b15d7d65b210f42d361ab07b0baa3bdf179279c424975f1 |
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md
| MD5 | e432b966724fac93ff5fa84beb4985cd |
| SHA1 | d686cf62da1e0d279c88a14ae8d89b69155f1509 |
| SHA256 | 9c1ba9c40a424205a0cb0b533ed14b31449a2f589fe4bd15d8549061149c4669 |
| SHA512 | c461ca87a371939d963c0c036dce8c6f995fa3f00ba3f5e91f1f142eacaaa7ded1121db5ae8079715fcf89d0da2c05bd5a3807a5821c411f18f7a61f28bc4c85 |
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md
| MD5 | cb28f5c5757f8f7cfe567bc0a270a7c8 |
| SHA1 | cc264e3cc9926473dcbbd3d3b29b83aa36a8784a |
| SHA256 | 0514e4752e9f2e6b8ab3c95c329cb2e942525742fa4646c751dd43735d1a0378 |
| SHA512 | 40f5e37bb81a0296025f2da7dfee528c7970876678329d393dfd5787281802009974c325b6275bafea5a7535a6bb327441350de302522e82f5ac17f7786be760 |
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md
| MD5 | f7c9880c14e44b583c03f435ef8e0bf8 |
| SHA1 | 45f006fabbf0740c13818d68bc81a54c507031ef |
| SHA256 | 3a05d9e837846d94e305791bae337446b66e841eec78f40010d594dc578c5b7a |
| SHA512 | 6bb29ebb17b768df88b3888d1b704bd2c189c939bab4eb135f4c3ae2b0990e05108f083b20b562bcf1762973e302fa38ed596454ca94754cf535c4d3935278cb |
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md
| MD5 | df84fcf0df90408117a9c0edac604547 |
| SHA1 | fe2b1e6a76a403f5602926b43a52cd5953dd0e15 |
| SHA256 | c6b139ed2ecf31244c18def01f6ea5c182cb919641494de0341ad54b52066d2a |
| SHA512 | 2ec91419923d80a913f29055ab73696dae19900d09626cbee9f35a34895f6b5321f997f2d83bdaf1e91d394a154ea7d5d55a7044912975c954cf5e7c183a6551 |
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md
| MD5 | 60b271633b1d51593780561a0ec3bd1e |
| SHA1 | b317ba3187474a36d824275cfd209cecc506da6b |
| SHA256 | 5032374c6e5b638cb36a282f2c18776750f6d8025b6e54ebced2d4968f4e2456 |
| SHA512 | 115e4fa260a0c945415d7895d815085dadd61d6d2e4b9ebf96af6bbb6ea3f160efea61201a0ac444cac2acfb72bc0ee2d18c96e38f73481ec121d256baa99788 |
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md
| MD5 | 3c1cf66f38a604360c72c78c7785edd2 |
| SHA1 | a1759e1850021ff133e1424bc1af0940056f412b |
| SHA256 | 0651d5bfb25d82b6a227a75996001d7cb82e1dde0f0159b05231e0a2bb22383b |
| SHA512 | 5e73ea075536fa3f12ff6d6018f85781863bf8176e8fa1178562cb01a8c65955064dac7b388175fa08ac8bec4668c7ba46c343300acf6a5dfc6ac65f03e158aa |
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md
| MD5 | f1304c167cb9b4afa28c1d8ff1d56a14 |
| SHA1 | f001efe4c2c6bcdce86e37cba276ca437db5981b |
| SHA256 | ca9d4acf14a2c471100d4fa96d432c07f5ecda8f8b38d879d2464778c95e365b |
| SHA512 | 83d59766a2718d8b258d9e2e4bb92616aa0ac63f16c2ea15379009151c0d8e91d225066a7c7cb59cf5cbf8035681d9a979642daf01ebebf5d40c301844c4ade6 |
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md
| MD5 | 1c8da4217dabb89880e04f3742a2e5e3 |
| SHA1 | f3e415a8568d229c55f43425d9d15eaafd934452 |
| SHA256 | 52a93cc962f7e6842f653fffc7b27b69da5dd54ea92d9c0c68280d6deb8a9f14 |
| SHA512 | 635b25466a4e012fe7262ac993242c1cd67005a856398af2bc7a3939dfef95afbf63585e8b141948c032b1f9c27fd9694981461153379e3d38c330ff61cdf90e |
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md
| MD5 | bb1eca3709b01a9347eb547903860d36 |
| SHA1 | 369669bd7fdd2c6c5ab66b60d37cdf3bedae5bfd |
| SHA256 | 608b54e405f76109ed3f25ab8ec9456192d612f52db3052f45df63fec5b20729 |
| SHA512 | f5f42d8d3d2d3d63eca9d136fc510c713001cbc02c2e8ba1d07fcf346999dcd7bd4e5da8d7811020413d609c6cc1c9c2f32d7565a7ffc8342e52e8d47007c8df |
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md
| MD5 | 6d930677ea0b2ecb212be623664db59c |
| SHA1 | bdfab226394a1e2322cee67817e88e671f902c2c |
| SHA256 | cb72a44eab45df994b58aa903d2470a5bef17863fd4c517caf6558e13778ad2e |
| SHA512 | f36b9ec2ef6e626aef5d5948657475bf3809448cbb91ab5451102fcfbb1018010787c7e4af0bb227da88e887a8b4779340951d60173bda970ef311af0caf5bea |
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md
| MD5 | 74175bbe968e7ac875dec935dfd42eab |
| SHA1 | 492519163fdb1034a68755200ab576e6a8ccbc5a |
| SHA256 | 9496cb156f9fb618049fa1776395a8fa0619d0505cf89257488b1ba460dafafd |
| SHA512 | b9c5d81ec75c1271ac59f6b6272d9831647766774534e1c43eaae0c6595ddf821f5160dda2855a41b049e9982f16572c6d10e968de815e1317b24c2a790a025f |
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md
| MD5 | 08387531f1b00979fefbfa8d35c68e68 |
| SHA1 | 17a48a3152a8f63e9f5e646b42a4ce3c23d53fa8 |
| SHA256 | 34a186ca5d3915c0349006317f303c6f24258dc24d6b46f899ae68db4b689784 |
| SHA512 | 0636a507455f4cd9ad39637283281ed7ef6154c1abf66f032431fc876b637a02d180ca42a91f988a5a12c0c434ffd5b1d298f872bd4520b301523c75a0b1f462 |
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md
| MD5 | 0059cf2c76aa8564bc9622fd6ad607fe |
| SHA1 | 9d96ef8ad31f12940002bd030f01e535e23b2653 |
| SHA256 | 21543edbe7720a2df3ab5928b0137ebe42bc0288b3ef82c214b8720770547d8e |
| SHA512 | 6cb422461bfbb8b738571ddfa561ea6d536e83aeb6d1054b038cef6622c182284f638973be884e5a85c127bc5c20a95ec8a1952d10264664d298066a0122f0f8 |
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md
| MD5 | 74acd4113e9668f6e6c5f163c67d89ff |
| SHA1 | e22eec22aa94612831f3e41c26ab7780b13ae81a |
| SHA256 | a6a4e85ab74a17ca3e1fb0930e555d764ea985d01ac426f7228bad00a32c1bae |
| SHA512 | 839807465fd55f8d83878f0ec461218559820c6097fce1cccf0b7166ec581b52bb299f5bb679aaa1ee12ea5003477c7c91ac952249028a326c75189925ee1f79 |
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md
| MD5 | 93574ab46932ec8624d209bc9a12b1e5 |
| SHA1 | 96ddc13be677adb8e31e0b509d7ab8f3cfd473fe |
| SHA256 | 7f6d3c16c28a2e15c28a24a5f1bc6b0189aee6a9b883e9661a7d9a9561017fa5 |
| SHA512 | 97fdc7d6827ae756fb0fc310af74e8ae5449b3eeee2a0efa1779da99a3f2b4379d3c969414dcec68b24a701e71da05c60130d75c867e3b308d6173d5f9242c06 |
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md
| MD5 | 8f55547a756b2dc8f52218a0c19eda0f |
| SHA1 | 8b429115562fcef4cce88ce35ccbfd7e9a84ac14 |
| SHA256 | cea267f02b29fda33c29d3c4a359befaa4763c07edf129fd0eb9c6ce05958da3 |
| SHA512 | 8765acd479023e15bc81eb2a395cb2637679d26cf349c3c41649251ca4ac0319f90699f146224e7979c0beb7fbe4783ea2ac01f0436f47ef63feae0dbe19a80b |
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md
| MD5 | 0c4d880faef444bf39a47ef8c272523e |
| SHA1 | ac7bdc082fdb41bfdf0db09e76278d31d384d8af |
| SHA256 | 7cc9ec64b4bef3be5c4a054ea12b18edc814e6ca05128d73abde69aeeb8983fb |
| SHA512 | d110914bbaf678a11f34580c6dff8c61fe30993f8ad1ec6775a6c7dc450e50b450bc044846d50928272b9ebb78b4bcf75bb3db8a07fb618b819ffbf247a7417b |
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md
| MD5 | afff96fe665b9fef614435219af054ba |
| SHA1 | 0d358ba7de3e8b2e962c6ec6edadff1758f52c13 |
| SHA256 | 402ac3c725a7838e49e7b6f6d4a99480d1d5bed071a4cd3c002253d715a76c68 |
| SHA512 | ecdf0628fe4c9cec1983b00944377b34a95f784d05d887e7f526251db260afb0aa9784166bb8413fedfaa6ab0d1313a874bd80d8d82492c947eca5415646a4f6 |
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md
| MD5 | fcfbdfdefe3e2e36adac2d1037cc52ed |
| SHA1 | 1d74be56987da213e64074fbc57207051a353812 |
| SHA256 | 85b11e14ba4d4798c495dd62740d94347a1531514eb10e9df90eb08df14020de |
| SHA512 | 3a3bf1382a9e52654f7f8c5528e054df8f401cc7893860d7391a1e76f88a2e8c143ba5da250c1a99b7ecf71fab42b88b51dad755c8b86f1fe7e96a729d2965a5 |
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md
| MD5 | 49964082a72667376ccb61a90217d2bc |
| SHA1 | b8a3842b8b92d9d40cd54a8fd33e3e1445673f59 |
| SHA256 | 9a682e4e6c44a8c73cc464b67f1427057885c1d422955f4a516b563fc905c7e2 |
| SHA512 | d5d55b0149924aa1ffcb52dd92281badf98e1341af5692ee3d555907dcd365ab81a78593fb5342cf4a80708d1ec45d72cc96bcc21e0ed9f4383d07ab75eb06dc |
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md
| MD5 | 8aeafa7860c15b2a3d330b5b2efff43d |
| SHA1 | 3bff771723d149d72e35542acb833676e284be54 |
| SHA256 | c7c50356d2a4dd4e8c555df4c7a7c9a3c4a4446d028605bdef27a855f9779c06 |
| SHA512 | 0100ed7bd20c48ab9e0684fd92f45e4deb58d91249105d465a114483672b82a0201f07bef6d539ca7c6714fd906c0ef7def1cb3927acf2d7d9ab1d3f9d8610d7 |
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md
| MD5 | 8a0038347e04b05695add5dd212cf387 |
| SHA1 | 7bf0f27ce1148f019de295cc90c679cbc0d7e798 |
| SHA256 | 680ce97ed44515fa11bdb1f815b411ea8ac05d7d59c685e97b5a64b68c689a8b |
| SHA512 | 64a7e662143af4ba2a31433ff96a4346b9e7da67ca5fa45df74ce1169e260df037f5deb66df8c0267cf3152c621950799b117650341ac22f59b547940bdde909 |
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md
| MD5 | dbf1ef27c8db9c6c8741935099c9655a |
| SHA1 | e16eeae2cec886096e77684857077c4afbc5ee04 |
| SHA256 | 33af6064f7744d97af7c50723ab0ca3c1981e10e978094232b497580ddc7fab1 |
| SHA512 | d6cba1ee1b158ec880afdbee6e97f67b019fdaabd3f3ffeb36af36b83a476afd03d32b1482f1fe9350a62808278a6f1bdc5a9fc5baec566be71c0946cc6d21ab |
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md
| MD5 | fe655ad4de12dbc27f4f27179e60904c |
| SHA1 | e9c6dc797a51b2920f53e67d7c81a2ccee70c3dd |
| SHA256 | f1efc53f6090c82cf9940d81c46c61bd35b20b378139e1ab5ca5a10a40cfb6e7 |
| SHA512 | a2b8bb7fe5a2ce9fd4a1bdea5e2cc0b9e545dff9c841c89177d7cd6158162dc826d746e70aa4dd82fbfcb51ca76a08fd311fbb30093aec65aed4fd8709dfc4e3 |
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md
| MD5 | 442c6a4cfb0c449cdfa8ff503bcd4e9b |
| SHA1 | 69462733f7e865cb38ef7a7d467c42264a781b10 |
| SHA256 | 7346f81417877d5b0910233e57cfcf66a40582e052f8de56cd3e910e736db95e |
| SHA512 | 2e480f80a97ff5e0400aa62a6c72596235c4d190f12bc39f96f1c0058723e54c7815da3f09dbb5ab8767b30adca8dd72e9ae72528151b0ec8717b4e55fcabb5f |
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md
| MD5 | f8b672576aad01666f110b340d0de82b |
| SHA1 | ecb9522124465a4df2580f76c67f0149dc410581 |
| SHA256 | 833c389543f61b988eac33bb202d1773f7bd01e82432bf44a926837d13683f8b |
| SHA512 | eadb4d79d4251bcd0acac53b8e906157bc426016fde42435cbbf04777400a6a90071835c472a97fa52d4bb0be62934903ba01aa2acf3f6df8bb5dc628697ba51 |
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md
| MD5 | 2390b595efa9466350423d89a450dda5 |
| SHA1 | 8a13a3e8dd2d241de769959618e5ebcb1448dfa8 |
| SHA256 | 1ecb3f10f40e074a496a3ecc9cb98ea8899fcdf56124696338c0fe6eb29a4fda |
| SHA512 | 21085bb920eddddfd6baf4481ecfcc54e247f2aed4274e4e6bec2dda16e3bebd57d1b8d23a6f5faf8f650220675ec8d54aabb1e8c738fee08d02aa02f229e0dd |
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md
| MD5 | b70b2a1894f69c8987e103416f78ebe5 |
| SHA1 | 8e85d749f7aaf6f97a722cfedb40dd7b5b53fd79 |
| SHA256 | 9ec1619f571948c11563da1f26ffb29897dcbe22b4110db6c858dd110c6bc174 |
| SHA512 | e15d6fc63a48dd24f4abf821be9d5a2b7facca40fd0d16f4c3f4504d5a6ff622d6bfc9a8200cf8d3ddbab7d7b1acbad368bd63855155914392a8854a19cd7e80 |
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md
| MD5 | 5dfe8f849e8c81f80b99161a230141ca |
| SHA1 | db93692d0ad1e38049366916f1984f000d6c1739 |
| SHA256 | 9c2bda694913d74d0efb58a820a8efd7d2abf9f4a29a12310331b42f59a07378 |
| SHA512 | 3012c120ca2d3648619499c96e58fcd40785113a0cfc21b2a4b4a8f53323d3a6d7786cc336496d70bdc5ffbc3ea8e9afb766122d61ea7fb2014e7dcb6164ce70 |
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md
| MD5 | 0c12f27e14d1b0f0843784b0eed3c75a |
| SHA1 | a91e523d2b065516fb2e4343a8dcfdf0ad5f9632 |
| SHA256 | 9db365a2bc22c7319b25864b37e23944c94135aa5913dd4323807e1c584949a8 |
| SHA512 | dfc42741df0101b677ca65f20b88fab08eb3a37a079375872a270704212858327c33ebf862a71c9f041c5d926f126420bce660e4672a74071840c64deba2bcc2 |
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md
| MD5 | 0d9ad37a7265ef27fd6620f8b9f6fb94 |
| SHA1 | 1c02b14f2716eab1c3a4cd4e69667c26543ce2ea |
| SHA256 | 347291f9c0de5e803f34f48977e1fd14e54e6bd5f914e1a8f9c5547b6014b72a |
| SHA512 | b49d3cf67f56884a8b8a1ac7d3298a43927b1cf089bf67ba953a3a2df82a09b4a8ba9d879adba6afddb7211d38a4005bfd9abcb29fece2f2ca40dca437945084 |
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md
| MD5 | f5e2669b018856bb1ccb6cbd82ebaca1 |
| SHA1 | dbfbaefa58e6b24affafa5290baa5d2273a36b4c |
| SHA256 | abfa08aad3b7c255fd67286c9430d0c5e9b4113cd4ab80a3e0f75de251d50662 |
| SHA512 | c0b8eab7433167d073dd46e84e456017a12bb949867d5fc1b10b46672a389a8068a1727f33621484b9c9c331e249802e3886fb8f6e7da96d67545adee08085d9 |
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md
| MD5 | ce088c1720bb0e50709f192c1db6ed0b |
| SHA1 | e75f7d9df4458f532d5c65b6c4f0083be7949b65 |
| SHA256 | be5f466b70ac9b7a33e312366376388f65a092d14e049ca2a04a1e96fe76a2b8 |
| SHA512 | 98467baefd7e9f591662ccd3455b24a3b6af34e7dcbaf84d18b26ca5d4b00dadcfd5f4edd6c376fb760b029d9c3c658c199c97e06e3198c54fd20d6c82b54dee |
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md
| MD5 | 1a81a0e08923e09623e3d5fcfc0d86c5 |
| SHA1 | e96b4211f42ed0b3446c033e2edd1a6c31125005 |
| SHA256 | cb8384c6f54c9a02bc3796ed5d3c60af77a4d55f584cc766e6261fd3c9edd93e |
| SHA512 | 148995e85630f275bfc7db5b0e0c8af61bbee5e74dbc222c9567ac49be651ee0393b992ca929a1d4601d641f276640d2882d3e6659ba3f79a0c9cc74526ff64a |
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md
| MD5 | 343996c311b0293db138bb3af11050a0 |
| SHA1 | 1f13eff773b9313bf4c5ef0750bc5152f75400f1 |
| SHA256 | 214991c70d5f854e5a3aee013e2389dfe3287d403ee7031e55b9d056a5833f68 |
| SHA512 | 1739a8e2a7a5bd1101914307ea15b2537dfef9ae0b27d7690ffcd14df690a83a96a296187c63e4a76aab9b15dda15d5093d50cf3079347d8e5f8fbb43c5d3a24 |
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md
| MD5 | 4f04665eab44a3b458ce3d06b1da473c |
| SHA1 | 29bc17500d06fa3120402bbaef81ad666e0d7562 |
| SHA256 | b2c5979d5b8244a2e13d47017664c5262dc6aa19bf4cb6db29ab62ea9fff6540 |
| SHA512 | 41f3df54742876d77fb171d9e6e9fd30e7127f16719a258b4b37d0e278fbc70c15eb277e0405ca1e0ef04fc6792cd1861ef3158e604568ac8f5467b80436870e |
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md
| MD5 | 9d2937ea56733b33ec39a9f063f6fe9d |
| SHA1 | a8c2cd0f316254d7cb21d845bce9680aaae8f61a |
| SHA256 | 02f2eded25861b921cfd9fa59bb6814a8e5c0b1a631f42c6959c0bbc2f30c56f |
| SHA512 | 9e17efb24b43f825a06c041f069959b01891c5d2e88cad390da008e2fe54f9466df43dcbb65054c307960a85e744b87b96c211dfe7382bac55b9c9350bee5caf |
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md
| MD5 | 045f71e6de6f6b0defee01ea457be121 |
| SHA1 | 4bfa682e9b4eadcbd2035d23c7e4bafe4d57bba4 |
| SHA256 | 9c218078f7d0bea0fc1b98cd6f5b8320b8f1996d7cb1d06736ebe9d9cf1cfdfb |
| SHA512 | f9423587765928ce43f150b0875e343bed58f91f752d091faca9a6df510a1b88d1b00eaeec3c1a33301e70953dc09e27b7255115e3592fe1ef9501e51895eda7 |
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md
| MD5 | d4fcc888e94867c65d42929a281fe8dd |
| SHA1 | 79a20bbf50a968a974567fd525be4c15e0380ba7 |
| SHA256 | 9dcc35d1fd8377d197f3a7afaf5f2ff0220f34e4ee14a3033b4faa1ba60712fb |
| SHA512 | 68f9a95b453cbaf13099ead36dbacb6fac56c517ff022e841edec9032b039e1b7ef7f2f7f2280c160586ce18728c49ac19f4a5e59418f96c867cb5d08bb70706 |
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md
| MD5 | d7f6b43ecd6f1ad40d71a561f38f002a |
| SHA1 | 35cd31ddb75631e952ab845b66dbc26ba9a48c10 |
| SHA256 | f14ae2813523233b399c6a3c7d6227aa343e3107ba8939797031c768ef0bb23f |
| SHA512 | b3f13750957490a94cf2466fb26177b301557878d33c7267bb20dea08f645c10327b32e05f389046cf056e37340d5e988f89f92a523b4d6f9607b80d9a2d9f31 |
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md
| MD5 | 665a30732e74b643b649f2c31432eabc |
| SHA1 | 02609c983e60ce46750bfb86da94ff37af0dd7fb |
| SHA256 | e9ab68924edfcca300b5c9a5c0738c0b8305d17ac21c74e1a4210bf9ead80a30 |
| SHA512 | 32e3bb4aa67806eeb9eaa6d1a6517dd711b5ac350304737dd20948932cc80fe4a30e44ab8f4a16a2eade4e4a19712895bb431a3ad0fa9ac2274395ceed903e75 |
C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt
| MD5 | f1fe4ee25d45a9bcfdb531e2bf351004 |
| SHA1 | eea72cd06acf47733e268f5692d8e63616c52dbb |
| SHA256 | ba134a2c4a4fbcabe02137e4eb7e7f7c5399f2f84bfbb3f2506e38ee724cebd4 |
| SHA512 | 1344bd5489b639ae6abe40333f86814c0f3d31c9849e7f84c939f1bb53a58c5777bf2c227c42fa2513dae0bab4d24f509cf8323ac22a7dbb58f02604e5e73c2e |
memory/1140-2515-0x0000000025020000-0x0000000025428000-memory.dmp
C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\vlc.mo
| MD5 | d4cec79e04e13c97aef567e52654feb1 |
| SHA1 | 2578613b8f6e2bf9e34961301067ea95ff36ccae |
| SHA256 | 7f8a9d2b8987ad728e555fc5445180c3c6d6fae231fa27912113862e913b6b19 |
| SHA512 | 3b96b4cced21484158b45eccbd5b375f9ec9dc68e72f3c40b913b33cb992f1231b4e062420f39de861ebc20f234698289d40b49336a3419f57d9f1845e2ac9ed |
C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\vlc.mo
| MD5 | 3cba7711f155ec62d8fdc54cc813752a |
| SHA1 | 19adae86633156a70645fc51511f3dad1c866b81 |
| SHA256 | 5a3cd49c8cc79bd57487e31d659c9eded831b59b23bbcf993f4cd19478142da7 |
| SHA512 | df500cb9030387eaea60b2b14578188f79e62754ce4ed2200d6adf74fe750c58b7b950c92c6de42d49da0b9bb495f289b61b7f423c05ad4ba348dedd858328e4 |
C:\Program Files\VideoLAN\VLC\locale\mai\LC_MESSAGES\vlc.mo
| MD5 | 940fb1bb672fd8920207aa80bec0f5e7 |
| SHA1 | d1de526bb450d9fbff62e23d2e0e623a3a849e13 |
| SHA256 | e5b37e9ba8018e26a8cc814c62463d0675dbc9dde290e20f74a86d83e69723c8 |
| SHA512 | da66b2ddfa30a3b12eb1e29bd96a039c513222f7017b29d0be6d9554bfe473c0bc9933d69449c251c26b01d97c6ca7a5711346b97ff70eb88461bd8046aec746 |
memory/1140-2869-0x000000001C3D0000-0x000000001C482000-memory.dmp
memory/1140-3150-0x00007FFC93330000-0x00007FFC93525000-memory.dmp
memory/1140-3151-0x00007FFC93330000-0x00007FFC93525000-memory.dmp
memory/1140-3152-0x000000001B2F0000-0x000000001B30C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Plugins\RssCnLKcGRxj.dll
| MD5 | f6808c4fbbe0275db03b2cc5b4c2bc0d |
| SHA1 | e40b61c64c68f72fc5144f5057d54229babdecf8 |
| SHA256 | e204d15f0e7269d364157aaab265a5dfbe7e76c9f6202bf90998f0edd77ca248 |
| SHA512 | f077c49f6943d0e40799b3b42d1e11f50dabca48305c36ef2acd3258c990e0e0f982fbb0c27b1243aa15d2ed7b398b70f07dddc9ba76ff032ba74a24c8e08fb4 |
memory/2692-3154-0x000000002A210000-0x000000002A310000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Plugins\PK0TcnqTGFagQTS.dll
| MD5 | fa90a2aee0d172000257c4faca31237c |
| SHA1 | b317281b4acaaf1d7b7255c5e92887322abae892 |
| SHA256 | 991fc53fa1aa7b5cd0b6e19dab536873d68e4413fd55b533601a3a2582d38a49 |
| SHA512 | b05c0b52e011089258ad31dd23a1f8a0cc8145b202e42e2a9d4fdf892c12d4a7b5843cc7721041295ab796e8bc98747b9e321c4e54bfd1a7c9a02dd2796fc405 |
C:\Users\Admin\AppData\Local\Temp\Plugins\rNXXgmX25s.dll
| MD5 | 050f07b46987eaf152aab521c0112fc4 |
| SHA1 | 2d2c0943ce9c10ba09b0d5cca54c2a88a1e61e95 |
| SHA256 | b93374fdfd9af786ff20597ae0e242b81373984ba5718194f9e57feb231c52cf |
| SHA512 | a27c370e40ec126b6b9f3ab7d603378c2b629ec752aa8fc57a10e3ef58c0b701a5d1b4903a17ba180c4e73e76b54304f0868c474eb60e671562d0deed83a18c8 |
memory/1140-3157-0x000000001B310000-0x000000001B344000-memory.dmp
memory/1140-3158-0x000000001DDB0000-0x000000001DF38000-memory.dmp
memory/1140-3163-0x0000000002DA0000-0x0000000002DAA000-memory.dmp
memory/2692-3164-0x000000002A210000-0x000000002A310000-memory.dmp
C:\Users\Admin\AppData\Local\45f55b0800f068585fc6474d02a639b2\Admin@HNFOSCDF_en-US\Browsers\Mozilla\Firefox\Bookmarks.txt
| MD5 | 2e9d094dda5cdc3ce6519f75943a4ff4 |
| SHA1 | 5d989b4ac8b699781681fe75ed9ef98191a5096c |
| SHA256 | c84c98bbf5e0ef9c8d0708b5d60c5bb656b7d6be5135d7f7a8d25557e08cf142 |
| SHA512 | d1f7eed00959e902bdb2125b91721460d3ff99f3bdfc1f2a343d4f58e8d4e5e5a06c0c6cdc0379211c94510f7c00d7a8b34fa7d0ca0c3d54cbbe878f1e9812b7 |
C:\Users\Admin\AppData\Local\45f55b0800f068585fc6474d02a639b2\Admin@HNFOSCDF_en-US\System\Process.txt
| MD5 | 6d2ebaca5c4d6ef1b479f8b6821c2dce |
| SHA1 | c33c7fed3d7f7b77641e15a3de7dc1e525e52814 |
| SHA256 | 7586b63ffb6d4f6c22455d4aa579b4541b6f6257f53f9942b54d0f4778595de0 |
| SHA512 | a1cac6e347af73f83bca0efe5be2747914f7fd649efab8be660d5c55793752561e56d395f6879bb84e5e6aa6737186fa8edb12632c7523ac526d596cb9a042d7 |
C:\Users\Admin\AppData\Local\45f55b0800f068585fc6474d02a639b2\Admin@HNFOSCDF_en-US\System\Process.txt
| MD5 | c5ddb91b9dd757a779eed37027054e42 |
| SHA1 | ad7f1bcfae937379291784fc40587595f64ac91e |
| SHA256 | 3244c7e622f2e0df5749205cb9406ce7f6f9bf10c5545620d0a4d74df4dac1ed |
| SHA512 | dd8ca476a89546d9e0af6f2341348cfa2cb712d83b96dbd5228802a79fc1ab2652d5a4addc7925dd3004ae62f4bc10b2caf9ddf634cca1ce2ce1bfe610597b78 |
C:\Users\Admin\AppData\Local\45f55b0800f068585fc6474d02a639b2\Admin@HNFOSCDF_en-US\System\Process.txt
| MD5 | 0d986ce98e6412c94f754bee272f3dff |
| SHA1 | 9148da747467d42c166b89603e9faed9c4e08560 |
| SHA256 | c3e145cfc15b8fd1e8e70d656d9b40839b682c056e5520695cfe60706f2a78c0 |
| SHA512 | 1d6d073af58ea008d70b8a045a1ad31ba10c7d5d6c06a598fcd9a4ab8a82558fe2fbc208429220a3faa9080fc625365fa411cf5b7873ba23830f481d23cd800c |
C:\Users\Admin\AppData\Local\45f55b0800f068585fc6474d02a639b2\Admin@HNFOSCDF_en-US\System\Process.txt
| MD5 | ff861d62a3f03338d94d0d8ac5e16354 |
| SHA1 | 16dce4f6ed507bb6a4e13781f9c11494fc7622a1 |
| SHA256 | ad755c0716c1dffe710a6c8d7c95a089f62806cff7faa7f0fe2922b9c830df85 |
| SHA512 | 7ff2370963da150cf123bbc847175ce9bd22f24a13a9940113bdb0cdc3537139536e907221c4b5c3840da45fe1fb6b690722e64e2b8a1376b4873b7cf72a2fe9 |
C:\Users\Admin\AppData\Local\45f55b0800f068585fc6474d02a639b2\Admin@HNFOSCDF_en-US\System\Windows.txt
| MD5 | 3665d448c051a6c09815246375f63d4e |
| SHA1 | 073b0db41146ab575bf1dd950b22acb441240a95 |
| SHA256 | 884d9879812f0709f720adc57ae58e42229a7f6e5c34d00a8e69df14e0230ebd |
| SHA512 | 684a4c7261ca66a87d0036c072f8efd78885dd8bbb0d568ea86d9b467a925698ca829e26b01084e52dbcb9c3eba738c8f64310db90d6f4853ba66cd322effef1 |
memory/1140-3312-0x00000000012E0000-0x00000000012F0000-memory.dmp
memory/1140-3313-0x00000000012E0000-0x00000000012F0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Plugins\zVvPGvK64uLS.dll
| MD5 | a267a675b7243d9152c7b8e3e261d64c |
| SHA1 | 9a0277095646e2a773e8a04a7913ce6a56cf05b5 |
| SHA256 | 9e82bf869638f8118f47f3870b1382401e42912cefcc6a9890489af5bb805c7e |
| SHA512 | 0dae32c0c0fbf6918779a5e9699cbef27572458a5cdc7119298abddb6a597a0017fe33af06c02abe0c66f3cd490f6955bd7c65470ed3e31338d28575306c04bb |
C:\Users\Admin\AppData\Local\Temp\Plugins\sJ88z8tsg5XzK.dll
| MD5 | b3fa2c3d50057ddd2c9579dc0aef1590 |
| SHA1 | 88a1f57b9177c95a2e095866574639b09d5f310a |
| SHA256 | 6eaf5744b8ec91312e1c6be83d852627e5204b3b64a1932e60e47438d73fb6bf |
| SHA512 | 0d1b8288cbc1c206029fe2f9b7366b2f8b49158e4c9643e453111ceb90fd77af903533c64f6ede351755414c9e7daa926704cda6f1953be79e1adc7aff515508 |
C:\Users\Admin\AppData\Local\Temp\Plugins\yL9x34D8X3oO2P.dll
| MD5 | 38502e61cc1d39095a12c1883551ad9f |
| SHA1 | 135c9cad9e6d54bf66a1cee5c99ba510102623b0 |
| SHA256 | 0e9733277eac197c4eaf40fb0eada0907388222ef21843488a8e591149768301 |
| SHA512 | cd67a63ea954a4db8c8dfadceb2822b447d98c2c43a8f9c6901d0fce3230605a0416395b92caea6ac08348d5f6b0e1cb052b24cf90829602b0a5b0652b8a2600 |
memory/1140-3328-0x000000001C4B0000-0x000000001C4D4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Plugins\WkUP83aP9CABpi.dll
| MD5 | 8dbfb67c059aa59f7c53e20ef6740363 |
| SHA1 | 3de96e7f48ee7647f5a7c2efb68cbd914bc78364 |
| SHA256 | a74b74f463d567c1f0505bddcd49ed23700f9ab7dcf4b7f46435723258c5a7e2 |
| SHA512 | 70aed01375416e2be63d676bbdba58c12ba5f50d406d1fe252e7a66b901d32e0705007dbf465193de51663174c1b53bdb980890d8b2e6ce641dd16a200e3440d |
memory/1140-3331-0x000000001D1D0000-0x000000001D24A000-memory.dmp
C:\vcredist2010_x64.log-MSI_vc_red.msi.txt.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain
| MD5 | 450975d2c0972c880f74291d0c499605 |
| SHA1 | a26020870314c3cdb8a25b659bccce67b18e3d46 |
| SHA256 | cbfc0d24762ee29f2a584e974c812528fbb2507a0e4c667655f4b2b52476f860 |
| SHA512 | 17d1fb51605408bd32ba2de8fc9fc520e44488bd94d337241f615a7800b2c6312ef6d8f3bb68b644379f9957d953d0aa5dc884499e2872be42d3820d73d32c52 |
C:\vcredist2010_x86.log-MSI_vc_red.msi.txt.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain
| MD5 | 21c5085a5d080a02f0f7d9a3e208f330 |
| SHA1 | 6aaebc9d988f8766d0c9bdb25b152dacb0bd6b7b |
| SHA256 | 9c07ac44d06c100433a7c48bba8795c8b0904210583d38f8a798e4f3130ada67 |
| SHA512 | 4eaaf23716033e1c86718a15c5834fa4fb2e06dfa297b00a480634883c78ee0168d707506d0ab4e2ab5215335bfcc5ef428f5f988682a64c5b05aa0efae133d9 |
C:\vcredist2010_x64.log.html.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain
| MD5 | 7375b5f78c3f003555ddd7a9b0b030e7 |
| SHA1 | 7c2a86f20cf92b83073513cb3546e7033b8d613a |
| SHA256 | 2ef336a3dfcd7565328113a0305ff533c04737e939bb04ec6aeeecb54a9670ee |
| SHA512 | 6fd6e70cc04f01dc597a5fe635d7eba1fc377beb85993889cbb396666a22e633dbb602c10fa0b7f4b060c57e1484e6c592f612b23b1947dc91c26467901cb6f9 |
memory/1140-3380-0x00000000012E0000-0x00000000012F0000-memory.dmp
memory/1140-3381-0x00000000012E0000-0x00000000012F0000-memory.dmp
C:\Program Files\VideoLAN\VLC\locale\be\LC_MESSAGES\vlc.mo
| MD5 | da1e089e6519b42c0ea6171ee6011621 |
| SHA1 | 788fb44263593a65c542ccb0175e7d41450f0f80 |
| SHA256 | f608abb94d70fa6eaaedf3950f3f889e7c31fdc82be6e1b807fd8cb93727fa31 |
| SHA512 | c318f2c2c5bcd510b5b7c13f0b5ac3830c90a0b56f03d1ea3dd3a59cf671800027297d25d58d0390da64fb6102cae5c8d460302d34df6d1106a33ca99ab37d6c |
C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\vlc.mo
| MD5 | ff5e8273f77b07178871a1f942460bd9 |
| SHA1 | a5c9ef6781e99e6bf9e95cdf39323a652b967b48 |
| SHA256 | ba639d8015e5e4d26096700ee7eb38d84e46eece84ba993d3fa9935b60379d3b |
| SHA512 | 2adc6726d195b7f7b39f3c02a432aa54c452b2a0a91f1a849391fced04c109bca86daaba95b1aa416e5d6310e1f51005146c0ae962350b9ff9b59be57feb7360 |
C:\Program Files\VideoLAN\VLC\locale\ks_IN\LC_MESSAGES\vlc.mo
| MD5 | 28bb38b4eabddb33afb1cbbc7d3385a3 |
| SHA1 | c35b876ff0559928fc7c678f292db954c59715b6 |
| SHA256 | 8cc01a6a0353e9db81d1d8ee7b3618c74e148c171d5ffe8ead308d47f41169b2 |
| SHA512 | 2715a84a313c866d60ce089eb279a68e896caa55334bef7fbc345d0cf1b41b7a4b7e0eee3d5ecc1c8c370c1c83f23d7162dd61199f819c274e42c761255cab0f |
C:\Program Files\VideoLAN\VLC\locale\mr\LC_MESSAGES\vlc.mo
| MD5 | 95df0cdf2ec438e9c5aad42972c87108 |
| SHA1 | 38aa58c95ff269428455994583de5601ad073f5d |
| SHA256 | f85f47f0e500bcb871fdcd9bca1c5bd9619d9da2b93852a58e4e1f216439bb0d |
| SHA512 | 6c7c8ca209066f0bd03a5e38cd07e80d66db8a030a71b52443074b27f331222208280de081cb8b147bc9171b69faa67dd75a653214694ae98d7e55e61228a61c |
C:\Program Files\VideoLAN\VLC\locale\oc\LC_MESSAGES\vlc.mo
| MD5 | c67afb97eea5d70a691e3e15e4ae1cb1 |
| SHA1 | 98ad100017a7e5872172e7442deff4ed787e61be |
| SHA256 | 2b2a71a9e86fbbb7a88524cbcc9a0760c54400b164d7b30d3e805870e5be2203 |
| SHA512 | 2bb3daf440b999618d67076a0ce14ca7977d30aa7a2df3384819cbab282d89a48734e6e3ce9d29aa4079c0d045990d5c9216ae6a576d8ee7f976ac15326c8033 |
memory/1140-3777-0x000000001D250000-0x000000001D282000-memory.dmp
memory/4324-3790-0x0000027A8D420000-0x0000027A8D421000-memory.dmp
memory/4324-3792-0x0000027A8D4A0000-0x0000027A8D4A1000-memory.dmp
memory/4324-3794-0x0000027A8D4A0000-0x0000027A8D4A1000-memory.dmp
memory/4324-3795-0x0000027A8D530000-0x0000027A8D531000-memory.dmp
memory/4324-3796-0x0000027A8D540000-0x0000027A8D541000-memory.dmp
memory/4324-3797-0x0000027A8D540000-0x0000027A8D541000-memory.dmp
memory/4324-3798-0x0000027A8D540000-0x0000027A8D541000-memory.dmp
C:\Program Files\VideoLAN\VLC\locale\be\LC_MESSAGES\vlc.mo
| MD5 | 7547222f6f650521d4ac890ddaaf8c4d |
| SHA1 | 911c6f5fc5b2036e9546973ac7d5fc3cfe25122e |
| SHA256 | 01ea04400b905160e48b665500d95363242548dffdc379dac5e1ff57b6844be6 |
| SHA512 | 9c658b8fc9ca179b7c5b0b752ef4324342354f7d6f4158e63d80b08c4f120f3691a6f068a075e36b6fe8933d7a4b78cb101896c2f79e360be579b1d091fc0cc6 |
C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\vlc.mo
| MD5 | a1986f272314b6844e6c8fafa1f66ff1 |
| SHA1 | aeb0bd9658671e8c2f614e25fe82fbbbd9d31a61 |
| SHA256 | cb7adb15a3332e3a687747bf786364b21c796c158422c87654f2571c92ffb088 |
| SHA512 | b02a58df1c427bcae31a03b13f100efe84fd3061c782a5c4083069580b8015eac5e8400e451dbfb75a8e6162fb6a50bf639f5244d56def5f13d126d6a57576c9 |
C:\Program Files\VideoLAN\VLC\locale\fr\LC_MESSAGES\vlc.mo
| MD5 | 011d05b1016989732bf2b09f818dd898 |
| SHA1 | e35e256e2326bb94c35ec55fe9e3e2e7d52cd392 |
| SHA256 | e8f57a90dc7fab3d53ef10862ec863fd60f55bea28753cbe5eda7a4e4a9a685b |
| SHA512 | a398d0478fd93d8c24bd44772f301c718678ea296d3994113c704f989881341cba8636ba5fe61faa23036931ddd3b5905294dfcdbf12c7970270cc5c8827e9e0 |
C:\Program Files\VideoLAN\VLC\plugins\plugins.dat
| MD5 | 76c8ec6ae10520db27f2d427deebfca6 |
| SHA1 | ef518b4de636a8837eb7e85d9312a430de695c25 |
| SHA256 | daded8d3c0772966f457b5f2dab91112a5957ea38f093aabdfafae2c2e95df96 |
| SHA512 | 4c9740e1590c1f08169f166e045642f44a21a2e703eaddf612f28d67d0bd5d5b00f34d0d760fee2b831d15936cef3ba2bbfe0b104a3e192ae1a452577b5caa40 |
memory/1288-4200-0x00007FF717070000-0x00007FF717168000-memory.dmp
memory/1288-4201-0x00007FFC7F590000-0x00007FFC7F5C4000-memory.dmp
memory/1288-4202-0x00007FFC67FD0000-0x00007FFC68284000-memory.dmp
memory/1140-5804-0x000000001D8D0000-0x000000001D8EA000-memory.dmp
memory/1140-6116-0x000000001D940000-0x000000001D974000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_hndersbd.tql.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/32-6240-0x00007FFC71110000-0x00007FFC71BD1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | d85ba6ff808d9e5444a4b369f5bc2730 |
| SHA1 | 31aa9d96590fff6981b315e0b391b575e4c0804a |
| SHA256 | 84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f |
| SHA512 | 8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | d28a889fd956d5cb3accfbaf1143eb6f |
| SHA1 | 157ba54b365341f8ff06707d996b3635da8446f7 |
| SHA256 | 21e5d7ccf80a293e6ba30ed728846ca19c929c52b96e2c8d34e27cd2234f1d45 |
| SHA512 | 0b6d88deb9be85722e6a78d5886d49f2caf407a59e128d2b4ed74c1356f9928c40048a62731959f2460e9ff9d9feee311043d2a37abe3bb92c2b76a44281478c |
memory/1140-6315-0x000000001D970000-0x000000001D98C000-memory.dmp
memory/4064-6426-0x00007FFC71110000-0x00007FFC71BD1000-memory.dmp
memory/4064-6428-0x00007FFC71110000-0x00007FFC71BD1000-memory.dmp
memory/1140-6677-0x000000001DAE0000-0x000000001DB4A000-memory.dmp
memory/1140-6999-0x000000001D990000-0x000000001D9C2000-memory.dmp
memory/1140-7509-0x000000001DBA0000-0x000000001DBD0000-memory.dmp
\??\PIPE\lsarpc
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\PIPE\lsarpc
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png
| MD5 | a3cede8bd827d43c95b69b2e13ce1482 |
| SHA1 | 4fa7a2e8ad454798308792ad24963daa1a6bb281 |
| SHA256 | 8c0d7b1e2af928021caa1fcefe5a68bd7b1fb8ecae768d42e956a345ffdb6f2d |
| SHA512 | fb0637dd4f0b7478c678c2ac97b93ee23a21a8b56d1e1dbb5376c693e1430532ded8a9f87953795a725618fbc2842171b526bb69011618b21ce2e726ff298974 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\selection-actions.png
| MD5 | 5fc99457941d29b12a792940acdb21ed |
| SHA1 | 175cd75821e06d9844fc0e969bdb7d6e03da040b |
| SHA256 | a5bd3d9ba6d0dfbb557ad3b6d0fcd4ae3a79ce0931b79ead9203743dcb32af7f |
| SHA512 | 3b2b690782461d7fd2bbafb6b0110db751685e1c563ec2b275c1fce5416ff6585b3a8c7e9e97e0739c63983bff55a21deb621a0f32f78f1d26734375a3764056 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\selection-actions2x.png
| MD5 | 74bcf099c6dee69c168bdad7b01d43a1 |
| SHA1 | 57f47eff94401a7ee6e9cb2ab8b1086ebb3707a2 |
| SHA256 | 934c151bcb0853729fd3bdfb0674a323edac850e758c111fc22fba8444c01b1e |
| SHA512 | 5aecc96b9ac4bfcc735f381434ed0762f53b4bc59c474f2894a33ef0be947b662f1d794e5cb7ad55f4650a8d467ae6776aa8f71c672045c8e7afae1b6c9a3b40 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png
| MD5 | 94b344a9d590339f3f775d0a9bf636ec |
| SHA1 | 6d1191aea015600d92b89da68caa2f98a3a939b1 |
| SHA256 | ad4d0667002468854b11a4de8034ebca207c5bc16d2204410aec0186fcdc2aa0 |
| SHA512 | a9233c0836882a07fc16f587c898637a301af0caefcb7e66030c9b05c3e365b38668f6d1a5c7189684d8c73eb1054e88e7b288715678195fc2ba1eb10269e1ea |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png
| MD5 | 0e2318f610423b572630520ad8a5ecc1 |
| SHA1 | d7f68fae4c1b7b230338458b175ed0a4da3f0644 |
| SHA256 | 4478a0804c9e9fa3dfac063702f2a13f0a2f4856193bf51dc8f94c87a30dfe3a |
| SHA512 | 96ed309e38f5c13ed55068f7fb6d3929efe06e381e838e040058f3d547e0346fea0059d301ae695d47e890e57529e47a6bfc8a4bd8177e5beca7261a2cd8d733 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png
| MD5 | 279de92aa487578dc6567afcb80594e4 |
| SHA1 | 8ee3e6079747d19ec4b57587da431f3fce738520 |
| SHA256 | b99ccebc6d3d3a07620f9810bc3c3085795fcb54246bdcb1a358392cbb20453b |
| SHA512 | bb2af5094e9b1df5b9b0234de1401ff2e10ab1129edac47f3ccc86c6846dc6064b161d848d33331565e22dd33655ef5610f8be1c01d7d8ec0aebefd86fc1f662 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png
| MD5 | 74099d925b7f2f61e186713a4b262e57 |
| SHA1 | f07e72e27315bcc19816368dd265a3efd36f74fa |
| SHA256 | 230556d04285006770e674b33e67ae6028c92f77be6832eaed7cccd2239f2f45 |
| SHA512 | 2fff0dd9171e0f6acd527b9ed2e6ed97f8901080adb7f2c5924100a9d58eb6726519294dad6174f01315e1abd510135d9cb6940e81119e230eb5dbbaa1b955e4 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png
| MD5 | 747b5d154ec123b0acb644527de0aa85 |
| SHA1 | 8fa0b7c09cffc0d927f505c5d872305e83aa9194 |
| SHA256 | 79056c94b47879f72034de19c63ed0d72a2cf642472fbbe61ed834ca8e3f905a |
| SHA512 | dbcb4c23d91ebd2124479ffff00ca3f2276f577a9fbccd1842d519bc250f01c4fc93532cbc92772c3464c29f869dffb98d5f09c7ba5ef82245c2f0b00c14de3c |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png
| MD5 | 15dd2f8e7e6ae78f5d52d1dca370ebe9 |
| SHA1 | 028b6cd09dc105c00f5d5d8c2cd392244815a6d4 |
| SHA256 | 0cf72897ec54be1d4392fcfad569527e05faf4050a0e2fbeb62a518e25a3e2ac |
| SHA512 | aa4fe8c7881821ae4cec91a4db97231b1788cf3a7a270accfb08efc85e22df374aa250c3b7f4d6d124f625d1afb8289a5ef72183c1dc6ab65e6eaf5c72d9d535 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png
| MD5 | 359602cba96f0ca1c3719e247b6914a7 |
| SHA1 | 67c9567889f0c99f82dc495dc18a940f1b363520 |
| SHA256 | f1254b78fb26bc73519eeb1f4f9bbdf6b1e53fd6e7ab6e79ab36c2da23a6b80f |
| SHA512 | fe4eaa0f02c2dbd21e83fe11af3f342164121794f7bfe6ffb2f6074b0e8376a39055ce968c7b27232c962f1f3035fa5b480c55bb64e60d882a8b169f274ea232 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png
| MD5 | a337fa1e02d33150cb9c136bbbe3374d |
| SHA1 | 58c729eba09eacc8a1accf4d8847f3e5fd0453e4 |
| SHA256 | d4410cafa3a536e14fe913641bd1eb6b10a6e96e6a7e430cea8b72b47be8594d |
| SHA512 | 49aae315e615b239d7983233ef644f20a15773425236b7d26b896672910bafe19d659f41d4eb913b533dfb1ea2ef48698ab53a5adadec3bc34550b4f65f32342 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png
| MD5 | dc436dd820c5d770e0b6725589d36617 |
| SHA1 | c9fa26f817a180a3105c872dded58ecc223049b8 |
| SHA256 | e1e377c291af879f22e61779dc719854d1229771451f0ba2a02b4347ccd5d4f0 |
| SHA512 | 90f0e4294603c352310527ead544444b62f8bc5cf3c77875b5bbd512ebe362bcf1cf79f98fadf10315dd93b420577304eec731f41cd2ca1e3bcd49341583f043 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png
| MD5 | 440863ab326b34f4aaaa92eea5934856 |
| SHA1 | 45dd1b49b5f65811ee726f8280689ef21ea0c16c |
| SHA256 | dc85b6120b3d41b8c907332d445687ecab7cbb539e9667c591e2ba456fbbe099 |
| SHA512 | b65064da209d12b1af7b54025e03d4129b9e377dfd56f2f3f643d4cfc6ade52ab4a09b29a519d2176741ea34e9daddd9f57d8925b7e170897da2f57be89a4306 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif
| MD5 | b1d17632538e1b6e5bd77e0576a71bea |
| SHA1 | 82d666e7238f27b3eb0ddd59d4a0f8bee0ae971d |
| SHA256 | fd9be2d4584076e7c0c6d184fcee4a4e770a041b89886ea5c3200fb787f716ce |
| SHA512 | 5f66ec0b283db8ee0d1f966c8336d52f9b11043eb19cb27a04c45dd7f8fcf140879fd25cdc2e0589148fdacea5dfa1e2a4f05ab77a296cf684199de0974f42ab |
memory/1140-9292-0x000000001DD80000-0x000000001DDA4000-memory.dmp
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png
| MD5 | 8e0ca2eff3959e05686d8b71f84d6b9a |
| SHA1 | c0d56b80fc428dbafb2bc970eeb9301483e05fa7 |
| SHA256 | 5b248fc724ccfca9011a3e9b03b4c2066e8aaab931f3d45d528ff5913eb22307 |
| SHA512 | 615ee887b920bdb69c289257c4951d73285eafec46b568986205fff0f582dee28a1b21eb9e99a3261fe3d69a559eb57db304dd3acf3c91b97b04ebe3a1946e90 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png
| MD5 | 0161d089ec11f21960e73b3fd37b6e27 |
| SHA1 | eae5b5551b1df62aa3d9dd6defd407a35875b8b7 |
| SHA256 | 5b8107d2e2baac172c0eaf9293699f3c2ce472800b81a12251b57c86aa511c07 |
| SHA512 | 48fe22cf437fb8a76d0918653dd22d217790c723f6d6926daeafd1fba482c2521378cd6ba533bf5d2833f865ea408b808ba9ef21e72bf94a23dae224c8bec5e9 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\themes\dark\new_icons_retina.png
| MD5 | 4c204d6dec2c4da2f1ad6db3bc9c07de |
| SHA1 | 5c83431728312cda154901e78cda7deb0e8aded3 |
| SHA256 | 919d2c90b5a6f746301ce8d91677954d11af204a9da81865f07cc8a29c3df393 |
| SHA512 | ea0ace43fbe9b78911420fe6c33f439289253f76d8d2daa8deb09802c0d0d909b34024b7a4ef23168db792b5e31737795cca2c2de0080dc6573eaf4562f6eb28 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\themes\dark\new_icons.png
| MD5 | b191bc9cb1fa3ed79a23a040a14c5bd2 |
| SHA1 | a1cf8efb64a4f920bdf3f930686b978feb9945ed |
| SHA256 | ba0f47883111ee7f408a0f119926c6779d36fcef191ff4f7f8cb6480ae6dfbf4 |
| SHA512 | ae28dd72fd6b9a304f4cbf3e10ddbbaf825cf10a88b140d64c485c9cdc94451dbfb7af39e6c9bb4be0b257db243524e80af38498cee03a433ac9c892297f9c5b |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png
| MD5 | 440d35ed1db933aad200a8395b083ee4 |
| SHA1 | cfe30e3723a17db46516c72e5ee98f6534003979 |
| SHA256 | a119d8cd1ce1f30687a0186f9f8247e21850cd9e798b6eff158da3b496f0a072 |
| SHA512 | cd8fcfdd6f4f19636b8c9622248fb19e353ae0fa4b10bb1e296e05afe178789514d2f498485d5a0a6546b949324e89810f41f08f816db0cc20c5b50b3c2fb828 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\icons_retina.png
| MD5 | 10d81fe97ae799376f1d68bbb522fa30 |
| SHA1 | 804f28b50f532b87b0e6c12c43929d7370cc1866 |
| SHA256 | 3e9ecc6c1c8635bf3b397bafbca17702c7668dec028a056ff579115018b76532 |
| SHA512 | 69110e231d254855fdb4df5392133289c8497dd571eca1a63baab56a94b7059e3e118021ff423b0a7aad52532599066980468a7dced4709cc822ed0f2ad19984 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\icons_ie8.gif
| MD5 | 2b6dd185de20314767ef5001a6d86e1a |
| SHA1 | 40d77399414397a4c8164e4de6c5d4253e403af8 |
| SHA256 | 254da82c778bf3ec831ffefacd965233a76af76407734f91c66595fee1927c3f |
| SHA512 | 647468d185e0bc16ba7ee9ccabd6161a9658fb6d837037e874801de7fe4e2614152e8f3e1c7411050e15ea5599835e259863dbc13560cc32987950ca11c64066 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\icons.png
| MD5 | eb40b16334ccc9a286cc777bbed4e73c |
| SHA1 | 8a13559719b01f217cd021b3bcd1e1f3a5326a98 |
| SHA256 | 5a1e2d76154b7545660f5be8a99b2c13a06e4b8fb485e9b9cbbc3d231ce39331 |
| SHA512 | 333c4cc342dfeb0fe120e1ec72257f28ebc39268a3ee74e32ce73b482a430ec99f4753f46cd5430ab846dc66ef591135ef740b90f300b1c1c46c210296d1c4ba |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\new_icons.png
| MD5 | 61d5be549ae58bb7a1e9ab0c2bea714f |
| SHA1 | 707a89021a923561c8cd247abf470689aac243b9 |
| SHA256 | 71aaa6e16eb735935d8aec9579b28018173028e67b68a251d9753a24b318fa83 |
| SHA512 | 2d68ee968ac1e8b22005657507d4cb9e63e9d01068d0e7f97a35dec7ba3fe3022099e14b2ed32f57428bda46d3eb530bb903580c9b4b69ca01881a56673e63cb |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\new_icons_retina.png
| MD5 | 02d153b6df27ce3ef005fc204c40c6e5 |
| SHA1 | ce7c21d3bc8ef1f9f71bdeea1a4fae6b47e105ff |
| SHA256 | f0c5c8c61f49317af86a8a4a01f126729b2a7f7b2f73e9ec8c4f2aa8152ebc54 |
| SHA512 | f84098c7bdd2f58edfeaaa7a34532cc561bf50b430ca22958e9a9ddaf3cfee08e33edddf8213587eb6582328c2c3f975696238eefcaeab8828152607ec58a499 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_pattern_RHP.png
| MD5 | aab271fcd0f53b1729502f03f493ff51 |
| SHA1 | e45117fa8f5900c130e63d3a17b071fdee6041b0 |
| SHA256 | 255f3e6fe886a6f33ecd861c260dde0f04a9d6c1d53fa16b0ef11401541adc29 |
| SHA512 | 15dc88e08129f9c57d0f65d3fcdc44c0321154001efc7ad2446763fb9537c30b7819678601a05981063a716c0204103d81d48df34535a1ece10335a0f1b596fd |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png
| MD5 | ce35645e8e2f94de18ff74c9ab0605aa |
| SHA1 | fc68b4c4284e0d2acd4ed7e2e61e18f6d3b0041c |
| SHA256 | f91d1c3bb9cbc5d6c4bfee7ebf21c4deab9b61dcce8bc3acfdb933d6889a8229 |
| SHA512 | 4ffa0a24042571891f20e2dac6f6f44750ebe0712b428e232e7bcfd1a2e5ad13645909459718088fa6ff3110ac6f0c4b3dfd7093a53a7df983bc97afbfab7114 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png
| MD5 | 7ccf44bd96c5e1aea9e7daaaa19b6ace |
| SHA1 | fecb5f16a124c29d2dd5fddd7f010e94d9734805 |
| SHA256 | 76453f72dcb257faec08f409c1e82e5026a2074a014a8027071c0f794a3e5696 |
| SHA512 | ff9aa31c263a98d1283dffa53c93a6833a6aa60603f1d758067f3cf0c00103c3f06e9570388ee4abd42a7e3422fa7b9a103c8898d724f08a5d4e3146a8b7d6c5 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png
| MD5 | 4bf9b9cd0adbab28209125da17661448 |
| SHA1 | 0f0bb5a8138f5dbcf9310a65729e0780ef569660 |
| SHA256 | 5b5344227056f20ab0abe345e128c000b9bee8516f0ff852c14e7e2bd1b16889 |
| SHA512 | 310276e8c2b7076a569d071bc2db3de475b85f8426c3a3438b46512e9440fa98362d42d8b8927eb6b2fe74a0f90237445980defb80a38b0784a78a3f64d81d24 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png
| MD5 | d19a277a416f2f88b56da4aca7cf323c |
| SHA1 | 25bcce3f2486374905d8eee4df92387e54852f79 |
| SHA256 | 2e9bf430ba2f6ab825d2078a658035ccf24290f7b78eb38c121dac795c59359d |
| SHA512 | 60c3e8e0a8fd19ec3f3e65497e5d22bc7c3a4a51ac6a37cc03217b72f3d4a3f65b7ac2d9ddf3f2962c6481aefbafb93a863c51d47492f8643a86c28eb61dbfe2 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\themes\dark\bg_pattern_RHP.png
| MD5 | 43341913cb5a9b920836979e51529279 |
| SHA1 | 04ac805ea86922f1945feae03dd98a655b7f8c98 |
| SHA256 | df9838237df05ff8688f75a9ca2015a679d23efc4bdabe26c86fbe01cbff18f9 |
| SHA512 | 081fae79c60d9705143010985b6228f440e8ac3a14138aa0f6eb7aa2eb7c072fd741248188380a34d91953f01b0fb431703ffa8433410a547a264ab49beb7dd2 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\themes\dark\illustrations.png
| MD5 | 97f0f9e536a305485fbe4ec37c2546b3 |
| SHA1 | ea50656166ba17b5bfb6bed8f94d095c4d9a069e |
| SHA256 | 001990bf00fb0d29313fd18ef9c90cf3f5359f64e19706d2f0c5b40d3d196fcf |
| SHA512 | 471843083e92c8c33f0c44b76f7ca8397f49b30d9c5f4bc9f2d2081310eda9a071e446c38f1dd34ee71b327534610b60f1c6830b235ec2084d97df59d683e7b9 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\example_icons.png
| MD5 | eff046a92efdc39737d049345aad9de3 |
| SHA1 | df20c1d8da77cd7799c0881a2564b8101ab267e1 |
| SHA256 | f442418af78c6012fc42a0b0c561a8f55e2fbe5fd5b6908dd067bdcea81c9d8d |
| SHA512 | 559827815794565dc3de57abbfd6eb3bc5df7642c17cb4314924bbd6f963b4342ef1b4aca8e604f2de541d8b02c409adaa967410c664d18ec1c578d701b560ab |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\progress.gif
| MD5 | e6157f37a2ba3e90525c4428b3748b4a |
| SHA1 | 72859dffeb1222028cc01b8e54ab0150bd421810 |
| SHA256 | ace7d532f6dbc1068e5ac82649015321c2c1e345820610337a597a54bf9db63f |
| SHA512 | 09b4052d61ace709c7bc8fee2eb3fbde94514cbd0889e5a8484ea2f42e949956b9b1a8bca7bc5618fe7abe8832d71c75a6ec8a838aa6eaf4df879c871924d289 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png
| MD5 | c822a01f333ef124955cdba53a0fb65c |
| SHA1 | 8f0f0117cb2323d355deca72e484e1eab77fee7a |
| SHA256 | 1017b1d40622d0077e00aabb9d1dab436421a833ee8f70a34eef3ce276bb47c8 |
| SHA512 | 295a93e66dbacfa1fe13f961c05e56f980ebe23dfeae0f964e73ee8e5d917072ea20c58ddb02b0bfdbed77de03b3ffb1a2c77d2d8a953a17d6777c29e585657e |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png
| MD5 | 93fb907974c1a82b8256007bf099eabd |
| SHA1 | 46a07965d106d985b7e1981685f90dcb14feed5a |
| SHA256 | ba83849c0d99a3a0039a13a674c67e642c641c5568c62f92df2eae14df9afad9 |
| SHA512 | d5bf703d8bf2f8a479b6ca7bfd9fc14ee184c86a247330fc095794db0a01b00421351598cf4f1cbfe86ccf50140ef8e3bd4ddff3dba38a716ebdc712701805ab |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png
| MD5 | 17fe86be7a363e6277f20108754081be |
| SHA1 | 4c8b7ec2a2c05711e17aa83f1e101f22c0af4f58 |
| SHA256 | 2cfc54e5a3667a21c6b74089b980ad6e9cf31daad7ef66abd7eb45d7c8c9ef8d |
| SHA512 | b792c0ee9ca07c0e771dcb0583f3311d0692f5c065f1023cc185e2c970f8b44dfccf1d33d44e5cc0b8bc01c3f0f4dabd28ddb7f8c0c1708f8ab6b954143c1a7d |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png
| MD5 | fffa86b1a42993b5e346000b5119d3e6 |
| SHA1 | 9c0f7d2ce4663f4fd76b17590ed01e0c2399e3b0 |
| SHA256 | 9502b42f692cde37b8a1404f0013e027bb4461a263d1074c2ffc0dae2a275ed2 |
| SHA512 | d08dce300fcf665715a62583f6fbeb1b9d3f5508e89e82db898ebe14291c6d6dc95b0f01c2649a85f03b7fe8fe6fd8547dedc2b796b1962ce694f294d0407163 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png
| MD5 | 389af41744b58ef1d634f16bd01bb564 |
| SHA1 | 7f1fb32d1442203c958e2eb3ba4afb4e739da612 |
| SHA256 | 454010db0d5dc6f020b19140f09852a18f8a0d11eb903dce90a8d68924f2d0a7 |
| SHA512 | 7e4247511ecd76d7e1b301e7e42f970b035370aa00f6480567e0395984a492b5ceabb3a7dc32bb51daca8f1466b4173269f5ba051e4d97349883e11c6ba563b6 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png
| MD5 | 6edfc88d5d857ae7eced1acf958474b1 |
| SHA1 | c704853135f778aa862a11d4f05af29398d607fb |
| SHA256 | a2d0fbee241d48ede51b18da367ffac99721102570079fa91b3fe4c24c4fafcf |
| SHA512 | 73e63ce2713de06f00cc5cd2eaa972768f0b7e01c7d7609676c942de77966551bf7fd1b010479d990d36ea6e1e59310676a4cb3d2d4f87750a94f2ee840a988b |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png
| MD5 | 2f6d8826e25e6914c2cb4643b2562a10 |
| SHA1 | d1630de9a14ad09c750d3fd9ff6e99602eb8c028 |
| SHA256 | c61b27b8c696306abe983d6a23ed8d598782f00bf6e0e2b18200c2631f827d85 |
| SHA512 | cc411b12d86b874ce449b868141400ab582650df363acb81c62212606721b4065c985f95ddc856c235c81f0a948c43d1a3a963482667ec5aa48b967198e8364f |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\cstm_brand_preview.png
| MD5 | 677e29f49066b3e1349f67b262d6e93c |
| SHA1 | fd0b97c149fd546bd1b1a1f54eabb0279719a2d6 |
| SHA256 | c7fbeb0cd1b3c42ac092347a8a5f26f8de801aba6beb110d8cc0c68db0323595 |
| SHA512 | fa3a6ff95411843194dbc16e271878d09004edbb34484283cf70383702ae12ec5d6a5f93bf81d728b57ce5f353623a44a9fef4775dd8f5fbdb56c80be88a3ed0 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png
| MD5 | 18c8d52949afe07160da62c05f72cc28 |
| SHA1 | da08e5c38aaacae3115ee284b5be5bcc2faa67f8 |
| SHA256 | 3c62774776eb38f1c149fc0d3b73b9c4276bee8d0a75fd778d8ea2efe06bd01c |
| SHA512 | 6f413eb65f8f0aeb309198a13efa6a2be82e1a51f863b596246124c18d23ac7968c67c4a199c234b0f6098587309fdf87a4ad9bbf92c302c163746923ed76e2e |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\dd_arrow_small.png
| MD5 | d203f9448cd3b47a2dbc533a133987b6 |
| SHA1 | aa182466e7768ac87e4f114e717a82c1f93a31a4 |
| SHA256 | 8eb1866ea78a74b2186098353f1460ddd53a4cbc4cd10d5151c9caa0180fa3e4 |
| SHA512 | 1f5079951ff52fe55e927dfb610624e171aacae0d0d192bc7ca3db758d4e3d74214bc50331cd0af566447f420b13e527da732213024068a026b160347105234b |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\nub.png
| MD5 | a9510396973b5b17aaf5a494d1663503 |
| SHA1 | 902c8a57c9f092c27e7e96c80e3592392d4e362a |
| SHA256 | bb2f43e1ca0d7584dda1ade0be60991f0888654a1e190ca95fb33f08d7712fd0 |
| SHA512 | b1712308a061d37ffc26e5cd970818acab5b473648c1734472613879ee7cddc650b50c00ad9c2ec77ab649ff42eb2b83579f9756a29f3c530fa0cdec623ccc8d |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png
| MD5 | edb0cf130b0b3385c3aad302cd4f0588 |
| SHA1 | 19546a75d4c09e8fd0cdc4ded0e31f0c7fde330e |
| SHA256 | df48e6cb91611e5bc9fad11a3d8bd41efc5628d74a0999235b1c5d2cd7b4265b |
| SHA512 | 020f8d212e498642cfcba6a58935cf4d44259a4cc3ea56b4c2fe3e49f23f34325e4c2a97a1e11a783c4b017a4758951fd01b867256b0c4eb897cc80848ce21c0 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png
| MD5 | 0cc9595dff8ced5ad22ed6ae429cb18d |
| SHA1 | 5c36cf5aeaea855095d7cb32371cb40a90bf5b90 |
| SHA256 | 94f6eb6f7202a083d52eeb430440e25a8334128857a4f25bd16389878d05effb |
| SHA512 | 36c27f4d16b0d8f8ddc4aa18994a86aa57f8fbdcaef15910e7686c4d133d83ae1b4896cb0ecfe68d6fc9685099e7033f9b500c9e930cad77c325302a64971b23 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png
| MD5 | 6530a77b71a7db289cbfa0c3b2310b9e |
| SHA1 | dfa1a311be0022b9a757a1c0a8332644d9f8f03c |
| SHA256 | 8bcf5caed281555af8de92fc01196e37c6bc489eb80b8efb41ff75367a39b48a |
| SHA512 | 0f0f4af9ff3c3881148da504ee3103d3b2edcae4b1834ad6dbba00e28200af08385fdae0ec2bef1276517f24e80f5457b3db2c187ddeb7d7396c6d354f899afc |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png
| MD5 | d130f1eff07af4c96719f948ede8adea |
| SHA1 | 874def4dbd908b47608ebe163d56a15fa7d591c8 |
| SHA256 | d62185824280f8e945447e469917760aa154a50d2d6be453bf0913073e7a9256 |
| SHA512 | c5047f1b07b77ca0b8f9fcc8ce3f5640ddfb03bc9a5763cc0c2d4eae2b6322d8c90f254b648116226d860b011517e728062607c56ed6136d029e87b5ab696137 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\themes\dark\cstm_brand_preview.png
| MD5 | 216922a818b5cb87f0f85388176b9a97 |
| SHA1 | 62b6335ff7a99f85665b558078c94b2f31d950b3 |
| SHA256 | 4aaa8edb83a098d27feea979ea2e7bb3fafd98db6a85b4231013da93f9c08d5e |
| SHA512 | 0b7a9571f3403d92ae27634283e05b1009042680fa948311c1d045e36cf894d3597daa174ceb2ed540bd533ef4f3dc2f81c0b6ed6b28a6b1f82e1a48418aa9d6 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\themes\dark\sat_logo.png
| MD5 | 05b864fc7d8222ff04705311396488dd |
| SHA1 | 2bdb3ec67039645d41ec84b9061b50f19170d16f |
| SHA256 | 510eacc0628d10cc66a25f83043ebc2c74ac2a1cd860f87600115fb1aa5d6abf |
| SHA512 | 2a321e735cb35c21e08bed2c2e5f871680c256c7ca08ab56cba4387095189066326425b4a4c5b4f130eaa11d697faa01b5748ac8c10b497dfcdf7ca12912de96 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\themes\dark\nub.png
| MD5 | 826d34c1ef656fb01fc60322242d91d2 |
| SHA1 | 8d7062602f344b1f3d68cf46ef99e03984109cf7 |
| SHA256 | cf5fcf4ee81be2a7913581d0e35af01fc8e884b473a31a9033ac7f82d680e4c9 |
| SHA512 | ba70fbb1886a284411f93601764314cea3ccd05cd83902d402a39a56210372babfcd1b77c78bd7695b1f0f16b449dafa26109c07e5c9723c614f49567c7f0951 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\themes\dark\sat_logo.png
| MD5 | 3e566387c172293bd4d106618c116155 |
| SHA1 | e5075119e8418c6aaa32af735e62d7681a78fb34 |
| SHA256 | d45a114bca2cad202a7f552003ff88ea7a80f9b204a9efedebf6e3deac0e4937 |
| SHA512 | 24f968476d0b53f16fad89ec9cca29a662488804a00439c6d218c9a948f9bd6822a4f32fdd0bc0f59ab00e2c3a026937b6d9c3b5e0eded78357944c3a32c2504 |
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt
| MD5 | e237a03259dfb166a823cd1214515df4 |
| SHA1 | 579dfa49fe623ccc845fc5896434d732b19f392e |
| SHA256 | c94dce6e601c090bc904fe7690de57445de6a321424cabb6c5824cbce2cba972 |
| SHA512 | bd32ad3834a78b2d823763f0225d2850979d0a672306ffff5db7090a2db1d136b45bb9c65130de13652da5b46a5855b2351b539c05c7162a91164a6f32408512 |
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt
| MD5 | 1145f277118a516f2d2baffece62bcc9 |
| SHA1 | e66bbb1d9b2b90022f3c4da52f764188e8d56df1 |
| SHA256 | fbda87b759029c2282f1770555e597a78300a3de2cab4ee364e07fa0356f2c63 |
| SHA512 | b4dcc28b7a7739f5f92ea2e27e2c696ad0dccc85a43f85250f0c6494570748284f6a53433819a1edc5a0c9d27f84c24497502de2203f561b6e8976a40ef59fb4 |
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
| MD5 | 6bd369f7c74a28194c991ed1404da30f |
| SHA1 | 0f8e3f8ab822c9374409fe399b6bfe5d68cbd643 |
| SHA256 | 878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d |
| SHA512 | 8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93 |
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
| MD5 | d2fb266b97caff2086bf0fa74eddb6b2 |
| SHA1 | 2f0061ce9c51b5b4fbab76b37fc6a540be7f805d |
| SHA256 | b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a |
| SHA512 | c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8 |
C:\Users\Admin\AppData\Local\Comms\Unistore\data\AggregateCache.uca
| MD5 | f1d3ff8443297732862df21dc4e57262 |
| SHA1 | 9069ca78e7450a285173431b3e52c5c25299e473 |
| SHA256 | df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119 |
| SHA512 | ec2d57691d9b2d40182ac565032054b7d784ba96b18bcb5be0bb4e70e3fb041eff582c8af66ee50256539f2181d7f9e53627c0189da7e75a4d5ef10ea93b20b3 |
C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\officec2rclient.exe.db
| MD5 | a6064fc9ce640751e063d9af443990da |
| SHA1 | 367a3a7d57bfb3e9a6ec356dfc411a5f14dfde2a |
| SHA256 | 5f72c11fd2fa88d8b8bfae1214551f8d5ee07b8895df824fa717ebbcec118a6c |
| SHA512 | 0e42dd8e341e2334eda1e19e1a344475ed3a0539a21c70ba2247f480c706ab8e2ff6dbeb790614cbde9fb547699b24e69c85c54e99ed77a08fe7e1d1b4b488d0 |
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules.xml
| MD5 | ddd2ed7a1263bd60e2cd1a6da7b8dd8d |
| SHA1 | 55e4a17a58952df778914864f17537a6f9285e4c |
| SHA256 | ee6204f7b5fa119f2e9828e26a37d5281e3e6ce4ff51a8cc56d0294f44b16947 |
| SHA512 | 0bfa03e5d3d51b43c03c515e229110e80db34f490c2d0572fe640440fe3d2331c165088a060126a4df26d3d0979187abdc4d2580023323421056fefdfb2b83df |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 0db76826ef1eb39b10f50c9c98411802 |
| SHA1 | 88a49701de5a338400b3f5b40deb2608b413ab84 |
| SHA256 | f09445a05f2cf45e3d1d8f826bbb4fa78f1fcbf04311a5f5e8e3b7c90e1069ee |
| SHA512 | 0247c74dde74f8f1062fd2b28fc57b3bb567e42db8e594f2712fec65e045bdaf4be8c76e9b5f98af48dacdf863091ffa446dfa9583afb4a70c73809cbfa5aaa7 |
C:\Users\Admin\AppData\Local\Temp\ClientsFolder\9B98E79A352B865F0C37\Recovery\BookMark.txt
| MD5 | a2ebe0889b0a985519e9eade02694c6e |
| SHA1 | 435ebf82ec544204e4f0f7f343d237c8a42c17c3 |
| SHA256 | 20aa05ade0f27530dc1ddcf485205af1a9ff9550c43a79804f17686021fe0819 |
| SHA512 | daf7aa8dbda5d279e1323bd008488c2b1e6f54661da42111832898555ad940c4be80e6926f38188ae71df993306a6d7ea56bdd2af3eb1e18da51a60b8c42ce6b |
C:\Users\Admin\AppData\Local\Temp\ClientsFolder\9B98E79A352B865F0C37\StealData\Information about the data.txt
| MD5 | 91bc87994a258a7abe5e6aeebf147bdf |
| SHA1 | 77e2ded98d5b4baf407a0e091a803fdaef776ec3 |
| SHA256 | e8c0331a40b5b2c88bee5e4c2df6a6b72a3e4a322f7c7ac61d59edb21eafa1b7 |
| SHA512 | f5d7e267def6ec6460be2310d09bb3f94b195c45dc9eb3e03b135e6ca9c7704d329273625f28fc86faf48b8abe63e109da5d2dd5b7deafaf367e3ce89c95ea95 |
C:\Users\Admin\AppData\Local\Temp\HNFOSCDF-20231029-0448.log
| MD5 | e2e5a6333247d95d2bbe459aed56933d |
| SHA1 | 299fd0dc3c370b3b00e55d0bed423cbe4e841bbe |
| SHA256 | 17e736b05f373815399c337b77c9a7136f3cf3e89a6f8a882b5abaf0abadc398 |
| SHA512 | ce90e3ccb02b2fbe04ca2e6f6b8c9c003457249a7b55b0c5b55e05cd64359ab1ccf30e8ad199b8315d901b88ae9b8f47ddab5091526ac3e1e55c5eff66e9c30a |
C:\Users\Admin\AppData\Local\Temp\Costura\C5730A4C0FDD612A5678E51A536CE09E\64\sqlite.interop.dll
| MD5 | 56a504a34d2cfbfc7eaa2b68e34af8ad |
| SHA1 | 426b48b0f3b691e3bb29f465aed9b936f29fc8cc |
| SHA256 | 9309fb2a3f326d0f2cc3f2ab837cfd02e4f8cb6b923b3b2be265591fd38f4961 |
| SHA512 | 170c3645083d869e2368ee16325d7edaeba2d8f1d3d4a6a1054cfdd8616e03073772eeae30c8f79a93173825f83891e7b0e4fd89ef416808359f715a641747d7 |
C:\Users\Admin\AppData\Local\Temp\ClientsFolder\9B98E79A352B865F0C37\StealData\AnarchyData.zip
| MD5 | b323e932e753b238cfdada69b81f5fe1 |
| SHA1 | 5cdda649a5514e554de44d4a252abc751b9d78d4 |
| SHA256 | f3a959fcf1566dd5e96b8bdcb4e74f85be1df5e9b5a6e86ef1413e5f13ba8e48 |
| SHA512 | f2113515cbb57b0bcbaee2e2c59f15861af9514d6a05ab22a8d121376ee80c50dfcfbb413eeecfcb943ef4287cf78b7acfac3cd253713e313bfb1535a134f55d |
C:\Users\Admin\AppData\Local\Temp\ClientsFolder\9B98E79A352B865F0C37\Recovery\Password.txt
| MD5 | 61e39cd17c25f8e978e0f2863ae33f48 |
| SHA1 | d7d80edd329c240c529da0fd082270f852eb9675 |
| SHA256 | 5acee54af9a2e16e5ca2278d4a91e7bd65411d67cf035974d10e4ed6c8f47a33 |
| SHA512 | d1459a9919b1fd11e5ca995d35d6341f289413e4f96aa26bb599fddc68f12511cd13030583fc806313457e0d1e846b211fb2e73834c1f8cf28d2fb0ca1a01304 |
C:\Users\Admin\AppData\Local\Temp\ClientsFolder\9B98E79A352B865F0C37\Recovery\History.txt
| MD5 | 8b86c34ada826314848b1847cb078b3c |
| SHA1 | 407a1dc237ebf44035c8ee22bbd3c3dd8e5925b0 |
| SHA256 | 422d548c18f4c6cc4a4a3b68e383edbcfafc961f7ba1c639bfd55474946d9d38 |
| SHA512 | b44b69cd893a9d6bff526509b7b4d0589ec630a352ba5892584dc4fb475dde7586e5afe09fe44d8fcea03cd26b3a14cca1c0e3b14d106912bf2b6cbef5fb9188 |
C:\Users\Admin\AppData\Local\Temp\ClientsFolder\9B98E79A352B865F0C37\Recovery\Cookie.json
| MD5 | 764476e053fc9410258ea154d2457cdc |
| SHA1 | d6e3f8986f3343b9444150df13672b44ed883f38 |
| SHA256 | 1f9ecc653d771b63d47cc5b33b7ee42c82b2edf91583f02717bdca6ceb0af0d5 |
| SHA512 | e5cc8de4ef0033ef81cb2c046028370b57ba4433589f76db918440b4e4c78790b80aed6e7625788d0b8dc246dd7982045abdd4fa58a3dd98798da63f747b4bb8 |
C:\Users\Admin\AppData\Local\Temp\ClientsFolder\9B98E79A352B865F0C37\Recovery\AutoFill.txt
| MD5 | af253b3f98ca2cb6155fddbe1d7ef59a |
| SHA1 | 524ab4141c16abaf7408561b77cdf0241269382f |
| SHA256 | 0b0fee013adfb00a863956d3c21fd6dfcf5b7ebe5d4c585ac5439381505e13e4 |
| SHA512 | 41adef9fbbf29c3b46e7ffaf5efffa38c7119c58f306ae8da8f69b6462de1a1069f10ece078354961899efa4d4bf5df5ff2e02c68792a874212ac9eac90a804d |
C:\Users\Admin\AppData\Local\Temp\ClientsFolder\9B98E79A352B865F0C37\Password\Password_10-29-2023 04;48;10.txt
| MD5 | ea41f09f834c82caa8acbbdf95a552d7 |
| SHA1 | 908c51285caf093ad3340bec9ba239e8d7714091 |
| SHA256 | ca32a84b5478453a7e0dfda8e398f4bf85b4940a6bacf3fa45e621a230a57548 |
| SHA512 | 850f1309bfc58e517b0872dad0cc29c998dd5f99f220f21957618a6e9f3388378327b83dd4459998d1b56cd3b5535fda802f6d9a04509604f0efb64e9006bbc7 |
C:\Users\Admin\AppData\Local\Temp\ClientsFolder\9B98E79A352B865F0C37\Password\Password_10-29-2023 04;46;26.txt
| MD5 | 718507c98e290a1920acdf2b2ffc2d6d |
| SHA1 | 26c429fcdfd34714e4da4f28ca4dd9e7fe47a429 |
| SHA256 | 261b8811ce93b8efb30269bbb2616c7ced3b2a0815b782b8c3bd98b58d10f03f |
| SHA512 | 8192dcc348e0049799a069d902912908b464e9407101bb8c5619470e667b705d027342ace2a82a2b571a2c49d75e44fb06b308e9a88dc8f48faa988a812f8c0c |
C:\Users\Admin\AppData\Local\Temp\ClientsFolder\9B98E79A352B865F0C37\Information\Information.txt
| MD5 | 68303b76574bd9f1d124ae8d402ca8a3 |
| SHA1 | d291bccea34533684a081e470f6d49f81c962515 |
| SHA256 | 1e96a499a94066fe4788307c9a5b03b2bf1a27b81befe6a7ca46a0735d902473 |
| SHA512 | 7495b923674d89741bba87f2767cb3702271f91a7619bf03c079c3e357536723bd4a68a6a0f5a1cca07c2c97e5ba5594f652005cc38532df16a69b88a1232606 |
C:\Users\Admin\AppData\Local\Temp\BackupCertificate.zip
| MD5 | 91c4f3e86fbfeb54b6bc778ce7cf6eb8 |
| SHA1 | 02e8ca12a5ba64bc364e543e120266eca617419d |
| SHA256 | cb16601bc6651b68adc29665910fe3df024dba24039de463c9af0b72d2f360b9 |
| SHA512 | 18f2d40842e6d51772c500fd2bb4297e91f838f3472b53f512f5012e2da65ad8aa546bfd3f7c1c855f0cd7bb766b62608530590ca8bb1c1eac7b871b853c2a22 |
C:\Users\Admin\AppData\Local\Temp\919CB5E.tmp
| MD5 | 7618cb5a35ecd7b9a94719789c779cdc |
| SHA1 | f8205df292cf79a4c8cc101f7e65e5802f9cf5af |
| SHA256 | 1e179b406e56de0da2893b5ac49986724c5dbec446301ae8bf829c831faac2eb |
| SHA512 | 75231a815c756ee3d82972c90915bfda7c852ecd45884cebaced5297961b44f1ed48ca52b6583a6ec012dd131453aeba7ed98aff93f657ee3e116f69de0043c4 |
C:\Users\Admin\AppData\Local\Temp\895B839.tmp
| MD5 | 1115e189d341ce689e1813af3e01afe4 |
| SHA1 | 1a0ee1f7d8470b755446a9d4e125599eab7cdc05 |
| SHA256 | e62b30aa154396435734eb6aeb7100ec5578e27f9b5d90307f85fa1aa1e64120 |
| SHA512 | ae62b21a4b8588b236ae2e232d2dad84d687a7e7006a132f8f1009a5a61b0ab719bc6e46f09fb1253031605b440748f8bfdea8eefd0097aa3959b7bd1389e399 |
C:\Users\Admin\AppData\Local\Temp\238E96E.tmp
| MD5 | d20164c799c44c1f2d538d594adf8af9 |
| SHA1 | 4da69f0ae8de0dccd1c12fe4be177478baad878e |
| SHA256 | 65ad174e9806eaf70dd0cb8586c99928ad173973a8a177943a28e1b7e989bebb |
| SHA512 | b408018b3208d42be43d0d174596928afbd92f5678185b51b22485ce970ce49d18664880ebfad0055bd5e59a362655a41625cb5a8bf42bc43134565ef7c42b6c |
C:\Users\Admin\AppData\Local\Temp\142B819.tmp
| MD5 | 4b74bb2a9f801cfb2961a957fa6d987d |
| SHA1 | 70494f3085b2178d69abcb34aeac806c16d2edcd |
| SHA256 | c289b13ba4278df00500c4743fd302f0e653f360ef50b342d06c4b3ba4a9bf0a |
| SHA512 | 2a1576b89346c95aba27237c36925e57a10f01d31e45357e28de8eb0d5c3d6c10cb48610a5cf68b0b8922dde7b841983c8b86290b305e08a94ff158907a86a75 |
C:\Users\Admin\AppData\Local\Temp\ClientsFolder\9B98E79A352B865F0C37\Password\Password_10-29-2023 04;47;49.txt
| MD5 | 5f5b678f4bed97fd5701e56cbe19ac91 |
| SHA1 | 95dc79b116ab5d50d18bdd607b84e702dc85cea9 |
| SHA256 | 9cb2a795ab6804920001b3f6fbf277643c594dce17dd604d6d567060bc6b9ecc |
| SHA512 | 5521bc50cbfd0cac273aff0b3506b5d6b534a501bd5700ca36ac4da79783e91b5982fc07b49c645f7ef4bc86fd358cc6bd70843654b9837bf39d38f703727602 |
C:\Users\Admin\AppData\Local\Temp\ClientsFolder\9B98E79A352B865F0C37\Password\Password_10-29-2023 04;45;43.txt
| MD5 | f25e7e87eaf9c7c7add4d3dee272bb7b |
| SHA1 | 9a64e38cc6b32e5b5f91765ad6a0282e6d0aeb7d |
| SHA256 | 1d2c1f469ba949396186491e0ac025f7bd4d520f6df3b886befa8a6f3297ac66 |
| SHA512 | 4279dddebb706be4657d223a95d4d756bc52f746a18923237abc7bd5ca17e4288e70d9aec6a70a649c8f930f845ae5ad65bc98499df61114e3146fbd822b392e |
C:\Users\Admin\AppData\Local\Temp\ClientsFolder\9B98E79A352B865F0C37\FileSearcher\10-29-2023 04;50;10.zip
| MD5 | 7609a61a886cdec7eeb63fec1eee9bba |
| SHA1 | a8e7fb7b243609c67a9e6a85fedc0630b8078423 |
| SHA256 | bcf8b63226c05372388ce13efade63505781f9af759e96ec74570f221dff85a3 |
| SHA512 | fb94b5c22031768d3f0ee18f0d6b87ed7166f3e37598baacce485836e8ba2dc9136326e50f82acc276c52910e96f29e4e98f41958eeb17dc32455e9a79784776 |
C:\Users\Admin\Desktop\DECRYPT.exe
| MD5 | 778435dbc0ea22f9d5b60b06b1dc5b27 |
| SHA1 | ac6ded9656495cfdb701e66e3654bf161c3c38ed |
| SHA256 | 2d39bdd50f2fbb072d5c4c71ccbb18b3de6f57b73254ef44650f564b49eb47b6 |
| SHA512 | 1027e8b0fbe6892eb74ab999cbb4a23ce7429febb3558978eaf373669798361340b7e492ba40a14ac68c50990b0187acffd4bafaacebe40c9677aa41145a9651 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\4BXHXA8O\microsoft.windows[1].xml
| MD5 | 588eca73f699ed029bdf59c5884f8791 |
| SHA1 | d6a4f0d004b4e2d70a68243b67d8d1e648d1407f |
| SHA256 | f91c127f979ca4e1956be96207c88232b6090d21f317bbdf3951ce8999e7a410 |
| SHA512 | aa5daaa6b051d1b3c915858578a192161ce0ce188442addec4a548f03446b8964dd5695e93cabdcd858754e7510af677b0f4b3ff030a23080c7c820435fd24b1 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat
| MD5 | ec9f0ba2e26126f282c5b384dac43799 |
| SHA1 | 4b42f421b37d61c6a77cee419fc60d874dfff91b |
| SHA256 | 0d8de2333cd37cbb38541401f59f850a6788167a471c3f4682d667e3a7ac22c3 |
| SHA512 | be589763db1ee73024de4f6cdb1984fec81838248f6bf1012bdcefa5bb99c14d5b30b6642cccfbbe311786dd7ea5f410fab20b4f4f8b9fd4094f4c694286ed29 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133430288454518204.txt
| MD5 | be5f5bbce205955c6ec678bb9fbfa6f2 |
| SHA1 | 6c41b632387102f83a9f8c7869cf5bc3577e91b4 |
| SHA256 | 9719043f24dd3a0564a9ec8c12f8e161257e3b7c26791ef103581ed33de5f572 |
| SHA512 | c8cd9b435116d076c653f9bab3ab2bd386395429d927f4718f2bc97165cb94fc3589244d39ec18f7a1905e3e11616c8eae8b371302cdf59d0c4a80798eae7482 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ShellFeeds\IDX_CONTENT_TASKBARHEADLINES.json
| MD5 | 3179c30b1fb6b05d6d5b89f2b2ba5dfb |
| SHA1 | 2f60394e0cf1961bfc1a42e97553957f21293833 |
| SHA256 | 105a334c2a701f27bec5ee612f5bfb95b43cc00b9136220f8a534c2c14415c4f |
| SHA512 | f92187350de36545fb61ca90330e584015b7a2ef532cc313a8a100f67f436b0352ccae497c75e05f4b5a58edfac85a54578ea292e01e571cd3607d945a9469bb |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat
| MD5 | d48f24735747524d7a42c45393204c7f |
| SHA1 | 2ccd6ac81c8b5e3883d4ec28bafb3f604544ae9c |
| SHA256 | 1cb9607ae57823ec9a99b49fb0a6153650939a4517a17db836c1fba7461848c2 |
| SHA512 | 25066b01c519815f9ba61c579a13f80a22b4861acf646cc42564cfc337e9a5c41f0e15ccd8d885af3108a4d3719b1f0e79697f802bed8de35ded7f9011198a40 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ShellFeeds\IDX_CONTENT_TASKBARHEADLINES.json
| MD5 | cc2d286f4b0b1ccb30120f123f851943 |
| SHA1 | dea5a62d2b2d4af1ec7f5107e6ab313f096b6f85 |
| SHA256 | bfe8fd15dcd0d30e0753f2d99ba1f29ea8d8b2d678ea52260c55cb7cccf1aa6a |
| SHA512 | b15f8c4684ca289681881df0bb3cb68ab89897383c97f8056197d589a1d21dc3286f4ee42bf98cf89d765123cf93fd2678213d86c46f3ee4604b293ed982eaff |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ShellFeeds\IDX_CONTENT_TASKBARHEADLINES.json
| MD5 | 855960f7f130b4621e601b7e53133df7 |
| SHA1 | 9dc7e623b4f0e9ff2954f2c137a3be3dbb4de934 |
| SHA256 | c1109742eaf5a966e979835df95a442c98eecf9d08170b2e39592a70c3ab4dd7 |
| SHA512 | f3b024a8b29839099694071009c7400effdcc18ab81f5e18895716aa7a179092ee683a760065f32a1e3dc3c9a6e6c0c405ce2be46107ddc6064e2026193bc300 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{8244373b-5b28-4974-baf2-04416e7d4a8a}\0.0.filtertrie.intermediate.txt
| MD5 | 082e1f1aa9ed2e47498ff894d5d98186 |
| SHA1 | 62ad2329bde4dbf934015f95749a817f78b15830 |
| SHA256 | 1fa308d45a43d54f288c3c422a985f03927b8bd97c8413cc9815faea87e71623 |
| SHA512 | efe5f0d03e8050e9c1b90bcf7f4cbff05209f8c3226bbe26cb5fde8bb472cd57f515b15c090399b1c151308249440b391ef525a09ce0147c8639ad8027b1034e |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{8244373b-5b28-4974-baf2-04416e7d4a8a}\0.1.filtertrie.intermediate.txt
| MD5 | 34bd1dfb9f72cf4f86e6df6da0a9e49a |
| SHA1 | 5f96d66f33c81c0b10df2128d3860e3cb7e89563 |
| SHA256 | 8e1e6a3d56796a245d0c7b0849548932fee803bbdb03f6e289495830e017f14c |
| SHA512 | e3787de7c4bc70ca62234d9a4cdc6bd665bffa66debe3851ee3e8e49e7498b9f1cbc01294bf5e9f75de13fb78d05879e82fa4b89ee45623fe5bf7ac7e48eda96 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{8244373b-5b28-4974-baf2-04416e7d4a8a}\0.2.filtertrie.intermediate.txt
| MD5 | c204e9faaf8565ad333828beff2d786e |
| SHA1 | 7d23864f5e2a12c1a5f93b555d2d3e7c8f78eec1 |
| SHA256 | d65b6a3bf11a27a1ced1f7e98082246e40cf01289fd47fe4a5ed46c221f2f73f |
| SHA512 | e72f4f79a4ae2e5e40a41b322bc0408a6dec282f90e01e0a8aaedf9fb9d6f04a60f45a844595727539c1643328e9c1b989b90785271cc30a6550bbda6b1909f8 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{8244373b-5b28-4974-baf2-04416e7d4a8a}\Apps.ft
| MD5 | 8ac66f36c12445c1abc5693a469e8e8f |
| SHA1 | 6e0d1c260980b792ecc78a9a8c69b155a91b3c9c |
| SHA256 | f2f5b184f22a3703ec52d8839c32768befceb687ff6d72b7086a0aa6b48ed4b3 |
| SHA512 | c8e9ac06450e18ce24335bb40cc34b2789eaa112cf8d88a5d0937a495f2d94e32c7344c3dd84a53b97174d269fda73385d52093c1abb374bc918321e0ac0c5cf |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{8244373b-5b28-4974-baf2-04416e7d4a8a}\Apps.index
| MD5 | 0fde0a452ba09b9974ec5ae0e83679df |
| SHA1 | 52b53f7c31d118ba741b7bc39193ebb85416eb31 |
| SHA256 | ecc33abe92432aee555bb3b2f9416117e38ab33f4c4e91290087a22be27968ec |
| SHA512 | 43308c2e53f470f61a98bcbec2da0392ac5fc88d7d7ad9b3aab1f0c7ab948a7eef64a28b09588594b48280c339eab60c85ac64be49546b292b1af33a71443453 |
Analysis: behavioral1
Detonation Overview
Submitted
2023-10-29 04:38
Reported
2023-10-29 05:09
Platform
win7-20231020-en
Max time kernel
1801s
Max time network
1568s
Command Line
Signatures
AsyncRat
Detect ZGRat V1
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
ZGRat
Async RAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
.NET Reactor proctector
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel 4.7_adrikadi.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel 4.7_adrikadi.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel 4.7_adrikadi.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel 4.7_adrikadi.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
Enumerates physical storage devices
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel 4.7_adrikadi.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\FFlags = "1" | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202 | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\Mode = "4" | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\Sort = 000000000000000000000000000000000200000030f125b7ef471a10a5f102608c9eebac0a0000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\TV_TopViewID = "{82BA0782-5B7A-4569-B5D7-EC83085F08CC}" | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\FFlags = "1092616257" | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\IconSize = "16" | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\TV_FolderType = "{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}" | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 9e0000001a00eebbfe23000010007db10d7bd29c934a973346cc89022e7c00002a0000000000efbe000000200000000000000000000000000000000000000000000000000100000020002a0000000000efbe7e47b3fbe4c93b4ba2bad3f5d3cd46f98207ba827a5b6945b5d7ec83085f08cc20002a0000000000efbe000000200000000000000000000000000000000000000000000000000100000020000000 | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202 | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\9 | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC} | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9} | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlg\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\LogicalViewMode = "1" | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "9" | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\TV_TopViewVersion = "0" | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel 4.7_adrikadi.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel 4.7_adrikadi.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2432 wrote to memory of 2744 | N/A | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel 4.7_adrikadi.exe | C:\Users\Admin\AppData\Local\Temp\svchost.exe |
| PID 2432 wrote to memory of 2744 | N/A | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel 4.7_adrikadi.exe | C:\Users\Admin\AppData\Local\Temp\svchost.exe |
| PID 2432 wrote to memory of 2744 | N/A | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel 4.7_adrikadi.exe | C:\Users\Admin\AppData\Local\Temp\svchost.exe |
| PID 2432 wrote to memory of 2744 | N/A | C:\Users\Admin\AppData\Local\Temp\Anarchy Panel 4.7_adrikadi.exe | C:\Users\Admin\AppData\Local\Temp\svchost.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\Anarchy Panel 4.7_adrikadi.exe
"C:\Users\Admin\AppData\Local\Temp\Anarchy Panel 4.7_adrikadi.exe"
C:\Users\Admin\AppData\Local\Temp\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\svchost.exe"
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
C:\Users\Admin\AppData\Local\Temp\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\svchost.exe"
C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe
"C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe"
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
Network
Files
\Users\Admin\AppData\Local\Temp\svchost.exe
| MD5 | f83c1904404d2b40622d28a5c05420f9 |
| SHA1 | 87c629c25b2be94ff603fd4b5e1934541006cc44 |
| SHA256 | 58fa8679eb278c0fbe4b9348e61cd274234037af160878289a988260eaf6246e |
| SHA512 | cb8dedaa9510e466a6babb984913130271baaccc68ccb432e6318e0791547eb6d54d3b61103b9ab39a530d15e6187a580062fe9e5c1442df5d976ee7850448a3 |
C:\Users\Admin\AppData\Local\Temp\svchost.exe
| MD5 | f83c1904404d2b40622d28a5c05420f9 |
| SHA1 | 87c629c25b2be94ff603fd4b5e1934541006cc44 |
| SHA256 | 58fa8679eb278c0fbe4b9348e61cd274234037af160878289a988260eaf6246e |
| SHA512 | cb8dedaa9510e466a6babb984913130271baaccc68ccb432e6318e0791547eb6d54d3b61103b9ab39a530d15e6187a580062fe9e5c1442df5d976ee7850448a3 |
\Users\Admin\AppData\Local\Temp\svchost.exe
| MD5 | f83c1904404d2b40622d28a5c05420f9 |
| SHA1 | 87c629c25b2be94ff603fd4b5e1934541006cc44 |
| SHA256 | 58fa8679eb278c0fbe4b9348e61cd274234037af160878289a988260eaf6246e |
| SHA512 | cb8dedaa9510e466a6babb984913130271baaccc68ccb432e6318e0791547eb6d54d3b61103b9ab39a530d15e6187a580062fe9e5c1442df5d976ee7850448a3 |
\Users\Admin\AppData\Local\Temp\svchost.exe
| MD5 | f83c1904404d2b40622d28a5c05420f9 |
| SHA1 | 87c629c25b2be94ff603fd4b5e1934541006cc44 |
| SHA256 | 58fa8679eb278c0fbe4b9348e61cd274234037af160878289a988260eaf6246e |
| SHA512 | cb8dedaa9510e466a6babb984913130271baaccc68ccb432e6318e0791547eb6d54d3b61103b9ab39a530d15e6187a580062fe9e5c1442df5d976ee7850448a3 |
\Users\Admin\AppData\Local\Temp\svchost.exe
| MD5 | f83c1904404d2b40622d28a5c05420f9 |
| SHA1 | 87c629c25b2be94ff603fd4b5e1934541006cc44 |
| SHA256 | 58fa8679eb278c0fbe4b9348e61cd274234037af160878289a988260eaf6246e |
| SHA512 | cb8dedaa9510e466a6babb984913130271baaccc68ccb432e6318e0791547eb6d54d3b61103b9ab39a530d15e6187a580062fe9e5c1442df5d976ee7850448a3 |
C:\Users\Admin\AppData\Local\Temp\svchost.exe
| MD5 | f83c1904404d2b40622d28a5c05420f9 |
| SHA1 | 87c629c25b2be94ff603fd4b5e1934541006cc44 |
| SHA256 | 58fa8679eb278c0fbe4b9348e61cd274234037af160878289a988260eaf6246e |
| SHA512 | cb8dedaa9510e466a6babb984913130271baaccc68ccb432e6318e0791547eb6d54d3b61103b9ab39a530d15e6187a580062fe9e5c1442df5d976ee7850448a3 |
C:\Users\Admin\AppData\Local\Temp\svchost.exe
| MD5 | f83c1904404d2b40622d28a5c05420f9 |
| SHA1 | 87c629c25b2be94ff603fd4b5e1934541006cc44 |
| SHA256 | 58fa8679eb278c0fbe4b9348e61cd274234037af160878289a988260eaf6246e |
| SHA512 | cb8dedaa9510e466a6babb984913130271baaccc68ccb432e6318e0791547eb6d54d3b61103b9ab39a530d15e6187a580062fe9e5c1442df5d976ee7850448a3 |
memory/2744-84-0x0000000000A70000-0x0000000000A78000-memory.dmp
memory/2744-86-0x000007FEF5E00000-0x000007FEF67EC000-memory.dmp
memory/2744-87-0x000007FEF5E00000-0x000007FEF67EC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\svchost.exe
| MD5 | f83c1904404d2b40622d28a5c05420f9 |
| SHA1 | 87c629c25b2be94ff603fd4b5e1934541006cc44 |
| SHA256 | 58fa8679eb278c0fbe4b9348e61cd274234037af160878289a988260eaf6246e |
| SHA512 | cb8dedaa9510e466a6babb984913130271baaccc68ccb432e6318e0791547eb6d54d3b61103b9ab39a530d15e6187a580062fe9e5c1442df5d976ee7850448a3 |
memory/2588-89-0x000007FEF5E00000-0x000007FEF67EC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe
| MD5 | 94bac1a0cc0dbac256f0d3b4c90648c2 |
| SHA1 | 4abcb8a31881e88322f6a37cbb24a14a80c6eef2 |
| SHA256 | 50c2dba1d961e09cb8df397b71bd3b6a32d0ee6dbe886e7309305dc4ba968f94 |
| SHA512 | 30ecee38d5d641abaf73e09a23c614cb3b8b84aa1f8ff1818e92c1f2b51bf6841d3e51564aecb5efd01a3d98db88f0938e7dd4ee9c74ca5477785c33c969ffd9 |
C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe.config
| MD5 | 3d441f780367944d267e359e4786facd |
| SHA1 | d3a4ba9ffc555bbc66207dfdaf3b2d569371f7b5 |
| SHA256 | 49648bbe8ec16d572b125fff1f0e7faa19e1e8c315fd2a1055d6206860a960c9 |
| SHA512 | 5f17ec093cdce3dbe2cb62fec264b3285aabe7352c1d65ec069ffbc8a17a9b684850fe38c1ffd8b0932199c820881d255c8d1e6000cbbe85587c98e88c9acb90 |
C:\Users\Admin\AppData\Local\Temp\Anarchy Panel.exe
| MD5 | 94bac1a0cc0dbac256f0d3b4c90648c2 |
| SHA1 | 4abcb8a31881e88322f6a37cbb24a14a80c6eef2 |
| SHA256 | 50c2dba1d961e09cb8df397b71bd3b6a32d0ee6dbe886e7309305dc4ba968f94 |
| SHA512 | 30ecee38d5d641abaf73e09a23c614cb3b8b84aa1f8ff1818e92c1f2b51bf6841d3e51564aecb5efd01a3d98db88f0938e7dd4ee9c74ca5477785c33c969ffd9 |
memory/2928-93-0x000007FEF5E00000-0x000007FEF67EC000-memory.dmp
memory/2928-94-0x0000000000C10000-0x00000000042AE000-memory.dmp
memory/2928-95-0x000000001E790000-0x000000001E810000-memory.dmp
memory/2928-96-0x00000000005A0000-0x00000000005A1000-memory.dmp
\Users\Admin\AppData\Local\Temp\Costura\C5730A4C0FDD612A5678E51A536CE09E\64\sqlite.interop.dll
| MD5 | 56a504a34d2cfbfc7eaa2b68e34af8ad |
| SHA1 | 426b48b0f3b691e3bb29f465aed9b936f29fc8cc |
| SHA256 | 9309fb2a3f326d0f2cc3f2ab837cfd02e4f8cb6b923b3b2be265591fd38f4961 |
| SHA512 | 170c3645083d869e2368ee16325d7edaeba2d8f1d3d4a6a1054cfdd8616e03073772eeae30c8f79a93173825f83891e7b0e4fd89ef416808359f715a641747d7 |
memory/2928-101-0x000000001ED70000-0x000000001F358000-memory.dmp
memory/2928-102-0x000000001F760000-0x000000001FB20000-memory.dmp
memory/2928-104-0x000000001E790000-0x000000001E810000-memory.dmp
memory/2928-103-0x000007FEF5E00000-0x000007FEF67EC000-memory.dmp
memory/2928-105-0x000000001E790000-0x000000001E810000-memory.dmp
memory/2928-107-0x000000001E790000-0x000000001E810000-memory.dmp
memory/2928-106-0x000000001E790000-0x000000001E810000-memory.dmp
memory/2928-108-0x000000001E790000-0x000000001E810000-memory.dmp
memory/2928-109-0x000000001E790000-0x000000001E810000-memory.dmp
memory/2928-110-0x000000001E790000-0x000000001E810000-memory.dmp
memory/2928-111-0x000000001E790000-0x000000001E810000-memory.dmp
memory/2928-112-0x000000001E790000-0x000000001E810000-memory.dmp
memory/2928-113-0x00000000206F0000-0x0000000020942000-memory.dmp
memory/2928-114-0x000000001E790000-0x000000001E810000-memory.dmp
memory/2928-115-0x0000000023430000-0x000000002357E000-memory.dmp
memory/2928-116-0x0000000020C40000-0x0000000020C54000-memory.dmp
memory/2928-117-0x000000001E790000-0x000000001E810000-memory.dmp
memory/2928-118-0x0000000023D90000-0x0000000024008000-memory.dmp
memory/2928-126-0x000000001E790000-0x000000001E810000-memory.dmp
memory/2928-129-0x000000001E790000-0x000000001E810000-memory.dmp
memory/2928-130-0x000000001E790000-0x000000001E810000-memory.dmp
memory/2928-131-0x000000001E790000-0x000000001E810000-memory.dmp
memory/2928-132-0x000000001E790000-0x000000001E810000-memory.dmp
memory/2928-133-0x000000001E790000-0x000000001E810000-memory.dmp
memory/2928-134-0x000000001E790000-0x000000001E810000-memory.dmp
memory/2928-135-0x000000001E790000-0x000000001E810000-memory.dmp
memory/2928-136-0x000000001E790000-0x000000001E810000-memory.dmp
memory/2928-137-0x00000000258F0000-0x0000000025A0E000-memory.dmp
memory/2928-138-0x000000001E790000-0x000000001E810000-memory.dmp
memory/2928-141-0x0000000027580000-0x0000000027581000-memory.dmp
memory/2928-142-0x0000000028680000-0x0000000028690000-memory.dmp
memory/2928-143-0x0000000027580000-0x0000000027581000-memory.dmp