Analysis
-
max time kernel
124s -
max time network
153s -
platform
windows7_x64 -
resource
win7-20231020-en -
resource tags
-
submitted
05-12-2023 00:18
General
-
Target
4ddig-for-windows.exe
-
Size
2.3MB
-
MD5
6959949d30bb64c6c0586597862fe0db
-
SHA1
afdb5e6f6fb4d42518500d6c5eb063ba9ba23b17
-
SHA256
7f61355d779e864d305b3e02f6aa09da634e06e82353255340dd01e2144256e3
-
SHA512
1efeda5294e85ef04389d18875fddac17e60b19cc47e3d7e47b8f4aaee9530f303fd3c6e30cf124ca2aeaeabb65b9364bf475386ac94dd978b028582d5453fcc
-
SSDEEP
49152:N1OOKgkBsWP5UXpv4k6rKR31IDhvLLM0hXpWEntfJFJYzexpxwGy1V9fF:N1ZNKe54k6aFIDhvLzhXpLtf/JYCJyH/
Malware Config
Signatures
-
Modifies Windows Firewall 1 TTPs 33 IoCs
-
UPX packed file 9 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Program Files directory 64 IoCs
-
Executes dropped EXE 7 IoCs
-
Loads dropped DLL 64 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Kills process with taskkill 27 IoCs
-
Modifies Internet Explorer settings 1 TTPs 37 IoCs
-
Modifies system certificate store 2 TTPs 6 IoCs
-
Suspicious behavior: EnumeratesProcesses 60 IoCs
-
Suspicious use of AdjustPrivilegeToken 29 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SetWindowsHookEx 5 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4ddig-for-windows.exe"C:\Users\Admin\AppData\Local\Temp\4ddig-for-windows.exe"1⤵
- Loads dropped DLL
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\AnyDataRecovery_4ddignet\AnyDataRecovery_4ddignet_9.8.6.exe/VERYSILENT /SP- /NORESTART /DIR="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\" /LANG=en /LOG="C:\Users\Admin\AppData\Local\Temp\Tenorshare 4DDiG_Setup_20231205001907.log" /sptrack null2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\is-HG0CT.tmp\AnyDataRecovery_4ddignet_9.8.6.tmp"C:\Users\Admin\AppData\Local\Temp\is-HG0CT.tmp\AnyDataRecovery_4ddignet_9.8.6.tmp" /SL5="$801F0,151335877,743424,C:\Users\Admin\AppData\Local\Temp\AnyDataRecovery_4ddignet\AnyDataRecovery_4ddignet_9.8.6.exe" /VERYSILENT /SP- /NORESTART /DIR="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\" /LANG=en /LOG="C:\Users\Admin\AppData\Local\Temp\Tenorshare 4DDiG_Setup_20231205001907.log" /sptrack null3⤵
- Drops file in Program Files directory
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c taskkill /f /t /im "ffmpeg.exe"&taskkill /f /t /im "DeviceViewerService.exe"&taskkill /f /t /im "docsrepair.exe"&taskkill /f /t /im "doc-repair-office.exe"&taskkill /f /t /im "NASConnecter.exe"&taskkill /f /t /im "lib_USBFormatSDK.exe"&taskkill /f /t /im "PhotoPreviewService.exe"&taskkill /f /t /im "DataScanService.exe"&taskkill /f /t /im "DataPreviewService.exe"&taskkill /f /t /im "DataRecoveryService.exe"&taskkill /f /t /im "Mp4FrameScanService.exe"&taskkill /f /t /im "Mp4FrameRecoveryService.exe"&taskkill /f /t /im "GAReport.exe"&taskkill /f /t /im "MsgSupportService.exe"4⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /t /im "ffmpeg.exe"5⤵
- Kills process with taskkill
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /t /im "DeviceViewerService.exe"5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /t /im "docsrepair.exe"5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /t /im "doc-repair-office.exe"5⤵
- Kills process with taskkill
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /t /im "NASConnecter.exe"5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /t /im "lib_USBFormatSDK.exe"5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /t /im "PhotoPreviewService.exe"5⤵
- Kills process with taskkill
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /t /im "DataScanService.exe"5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /t /im "DataPreviewService.exe"5⤵
- Kills process with taskkill
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /t /im "DataRecoveryService.exe"5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /t /im "Mp4FrameScanService.exe"5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /t /im "Mp4FrameRecoveryService.exe"5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /t /im "GAReport.exe"5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /t /im "MsgSupportService.exe"5⤵
- Kills process with taskkill
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c taskkill /f /t /im "Tenorshare 4DDiG.exe"&taskkill /f /t /im "Monitor.exe"&taskkill /f /t /im "SuperResolution.exe"&taskkill /f /t /im "ParseRecord.exe"&taskkill /f /t /im "DebugRecord.exe"&taskkill /f /t /im "VideoRepairService.exe"&taskkill /f /t /im "PhotosRepairService.exe"&taskkill /f /t /im "UpdateService.exe"&taskkill /f /t /im "DocumentPreviewService.exe"&taskkill /f /t /im "DocumentPreviewServiceEx.exe"&taskkill /f /t /im "FrameWorkService.exe"&taskkill /f /t /im "MediaPlayerService.exe"&taskkill /f /t /im "MediaInfoService.exe"4⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /t /im "Tenorshare 4DDiG.exe"5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /t /im "Monitor.exe"5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /t /im "SuperResolution.exe"5⤵
- Kills process with taskkill
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /t /im "ParseRecord.exe"5⤵
- Kills process with taskkill
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /t /im "DebugRecord.exe"5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /t /im "VideoRepairService.exe"5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /t /im "PhotosRepairService.exe"5⤵
- Kills process with taskkill
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /t /im "UpdateService.exe"5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /t /im "DocumentPreviewService.exe"5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /t /im "DocumentPreviewServiceEx.exe"5⤵
- Kills process with taskkill
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /t /im "FrameWorkService.exe"5⤵
- Kills process with taskkill
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /t /im "MediaPlayerService.exe"5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /t /im "MediaInfoService.exe"5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c netsh advfirewall firewall delete rule name=all program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\Tenorshare 4DDiG.exe"4⤵
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall delete rule name=all program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\Tenorshare 4DDiG.exe"5⤵
- Modifies Windows Firewall
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c netsh advfirewall firewall delete rule name=all program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\NetFrameCheck.exe"4⤵
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall delete rule name=all program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\NetFrameCheck.exe"5⤵
- Modifies Windows Firewall
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c netsh advfirewall firewall add rule name="Tenorshare 4DDiG" dir=out action=allow program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\Tenorshare 4DDiG.exe" enable=yes4⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c netsh advfirewall firewall add rule name="Tenorshare 4DDiG" dir=in action=allow program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\Tenorshare 4DDiG.exe" enable=yes4⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c netsh advfirewall firewall delete rule name=all program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\Monitor\Monitor.exe"4⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall delete rule name=all program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\Monitor\Monitor.exe"5⤵
- Modifies Windows Firewall
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c netsh advfirewall firewall add rule name="Tenorshare 4DDiG_NetFrameCheck" dir=out action=allow program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\NetFrameCheck.exe" enable=yes4⤵
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall add rule name="Tenorshare 4DDiG_NetFrameCheck" dir=out action=allow program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\NetFrameCheck.exe" enable=yes5⤵
- Modifies Windows Firewall
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c netsh advfirewall firewall add rule name="Tenorshare 4DDiG_NetFrameCheck" dir=in action=allow program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\NetFrameCheck.exe" enable=yes4⤵
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall add rule name="Tenorshare 4DDiG_NetFrameCheck" dir=in action=allow program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\NetFrameCheck.exe" enable=yes5⤵
- Modifies Windows Firewall
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c netsh advfirewall firewall add rule name="Tenorshare 4DDiG_Monitor" dir=in action=allow program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\Monitor\Monitor.exe" enable=yes4⤵
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall add rule name="Tenorshare 4DDiG_Monitor" dir=in action=allow program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\Monitor\Monitor.exe" enable=yes5⤵
- Modifies Windows Firewall
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c netsh advfirewall firewall add rule name="Tenorshare 4DDiG_Monitor" dir=out action=allow program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\Monitor\Monitor.exe" enable=yes4⤵
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall add rule name="Tenorshare 4DDiG_Monitor" dir=out action=allow program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\Monitor\Monitor.exe" enable=yes5⤵
- Modifies Windows Firewall
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c netsh advfirewall firewall delete rule name=all program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\ParseRecord.exe"4⤵
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall delete rule name=all program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\ParseRecord.exe"5⤵
- Modifies Windows Firewall
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c netsh advfirewall firewall delete rule name=all program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\UpdateService.exe"4⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall delete rule name=all program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\UpdateService.exe"5⤵
- Modifies Windows Firewall
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c netsh advfirewall firewall add rule name="Tenorshare 4DDiG_ParseRecord" dir=out action=allow program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\ParseRecord.exe" enable=yes4⤵
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall add rule name="Tenorshare 4DDiG_ParseRecord" dir=out action=allow program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\ParseRecord.exe" enable=yes5⤵
- Modifies Windows Firewall
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c netsh advfirewall firewall add rule name="Tenorshare 4DDiG_ParseRecord" dir=in action=allow program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\ParseRecord.exe" enable=yes4⤵
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall add rule name="Tenorshare 4DDiG_ParseRecord" dir=in action=allow program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\ParseRecord.exe" enable=yes5⤵
- Modifies Windows Firewall
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c netsh advfirewall firewall add rule name="Tenorshare 4DDiG_UpdateService" dir=in action=allow program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\UpdateService.exe" enable=yes4⤵
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall add rule name="Tenorshare 4DDiG_UpdateService" dir=in action=allow program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\UpdateService.exe" enable=yes5⤵
- Modifies Windows Firewall
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c netsh advfirewall firewall delete rule name=all program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\preuninstall.exe"4⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall delete rule name=all program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\preuninstall.exe"5⤵
- Modifies Windows Firewall
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c netsh advfirewall firewall add rule name="Tenorshare 4DDiG_UpdateService" dir=out action=allow program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\UpdateService.exe" enable=yes4⤵
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall add rule name="Tenorshare 4DDiG_UpdateService" dir=out action=allow program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\UpdateService.exe" enable=yes5⤵
- Modifies Windows Firewall
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c netsh advfirewall firewall delete rule name=all program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\DeviceViewerService.exe"4⤵
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall delete rule name=all program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\DeviceViewerService.exe"5⤵
- Modifies Windows Firewall
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c netsh advfirewall firewall add rule name="Tenorshare 4DDiG_preuninstall" dir=out action=allow program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\preuninstall.exe" enable=yes4⤵
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall add rule name="Tenorshare 4DDiG_preuninstall" dir=out action=allow program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\preuninstall.exe" enable=yes5⤵
- Modifies Windows Firewall
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c netsh advfirewall firewall add rule name="Tenorshare 4DDiG_preuninstall" dir=in action=allow program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\preuninstall.exe" enable=yes4⤵
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall add rule name="Tenorshare 4DDiG_preuninstall" dir=in action=allow program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\preuninstall.exe" enable=yes5⤵
- Modifies Windows Firewall
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c netsh advfirewall firewall add rule name="Tenorshare 4DDiG_DeviceViewerService" dir=in action=allow program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\DeviceViewerService.exe" enable=yes4⤵
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall add rule name="Tenorshare 4DDiG_DeviceViewerService" dir=in action=allow program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\DeviceViewerService.exe" enable=yes5⤵
- Modifies Windows Firewall
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c netsh advfirewall firewall delete rule name=all program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\NASConnecter.exe"4⤵
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall delete rule name=all program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\NASConnecter.exe"5⤵
- Modifies Windows Firewall
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c netsh advfirewall firewall add rule name="Tenorshare 4DDiG_DeviceViewerService" dir=out action=allow program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\DeviceViewerService.exe" enable=yes4⤵
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall add rule name="Tenorshare 4DDiG_DeviceViewerService" dir=out action=allow program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\DeviceViewerService.exe" enable=yes5⤵
- Modifies Windows Firewall
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c netsh advfirewall firewall add rule name="Tenorshare 4DDiG_NASConnecter" dir=out action=allow program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\NASConnecter.exe" enable=yes4⤵
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall add rule name="Tenorshare 4DDiG_NASConnecter" dir=out action=allow program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\NASConnecter.exe" enable=yes5⤵
- Modifies Windows Firewall
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c netsh advfirewall firewall delete rule name=all program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\DataScanService.exe"4⤵
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall delete rule name=all program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\DataScanService.exe"5⤵
- Modifies Windows Firewall
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c netsh advfirewall firewall add rule name="Tenorshare 4DDiG_NASConnecter" dir=in action=allow program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\NASConnecter.exe" enable=yes4⤵
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall add rule name="Tenorshare 4DDiG_NASConnecter" dir=in action=allow program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\NASConnecter.exe" enable=yes5⤵
- Modifies Windows Firewall
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c netsh advfirewall firewall add rule name="Tenorshare 4DDiG_DataScanService" dir=in action=allow program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\DataScanService.exe" enable=yes4⤵
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall add rule name="Tenorshare 4DDiG_DataScanService" dir=in action=allow program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\DataScanService.exe" enable=yes5⤵
- Modifies Windows Firewall
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c netsh advfirewall firewall delete rule name=all program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\DataRecoveryService.exe"4⤵
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall delete rule name=all program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\DataRecoveryService.exe"5⤵
- Modifies Windows Firewall
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c netsh advfirewall firewall add rule name="Tenorshare 4DDiG_DataScanService" dir=out action=allow program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\DataScanService.exe" enable=yes4⤵
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall add rule name="Tenorshare 4DDiG_DataScanService" dir=out action=allow program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\DataScanService.exe" enable=yes5⤵
- Modifies Windows Firewall
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c netsh advfirewall firewall add rule name="Tenorshare 4DDiG_DataRecoveryService" dir=in action=allow program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\DataRecoveryService.exe" enable=yes4⤵
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall add rule name="Tenorshare 4DDiG_DataRecoveryService" dir=in action=allow program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\DataRecoveryService.exe" enable=yes5⤵
- Modifies Windows Firewall
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c netsh advfirewall firewall delete rule name=all program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\MsgSupport\MsgSupportService.exe"4⤵
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall delete rule name=all program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\MsgSupport\MsgSupportService.exe"5⤵
- Modifies Windows Firewall
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c netsh advfirewall firewall add rule name="Tenorshare 4DDiG_DataRecoveryService" dir=out action=allow program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\DataRecoveryService.exe" enable=yes4⤵
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall add rule name="Tenorshare 4DDiG_DataRecoveryService" dir=out action=allow program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\DataRecoveryService.exe" enable=yes5⤵
- Modifies Windows Firewall
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c netsh advfirewall firewall add rule name="Tenorshare 4DDiG_MsgSupportService" dir=in action=allow program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\MsgSupport\MsgSupportService.exe" enable=yes4⤵
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall add rule name="Tenorshare 4DDiG_MsgSupportService" dir=in action=allow program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\MsgSupport\MsgSupportService.exe" enable=yes5⤵
- Modifies Windows Firewall
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c netsh advfirewall firewall add rule name="Tenorshare 4DDiG_MsgSupportService" dir=out action=allow program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\MsgSupport\MsgSupportService.exe" enable=yes4⤵
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall add rule name="Tenorshare 4DDiG_MsgSupportService" dir=out action=allow program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\MsgSupport\MsgSupportService.exe" enable=yes5⤵
- Modifies Windows Firewall
-
C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\NetFrameCheck.exe"C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\NetFrameCheck.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\Tenorshare 4DDiG.exe"C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\Tenorshare 4DDiG.exe"3⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Executes dropped EXE
- Loads dropped DLL
- Modifies Internet Explorer settings
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c del /f /q "F:\4DefaultTemp\20ac6fd280ba47ddafc320c40896f5b4.json"&exit4⤵
-
C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\MsgSupport\MsgSupportService.exe"C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\MsgSupport\MsgSupportService.exe" ga_pipe_1060 QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxUZW5vcnNoYXJlXFRlbm9yc2hhcmUgNEREaUc= 9.8.6.14⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c del /f /q "F:\4DefaultTemp\07aab9e1fcb54dcc8de7de040eb695b2.json"&exit4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://cbs.tenorshare.com/go?pid=3311&a=i&v=9.8.64⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2860 CREDAT:275457 /prefetch:25⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c rmdir /s /q "F:\4DefaultTemp"&exit4⤵
-
C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\UpdateService.exe"C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\UpdateService.exe" eyJVcGxvYWRFbiI6MSwiVXBsb2FkVHlwZSI6WyJFWEZBVCJdLCJUZW1wUGF0aCI6IkY6XFwifQ==4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\DeviceViewerService.exe"C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\DeviceViewerService.exe" 4ddig_Win 10604⤵
- Drops file in Program Files directory
- Executes dropped EXE
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c fsutil behavior set disabledeletenotify 1&exit4⤵
-
C:\Windows\system32\fsutil.exefsutil behavior set disabledeletenotify 15⤵
-
C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\Monitor\Monitor.exe"C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\Monitor\Monitor.exe" 1060(#-+)UA-115865466-2(#-+)Tenorshare 4DDiG(#-+)9.8.6(#-+)&cd1=9.8.6&cd2=4DDiGNet&cd3=SmallMemory&cd4=Unregistered&cd5=64&cd6=en&cd7=2.2.0.2199&cd8=No(#-+)14⤵
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall add rule name="Tenorshare 4DDiG" dir=in action=allow program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\Tenorshare 4DDiG.exe" enable=yes1⤵
- Modifies Windows Firewall
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall add rule name="Tenorshare 4DDiG" dir=out action=allow program="C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\Tenorshare 4DDiG.exe" enable=yes1⤵
- Modifies Windows Firewall
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-3968314822093311507-654667594-1943673236-16747475131901052022128746354155534867"1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1143948237-6307132291645571235-1654867251170176767510416213031354766978-398337958"1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\NetFrameCheck.exe"C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\NetFrameCheck.exe"1⤵
-
C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\Tenorshare 4DDiG.exe"C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\Tenorshare 4DDiG.exe"2⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\AgentSupportCLR.dllFilesize
1.3MB
MD512fdc710445dc5deb6cee86eeb7b5428
SHA1be4aa49d3f2833b011983a3c399ecf1a0d5d837e
SHA256f5334f72278242ffa8b694ab2d252747b88003f8123b6b9f32c7f3d00318ec3f
SHA5124fc2cca25d1babbf23ac0613178b7875279379dc0ba263042118f2fc8d3b9514bebadf6c9f6165d782035df4bb06edab8c4de34d3bfbd52472896148e783dd99
-
C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\AnyDataRecoverySDK.dllFilesize
3.8MB
MD5a57f8cc2f0673030595fcb78257a313c
SHA14ae6bf256ed2aecb39173e17b916a79673238950
SHA25619f858210cc5d8e820ddced225b80df9aa60fc9a2c3610e07b7df4ceec0b886b
SHA512d1f3cdabb643b1a14ecd64439d94f6f6904b90455a18b0199188ccc1fbc19aa0a79fbcd14343c3386146c21b32394b191e27a97878fd554c453915da53a107e5
-
C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\DataRecoveryParser.dllFilesize
126KB
MD51143ba594877b04f96e01aaf8e65215e
SHA16f02860ed327bc57a131af8b9ebb39994647b140
SHA256891702320781c8ec334a24633826ed579edeb9ef7c595826c59d22c1c6b566f3
SHA5123b5647b0ef91aa612db202e0de880aa55bf6f35b87a292c6aaba0d586a9a8c961fb2501c45e493d60f1f396a4c0b6a9146a01189b21eeb8c6abef3daaad3e76e
-
C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\FileReport.dllFilesize
115KB
MD5a6f9e692b28aeb0e12a7574f9cfd2173
SHA14ffa8f0ee2da68c533b77edda2033d7ec3f9489e
SHA256bd42b3f785f0e8c2655602e7f2e820429ae8e19b9f976e104846ad2c005b8a08
SHA5121f89d0a0d7166b6e1801e0327c0e970e515c134d819f99f856bf755a4503f968c50be980b953bc216ecd1aaff3f42ec9cf99179fd2d89685f1bcccb91a823d41
-
C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\Languages\en-US.xamlFilesize
134KB
MD579b3dfb43f11c5fc72c9af0dd2945d81
SHA1398cfe5ff79eba38ce2b7968da6c4bb4924964e6
SHA2567cfff9a94cf66d563e5071eaa64b7cdd371518f526a3423e92176078843c1589
SHA5126e7248fe56c647d4053df820bb36a4a1383b20a5b5b4f958e48361e728ac86eb5077d68ef6b077eb39b2e44f3b8330612b71f5e2ae43f5b3cf0b779d50e25247
-
C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\MsgSupport\cloudFilesize
252B
MD505b9100e9ae40038cb7ff65497fca628
SHA1f00e223eca696b827ac9c1cf7ac7e7cc4ed2aedf
SHA256e8f9b1f09c97f23412b71007e37c975815bf8e399ba7885463f1c09eda17be0f
SHA5127a1c6784266187f4dd74c75e21824a6782ba01d25ed9fefd02d14b9d28736dc07c2132743ef1942099c7f3de0d08ea720bab0db86c223488adb75e878279339d
-
C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\MsgSupport\is-L87SJ.tmpFilesize
187B
MD53f9b7c50015ca8be5ec84127bb37e2cb
SHA107fa0b2f00ba82a440bfeacafd8b0b8d1b3e4ee7
SHA256c66e1ba36e874342cd570cf5bdd3d8b73864a4c9e9d802398be7f46fe39a8532
SHA512db5713dda4ecac0a1201add7d5d1a55bdbfc9e373b2277661869f7de9e8ba593f44bdafa6c8dbeba09df158b2dfdd1875c26c047f50597185f1f2f5612fc87b9
-
C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\NLog.dllFilesize
936KB
MD5432273ba454f5fdaa724e3e0a74900df
SHA11cc487230943bc98ce872c931cab6644125a79d8
SHA25690f4ed6e15b47f386660dc86322afdb62d8db31d2ec47f77cbf37783d5660847
SHA512594e42de0afc19addcf9e1b79fba1739aa0eeb796668b0a8d0cb478f585d3ef56c36faaaead2f209a99129eaf764cb8bfbff63d51bc5690a27cfd62d7814a887
-
C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\NetFrameCheck.dbFilesize
10KB
MD538c47c5ded5dff9a2df75a9e4dd62673
SHA191a2ac29ff010eaf22f7c178843bf7aba47fe3cf
SHA256de784bf00bc5aaeb18c92ca62e6bce35a14bcace763b3d5cde99d04dd9736521
SHA512bbc082b0d9ef5ee4a2d259d4e6e5f73470dd0c113097b87cce5f8db1dbfa98e1fda1380de0edad2f68c1aadc571a54a64fe2773a8ae49ae10a78e3d9ee6aebca
-
C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\NetFrameCheck.exeFilesize
5.2MB
MD534ab42a6036368ec8aa358847036ba62
SHA16f7fa2a1ee4718cb3d2ae4b15f568ad108d8449a
SHA2561293e8af244c9cf358f41134ca427144e9ec533b5ef4fcaa6af2626f46384398
SHA512764c72f585b9e6dcaa8be7f943a8537d0964b0b569a3e0d77a6e9f5513205e0b738d164c9f3cae294efe41680bfd8108f9de9615e76a428b0f1d42b77fc39638
-
C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\NetFrameCheck.exeFilesize
5.2MB
MD534ab42a6036368ec8aa358847036ba62
SHA16f7fa2a1ee4718cb3d2ae4b15f568ad108d8449a
SHA2561293e8af244c9cf358f41134ca427144e9ec533b5ef4fcaa6af2626f46384398
SHA512764c72f585b9e6dcaa8be7f943a8537d0964b0b569a3e0d77a6e9f5513205e0b738d164c9f3cae294efe41680bfd8108f9de9615e76a428b0f1d42b77fc39638
-
C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\Register.dllFilesize
431KB
MD556cb0314ca2406b1864392dc76a4e11f
SHA1491d3faa9af17a378b6217ff4196feaf41ea82e3
SHA2565909fca39470bc6a2b21793db63f5cd937ac999fdcd6f01ab58fbe8d9b3a4021
SHA512a9bf0ad78bb51ccb07bbb42ca2586ffd6b73ffd3b56bf43f9b6c94573ad88c347b832be8365d4358babcea2b7294405b779e40c648a997bec0b7681849dd6470
-
C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\SoftwareLog.dllFilesize
1.5MB
MD55e25c610f4114df2f3867f8580367d5c
SHA130ca5f66ff1906451d91adf754ab1fa155ebcf29
SHA2568c29ab024d533103ffac98fd07279e121a95877a9ebdee14167c8f8478b3786e
SHA51258a1192c37acf9bba14704de7f743b3c7bd0f485f0dc6f1a2ae2039428d972bbcee73c99ac4a12dbdd140282ac5e9248583b8b749051b8c37f51d4a25ec6ad4f
-
C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\TS.Language.dllFilesize
37KB
MD55177819f2f3bb387b0c2e3c057a639bd
SHA1fd122fe4d27336255fa8e329e73cfb1833df16a9
SHA256c67d51a5d3a2820716c61dc0fa66e82769d9471686e9164d7be265db84c2dec3
SHA512b854a85a647dae3fea8272fbb1f64e1ce53a893e1cae8ab75a20b7b89d3195a764e2baaa2a8b11f3bd0bd2f3c5e42628c18309dad34a281d5a3d7c357737253c
-
C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\TS.Media.dllFilesize
414KB
MD50839c51bdcbc238c1ac9853f1737aa58
SHA198b940124f9c342857c5a2d010695866a7f9f90a
SHA256f49e9de729071cadb8bd91b72bb3ee3876e8452a189ccaa4341e45886286f70e
SHA5121ad7ac7b9c6d5546d7ac9a1c7e851658804bb328f70d503ed21055cfb15909fdb4aac29c04423be7254c07982933ef82e1ebc0a247c5a3d994188769b01b26dc
-
C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\TS.MsgSupport.dllFilesize
37KB
MD50f0fd7795c06d742fd16efdb9e810d69
SHA119abe7b4f9ebb41fc7832f78f880d4bf3022af8f
SHA2567f17bc2b0f5e4cd6615358dae4b1aa39086b7bedbb0982b985ce7db698388708
SHA512409061f8cf437597496c1fde97b179c33aca2ad3d3584bd69c0199aacd1de7d371dc2d76d79280e1197f41081db6bbd3c19cbc8d7cf60e3bbfac368c360dc6c1
-
C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\TS.MvvmLight.dllFilesize
556KB
MD5c8d7e8f55a2e3fd5b77cc8804c3608ee
SHA1233dee7435c5526ac53e017a91f32756ce881dd3
SHA2565ceb24db29e26b433c9829ac46007be0e321ffc6674d6cb7ef6148407fe6c36d
SHA512feee986a93012434013dd8805b32185081f65a5c3bbdfd89e6f7f07be4370787ea202d7932a7a263d1e584ea8b6c37a0680cc7aa70e23a32fcfc67ab24e7bc67
-
C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\TSConfig.jsonFilesize
3KB
MD5abaddcbaf37171e0f7e636d79d9766cd
SHA1997c1483c09ef19726794d8636cf7ba4521a662f
SHA25660ee5dc64c10ff4edca69044b464c4bf2b3967710ef5cbb01bcd3537a977f16f
SHA51204ddd5d2e3cd5b305108e14e90ca9419e22ff6395183207243c0de2a261b4fd7b7020e4d7afc98cb9f255d268e929f0e15d2cfbd7bfbd788a9bbd0f1916eaee2
-
C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\Tenorshare 4DDiG.exeFilesize
7.8MB
MD5e22fa2e084bac4c902ffacdcb29d5363
SHA18eb4958b327accbca78773799ab1792d444fdab2
SHA256df30e2cb83fee1ae544f08381d38ab18fc27e55f5dff3ab2435860fe81e6c4cb
SHA512e965d40088247ad291c6fd82724f2bf2201642c4ca62e8802e46beb1500de3544407ce21b8eb65064d0b8e81f645d1af9394346769d75403c58ca9f25fb90f4b
-
C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\Tenorshare 4DDiG.exeFilesize
7.8MB
MD5e22fa2e084bac4c902ffacdcb29d5363
SHA18eb4958b327accbca78773799ab1792d444fdab2
SHA256df30e2cb83fee1ae544f08381d38ab18fc27e55f5dff3ab2435860fe81e6c4cb
SHA512e965d40088247ad291c6fd82724f2bf2201642c4ca62e8802e46beb1500de3544407ce21b8eb65064d0b8e81f645d1af9394346769d75403c58ca9f25fb90f4b
-
C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\Tenorshare 4DDiG.exe.ConfigFilesize
2KB
MD5e3ba0e15cdf3c07d249564f96ddea88b
SHA13c89ba04431257b5f2a4256aa70d6d95282b7918
SHA256f67106db3dfc5ce20ed86c652549739b5f3d205912245b7862865c7788edbfe4
SHA5122a5f19e0923d6920094b55e489407d5b6dff5e0d3f7a8f80a95239120aef083f15e7c1bdaf19ebf7d9d7f121feaaabf814eedb066571f9206030db611e365183
-
C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\Tenorshare 4DDiG.exe.configFilesize
2KB
MD582df3829f53a3cfebf58f9a2c2c575fa
SHA1763e3e75b83621b6e1a4229f86a2fee2799a3273
SHA25682bd228b9e7e83832e8d126b83cc9a8286227c5bc2c490f2d541d0c14beb72ab
SHA51267201ba1b21f53f383c97b0394d1cb75b1444035196c26dcb2e268af978b125ff1e8edcabb2c9256646097a771954e63838a38ea240c853dcbb3f7a0dcb4415c
-
C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\a4cfaogr.newcfgFilesize
2KB
MD594b6f1784b74d4b467b15ebb369113d2
SHA17c07a137f99cbb12dbca527389b93696ad7dc80e
SHA2568da8096237dd7951db8b125af2415fdc80d83cabb9581dd18eac523a57ecf35a
SHA512c4935e20c832f5945d03be86e636ec6b3fd1c267af9f8004782760c11b52143b449f3df3431c42334b144f3265a34a624e12130cfeebda4785eebd8923746806
-
C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\api-ms-win-core-file-l1-2-0.dllFilesize
23KB
MD587f8234f6ab37ef9985c380076129997
SHA15d813c37af868e885bc50ffb74d3574b7d8918db
SHA2565d194127f895183c904af1b7d96e1503b497cae8eb2b81f713eda4298d8aa442
SHA512c0c529a7e3cc656b14bf3cc29f488df20f8b36c0018ebde46835e510d0dded9a880cba4b4b846741ecca16d6a7253ebb66c83c11467e53385da28f554833bd7e
-
C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\api-ms-win-core-file-l2-1-0.dllFilesize
23KB
MD59fedbd0bf2204a5511283309b29bd458
SHA112a3694c0d0f6733dacc02b508ce2bb164770e18
SHA256758b860dc5bdc99f3cfab6a46506ec31065aebcab3c0c0447b020fd2d23122b8
SHA512735a799fe69effa0142c38c70658922b362541400fabd5d9045c4098d0f74be9143b7795fe10301d0e26a8fe3a98ed575144c1c094cfb24debd2b2ba6bd34000
-
C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\api-ms-win-core-localization-l1-2-0.dllFilesize
25KB
MD54a3ebd07fdc78e2a030f6aa997c3f9cc
SHA1aef087f987837bc52e0f85da301afd4b75fbdff7
SHA2564e37247f5b5aeff7648ee15d6ed0bbae687162cbd3b24800bf5e80fdb9e3996d
SHA5124d6fa5ef9af667740eebbc0d7d8d92d93d4474bed57f1fea5571808f2dc2309e2d04916ab007b14b1d20c545a5e05f346ba2074ec16fb561416e10f8a834f0b5
-
C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\api-ms-win-core-processthreads-l1-1-1.dllFilesize
23KB
MD5e14b5de248621182b11e9023045d65b7
SHA1f7810386dd9115505de3b9966bd50880a0de34ab
SHA256c39d7871504c9dccb38bd56108104e972c41d90a83ac1a8f8785f7cd5d5dfd14
SHA512e59e2ad6b0ccf515d3f46eca324a5d73539eb4143f12d4c3966adb65a1d9c144cc47cdfca8bfe343b93e7715cfd35d1d11be0a5d326edf5f088e1b5832863c7f
-
C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\api-ms-win-core-synch-l1-2-0.dllFilesize
23KB
MD56c7c7477f8afd715970dff51ed3a1ae3
SHA1af4f39eed94fef32ca0e0238bba58ee2e3963baf
SHA256aa8fc2c99aa62777e559edc737ecfed8ac9f57f840c3dc50cf31d50cf0c88cfd
SHA512dc72c2d4020a7927ceb1b145d61cb16ce38d168a466306363fd406d474f69ae4840e4ec82739ca1e86d43e45b7bab830c0bdb29034be59d27e3f624fe967dad8
-
C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\api-ms-win-core-timezone-l1-1-0.dllFilesize
23KB
MD52c66fe517f6e140a7d85a2bbb4c3d28f
SHA1321e66dfdb9adb20392aaa7787c21f4390b7694c
SHA25606f3eec0d271236d5e84d6fd6fc2919d6c98ad316dc6d92fc85e7b1ce5f26cdf
SHA512d12d679b31223b2752dcb34d965ef29010bb0d6880eadbfaec8c68042c7d7024f2f44f9a94be0dba5a45d013d36d1d41651fb21ebbe3c8d7a19861a7592b61b5
-
C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\cloudFilesize
135B
MD5fc31b34eb1f36e5ff23be7f4621aa04e
SHA1cef8d9c3577f04c9e102f942ee9bbe98dec50df5
SHA256be7a52d6d1b2e5e2c7a9e338f3ab71b4b2e76797f19cc06d5899aece2701365b
SHA512c5289e754453876b9646124952850f27325af5345c7522b9478a51c794277d5d0fa55cc105cbcab4dd72a2f76b107b97cea49a0296512c086412ddeb92441a65
-
C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\is-SGNG9.tmpFilesize
7.8MB
MD5e22fa2e084bac4c902ffacdcb29d5363
SHA18eb4958b327accbca78773799ab1792d444fdab2
SHA256df30e2cb83fee1ae544f08381d38ab18fc27e55f5dff3ab2435860fe81e6c4cb
SHA512e965d40088247ad291c6fd82724f2bf2201642c4ca62e8802e46beb1500de3544407ce21b8eb65064d0b8e81f645d1af9394346769d75403c58ca9f25fb90f4b
-
C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\libcrypto-1_1-x64.dllFilesize
3.3MB
MD5f3f33a9ff10b51626479b9326d41f599
SHA193c8dac3a5fc214c1680e05a02f52efc5f347f79
SHA256400bb0fcaa69754d46ff5e4c49963c9a4d3df3182fe6a140c00b47d73d5ae59f
SHA5126cc51593b4c6a6ac1b3d0052c9b402ec89e4e1801a3585864d0b77ac5ce6bf7ae3a681d1877b7286f59f5af7a604e57a9a2a1363d249f7be452b6d4992503fbc
-
C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\libcurl.dllFilesize
552KB
MD5c2771fe26a76ef19e040582c5f925c0f
SHA1c9d1def9ae1d3eba1fe3249636f3af1f2f5e0d8e
SHA256f08841959d88dcf5f23942ce799e77aa1146f9d2067f2da1ccf8b52736487820
SHA512c367db6e577fd6c09802ab8aabeb2bf3ab9e8be22c866b37ef6c6c7a9a9bc226c022a62f2e831b03ac3f99c77f573dfb5d93fd6a2a94e0a6e78e8487678f5b62
-
C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\libssl-1_1-x64.dllFilesize
686KB
MD53cf9466b8a01051f9130e34442ae5ba7
SHA128c5ea6ae140ce9dba234e6939b8b1df7d0a2c70
SHA256dd36bf0d8615b4a0672351805566d61c87d73e6f742d39fa8ed9f48a1da9d844
SHA5126ad496c16ea5b96e5bd50704eb6e4916dd60adb1ec93c302812a1edc67216bd80a140e19ed4349d6d6d75626e0eb6e845665d9503893ad0227b5b11bf4f185ab
-
C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\register.jsonFilesize
1KB
MD56e03fd24e491e48ca0d30acb22708e63
SHA1b1bff7d08ac99f16fea407667c37115dd2ae6d69
SHA256e2419f093d9a1dcf2a43f51a2deabb49b10b07aa4178e368e9b4cb4a0cee90b5
SHA5123ea121907ab23268fb6c06b75b23fa895db80fd8a5ed105baf6ec4300e34493a664736873a26b3af11f9c22bdef8c05bd616c9f677c47ef010a88397019249d9
-
C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\ucrtbase.DLLFilesize
1005KB
MD5cd0d9c400d632c1f3f658efe23dec36e
SHA1ecb912c8ac768e0d3428084fa5c1e7b9f85299c1
SHA25635e9be10a819a8732c0f74f4e54f50cd08ab442f7493cda62944229f568b23b2
SHA512f3bc9d940ddea225edcbc12773f60a18d2a3eae2150ba8b343e78017e4a1c6d0de24ff8a839ab4aff6f75bafaf408232ac4878f965e00866b4cb1b4e8889471d
-
C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\unins000.exeFilesize
1.7MB
MD5a52095b8d50317a946986d041e77cb07
SHA1c8f58dca8e32fe0093b313eb73bdfeead323a052
SHA25643a76a72cd64b775918b344e86da552c6960245b5390a5b2a780bff251dadd49
SHA51202f23a0a3eae8f507fee232bdd6bac7dadbb7bfdc02d372c46b4028a4b07e8f0e315039c455701395c51fffbfd8bdecbda80d96684a595c954b7de7257d38dd2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCCFilesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_EB10CBE5F5A4C34C11B6616190391C99Filesize
727B
MD57682d787f2a9f7acb963115596c72682
SHA164b7f04f4b26a50cf5a6d7a2bda8b9164c9ff470
SHA256220d0fcf9151125a5540ab896368e97e75379859c841bc78bc1381a74f480dd9
SHA5125a9688c58fe32ca5483328afe815a8d4b8dde4c1440c569da940f6702b4cc52d3b1b0562f27e584c2c772dc091dde343515d6c4091494ea9d1955ca4e1172a4c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9096A354A7A3E42F3F619F51DB75C6B9Filesize
891B
MD56c397da40e5559b23fd641b11250de43
SHA15f3b8cf2f810b37d78b4ceec1919c37334b9c774
SHA256513b2cecb810d4cde5dd85391adfc6c2dd60d87bb736d2b521484aa47a0ebef6
SHA5120f0369b90ef4930f59bd5c0091067200828bde84ea703c1029ec5603cf4bd1084f0e7e15f370dd5554a9e310d60bd01ba54492e2e6d6301e44609033ea9edbc3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_2DC6057E0FB5565A5F9E9820511707B5Filesize
472B
MD50501c28b53dbec8b5cb7efbd3a1b3ccc
SHA134637fa559bf81823ea443254a74037e809152e9
SHA256b3f4ad9e94a5b1099826e5a9831a12544d16a1a79afedf04fc0900dbb08ae96d
SHA5128d007177593f6c6f11d484f95cebb6f9df6bff1d3ed2bc8ab55bd4aa7dae4b8d69fe19ac43c8ebad0e54d48852a76cd45dbda401f5df6f976ac8bcd73269eeaa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCCFilesize
252B
MD54015fee5fe43799a54a42dafed06d93e
SHA18210bb9ee1a92e3b712be02dccb40fa2188205a3
SHA2566877dd7f8b311e023ecdc1ea51d7b2032e4d33ba570026d277db0d6ef6c98fa9
SHA512589cc2e62c33ea30a7ab9d2f35e382bec29588d9e357f92d1dc0e70e4644d5d1ec7d0b4f4629f9b0fe0ba02c5d3ada4467f40bd1118066ecc7de9151770b36ee
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_EB10CBE5F5A4C34C11B6616190391C99Filesize
408B
MD52f27d275845ef5ec030642cdf4fd87e7
SHA1ab676731317e5e322ac7ce90176fdd6ed29586a6
SHA25681aeb860a8540a9450352d450c60342e61baedafbc6475c6ec864b23af741518
SHA512c1791627a09432ba8eeba2b6462e82f8b7b3fb6295ea731ef81e861dcf0f34055e85244ee8064c3d1ed1800d3b1f0412c8d35d5ae04a8c59f3f8bde4a0503ed7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9096A354A7A3E42F3F619F51DB75C6B9Filesize
282B
MD5dff4845c6667bef3b5b120e59f8080e3
SHA16c60c671cde425563f10a5f4db5dfc0126b24180
SHA256342efb26f4233941fbb934a38ec07398c8423e76c97743227f2b5a647fdb4e70
SHA512112f0dc57ba9aeff2d6538e59aaa622e0ded84de90a254275951c1af47662da8462a413c243e2e686ff6e623f969dfcffead087613beff4909a26a84b1d490c1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5e28b20b41f9e9a87854cc41ee8fb0baa
SHA1ae4111d4f10ba67891994c0737cee6b5cf3f51a2
SHA256eae6416318eca9e492ac372fff29b0ce642bc170c90fb5ccfb3f88b7585f5489
SHA512d561925a17b50cf2eda30658ed86ece8d1882e7cd14d06df65d7d02361b42af75969ac6d44318c287b01ba241ebe7c46eb87f778336c9ef0b57d0f7bd3cdb771
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD53a95681e1344c8fb4296e2553f77cc94
SHA126f4c4c5c34ae42b0fdf925f6a9f7b6e3ead8c57
SHA2568cdb958d117c1a3b399bd49bfe18f71b2ab891acf5dc86bd39f6f3b446401efd
SHA512b85c4fbc9be9def66022c4f1657ac37d7c2bf6450ddbe6311ee49e308822764bf7732ecea56a2cec2564c4286200787b9da05169d3e60380745820cef4d50aab
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD53207e375bcabb76fd7857d3dbd4b3396
SHA14a1461cbd345a392124594a23bb4c445245d464a
SHA256656a975ba16e58564f966617bdfacd9d9df8e9772237750787cd6741c667629a
SHA512c0d1314b23b57c5a2acb7c84ed902ff554050f489b0aff6bb8ce80d856472bb472d9ab8de6b80932c5c81110c0634feee1d6f3741a97ebe0600bc58d44437462
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD58e64af2e7521437ba74261f97311e8b7
SHA1b4cdd13c3d946821d0ee1a2031752174f0ee40d5
SHA256b6a65650c5da75a78c5ee35eab00da058085a7d5af712cda01a62a0003e32d44
SHA512f1de4e89e037217ebe3ccf74293159337a33059dfb3b53e876fa741918138cab5e78e88abc28eb731bb2f77a901e819c43b8e48e3173452b754c8e3b56b6b810
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD551b82b56afe45d61e967130e53c40869
SHA10a73de98a0333296edf3b27df0192634208b96a9
SHA256b4b893731f6f0cd844c21586789e2ca0cba4103c315853f9766c6ed6f3795242
SHA512829a6863407102b8f806f17e7196bb78e500ed180e0ecf9b314988226106f28787ac75810066f89baf0a876d57d545f7011c1944d020c5d0986eca2592a2d864
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD527af6bf376a230dc0f08d824ea1a3e5b
SHA1df0fde00512ecd8c5fe5ae85428a968b46d2db42
SHA25664bf4a84f8c8ca2ee440b21c061ba8610bc1922d8d201e247593ca56b1e70e34
SHA512f99e298a26aad135d7c61e08442ea9478652279cb65b38d86172f1fba8891e68230b6bc3a60bad784ffcfa9c3fba66248825c1663788a037b5adc544d33da481
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5263724214c48bc2fe523f78a1920eb0b
SHA1746668be0d4ad0d0bb56ef0f9b1e272af6c5e74b
SHA2560e13111bf1ebe3704e3d9abe336878729572fa9620d0b0060b813b24f3b07c68
SHA5123e3981ace23f61509731424e473e6eea5643e3a2a943a1551193f07f7a54a6c327c4a14e6c223e3087cd3bbb420afd199f353cc15f456381c415a7559f24c84c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD50947667579fc9c788e83d43eeb099e22
SHA1a75a7e537789bed3f3c3b3868044a365d52ffba2
SHA256a7ef74052d9647ecfa299860070eaf4f269f47f50f65240bd3252293f18c2be0
SHA512fce3f998d943111be907094a6272464d76659422a32dff665859a761228dba5bf1c6a24711da1f09cd8d8c05cf420b4800268ff3b7cb9d76e42dbc4a5efe45d5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD570050fa48c6a8c843bc15727cfa53eb8
SHA13a6f5a7e4c09f9a8265e4a4fdb6f7f5fe5f3a84e
SHA256b8b843dcc0b05c8c0e4d4b83c25bab2db3ef7fb516c44fe4d47736dac412a566
SHA5126aa5028b5de88ea0dbb50bae1548dd1db6fdf099a258f13074785dcdca896d1a10038b3af44038b4fe5dfb7e48eb5f5a81ac2e5c9734aaf044496c3743db714b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5a3a85998f5e93f50c8049e1d4dbb80cc
SHA10bd86ecf9377d607f00614804615cd0eb41b033c
SHA25615c9414fdad85a056eeec5f342e659865fc10ba544ab2f3530bdec8d7166cac9
SHA5121ea7dc9c8b42f2d62430a8fff747f5565d7c7b73a00768d865a35b95a4fc4f068c5b8a22102dbf73674d4d7740372c46229209429979bb4fe33f363df5115fd8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5e0b6457474f03f4b92422ca954f2751a
SHA15a1bc55a98a9f7d54272ed72dadc276af3560616
SHA256c341791cdcf14457c21bd90828b4e42c4a11aaf82d6b1e4da1ad68279bafb134
SHA512bcb2c9c6c8b64b28ef2693d9211824f51a432aae0b0c86393ac7c9aa2c868519cf9dc44458bb475d109f9ca88eaba17518b775291ad13be191f895ef73472ddc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5a5016e9830ada706009c646229af7e7d
SHA1dd8921d0d98f5fe93c282cb153b608e64c4d5026
SHA256ee8027ed8d97b74e17016bd156acc132607faa1fa68e4bf763af377838a7b881
SHA512e1bfe88705bdb098c8390514ccb64ba8443120f44fe31e365a73a920c08f1abe3e65c1d7ac5ff7a7d1afc6c82f13445f36024f916f33ba35d1eb6b2b6f09416b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD566e431be83b355e29b12e9600bcdec4e
SHA1c46f5d713d14c3283ede8f3476aa06dd5dd359fa
SHA256e896e081d742b3fccee395761ef7d9fc31acfe2aaa5564c37709dc394727f30e
SHA512303da871f7d0f2716125691467453fb5507446eecee42fb79ff8e56fe7b724b266552b05f3969a2e96b04813f930c9c6aa563fced0771df4d82f584cb5755b03
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5a3fccc8a56a539399866554805c593bf
SHA1321f30fd5452c457510b436434ea678631eee207
SHA256c61822ab5d6468a66254a0de406b41c167fc0705e635eed9d1266a1d783a15ed
SHA5128d60465b0cd14e64955ef8c078b8ec21792975e95f5d6423f5c6d07d64926235da90c75725f431e9ad2158e99b6c799e81b0f4abb021ed8f93b122a671925015
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5d93b08afc5541b0c1603bcb6fb8c89f8
SHA1774e9ae1e13a9678855b98cd2233da105bb04a06
SHA256ef4cfe61d0da0dab7cbc02e67dc5b6f05275c881640af2b2842d800b2479d4f0
SHA5125a9dfb64f695a896de5f792ff01a0f2adf25239a55eb9d362327d9d8ec8b56fce02eb50b86f0a640c93258bfac84fe1f253a00d97c44e4a4c593dfbc11ef1bf5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5c4ba6eb730b71c6674270b315701561e
SHA1ed0b75e5d024e7ea21e9cadf1cd8690b33bb86b1
SHA256f35eba2b619a3f619fd2f666768a33ade140349b2442cd322e00364d0d657049
SHA512fad5c44a0064a60b13215189d3dee314ad9df45d1deceabf5f4198ac8f51c8cc7c1193d7292ea75c2d25d54f6f6b1ac70bbbd5d802ecee0fc68d6f431ecd9053
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5ea5b174be8b27a64be67a9c28d42ccb7
SHA11f184291b8dca6704f48a691f7d9e09bfb02a7ca
SHA25642c07157f28e9b5a911b2d32b04c119d44e7519e8ff618a429b4c54ebdba8822
SHA51278d33c7a1302c13d58c077c429a442c6e0e84dff9221608ff6a8086bb562e31cb67fde6dd95bcd34d9faa4aaecf8a855ef2807e452f3542a2f310515983bd16f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD54dcfe7d1f689003f4648233e0d18676d
SHA1fa9d8a18f0e4082f6207033fe606e50423c88baf
SHA2561b2ea6e56bb05ac2096a4c596e0420d1abc8c096cdc75fc2d3f0cb20cd079d6c
SHA512cec78f74636b0d125180e624cdac97e9c2595d76b359743ab6f59b11f22b30fb444527a4d03b035ddf09cb5f8ddcfc9a44fa4589ea88bb9857d186797b7a8646
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5f8a8b1c8289333ba4d92ef8252b27fb0
SHA1597ebc88759d43d6e8b9cd1b4bccf5f579d00fcd
SHA25622fe68575d0397f3ad80c36099e008339fde566fea29580f22c395aefe799303
SHA5123b010963c8db2690e4c22b9fe2d67206c524d8bc42c4a347f99c7835d60fe1deced8e67e13fde119668ea38147a8f2cfbcb5543af50ec9b7be9dd73e388e08cd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5fe25301bb4f0e04c72be15cea4a676bc
SHA1c4bab19baa1f3f25a7f01598000569c873b019cb
SHA2564eebf13e990d3b634354c49e038505dbec09c672395cf127e18331cdcf8684f0
SHA5127b8a10c923385300460d127e8c94212591211c37533125058ae6277b6c9a25bf72b31d92945136ed454c11095ec8bf3fd805f2bde70130f0bcef91daf532f98e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5fff8ef51320cece16ee3c7cfacf34e25
SHA1f9b9c6a694ef57144036837474ff718c12857fe5
SHA256a168851a1bcf1dd937b3f7c6b8f66ad41c309698c1333a6351c642739a6f76fe
SHA512d53fccb1ea1c6b4299c40286bddb9fb99bc8c0f57960be1e3c09b9d62208dfd9aeb2eaa45b31cbfc1987da3f70684fbebd56dc933774f00588c15ccd59768460
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD552cdc20978326b890fe902285e0128d1
SHA1d9e90517511a70df23a91e8956c96c4a9b5ecca7
SHA2569e2771d99e930e9d06f1372092b840a8f54703e52f838b4cf75d53dd36e82ad0
SHA5128aefe228c6c180178d1fd675651b0bad90bd7b9621cf95fabde4f882a1698dae9667107b87f2562bca3a102586c9b7a94871c47e964f309609c8fc58b2e4e2de
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5e8c0c84caba9df12eb18f923d919b4ce
SHA19f094e43c34192b374bbbb0b38d185ecea60ac04
SHA256e649a8278234d306cc4d706e7f2c5972334e6e206a8d0c3a5d4f07b4b09a1f30
SHA512614c78c8fb7c85b6f02bcc970fc48ff13ea4327650b903f0715f864ea0e34901ff8e09a5de29e28c9e6ac9aca4667346c424bc7198a33ca50e7fc926e0535268
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5bb998cd5477b04c411b8fd961853ba0d
SHA1840bd333cf81477c51d3345ab7be83bcdab546ea
SHA256b8d1c5f150f4e97a8294ac32471f9e108c17aa8a5e89ee7461a880b3ded2a7b8
SHA5124fcaf14bf036703d1db5bc076a0a95e4846ea98441e5a7c48b750f8ef97b86e84a2dc684826d5769b101577fa2ee56175e5386eb3854ace0d3eac658b801d85f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD50d9eb06ea2750b1b8a4d0cc3d1599107
SHA1c51ec0c9ec216933d053c6273ea9620003340772
SHA2560ca16e3e7cd107eced2acc2b72ac11be10cd2f5e4f680008ba3319c8744cb757
SHA512d0b15558595e3b87bbaa3b170d35309aa3e4d86cdbba447f10e8cf80cf337fbf52c4b84ab10a7f7a193e5fe6950344a8a16f421cf2a7d76d9e7ce05624b9b885
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5326484584fad27daee1e95e6f0eeaadd
SHA152be40be5cf08067c0ea34723c72f5d55b5387ed
SHA25622a9886bc1755dbf1d2d80d8c644359ab757e4db56c09fca0765be5e85639dd1
SHA512f7a7af17039fe0db6497e5abe647fa64972af2c6c99d0c0dfa5fa6128eed5ec2238a7b660fee8b2d5a8e9ba730f882d13c4ae972058953fc7207f500d750d9dc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5cba17020a5c364bff011dbd74461f59f
SHA1120f742d076f3fe368dc1465d6d4ae91799525e2
SHA256a31dd496a26b1b02a82eb2452a8771f83d2ca7f6ab00ed9e5d0e0c2776c97bc7
SHA512e2c7b0e7fb8f221be584d761e1687592dc54664309b50f8b7ebe306189217c2530dfadcb59129f44d9ee65f39e46618cb77030b1f480b674b3e8bb021af2a29f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD561b24eca391def9a7dcc54807af29c80
SHA1554b9f5480ca3af4eb61343a628718cee57fde44
SHA256abf1d1586fc735ea72971b5247df210f8cdb4c8ba2a9cb40ae1938ce6cc2e1d5
SHA5126c130ca55a6098108c45607e5bb89d28430cd3ec8d6cb84e30bcbee8c8a819e4004ec2846711f1a7e51acf970b34225d5e7051a6f3696fb057bd0a4893c2267a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5d96223f0cc7287109e0683a397f0bdb4
SHA1e2005f6174fab6bfa93a0eb796ad3932794f8940
SHA256fd1614a92729bc873bf40d00f434f4b1755382718343b36f6f3623dc747ace4f
SHA5120bf091a51923830ca9788571bc2f43f9b3e3acee85ff9250761b97366ddbd28b4a2113f40ff8f94fac35962ccf5af99026fa26d5f104493b73324777ba2c32dd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD589ef6e1a22243e775e88179767378398
SHA17ad3d5b3a0bbafe1ba427d2b1fd3a32daed616f8
SHA2567b3bc5ec73bc051b2b338349c67bf3a2d050244d5c985372671a5e4b900bea68
SHA512b804e39cd5b9c54c91d0de6d65ad154df41ff3654a61051dc2ddda3e1fc6b1d77f36ce5b951e8f697b8b6c2ee6c9a956887b4cf6d237ccdf47c9ed7fca1e68f3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD54e938c28a7f41766a8e4893822d721cb
SHA11165d6b4d08d0d86c456368615bdd4aede628d7a
SHA2564a2f5808aa60fd5aa1901488b83296253ab7bc8cf0218979ccb4cdc6d0a4e50c
SHA512790e6bd28d318c056cbfcaefd17bcacd4bd286f4b2bf3e8ddec0e8a72f0ebc2c43556d0980f592a788a1f7dcc8e6109658baf4716b99da6dfe6a0fbab57186e7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD532335bd076af63c16296445ae4c576b7
SHA1e5f2eff46a9b7da5bdb07ebd67b41769311ef3b1
SHA256ba3345a74a30bc384acd941e98d067a0f80f34d802c34990fed8a0811febe729
SHA512b8df9d1fa98a66452fb7d0fd25ee55ce378dee3b6e89f610c15e5529681085e5d996f5155fa84ea320134e7462aedb3739cb74c6e71dcfcf2aa515313499089a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD57993ab62a048309bad6830a4441a6eda
SHA137dcc41a29770a005616d2bbd37cc942e06f0dd1
SHA256acf65b36956b80ce72a4207cf5221d86d9835d5a25c660a393902abb964fcdb3
SHA5124729c0fe27ad7184bacc744c5fbcea79b0e7a12164df941e16b3fb6d455f2199d6be37bf76bca87d460be78984ebb7178b932a37b3f4d740132e92d1fbe831ee
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5ebfe72198e05113955a7473bdb81e3c8
SHA1cbe3c80ec46a0e882ee38cce47d7ef36ca04c0a8
SHA256907d844e1c59748e9f1be0d3e0fbf8a5ea7d62deb16ce179df21f21fffa1f225
SHA51258fd4d652a475d2abcc93eaed67c895e96c44436cb1047b6d69d6e5e209a53d6dc6f2abfe65fd0cc09048926302a0ea6bc98437732e43c0ac32d9cfd868d9b89
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
344B
MD5680c1bf8de89a256c89dc50b1b0a9445
SHA18fb3399e46d8fc6811f3c14ee3dacf887b32ab14
SHA2567c87714263907ac78af995ccfa187c7735b3e2eae3832bbbbc960e9cdcd754d1
SHA51234efdea0c6bfb904c99d5dc292f7ee1b6dcce6d0b1d8d1009bd2e03180d62e4fd2c06adf8ecf833d043f032b3aea3eed585b03ddb243de6a186c9a4c665bc59e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_2DC6057E0FB5565A5F9E9820511707B5Filesize
406B
MD57f5bee83d351e91965597cc7ced94227
SHA1b416c3d305b72df45a11df8d4b28cd5f50f17efb
SHA25645f3318740754e5a9efcf37755f506921d56ad9cfc46b3b15ab018f524e9ad10
SHA512906aba0ab311a4e2f58b4e3ef898d154f28a6aea668028a748826bcb94c8a19e76488804312a332af76c1c75461bcf3889025680c02cbc8b1acee325754f9f65
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WQGVC737\logo[1].icoFilesize
4KB
MD5548fdd65c4b501d9e0d86af7692594d5
SHA1196fc49f056d2d7a6272edc66f53bd68bb2fe9c3
SHA256453c0bb0959e515c6cdfd511f142c4c1ccc98a50c75d0c6566b6ab75bc2509e3
SHA5129b7f4eefecb6e782c6c7b2938a5fe11f8f36f43cffb2b34636bebfaff634ffc3cc6dfbc7a277fd3fd78c5924d0984ecbdcdbcb38ffedefdf97c1482588bc5c47
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZDJKTMWH\scanning[1].htmFilesize
243B
MD57dca750de21729047957ec90a19e91a0
SHA103168ac553accfa33ff64748108e62d950bf7ca3
SHA25674b35cfdecdda44e79da83f5a2900cf05399c69079045bcaef644f7a23c68dac
SHA51233c7962fb98a7a28310b17db1444ed80c75b68a53605390e8c4a1e11ef542c29f3e6ce7cc5fe269ff1011cea3f99f3123ef5e8a9ea2069cba71114e1475f91e1
-
C:\Users\Admin\AppData\Local\Temp\AnyDataRecovery_4ddignet\AnyDataRecovery_4ddignet_9.8.6.exeFilesize
145.2MB
MD51838391af2210f0e58d5f5c2382a33e3
SHA1036d94e52c49aa65408af149e2c9bad2a726254f
SHA25608429359ff5971c751f2d8bd351a1df18fb8e2e7c62e8ed89c1417766d9a8670
SHA512eda983b2c17b1796c1e21ed17ff4701bc11957a079ed284bfc690504df3bfb26b9aca608ca2ff54a5d033add514b557e22f5281ad2a6738df8b21d046e9e036c
-
C:\Users\Admin\AppData\Local\Temp\AnyDataRecovery_4ddignet\AnyDataRecovery_4ddignet_9.8.6.exeFilesize
145.2MB
MD51838391af2210f0e58d5f5c2382a33e3
SHA1036d94e52c49aa65408af149e2c9bad2a726254f
SHA25608429359ff5971c751f2d8bd351a1df18fb8e2e7c62e8ed89c1417766d9a8670
SHA512eda983b2c17b1796c1e21ed17ff4701bc11957a079ed284bfc690504df3bfb26b9aca608ca2ff54a5d033add514b557e22f5281ad2a6738df8b21d046e9e036c
-
C:\Users\Admin\AppData\Local\Temp\AnyDataRecovery_4ddignet\AnyDataRecovery_4ddignet_9.8.6.exeFilesize
145.2MB
MD51838391af2210f0e58d5f5c2382a33e3
SHA1036d94e52c49aa65408af149e2c9bad2a726254f
SHA25608429359ff5971c751f2d8bd351a1df18fb8e2e7c62e8ed89c1417766d9a8670
SHA512eda983b2c17b1796c1e21ed17ff4701bc11957a079ed284bfc690504df3bfb26b9aca608ca2ff54a5d033add514b557e22f5281ad2a6738df8b21d046e9e036c
-
C:\Users\Admin\AppData\Local\Temp\Tar5B60.tmpFilesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06
-
C:\Users\Admin\AppData\Local\Temp\b0494a1f-4bd3-AwEQqIi5npItE6o+RvKOKw==\RegisterAndLog.dllFilesize
1.2MB
MD50a992baa557f41db1f1d0a1e475b63c3
SHA1b1db96aa897540015960e0a6cfc3b5da6f4cefe7
SHA256340fd8215c5d24825dac2e00bf517a15376160af2258aa7129daf6ab9b7efa68
SHA5129a879421d9355184b9f70dcfaac6531d551ed7eca25eac2fedf5f7af72e52a0594249186fe13f972f97ceca59681a28062809b9dad1b157151d9fa7fcea6d9ce
-
C:\Users\Admin\AppData\Local\Temp\is-HG0CT.tmp\AnyDataRecovery_4ddignet_9.8.6.tmpFilesize
1.7MB
MD5a52095b8d50317a946986d041e77cb07
SHA1c8f58dca8e32fe0093b313eb73bdfeead323a052
SHA25643a76a72cd64b775918b344e86da552c6960245b5390a5b2a780bff251dadd49
SHA51202f23a0a3eae8f507fee232bdd6bac7dadbb7bfdc02d372c46b4028a4b07e8f0e315039c455701395c51fffbfd8bdecbda80d96684a595c954b7de7257d38dd2
-
C:\Users\Admin\AppData\Local\Temp\is-HG0CT.tmp\AnyDataRecovery_4ddignet_9.8.6.tmpFilesize
1.7MB
MD5a52095b8d50317a946986d041e77cb07
SHA1c8f58dca8e32fe0093b313eb73bdfeead323a052
SHA25643a76a72cd64b775918b344e86da552c6960245b5390a5b2a780bff251dadd49
SHA51202f23a0a3eae8f507fee232bdd6bac7dadbb7bfdc02d372c46b4028a4b07e8f0e315039c455701395c51fffbfd8bdecbda80d96684a595c954b7de7257d38dd2
-
\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\AgentSupportCLR.dllFilesize
1.3MB
MD512fdc710445dc5deb6cee86eeb7b5428
SHA1be4aa49d3f2833b011983a3c399ecf1a0d5d837e
SHA256f5334f72278242ffa8b694ab2d252747b88003f8123b6b9f32c7f3d00318ec3f
SHA5124fc2cca25d1babbf23ac0613178b7875279379dc0ba263042118f2fc8d3b9514bebadf6c9f6165d782035df4bb06edab8c4de34d3bfbd52472896148e783dd99
-
\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\AgentSupportCLR.dllFilesize
1.3MB
MD512fdc710445dc5deb6cee86eeb7b5428
SHA1be4aa49d3f2833b011983a3c399ecf1a0d5d837e
SHA256f5334f72278242ffa8b694ab2d252747b88003f8123b6b9f32c7f3d00318ec3f
SHA5124fc2cca25d1babbf23ac0613178b7875279379dc0ba263042118f2fc8d3b9514bebadf6c9f6165d782035df4bb06edab8c4de34d3bfbd52472896148e783dd99
-
\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\AgentSupportCLR.dllFilesize
1.3MB
MD512fdc710445dc5deb6cee86eeb7b5428
SHA1be4aa49d3f2833b011983a3c399ecf1a0d5d837e
SHA256f5334f72278242ffa8b694ab2d252747b88003f8123b6b9f32c7f3d00318ec3f
SHA5124fc2cca25d1babbf23ac0613178b7875279379dc0ba263042118f2fc8d3b9514bebadf6c9f6165d782035df4bb06edab8c4de34d3bfbd52472896148e783dd99
-
\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\AnyDataRecoverySDK.dllFilesize
3.8MB
MD5a57f8cc2f0673030595fcb78257a313c
SHA14ae6bf256ed2aecb39173e17b916a79673238950
SHA25619f858210cc5d8e820ddced225b80df9aa60fc9a2c3610e07b7df4ceec0b886b
SHA512d1f3cdabb643b1a14ecd64439d94f6f6904b90455a18b0199188ccc1fbc19aa0a79fbcd14343c3386146c21b32394b191e27a97878fd554c453915da53a107e5
-
\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\AnyDataRecoverySDK.dllFilesize
3.8MB
MD5a57f8cc2f0673030595fcb78257a313c
SHA14ae6bf256ed2aecb39173e17b916a79673238950
SHA25619f858210cc5d8e820ddced225b80df9aa60fc9a2c3610e07b7df4ceec0b886b
SHA512d1f3cdabb643b1a14ecd64439d94f6f6904b90455a18b0199188ccc1fbc19aa0a79fbcd14343c3386146c21b32394b191e27a97878fd554c453915da53a107e5
-
\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\FileReport.dllFilesize
115KB
MD5a6f9e692b28aeb0e12a7574f9cfd2173
SHA14ffa8f0ee2da68c533b77edda2033d7ec3f9489e
SHA256bd42b3f785f0e8c2655602e7f2e820429ae8e19b9f976e104846ad2c005b8a08
SHA5121f89d0a0d7166b6e1801e0327c0e970e515c134d819f99f856bf755a4503f968c50be980b953bc216ecd1aaff3f42ec9cf99179fd2d89685f1bcccb91a823d41
-
\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\NetFrameCheck.exeFilesize
5.2MB
MD534ab42a6036368ec8aa358847036ba62
SHA16f7fa2a1ee4718cb3d2ae4b15f568ad108d8449a
SHA2561293e8af244c9cf358f41134ca427144e9ec533b5ef4fcaa6af2626f46384398
SHA512764c72f585b9e6dcaa8be7f943a8537d0964b0b569a3e0d77a6e9f5513205e0b738d164c9f3cae294efe41680bfd8108f9de9615e76a428b0f1d42b77fc39638
-
\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\NetFrameCheck.exeFilesize
5.2MB
MD534ab42a6036368ec8aa358847036ba62
SHA16f7fa2a1ee4718cb3d2ae4b15f568ad108d8449a
SHA2561293e8af244c9cf358f41134ca427144e9ec533b5ef4fcaa6af2626f46384398
SHA512764c72f585b9e6dcaa8be7f943a8537d0964b0b569a3e0d77a6e9f5513205e0b738d164c9f3cae294efe41680bfd8108f9de9615e76a428b0f1d42b77fc39638
-
\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\Register.dllFilesize
431KB
MD556cb0314ca2406b1864392dc76a4e11f
SHA1491d3faa9af17a378b6217ff4196feaf41ea82e3
SHA2565909fca39470bc6a2b21793db63f5cd937ac999fdcd6f01ab58fbe8d9b3a4021
SHA512a9bf0ad78bb51ccb07bbb42ca2586ffd6b73ffd3b56bf43f9b6c94573ad88c347b832be8365d4358babcea2b7294405b779e40c648a997bec0b7681849dd6470
-
\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\SoftwareLog.dllFilesize
1.5MB
MD55e25c610f4114df2f3867f8580367d5c
SHA130ca5f66ff1906451d91adf754ab1fa155ebcf29
SHA2568c29ab024d533103ffac98fd07279e121a95877a9ebdee14167c8f8478b3786e
SHA51258a1192c37acf9bba14704de7f743b3c7bd0f485f0dc6f1a2ae2039428d972bbcee73c99ac4a12dbdd140282ac5e9248583b8b749051b8c37f51d4a25ec6ad4f
-
\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\Tenorshare 4DDiG.exeFilesize
7.8MB
MD5e22fa2e084bac4c902ffacdcb29d5363
SHA18eb4958b327accbca78773799ab1792d444fdab2
SHA256df30e2cb83fee1ae544f08381d38ab18fc27e55f5dff3ab2435860fe81e6c4cb
SHA512e965d40088247ad291c6fd82724f2bf2201642c4ca62e8802e46beb1500de3544407ce21b8eb65064d0b8e81f645d1af9394346769d75403c58ca9f25fb90f4b
-
\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\api-ms-win-core-file-l1-2-0.dllFilesize
23KB
MD587f8234f6ab37ef9985c380076129997
SHA15d813c37af868e885bc50ffb74d3574b7d8918db
SHA2565d194127f895183c904af1b7d96e1503b497cae8eb2b81f713eda4298d8aa442
SHA512c0c529a7e3cc656b14bf3cc29f488df20f8b36c0018ebde46835e510d0dded9a880cba4b4b846741ecca16d6a7253ebb66c83c11467e53385da28f554833bd7e
-
\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\api-ms-win-core-file-l2-1-0.dllFilesize
23KB
MD59fedbd0bf2204a5511283309b29bd458
SHA112a3694c0d0f6733dacc02b508ce2bb164770e18
SHA256758b860dc5bdc99f3cfab6a46506ec31065aebcab3c0c0447b020fd2d23122b8
SHA512735a799fe69effa0142c38c70658922b362541400fabd5d9045c4098d0f74be9143b7795fe10301d0e26a8fe3a98ed575144c1c094cfb24debd2b2ba6bd34000
-
\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\api-ms-win-core-localization-l1-2-0.dllFilesize
25KB
MD54a3ebd07fdc78e2a030f6aa997c3f9cc
SHA1aef087f987837bc52e0f85da301afd4b75fbdff7
SHA2564e37247f5b5aeff7648ee15d6ed0bbae687162cbd3b24800bf5e80fdb9e3996d
SHA5124d6fa5ef9af667740eebbc0d7d8d92d93d4474bed57f1fea5571808f2dc2309e2d04916ab007b14b1d20c545a5e05f346ba2074ec16fb561416e10f8a834f0b5
-
\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\api-ms-win-core-processthreads-l1-1-1.dllFilesize
23KB
MD5e14b5de248621182b11e9023045d65b7
SHA1f7810386dd9115505de3b9966bd50880a0de34ab
SHA256c39d7871504c9dccb38bd56108104e972c41d90a83ac1a8f8785f7cd5d5dfd14
SHA512e59e2ad6b0ccf515d3f46eca324a5d73539eb4143f12d4c3966adb65a1d9c144cc47cdfca8bfe343b93e7715cfd35d1d11be0a5d326edf5f088e1b5832863c7f
-
\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\api-ms-win-core-synch-l1-2-0.dllFilesize
23KB
MD56c7c7477f8afd715970dff51ed3a1ae3
SHA1af4f39eed94fef32ca0e0238bba58ee2e3963baf
SHA256aa8fc2c99aa62777e559edc737ecfed8ac9f57f840c3dc50cf31d50cf0c88cfd
SHA512dc72c2d4020a7927ceb1b145d61cb16ce38d168a466306363fd406d474f69ae4840e4ec82739ca1e86d43e45b7bab830c0bdb29034be59d27e3f624fe967dad8
-
\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\api-ms-win-core-timezone-l1-1-0.dllFilesize
23KB
MD52c66fe517f6e140a7d85a2bbb4c3d28f
SHA1321e66dfdb9adb20392aaa7787c21f4390b7694c
SHA25606f3eec0d271236d5e84d6fd6fc2919d6c98ad316dc6d92fc85e7b1ce5f26cdf
SHA512d12d679b31223b2752dcb34d965ef29010bb0d6880eadbfaec8c68042c7d7024f2f44f9a94be0dba5a45d013d36d1d41651fb21ebbe3c8d7a19861a7592b61b5
-
\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\libcrypto-1_1-x64.dllFilesize
3.3MB
MD5f3f33a9ff10b51626479b9326d41f599
SHA193c8dac3a5fc214c1680e05a02f52efc5f347f79
SHA256400bb0fcaa69754d46ff5e4c49963c9a4d3df3182fe6a140c00b47d73d5ae59f
SHA5126cc51593b4c6a6ac1b3d0052c9b402ec89e4e1801a3585864d0b77ac5ce6bf7ae3a681d1877b7286f59f5af7a604e57a9a2a1363d249f7be452b6d4992503fbc
-
\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\libcurl.dllFilesize
552KB
MD5c2771fe26a76ef19e040582c5f925c0f
SHA1c9d1def9ae1d3eba1fe3249636f3af1f2f5e0d8e
SHA256f08841959d88dcf5f23942ce799e77aa1146f9d2067f2da1ccf8b52736487820
SHA512c367db6e577fd6c09802ab8aabeb2bf3ab9e8be22c866b37ef6c6c7a9a9bc226c022a62f2e831b03ac3f99c77f573dfb5d93fd6a2a94e0a6e78e8487678f5b62
-
\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\libssl-1_1-x64.dllFilesize
686KB
MD53cf9466b8a01051f9130e34442ae5ba7
SHA128c5ea6ae140ce9dba234e6939b8b1df7d0a2c70
SHA256dd36bf0d8615b4a0672351805566d61c87d73e6f742d39fa8ed9f48a1da9d844
SHA5126ad496c16ea5b96e5bd50704eb6e4916dd60adb1ec93c302812a1edc67216bd80a140e19ed4349d6d6d75626e0eb6e845665d9503893ad0227b5b11bf4f185ab
-
\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\ucrtbase.dllFilesize
1005KB
MD5cd0d9c400d632c1f3f658efe23dec36e
SHA1ecb912c8ac768e0d3428084fa5c1e7b9f85299c1
SHA25635e9be10a819a8732c0f74f4e54f50cd08ab442f7493cda62944229f568b23b2
SHA512f3bc9d940ddea225edcbc12773f60a18d2a3eae2150ba8b343e78017e4a1c6d0de24ff8a839ab4aff6f75bafaf408232ac4878f965e00866b4cb1b4e8889471d
-
\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\unins000.exeFilesize
1.7MB
MD5a52095b8d50317a946986d041e77cb07
SHA1c8f58dca8e32fe0093b313eb73bdfeead323a052
SHA25643a76a72cd64b775918b344e86da552c6960245b5390a5b2a780bff251dadd49
SHA51202f23a0a3eae8f507fee232bdd6bac7dadbb7bfdc02d372c46b4028a4b07e8f0e315039c455701395c51fffbfd8bdecbda80d96684a595c954b7de7257d38dd2
-
\Users\Admin\AppData\Local\Temp\AnyDataRecovery_4ddignet\AnyDataRecovery_4ddignet_9.8.6.exeFilesize
145.2MB
MD51838391af2210f0e58d5f5c2382a33e3
SHA1036d94e52c49aa65408af149e2c9bad2a726254f
SHA25608429359ff5971c751f2d8bd351a1df18fb8e2e7c62e8ed89c1417766d9a8670
SHA512eda983b2c17b1796c1e21ed17ff4701bc11957a079ed284bfc690504df3bfb26b9aca608ca2ff54a5d033add514b557e22f5281ad2a6738df8b21d046e9e036c
-
\Users\Admin\AppData\Local\Temp\b0494a1f-4bd3-AwEQqIi5npItE6o+RvKOKw==\RegisterAndLog.dllFilesize
1.2MB
MD50a992baa557f41db1f1d0a1e475b63c3
SHA1b1db96aa897540015960e0a6cfc3b5da6f4cefe7
SHA256340fd8215c5d24825dac2e00bf517a15376160af2258aa7129daf6ab9b7efa68
SHA5129a879421d9355184b9f70dcfaac6531d551ed7eca25eac2fedf5f7af72e52a0594249186fe13f972f97ceca59681a28062809b9dad1b157151d9fa7fcea6d9ce
-
\Users\Admin\AppData\Local\Temp\b0494a1f-4bd3-AwEQqIi5npItE6o+RvKOKw==\RegisterAndLog.dllFilesize
1.2MB
MD50a992baa557f41db1f1d0a1e475b63c3
SHA1b1db96aa897540015960e0a6cfc3b5da6f4cefe7
SHA256340fd8215c5d24825dac2e00bf517a15376160af2258aa7129daf6ab9b7efa68
SHA5129a879421d9355184b9f70dcfaac6531d551ed7eca25eac2fedf5f7af72e52a0594249186fe13f972f97ceca59681a28062809b9dad1b157151d9fa7fcea6d9ce
-
\Users\Admin\AppData\Local\Temp\b0494a1f-4bd3-AwEQqIi5npItE6o+RvKOKw==\RegisterAndLog.dllFilesize
1.2MB
MD50a992baa557f41db1f1d0a1e475b63c3
SHA1b1db96aa897540015960e0a6cfc3b5da6f4cefe7
SHA256340fd8215c5d24825dac2e00bf517a15376160af2258aa7129daf6ab9b7efa68
SHA5129a879421d9355184b9f70dcfaac6531d551ed7eca25eac2fedf5f7af72e52a0594249186fe13f972f97ceca59681a28062809b9dad1b157151d9fa7fcea6d9ce
-
\Users\Admin\AppData\Local\Temp\is-HG0CT.tmp\AnyDataRecovery_4ddignet_9.8.6.tmpFilesize
1.7MB
MD5a52095b8d50317a946986d041e77cb07
SHA1c8f58dca8e32fe0093b313eb73bdfeead323a052
SHA25643a76a72cd64b775918b344e86da552c6960245b5390a5b2a780bff251dadd49
SHA51202f23a0a3eae8f507fee232bdd6bac7dadbb7bfdc02d372c46b4028a4b07e8f0e315039c455701395c51fffbfd8bdecbda80d96684a595c954b7de7257d38dd2
-
memory/1060-1132-0x000000001D210000-0x000000001D224000-memory.dmpFilesize
80KB
-
memory/1060-2940-0x000000001AF30000-0x000000001AF3A000-memory.dmpFilesize
40KB
-
memory/1060-1125-0x000000001B6A0000-0x000000001B720000-memory.dmpFilesize
512KB
-
memory/1060-1127-0x000000001DA50000-0x000000001DB50000-memory.dmpFilesize
1024KB
-
memory/1060-1128-0x000000001CAA0000-0x000000001CAA1000-memory.dmpFilesize
4KB
-
memory/1060-1131-0x000000001DDA0000-0x000000001DE5C000-memory.dmpFilesize
752KB
-
memory/1060-1130-0x000000001D7E0000-0x000000001D82C000-memory.dmpFilesize
304KB
-
memory/1060-3561-0x000000001B6A0000-0x000000001B720000-memory.dmpFilesize
512KB
-
memory/1060-1133-0x000000001E370000-0x000000001E422000-memory.dmpFilesize
712KB
-
memory/1060-3532-0x000000001DA50000-0x000000001DB50000-memory.dmpFilesize
1024KB
-
memory/1060-1136-0x000000001E090000-0x000000001E0EA000-memory.dmpFilesize
360KB
-
memory/1060-3529-0x000000001B6A0000-0x000000001B720000-memory.dmpFilesize
512KB
-
memory/1060-1144-0x000007FEF48C0000-0x000007FEF52AC000-memory.dmpFilesize
9.9MB
-
memory/1060-1094-0x000000001AED0000-0x000000001AEDA000-memory.dmpFilesize
40KB
-
memory/1060-1163-0x000000001B6A0000-0x000000001B720000-memory.dmpFilesize
512KB
-
memory/1060-1164-0x000000001B6A0000-0x000000001B720000-memory.dmpFilesize
512KB
-
memory/1060-1167-0x000000001E4B0000-0x000000001E538000-memory.dmpFilesize
544KB
-
memory/1060-1171-0x000000001B6A0000-0x000000001B720000-memory.dmpFilesize
512KB
-
memory/1060-1096-0x000000001AEE0000-0x000000001AF00000-memory.dmpFilesize
128KB
-
memory/1060-1124-0x000000001B590000-0x000000001B598000-memory.dmpFilesize
32KB
-
memory/1060-1057-0x0000000002A10000-0x0000000002A1A000-memory.dmpFilesize
40KB
-
memory/1060-1062-0x000000001DB50000-0x000000001DC97000-memory.dmpFilesize
1.3MB
-
memory/1060-1123-0x000000001C7D0000-0x000000001C7D8000-memory.dmpFilesize
32KB
-
memory/1060-1122-0x000000001BC00000-0x000000001BC08000-memory.dmpFilesize
32KB
-
memory/1060-1120-0x000000001B570000-0x000000001B578000-memory.dmpFilesize
32KB
-
memory/1060-1119-0x000000001B560000-0x000000001B56A000-memory.dmpFilesize
40KB
-
memory/1060-1118-0x000000001B630000-0x000000001B656000-memory.dmpFilesize
152KB
-
memory/1060-1117-0x000000001CF40000-0x000000001CFB6000-memory.dmpFilesize
472KB
-
memory/1060-1115-0x000000001B350000-0x000000001B360000-memory.dmpFilesize
64KB
-
memory/1060-1114-0x000000001AF30000-0x000000001AF3A000-memory.dmpFilesize
40KB
-
memory/1060-1113-0x000000001AF30000-0x000000001AF3A000-memory.dmpFilesize
40KB
-
memory/1060-1019-0x000000001D5A0000-0x000000001D6DB000-memory.dmpFilesize
1.2MB
-
memory/1060-1112-0x000000001AF20000-0x000000001AF2C000-memory.dmpFilesize
48KB
-
memory/1060-1111-0x000000001AF00000-0x000000001AF0A000-memory.dmpFilesize
40KB
-
memory/1060-1697-0x000000001B6A0000-0x000000001B720000-memory.dmpFilesize
512KB
-
memory/1060-1014-0x000000001D0D0000-0x000000001D20B000-memory.dmpFilesize
1.2MB
-
memory/1060-1013-0x0000000002990000-0x00000000029FA000-memory.dmpFilesize
424KB
-
memory/1060-1011-0x000000001CBB0000-0x000000001CC9A000-memory.dmpFilesize
936KB
-
memory/1060-1899-0x00000000217D0000-0x0000000021ACB000-memory.dmpFilesize
3.0MB
-
memory/1060-1009-0x0000000002850000-0x00000000028DC000-memory.dmpFilesize
560KB
-
memory/1060-1006-0x000000001BD20000-0x000000001C53A000-memory.dmpFilesize
8.1MB
-
memory/1060-2030-0x000000001D230000-0x000000001D248000-memory.dmpFilesize
96KB
-
memory/1060-1005-0x000000001B6A0000-0x000000001B720000-memory.dmpFilesize
512KB
-
memory/1060-2034-0x000000001D460000-0x000000001D49E000-memory.dmpFilesize
248KB
-
memory/1060-1004-0x0000000000450000-0x0000000000451000-memory.dmpFilesize
4KB
-
memory/1060-1003-0x000000001B6A0000-0x000000001B720000-memory.dmpFilesize
512KB
-
memory/1060-1002-0x000007FEF48C0000-0x000007FEF52AC000-memory.dmpFilesize
9.9MB
-
memory/1060-1109-0x000000001B310000-0x000000001B347000-memory.dmpFilesize
220KB
-
memory/1060-1000-0x00000000009D0000-0x00000000011A6000-memory.dmpFilesize
7.8MB
-
memory/1104-1217-0x0000000004C20000-0x0000000004C6C000-memory.dmpFilesize
304KB
-
memory/1104-1137-0x0000000073B60000-0x000000007424E000-memory.dmpFilesize
6.9MB
-
memory/1104-1145-0x0000000004B80000-0x0000000004BC0000-memory.dmpFilesize
256KB
-
memory/1104-1183-0x00000000002F0000-0x00000000002F1000-memory.dmpFilesize
4KB
-
memory/1104-3533-0x0000000073B60000-0x000000007424E000-memory.dmpFilesize
6.9MB
-
memory/1104-3542-0x0000000004B80000-0x0000000004BC0000-memory.dmpFilesize
256KB
-
memory/1104-1135-0x0000000000370000-0x0000000000396000-memory.dmpFilesize
152KB
-
memory/1104-1198-0x0000000004AB0000-0x0000000004B76000-memory.dmpFilesize
792KB
-
memory/1612-0-0x0000000000400000-0x00000000008B8000-memory.dmpFilesize
4.7MB
-
memory/1612-188-0x0000000000400000-0x00000000008B8000-memory.dmpFilesize
4.7MB
-
memory/1612-1001-0x0000000000400000-0x00000000008B8000-memory.dmpFilesize
4.7MB
-
memory/1612-543-0x0000000000400000-0x00000000008B8000-memory.dmpFilesize
4.7MB
-
memory/1612-993-0x0000000000400000-0x00000000008B8000-memory.dmpFilesize
4.7MB
-
memory/1612-180-0x0000000000400000-0x00000000008B8000-memory.dmpFilesize
4.7MB
-
memory/1612-988-0x0000000000400000-0x00000000008B8000-memory.dmpFilesize
4.7MB
-
memory/1612-233-0x0000000000400000-0x00000000008B8000-memory.dmpFilesize
4.7MB
-
memory/1612-190-0x0000000000400000-0x00000000008B8000-memory.dmpFilesize
4.7MB
-
memory/2036-3633-0x000007FEF48C0000-0x000007FEF52AC000-memory.dmpFilesize
9.9MB
-
memory/2036-3634-0x000000001B750000-0x000000001B7D0000-memory.dmpFilesize
512KB
-
memory/2036-3635-0x0000000000240000-0x0000000000241000-memory.dmpFilesize
4KB
-
memory/2092-544-0x0000000000400000-0x00000000004BF000-memory.dmpFilesize
764KB
-
memory/2092-242-0x0000000000400000-0x00000000004BF000-memory.dmpFilesize
764KB
-
memory/2092-987-0x0000000000400000-0x00000000004BF000-memory.dmpFilesize
764KB
-
memory/2524-978-0x0000000000400000-0x00000000005C5000-memory.dmpFilesize
1.8MB
-
memory/2524-250-0x00000000001D0000-0x00000000001D1000-memory.dmpFilesize
4KB
-
memory/2524-615-0x0000000000400000-0x00000000005C5000-memory.dmpFilesize
1.8MB
-
memory/2524-957-0x0000000000400000-0x00000000005C5000-memory.dmpFilesize
1.8MB
-
memory/2524-979-0x00000000001D0000-0x00000000001D1000-memory.dmpFilesize
4KB
-
memory/2524-984-0x0000000000400000-0x00000000005C5000-memory.dmpFilesize
1.8MB
-
memory/2524-985-0x0000000000400000-0x00000000005C5000-memory.dmpFilesize
1.8MB