Analysis

  • max time kernel
    569s
  • max time network
    566s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-03-2024 01:22

General

  • Target

    .html

  • Size

    284KB

  • MD5

    ef2981621a4835dc8cfceea7a10b229f

  • SHA1

    d08adc04af1679acc31f484cd8db1aee6f44b4cd

  • SHA256

    2b6810e2a8d1cf3cabb13fefea116a453d6701e11452a1327f80c14ef67c3ea5

  • SHA512

    54888f82e790fe12e4c12f3dd1f923d94582927fea0ca7e03b07342222cdce3237dd3c77255f87bdedd3732380bdff45898b1e22f7c79fab07ff6e677be0b988

  • SSDEEP

    3072:ugW20GLC3bCcfGyyGMDr5w2fVH3pLi6SPZl4ZqyYrEhBxuXmFpWTBc5u+slisO/W:wBe0

Malware Config

Extracted

Family

stealc

C2

http://89.105.223.142

Attributes
  • url_path

    /853aaed2e28950b2.php

Signatures

  • Rhadamanthys

    Rhadamanthys is an info stealer written in C++ first seen in August 2022.

  • Stealc

    Stealc is an infostealer written in C++.

  • Suspicious use of NtCreateUserProcessOtherParentProcess 2 IoCs
  • Downloads MZ/PE file
  • .NET Reactor proctector 1 IoCs

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Executes dropped EXE 15 IoCs
  • Loads dropped DLL 64 IoCs
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Suspicious use of SetThreadContext 4 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 47 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\sihost.exe
    sihost.exe
    1⤵
      PID:2236
      • C:\Windows\SysWOW64\dialer.exe
        "C:\Windows\system32\dialer.exe"
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:3348
      • C:\Windows\SysWOW64\dialer.exe
        "C:\Windows\system32\dialer.exe"
        2⤵
          PID:2864
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\.html
        1⤵
        • Enumerates system info in registry
        • Modifies data under HKEY_USERS
        • Modifies registry class
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:4856
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7ffe87b79758,0x7ffe87b79768,0x7ffe87b79778
          2⤵
            PID:3076
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1872,i,7913226794431953735,15416532863045032753,131072 /prefetch:2
            2⤵
              PID:3028
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1872,i,7913226794431953735,15416532863045032753,131072 /prefetch:8
              2⤵
                PID:3428
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2184 --field-trial-handle=1872,i,7913226794431953735,15416532863045032753,131072 /prefetch:8
                2⤵
                  PID:2224
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2788 --field-trial-handle=1872,i,7913226794431953735,15416532863045032753,131072 /prefetch:1
                  2⤵
                    PID:2640
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2796 --field-trial-handle=1872,i,7913226794431953735,15416532863045032753,131072 /prefetch:1
                    2⤵
                      PID:4456
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 --field-trial-handle=1872,i,7913226794431953735,15416532863045032753,131072 /prefetch:8
                      2⤵
                        PID:4616
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 --field-trial-handle=1872,i,7913226794431953735,15416532863045032753,131072 /prefetch:8
                        2⤵
                          PID:4748
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4904 --field-trial-handle=1872,i,7913226794431953735,15416532863045032753,131072 /prefetch:1
                          2⤵
                            PID:380
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1016 --field-trial-handle=1872,i,7913226794431953735,15416532863045032753,131072 /prefetch:8
                            2⤵
                              PID:1324
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1844 --field-trial-handle=1872,i,7913226794431953735,15416532863045032753,131072 /prefetch:2
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:2928
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2872 --field-trial-handle=1872,i,7913226794431953735,15416532863045032753,131072 /prefetch:1
                              2⤵
                                PID:232
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4996 --field-trial-handle=1872,i,7913226794431953735,15416532863045032753,131072 /prefetch:8
                                2⤵
                                  PID:4192
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5056 --field-trial-handle=1872,i,7913226794431953735,15416532863045032753,131072 /prefetch:8
                                  2⤵
                                    PID:2156
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 --field-trial-handle=1872,i,7913226794431953735,15416532863045032753,131072 /prefetch:8
                                    2⤵
                                      PID:2220
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 --field-trial-handle=1872,i,7913226794431953735,15416532863045032753,131072 /prefetch:8
                                      2⤵
                                        PID:5112
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5800 --field-trial-handle=1872,i,7913226794431953735,15416532863045032753,131072 /prefetch:8
                                        2⤵
                                          PID:3504
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5540 --field-trial-handle=1872,i,7913226794431953735,15416532863045032753,131072 /prefetch:8
                                          2⤵
                                            PID:5024
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4644 --field-trial-handle=1872,i,7913226794431953735,15416532863045032753,131072 /prefetch:8
                                            2⤵
                                              PID:2732
                                            • C:\Users\Admin\Downloads\Spectra Setup.exe
                                              "C:\Users\Admin\Downloads\Spectra Setup.exe"
                                              2⤵
                                              • Executes dropped EXE
                                              • Loads dropped DLL
                                              • Drops file in Program Files directory
                                              • Suspicious use of SetWindowsHookEx
                                              PID:1400
                                              • C:\Program Files (x86)\Spectra\Spectra.exe
                                                "C:\Program Files (x86)\Spectra\Spectra.exe"
                                                3⤵
                                                • Executes dropped EXE
                                                • Loads dropped DLL
                                                • Suspicious use of SetWindowsHookEx
                                                PID:940
                                                • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                  "powershell" /command Add-MpPreference -ExclusionPath 'C:\Users\Admin'; Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming'
                                                  4⤵
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:996
                                                • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                  "powershell" /command Add-MpPreference -ExclusionPath 'C:\Users\Admin'; Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming'
                                                  4⤵
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:4956
                                                • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                  "powershell" /command Add-MpPreference -ExclusionPath 'C:\Users\Admin'; Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming'
                                                  4⤵
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:3324
                                                • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                  "powershell" /command Add-MpPreference -ExclusionPath 'C:\Users\Admin'; Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming'
                                                  4⤵
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:4056
                                                • C:\Users\Admin\AppData\Local\Temp\f897c420-edf1-4b13-9448-cc6d8adc0c46\snss1.exe
                                                  "C:\Users\Admin\AppData\Local\Temp\f897c420-edf1-4b13-9448-cc6d8adc0c46\snss1.exe"
                                                  4⤵
                                                  • Executes dropped EXE
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  • Suspicious use of FindShellTrayWindow
                                                  • Suspicious use of SetWindowsHookEx
                                                  PID:2620
                                                  • C:\Users\Admin\AppData\Local\Temp\FastTool_dbg\JRWeb.exe
                                                    C:\Users\Admin\AppData\Local\Temp\FastTool_dbg\JRWeb.exe
                                                    5⤵
                                                    • Executes dropped EXE
                                                    • Loads dropped DLL
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    PID:4808
                                                    • C:\Users\Admin\AppData\Roaming\FastTool_dbg\JRWeb.exe
                                                      "C:\Users\Admin\AppData\Roaming\FastTool_dbg\JRWeb.exe"
                                                      6⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • Suspicious use of SetThreadContext
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      • Suspicious behavior: MapViewOfSection
                                                      PID:4476
                                                      • C:\Windows\SysWOW64\cmd.exe
                                                        C:\Windows\SysWOW64\cmd.exe
                                                        7⤵
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        • Suspicious behavior: MapViewOfSection
                                                        PID:4968
                                                        • C:\Windows\SysWOW64\explorer.exe
                                                          C:\Windows\SysWOW64\explorer.exe
                                                          8⤵
                                                          • Loads dropped DLL
                                                          • Checks processor information in registry
                                                          • Suspicious behavior: EnumeratesProcesses
                                                          PID:4864
                                                • C:\Users\Admin\AppData\Local\Temp\f897c420-edf1-4b13-9448-cc6d8adc0c46\snss2.exe
                                                  "C:\Users\Admin\AppData\Local\Temp\f897c420-edf1-4b13-9448-cc6d8adc0c46\snss2.exe"
                                                  4⤵
                                                  • Executes dropped EXE
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  • Suspicious use of SetWindowsHookEx
                                                  PID:3368
                                                  • C:\Users\Admin\AppData\Local\Temp\wordpadbackup_testv4\plugin-container.exe
                                                    C:\Users\Admin\AppData\Local\Temp\wordpadbackup_testv4\plugin-container.exe
                                                    5⤵
                                                    • Executes dropped EXE
                                                    • Loads dropped DLL
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    PID:3856
                                                    • C:\Users\Admin\AppData\Roaming\wordpadbackup_testv4\plugin-container.exe
                                                      "C:\Users\Admin\AppData\Roaming\wordpadbackup_testv4\plugin-container.exe"
                                                      6⤵
                                                      • Executes dropped EXE
                                                      • Loads dropped DLL
                                                      • Suspicious use of SetThreadContext
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      • Suspicious behavior: MapViewOfSection
                                                      PID:4832
                                                      • C:\Windows\SysWOW64\cmd.exe
                                                        C:\Windows\SysWOW64\cmd.exe
                                                        7⤵
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        • Suspicious behavior: MapViewOfSection
                                                        PID:4320
                                                        • C:\Windows\SysWOW64\explorer.exe
                                                          C:\Windows\SysWOW64\explorer.exe
                                                          8⤵
                                                          • Suspicious use of NtCreateUserProcessOtherParentProcess
                                                          • Suspicious behavior: EnumeratesProcesses
                                                          PID:868
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5640 --field-trial-handle=1872,i,7913226794431953735,15416532863045032753,131072 /prefetch:1
                                              2⤵
                                                PID:2336
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 --field-trial-handle=1872,i,7913226794431953735,15416532863045032753,131072 /prefetch:8
                                                2⤵
                                                  PID:3808
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5896 --field-trial-handle=1872,i,7913226794431953735,15416532863045032753,131072 /prefetch:1
                                                  2⤵
                                                    PID:3692
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6116 --field-trial-handle=1872,i,7913226794431953735,15416532863045032753,131072 /prefetch:1
                                                    2⤵
                                                      PID:1940
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3360 --field-trial-handle=1872,i,7913226794431953735,15416532863045032753,131072 /prefetch:1
                                                      2⤵
                                                        PID:1380
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5528 --field-trial-handle=1872,i,7913226794431953735,15416532863045032753,131072 /prefetch:1
                                                        2⤵
                                                          PID:5048
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5924 --field-trial-handle=1872,i,7913226794431953735,15416532863045032753,131072 /prefetch:8
                                                          2⤵
                                                            PID:1324
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 --field-trial-handle=1872,i,7913226794431953735,15416532863045032753,131072 /prefetch:8
                                                            2⤵
                                                            • Modifies registry class
                                                            • Suspicious behavior: GetForegroundWindowSpam
                                                            • Suspicious use of SetWindowsHookEx
                                                            PID:4356
                                                        • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                                          "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                                          1⤵
                                                            PID:1856
                                                          • C:\Windows\System32\rundll32.exe
                                                            C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                            1⤵
                                                              PID:2740
                                                            • C:\Program Files (x86)\Spectra\Spectra.exe
                                                              "C:\Program Files (x86)\Spectra\Spectra.exe"
                                                              1⤵
                                                              • Executes dropped EXE
                                                              • Suspicious use of SetWindowsHookEx
                                                              PID:4460
                                                              • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                "powershell" /command Add-MpPreference -ExclusionPath 'C:\Users\Admin'; Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming'
                                                                2⤵
                                                                • Suspicious behavior: EnumeratesProcesses
                                                                PID:2896
                                                              • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                "powershell" /command Add-MpPreference -ExclusionPath 'C:\Users\Admin'; Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming'
                                                                2⤵
                                                                • Suspicious behavior: EnumeratesProcesses
                                                                PID:572
                                                              • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                "powershell" /command Add-MpPreference -ExclusionPath 'C:\Users\Admin'; Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming'
                                                                2⤵
                                                                • Suspicious behavior: EnumeratesProcesses
                                                                PID:4144
                                                              • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                "powershell" /command Add-MpPreference -ExclusionPath 'C:\Users\Admin'; Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming'
                                                                2⤵
                                                                • Suspicious behavior: EnumeratesProcesses
                                                                PID:4372
                                                              • C:\Users\Admin\AppData\Local\Temp\84d05ab1-28db-4d2d-82ea-0f7db7c8365e\snss1.exe
                                                                "C:\Users\Admin\AppData\Local\Temp\84d05ab1-28db-4d2d-82ea-0f7db7c8365e\snss1.exe"
                                                                2⤵
                                                                • Executes dropped EXE
                                                                • Suspicious behavior: EnumeratesProcesses
                                                                • Suspicious use of FindShellTrayWindow
                                                                • Suspicious use of SetWindowsHookEx
                                                                PID:4800
                                                                • C:\Users\Admin\AppData\Local\Temp\FastTool_dbg\JRWeb.exe
                                                                  C:\Users\Admin\AppData\Local\Temp\FastTool_dbg\JRWeb.exe
                                                                  3⤵
                                                                  • Executes dropped EXE
                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                  PID:4004
                                                                  • C:\Users\Admin\AppData\Roaming\FastTool_dbg\JRWeb.exe
                                                                    "C:\Users\Admin\AppData\Roaming\FastTool_dbg\JRWeb.exe"
                                                                    4⤵
                                                                    • Executes dropped EXE
                                                                    • Suspicious use of SetThreadContext
                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                    • Suspicious behavior: MapViewOfSection
                                                                    PID:2936
                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                      C:\Windows\SysWOW64\cmd.exe
                                                                      5⤵
                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                      • Suspicious behavior: MapViewOfSection
                                                                      PID:4992
                                                                      • C:\Windows\SysWOW64\explorer.exe
                                                                        C:\Windows\SysWOW64\explorer.exe
                                                                        6⤵
                                                                          PID:3080
                                                                • C:\Users\Admin\AppData\Local\Temp\84d05ab1-28db-4d2d-82ea-0f7db7c8365e\snss2.exe
                                                                  "C:\Users\Admin\AppData\Local\Temp\84d05ab1-28db-4d2d-82ea-0f7db7c8365e\snss2.exe"
                                                                  2⤵
                                                                  • Executes dropped EXE
                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                  • Suspicious use of SetWindowsHookEx
                                                                  PID:3512
                                                                  • C:\Users\Admin\AppData\Local\Temp\wordpadbackup_testv4\plugin-container.exe
                                                                    C:\Users\Admin\AppData\Local\Temp\wordpadbackup_testv4\plugin-container.exe
                                                                    3⤵
                                                                    • Executes dropped EXE
                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                    PID:4572
                                                                    • C:\Users\Admin\AppData\Roaming\wordpadbackup_testv4\plugin-container.exe
                                                                      "C:\Users\Admin\AppData\Roaming\wordpadbackup_testv4\plugin-container.exe"
                                                                      4⤵
                                                                      • Executes dropped EXE
                                                                      • Suspicious use of SetThreadContext
                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                      • Suspicious behavior: MapViewOfSection
                                                                      PID:4272
                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                        C:\Windows\SysWOW64\cmd.exe
                                                                        5⤵
                                                                        • Suspicious behavior: MapViewOfSection
                                                                        PID:868
                                                                        • C:\Windows\SysWOW64\explorer.exe
                                                                          C:\Windows\SysWOW64\explorer.exe
                                                                          6⤵
                                                                          • Suspicious use of NtCreateUserProcessOtherParentProcess
                                                                          PID:2828

                                                              Network

                                                              MITRE ATT&CK Enterprise v15

                                                              Replay Monitor

                                                              Loading Replay Monitor...

                                                              Downloads

                                                              • C:\Program Files (x86)\Spectra\Spectra.dll

                                                                Filesize

                                                                543KB

                                                                MD5

                                                                3abf08e33ffee29ba7ac01803d985873

                                                                SHA1

                                                                f82ef4bb44501f6223b764d9acb06b6642d160a6

                                                                SHA256

                                                                878d0027c5a5919dd968d07cc3c74bf98c8ce64523adf384e3a4fe417c1c2f23

                                                                SHA512

                                                                50b43135471a2455aa48bb355dbffb97958faea96ffe2bb15d678f9e46eef15522291649e1f52eabf7e0eccd8d4a75708aa6f907d6f820a805a4d726a8ca15fa

                                                              • C:\Program Files (x86)\Spectra\Spectra.exe

                                                                Filesize

                                                                343KB

                                                                MD5

                                                                fe679c33a1a35b4d79a14b75a06da59d

                                                                SHA1

                                                                b53ce38b720ffda213df09e5dcdf287009b8f0e1

                                                                SHA256

                                                                012d34f11ff4d603d5eae49b676d88eba49553deaeb9542df3fe8fe1a20f6d69

                                                                SHA512

                                                                2f4fabd17c6b6ef7542ff5bc79d726400e96ca3aef878ff5dc65ccd6ae8058f703084fa5969931a985fb8e0acedf19b37473967fc7f79130931147e9a09b4396

                                                              • C:\Program Files (x86)\Spectra\System.Collections.Concurrent.dll

                                                                Filesize

                                                                270KB

                                                                MD5

                                                                38d21e067d7673194a84cced59066ac8

                                                                SHA1

                                                                e64362176f714b23603f3a67f1e741f12e35a832

                                                                SHA256

                                                                483130bfd1e57a0cbfd8a4f3c6e2353ac3f246276f9476c83cca1cadbc47ef47

                                                                SHA512

                                                                3fa6f78ff0cb527a8e82261549f24a8609d005821ac5c5e7257670dffd55472a134af3ef78d73779758303ae5a90728181cd4caebc871c5cfa4c309141201baf

                                                              • C:\Program Files (x86)\Spectra\System.Collections.dll

                                                                Filesize

                                                                254KB

                                                                MD5

                                                                92063926c04f2e4bf5b5fde16542831d

                                                                SHA1

                                                                e7be34eaff2d3d8796911d21f1fdbb93bf231dec

                                                                SHA256

                                                                9193aaef3ea8f19408f88c25fcaf5880e7836d1c35028d7e4077f6090b083541

                                                                SHA512

                                                                e855ee37980d1da2d143ee39133b05fff81937e529cffe74433e73088549daabd3abadbf05f3765bf3ffffd50313f0ed966efec0eb244d7363241affd73cc29f

                                                              • C:\Program Files (x86)\Spectra\System.IO.FileSystem.dll

                                                                Filesize

                                                                15KB

                                                                MD5

                                                                35e27f4c681085a4b096826ee8ea4f53

                                                                SHA1

                                                                cf3ea4304e5558c8fdd4422e4d72509cd91ea719

                                                                SHA256

                                                                7bd41c6b12b73e6e90476f2d56db8581664abe07e7ab9bf2917bb254ed1d75ad

                                                                SHA512

                                                                1f9e6519ff29524e57cb0b3576ab118014293aade8f30027ef44b1f29a8e9a54e7bcb3b288a92dba996053b16016807d93fa9f44f2c43666ddc6425ddd7ae4b9

                                                              • C:\Program Files (x86)\Spectra\System.Memory.dll

                                                                Filesize

                                                                154KB

                                                                MD5

                                                                7e999da530c21a292cec8a642127b8c8

                                                                SHA1

                                                                6585d0260ae98bab2ad1eaba0f9cfe8ebb8a0b3f

                                                                SHA256

                                                                3af25e0c81c1462d0db86f55c4e5fd8c048c70685f9a566d29d499bc46935fb4

                                                                SHA512

                                                                a18b6649b5c2f9f96bf639863df9faad436759200a64f91fb2d955f33c71ce4b2d5798be982f692a247ac864d8acb63fb731b31c06333e5c7d9a9c895ecd6451

                                                              • C:\Program Files (x86)\Spectra\System.Private.CoreLib.dll

                                                                Filesize

                                                                2.4MB

                                                                MD5

                                                                16474dfa5b6dec70bdcaddedc9509eaa

                                                                SHA1

                                                                f1319bd7a6de93389c7548cdb109da1af9be91e8

                                                                SHA256

                                                                467aa7b4bcef5983b36fe7e146ea558f228f3bc8f4059ac038689d01902a0cb7

                                                                SHA512

                                                                ee7b67b4653ff211e49af8589c40f7e2b05694fa7b6e683381e739a0625e47c327133d9628e9c7366164fdc33e1ee9ba7fc82b5bb5343712afe70f85faf4942b

                                                              • C:\Program Files (x86)\Spectra\System.Private.CoreLib.dll

                                                                Filesize

                                                                2.4MB

                                                                MD5

                                                                750d9c5d8421bb9ca733b27c26f91e72

                                                                SHA1

                                                                9e920e54e9a662235a12a91db270b5235ef634d2

                                                                SHA256

                                                                6741a132e84e51b5cae785eb5c20388891b5fb3ca046e9e3868a168a5da4275c

                                                                SHA512

                                                                d6fee5bca6a5e07785e57441746d42e7d2a763c650ff93a221f4814e6cb4d3e997a8098eb29b084846055118fd79780933c2624207f4f07ec5523ffb647924bd

                                                              • C:\Program Files (x86)\Spectra\System.Private.Xml.Linq.dll

                                                                Filesize

                                                                394KB

                                                                MD5

                                                                60ed8b2bffc748d6a2a1fed8fa923368

                                                                SHA1

                                                                be411429b9a649a495124558c5e5d95a83525d58

                                                                SHA256

                                                                0b63cebb991d1911a607993ea5b4639f34a2b0b381a73973542db2d3591e9f90

                                                                SHA512

                                                                b0a4ac2aa96d827258bb30f098512741ad3f93585e05ceae0255e15cd8dc9ab8048788902c1eb32a813e9c69c8a923200a716b4e00f579c22a0b425665e575f8

                                                              • C:\Program Files (x86)\Spectra\System.Private.Xml.dll

                                                                Filesize

                                                                2.2MB

                                                                MD5

                                                                3f34de03a4e070f0084306cba45df288

                                                                SHA1

                                                                64254505f0e658a3ab9828d3274241b352a5b074

                                                                SHA256

                                                                2c7dd13dfbacf76f0d7ee208f9955fc0542166abf13e357f56bb874c36b9f0d2

                                                                SHA512

                                                                0039402b2f03279a78426914982739b280ace13b853b62d0c44f83b855c8e41b8ece47356459c0c9c6f00fff4066cc30e2c9dbea16df784cfeb5cf318d872b56

                                                              • C:\Program Files (x86)\Spectra\System.Private.Xml.dll

                                                                Filesize

                                                                1.8MB

                                                                MD5

                                                                f278aca611ae35c6a181caacc318f501

                                                                SHA1

                                                                69a214db7195f7f6e968421768dfded84c64279a

                                                                SHA256

                                                                5fc8d9295437fbe8b499c468ee05a523668730d75ea60b4c6b994d473c07f407

                                                                SHA512

                                                                344a172b59fd0e6538d42b90d220b8d3d83b36b6c6f12d21248b6c9569e28f6e21a8b3384caa9c89ac5d677613c058e64bc3da031d634ac8cb5fd19b38b8dd83

                                                              • C:\Program Files (x86)\Spectra\System.Runtime.InteropServices.dll

                                                                Filesize

                                                                94KB

                                                                MD5

                                                                49c86e36b713e2b7daeb7547cede45fb

                                                                SHA1

                                                                75fe38864362226d2cce32b2c25432b1fd18ba37

                                                                SHA256

                                                                756de3f5f2e07b478ac046a0ac976b992ef6bc653a1be2bb1e28524a4ff8d67d

                                                                SHA512

                                                                a9bd42b626158c540be04f8d392620daba544a55b7438d6caefe93b9df10ec2219f28959c4e0d706a86b92008275de94dfdf19de730787cdacf46d99fc45e3a9

                                                              • C:\Program Files (x86)\Spectra\System.Runtime.dll

                                                                Filesize

                                                                42KB

                                                                MD5

                                                                53501b2f33c210123a1a08a977d16b25

                                                                SHA1

                                                                354e358d7cf2a655e80c4e4a645733c3db0e7e4d

                                                                SHA256

                                                                1fc86ada2ec543a85b8a06a9470a7b5aaa91eb03cfe497a32cd52a1e043ea100

                                                                SHA512

                                                                9ef3b47ddd275de9dfb5ded34a69a74af2689ebcb34911f0e4ffef9e2faf409e2395c7730bce364b5668b2b3b3e05a7b5998586563fb15e22c223859b2e77796

                                                              • C:\Program Files (x86)\Spectra\System.Security.Cryptography.Algorithms.dll

                                                                Filesize

                                                                17KB

                                                                MD5

                                                                8f3b379221c31a9c5a39e31e136d0fda

                                                                SHA1

                                                                e57e8efe5609b27e8c180a04a16fbe1a82f5557d

                                                                SHA256

                                                                c99c6b384655e1af4ae5161fe9d54d95828ae17b18b884b0a99258f1c45aa388

                                                                SHA512

                                                                377f4e611a7cf2d5035f4622c590572031a476dd111598168acea1844aaa425c0fe012c763fbc16290c7b32c6c7df7b2563c88227e3dbc5d2bd02250c9d368d9

                                                              • C:\Program Files (x86)\Spectra\System.Security.Cryptography.Csp.dll

                                                                Filesize

                                                                15KB

                                                                MD5

                                                                c7f55dbc6f5090194c5907054779e982

                                                                SHA1

                                                                efa17e697b8cfd607c728608a3926eda7cd88238

                                                                SHA256

                                                                16bc1f72938d96deca5ce031a29a43552385674c83f07e4f91d387f5f01b8d0a

                                                                SHA512

                                                                ae0164273b04afdec2257ae30126a8b44d80ee52725009cc917d28d09fcfb19dfbbb3a817423e98af36f773015768fed9964331d992ad1830f6797b854c0c355

                                                              • C:\Program Files (x86)\Spectra\System.Security.Cryptography.Primitives.dll

                                                                Filesize

                                                                15KB

                                                                MD5

                                                                777ac34f9d89c6e4753b7a7b3be4ca29

                                                                SHA1

                                                                27e4bd1bfd7c9d9b0b19f3d6008582b44c156443

                                                                SHA256

                                                                6703e8d35df4b6389f43df88cc35fc3b3823fb3a7f04e5eb540b0af39f5fa622

                                                                SHA512

                                                                a791fa27b37c67ace72956680c662eb68f053fa8c8f4205f6ed78ecb2748d27d9010a8de94669d0ee33a8fca885380f8e6cfad9f475b07f60d34cdcb02d57439

                                                              • C:\Program Files (x86)\Spectra\System.Security.Cryptography.dll

                                                                Filesize

                                                                2.0MB

                                                                MD5

                                                                75f18d3666eb009dd86fab998bb98710

                                                                SHA1

                                                                b273f135e289d528c0cfffad5613a272437b1f77

                                                                SHA256

                                                                4582f67764410785714a30fa05ffaaad78fe1bc8d4689889a43c2af825b2002e

                                                                SHA512

                                                                9e110e87e00f42c228729e649903ad649b962ae28900d486ee8f96c47acca094dbace608f9504745abf7e69597cdef3c6b544b5194703882a0a7f27b011fa8d5

                                                              • C:\Program Files (x86)\Spectra\System.Threading.Thread.dll

                                                                Filesize

                                                                15KB

                                                                MD5

                                                                72d839e793c4f3200d4c5a6d4aa28d20

                                                                SHA1

                                                                fbc25dd97b031a6faddd7e33bc500719e8eead19

                                                                SHA256

                                                                84c9a95609878542f00fe7da658f62d1a6943a43e6346af80d26bcff069a4dbd

                                                                SHA512

                                                                a414cd9d7cf6a04709f3bdbef0295349b845a8301171ed6394e97b9993f35816383b958736c814f91c359a783cca86ee04802856486d4b4e0ab90a45da39db1d

                                                              • C:\Program Files (x86)\Spectra\System.Threading.dll

                                                                Filesize

                                                                82KB

                                                                MD5

                                                                32aa6e809d0ddb57806c6c23b584440e

                                                                SHA1

                                                                6bd651b9456f88a28f7054af475031afe52b7b64

                                                                SHA256

                                                                e8d1f5c422ee0ba3b235b22028ab92dc77c1ff9774edc0b940cad7224a30ba7d

                                                                SHA512

                                                                fe43b3d6ed5c37d59a44636d3c7522a88d83e6ec074bf69d3cbb6e5454fdd8f0523ea10fdf6fd452cbd0e2fc159cf9d03dfad6b30e80e400e7f1773b5a2e8632

                                                              • C:\Program Files (x86)\Spectra\System.Windows.Forms.dll

                                                                Filesize

                                                                800KB

                                                                MD5

                                                                ea4148061230f87461662a8f894f13f5

                                                                SHA1

                                                                3d9a9d7a4bbb4c2f3496dd38b06ee735107c2911

                                                                SHA256

                                                                d9e0e2d8d6fc8471564653f31cfdac647e1ef0a37e206dd27a025777887d5647

                                                                SHA512

                                                                fb91181c94622119cdaec937e58296ea7ff0c9851ed10f5acba6c5cab30300630760c57167f14c1b49c7de6d6e7a28c08f601ae087d8c091d4eae054f23771eb

                                                              • C:\Program Files (x86)\Spectra\System.Windows.Forms.dll

                                                                Filesize

                                                                704KB

                                                                MD5

                                                                3925b7c542d64ef8326f2de91503f7b9

                                                                SHA1

                                                                ebde7978e2a150ed3f72cb73af1f95f11b98cf76

                                                                SHA256

                                                                5cd94fd20133c0f6e038607c538c1be8d798ffbc3ef21aa6353fa1c0f1272026

                                                                SHA512

                                                                10531a1211fdf129d40b95f2a2f612b51feb22d80ae2fea6b6f47c7b71bd5f46b36213da35cd1a91668a0fbc46b18ef2c7502603da0aebbfb841d40e5eff5d08

                                                              • C:\Program Files (x86)\Spectra\System.Windows.Forms.dll

                                                                Filesize

                                                                192KB

                                                                MD5

                                                                134e6cb0d7bbbe215814be8d7b46afda

                                                                SHA1

                                                                b6d6fc64a99934a4681b3c355669a66124743591

                                                                SHA256

                                                                9a97f33bc1920c67b9bcd034929d34810d3abf972b5b6a739084de2fc581445d

                                                                SHA512

                                                                2186edd1ebeae528e6a892744e5138b34764ce9563d3a97091e1f673327f5c4e07264f76452f257382339f6c018786d972d438608f81a90dc9882d6c80975966

                                                              • C:\Program Files (x86)\Spectra\clrjit.dll

                                                                Filesize

                                                                1.7MB

                                                                MD5

                                                                8b81a3f0521b10e9de59507fe8efd685

                                                                SHA1

                                                                0516ff331e09fbd88817d265ff9dd0b647f31acb

                                                                SHA256

                                                                0759c8129bc761fe039e1cacb92c643606591cb8149a2ed33ee16babc9768dcb

                                                                SHA512

                                                                ea11c04b92a76957dcebe9667bef1881fc9afa0f8c1547e23ada8125aa9e40d36e0efaf5749da346ba40c66da439cbd15bf98453e1f8dab4fe1efd5618fdc176

                                                              • C:\Program Files (x86)\Spectra\coreclr.dll

                                                                Filesize

                                                                2.9MB

                                                                MD5

                                                                239f306a97f05e4391c42c66efb427f2

                                                                SHA1

                                                                b5e93f4a945c7c10b8554ea7257011922495e6ba

                                                                SHA256

                                                                449aa70f10b26cc6f04b573079969e35042149d808db36f0488c9bb8c4128fea

                                                                SHA512

                                                                12c9ee11801f2f44b16dde70119397cbd50f71c3cf288d5ae6a8bc4558727fc370a455940a470869e8fdac57eb8bf67be6536f1cb23cd65c296a0f67bf7f17a1

                                                              • C:\Program Files (x86)\Spectra\coreclr.dll

                                                                Filesize

                                                                2.6MB

                                                                MD5

                                                                d2087a10badcac44bfd20698e7435376

                                                                SHA1

                                                                eeb0c90ab039321553732528ca262b6d0554ebf1

                                                                SHA256

                                                                c326644c07f35323d1ff2eeb95cd1b19deeee14076e1ff9d874dc8eefaf5d8d6

                                                                SHA512

                                                                2e3e52545ca1a1e5712d9b779f8e5a00429c8fd61f6c72cacefdd7bccf848791fe8f300e12a4f53398b59c2b6baa00d7450b81e9edede04100cc04b9dfb45c8c

                                                              • C:\Program Files (x86)\Spectra\hostfxr.dll

                                                                Filesize

                                                                342KB

                                                                MD5

                                                                16532d13721ba4eac3ca60c29eefb16d

                                                                SHA1

                                                                f058d96f8e93b5291c07afdc1d891a8cc3edc9a0

                                                                SHA256

                                                                5aa15c6119b971742a7f824609739198a3c7c499370ed8b8df5a5942f69d9303

                                                                SHA512

                                                                9da30d469b4faed86a4bc62617b309f34e6bda66a3021b4a27d197d4bcb361f859c1a7c0aa2d16f0867ad93524b62a5f4e5ae5cf082da47fece87fc3d32ab100

                                                              • C:\Program Files (x86)\Spectra\hostpolicy.dll

                                                                Filesize

                                                                388KB

                                                                MD5

                                                                a7e9ed205cf16318d90734d184f220d0

                                                                SHA1

                                                                10de2d33e05728e409e254441e864590b77e9637

                                                                SHA256

                                                                02c8dbe7bf1999352fc561cb35b51c6a88c881a4223c478c91768fdaf8e47b62

                                                                SHA512

                                                                3ecbaf20946e27d924a38c5a2bf11bac7b678b8c4ebf6f436c923ea935982500e97f91d0e934b7fd6b1fc2a2fd34e7d7b31dbbe91314a218724b3b2fd64c4052

                                                              • C:\Program Files (x86)\Spectra\mscorrc.dll

                                                                Filesize

                                                                133KB

                                                                MD5

                                                                53e03d5e3bffa02fbc7fb1420ac8e858

                                                                SHA1

                                                                36c44c9ff39815aa167f341c286c5cd1514f771f

                                                                SHA256

                                                                23a433398be5135222ee14bb1de6334e7b22bad1a38664a83f1cf19dfbddd960

                                                                SHA512

                                                                f6aca16b90f6b4efa413dc9a8f1d05e83c1e3791b2cb988f9bce69d5272a0077c1edcae4111a494d166b5e3ab4e25956dead4e93ee1e43417c2b7bb082292170

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006e

                                                                Filesize

                                                                1024KB

                                                                MD5

                                                                96c83700af5dda6827cbe791bea24266

                                                                SHA1

                                                                8b167691c1312428fae47955d9a8d951b4b94eff

                                                                SHA256

                                                                dac23b653bcb18d2f1f804619d0a5b9b9daba2ed211b6bddd0eb95b5045cf4c7

                                                                SHA512

                                                                23bc3e9ca5db5ca1375ed5ebb0bad2918b3d3fb51a5d5c7e970e761b450bffed6fe9f004ed657d8ef867673891c4845b8336b65896893650812fb632da0567aa

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006f

                                                                Filesize

                                                                1024KB

                                                                MD5

                                                                c03d17334f5893307e1bd615a9a80709

                                                                SHA1

                                                                295433c2390b1747c028e9d7437d01e7c0177173

                                                                SHA256

                                                                84bc0cd121ea8948b4efcc0da356387d2f5ba4e323ac1c33334729aa5d48f148

                                                                SHA512

                                                                22a76804b042ec1bd3ccfcb5852ef5d990f2f0610c3d0a6bcdd55a942cbb2dcb8945d6c13787ca8155d6abe9413b2048be7781d87a9d965ba4364220a07a630c

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000070

                                                                Filesize

                                                                491KB

                                                                MD5

                                                                50406bfbcbbc3a7caf728a600e45bb24

                                                                SHA1

                                                                69990b4a171fbc27ac3709cfec5c469c29d9ae73

                                                                SHA256

                                                                e038c09fa6a101b575737b3e6bd7431a2656b47a911d90eb7968be34531633a7

                                                                SHA512

                                                                ce8bbb16648bf634bba1564c40fea9bc68008070f7b211b2a432b7f44d15b729edfa4fc41d41fbca73a98236889eda43f081fd576c8f27bc995d05f3f7f265c3

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00007a

                                                                Filesize

                                                                197KB

                                                                MD5

                                                                5e28e72b443ded036a4cf369d0dda3bf

                                                                SHA1

                                                                0500de4480a54243b12d096745c6ba04c9479e66

                                                                SHA256

                                                                15fc7a054efbb9f76d937448fbb4814d7b3f25a6d137e24c1a69e32947eae71e

                                                                SHA512

                                                                7d17a5248e54e4dda8fd17a4d662edbb274629161a1e25b3b7f7f5112541663a5040788177268c53b2c78bc7e6d2204ccfb342d93c2ceec0a12d8a41788c088b

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                Filesize

                                                                480B

                                                                MD5

                                                                d7d489c0b39da2a2ba8d2d6b5cea6dac

                                                                SHA1

                                                                a628c2440f3f1091cad06171d84580419cdcb754

                                                                SHA256

                                                                299c104e482d239250ca73f4f924bd8dd18e00b8396f1438b509e4b552562f2c

                                                                SHA512

                                                                3e3979a92c1833229e93154f84e6066801433b7a58e497b79b07e50439a95afedae2bf4e56ff6b7c7a33a00cc44950962045e0097477339c365cf4d4e2ec2f6c

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                Filesize

                                                                1KB

                                                                MD5

                                                                79b49c18b1eb98df35805954c0fc0d76

                                                                SHA1

                                                                f74435193d9a76fbf8142d845ce72183a93923e4

                                                                SHA256

                                                                778ba7cd94a27652b7ee7c56a17aa0120fceb4c224872bfcc19f5af225e4f642

                                                                SHA512

                                                                20638c5ebd9969be09ef91681043c2a580918dc55de19806aff6fe30a8ada728198debaf43202e06d5dd586fb3a3a41f9e195e67f87c6a9dbfdc260a48896a42

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                Filesize

                                                                408B

                                                                MD5

                                                                2cf20aac3bc737def5cd0a16beec676c

                                                                SHA1

                                                                574c121c910c6a9b96d411ec4c851fce1a93d01b

                                                                SHA256

                                                                57280371634404898803f543e01509d4b2f45efaca521379a1bfbee667035583

                                                                SHA512

                                                                38c89ddd03d2ed26c16ee41e01684c1cb3b196a06408f278a4b1cd40214d1c030aab2216478a4e281fbc587c162c0eabd36e41ba08037f4ca31ef7394f6b101a

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                Filesize

                                                                1KB

                                                                MD5

                                                                36356ebb31e4396bbcf370f5023e3d29

                                                                SHA1

                                                                5f54ceb31e8ae717bc2a651437921ac45a254ba4

                                                                SHA256

                                                                3a003813979de52b89bf8f29628f0ffaf901991e80a6048dea0d21c10c86f4d5

                                                                SHA512

                                                                68eb3b86d4762850b1a03ae7ca1fc9a62f6f7a077007f6a4f0e7d59c2efce5173482f628c143727a5034075afa75a03be8edd23394f219df3dc809fe479a1b82

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                Filesize

                                                                1KB

                                                                MD5

                                                                94519876f75ceb86b564cc92252b1623

                                                                SHA1

                                                                5563b80e0ea27577ad6328cff64cd303fc2aa098

                                                                SHA256

                                                                6c670ebbd7af0857c8a3ebe30a3f91736ca8f25154ac754c0e2d11517a0ae6f3

                                                                SHA512

                                                                6a6921164eea6c0ed81cc06d057afe81e3f01e65952769ef1333ceabee0655d44c667e9c0bce958d2d742afefed94509c545f7952400c6ae646322f857977c25

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                Filesize

                                                                3KB

                                                                MD5

                                                                a05944e1c36fa637d18a6b73f3c69f6f

                                                                SHA1

                                                                d881b91a62de88b5bcb9117320feba2c91c5c704

                                                                SHA256

                                                                e94d63ee0436af82db55797392267336b04bedfb6a41f6f4af8f7ea737d7a9d8

                                                                SHA512

                                                                ccf8da08ec494fbe65c671213757e26560a7a38adc0d526b258e44d92e5c3ab3b3a9692a6258d1a4b926d2ac082789f805b3d5ead11474927e60ca797485773f

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                Filesize

                                                                2KB

                                                                MD5

                                                                776b1d78fbec80c34542979d69759fa2

                                                                SHA1

                                                                d3d30570cc976cc46a13ae9e9e69ca6a07e0207d

                                                                SHA256

                                                                40249677e67b93814aa3c2e2027ea2beffc79d290a0ee0240ac0fc603f036d57

                                                                SHA512

                                                                9f33adbd5e60fba0663df06e0de2322dd2c2276028cfb1fc5f2f427a0b6c60825c91fe136e756c0c20831f780dae45159070d54e5bbcecfb9c067abf57075d33

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                Filesize

                                                                2KB

                                                                MD5

                                                                4c0d6376affb1a3087074e6c23239219

                                                                SHA1

                                                                41ba75e311c6c9226fd9ce49d99a6f245539b5d2

                                                                SHA256

                                                                31b9167ae6c5f059b0e284b6e7aa50d5efb0c9aebeb85117c2b4cfd0b9536e35

                                                                SHA512

                                                                fe6a6a7662c85331b6af039bf652e57f2424a95227af0ff7f2a4fbeb7da3cb2c92d3ab213fa0c9a1b7a81a6e301e482a171a382327d9ccf732de16baac332fa7

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                Filesize

                                                                705B

                                                                MD5

                                                                564d0ee7e1b6ba95e0b7e62a9c681509

                                                                SHA1

                                                                92161c86cbbf856e9616b3efe35b6bf2f506fd64

                                                                SHA256

                                                                d4aede400154a22569a38634e919053ca18de5b027f34f940e906366857e5e9e

                                                                SHA512

                                                                77b791b1d9d1e9ae59528de0c031c08600aa71e2865aa8c6014761146d7d8099f2de0477d448d050caf86d5a36bb907a61701896633fb0c44e457ec0f6229ca9

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                Filesize

                                                                1KB

                                                                MD5

                                                                1502540674e9d8bfb5842ae65187edda

                                                                SHA1

                                                                1e1abdc47db5443b7f49f2652a69fd14062ed7a6

                                                                SHA256

                                                                56a726abc6af483c0ff275825767aa7c33b0fe7f51c5265bc31889d915b521ee

                                                                SHA512

                                                                7ab41a24f5ad620123093cf733da26b92e4fcae1fa8f48dac070ca5374dba04f8f5d850d7dee74c4b6cfcbeb9a9f8972f573725d0eb3fbb61eaeb641ee4df9d7

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                Filesize

                                                                705B

                                                                MD5

                                                                2d57d5352c065c28678c82602553f183

                                                                SHA1

                                                                0db6ce093adc4cfcfcdd48444bca763bfe44f29f

                                                                SHA256

                                                                5f4b70fbe8e4de211f0cce7e61fec7123fd9983b9c423f9e0be0df9ee6a1e6c5

                                                                SHA512

                                                                fd0d9c9d6a29b9a48b3fa77c12ca85551fcea81de9648b5af3007ec159468e8f2560be1b14106cbfe5723eeeb14f55200969d91d723725e7af4f98b95f8955d3

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                Filesize

                                                                6KB

                                                                MD5

                                                                7a2e1d7baa3688f72582c4d4f6ea1d01

                                                                SHA1

                                                                3cc21ad308fd81a006b4272c4821ab6407372990

                                                                SHA256

                                                                447a9e3965c6e84b07a0f2fedd85a0370c04a15e825adb9a212a5ca4c9b0fb9b

                                                                SHA512

                                                                2d0ac5052c4b1e2c08101bc85ea6d45cd66e46f41fba63257cbab5071110623b59c11c71ed6fb1f08ee6299ee8dc85a719c629c25f06d93e2752f8a2c07525dd

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                Filesize

                                                                6KB

                                                                MD5

                                                                edf8cd0f83edb98c217751849541f136

                                                                SHA1

                                                                59c6987c1c47325463178c11e57d43ee14a1500d

                                                                SHA256

                                                                b2edc828e5503e7a5f810a2f2ab139943eabf597fee11b16e952df52b8f19211

                                                                SHA512

                                                                d463db3104f8ef29824047709e4c300c27375457279b252d3934b7ef349a30a122677b7333a4fbb7825693272e5fde56f203d54cb374940a094c197717e4fd0b

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                Filesize

                                                                6KB

                                                                MD5

                                                                82f6fae52968eac921ca34c9bf41e8f7

                                                                SHA1

                                                                b84764ba2529ddc6091aede0bf2fd1cc2db2de1e

                                                                SHA256

                                                                6ab216b1591cc3fc511067a9e200a7569da53ea9aad0cc8e6ab52557d6e8000a

                                                                SHA512

                                                                f8e8b9b05cc0c0588a01c97dd3ad2dd13b8db1501d766394ca5e356fc769569bf0ec9f879d74158437fb080565f6c0d712ff134a12a4c74d21c187e0ccbc5c30

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                Filesize

                                                                7KB

                                                                MD5

                                                                d9ae82f27148097d4528234041fe426a

                                                                SHA1

                                                                4e55ef770a5039d2aeac6c8b6e8b72ecc60df7ce

                                                                SHA256

                                                                5f19c6e567311a11cb78c19bd09cd9944488ce88a11d8ad659446184449a6196

                                                                SHA512

                                                                b50840bc734da3b1fe8b34f3f06621b88e9d48789763e1c48c4e37329a6bf26269aefcd64672620c256e7e39d4f6c2bac419141d8c9569b31e6a0e4f793fa84e

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                Filesize

                                                                6KB

                                                                MD5

                                                                c805fbb7165c16cfcceccd93adc3a5b2

                                                                SHA1

                                                                5e00f29dbd0e9da86b7b843e50542e153ec41b36

                                                                SHA256

                                                                51866916766c4b644a1bc2eed0852365566cf2c43664dfcc4e2de939a2f2229d

                                                                SHA512

                                                                65e9f068e4987c675109e0704fc4b072a8b809a36ad518f771ab7864d5336b66493285e41ca2c4c2491bc545bcaab02ec45a2b16acad003ea20c18d8606c9673

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                Filesize

                                                                6KB

                                                                MD5

                                                                45cf30587b6e6e920bb84224a3988a48

                                                                SHA1

                                                                c89d500ef0add13257b3aa2de2038c4bde0cddbb

                                                                SHA256

                                                                75a83dabeed6a8f8b30329a0db3d76363abc931c66230e44128d0db812b6e32f

                                                                SHA512

                                                                847168655f994e8c8a0bec2bbe0336e7f33cd486d997125d83e36c952a748da92a55616584ade76066397545090c11ee208edb174cc2d9c4bd4cd70f65ba1f8b

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                Filesize

                                                                6KB

                                                                MD5

                                                                890c8c4e0a34f0d09bb2e8687ba04f94

                                                                SHA1

                                                                cb6a18e473e65e61ab46d03577c15c56c1706dac

                                                                SHA256

                                                                5ce36dab53e7dd81c865276ec50cc873aaaeaaf115131b997c80aae820cf212b

                                                                SHA512

                                                                2474b01f05f4730fdc040fe708267e864fcee62b386f7e988120ed56f6d5a77a9f91c40fe8b71235ec69c0593936a9a615ba0447b1c9884e4cf197ce83dc0401

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                                Filesize

                                                                72B

                                                                MD5

                                                                b813da5ef1ae3aca90146722185b8a93

                                                                SHA1

                                                                27bf6fd714217c85e6e62dc46c5257c8fbdc7846

                                                                SHA256

                                                                5bdc871b949943a10130756be5daea27916c4a1f5069642e167572cdeacebfab

                                                                SHA512

                                                                57d7a65105343717a28bc61c47b5e270b1f9de93a93919ccd19f81e2e1d1eb34201e4fdd3f7549ba710f0c92fb2c39abf49e6e57cc7ae129e76d17905e182bd6

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5d281c.TMP

                                                                Filesize

                                                                48B

                                                                MD5

                                                                3d8d2238e4b227e1cfbad1fa67135165

                                                                SHA1

                                                                d080cf29319ced779b0b8ef35a644fa0390f625d

                                                                SHA256

                                                                e1c9db7df2af67da97389f945f26b3b0ebdf738423576237a6f24e40c6e21293

                                                                SHA512

                                                                ee5f7b089416861c8144fbefd203be54bbe8cb897305ff904f1e602dc058e016de842f6aa94ac119629488d5be00f04aab45676fa996afc5b6f53f3f40e85a44

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                Filesize

                                                                128KB

                                                                MD5

                                                                20a477dc79c351593407a4b351e44077

                                                                SHA1

                                                                16d7ed80497d1b162c555f817d6b420c0761851c

                                                                SHA256

                                                                f95c8b3995c2bc8ec671cd45421c36b50a757fb8b7e28eee797b33b40c19ac50

                                                                SHA512

                                                                2ed3a098746cd65685d016f44d60ae1ffd47e92c4b3eca9dbf966d8002810a87aab6fb50e57c53084f5cc74b56fbdb4a9257ca67b19cd34ea63f6abc2dedb6f5

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                Filesize

                                                                128KB

                                                                MD5

                                                                0433d0bea6ef7f70b342fb6df05ad727

                                                                SHA1

                                                                461f2847fe3426c8b0c7ef3cca5851ecad78f645

                                                                SHA256

                                                                d2748ae594664fe06f6dc5ab1c81e91e2cfc041685cc595174c8c9ab9abea316

                                                                SHA512

                                                                2fcf729f0e11b841af489a04d3d2b2c913dc07bbde70e91392e8b1920b666fca4fbccb6ffb8c73d96769c2d9d959a0da8edc0287afeb2be84e8d3525e485cd25

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                Filesize

                                                                128KB

                                                                MD5

                                                                a8eeff18f87d67171bb1f3d261432b98

                                                                SHA1

                                                                a493796f44cd2208c92b1882fcd61de14ee3fb25

                                                                SHA256

                                                                d9134c3180b79f6f5dc95ddc93ff7042a7e28d3b198253565857edf41cd5309f

                                                                SHA512

                                                                15f86a95a1a92c0c7d249a519568a87b3c5236b5abbcaea36598ac5c81a536ac411830bfd3d98486d683e74f77c812e5fbac6ce0101565ed60331d7b12fe5bd0

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                                Filesize

                                                                111KB

                                                                MD5

                                                                c225ef0c3bd966f6bdc07ed190fb1303

                                                                SHA1

                                                                b33406a3fdb1d108267f33460ac85c99ca062099

                                                                SHA256

                                                                175dd830660c307fb22164aed26a5ed6be8b59797a5879d825914a0edd808c6b

                                                                SHA512

                                                                fa217aabff7e6f00fbbee3ad9bdd6459b694d99d34b5464d0e82fb410c761909b8d09d79ca2c18d33eea3d27679c6eaafadba1c13096799bd7d9f1faa948a428

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                                Filesize

                                                                104KB

                                                                MD5

                                                                c3e8342c535b1484208e3a9e1a2d992f

                                                                SHA1

                                                                408728227fcc7bca2059f27123dfa42c11ec3941

                                                                SHA256

                                                                9b5ce9e5edb2d8879776eaec635900b320fc288f79825d4933bdfa13f8675ee9

                                                                SHA512

                                                                56f4ba7e0807dce1e2d10949a80c66bec6af7193255d329068915ed5e17c0bd9239a190637a56f189bbba5fc698e6383fd79e4ffc259885f31c7ee2494f4aabc

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                                Filesize

                                                                112KB

                                                                MD5

                                                                4047c9c7425d70561f060d08592ad48a

                                                                SHA1

                                                                1a2d393a42d28d1eb09c76cedf1567c0eafc6922

                                                                SHA256

                                                                f3e99270cdaef54bbbfc59616053b2edd1bcb8d89e25f2444f6edc83a21bff4e

                                                                SHA512

                                                                f6e3aa87b5f15d25d41df369f401001a233f185fdde0d09e8b2a587575eebb4c3c4ab9642237b1c771553f69fa845ed3655f4a2103718618ef761afcef2df264

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                                                Filesize

                                                                2B

                                                                MD5

                                                                99914b932bd37a50b983c5e7c90ae93b

                                                                SHA1

                                                                bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                                SHA256

                                                                44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                                SHA512

                                                                27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                              • C:\Users\Admin\AppData\Local\Temp\74467fe6

                                                                Filesize

                                                                3.1MB

                                                                MD5

                                                                c5763a23343b7c8af20869d2d9a63cdf

                                                                SHA1

                                                                0c22ca524d74642379e3c060153b90f94528a594

                                                                SHA256

                                                                bf4694ee7dba4c3a55350d2455c1e55eeea515717797bd62de5b0929c0ce1e06

                                                                SHA512

                                                                4927d58306e847bc735e1fe3453502e1d85fa7bd70c5b297ee8388b6f321c27fbda7e1279a0cc2250eb8ab2353ce11a94ed175fc1cda17e2c144dbfe5458792f

                                                              • C:\Users\Admin\AppData\Local\Temp\FastTool_dbg\JRWeb.exe

                                                                Filesize

                                                                1.1MB

                                                                MD5

                                                                c047ae13fc1e25bc494b17ca10aa179e

                                                                SHA1

                                                                e293c7815c0eb8fbc44d60a3e9b27bd91b44b522

                                                                SHA256

                                                                6c30c8a2e827f48fcfc934dd34fb2cb10acb8747fd11faae085d8ad352c01fbf

                                                                SHA512

                                                                0cfb96d23b043bcb954cc307f85e5bbc349c0c8a0c6eaa335ea9a8fa19ce65b047f30ed0049562d40880400d4f70e3bb28975d6970f3ae4af6da1ba06e36d48c

                                                              • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_xxti54pe.pxn.ps1

                                                                Filesize

                                                                60B

                                                                MD5

                                                                d17fe0a3f47be24a6453e9ef58c94641

                                                                SHA1

                                                                6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                SHA256

                                                                96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                SHA512

                                                                5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                              • C:\Users\Admin\AppData\Local\Temp\f4dbd5b

                                                                Filesize

                                                                2.4MB

                                                                MD5

                                                                823fdaed9760539b7c6fdac69930b58c

                                                                SHA1

                                                                d8dfa6a0ddaf2fb005e6aafd8475e572a5b5119c

                                                                SHA256

                                                                3ceb212dbef41afc3e51a4f9ccc392fcb6680646f6f89c1f8c9e89916d790b04

                                                                SHA512

                                                                963c4dc315ea5714d58904b6fb9d2e38e0c8c65bb6fef7c59df6b6e55d6671e9337c95d1552a2d283031381c4ac28e9baa12bc632a36108078f69d082c5352e0

                                                              • C:\Users\Admin\AppData\Local\Temp\nsoD8C4.tmp\InstallOptions.dll

                                                                Filesize

                                                                15KB

                                                                MD5

                                                                d095b082b7c5ba4665d40d9c5042af6d

                                                                SHA1

                                                                2220277304af105ca6c56219f56f04e894b28d27

                                                                SHA256

                                                                b2091205e225fc07daf1101218c64ce62a4690cacac9c3d0644d12e93e4c213c

                                                                SHA512

                                                                61fb5cf84028437d8a63d0fda53d9fe0f521d8fe04e96853a5b7a22050c4c4fb5528ff0cdbb3ae6bc74a5033563fc417fc7537e4778227c9fd6633ae844c47d9

                                                              • C:\Users\Admin\AppData\Local\Temp\nsoD8C4.tmp\LangDLL.dll

                                                                Filesize

                                                                5KB

                                                                MD5

                                                                50016010fb0d8db2bc4cd258ceb43be5

                                                                SHA1

                                                                44ba95ee12e69da72478cf358c93533a9c7a01dc

                                                                SHA256

                                                                32230128c18574c1e860dfe4b17fe0334f685740e27bc182e0d525a8948c9c2e

                                                                SHA512

                                                                ed4cf49f756fbf673449dca20e63dce6d3a612b61f294efc9c3ccebeffa6a1372667932468816d3a7afdb7e5a652760689d8c6d3f331cedee7247404c879a233

                                                              • C:\Users\Admin\AppData\Local\Temp\nsoD8C4.tmp\System.dll

                                                                Filesize

                                                                12KB

                                                                MD5

                                                                4add245d4ba34b04f213409bfe504c07

                                                                SHA1

                                                                ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

                                                                SHA256

                                                                9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

                                                                SHA512

                                                                1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

                                                              • C:\Users\Admin\AppData\Local\Temp\nsoD8C4.tmp\ioSpecial.ini

                                                                Filesize

                                                                1KB

                                                                MD5

                                                                670e141de5ce1c4ae33b95d746a66677

                                                                SHA1

                                                                ec5b5cd547bf3cb5dbaf59226923e80a89331c18

                                                                SHA256

                                                                a03276a7c12bb6ae0663c75c4c3e3431978984b93365780ff2b59633d1f8f04d

                                                                SHA512

                                                                112cd9d6c21e21d87b0be89f6591282a2f1510feb515eb114223355ff1ac401c27e39fba1aae598560c25abefaf43559f60c7a9ee3a1416671663c13921087d1

                                                              • C:\Users\Admin\AppData\Local\Temp\nsoD8C4.tmp\ioSpecial.ini

                                                                Filesize

                                                                1KB

                                                                MD5

                                                                4b2052a65d9c1f481ed8a02f94b9b02a

                                                                SHA1

                                                                6e93fee6c3f4802b68ce715f3ef45d6f5d4d5b58

                                                                SHA256

                                                                24501d77233739d14d4a19fe2415ba66dc83a2d23eac87909168b0684f8ade2d

                                                                SHA512

                                                                df1efd2bdd91803f859e4bb08a5a10b9fae838dca4f8b19815727b1236d06cecd07b4d1d0a06900e45a126cda7bc4842ef4d655094345bdb900bf3543de3b1b4

                                                              • C:\Users\Admin\AppData\Local\Temp\nsoD8C4.tmp\ioSpecial.ini

                                                                Filesize

                                                                1KB

                                                                MD5

                                                                c8c46d4f09d55a507ea61c92e1ffaf5f

                                                                SHA1

                                                                2131ae1950cebe7345de4b2c3d8fa0bef6f6225b

                                                                SHA256

                                                                5a1b91a972de754af4ea8b1ff2f9347e636db5d431e7256173101b21d883ed92

                                                                SHA512

                                                                f78cb974177be34a65a417d8514a6beb8beb0195e481895cf9196a141690bf7d175b4f96e4650574d453e83bd586544abf6897e059f03fe89913cde93d628b80

                                                              • C:\Users\Admin\AppData\Local\Temp\nsoD8C4.tmp\ioSpecial.ini

                                                                Filesize

                                                                1KB

                                                                MD5

                                                                cd08d291cf5299ea66dae57443369437

                                                                SHA1

                                                                3ba2ace375b44b43c6bc99fc1b1a240d29ebe9d6

                                                                SHA256

                                                                32084353906e009631138443bbdfcfafe969b2c295fd7cb2fd7684073ad37fa9

                                                                SHA512

                                                                ddbb3e1abdc7292199c96238b48300e745b99d406e3f86f9c656d87f17fda96ef1d8e997a658a70ba65d13243cb9dc8dad2bbb71c85d8d8fa4dfdc626664070d

                                                              • C:\Users\Admin\AppData\Local\Temp\wordpadbackup_testv4\plugin-container.exe

                                                                Filesize

                                                                282KB

                                                                MD5

                                                                37668418edb0f30c6f38d08c5ef319b7

                                                                SHA1

                                                                72d173273dfc9a5cf0661ece8e6d90c602679ba2

                                                                SHA256

                                                                4a7930a7130fe7c3c9822d90517e873e3e477c9a6978d096f740dc5b03770365

                                                                SHA512

                                                                9c5c0c3a095824c51c349487c2366e4dcd1f3602082627296ac06569b72e28ef1d976f8b3ef8df30a81d4483c3220cbb6ee429f7ad4633d8692b9bf3f4104fd9

                                                              • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

                                                                Filesize

                                                                2B

                                                                MD5

                                                                f3b25701fe362ec84616a93a45ce9998

                                                                SHA1

                                                                d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                                                SHA256

                                                                b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                                                SHA512

                                                                98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

                                                              • C:\Users\Admin\Downloads\Spectra Setup.exe

                                                                Filesize

                                                                3.6MB

                                                                MD5

                                                                fc70d38f98f81a7bf4f246094867c532

                                                                SHA1

                                                                e80c8d55b28a7444a8b054d61a6807bcd8f5aec0

                                                                SHA256

                                                                0504e906a3602a2776bbbd5f8047d8323ec653ba265bbbf49f89475647aae92f

                                                                SHA512

                                                                eb559a1d11263423fdca7d66a50a03d9bda5409dce3feea120bef67dc523ba09a193f9d0d4e9dc479a6047d953022bd915fab2759ff93c3cb1ce6d9273128ced

                                                              • C:\Users\Admin\Downloads\Spectra Setup.exe

                                                                Filesize

                                                                2.8MB

                                                                MD5

                                                                519c4cf14d51f3982df0b8d2dd32f9e7

                                                                SHA1

                                                                569e54ef469ceb63f6833940f075a854378a4031

                                                                SHA256

                                                                440a0ec8de07c625b8d1c90cb033dfcec8ec8692ad8bee86b9f029b34e4e8402

                                                                SHA512

                                                                a29676c32d0378574e30f827a30785b5e3e60b517bfbc89758720104eee91616bdd8389a12bb0bdd764e59fd6b57f4c952d3ae25cce5461ba0928d4c64348eb4

                                                              • C:\Users\Admin\Downloads\Spectra Setup.exe

                                                                Filesize

                                                                2.1MB

                                                                MD5

                                                                69f471519c8a62b9cc5101562f00620c

                                                                SHA1

                                                                9dde0443abbe994fe8330664ae05705f843a1770

                                                                SHA256

                                                                24592f2b86978748b4e355cf3b99423147550e5dd3e0fb45c1a7d39b24b210b3

                                                                SHA512

                                                                a6cd0eca0849dfcf0102ae332fc1b1e2740a58c2d613595a6ebcb059da0355a3ce2f722b87a5bb178ecca5e04004163fd47f45c45b13894c98c8a8d096d74de4

                                                              • \??\pipe\crashpad_4856_MWLFPITXUTVIZKAY

                                                                MD5

                                                                d41d8cd98f00b204e9800998ecf8427e

                                                                SHA1

                                                                da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                SHA256

                                                                e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                SHA512

                                                                cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                              • memory/572-1798-0x00007FFE6CDE0000-0x00007FFE6D8A1000-memory.dmp

                                                                Filesize

                                                                10.8MB

                                                              • memory/572-1787-0x0000016BCC1D0000-0x0000016BCC1E0000-memory.dmp

                                                                Filesize

                                                                64KB

                                                              • memory/572-1786-0x0000016BCC1D0000-0x0000016BCC1E0000-memory.dmp

                                                                Filesize

                                                                64KB

                                                              • memory/572-1785-0x00007FFE6CDE0000-0x00007FFE6D8A1000-memory.dmp

                                                                Filesize

                                                                10.8MB

                                                              • memory/868-1597-0x0000000075B00000-0x0000000075D15000-memory.dmp

                                                                Filesize

                                                                2.1MB

                                                              • memory/868-1595-0x0000000004090000-0x0000000004490000-memory.dmp

                                                                Filesize

                                                                4.0MB

                                                              • memory/868-1593-0x0000000004090000-0x0000000004490000-memory.dmp

                                                                Filesize

                                                                4.0MB

                                                              • memory/868-1592-0x0000000000A50000-0x0000000000ABF000-memory.dmp

                                                                Filesize

                                                                444KB

                                                              • memory/868-1591-0x0000000004090000-0x0000000004490000-memory.dmp

                                                                Filesize

                                                                4.0MB

                                                              • memory/868-1590-0x00007FFE96390000-0x00007FFE96585000-memory.dmp

                                                                Filesize

                                                                2.0MB

                                                              • memory/868-1514-0x0000000000A50000-0x0000000000ABF000-memory.dmp

                                                                Filesize

                                                                444KB

                                                              • memory/996-1232-0x00007FFE727A0000-0x00007FFE73261000-memory.dmp

                                                                Filesize

                                                                10.8MB

                                                              • memory/996-1237-0x00007FFE727A0000-0x00007FFE73261000-memory.dmp

                                                                Filesize

                                                                10.8MB

                                                              • memory/996-1234-0x000001B2E1CC0000-0x000001B2E1CD0000-memory.dmp

                                                                Filesize

                                                                64KB

                                                              • memory/996-1233-0x000001B2E1CC0000-0x000001B2E1CD0000-memory.dmp

                                                                Filesize

                                                                64KB

                                                              • memory/996-1222-0x000001B2E1C60000-0x000001B2E1C82000-memory.dmp

                                                                Filesize

                                                                136KB

                                                              • memory/2620-1289-0x0000000000400000-0x0000000000CDE000-memory.dmp

                                                                Filesize

                                                                8.9MB

                                                              • memory/2620-1306-0x00000000748C0000-0x0000000074A3B000-memory.dmp

                                                                Filesize

                                                                1.5MB

                                                              • memory/2620-1298-0x00000000748C0000-0x0000000074A3B000-memory.dmp

                                                                Filesize

                                                                1.5MB

                                                              • memory/2620-1296-0x00007FFE96390000-0x00007FFE96585000-memory.dmp

                                                                Filesize

                                                                2.0MB

                                                              • memory/2620-1295-0x00000000748C0000-0x0000000074A3B000-memory.dmp

                                                                Filesize

                                                                1.5MB

                                                              • memory/2620-1324-0x00000000748C0000-0x0000000074A3B000-memory.dmp

                                                                Filesize

                                                                1.5MB

                                                              • memory/2620-1283-0x0000000000E90000-0x0000000000E91000-memory.dmp

                                                                Filesize

                                                                4KB

                                                              • memory/2896-1784-0x00007FFE6CDE0000-0x00007FFE6D8A1000-memory.dmp

                                                                Filesize

                                                                10.8MB

                                                              • memory/2896-1780-0x00007FFE6CDE0000-0x00007FFE6D8A1000-memory.dmp

                                                                Filesize

                                                                10.8MB

                                                              • memory/2896-1782-0x000001BB7B020000-0x000001BB7B030000-memory.dmp

                                                                Filesize

                                                                64KB

                                                              • memory/2896-1781-0x000001BB7B020000-0x000001BB7B030000-memory.dmp

                                                                Filesize

                                                                64KB

                                                              • memory/2936-1871-0x00007FFE75230000-0x00007FFE753A2000-memory.dmp

                                                                Filesize

                                                                1.4MB

                                                              • memory/2936-1877-0x00007FFE75230000-0x00007FFE753A2000-memory.dmp

                                                                Filesize

                                                                1.4MB

                                                              • memory/3080-1886-0x0000000000F70000-0x00000000011AC000-memory.dmp

                                                                Filesize

                                                                2.2MB

                                                              • memory/3080-1888-0x0000000000F70000-0x00000000011AC000-memory.dmp

                                                                Filesize

                                                                2.2MB

                                                              • memory/3080-1885-0x0000000000310000-0x0000000000743000-memory.dmp

                                                                Filesize

                                                                4.2MB

                                                              • memory/3080-1881-0x0000000000F70000-0x00000000011AC000-memory.dmp

                                                                Filesize

                                                                2.2MB

                                                              • memory/3324-1251-0x000001A3FADB0000-0x000001A3FADC0000-memory.dmp

                                                                Filesize

                                                                64KB

                                                              • memory/3324-1250-0x00007FFE727A0000-0x00007FFE73261000-memory.dmp

                                                                Filesize

                                                                10.8MB

                                                              • memory/3324-1276-0x00007FFE727A0000-0x00007FFE73261000-memory.dmp

                                                                Filesize

                                                                10.8MB

                                                              • memory/3348-1602-0x00000000029B0000-0x0000000002DB0000-memory.dmp

                                                                Filesize

                                                                4.0MB

                                                              • memory/3348-1607-0x00000000029B0000-0x0000000002DB0000-memory.dmp

                                                                Filesize

                                                                4.0MB

                                                              • memory/3348-1605-0x00000000029B0000-0x0000000002DB0000-memory.dmp

                                                                Filesize

                                                                4.0MB

                                                              • memory/3368-1407-0x00007FFE96390000-0x00007FFE96585000-memory.dmp

                                                                Filesize

                                                                2.0MB

                                                              • memory/3368-1463-0x0000000073B80000-0x0000000073CFB000-memory.dmp

                                                                Filesize

                                                                1.5MB

                                                              • memory/3368-1400-0x0000000000400000-0x00000000007EC000-memory.dmp

                                                                Filesize

                                                                3.9MB

                                                              • memory/3368-1424-0x0000000073B80000-0x0000000073CFB000-memory.dmp

                                                                Filesize

                                                                1.5MB

                                                              • memory/3368-1406-0x0000000073B80000-0x0000000073CFB000-memory.dmp

                                                                Filesize

                                                                1.5MB

                                                              • memory/3368-1409-0x0000000073B80000-0x0000000073CFB000-memory.dmp

                                                                Filesize

                                                                1.5MB

                                                              • memory/3512-1933-0x00000000752E0000-0x000000007545B000-memory.dmp

                                                                Filesize

                                                                1.5MB

                                                              • memory/3512-1920-0x00000000752E0000-0x000000007545B000-memory.dmp

                                                                Filesize

                                                                1.5MB

                                                              • memory/3512-1908-0x00000000752E0000-0x000000007545B000-memory.dmp

                                                                Filesize

                                                                1.5MB

                                                              • memory/3856-1425-0x00007FFE72F80000-0x00007FFE730F2000-memory.dmp

                                                                Filesize

                                                                1.4MB

                                                              • memory/4056-1265-0x0000029A2CB00000-0x0000029A2CB10000-memory.dmp

                                                                Filesize

                                                                64KB

                                                              • memory/4056-1279-0x00007FFE727A0000-0x00007FFE73261000-memory.dmp

                                                                Filesize

                                                                10.8MB

                                                              • memory/4056-1263-0x00007FFE727A0000-0x00007FFE73261000-memory.dmp

                                                                Filesize

                                                                10.8MB

                                                              • memory/4056-1277-0x0000029A2CB00000-0x0000029A2CB10000-memory.dmp

                                                                Filesize

                                                                64KB

                                                              • memory/4056-1264-0x0000029A2CB00000-0x0000029A2CB10000-memory.dmp

                                                                Filesize

                                                                64KB

                                                              • memory/4144-1800-0x00000179F8E90000-0x00000179F8EA0000-memory.dmp

                                                                Filesize

                                                                64KB

                                                              • memory/4144-1812-0x00007FFE6CDE0000-0x00007FFE6D8A1000-memory.dmp

                                                                Filesize

                                                                10.8MB

                                                              • memory/4144-1801-0x00000179F8E90000-0x00000179F8EA0000-memory.dmp

                                                                Filesize

                                                                64KB

                                                              • memory/4144-1799-0x00007FFE6CDE0000-0x00007FFE6D8A1000-memory.dmp

                                                                Filesize

                                                                10.8MB

                                                              • memory/4272-1936-0x00007FFE75230000-0x00007FFE753A2000-memory.dmp

                                                                Filesize

                                                                1.4MB

                                                              • memory/4272-1931-0x00007FFE75230000-0x00007FFE753A2000-memory.dmp

                                                                Filesize

                                                                1.4MB

                                                              • memory/4320-1473-0x00007FFE96390000-0x00007FFE96585000-memory.dmp

                                                                Filesize

                                                                2.0MB

                                                              • memory/4372-1826-0x00007FFE6CDE0000-0x00007FFE6D8A1000-memory.dmp

                                                                Filesize

                                                                10.8MB

                                                              • memory/4372-1824-0x00000223F39B0000-0x00000223F39C0000-memory.dmp

                                                                Filesize

                                                                64KB

                                                              • memory/4372-1823-0x00000223F39B0000-0x00000223F39C0000-memory.dmp

                                                                Filesize

                                                                64KB

                                                              • memory/4372-1822-0x00007FFE6CDE0000-0x00007FFE6D8A1000-memory.dmp

                                                                Filesize

                                                                10.8MB

                                                              • memory/4476-1323-0x00007FFE72F80000-0x00007FFE730F2000-memory.dmp

                                                                Filesize

                                                                1.4MB

                                                              • memory/4476-1322-0x00007FFE72F80000-0x00007FFE730F2000-memory.dmp

                                                                Filesize

                                                                1.4MB

                                                              • memory/4476-1326-0x00007FFE72F80000-0x00007FFE730F2000-memory.dmp

                                                                Filesize

                                                                1.4MB

                                                              • memory/4800-1842-0x0000000002AE0000-0x0000000002AE1000-memory.dmp

                                                                Filesize

                                                                4KB

                                                              • memory/4800-1874-0x00000000748C0000-0x0000000074A3B000-memory.dmp

                                                                Filesize

                                                                1.5MB

                                                              • memory/4800-1863-0x00000000748C0000-0x0000000074A3B000-memory.dmp

                                                                Filesize

                                                                1.5MB

                                                              • memory/4800-1859-0x00000000748C0000-0x0000000074A3B000-memory.dmp

                                                                Filesize

                                                                1.5MB

                                                              • memory/4808-1307-0x00007FFE72F80000-0x00007FFE730F2000-memory.dmp

                                                                Filesize

                                                                1.4MB

                                                              • memory/4832-1464-0x00007FFE72F80000-0x00007FFE730F2000-memory.dmp

                                                                Filesize

                                                                1.4MB

                                                              • memory/4832-1435-0x00007FFE72F80000-0x00007FFE730F2000-memory.dmp

                                                                Filesize

                                                                1.4MB

                                                              • memory/4832-1434-0x00007FFE72F80000-0x00007FFE730F2000-memory.dmp

                                                                Filesize

                                                                1.4MB

                                                              • memory/4864-1342-0x0000000000A50000-0x0000000000C8C000-memory.dmp

                                                                Filesize

                                                                2.2MB

                                                              • memory/4864-1420-0x0000000000A50000-0x0000000000C8C000-memory.dmp

                                                                Filesize

                                                                2.2MB

                                                              • memory/4864-1347-0x0000000000310000-0x0000000000743000-memory.dmp

                                                                Filesize

                                                                4.2MB

                                                              • memory/4864-1349-0x0000000000A50000-0x0000000000C8C000-memory.dmp

                                                                Filesize

                                                                2.2MB

                                                              • memory/4864-1344-0x0000000000A50000-0x0000000000C8C000-memory.dmp

                                                                Filesize

                                                                2.2MB

                                                              • memory/4864-1343-0x00007FFE96390000-0x00007FFE96585000-memory.dmp

                                                                Filesize

                                                                2.0MB

                                                              • memory/4864-1350-0x0000000061E00000-0x0000000061EF3000-memory.dmp

                                                                Filesize

                                                                972KB

                                                              • memory/4864-1462-0x0000000000A50000-0x0000000000C8C000-memory.dmp

                                                                Filesize

                                                                2.2MB

                                                              • memory/4864-1392-0x0000000000A50000-0x0000000000C8C000-memory.dmp

                                                                Filesize

                                                                2.2MB

                                                              • memory/4864-1348-0x0000000000A50000-0x0000000000C8C000-memory.dmp

                                                                Filesize

                                                                2.2MB

                                                              • memory/4864-1451-0x0000000000A50000-0x0000000000C8C000-memory.dmp

                                                                Filesize

                                                                2.2MB

                                                              • memory/4956-1240-0x00000248E4C10000-0x00000248E4C20000-memory.dmp

                                                                Filesize

                                                                64KB

                                                              • memory/4956-1239-0x00000248E4C10000-0x00000248E4C20000-memory.dmp

                                                                Filesize

                                                                64KB

                                                              • memory/4956-1238-0x00007FFE727A0000-0x00007FFE73261000-memory.dmp

                                                                Filesize

                                                                10.8MB

                                                              • memory/4956-1262-0x00007FFE727A0000-0x00007FFE73261000-memory.dmp

                                                                Filesize

                                                                10.8MB

                                                              • memory/4968-1330-0x0000000075830000-0x00000000759AB000-memory.dmp

                                                                Filesize

                                                                1.5MB

                                                              • memory/4968-1329-0x0000000075830000-0x00000000759AB000-memory.dmp

                                                                Filesize

                                                                1.5MB

                                                              • memory/4968-1341-0x0000000075830000-0x00000000759AB000-memory.dmp

                                                                Filesize

                                                                1.5MB

                                                              • memory/4968-1328-0x00007FFE96390000-0x00007FFE96585000-memory.dmp

                                                                Filesize

                                                                2.0MB