Analysis

  • max time kernel
    1192s
  • max time network
    854s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    29-04-2024 16:44

General

  • Target

    https://www.roblox.com/download

Malware Config

Signatures

  • Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs
  • Process spawned unexpected child process 1 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • Downloads MZ/PE file
  • Modifies Installed Components in the registry 2 TTPs 25 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file 2 IoCs
  • Executes dropped EXE 30 IoCs
  • Loads dropped DLL 64 IoCs
  • Modifies file permissions 1 TTPs 1 IoCs
  • Registers COM server for autorun 1 TTPs 64 IoCs
  • UPX packed file 13 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Adds Run key to start application 2 TTPs 5 IoCs
  • Blocklisted process makes network request 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Drops desktop.ini file(s) 59 IoCs
  • Enumerates connected drives 3 TTPs 64 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Installs/modifies Browser Helper Object 2 TTPs 7 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Drops file in System32 directory 3 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 29 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 64 IoCs
  • Modifies Internet Explorer Protected Mode 1 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 35 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 54 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://www.roblox.com/download"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2960
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://www.roblox.com/download
      2⤵
      • Checks processor information in registry
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:2376
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2376.0.169570481\364910296" -parentBuildID 20221007134813 -prefsHandle 1224 -prefMapHandle 1184 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6be3a9ec-0794-47c3-ae5f-1caf6aee8a01} 2376 "\\.\pipe\gecko-crash-server-pipe.2376" 1300 110d3158 gpu
        3⤵
          PID:2600
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2376.1.887983389\643671784" -parentBuildID 20221007134813 -prefsHandle 1504 -prefMapHandle 1500 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3cd40ef-1e82-4d7d-9575-b9ef7191a11e} 2376 "\\.\pipe\gecko-crash-server-pipe.2376" 1516 d71f58 socket
          3⤵
          • Checks processor information in registry
          PID:2564
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2376.2.539475173\316929376" -childID 1 -isForBrowser -prefsHandle 1908 -prefMapHandle 1924 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 792 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5b308a2-c1ed-47a0-9621-57b5bbdb3795} 2376 "\\.\pipe\gecko-crash-server-pipe.2376" 2112 18a99758 tab
          3⤵
            PID:2744
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2376.3.1737921826\373184516" -childID 2 -isForBrowser -prefsHandle 2780 -prefMapHandle 2776 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 792 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {09b5e56e-4d8f-4d28-bb23-c2c0e979e3d7} 2376 "\\.\pipe\gecko-crash-server-pipe.2376" 2792 d62558 tab
            3⤵
              PID:1648
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2376.4.1957113499\446235816" -childID 3 -isForBrowser -prefsHandle 3800 -prefMapHandle 3716 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 792 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b166cd4f-df26-4b5e-92c1-23808f3b58c2} 2376 "\\.\pipe\gecko-crash-server-pipe.2376" 3816 2242c158 tab
              3⤵
                PID:328
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2376.5.51474424\2046819457" -childID 4 -isForBrowser -prefsHandle 3972 -prefMapHandle 3976 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 792 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {47f42141-6850-405f-bb01-908558423b89} 2376 "\\.\pipe\gecko-crash-server-pipe.2376" 3964 2242d058 tab
                3⤵
                  PID:1792
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2376.6.218059338\329732764" -childID 5 -isForBrowser -prefsHandle 4164 -prefMapHandle 4168 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 792 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {154dca25-310a-4bca-8855-05adabd61fd6} 2376 "\\.\pipe\gecko-crash-server-pipe.2376" 4156 2242e858 tab
                  3⤵
                    PID:916
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2376.7.1961015431\2135688391" -childID 6 -isForBrowser -prefsHandle 2184 -prefMapHandle 2120 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 792 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f06029ea-6ec8-4ff4-a044-21ec7535465b} 2376 "\\.\pipe\gecko-crash-server-pipe.2376" 2180 20f84a58 tab
                    3⤵
                      PID:2124
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe"
                  1⤵
                  • Enumerates system info in registry
                  • Suspicious behavior: EnumeratesProcesses
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of FindShellTrayWindow
                  • Suspicious use of SendNotifyMessage
                  PID:588
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef43c9758,0x7fef43c9768,0x7fef43c9778
                    2⤵
                      PID:2480
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1200 --field-trial-handle=1392,i,16181727947335966437,18192344020287057903,131072 /prefetch:2
                      2⤵
                        PID:976
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1532 --field-trial-handle=1392,i,16181727947335966437,18192344020287057903,131072 /prefetch:8
                        2⤵
                          PID:2936
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1608 --field-trial-handle=1392,i,16181727947335966437,18192344020287057903,131072 /prefetch:8
                          2⤵
                            PID:1944
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2216 --field-trial-handle=1392,i,16181727947335966437,18192344020287057903,131072 /prefetch:1
                            2⤵
                              PID:764
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2232 --field-trial-handle=1392,i,16181727947335966437,18192344020287057903,131072 /prefetch:1
                              2⤵
                                PID:1432
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1200 --field-trial-handle=1392,i,16181727947335966437,18192344020287057903,131072 /prefetch:2
                                2⤵
                                  PID:3396
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1316 --field-trial-handle=1392,i,16181727947335966437,18192344020287057903,131072 /prefetch:1
                                  2⤵
                                    PID:3480
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3456 --field-trial-handle=1392,i,16181727947335966437,18192344020287057903,131072 /prefetch:8
                                    2⤵
                                      PID:3568
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3580 --field-trial-handle=1392,i,16181727947335966437,18192344020287057903,131072 /prefetch:8
                                      2⤵
                                        PID:3576
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3484 --field-trial-handle=1392,i,16181727947335966437,18192344020287057903,131072 /prefetch:8
                                        2⤵
                                          PID:3768
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3912 --field-trial-handle=1392,i,16181727947335966437,18192344020287057903,131072 /prefetch:1
                                          2⤵
                                            PID:3960
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 --field-trial-handle=1392,i,16181727947335966437,18192344020287057903,131072 /prefetch:8
                                            2⤵
                                              PID:3512
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3456 --field-trial-handle=1392,i,16181727947335966437,18192344020287057903,131072 /prefetch:1
                                              2⤵
                                                PID:3920
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2332 --field-trial-handle=1392,i,16181727947335966437,18192344020287057903,131072 /prefetch:1
                                                2⤵
                                                  PID:3116
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4020 --field-trial-handle=1392,i,16181727947335966437,18192344020287057903,131072 /prefetch:8
                                                  2⤵
                                                    PID:3608
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2652 --field-trial-handle=1392,i,16181727947335966437,18192344020287057903,131072 /prefetch:1
                                                    2⤵
                                                      PID:2916
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1080 --field-trial-handle=1392,i,16181727947335966437,18192344020287057903,131072 /prefetch:1
                                                      2⤵
                                                        PID:1644
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3888 --field-trial-handle=1392,i,16181727947335966437,18192344020287057903,131072 /prefetch:8
                                                        2⤵
                                                          PID:3672
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3868 --field-trial-handle=1392,i,16181727947335966437,18192344020287057903,131072 /prefetch:8
                                                          2⤵
                                                            PID:3684
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3860 --field-trial-handle=1392,i,16181727947335966437,18192344020287057903,131072 /prefetch:8
                                                            2⤵
                                                              PID:2500
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1940 --field-trial-handle=1392,i,16181727947335966437,18192344020287057903,131072 /prefetch:8
                                                              2⤵
                                                                PID:3984
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4240 --field-trial-handle=1392,i,16181727947335966437,18192344020287057903,131072 /prefetch:8
                                                                2⤵
                                                                  PID:2224
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4100 --field-trial-handle=1392,i,16181727947335966437,18192344020287057903,131072 /prefetch:8
                                                                  2⤵
                                                                    PID:612
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3440 --field-trial-handle=1392,i,16181727947335966437,18192344020287057903,131072 /prefetch:8
                                                                    2⤵
                                                                      PID:3572
                                                                    • C:\Users\Admin\Downloads\TLauncher-Installer-1.3.5.exe
                                                                      "C:\Users\Admin\Downloads\TLauncher-Installer-1.3.5.exe"
                                                                      2⤵
                                                                      • Executes dropped EXE
                                                                      • Loads dropped DLL
                                                                      PID:3604
                                                                      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
                                                                        "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1773458 "__IRAFN:C:\Users\Admin\Downloads\TLauncher-Installer-1.3.5.exe" "__IRCT:3" "__IRTSS:24068259" "__IRSID:S-1-5-21-2721934792-624042501-2768869379-1000"
                                                                        3⤵
                                                                        • Executes dropped EXE
                                                                        • Loads dropped DLL
                                                                        • Modifies system certificate store
                                                                        • Suspicious use of SetWindowsHookEx
                                                                        PID:3684
                                                                        • C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
                                                                          "C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe" /NOINIT /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini
                                                                          4⤵
                                                                          • Executes dropped EXE
                                                                          • Loads dropped DLL
                                                                          PID:1532
                                                                          • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
                                                                            "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe" /NOINIT /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini __IRAOFF:1679762 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe" "__IRCT:3" "__IRTSS:1708464" "__IRSID:S-1-5-21-2721934792-624042501-2768869379-1000"
                                                                            5⤵
                                                                            • Executes dropped EXE
                                                                            • Loads dropped DLL
                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                            • Suspicious use of SetWindowsHookEx
                                                                            PID:916
                                                                        • C:\Users\Admin\AppData\Local\Temp\jre-windows.exe
                                                                          "C:\Users\Admin\AppData\Local\Temp\jre-windows.exe" STATIC=1
                                                                          4⤵
                                                                          • Executes dropped EXE
                                                                          • Loads dropped DLL
                                                                          PID:2500
                                                                          • C:\Users\Admin\AppData\Local\Temp\jds259515104.tmp\jre-windows.exe
                                                                            "C:\Users\Admin\AppData\Local\Temp\jds259515104.tmp\jre-windows.exe" "STATIC=1"
                                                                            5⤵
                                                                            • Executes dropped EXE
                                                                            • Modifies Internet Explorer settings
                                                                            • Suspicious behavior: GetForegroundWindowSpam
                                                                            • Suspicious use of SetWindowsHookEx
                                                                            PID:3480
                                                                            • C:\Program Files\Java\jre-1.8\bin\javaw.exe
                                                                              -Djdk.disableLastUsageTracking -cp "C:\Program Files\Java\jre-1.8\bin\..\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -getUserWebJavaStatus
                                                                              6⤵
                                                                              • Executes dropped EXE
                                                                              PID:1196
                                                                            • C:\Program Files\Java\jre-1.8\bin\javaw.exe
                                                                              -Djdk.disableLastUsageTracking -cp "C:\Program Files\Java\jre-1.8\bin\..\lib\deploy.jar" com.sun.deploy.panel.ControlPanel -getUserPreviousDecisionsExist 30
                                                                              6⤵
                                                                              • Executes dropped EXE
                                                                              PID:3996
                                                                        • C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
                                                                          "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
                                                                          4⤵
                                                                          • Executes dropped EXE
                                                                          PID:2272
                                                                          • C:\Program Files\Java\jre-1.8\bin\javaw.exe
                                                                            "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
                                                                            5⤵
                                                                            • Executes dropped EXE
                                                                            • Suspicious use of SetWindowsHookEx
                                                                            PID:3984
                                                                            • C:\Windows\system32\icacls.exe
                                                                              C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
                                                                              6⤵
                                                                              • Modifies file permissions
                                                                              PID:2880
                                                                            • C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe
                                                                              C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\bin\java.exe -Xmx1024m -Dfile.encoding=UTF8 -Djava.net.preferIPv4Stack=true --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.time=ALL-UNNAMED --add-opens=java.desktop/java.awt=ALL-UNNAMED --add-opens=java.desktop/sun.awt.image=ALL-UNNAMED --add-opens=java.desktop/sun.java2d=ALL-UNNAMED --add-opens=java.desktop/java.awt.color=ALL-UNNAMED --add-opens=java.desktop/java.awt.image=ALL-UNNAMED --add-opens=java.desktop/com.apple.eawt=ALL-UNNAMED --add-opens=java.base/java.util.regex=ALL-UNNAMED --add-opens=java.desktop/javax.swing=ALL-UNNAMED --add-opens=java.desktop/java.beans=ALL-UNNAMED --add-opens=javafx.web/com.sun.webkit.network=ALL-UNNAMED -cp C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\aopalliance-1.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\checker-qual-3.12.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-codec-1.9.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-compress-1.23.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-io-2.11.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-lang3-3.4.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-logging-1.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-logging-api-1.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\commons-vfs2-2.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\desktop-common-util-1.11.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\DiscordIPC-0.5.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\dnsjava-2.1.8.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\error_prone_annotations-2.18.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\failureaccess-1.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\fluent-hc-4.5.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\gson-2.8.8.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\guava-31.0.1-jre.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\guice-7.0.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\guice-assistedinject-7.0.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\hamcrest-core-1.3.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\http-download-1.11.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\httpclient-4.5.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\httpcore-4.4.4.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\j2objc-annotations-1.3.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jakarta.inject-api-2.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-base-17.0.0.1-win.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-base-17.0.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-controls-17.0.0.1-win.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-controls-17.0.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-graphics-17.0.0.1-win.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-graphics-17.0.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-media-17.0.0.1-win.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-media-17.0.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-swing-17.0.0.1-win.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-swing-17.0.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-web-17.0.0.1-win.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javafx-web-17.0.0.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\javax.annotation-api-1.3.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jaxb-api-2.3.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jaxb-core-2.3.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jaxb-impl-2.3.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jcl-over-slf4j-1.7.25.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jopt-simple-5.0.4.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\json-20230227.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\jsr305-3.0.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\junit-4.13.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\junixsocket-common-2.6.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\junixsocket-native-common-2.6.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\junrar-0.7.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\log4j-1.2.17.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\logback-classic-1.2.10.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\logback-core-1.2.10.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\lombok-1.18.30.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\maven-scm-api-1.4.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\maven-scm-provider-svn-commons-1.4.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\maven-scm-provider-svnexe-1.4.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\MinecraftServerPing-1.0.2.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\mockserver-netty-no-dependencies-5.14.0.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\modpack-dto-2.2914.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\picture-bundle-3.72.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\plexus-utils-1.5.6.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\regexp-1.3.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\skin-server-API-1.3.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\slf4j-api-1.7.25.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\statistics-dto-1.73.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\tlauncher-resource-1.6.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\url-cache-1.1.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\dependencies\xz-1.9.jar;C:\Users\Admin\AppData\Roaming\.tlauncher\starter\original-TLauncher-2.921.jar; org.tlauncher.tlauncher.rmo.TLauncher -starterConfig=C:\Users\Admin\AppData\Roaming\.tlauncher\starter\starter.json -requireUpdate=false -currentAppVersion=2.921
                                                                              6⤵
                                                                              • Checks computer location settings
                                                                              • Executes dropped EXE
                                                                              • Checks processor information in registry
                                                                              • Suspicious use of SetWindowsHookEx
                                                                              PID:3792
                                                                              • C:\Windows\system32\cmd.exe
                                                                                cmd.exe /C chcp 437 & wmic CPU get NAME
                                                                                7⤵
                                                                                  PID:3468
                                                                                  • C:\Windows\system32\chcp.com
                                                                                    chcp 437
                                                                                    8⤵
                                                                                      PID:3004
                                                                                    • C:\Windows\System32\Wbem\WMIC.exe
                                                                                      wmic CPU get NAME
                                                                                      8⤵
                                                                                        PID:2904
                                                                                    • C:\Windows\system32\cmd.exe
                                                                                      cmd.exe /C chcp 437 & set processor
                                                                                      7⤵
                                                                                        PID:3536
                                                                                        • C:\Windows\system32\chcp.com
                                                                                          chcp 437
                                                                                          8⤵
                                                                                            PID:2588
                                                                                        • C:\Windows\system32\cmd.exe
                                                                                          cmd.exe /C chcp 437 & dxdiag /whql:off /t C:\Users\Admin\AppData\Roaming\.minecraft\logs\tlauncher\dxdiag.txt
                                                                                          7⤵
                                                                                            PID:2996
                                                                                            • C:\Windows\system32\chcp.com
                                                                                              chcp 437
                                                                                              8⤵
                                                                                                PID:3424
                                                                                              • C:\Windows\system32\dxdiag.exe
                                                                                                dxdiag /whql:off /t C:\Users\Admin\AppData\Roaming\.minecraft\logs\tlauncher\dxdiag.txt
                                                                                                8⤵
                                                                                                  PID:2592
                                                                                                  • C:\Windows\SysWOW64\dxdiag.exe
                                                                                                    "C:\Windows\SysWOW64\dxdiag.exe" /whql:off /t C:\Users\Admin\AppData\Roaming\.minecraft\logs\tlauncher\dxdiag.txt
                                                                                                    9⤵
                                                                                                    • Drops file in Windows directory
                                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                                    PID:800
                                                                                              • C:\Windows\system32\cmd.exe
                                                                                                cmd.exe /C chcp 437 & wmic qfe get HotFixID
                                                                                                7⤵
                                                                                                  PID:3644
                                                                                                  • C:\Windows\system32\chcp.com
                                                                                                    chcp 437
                                                                                                    8⤵
                                                                                                      PID:3932
                                                                                                    • C:\Windows\System32\Wbem\WMIC.exe
                                                                                                      wmic qfe get HotFixID
                                                                                                      8⤵
                                                                                                        PID:3780
                                                                                                    • C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\bin\javaw.exe
                                                                                                      C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\bin\javaw.exe -Djava.library.path=C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.11.2\natives -cp C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\tlauncher\netty\1.8.8\netty-1.8.8.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\oshi-project\oshi-core\1.1\oshi-core-1.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\java\dev\jna\jna\3.4.0\jna-3.4.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\java\dev\jna\platform\3.4.0\platform-3.4.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\ibm\icu\icu4j-core-mojang\51.2\icu4j-core-mojang-51.2.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\sf\jopt-simple\jopt-simple\4.6\jopt-simple-4.6.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\paulscode\codecjorbis\20101023\codecjorbis-20101023.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\paulscode\codecwav\20101023\codecwav-20101023.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\paulscode\libraryjavasound\20101123\libraryjavasound-20101123.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\paulscode\librarylwjglopenal\20100824\librarylwjglopenal-20100824.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\paulscode\soundsystem\20120107\soundsystem-20120107.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\io\netty\netty-all\4.0.23.Final\netty-all-4.0.23.Final.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\google\guava\guava\17.0\guava-17.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\commons\commons-lang3\3.3.2\commons-lang3-3.3.2.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\commons-io\commons-io\2.4\commons-io-2.4.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\commons-codec\commons-codec\1.9\commons-codec-1.9.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\java\jinput\jinput\2.0.5\jinput-2.0.5.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\java\jutils\jutils\1.0.0\jutils-1.0.0.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\google\code\gson\gson\2.2.4\gson-2.2.4.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\tlauncher\authlib\1.6.24\authlib-1.6.24.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\com\mojang\realms\1.10.16\realms-1.10.16.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\commons\commons-compress\1.8.1\commons-compress-1.8.1.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\httpcomponents\httpclient\4.3.3\httpclient-4.3.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\commons-logging\commons-logging\1.1.3\commons-logging-1.1.3.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\httpcomponents\httpcore\4.3.2\httpcore-4.3.2.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\it\unimi\dsi\fastutil\7.0.12_mojang\fastutil-7.0.12_mojang.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j\log4j-api\2.0-beta9\log4j-api-2.0-beta9.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j\log4j-core\2.0-beta9\log4j-core-2.0-beta9.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\lwjgl\2.9.4-nightly-20150209\lwjgl-2.9.4-nightly-20150209.jar;C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\lwjgl_util\2.9.4-nightly-20150209\lwjgl_util-2.9.4-nightly-20150209.jar;C:\Users\Admin\AppData\Roaming\.minecraft\versions\1.11.2\1.11.2.jar -Xmx1535M -XX:+UseConcMarkSweepGC -Dminecraft.applet.TargetDirectory=C:\Users\Admin\AppData\Roaming\.minecraft -DlibraryDirectory=C:\Users\Admin\AppData\Roaming\.minecraft\libraries -Dlog4j.configurationFile=C:\Users\Admin\AppData\Roaming\.minecraft\assets\log_configs\client-1.7.xml net.minecraft.client.main.Main --username nam,e --version 1.11.2 --gameDir C:\Users\Admin\AppData\Roaming\.minecraft --assetsDir C:\Users\Admin\AppData\Roaming\.minecraft\assets --assetIndex 1.11 --uuid 31c66dfd0408421ebcaa3b84b194bed7 --accessToken null --userType mojang --versionType release --width 925 --height 530
                                                                                                      7⤵
                                                                                                      • Executes dropped EXE
                                                                                                      PID:2248
                                                                                        • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                                                                          "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                                                                          1⤵
                                                                                            PID:884
                                                                                          • C:\Windows\system32\msiexec.exe
                                                                                            C:\Windows\system32\msiexec.exe /V
                                                                                            1⤵
                                                                                            • Loads dropped DLL
                                                                                            • Adds Run key to start application
                                                                                            • Blocklisted process makes network request
                                                                                            • Drops desktop.ini file(s)
                                                                                            • Enumerates connected drives
                                                                                            • Installs/modifies Browser Helper Object
                                                                                            • Drops file in Program Files directory
                                                                                            • Drops file in Windows directory
                                                                                            • Checks processor information in registry
                                                                                            • Modifies data under HKEY_USERS
                                                                                            • Modifies registry class
                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                            PID:3576
                                                                                            • C:\Windows\system32\MsiExec.exe
                                                                                              C:\Windows\system32\MsiExec.exe -Embedding 86B2D43CBBE1FC5EA59FA8DCF3126352
                                                                                              2⤵
                                                                                              • Loads dropped DLL
                                                                                              PID:2496
                                                                                            • C:\Program Files\Java\jre-1.8\installer.exe
                                                                                              "C:\Program Files\Java\jre-1.8\installer.exe" /s INSTALLDIR="C:\Program Files\Java\jre-1.8\\" STATIC=1 INSTALL_SILENT=1 REPAIRMODE=0 ProductCode={71024AE4-039E-4CA4-87B4-2F64180401F0}
                                                                                              2⤵
                                                                                              • Executes dropped EXE
                                                                                              • Loads dropped DLL
                                                                                              • Registers COM server for autorun
                                                                                              • Installs/modifies Browser Helper Object
                                                                                              • Drops file in System32 directory
                                                                                              • Modifies Internet Explorer settings
                                                                                              • Modifies data under HKEY_USERS
                                                                                              • Modifies registry class
                                                                                              PID:2608
                                                                                              • C:\Program Files\Java\jre-1.8\bin\javaw.exe
                                                                                                "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -Xshare:dump -Djdk.disableLastUsageTracking
                                                                                                3⤵
                                                                                                • Executes dropped EXE
                                                                                                • Loads dropped DLL
                                                                                                PID:1848
                                                                                              • C:\Program Files\Java\jre-1.8\bin\ssvagent.exe
                                                                                                "C:\Program Files\Java\jre-1.8\bin\ssvagent.exe" -doHKCUSSVSetup
                                                                                                3⤵
                                                                                                • Executes dropped EXE
                                                                                                • Registers COM server for autorun
                                                                                                • Modifies registry class
                                                                                                PID:3468
                                                                                              • C:\Program Files\Java\jre-1.8\bin\javaws.exe
                                                                                                "C:\Program Files\Java\jre-1.8\bin\javaws.exe" -wait -fix -permissions -silent
                                                                                                3⤵
                                                                                                • Executes dropped EXE
                                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                                PID:4068
                                                                                                • C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe
                                                                                                  "C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre-1.8" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxsaWJcZGVwbG95LmphcgAtRGphdmEuc2VjdXJpdHkucG9saWN5PWZpbGU6QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZS0xLjhcbGliXHNlY3VyaXR5XGphdmF3cy5wb2xpY3kALUR0cnVzdFByb3h5PXRydWUALVh2ZXJpZnk6cmVtb3RlAC1Eam5scHguaG9tZT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxqYXZhd3MuamFyO0M6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxkZXBsb3kuamFyO0M6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxiaW5camF2YXcuZXhl -ma LXdhaXQALWZpeAAtcGVybWlzc2lvbnMALXNpbGVudAAtbm90V2ViSmF2YQ==
                                                                                                  4⤵
                                                                                                  • Executes dropped EXE
                                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                  PID:3776
                                                                                              • C:\Program Files\Java\jre-1.8\bin\javaws.exe
                                                                                                "C:\Program Files\Java\jre-1.8\bin\javaws.exe" -wait -fix -shortcut -silent
                                                                                                3⤵
                                                                                                • Executes dropped EXE
                                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                                PID:1520
                                                                                                • C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe
                                                                                                  "C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre-1.8" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxsaWJcZGVwbG95LmphcgAtRGphdmEuc2VjdXJpdHkucG9saWN5PWZpbGU6QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZS0xLjhcbGliXHNlY3VyaXR5XGphdmF3cy5wb2xpY3kALUR0cnVzdFByb3h5PXRydWUALVh2ZXJpZnk6cmVtb3RlAC1Eam5scHguaG9tZT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxqYXZhd3MuamFyO0M6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxkZXBsb3kuamFyO0M6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUtMS44XGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlLTEuOFxiaW5camF2YXcuZXhl -ma LXdhaXQALWZpeAAtc2hvcnRjdXQALXNpbGVudAAtbm90V2ViSmF2YQ==
                                                                                                  4⤵
                                                                                                  • Executes dropped EXE
                                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                  PID:1644
                                                                                            • C:\Windows\system32\MsiExec.exe
                                                                                              C:\Windows\system32\MsiExec.exe -Embedding D085ADC4245D3822DFDD4D27D000CF2E M Global\MSI0000
                                                                                              2⤵
                                                                                                PID:2264
                                                                                              • C:\Windows\syswow64\MsiExec.exe
                                                                                                C:\Windows\syswow64\MsiExec.exe -Embedding 5D311CAD32DB81DBF48C4381177971E3
                                                                                                2⤵
                                                                                                  PID:2872
                                                                                                • C:\Windows\syswow64\MsiExec.exe
                                                                                                  C:\Windows\syswow64\MsiExec.exe -Embedding A296A4DD1753F0D75A99313F58F5FA49 M Global\MSI0000
                                                                                                  2⤵
                                                                                                    PID:4088
                                                                                                  • C:\Windows\syswow64\MsiExec.exe
                                                                                                    C:\Windows\syswow64\MsiExec.exe -Embedding 63FCD6F2B3C0C1F9F4B1915CAA15CEA4
                                                                                                    2⤵
                                                                                                    • Drops file in System32 directory
                                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                                    PID:2532
                                                                                                  • C:\Windows\syswow64\MsiExec.exe
                                                                                                    C:\Windows\syswow64\MsiExec.exe -Embedding B5DF489B054E45548601D9C227FB33D9 M Global\MSI0000
                                                                                                    2⤵
                                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                                    PID:3928
                                                                                                    • C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe
                                                                                                      "C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe" -AU_LAUNCH_MODE=5
                                                                                                      3⤵
                                                                                                      • Executes dropped EXE
                                                                                                      PID:3312
                                                                                                  • C:\Windows\syswow64\MsiExec.exe
                                                                                                    "C:\Windows\syswow64\MsiExec.exe" /Z "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\authplay.dll"
                                                                                                    2⤵
                                                                                                      PID:3504
                                                                                                  • C:\Windows\explorer.exe
                                                                                                    "C:\Windows\explorer.exe"
                                                                                                    1⤵
                                                                                                      PID:1748
                                                                                                    • C:\Windows\system32\AUDIODG.EXE
                                                                                                      C:\Windows\system32\AUDIODG.EXE 0x55c
                                                                                                      1⤵
                                                                                                        PID:3936
                                                                                                      • C:\Windows\system32\wbem\wmiprvse.exe
                                                                                                        C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                        1⤵
                                                                                                          PID:2496
                                                                                                        • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
                                                                                                          "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"
                                                                                                          1⤵
                                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                                          PID:1624
                                                                                                        • C:\Windows\SysWOW64\DllHost.exe
                                                                                                          C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
                                                                                                          1⤵
                                                                                                            PID:1980
                                                                                                          • C:\Windows\SysWOW64\DllHost.exe
                                                                                                            C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
                                                                                                            1⤵
                                                                                                              PID:2052
                                                                                                            • C:\Windows\SysWOW64\DllHost.exe
                                                                                                              C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
                                                                                                              1⤵
                                                                                                                PID:3500
                                                                                                              • C:\Windows\system32\LogonUI.exe
                                                                                                                "LogonUI.exe" /flags:0x0
                                                                                                                1⤵
                                                                                                                  PID:1740
                                                                                                                • C:\Windows\system32\csrss.exe
                                                                                                                  %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
                                                                                                                  1⤵
                                                                                                                  • Enumerates system info in registry
                                                                                                                  PID:1924
                                                                                                                • C:\Windows\system32\winlogon.exe
                                                                                                                  winlogon.exe
                                                                                                                  1⤵
                                                                                                                    PID:948
                                                                                                                    • C:\Windows\system32\LogonUI.exe
                                                                                                                      "LogonUI.exe" /flags:0x0
                                                                                                                      2⤵
                                                                                                                        PID:1116
                                                                                                                      • C:\Windows\system32\userinit.exe
                                                                                                                        C:\Windows\system32\userinit.exe
                                                                                                                        2⤵
                                                                                                                          PID:352
                                                                                                                          • C:\Windows\Explorer.EXE
                                                                                                                            C:\Windows\Explorer.EXE
                                                                                                                            3⤵
                                                                                                                            • Modifies visibility of file extensions in Explorer
                                                                                                                            • Modifies Installed Components in the registry
                                                                                                                            • Drops desktop.ini file(s)
                                                                                                                            • Drops file in Windows directory
                                                                                                                            • Checks processor information in registry
                                                                                                                            • Modifies Internet Explorer settings
                                                                                                                            • Modifies registry class
                                                                                                                            • Suspicious behavior: GetForegroundWindowSpam
                                                                                                                            • Suspicious use of FindShellTrayWindow
                                                                                                                            • Suspicious use of SendNotifyMessage
                                                                                                                            • Suspicious use of SetWindowsHookEx
                                                                                                                            PID:2984
                                                                                                                            • C:\Windows\System32\regsvr32.exe
                                                                                                                              "C:\Windows\System32\regsvr32.exe" /s /n /i:/UserInstall C:\Windows\system32\themeui.dll
                                                                                                                              4⤵
                                                                                                                              • Drops desktop.ini file(s)
                                                                                                                              • Sets desktop wallpaper using registry
                                                                                                                              PID:1560
                                                                                                                            • C:\Program Files (x86)\Windows Mail\WinMail.exe
                                                                                                                              "C:\Program Files (x86)\Windows Mail\WinMail.exe" OCInstallUserConfigOE
                                                                                                                              4⤵
                                                                                                                              • Drops desktop.ini file(s)
                                                                                                                              PID:2424
                                                                                                                              • C:\Program Files\Windows Mail\WinMail.exe
                                                                                                                                "C:\Program Files\Windows Mail\WinMail" OCInstallUserConfigOE
                                                                                                                                5⤵
                                                                                                                                • Drops desktop.ini file(s)
                                                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                                                PID:1588
                                                                                                                            • C:\Windows\System32\unregmp2.exe
                                                                                                                              "C:\Windows\System32\unregmp2.exe" /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
                                                                                                                              4⤵
                                                                                                                              • Drops desktop.ini file(s)
                                                                                                                              • Enumerates connected drives
                                                                                                                              PID:3220
                                                                                                                            • C:\Windows\System32\regsvr32.exe
                                                                                                                              "C:\Windows\System32\regsvr32.exe" /s /n /i:U shell32.dll
                                                                                                                              4⤵
                                                                                                                              • Drops startup file
                                                                                                                              • Drops desktop.ini file(s)
                                                                                                                              PID:2776
                                                                                                                            • C:\Windows\SysWOW64\rundll32.exe
                                                                                                                              "C:\Windows\SysWOW64\rundll32.exe" C:\Windows\SysWOW64\mscories.dll,Install
                                                                                                                              4⤵
                                                                                                                                PID:1812
                                                                                                                              • C:\Windows\System32\ie4uinit.exe
                                                                                                                                "C:\Windows\System32\ie4uinit.exe" -UserConfig
                                                                                                                                4⤵
                                                                                                                                • Drops desktop.ini file(s)
                                                                                                                                • Drops file in Windows directory
                                                                                                                                • Modifies Internet Explorer Protected Mode
                                                                                                                                • Modifies Internet Explorer settings
                                                                                                                                • Modifies Internet Explorer start page
                                                                                                                                PID:2784
                                                                                                                                • C:\Windows\System32\ie4uinit.exe
                                                                                                                                  C:\Windows\System32\ie4uinit.exe -ClearIconCache
                                                                                                                                  5⤵
                                                                                                                                    PID:2452
                                                                                                                                  • C:\Windows\System32\rundll32.exe
                                                                                                                                    C:\Windows\System32\rundll32 advpack.dll,LaunchINFSectionEx C:\Windows\system32\ieuinit.inf,Install,,36
                                                                                                                                    5⤵
                                                                                                                                    • Drops file in Windows directory
                                                                                                                                    • Modifies Internet Explorer settings
                                                                                                                                    PID:2112
                                                                                                                                  • C:\Windows\System32\rundll32.exe
                                                                                                                                    C:\Windows\System32\rundll32 C:\Windows\system32\migration\WininetPlugin.dll,MigrateCacheForUser /m
                                                                                                                                    5⤵
                                                                                                                                      PID:612
                                                                                                                                      • C:\Windows\system32\RunDll32.exe
                                                                                                                                        C:\Windows\system32\RunDll32.exe C:\Windows\system32\migration\WininetPlugin.dll,MigrateCacheForUser /m /0
                                                                                                                                        6⤵
                                                                                                                                          PID:3240
                                                                                                                                        • C:\Windows\system32\RunDll32.exe
                                                                                                                                          C:\Windows\system32\RunDll32.exe C:\Windows\system32\migration\WininetPlugin.dll,MigrateCacheForUser /m /0
                                                                                                                                          6⤵
                                                                                                                                            PID:1684
                                                                                                                                      • C:\Windows\System32\regsvr32.exe
                                                                                                                                        "C:\Windows\System32\regsvr32.exe" /s /n /i:/UserInstall C:\Windows\system32\themeui.dll
                                                                                                                                        4⤵
                                                                                                                                        • Sets desktop wallpaper using registry
                                                                                                                                        • Modifies Internet Explorer settings
                                                                                                                                        PID:2060
                                                                                                                                      • C:\Program Files\Windows Mail\WinMail.exe
                                                                                                                                        "C:\Program Files\Windows Mail\WinMail.exe" OCInstallUserConfigOE
                                                                                                                                        4⤵
                                                                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                                                                        PID:3000
                                                                                                                                      • C:\Windows\System32\unregmp2.exe
                                                                                                                                        "C:\Windows\System32\unregmp2.exe" /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
                                                                                                                                        4⤵
                                                                                                                                        • Drops desktop.ini file(s)
                                                                                                                                        • Enumerates connected drives
                                                                                                                                        • Modifies Internet Explorer settings
                                                                                                                                        • Modifies registry class
                                                                                                                                        PID:1008
                                                                                                                                      • C:\Windows\System32\regsvr32.exe
                                                                                                                                        "C:\Windows\System32\regsvr32.exe" /s /n /i:U shell32.dll
                                                                                                                                        4⤵
                                                                                                                                        • Drops startup file
                                                                                                                                        • Drops desktop.ini file(s)
                                                                                                                                        PID:1280
                                                                                                                                      • C:\Windows\System32\rundll32.exe
                                                                                                                                        "C:\Windows\System32\rundll32.exe" C:\Windows\system32\mscories.dll,Install
                                                                                                                                        4⤵
                                                                                                                                          PID:2084
                                                                                                                                        • C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
                                                                                                                                          "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
                                                                                                                                          4⤵
                                                                                                                                            PID:2340
                                                                                                                                            • C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
                                                                                                                                              "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13fcf7688,0x13fcf7698,0x13fcf76a8
                                                                                                                                              5⤵
                                                                                                                                                PID:2480
                                                                                                                                              • C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
                                                                                                                                                "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\Google\Chrome\Application\master_preferences" --create-shortcuts=1 --install-level=0
                                                                                                                                                5⤵
                                                                                                                                                  PID:1844
                                                                                                                                                  • C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
                                                                                                                                                    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13fcf7688,0x13fcf7698,0x13fcf76a8
                                                                                                                                                    6⤵
                                                                                                                                                      PID:3280
                                                                                                                                                • C:\Windows\System32\u7e72d.exe
                                                                                                                                                  "C:\Windows\System32\u7e72d.exe"
                                                                                                                                                  4⤵
                                                                                                                                                    PID:1336
                                                                                                                                                  • C:\Program Files\Windows Sidebar\sidebar.exe
                                                                                                                                                    "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
                                                                                                                                                    4⤵
                                                                                                                                                      PID:2800
                                                                                                                                                    • C:\Windows\SysWOW64\runonce.exe
                                                                                                                                                      C:\Windows\SysWOW64\runonce.exe /Run6432
                                                                                                                                                      4⤵
                                                                                                                                                      • Checks processor information in registry
                                                                                                                                                      PID:1256
                                                                                                                                                      • C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
                                                                                                                                                        "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
                                                                                                                                                        5⤵
                                                                                                                                                          PID:1788
                                                                                                                                                        • C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
                                                                                                                                                          "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
                                                                                                                                                          5⤵
                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                          PID:2884
                                                                                                                                                      • C:\Windows\System32\mctadmin.exe
                                                                                                                                                        "C:\Windows\System32\mctadmin.exe"
                                                                                                                                                        4⤵
                                                                                                                                                        • Drops desktop.ini file(s)
                                                                                                                                                        • Modifies Internet Explorer settings
                                                                                                                                                        PID:3188
                                                                                                                                                  • C:\Windows\system32\LogonUI.exe
                                                                                                                                                    "LogonUI.exe" /flags:0x0
                                                                                                                                                    2⤵
                                                                                                                                                      PID:3100
                                                                                                                                                  • C:\Windows\system32\Dwm.exe
                                                                                                                                                    "C:\Windows\system32\Dwm.exe"
                                                                                                                                                    1⤵
                                                                                                                                                      PID:2756
                                                                                                                                                    • C:\Windows\system32\rundll32.exe
                                                                                                                                                      rundll32.exe uxtheme.dll,#64 C:\Windows\resources\Themes\Aero\Aero.msstyles?NormalColor?NormalSize
                                                                                                                                                      1⤵
                                                                                                                                                        PID:3836
                                                                                                                                                      • C:\Windows\system32\rundll32.exe
                                                                                                                                                        rundll32.exe uxtheme.dll,#64 C:\Windows\resources\Themes\Aero\Aero.msstyles?NormalColor?NormalSize
                                                                                                                                                        1⤵
                                                                                                                                                          PID:2472
                                                                                                                                                        • C:\Windows\SysWOW64\DllHost.exe
                                                                                                                                                          C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
                                                                                                                                                          1⤵
                                                                                                                                                            PID:916
                                                                                                                                                          • C:\Windows\system32\DllHost.exe
                                                                                                                                                            C:\Windows\system32\DllHost.exe /Processid:{86D5EB8A-859F-4C7B-A76B-2BD819B7A850}
                                                                                                                                                            1⤵
                                                                                                                                                              PID:2728
                                                                                                                                                            • C:\Windows\system32\DllHost.exe
                                                                                                                                                              C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
                                                                                                                                                              1⤵
                                                                                                                                                                PID:2448
                                                                                                                                                              • C:\Windows\system32\csrss.exe
                                                                                                                                                                %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
                                                                                                                                                                1⤵
                                                                                                                                                                • Enumerates system info in registry
                                                                                                                                                                PID:2300
                                                                                                                                                              • C:\Windows\system32\winlogon.exe
                                                                                                                                                                winlogon.exe
                                                                                                                                                                1⤵
                                                                                                                                                                  PID:1380
                                                                                                                                                                  • C:\Windows\system32\LogonUI.exe
                                                                                                                                                                    "LogonUI.exe" /flags:0x0
                                                                                                                                                                    2⤵
                                                                                                                                                                      PID:1944
                                                                                                                                                                    • C:\Windows\system32\userinit.exe
                                                                                                                                                                      C:\Windows\system32\userinit.exe
                                                                                                                                                                      2⤵
                                                                                                                                                                        PID:1136
                                                                                                                                                                        • C:\Windows\Explorer.EXE
                                                                                                                                                                          C:\Windows\Explorer.EXE
                                                                                                                                                                          3⤵
                                                                                                                                                                          • Modifies Installed Components in the registry
                                                                                                                                                                          • Drops file in Windows directory
                                                                                                                                                                          • Suspicious behavior: GetForegroundWindowSpam
                                                                                                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                                                                                                          PID:1148
                                                                                                                                                                          • C:\Windows\System32\u7e72d.exe
                                                                                                                                                                            "C:\Windows\System32\u7e72d.exe"
                                                                                                                                                                            4⤵
                                                                                                                                                                              PID:1520
                                                                                                                                                                            • C:\Windows\SysWOW64\runonce.exe
                                                                                                                                                                              C:\Windows\SysWOW64\runonce.exe /Run6432
                                                                                                                                                                              4⤵
                                                                                                                                                                              • Checks processor information in registry
                                                                                                                                                                              PID:3364
                                                                                                                                                                              • C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
                                                                                                                                                                                "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
                                                                                                                                                                                5⤵
                                                                                                                                                                                  PID:1508
                                                                                                                                                                                • C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
                                                                                                                                                                                  "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
                                                                                                                                                                                  5⤵
                                                                                                                                                                                  • Executes dropped EXE
                                                                                                                                                                                  PID:2268
                                                                                                                                                                          • C:\Windows\system32\LogonUI.exe
                                                                                                                                                                            "LogonUI.exe" /flags:0x0
                                                                                                                                                                            2⤵
                                                                                                                                                                              PID:3300
                                                                                                                                                                          • C:\Windows\system32\Dwm.exe
                                                                                                                                                                            "C:\Windows\system32\Dwm.exe"
                                                                                                                                                                            1⤵
                                                                                                                                                                              PID:1084
                                                                                                                                                                            • C:\Windows\SysWOW64\DllHost.exe
                                                                                                                                                                              C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
                                                                                                                                                                              1⤵
                                                                                                                                                                                PID:2456
                                                                                                                                                                              • C:\Windows\system32\vssvc.exe
                                                                                                                                                                                C:\Windows\system32\vssvc.exe
                                                                                                                                                                                1⤵
                                                                                                                                                                                  PID:1788
                                                                                                                                                                                • C:\Windows\system32\DrvInst.exe
                                                                                                                                                                                  DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "000000000000049C" "0000000000000390"
                                                                                                                                                                                  1⤵
                                                                                                                                                                                  • Drops file in Windows directory
                                                                                                                                                                                  PID:2472
                                                                                                                                                                                • C:\Windows\SysWOW64\DllHost.exe
                                                                                                                                                                                  C:\Windows\SysWOW64\DllHost.exe /Processid:{FCC74B77-EC3E-4DD8-A80B-008A702075A9}
                                                                                                                                                                                  1⤵
                                                                                                                                                                                    PID:1552
                                                                                                                                                                                    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
                                                                                                                                                                                      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --uninstall --system-level
                                                                                                                                                                                      2⤵
                                                                                                                                                                                      • Modifies Installed Components in the registry
                                                                                                                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                      PID:3780
                                                                                                                                                                                      • C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
                                                                                                                                                                                        "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13fac7688,0x13fac7698,0x13fac76a8
                                                                                                                                                                                        3⤵
                                                                                                                                                                                          PID:1368
                                                                                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --uninstall
                                                                                                                                                                                          3⤵
                                                                                                                                                                                          • Drops desktop.ini file(s)
                                                                                                                                                                                          • Enumerates system info in registry
                                                                                                                                                                                          PID:2504
                                                                                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\hehhe\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\hehhe\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\hehhe\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef4759758,0x7fef4759768,0x7fef4759778
                                                                                                                                                                                            4⤵
                                                                                                                                                                                              PID:2120
                                                                                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1184 --field-trial-handle=1312,i,3887933769885337291,7460787219520167514,131072 /prefetch:2
                                                                                                                                                                                              4⤵
                                                                                                                                                                                                PID:3304
                                                                                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1436 --field-trial-handle=1312,i,3887933769885337291,7460787219520167514,131072 /prefetch:8
                                                                                                                                                                                                4⤵
                                                                                                                                                                                                  PID:3556
                                                                                                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1132 --field-trial-handle=1312,i,3887933769885337291,7460787219520167514,131072 /prefetch:2
                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                    PID:2512
                                                                                                                                                                                            • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                              "C:\Program Files\Internet Explorer\iexplore.exe" https://support.google.com/chrome?p=chrome_uninstall_survey&crversion=106.0.5249.119&os=6.1.7601
                                                                                                                                                                                              1⤵
                                                                                                                                                                                              • Process spawned unexpected child process
                                                                                                                                                                                              • Modifies Internet Explorer settings
                                                                                                                                                                                              • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                              PID:1680
                                                                                                                                                                                              • C:\Windows\System32\ie4uinit.exe
                                                                                                                                                                                                "C:\Windows\System32\ie4uinit.exe" -ShowQLIcon
                                                                                                                                                                                                2⤵
                                                                                                                                                                                                • Drops desktop.ini file(s)
                                                                                                                                                                                                PID:2164
                                                                                                                                                                                              • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                                                                                                                                                                "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1680 CREDAT:275457 /prefetch:2
                                                                                                                                                                                                2⤵
                                                                                                                                                                                                • Drops desktop.ini file(s)
                                                                                                                                                                                                • Modifies Internet Explorer settings
                                                                                                                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                PID:1912
                                                                                                                                                                                            • C:\Windows\system32\csrss.exe
                                                                                                                                                                                              %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
                                                                                                                                                                                              1⤵
                                                                                                                                                                                              • Enumerates system info in registry
                                                                                                                                                                                              PID:1448
                                                                                                                                                                                            • C:\Windows\system32\winlogon.exe
                                                                                                                                                                                              winlogon.exe
                                                                                                                                                                                              1⤵
                                                                                                                                                                                                PID:1260
                                                                                                                                                                                                • C:\Windows\system32\LogonUI.exe
                                                                                                                                                                                                  "LogonUI.exe" /flags:0x0
                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                    PID:4088
                                                                                                                                                                                                  • C:\Windows\system32\userinit.exe
                                                                                                                                                                                                    C:\Windows\system32\userinit.exe
                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                      PID:284
                                                                                                                                                                                                      • C:\Windows\Explorer.EXE
                                                                                                                                                                                                        C:\Windows\Explorer.EXE
                                                                                                                                                                                                        3⤵
                                                                                                                                                                                                        • Modifies Installed Components in the registry
                                                                                                                                                                                                        • Modifies Internet Explorer settings
                                                                                                                                                                                                        • Suspicious behavior: GetForegroundWindowSpam
                                                                                                                                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                        PID:1672
                                                                                                                                                                                                        • C:\Windows\System32\u7e72d.exe
                                                                                                                                                                                                          "C:\Windows\System32\u7e72d.exe"
                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                            PID:3856
                                                                                                                                                                                                          • C:\Windows\SysWOW64\runonce.exe
                                                                                                                                                                                                            C:\Windows\SysWOW64\runonce.exe /Run6432
                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                            • Checks processor information in registry
                                                                                                                                                                                                            PID:2400
                                                                                                                                                                                                            • C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
                                                                                                                                                                                                              "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
                                                                                                                                                                                                              5⤵
                                                                                                                                                                                                                PID:3400
                                                                                                                                                                                                              • C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
                                                                                                                                                                                                                "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
                                                                                                                                                                                                                5⤵
                                                                                                                                                                                                                • Executes dropped EXE
                                                                                                                                                                                                                PID:3456
                                                                                                                                                                                                        • C:\Windows\system32\LogonUI.exe
                                                                                                                                                                                                          "LogonUI.exe" /flags:0x0
                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                            PID:2796
                                                                                                                                                                                                        • C:\Windows\system32\Dwm.exe
                                                                                                                                                                                                          "C:\Windows\system32\Dwm.exe"
                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                            PID:3616
                                                                                                                                                                                                          • C:\Windows\SysWOW64\DllHost.exe
                                                                                                                                                                                                            C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                              PID:3040
                                                                                                                                                                                                            • C:\Windows\SysWOW64\DllHost.exe
                                                                                                                                                                                                              C:\Windows\SysWOW64\DllHost.exe /Processid:{FCC74B77-EC3E-4DD8-A80B-008A702075A9}
                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                PID:2840
                                                                                                                                                                                                                • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe
                                                                                                                                                                                                                  "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                    PID:1096
                                                                                                                                                                                                                • C:\Windows\system32\WerFault.exe
                                                                                                                                                                                                                  C:\Windows\system32\WerFault.exe -u -p 2180 -s 640
                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                    PID:3608
                                                                                                                                                                                                                  • C:\Windows\system32\csrss.exe
                                                                                                                                                                                                                    %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                    • Enumerates system info in registry
                                                                                                                                                                                                                    PID:3288
                                                                                                                                                                                                                  • C:\Windows\system32\winlogon.exe
                                                                                                                                                                                                                    winlogon.exe
                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                    • Modifies data under HKEY_USERS
                                                                                                                                                                                                                    PID:3216
                                                                                                                                                                                                                    • C:\Windows\system32\LogonUI.exe
                                                                                                                                                                                                                      "LogonUI.exe" /flags:0x0
                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                        PID:964
                                                                                                                                                                                                                      • C:\Windows\system32\userinit.exe
                                                                                                                                                                                                                        C:\Windows\system32\userinit.exe
                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                          PID:1328
                                                                                                                                                                                                                          • C:\Windows\Explorer.EXE
                                                                                                                                                                                                                            C:\Windows\Explorer.EXE
                                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                                            • Modifies Installed Components in the registry
                                                                                                                                                                                                                            • Drops file in Windows directory
                                                                                                                                                                                                                            • Checks processor information in registry
                                                                                                                                                                                                                            • Modifies Internet Explorer settings
                                                                                                                                                                                                                            • Suspicious behavior: GetForegroundWindowSpam
                                                                                                                                                                                                                            • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                            PID:2924
                                                                                                                                                                                                                            • C:\Windows\System32\u7e72d.exe
                                                                                                                                                                                                                              "C:\Windows\System32\u7e72d.exe"
                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                PID:3556
                                                                                                                                                                                                                              • C:\Windows\SysWOW64\runonce.exe
                                                                                                                                                                                                                                C:\Windows\SysWOW64\runonce.exe /Run6432
                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                • Checks processor information in registry
                                                                                                                                                                                                                                PID:2388
                                                                                                                                                                                                                                • C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
                                                                                                                                                                                                                                  "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
                                                                                                                                                                                                                                  5⤵
                                                                                                                                                                                                                                    PID:1576
                                                                                                                                                                                                                                  • C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
                                                                                                                                                                                                                                    "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
                                                                                                                                                                                                                                    5⤵
                                                                                                                                                                                                                                    • Executes dropped EXE
                                                                                                                                                                                                                                    PID:3924
                                                                                                                                                                                                                                • C:\Windows\explorer.exe
                                                                                                                                                                                                                                  "C:\Windows\explorer.exe"
                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                    PID:2556
                                                                                                                                                                                                                                  • C:\Windows\explorer.exe
                                                                                                                                                                                                                                    "C:\Windows\explorer.exe"
                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                      PID:1028
                                                                                                                                                                                                                                • C:\Windows\system32\LogonUI.exe
                                                                                                                                                                                                                                  "LogonUI.exe" /flags:0x0
                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                    PID:3612
                                                                                                                                                                                                                                • C:\Windows\system32\Dwm.exe
                                                                                                                                                                                                                                  "C:\Windows\system32\Dwm.exe"
                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                    PID:4020
                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\DllHost.exe
                                                                                                                                                                                                                                    C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                      PID:428
                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\DllHost.exe
                                                                                                                                                                                                                                      C:\Windows\SysWOW64\DllHost.exe /Processid:{FCC74B77-EC3E-4DD8-A80B-008A702075A9}
                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                        PID:3916
                                                                                                                                                                                                                                        • C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe
                                                                                                                                                                                                                                          "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe" -arp:uninstall
                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                          • Checks processor information in registry
                                                                                                                                                                                                                                          PID:420
                                                                                                                                                                                                                                          • C:\program files (x86)\common files\adobe air\versions\1.0\adobe air updater.exe
                                                                                                                                                                                                                                            "C:\program files (x86)\common files\adobe air\versions\1.0\adobe air updater.exe" -stdio \\.\pipe\AIR_420_0 -uninstall
                                                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                                                            • Checks processor information in registry
                                                                                                                                                                                                                                            PID:1836
                                                                                                                                                                                                                                      • C:\Windows\system32\DllHost.exe
                                                                                                                                                                                                                                        C:\Windows\system32\DllHost.exe /Processid:{FCC74B77-EC3E-4DD8-A80B-008A702075A9}
                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                          PID:3328
                                                                                                                                                                                                                                          • C:\Program Files\7-Zip\Uninstall.exe
                                                                                                                                                                                                                                            "C:\Program Files\7-Zip\Uninstall.exe"
                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                              PID:3212
                                                                                                                                                                                                                                              • C:\Users\hehhe\AppData\Local\Temp\7z4AE67C8C\Uninst.exe
                                                                                                                                                                                                                                                C:\Users\hehhe\AppData\Local\Temp\7z4AE67C8C\Uninst.exe /N /D="C:\Program Files\7-Zip\"
                                                                                                                                                                                                                                                3⤵
                                                                                                                                                                                                                                                • Executes dropped EXE
                                                                                                                                                                                                                                                PID:1120
                                                                                                                                                                                                                                            • C:\Program Files\Mozilla Firefox\uninstall\helper.exe
                                                                                                                                                                                                                                              "C:\Program Files\Mozilla Firefox\uninstall\helper.exe"
                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                PID:2004
                                                                                                                                                                                                                                                • C:\Program Files\Mozilla Firefox\uninstall\uninstaller.exe
                                                                                                                                                                                                                                                  "C:\Program Files\Mozilla Firefox\uninstall\uninstaller.exe"
                                                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                                                  • Executes dropped EXE
                                                                                                                                                                                                                                                  PID:3208
                                                                                                                                                                                                                                                  • C:\Users\hehhe\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
                                                                                                                                                                                                                                                    "C:\Users\hehhe\AppData\Local\Temp\~nsuA.tmp\Un_A.exe" _?=C:\Program Files\Mozilla Firefox\uninstall\
                                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                                    • Executes dropped EXE
                                                                                                                                                                                                                                                    • Drops file in Program Files directory
                                                                                                                                                                                                                                                    PID:1796
                                                                                                                                                                                                                                                    • C:\Windows\system32\regsvr32.exe
                                                                                                                                                                                                                                                      "C:\Windows\system32\regsvr32.exe" /s /u "C:\Program Files\Mozilla Firefox\AccessibleHandler.dll"
                                                                                                                                                                                                                                                      5⤵
                                                                                                                                                                                                                                                        PID:1716
                                                                                                                                                                                                                                                      • C:\Program Files\Mozilla Firefox\default-browser-agent.exe
                                                                                                                                                                                                                                                        "C:\Program Files\Mozilla Firefox\default-browser-agent.exe" uninstall 308046B0AF4A39CB
                                                                                                                                                                                                                                                        5⤵
                                                                                                                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                                                                                                                        PID:3472
                                                                                                                                                                                                                                                      • C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe
                                                                                                                                                                                                                                                        "C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe" /S
                                                                                                                                                                                                                                                        5⤵
                                                                                                                                                                                                                                                          PID:2728
                                                                                                                                                                                                                                                          • C:\Users\hehhe\AppData\Local\Temp\~nsuA.tmp\Un_B.exe
                                                                                                                                                                                                                                                            "C:\Users\hehhe\AppData\Local\Temp\~nsuA.tmp\Un_B.exe" /S _?=C:\Program Files (x86)\Mozilla Maintenance Service\
                                                                                                                                                                                                                                                            6⤵
                                                                                                                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                                                                                                                            • Drops file in Program Files directory
                                                                                                                                                                                                                                                            PID:888
                                                                                                                                                                                                                                                            • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
                                                                                                                                                                                                                                                              "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" uninstall
                                                                                                                                                                                                                                                              7⤵
                                                                                                                                                                                                                                                                PID:924
                                                                                                                                                                                                                                                  • C:\Windows\system32\DllHost.exe
                                                                                                                                                                                                                                                    C:\Windows\system32\DllHost.exe /Processid:{FCC74B77-EC3E-4DD8-A80B-008A702075A9}
                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                      PID:1672
                                                                                                                                                                                                                                                      • C:\Program Files\VideoLAN\VLC\uninstall.exe
                                                                                                                                                                                                                                                        "C:\Program Files\VideoLAN\VLC\uninstall.exe"
                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                          PID:872
                                                                                                                                                                                                                                                          • C:\Users\hehhe\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
                                                                                                                                                                                                                                                            "C:\Users\hehhe\AppData\Local\Temp\~nsuA.tmp\Un_A.exe" _?=C:\Program Files\VideoLAN\VLC\
                                                                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                                                                                                                            • Drops file in Program Files directory
                                                                                                                                                                                                                                                            • Modifies registry class
                                                                                                                                                                                                                                                            PID:468
                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                                                                                                                                              regsvr32.exe /s /u "C:\Program Files\VideoLAN\VLC\axvlc.dll"
                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                                PID:3388
                                                                                                                                                                                                                                                                • C:\Windows\system32\regsvr32.exe
                                                                                                                                                                                                                                                                  /s /u "C:\Program Files\VideoLAN\VLC\axvlc.dll"
                                                                                                                                                                                                                                                                  5⤵
                                                                                                                                                                                                                                                                    PID:3812
                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\DllHost.exe
                                                                                                                                                                                                                                                            C:\Windows\SysWOW64\DllHost.exe /Processid:{FCC74B77-EC3E-4DD8-A80B-008A702075A9}
                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                              PID:3604
                                                                                                                                                                                                                                                              • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe
                                                                                                                                                                                                                                                                "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                  PID:2852
                                                                                                                                                                                                                                                              • C:\Windows\system32\DllHost.exe
                                                                                                                                                                                                                                                                C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
                                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                                  PID:3468
                                                                                                                                                                                                                                                                • C:\Windows\system32\csrss.exe
                                                                                                                                                                                                                                                                  %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                  • Enumerates system info in registry
                                                                                                                                                                                                                                                                  PID:2960
                                                                                                                                                                                                                                                                • C:\Windows\system32\winlogon.exe
                                                                                                                                                                                                                                                                  winlogon.exe
                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                    PID:3228
                                                                                                                                                                                                                                                                    • C:\Windows\system32\LogonUI.exe
                                                                                                                                                                                                                                                                      "LogonUI.exe" /flags:0x0
                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                        PID:1752

                                                                                                                                                                                                                                                                    Network

                                                                                                                                                                                                                                                                    MITRE ATT&CK Enterprise v15

                                                                                                                                                                                                                                                                    Replay Monitor

                                                                                                                                                                                                                                                                    Loading Replay Monitor...

                                                                                                                                                                                                                                                                    Downloads

                                                                                                                                                                                                                                                                    • C:\Config.Msi\f77f76d.rbs

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      962KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      1a2dac15b703c8a1604827fc9c62369e

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      c737d29a32773fe28a5f14b61b69c0802a394d5d

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      4a94ede82aa734e300eaa0e2ef15ee3c38c2a97e798c033f50c0840b78f91cbd

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      140b39444b93b73f7105b07abe7d450a3407344ef66cc6f959697d7b41983f2387a996646bc75bb97492480c0c0d26e7509ae0a704a2fa8725b2819108eb56c1

                                                                                                                                                                                                                                                                    • C:\Config.Msi\f77f773.rbs

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      7KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      f230964f000e746b064b3b472fcd04e0

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      d5e1a0dedc1a7ef483ac980de26f2898e208af91

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      cb702d00620d560e2e850a290bfdf0502dbd89388a204a6f381d988d06d54524

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      acdbbd3cb8b89bcfb0e7c18d165a14c25a601f6f17a8a0d5b181fbc200ee9c9514e5fe7ed26e6f30fab6652fed8c96d8ce2995e99dee7cc176508233de7e65d2

                                                                                                                                                                                                                                                                    • C:\Config.Msi\f77f778.rbs

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      454KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      3c3018dfebb74d51a60b117ae04fce63

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      37c64f0ad6ada1b4b33c3a8a64397e618f22a18f

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      c04910b1bcdef2cf8fcd2461ed855a88f360c0e6bc55b1db7464575c3e15f727

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      51138cf2089292ee3348f66e57d7d2c3aa4393a7b2f9996255bd97bbd9d3b46ce3a31e83e5fb6af2e7f5e2deb3900b520ac1b5182ca5887e4b5fdbb169905540

                                                                                                                                                                                                                                                                    • C:\Config.Msi\f77f779.rbf

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      2KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      8e9d045e3dd4608df809d187653fae41

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      866dc8b39379545247b66c2495fecdda840ffcb5

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      1890d5dabea7ab18864bfd43363f68b8480039eed8aac6ebe3061143f32cabc9

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      7a294db2324968b1e9a6c6277e901e73afff580b8ad6478d001eb54d02ee7ebc603f69bef0e5582041200183a01b22383395c055a99cda4b292a71f562c54332

                                                                                                                                                                                                                                                                    • C:\Config.Msi\f77f77a.rbf

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      1KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      d9b7012727c061e76dd77fc80d29ffd0

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      a8829cb1571816b5da3158137262213ea98773ce

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      603d27901ba743de7fbd678fd834068e8e99de243c43e4da5a30db2ef39abe67

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      c2afdb13fc20eb8e835891f3b081f524d869b43fbb67df13d0ffcbb3b896c74ea2f3f13a1ae3388dfb2b83aa2026524dec644e08eaa96c4d64131e535283179b

                                                                                                                                                                                                                                                                    • C:\Config.Msi\f77f870.rbf

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      3B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      21438ef4b9ad4fc266b6129a2f60de29

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      5eb8e2242eeb4f5432beeec8b873f1ab0a6b71fd

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      13bf7b3039c63bf5a50491fa3cfd8eb4e699d1ba1436315aef9cbe5711530354

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      37436ced85e5cd638973e716d6713257d692f9dd2e1975d5511ae3856a7b3b9f0d9e497315a058b516ab31d652ea9950938c77c1ad435ea8d4b49d73427d1237

                                                                                                                                                                                                                                                                    • C:\Config.Msi\f77f874.rbs

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      14KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      1a77d6563eb201b977096cb957ccc0b7

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      7036e68661c87e7aa746b26478a61966fab3a7f5

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      52b10710f9036c961d1ffd5ffadcfe0a4580cee786e5992f494f952947a38625

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      013c9fc3771fcb1f80a310ceb775d030283f8540ea72ef83195001ff758a531a1ba524b4e235e6950b93ee795fe0eab476295ad80a6fc35752af070b6282ba62

                                                                                                                                                                                                                                                                    • C:\Program Files\Google\Chrome\Application\SetupMetrics\19903f9b-b979-40bc-90c5-deed3164a81f.tmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      488B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      6d971ce11af4a6a93a4311841da1a178

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      cbfdbc9b184f340cbad764abc4d8a31b9c250176

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f

                                                                                                                                                                                                                                                                    • C:\Program Files\Mozilla Firefox\nsjE301.tmp\AccessibleHandler.dll

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      179KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      650e92170be6d72b5b03b4fd57d9c768

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      96afb8675e8d0ddeda7e5188182d2f7bcfc33ae4

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      1f82976a2d2dfb39ecb4aef21390151d6407c4b76f8401e86b6162920c17e622

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      9ba4d29a8557a50e972a77edbc72c05ffe62fca5b238c68ec7325932b554d10a3feacd5ef3a4a004feff41c5d956d2a78ac98cc2688b3a83ebd35e7c9d1d6b2b

                                                                                                                                                                                                                                                                    • C:\Program Files\Mozilla Firefox\nsjE301.tmp\AccessibleMarshal.dll

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      32KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      603790c20a3c54910d57a264b9570251

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      cc116b933d2765ac44d268202e342132ec30b8a4

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      682a1749e7de1f422f7bef98b726e419eabaf7f5c06d89d75626e51a12729b8d

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      d9807ac77d3df4ed0b3f1be2923f8b61794c37b7bb759c9c5b1ed80c2c629b0ce0c7f8607e98ed4628d3143d8fdcffe7d994e670ac08a55db4934461af8c205a

                                                                                                                                                                                                                                                                    • C:\Program Files\Mozilla Firefox\nsjE301.tmp\IA2Marshal.dll

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      82KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      f309a1b32cbb2b87db1504174fa36b8d

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      5c3096985b95f2d69153cdb3666d5f18629da03b

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      ad868b5352811dc328c4e75b2898d45c75c5af8d3b0ac062810d95847a99e0bc

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      a493a111cce1de0ea9d9999a7e1773334a1fc7b7e71115e60b22d0c1b52e439d889865051c6487665d2638705a676f8600653059dc120d9bdb87d8a81b737112

                                                                                                                                                                                                                                                                    • C:\Program Files\Mozilla Firefox\nsjE301.tmp\crashreporter.exe

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      262KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      73603c36b4d1522c3402d67ecf657312

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      6a964ae5d681455c320ea0f8611b79a99a35b283

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      7fb934da4bebc1cb81c3e9f5be4dbb3e43aa8098b6e63f5e0b97b3cc105830b4

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      5fdc5f8ab72bd05ebea6068c896a7805211a9bdccf0167f48ac456a1e4283b59001e588d7349e34f8511fa297f98af8d5140c883e6d4a192af8d350a433c0238

                                                                                                                                                                                                                                                                    • C:\Program Files\Mozilla Firefox\nsjE301.tmp\default-browser-agent.exe

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      697KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      3fa2910cbd44b17be47ff26ef27c5157

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      d8a2bbcd3c88671b48478db293c61268fc24accf

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      d448206c75c51f8a44a1c7fd5dabb8b0505f670ecb2e5d2adf55791b9cef1b0c

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      16b70c679db2ba74a98f99956984fa044e96c821ccd5521b4882134c705b823674891d0521dc49c2391d5c184bbbd0c6d68890df65aad1972113aeda4f3b944a

                                                                                                                                                                                                                                                                    • C:\Program Files\Mozilla Firefox\nsjE301.tmp\firefox.exe

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      654KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      1fd347ee17287e9c9532c46a49c4abc4

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      ad5d9599030bfbcc828c4321fffd7b9066369393

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      912373af6f3c176b7e0a71c986d6288f76f5be80de7c9a580b110690271e9237

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      9e52622077e805fcff2c6fe510524bf9ca7246da9ef42843041e82ced28b59163a2729335139df9e2d2a4c748ed56471bb053f337655a77d2d0976370f07acf4

                                                                                                                                                                                                                                                                    • C:\Program Files\Mozilla Firefox\nsjE301.tmp\freebl3.dll

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      745KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      2bbd81e8a24fe88cd5222673429fbbf6

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      ac6146256fd524de7e4e39fb5f776e8fa894b2f0

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      b7dc465478516ea8e9011519761e6c02eb44c18f20694ca8bfc84ea236dd8df1

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      d4e71ee9b7920c77476e56c793e7621ff01bd8138c02cf30cc5b4188f75bbb781a91e987098e8207e71df167f3998f0a1bc04eab0a9830274b860fd49774d638

                                                                                                                                                                                                                                                                    • C:\Program Files\Mozilla Firefox\nsjE301.tmp\minidump-analyzer.exe

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      761KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      b846d3a4993ad116ec786701492ba32b

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      3b8525674a49757fadf61d5760d709a09b77338a

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      1ee390efb43599624909919540ce1d8896d95e1dc6d70ef9ec861206ecca9939

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      637e3cfd67cd725db9ff741919ba3234bac5f5c5454283949fbb0c35fa8043afc1d5610060b956212fa65fccdc8a4f0d57c4ef298b12e0dcbca23f61e86c18a0

                                                                                                                                                                                                                                                                    • C:\Program Files\Mozilla Firefox\nsjE301.tmp\mozwer.dll

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      305KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      a3c52915bad6f32984d0c5929cb49df6

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      08c6f107f82be866451b5aa4cf2b2ac02e55dc95

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      fafc8c8c60062012926ecca6ed49dff88b5654f7d36aa2ed6920216deff3af38

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      8488778dd21a1d78fe949ecdc618d34b6aecbea7c92d15fc911bfabc550bec82f1f631cdac4565f6fdcca4a84bacaf57f378a0ef37648a8f9415fbb54cf75066

                                                                                                                                                                                                                                                                    • C:\Program Files\Mozilla Firefox\nsjE301.tmp\nssckbi.dll

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      429KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      93e4fd86c80f87d9424c2ff54f30b42b

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      d2eb5789496e1688d73e6780015bcea468d3819e

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      41add942e653a0e917c9e6ffaf4db57451a12609a3448ce0850eba041d5f240c

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      f581de34c3abba8d774804d6ba4b31c62eae3d31f6f4355d5ff16da46432a1b9cd49f630051468b9f88337e68cd4b87bf78754cb80998cded7979185340e022f

                                                                                                                                                                                                                                                                    • C:\Program Files\Mozilla Firefox\nsjE301.tmp\pingsender.exe

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      80KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      4d71df73d0ab010ff183ab084b21ae70

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      366b6476dd874867fc353c27a4e59aa0c304ab75

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      0adafbc9288c344b1fbeb66d15f9f5a8b7591ea717aa0a595bfbbd0386b1c53b

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      bfaae4316509f70dd997819ea8d17258adffe8a65819a15b28ce082f11ac16ee7ead735b62d8f3d435e6cf56aa23e1fb07a216078ace5a64bfa31914e31b8637

                                                                                                                                                                                                                                                                    • C:\Program Files\Mozilla Firefox\nsjE301.tmp\updater.exe

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      391KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      4b45049272a1df52475a7f60d51423ac

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      5d5238acc80b9fd5c8eade99c080ac86578f223b

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      fe51946b1bec69d578f11e5715ac1a49c9aead788a1f65b3d26a3224ed32c9ea

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      d6579749a591d850e55b3b8fade0ecbd033657e489f90a48e9ee727ba62f91958b461f5a4cf649cb1af101b3ba23ec0b1560f598c1712882def7244da882f1af

                                                                                                                                                                                                                                                                    • C:\Program Files\Mozilla Firefox\uninstall\uninstaller.exe

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      690KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      856f6ba813d0bd232817be42d277fe0c

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      a9f8be1ce91f9b8fa7e967ad30dc5c50cd6b9b5e

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      f4fced4fbba70a23e261cba1b765d734de2cbed3c8996095117375906f6b8a23

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      f5f88a23541f25ad880b30758fe835001a2f2fa1668ff524eb7e7d6c8c4e03b6c319101d5cd7e7a0117bbb648b7e2543d75c823814492b5d655adade4bd178df

                                                                                                                                                                                                                                                                    • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Reference Documentation.lnk

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      197B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      b5e1de7d05841796c6d96dfe5b8b338c

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      c7c64e5b35d0cca1a5c98a1c68e1e5d4c8b72547

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      062cb9dec2b2ce02c633fc442d1a23e910e602548a54a54c8310b0dde9ae074d

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      963a89b04f34bc00fea5b8e0f9648596c428beac2db30d8b0932974b15c0eb90b7c801ba6fa1082ea9d133258f393ae27e61f27fd3b3951f5c2e4b8c6a212c2d

                                                                                                                                                                                                                                                                    • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      177B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      6684bd30905590fb5053b97bfce355bc

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      41f6b2b3d719bc36743037ae2896c3d5674e8af7

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      aa4868d35b6b3390752a5e34ab8e5cba90217e920b8fb8a0f8e46edc1cc95a20

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      1748ab352ba2af943a9cd60724c4c34b46f3c1e6112df0c373fa9ba8cb956eb548049a0ac0f4dccff6b5f243ff2d6d210661f0c77b9e1e3d241a404b86d54644

                                                                                                                                                                                                                                                                    • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      173B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      625bd85c8b8661c2d42626fc892ee663

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      86c29abb8b229f2d982df62119a23976a15996d9

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      63c2e3467e162e24664b3de62d8eeb6a290a8ffcdf315d90e6ca14248bc0a13a

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      07708de888204e698f72d8a8778ed504e0fe4d159191efb48b815852e3997b50a27ba0bc8d9586c6fb4844166f38f5f9026a89bbbc3627e78121373982656f12

                                                                                                                                                                                                                                                                    • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      964B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      46a4eca2a791d84afecfd9f129a567df

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      004f2926d9377cc23c5b68ce26907435b8539643

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      06b6d34db7e9ebecc07e0b53fedb2a9bc2d4563b1d2037b7630fbc002942baf7

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      dbeecf882210add0dd4ac57f75ccdf6a9604c3308e92f70747313f89a7f9c590f4e1cdd507e53ee37e0a1b7e437320dc6ec1299d406ef34ddd67dfd900fddd98

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      68KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      29f65ba8e88c063813cc50a4ea544e93

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      05a7040d5c127e68c25d81cc51271ffb8bef3568

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      344B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      ff45eca242f39249eea71fb642a9f986

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      da9628195cbcc79e7cfee96cce8f74288c58cc15

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      0bc4be20fba9f307ba920b2684ab80b3d7c41646c725169fa8c21b6be4f618e2

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      2ae8797f0bcf4f4bc4d05c26d1d8ef9f3c187b2f40a59a194af791790248c2df6c1bbaca3a379ad0f78f30867ff99d90b7d5b30b7742962bc0b414f453fc0d71

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      344B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      bdc2f946a6ebd31a0191d8d53adb81fe

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      4f036205aa68f73783c538d7c06331fcc20e8d76

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      8968a63ef25ae0aa393589c16f57cff42af91277d8a352b6234b9fc17d3231c1

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      4999c4f8011d25a0d872614405a26852d4cbf7e743008a908e4b33dd9d4d0c3152108b7f71a9b0d4046bab23c987bfcdeca05e73a2961f64e3fdd470305ff9b0

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      344B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      b14894fa499a9596d9cfaf774012a673

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      e3b2b808aefe0a12c0ee2208279a549144c05307

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      e4d5161a2835646f97c23334c6b9f708c871bf8c8bad343e15bcd7ad6dd7d0d0

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      bfe07c4f8b748ef9643c0392dc6adbcf04b52c39e60356801eb59b8932d45a34a2ac9bd13a765c62d602c9582305b900983dca9cfab629826c0031c7738bab33

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      344B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      0116c88cb99879392234f34232602528

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      09dc106db94de5f6e7da45b29b27ce6a449e8ca6

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      1f6c5ad951c147f25daaf5d1e60afc62b68f85e51f09973529e415be68ee0fcd

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      5dc836d2137d99f8b4ac9d0480e9f60eefcc1a92cbbcb4eb9e05868a4ec278e9b32270d50f9dc93d476eb5509dae1f8d1312af85b50bac1ec643ed1708816650

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      344B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      fdc8b646809cd0cf8c33b6f47d59489a

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      b33d22eef37900389c1b0d600f8f10f3b90b5871

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      b79c1d7803150cc40ea57f44f0b8de766209b44ca87eebfb15492103620e7565

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      b217a9286c2013873fb3a9c906a96c6b22a49515670eac675c17cb18dfa71ad359e42e86a03ea852ac156ee6e8ba57e3be566b95fca96bf22495f51153d97400

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      344B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      7a64d89e783454de38a2bea1dfc7d032

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      5aece038b03d2cef62a87811038f229b9902b4c7

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      fe9036f7a89ef893ac7f3717133c3232cb02881d930962c3d1d76c6c7274916d

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      6ddc23effcf9c1dd1b16fe94a4350576556abecc9d1f614dea754e63ac49b2ead79b285ef6da1d911aed2719a447e16dfa7305e6d4bb2a42b66e7ea4fd3186b4

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      344B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      a8b5a7966d4902a45e7b132caf55ca5a

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      f7378a43a48cb2ac0a71013c3dc7517a8e60e579

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      8aca234f3bb8052feba82a237479490f741f8d370767c34c49c922bf023a36f5

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      8068bc3036e4060b6d1ce9be1799886f24628d0df241b9724eb251075e4784ea781a8592296499d831378e9eb37c53cd6b3b5fbb5702e17959db30216191a21d

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      344B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      00815e259aeca8adabe94bc53893e1e7

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      13b8e3b8d09faa6a62069a848ee9b999535cd64b

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      f614817c8ff571513c00e080555a43190311f294aa61b169b52eae9c9d1655bf

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      e5d31b1cc011b2b1f6f9e2cb65c9e8025ba8105f04031abbad2c5aaff1000d6ade216b6b3652d653d58ccd24dc4f1b3c6a4e5a605fcc29b1c4fe6cb9c25cee38

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      344B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      40a8f08b10b50cb7f3c9e8931b587973

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      9c3504591930c49ab42da93cfe36edf701e89445

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      332a889bc876abf53cd3493d722623f7a8d825efd0e62316636b518fe6e83277

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      0c25c8683f7e472c9e3c896d9f149638d74dc5aca1b8c031457b5f51dc5aaa307fa7fe007604f94df9fb4e026666ba03f190d7a94b2bf53dc30e70680f768b70

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\103166c8-e70f-47c8-b4ad-a1e3c57087c1.tmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      6KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      e93eb15fe158118e93066d385ea02e26

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      4fc151eb078e2358507f221c6f53c17610b3461d

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      78bc6fffb729c13fa7e328227323f68f9682f6cd36e0a859fb01e8772e5f6075

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      0ef2b428204e3d650f87bed561dbb934c6d1c2a75ab0205f814dd9229ba529cbff2975c1d9dd86b2dc0adea0d40b9c7da7f196094f7b7cdb023ab8fad1b3504c

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      200KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      a484f2f3418f65b8214cbcd3e4a31057

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      5c002c51b67db40f88b6895a5d5caa67608a65ce

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      79cbe928773386d07f0127f256f383debed5ccea5ff230465bf46ec7c87319d6

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      0be1bb8db08f6e6041a85cfee90cd36a5b595afbca34d52a125465454fc806b4bb7ae569eaf4c882922fb1b962b6060534e597791cd0ad23483be5981d9be85c

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      16B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      aefd77f47fb84fae5ea194496b44c67a

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      dcfbb6a5b8d05662c4858664f81693bb7f803b82

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      264KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      f50f89a0a91564d0b8a211f8921aa7de

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      112403a17dd69d5b9018b8cede023cb3b54eab7d

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      2KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      82519c93bc8fd825ceb15ba17f29cd7c

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      dabac71de14e43a308e9a876f3d4e19635b7af0e

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      f16a094fd065f2c58c1d36349f6f005da431159085a167070b4f8dd1380c0648

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      8780b3dee44aff1b48364990f085f02e0cb5f21973b60f011ed03c8d99e03be55e6b0dfe34dc85f036cb88633cd2d1a981ad00224427128a165adc53c3811a46

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      361B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      4c4413c1030ceb5f1d694fe85ee47f24

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      e05bdf3925b8479379c97671df6fff9f8acb7115

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      f37c35c82824bbbbbf93de79f7fc3f6534c2ea8db7a6eb4d6af13d261bfc9a73

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      95f6878e3094e83c6d77ed3831620f0d7f12f09ab74301a699ee2027f6a087fccd0d7bb15cfb31c207c5055b4252ed478a714c1b46f521d2e1465aa7b47db3ab

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      361B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      228876e0d584bb1ff673f0528497d69c

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      8c9e4f914fa8667cc618652c7d353540764ca426

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      4d04a2859be6ebb1ea8d87ffeef6678b2f2979f3d02fdb415e47ebe111063668

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      02515c9b76fa0b460e5f8276a35e912336ab499864f0eec10cba66444b8850c937d2cb9faac8d72426004bab7ac44e0c10ac137c6b0fbc1f5bb039c89602011b

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      6KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      7c9477d8f78a42ac61271fdd6920bfaf

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      069b81eb53e8663a923ff4249d8bb9f18e53c9fc

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      9d7484f825d8255360426bc4fe922dc449b52b81e4e76cf174df7bc804229392

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      aabdf4746482c511f2b69caef4b8929943f14431b087f82076b4e88677fed0088398eecad304934df689fd7bcf08b9dcfc101b35d226ce1f59619487fd3050b3

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      5KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      f4781c1c8680a45af912832aaecfba9c

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      c1af3f118f9e46f3daa332d7dfb63deae3aedc02

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      6c9cace8a826b368e33d0527b69f904467fe406832ea9d4ef172aeae474c16d3

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      97d46058df5e66e3452e7a5fdca0429cd75a4102c28e538e0f416dce3c0b4cd68a8870f36a3445bc1c4e60330de0498f2a29007585627f75f82e66b5c9447c58

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      16B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      18e723571b00fb1694a3bad6c78e4054

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      afcc0ef32d46fe59e0483f9a3c891d3034d12f32

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c20729d4-60ba-4579-8cac-a951ffaefa7b.tmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      7KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      046e805193ed932244562ab62aa82d7a

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      f6d84e3ddd34bf2e2b1f28fdde95f586ce1406ee

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      e6dab915bf621e82bf2f1098215b9288caa9460817e1ce0223e103ffa3e0a872

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      b66a14e911ef3f98d8c5b7efe2746a513040e15a7010ec3978067f1c637019c39f05d48244d382aefd51acef6c73c484b800378d0d5809076717668dd73b6fab

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      267KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      21be032bd6306a447ace36abedf37b09

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      d4be74254dee02cadff67cc3739d5f37bc64a567

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      f54447637c6a895b4a915cfed84ae75e9e1e6eee20f9ba0a2d48c1f64bbe8e0c

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      bc10f64a21c076e1758b75c1781e390f91ccc77802b4efb0c62c768e8e8971d70236977d617b2361442507b7bfadf5fd23d0c9e1b5e024390fceb8373e1a4360

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      77KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      94f8a4bd472af5c1c53b0945eeb2cbcd

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      602763088db56b6e5391917ba79c116954fbc196

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      aafb704272211db2eb0f36f2c53b536212e76137c6625a70c0c9ab7cce6ec7c0

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      d18827de3fb55e659a14dfb0f711e0cf57d434fc616a81bf2dcb5e98a96e9846e9f05f0ba9a5d937aee179222688a28261c55754be95c7a01793c0b5d6b61ff7

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      83KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      d480e62a9494d7c48428032cc3b6e592

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      e747028bbd57e6162381ac32d058a3a604a67ac3

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      4985f52024e0640baeded7a8ccfbc982521a6e221475e1734c4509899acd1598

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      6be9524bb486e7ac31f8f7ad9bae3aea81ee0093c8374f9689db6c71d0d1a0daf868c97010f81e6e0c59474930a051eaf2128ffd4e746e3ab2aa32e3a02e5a09

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\fee9df0b-e477-4193-962c-716b6cd7167f.tmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      267KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      53a2114fd1d97f91add59719cb0eb35c

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      3dfc51de172fb05305bb3a40f9850b110650c60c

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      8fe96607387c74a8a4e65db6684f54bf809f598dbc69153ad9527e61f7ca40e1

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      e60dd02b01751e425b10b45ffedfbca0a20f621c34822c4eff22c1dd53f38a7ba20b3317e4487bcb5e885571af1ce3e17afaf1f2fd1dc1da4eb5bc33e25f36f9

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CY2G78MW\host[1]

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      1KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      a752a4469ac0d91dd2cb1b766ba157de

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      724ae6b6d6063306cc53b6ad07be6f88eaffbab3

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      1e67043252582aea0e042f5a7be4a849b7cd01b133a489c3b2e67c10ade086f3

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      abc2899705a23f15862acf3d407b700bb91c545722c02c7429745ab7f722507285c62614dcb87ea846f88fc0779345cb2e22dc3ad5f8113f6907821505be2c02

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CY2G78MW\layout[1]

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      2KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      cc86b13a186fa96dfc6480a8024d2275

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      d892a7f06dc12a0f2996cc094e0730fe14caf51a

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      fab91ced243da62ec1d938503fa989462374df470be38707fbf59f73715af058

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      0e3e4c9755aa8377e00fc9998faab0cd839dfa9f88ce4f4a46d8b5aaf7a33e59e26dbf55e9e7d1f8ef325d43302c68c44216adb565913d30818c159a182120fc

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CY2G78MW\masthead_left[1]

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      b663555027df2f807752987f002e52e7

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      aef83d89f9c712a1cbf6f1cd98869822b73d08a6

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      0ce32c034dfb7a635a7f6e8152666def16d860b6c631369013a0f34af9d17879

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      b104ed3327fed172501c5aa990357b44e3b31bb75373fb8a4ea6470ee6a72e345c9dc4bcf46a1983c81adb567979e6e8e6517d943eb204c3f7fac559cd17c451

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I819HQXH\l10n[1]

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      1fd5111b757493a27e697d57b351bb56

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      9ca81a74fa5c960f4e8b3ad8a0e1ec9f55237711

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      85bbec802e8624e7081abeae4f30bd98d9a9df6574bd01fe5251047e8fdaf59f

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      80f532e4671d685fa8360ef47a09efcb3342bcfcf929170275465f9800bfbfffc35728a1ba496d4c04a1fdefb2776af02262c3774f83fea289585a5296d560b0

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I819HQXH\masthead_fill[1]

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      1KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      91a7b390315635f033459904671c196d

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      b996e96492a01e1b26eb62c17212e19f22b865f3

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      155d2a08198237a22ed23dbb6babbd87a0d4f96ffdc73e0119ab14e5dd3b7e00

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      b3c8b6f86ecf45408ac6b6387ee2c1545115ba79771714c4dd4bbe98f41f7034eae0257ec43c880c2ee88c44e8fc48c775c5bb4fd48666a9a27a8f8ac6bcfdcb

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSAB58HZ\common[1]

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      1KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      f5bb484d82e7842a602337e34d11a8f6

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      09ea1dee4b7c969771e97991c8f5826de637716f

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      219108bfef63f97562c4532681b03675c9e698c5ae495205853dbcbfd93faf1a

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      a23cc05b94842e1f3a53c2ea8a0b78061649e0a97fcd51c8673b2bcb6de80162c841e9fdde212d3dfd453933df2362dcb237fe629f802bafaa144e33ca78b978

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\rtutils[1]

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      244B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      c0a4cebb2c15be8262bf11de37606e07

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      cafc2ccb797df31eecd3ae7abd396567de8e736d

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      7da9aa32aa10b69f34b9d3602a3b8a15eb7c03957512714392f12458726ac5f1

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      cc68f4bc22601430a77258c1d7e18d6366b6bf8f707d31933698b2008092ba5348c33fa8b03e18c4c707abf20ce3cbcb755226dc6489d2b19833809c98a11c74

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\runtime[1]

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      42KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      5d4657b90d2e41960ebe061c1fd494b8

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      71eca85088ccbd042cb861c98bccb4c7dec9d09d

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      93a647b1f2cadcbdb0fe9c46b82b2b4baf7685167de05933811549145c584ee0

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      237738c0a6cb25efe29effc9c3637245e3e2397207ed51e67bae5a1b54749f88e090de524f7868d964debbb29a920a68205ccbd2dfceed4a1f3cd72d08b16fa3

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\+JXF15834959505754966724.tmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      141KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      54a91b0619ccf9373d525109268219dc

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      1d1d41fcadc571decb6444211b7993b99ce926e2

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      b2efabca5ea4bc56eea829713706b5cd0788b82aca153bd4adde9b1573933b4f

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      7f79ff3b42a672371814f42814aa5646328b1a314691d30ce09ffdc7a322adcb1af66625274f7fac024ca2f22a42b625001735711c430faef6e077e1f1d24887

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\+JXF17047522669810192163.tmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      424KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      4c41e856744eb797e9936359a6509287

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      0959e6f4dd535eb6fae388b6b9ac179dcf3afd76

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      83ff53f599acefc11f5cf63fd0516d4db72aacf7f0125a5f79c9ff222cbf9dd7

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      07ae284caa316315da74246c960198a7d549acf86f96cec550f41109fcd870a69ccac9818361657fb859e89d2bdc8398c7731c80d274d99a768102022a5f6e8b

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\+JXF2752517089367185803.tmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      132KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      afa7a91dadd77b23634a0fdf18c148f3

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      6cbb57ba2355cf442e06899898ff5af55867103e

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      9287925cae90ac480804094ff0876832065e2db116470da1f524d79ed9c18b70

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      84d123b67505522c256f4ff79c3822eabe2d63036023896e9854298ff39e050bef7894f6320ccf950592015760354683c4dbd19aa203d433a04a5d6bb28e8115

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\+JXF9642270182497155366.tmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      477KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      ec5d243a9958b3858b5a71fb9a690da7

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      d80b02c91addef2ef58136d1a7df0189f453388c

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      a4ece920f221b78d43b550d615c5934db162b64a331ffa663a85199e74ef2e6b

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      479512c6076249a63a822d307b3d8c65d44d19abfadc597f0293fedf2c4fbac2ba6f60ca98d2c1dbb638ad09f3eb1419b6ef391fb098c7d1b62237bce9d79931

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\TarD254.tmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      177KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      435a9ac180383f9fa094131b173a2f7b

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      76944ea657a9db94f9a4bef38f88c46ed4166983

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      116KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      e043a9cb014d641a56f50f9d9ac9a1b9

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      61dc6aed3d0d1f3b8afe3d161410848c565247ed

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\BrowserInstaller.exe

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      83a8f0546164c9ba1a248acedefd6e5d

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      7652f353ed74015e7e78bc9f9e305a48d336b6d1

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      e7c5072ec60d32022b3c818c527ad86f4985837a4f0e9fc6477f54ae86d9f1c9

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      111d11acdaef0036ff5cabeb16ed55bf4c681fa6eb3c006af450a0ebadae3e213a8f3abb0f4a9aecc8e893af7a79b4eb7f74a5fc3743e338c3e3136b5d7f9f2d

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG1.BMP

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      12KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      3adf5e8387c828f62f12d2dd59349d63

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      bd065d74b7fa534e5bfb0fb8fb2ee1f188db9e3a

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      1d7a67b1c0d620506ac76da1984449dfb9c35ffa080dc51e439ed45eecaa7ee0

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      e4ceb68a0a7d211152d0009cc0ef9b11537cfa8911d6d773c465cea203122f1c83496e655c9654aabe2034161e132de8714f3751d2b448a6a87d5e0dd36625be

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG14.PNG

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      43KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      7d26a524b09feacb9db695415e1a66b2

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      724f925c2663b623a9755bf722b3f297c8ff605a

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      867072872533f9000508dafdd49f5b83e03de7b611b454290e062034a423dc74

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      6adae2bb7c7e390f5e50df048fb3417c31b025c4d32abcb97ef8206ae3f0769997650cdba178bbad8c34f07a4e613666388e4b9bc465549b47a8f01f0dec4a57

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG15.PNG

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      644B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      859d53eb6f971993774da3bccee533a4

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      c51f8e6a9cbd749b77edfeb324ef18ffdfc8e4fc

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      768c5aa62161f6ddcab82911e727bf7d902c8d3d24d7c62726542b32ae70f3e7

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      5e2f6cd3ffd37a02b5d198046e422bd7c19acca91675a6c38f58d0a985dcc640aedbdab969df9afbc8be6367df071d8e77663c42d5529d9c798602e6c97d246c

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG17.PNG

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      40KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      69862e8a82c503fbc5cea0c9e8a33876

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      a69deda06d6224750bf1ab941bf934bf5250fe4b

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      8fc3a97777dec1ab22f74f069354cab4880731b873452694921cac9814059858

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      db86fbd4e1692de8a2dc6816d34e28b12badaed81ad07a7ce4fc225a212fee63eccd1f51c5ebdf7485ee8c0db716f9ac649cd2a4aae92218372582e7ab3d3951

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG2.BMP

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      12KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      f35117734829b05cfceaa7e39b2b61fb

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      342ae5f530dce669fedaca053bd15b47e755adc2

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      9c893fe1ab940ee4c2424aa9dd9972e7ad3198da670006263ecbbb5106d881e3

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      1805b376ab7aae87061e9b3f586e9fdef942bb32488b388856d8a96e15871238882928c75489994f9916a77e2c61c6f6629e37d1d872721d19a5d4de3e77f471

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG3.BMP

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      12KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      f5d6a81635291e408332cc01c565068f

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      72fa5c8111e95cc7c5e97a09d1376f0619be111b

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      4c85cdddd497ad81fedb090bc0f8d69b54106c226063fdc1795ada7d8dc74e26

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      33333761706c069d2c1396e85333f759549b1dfc94674abb612fd4e5336b1c4877844270a8126e833d0617e6780dd8a4fee2d380c16de8cbf475b23f9d512b5a

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG9.PNG

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      438B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      b7b32e3aeb677124b236d776ef443489

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      3249a596e03148836131988b8ca9392f677a7470

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      f60847a54bde74835d80bb41bc3c57ad211ca30d69c2eb48ef7bffc7c6b44d0c

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      f9044d9da82099a0747b3de0382db0999a9f80cbfe894ed9c4961498c41c5db9055c32d699424b6c5835230a2d74df491151beb90f0ff959b580164b2defab2a

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.dat

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      136KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      1ffd93751bc3400074dc0affa49ddfaf

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      81be618514bdb88161333386f326cfcac2075517

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      e65cc17886b8632c1ff12ff8a97128d3ca379a6b9ad2c0300788f43958c458be

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      b2aefcf3a2f3e4da57c3507f7b419d229985cee88c782232dd90a96a6e9dbe46c18a7a58c7c4d1a3fe4b8b4b187f884fa09ac9e9a70d179e941704d7cbfddb30

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\jusched.log

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      3KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      3954e8086f5737e77cf3a95464dd43b3

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      c00c0fa748a9edf2d6cc92a12db85532060fb27c

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      f2e89743084d0812dfc6cf967f7f2f0982b3f51a407a2a4ac5e39da875721d1c

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      e7a33b4c2787ec77a499753a4e493857457b46b8391d6750a7691825f491519d9a3ccd16cf4d3ea9f4080312ce4571d1285f9c699a79e76dde5e82a122c1bcba

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\jusched.log

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      d6d36112bd4cc5f7df2eed5687fa8349

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      9a733daf6b423536f5a4f79261dd1454c39c319d

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      13f36346d77e8069b813d7599e8230712eb0eb5f7d1effe2c2ae6eb871da8178

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      19a6c7da5f05c5849181ffa08eb349e28b4a9a72daa202b1d6fa7a8bed250f6c205144d317381dbde8c12256b3abbb9817cd0ffb1c614b8f0267607a950f4e97

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\setuparguments.ini

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      741B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      5b684d9c9e6bed861773400691c78cd0

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      86558bccf91329b90a4ab09c4f03377798e8fbc4

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      5e089744a0e74ba6d70e5ec7a4ac3aaf81fc70ae22d64e0fc359c715e78d7d8b

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      f9c3f8382dcc2d3e402dbc4a3810f44244e4a6ebf739fc530fa235fc9e8bf55a0fa55bf40f8a7cd8309a2542701236f9f8de0f2dcf671bc75df4063c7cd67596

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      9.1MB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      fa9848f3cff6d80b5704c6d2ccb10c2b

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      714c93f3fc2b915efae0cac6028d317711d59264

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      63ff7897d3a90de887c1baebb2ef7b87e596f1749e07322090786c902bdd8d16

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      9078f5e3583a2b2cd43f63f023908f652a4c6eb647b1bd8988d33e8f2f1d34d44192ce50b795ffd9764d94a343bdc2ecdb94483ceef79739a92ff8d6a0f9a41b

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.minecraft\TempOptifineStore-1.0.json

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      2B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      d751713988987e9331980363e24189ce

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      97d170e1550eee4afc0af065b78cda302a97674c

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.minecraft\libraries\commons-codec\commons-codec\1.9\commons-codec-1.9.jar

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      257KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      75615356605c8128013da9e3ac62a249

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      9ce04e34240f674bc72680f8b843b1457383161a

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      ad19d2601c3abf0b946b5c3a4113e226a8c1e3305e395b90013b78dd94a723ce

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      b65531ead8500493e3dd14a860224851b80f438fc53bf8868b443a0557d839a2b0c868e4fedcf99579ae04b6b2bbd8cdb37f9921ad785983c37569aa9d2e8102

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.minecraft\libraries\net\java\jinput\jinput-platform\2.0.5\jinput-platform-2.0.5-natives-windows.jar

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      151KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      b168b014be0186d9e95bf3d263e3a129

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      385ee093e01f587f30ee1c8a2ee7d408fd732e16

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      24afbd5e1fab17da57d16a4d3f19d53f36155ef46a9976484201a4bb9722287f

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      e8dd2c73c97cb0ec065acb3973a89cacf742005d60eca5f68edfd5306a23c4a6be8dd8deb4f7ff870075f75d79fff9a87c2aaee980ef7b4da764bcb822257dfe

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.minecraft\libraries\org\lwjgl\lwjgl\lwjgl-platform\2.9.4-nightly-20150209\lwjgl-platform-2.9.4-nightly-20150209-natives-windows.jar

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      599KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      6cab9a7349c4a33e172ad405682e7796

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      b84d5102b9dbfabfeb5e43c7e2828d98a7fc80e0

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      f2e1f2c6bd7511a7504f389b8b716f5d8dc2fdc71e29c89b52644314cf0a228e

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      83308b1b2edb19b6d252f7363f1cf10b56cb36cf40fbdae83a5ef403436d20a1d088f2c654d85d54143232f82bdef6d01087b3a4d70521d04defcddf548f4fa9

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.minecraft\libraries\v1\objects\db5aa600f0b0bf508aaf579509b345c4e34087be\client.jar

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      8.8MB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      9dd50a2e6a74f7e186354250c2f2c635

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      db5aa600f0b0bf508aaf579509b345c4e34087be

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      be3fff4f2cc005a1310a96389efdeb983d2bcb4b8e747c402acd616ae73d0ba2

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      0a04a81784183b56b3cd7ab1f8a37e44c2c23325d2c9cc2951c391c8442385ab156e353cae71196d47e9cb6ea270709a4e3faa29504e080abebdb13334b72d79

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\README.txt

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      46B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      0f1123976b959ac5e8b89eb8c245c4bd

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      f90331df1e5badeadc501d8dd70714c62a920204

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      963095cf8db76fb8071fd19a3110718a42f2ab42b27a3adfd9ec58981c3e88d2

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      e9136fdf42a4958138732318df0b4ba363655d97f8449703a3b3a40ddb40eeff56363267d07939889086a500cb9c9aaf887b73eead06231269116110a0c0a693

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\bin\java.dll

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      154KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      31401e170ddd8437635c4c8571a80341

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      b79de1ce1b96ad0c3d00c8a32e55043eaeb1bad7

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      3e060e1aafa2fe99f06c34db84a49d3a2f994c1a0dbef40f37dbafd45cd69533

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      fc5e52e5398563a39dd5d8204ffe52a8668c19e1f1bb9706cf408c6c7ed81f8be667d87233bcdfd8739ac022792c36b9147249e5eedb51b21493100ffbf1e5c9

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\bin\javaw.exe

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      202KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      7b23b0aab68e65b93bb6477f05999574

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      920752e4c22e1165e6df27f69599483187edfbb3

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      32546ecf1236769d2d777331f90282fb97589bec75da11c8e727d61d3d4c988a

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      e3395303e53edce3dfa8fe11b7338c77795595a17dac17818e4bc8b77feee4900d541201d6762aa8f46565730e24a5423684049d40bbd074186ef7223c96b604

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\bin\plugin2\msvcr100.dll.tlauncherdownload

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      809KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      df3ca8d16bded6a54977b30e66864d33

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      b7b9349b33230c5b80886f5c1f0a42848661c883

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\bin\server\Xusage.txt

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      1KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      b3174769a9e9e654812315468ae9c5fa

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      238b369dfc7eb8f0dc6a85cdd080ed4b78388ca8

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      37cf4e6cdc4357cebb0ec8108d5cb0ad42611f675b926c819ae03b74ce990a08

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      0815ca93c8cf762468de668ad7f0eb0bdd3802dcaa42d55f2fb57a4ae23d9b9e2fe148898a28fe22c846a4fcdf1ee5190e74bcdabf206f73da2de644ea62a5d3

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\amd64\jvm.cfg

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      634B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      499f2a4e0a25a41c1ff80df2d073e4fd

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      e2469cbe07e92d817637be4e889ebb74c3c46253

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      80847ed146dbc5a9f604b07ec887737fc266699abba266177b553149487ce9eb

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      7828f7b06d0f4309b9edd3aa71ae0bb7ee92d2f8df5642c13437bba2a3888e457dc9b24c16aa9e0f19231530cb44b8ccd955cbbdf5956ce8622cc208796b357d

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\cmm\CIEXYZ.pf

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      50KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      10f23396e21454e6bdfb0db2d124db85

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      b7779924c70554647b87c2a86159ca7781e929f8

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      207d748a76c10e5fa10ec7d0494e31ab72f2bacab591371f2e9653961321fe9c

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      f5c5f9fc3c4a940d684297493902fd46f6aa5248d2b74914ca5a688f0bad682831f6060e2264326d2ecb1f3544831eb1fa029499d1500ea4bfe3b97567fe8444

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\cmm\GRAY.pf

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      632B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      1002f18fc4916f83e0fc7e33dcc1fa09

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      27f93961d66b8230d0cdb8b166bc8b4153d5bc2d

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      081caac386d968add4c2d722776e259380dcf78a306e14cc790b040ab876d424

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      334d932d395b46dfc619576b391f2adc2617e345aff032b592c25e333e853735da8b286ef7542eb19059cde8215cdcea147a3419ed56bdd6006ca9918d0618e1

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\cmm\LINEAR_RGB.pf

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      1KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      a387b65159c9887265babdef9ca8dae5

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      7913274c2f73bafcf888f09ff60990b100214ede

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      712036aa1951427d42e3e190e714f420ca8c2dd97ef01fcd0675ee54b920db46

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      359d9b57215855f6794e47026c06036b93710998205d0817c6e602b2a24daeb92537c388f129407461fc60180198f02a236aeb349a17430ed7ac85a1e5f71350

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\cmm\PYCC.pf

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      268KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      24b9dee2469f9cc8ec39d5bdb3901500

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      4f7eed05b8f0eea7bcdc8f8f7aaeb1925ce7b144

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      48122294b5c08c69b7fe1db28904969dcb6edc9aa5076e3f8768bf48b76204d0

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      d23ce2623de400216d249602486f21f66398b75196e80e447143d058a07438919a78ae0ed2ddf8e80d20bd70a635d51c9fb300e9f08a4751e00cd21883b88693

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\cmm\sRGB.pf

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      3KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      1d3fda2edb4a89ab60a23c5f7c7d81dd

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      9eaea0911d89d63e39e95f2e2116eaec7e0bb91e

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      2b3aa1645779a9e634744faf9b01e9102b0c9b88fd6deced7934df86b949af7e

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      16aae81acf757036634b40fb8b638d3eba89a0906c7f95bd915bc3579e3be38c7549ee4cd3f344ef0a17834ff041f875b9370230042d20b377c562952c47509b

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\content-types.properties

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      5KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      f507712b379fdc5a8d539811faf51d02

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      82bb25303cf6835ac4b076575f27e8486dab9511

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      46f47b3883c7244a819ae1161113fe9d2375f881b75c9b3012d7a6b3497e030a

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      cb3c99883336d04c42cea9c2401e81140ecbb7fc5b8ef3301b13268a45c1ac93fd62176ab8270b91528ac8e938c7c90cc9663d8598e224794354546139965dfe

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\deploy\messages.properties

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      2KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      811bafa6f97801186910e9b1d9927fe2

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      dc52841c708e3c1eb2a044088a43396d1291bb5e

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      926ccadaec649f621590d1aa5e915481016564e7ab28390c8d68bdaaf4785f1f

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      5ae9c27dce552ea32603b2c87c1510858f86d9d10cade691b2e54747c3602fe75de032cf8917dcd4ee160ee4cc5be2e708b321bb1d5cdebfa9fe46c2f870ca7c

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\deploy\messages_de.properties

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      3KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      d77c3b5274b8161328ab5c78f66dd0d0

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      d989fe1b8f7904888d5102294ebefd28d932ecdb

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      c9399a33bb9c75345130b99d1d7ce886d9148f1936543587848c47b8540da640

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      696e28b6bc7e834c51ab9821d0d65d1a32f00eb15caa732047b751288ea73d8d703d3152bf81f267147f8c1538e1bf470748df41176392f10e622f4c7708dd92

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\deploy\messages_es.properties

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      3KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      6d32848bd173b9444b71922616e0645e

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      1b0334b79db481c3a59be6915d5118d760c97baa

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      be987d93e23ab7318db095727dedd8461ba6d98b9409ef8fc7f5c79fa9666b84

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      8e9e92d3229ff80761010e4878b4a33bfb9f0bd053040fe152565cfb2819467e9a92609b3786f9bdbf0d7934cf3c7d20bc3369fe1ad7d0df7fadf561c3fdca3c

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\deploy\messages_fr.properties

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      3KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      c11ab66fede3042ee75dfd19032c8a72

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      69bd2d03c2064f8679de5b4e430ea61b567c69c5

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      8deeec35ed29348f5755801f42675e3bf3fa7ad4b1e414acca283c4da40e4d77

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      072f8923df111f82f482d65651758b8b4ba2486cb0ea08fb8b113f472a42a1c3bcb00dae7d1780cf371e2c2bd955d8b66658d5ee15e548b1eea16b312fdcbdf9

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\deploy\messages_it.properties

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      3KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      a81c4b0f3bf9a499429e14a881010ef6

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      dbe49949308f28540a42ae6cd2ad58afbf615592

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      550954f1f80fe0e73d74eb10ad529b454d5ebc626eb94a6b294d7d2acf06f372

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      6fed61cbcd7fe82c15c9a312aced9d93836ebcffaf3e13543bc9dd8b4c88400c371d2365feee0f1bb844a6372d4128376568a5b6fe666fd6213636fcbd8c7791

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\deploy\messages_ja.properties

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      6KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      b7279f1c3ba0b63806f37f6b9d33c314

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      751170a7cdefcb1226604ac3f8196e06a04fd7ac

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      8d499c1cb14d58e968a823e11d5b114408c010b053b3b38cfef7ebf9fb49096f

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      4a3bf898a36d55010c8a8f92e5a784516475bdfffcd337d439d6da251ddb97bcc7e26f104ac5602320019ed5c0b8dc8883b2581760afea9c59c74982574d164b

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\deploy\messages_zh_CN.properties

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      3KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      e6f84c081895acdfd98da0f496e1dd3d

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      1c2b96673dddd3596890ef4fc22017d484a1f652

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      a1752a0175f490f61e0aad46dc6887c19711f078309062d5260e164ac844f61a

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      d4d28780147e22678cd8e7415cacfad533ae5af31d74426bbe4993f05a0707e4f0f71d948093ffa1a0d6ea48310e901cd0ed1c14e2fbdf69c92462d070a9664f

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\deploy\messages_zh_HK.properties

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      3KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      880baacb176553deab39edbe4b74380d

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      37a57aad121c14c25e149206179728fa62203bf0

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      ff4a3a92bc92cb08d2c32c435810440fd264edd63e56efa39430e0240c835620

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      3039315bb283198af9090bd3d31cfae68ee73bc2b118bbae0b32812d4e3fd0f11ce962068d4a17b065dab9a66ef651b9cb8404c0a2defce74bb6b2d1d93646d5

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\deploy\splash.gif

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      8KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      249053609eaf5b17ddd42149fc24c469

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      20e7aec75f6d036d504277542e507eb7dc24aae8

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      113b01304ebbf3cc729a5ca3452dda2093bd8b3ddc2ba29e5e1c1605661f90be

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      9c04a20e2fa70e4bcfac729e366a0802f6f5167ea49475c2157c8e2741c4e4b8452d14c75f67906359c12f1514f9fb7e9af8e736392ac8434f0a5811f7dde0cb

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\deploy\[email protected]

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      14KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      cb81fed291361d1dd745202659857b1b

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      0ae4a5bda2a6d628fac51462390b503c99509fdc

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      9dd5ccd6bdfdaad38f7d05a14661108e629fdd207fc7776268b566f7941e1435

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      4a383107ac2d642f4eb63ee7e7e85a8e2f63c67b41ca55ebae56b52cecfe8a301aaf14e6536553cbc3651519db5c10fc66588c84c9840d496f5ae980ef2ed2b9

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\flavormap.properties

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      3KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      d8b47b11e300ef3e8be3e6e50ac6910b

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      2d5ed3b53072b184d67b1a4e26aec2df908ddc55

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      c2748e07b59398cc40cacccd47fc98a70c562f84067e9272383b45a8df72a692

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      8c5f3e1619e8a92b9d9cf5932392b1cb9f77625316b9eef447e4dce54836d90951d9ee70ffd765482414dd51b816649f846e40fd07b4fbdd5080c056adbbae6f

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\fonts\LucidaBrightDemiBold.ttf

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      73KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      af0c5c24ef340aea5ccac002177e5c09

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      b5c97f985639e19a3b712193ee48b55dda581fd1

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      72cee3e6df72ad577af49c59dca2d0541060f95a881845950595e5614c486244

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      6ce87441e223543394b7242ac0cb63505888b503ec071bbf7db857b5c935b855719b818090305e17c1197de882ccc90612fb1e0a0e5d2731f264c663eb8da3f9

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\fonts\LucidaBrightDemiItalic.ttf

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      73KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      793ae1ab32085c8de36541bb6b30da7c

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      1fd1f757febf3e5f5fbb7fbf7a56587a40d57de7

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      895c5262cdb6297c13725515f849ed70609dbd7c49974a382e8bbfe4a3d75f8c

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      a92addd0163f6d81c3aeabd63ff5c293e71a323f4aedfb404f6f1cde7f84c2a995a30dfec84a9caf8ffaf8e274edd0d7822e6aabb2b0608696a360cabfc866c6

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\fonts\LucidaBrightItalic.ttf

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      78KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      4d666869c97cdb9e1381a393ffe50a3a

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      aa5c037865c563726ecd63d61ca26443589be425

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      d68819a70b60ff68ca945ef5ad358c31829e43ec25024a99d17174c626575e06

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      1d1f61e371e4a667c90c2ce315024ae6168e47fe8a5c02244dbf3df26e8ac79f2355ac7e36d4a81d82c52149197892daed1b4c19241575256bb4541f8b126ae2

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\fonts\LucidaBrightRegular.ttf

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      336KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      630a6fa16c414f3de6110e46717aad53

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      5d7ed564791c900a8786936930ba99385653139c

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      0faaaca3c730857d3e50fba1bbad4ca2330add217b35e22b7e67f02809fac923

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      0b7cde0face982b5867aebfb92918404adac7fb351a9d47dcd9fe86c441caca4dd4ec22e36b61025092220c0a8730d292da31e9cafd7808c56cdbf34ecd05035

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\fonts\LucidaSansDemiBold.ttf

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      310KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      5dd099908b722236aa0c0047c56e5af2

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      92b79fefc35e96190250c602a8fed85276b32a95

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      53773357d739f89bc10087ab2a829ba057649784a9acbffee18a488b2dccb9ee

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      440534eb2076004bea66cf9ac2ce2b37c10fbf5cc5e0dd8b8a8edea25e3613ce8a59ffcb2500f60528bbf871ff37f1d0a3c60396bc740ccdb4324177c38be97a

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\fonts\LucidaSansRegular.ttf

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      681KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      b75309b925371b38997df1b25c1ea508

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      39cc8bcb8d4a71d4657fc92ef0b9f4e3e9e67add

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      f8d877b0b64600e736dfe436753e8e11acb022e59b5d7723d7d221d81dc2fcde

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      9c792ef3116833c90103f27cfd26a175ab1eb11286959f77062893a2e15de44d79b27e5c47694cbba734cc05a9a5befa72e991c7d60eab1495aac14c5cad901d

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\fonts\LucidaTypewriterBold.ttf

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      228KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      a0c96aa334f1aeaa799773db3e6cba9c

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      a5da2eb49448f461470387c939f0e69119310e0b

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      fc908259013b90f1cbc597a510c6dd7855bf9e7830abe3fc3612ab4092edcde2

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      a43cf773a42b4cebf4170a6c94060ea2602d2d7fa7f6500f69758a20dc5cc3ed1793c7ceb9b44ce8640721ca919d2ef7f9568c5af58ba6e3cf88eae19a95e796

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\fonts\LucidaTypewriterRegular.ttf

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      237KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      c1397e8d6e6abcd727c71fca2132e218

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      c144dcafe4faf2e79cfd74d8134a631f30234db1

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      d9d0aab0354c3856df81afac49bdc586e930a77428cb499007dde99ed31152ff

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      da70826793c7023e61f272d37e2cc2983449f26926746605c550e9d614acbf618f73d03d0c6351b9537703b05007cd822e42e6dc74423cb5cc736b31458d33b1

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\hijrah-config-umalqura.properties

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      13KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      1eddfb1ee252055556f40cdc79632e98

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      84aa425100740722e91f4725caf849e7863d12ba

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      69becfe0d45b62bbdbcf6fe111a8a3a041fb749b6cf38e8a2f670607e17c9ee2

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      a0fdbf42ff105c9a2f12179124606a720df8f32365605644e15600767e5732312777a58390fdb1a9b1c0b152ccc29496133b278a6e5736b38af2b5fab251d40c

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\images\cursors\cursors.properties

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      1KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      269d03935907969c3f11d43fef252ef1

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      713acb9eff5f0b14a109e6c2771f62eac9b57d7c

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      7b8b63f78e2f732bd58bf8f16144c4802c513a52970c18dc0bdb789dd04078e4

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      94d8ee79847cd07681645d379feef6a4005f1836ac00453fb685422d58113f641e60053f611802b0ff8f595b2186b824675a91bf3e68d336ef5bd72fafb2dcc5

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\images\cursors\invalid32x32.gif.tlauncherdownload

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      153B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      1e9d8f133a442da6b0c74d49bc84a341

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      259edc45b4569427e8319895a444f4295d54348f

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\images\cursors\win32_CopyDrop32x32.gif

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      165B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      89cdf623e11aaf0407328fd3ada32c07

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      ae813939f9a52e7b59927f531ce8757636ff8082

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      13c783acd580df27207dabccb10b3f0c14674560a23943ac7233df7f72d4e49d

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      2a35311d7db5466697d7284de75babee9bd0f0e2b20543332fcb6813f06debf2457a9c0cf569449c37f371bfeb0d81fb0d219e82b9a77acc6bafa07499eac2f7

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\images\cursors\win32_LinkDrop32x32.gif

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      168B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      694a59efde0648f49fa448a46c4d8948

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      4b3843cbd4f112a90d112a37957684c843d68e83

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      485cbe5c5144cfcd13cc6d701cdab96e4a6f8660cbc70a0a58f1b7916be64198

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      cf2dfd500af64b63cc080151bc5b9de59edb99f0e31676056cf1afbc9d6e2e5af18dc40e393e043bbbbcb26f42d425af71cce6d283e838e67e61d826ed6ecd27

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\images\cursors\win32_MoveDrop32x32.gif

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      147B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      cc8dd9ab7ddf6efa2f3b8bcfa31115c0

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      1333f489ac0506d7dc98656a515feeb6e87e27f9

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      12cfce05229dba939ce13375d65ca7d303ce87851ae15539c02f11d1dc824338

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      9857b329acd0db45ea8c16e945b4cfa6df9445a1ef457e4b8b40740720e8c658301fc3ab8bdd242b7697a65ae1436fd444f1968bd29da6a89725cdde1de387b8

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\jfr\default.jfc

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      19KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      971683e69ca9cc831afec282e999517c

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      b054de4c4a6f6e04800942c3fcdf2e99963d91fa

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      0e90e5023f69c44497f1886bc11fcdc8caf8e5bdb0fbd86ac653327a61e51451

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      99db3a71c96d959b8bc5e5896c834be43f37ad1eff5f7d915183521289563ab7e103dd7d00028c73cb05bae1c0d53441aa0c1d47b2034cd9e08aad7f2d2ba247

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\jfr\profile.jfc

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      19KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      0876bcedfd8e60815378359f5a428f3e

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      eee5a1d7f47cce948af54821f0c5dbc9fca28925

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      0f459267c79fec84d7c01f1bc7085821248d91d16324af7eef04274a243bed38

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      132a5b8e78bd2d047f1a09654c63c4d59b892546270e1d99694e4cef5a7b064a34ca3dacf6bb8028354205c348153820c48d79d2e9a42bbad5a90eb252976c45

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\jvm.hprof.txt

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      c677ff69e70dc36a67c72a3d7ef84d28

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      fbd61d52534cdd0c15df332114d469c65d001e33

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      b055bf25b07e5ac70e99b897fb8152f288769065b5b84387362bb9cc2e6c9d38

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      32d82daedbca1988282a3bf67012970d0ee29b16a7e52c1242234d88e0f3ed8af9fc9d6699924d19d066fd89a2100e4e8898aac67675d4cd9831b19b975ed568

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\logging.properties

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      2KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      809c50033f825eff7fc70419aaf30317

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      89da8094484891f9ec1fa40c6c8b61f94c5869d0

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      ce1688fe641099954572ea856953035b5188e2ca228705001368250337b9b232

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      c5aa71ad9e1d17472644eb43146edf87caa7bccf0a39e102e31e6c081cd017e01b39645f55ee87f4ea3556376f7cad3953ce3f3301b4b3af265b7b4357b67a5c

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\management\jmxremote.access

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      3KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      f63bea1f4a31317f6f061d83215594df

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      21200eaad898ba4a2a8834a032efb6616fabb930

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      439158eb513525feda19e0e4153ccf36a08fe6a39c0c6ceeb9fcee86899dd33c

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      de49913b8fa2593dc71ff8dac85214a86de891bedee0e4c5a70fcdd34e605f8c5c8483e2f1bdb06e1001f7a8cf3c86cad9fa575de1a4dc466e0c8ff5891a2773

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\management\jmxremote.password.template

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      2KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      7b46c291e7073c31d3ce0adae2f7554f

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      c1e0f01408bf20fbbb8b4810520c725f70050db5

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      3d83e336c9a24d09a16063ea1355885e07f7a176a37543463596b5db8d82f8fa

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      d91eebc8f30edce1a7e16085eb1b18cfddf0566efab174bbca53de453ee36dfecb747d401e787a4d15cc9798e090e19a8a0cf3fc8246116ce507d6b464068cdb

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\management\snmp.acl.template

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      3KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      71a7de7dbe2977f6ece75c904d430b62

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      2e9f9ac287274532eb1f0d1afcefd7f3e97cc794

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      f1dc97da5a5d220ed5d5b71110ce8200b16cac50622b33790bb03e329c751ced

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      3a46e2a4e8a78b190260afe4eeb54e7d631db50e6776f625861759c0e0bc9f113e8cd8d734a52327c28608715f6eb999a3684abd83ee2970274ce04e56ca1527

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\psfont.properties.ja.tlauncherdownload

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      2KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      7c5514b805b4a954bc55d67b44330c69

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      56ed1c661eeede17b4fae8c9de7b5edbad387abc

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      0c790de696536165913685785ea8cbe1ac64acf09e2c8d92d802083a6da09393

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      ccd4cb61c95defdcba6a6a3f898c29a64cd5831a8ab50e0afac32adb6a9e0c4a4ba37eb6dee147830da33ae0b2067473132c0b91a21d546a6528f42267a2c40e

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\psfontj2d.properties.tlauncherdownload

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      10KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      f8734590a1aec97f6b22f08d1ad1b4bb

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      aa327a22a49967f4d74afeee6726f505f209692f

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      7d51936fa3fd5812ae51f9f5657e0e70487dca810b985607b6c5d6603f5e6c98

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      72e62dc63daa2591b48b2b774e2479b8861d159061b92fd3a0a06256295da4d8b20dafa77983fdbf6179f666f9ff6b3275f7a5bcf9555e638595230b9a42b177

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\security\blacklist

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      3KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      b2c6eae6382150192ea3912393747180

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      d4ffb3857eab403955ce9d156e46d056061e6a5a

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      6c73c877b36d4abd086cb691959b180513ac5abc0c87fe9070d2d5426d3dbf71

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      898582c23f311f9f46825e7f8b6d36bed7255e5a4e2fa4b4452153b86efbd88db7e5b94dbd9cb9db554f62b84d19f22ae9d81822b4896081c487fb50946a9a9a

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\security\javaws.policy

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      98B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      9107d028bd329dbfe4c1f19015ed6d80

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      4384ca5e4d32f7dd86d8baddd1e690730d74e694

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      b7a87d1f3f4b7ba1d19d0460fa4b63bd1093afc514d67fe3c356247236326425

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      81b14373b64ce14af26b70d12d831e05158d5a4fa8cec0508fef8a6ca65b6f4ef73928f4b1e617c68ddeacff9328a3d4433b041b7fb14de248b1428c51dbc716

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\sound.properties.tlauncherdownload

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      1KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      4f95242740bfb7b133b879597947a41e

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      9afceb218059d981d0fa9f07aad3c5097cf41b0c

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      299c2360b6155eb28990ec49cd21753f97e43442fe8fab03e04f3e213df43a66

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      99fdd75b8ce71622f85f957ae52b85e6646763f7864b670e993df0c2c77363ef9cfce2727badee03503cda41abe6eb8a278142766bf66f00b4eb39d0d4fc4a87

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.minecraft\runtime\jre-legacy\windows\jre-legacy\lib\tzmappings

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      8KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      7d4abbcfb06d083f349e27d7e6972f3c

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      eb91253590526f7be7415839ccbf702683639c8c

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      d936ee24810b747c54192b4b5a279f21179fe3ceb42d113d025a368ebb7cb5a7

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      e5c2fbbc07cd53baf14f3cc239b56b42b73de47f9b7904aabf7d97695d2ab8866d0c8179235cbf022245949b9b8e419985e328aa5ed333b14b8b4de2c82b225e

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG1.PNG

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      45KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      d1172f72e8fec2b8ddbfe964b7197dd6

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      91b86d380b4cf7f3fc6dba2be364551f0194ceab

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      a8f33799d6ea706548917b5686b7bd1c6f077fcb344cbd51e9af8d7b4ffbb7d3

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      afa1b94831188a4d15314a9c2a7c528e7c748a51030bbf6dfb735de5288f5a5fbcd6db3c275a0346c69dd6e999b50df81c7bf63a0cc5cc5c563c49844d363acb

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG10.PNG

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      206B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      982b81691cac850c2b98b252e4064660

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      0c284934268046484921afa55587d863a3a241a3

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      3aca81c52680324664bf3128976503ce73931444b956cb3127810661dccd1687

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      5be188c92fd6dc8ff014f4f4ff3195edc69edb6142833a42ad49d45807ccb6bc5e7309a91d5a7f822f96f2951872f85d7a48328d123d2df59158af64a15e9f69

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG13.PNG

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      41KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      2fe88aedf465ed13678cdbc685e44fa0

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      624f5a00e7cb017e9bfdfab79f6594a7e02171db

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      4351cce19e5189a474a3e5dfba8c1c33e51bd875c1d574e5069b49a752f9f665

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      6fbff486e7064d083ba8d12d0bffa102fdd61a3f818bc85516ed12b287b582adfe7d358d6ace18b45978bbafd9d9a1df2e08dde8291cabb35677314e99ab299c

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG3.PNG

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      475B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      b0a5a3db3901023adfc16cff5a381ead

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      dfa2662d731eba223ede334a6f875b33e0da964e

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      88812d618bc05aea2f43fe26cc7fb24953883418e51d6ca14d6a57fead9b97fd

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      8eb6e90e6884b6ae0fdf943f4326d3ecf34eb9cc5e73d87137ffdea7caaf11cbf48bb7571096d7ed1e0de6c5627cddc9e018eeab2bfbe6639b573ac4b5209960

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG4.PNG

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      368B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      9d399665b43d4310c637b43ae523da04

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      5984f23773322e93fb762168cc1924fdab9cca0b

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      c64efebdbee0cba76aa97b61953cfeab0097443bafdddc840feeb81ab0b4f2f7

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      b881e136b499b8a32a68273d476daa5b258823cceaccf73740341f2af366458e66e1e91d5da8cf8bb07dd8f67665774caef58f15031c3bcc0a2ddad41d0c6145

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      6ee2e1d5732cb6ed963865b7e66d43ad

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      891b45fa91eb06a47d1a00de245199325e077b1c

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      152fff6f48dd4797732c08e467a55e2c6013b49c59491f441738800343a5402e

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      afa73557235480f341d6856cd14769a2455ea0d108a5fe2de9b4887622963aec4a2c5e2872fd643fe720afeb817b94d7e9317659b272fe9fc3fdffdd0190844b

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      d13354b318232927645a908c7a64d8e0

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      51836d6d4298aca8313e212f2145853b8d258f44

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      37a9df173bd99e07780458abb80614e165396dd4cd96ee3a3f8597e3151e3d63

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      3ad104c18fa33f35479ae25258f3cc887b5f41868d0f8831cd52534ad54e0b6b3c8fe16e2ecf812c608c58072e017bbd40ac509184553559e2955497648036f9

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      18KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      d935d2bb1101a2ccd13ed948346d9498

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      f44ea4d2b35aeaf85d24077f24fd9b9fa17aa6b9

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      2c1f9aa84aec6ea2bd90b16e13baf7523f070f8fc09ec83aed928173b658bf14

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      3b7184f882815d86b49469e1ce517dca4f06a1c854099eda27c2f483e7974e645620995e0c4f0d78dc98884c0c3f012c913e51091ca752c9fb40b3d9eacc1127

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.tlauncher.org\tlauncher-sources\prod\release\tlauncher\2.921\dependencies.json

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      17KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      dd4d9eb42e26f86cdb8f58ac1401e217

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      24fd4a27ca650aae032ad1ecc15f1b7560803822

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      22127b008d98bf65a5fe9f846641eae124975eeb91b0af0285be977037c41993

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      5df828b723041e41db19a58a20c8446a791a1dc07d3669b080c4d128b229dd8fa5b43f83f445ade20545339bc402372d7924861acdfecea1e609dbe7545fda1e

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.tlauncher.org\tlauncher-sources\prod\release\tlauncher\2.921\resources.json

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      17KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      d892039e33a914bdd174cbfdfd0e7331

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      42754a8f3d087d09999d8b89ce6ea4eab522f1f9

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      5acb848f36f188765ef517f67d90fda54892af1d5db3612ba8ed5d3802e2fbb6

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      f21dd600db9140adc394b749485102a89723a7696101cf19ca6e365f2be9d3a7b0ad54a335985065165c07122415afb9a85170cc1144b8acf237f07538865511

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.tlauncher.org\tlauncher-sources\prod\release\tlauncher\appConfig.json

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      3KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      91db38ec63d5ba27c2d84d1ce4f5950f

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      0f981c54c5dc136c271387b919d0da1c043484d0

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      4a21a1eada9a254e366a32670c65ae5e1fa9b12ac72b1be4e55be54347a1f38e

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      299ea4bbf286e7f4d1eac2b9ed5e06d0deb25a79d3d8effd8524154b576c16b14074e6d6d4c8225cd633e2cccc74547a3ebeff1ced03e99b6879cba08e330356

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.tlauncher\starter\cache\https_repo.tlauncher.org\tlauncher-sources\prod\release\tlauncher\javaConfig.json

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      3KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      e2cbea0a8a22b79e63558273dded5e6c

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      bfbbbba0679adcbcf9e079ed3c7c7a60cb0b2d61

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      10d0f3646be0a7d73942d7bdd1e55c4b8df0c34cad7ad15a9dc23b2932155007

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      a6aa26ff49c911fb4705df1e8e434c72e206b20fdaae0abc529e2734f5db49c75da35c3d75769e0ac1b6795de540de4c7e1089b387217fc58f8b19b023064e5a

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\legal\java.logging\COPYRIGHT

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      35B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      4586c3797f538d41b7b2e30e8afebbc9

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      3419ebac878fa53a9f0ff1617045ddaafb43dce0

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      7afb3a2dc57cb16223dddc970e0b464311e5311484c793abf9327a19ef629018

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      f2c722ae80d2c0dcdb30a6993864eb90b85be5311261012d4585c6595579582d1b37323613f5417d189adcd096fa948e0378c1e6c59761bf94d65c0a5c2f2fd3

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\legal\java.logging\LICENSE

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      33B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      16989bab922811e28b64ac30449a5d05

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      51ab20e8c19ee570bf6c496ec7346b7cf17bd04a

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      86e0516b888276a492b19f9a84f5a866ed36925fae1510b3a94a0b6213e69192

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      86571f127a6755a7339a9ed06e458c8dc5898e528de89e369a13c183711831af0646474986bae6573bc5155058d5f38348d6bfdeb3fd9318e98e0bf7916e6608

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\legal\javafx.web\ADDITIONAL_LICENSE_INFO

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      51B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      494903d6add168a732e73d7b0ba059a0

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      f85c0fd9f8b04c4de25d85de56d4db11881e08ca

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      0a256a7133bd2146482018ba6204a4ecc75836c139c8792da53536a9b67071d4

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      b6e0968c9fd9464623bfa595bf47faf8f6bc1c55b09a415724c709ef8a3bcf8a954079cce1e0e6c91d34c607da2cecc2a6454d08c370a618fb9a4d7d9a078b24

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\legal\javafx.web\ASSEMBLY_EXCEPTION

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      46B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      c62a00c3520dc7970a526025a5977c34

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      f81a2bcb42ccbf898d92f59a4dc4b63fef6c2848

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      a4b7ad48df36316ddd7d47fcecc1d7a2c59cbfe22728930220ef63517fd58cb0

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      60907d1910b6999b8210b450c6695b7cc35a0c50c25d6569cf8bb975a5967ca4e53f0985bee474b20379df88bb0891068347ecf3e9c42900ed19a1dcbc2d56ec

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.tlauncher\starter\jre_default\jre-17.0.10-windows-x64\legal\javafx.web\LICENSE

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      35B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      f815ea85f3b4676874e42320d4b8cfd7

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      3a2ddf103552fefe391f67263b393509eee3e807

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      01a4ebd2a3b2671d913582f1241a176a13e9be98f4e3d5f2f04813e122b88105

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      ddf09f482536966ac17313179552a5efc1b230fa5f270ebde5df6adebf07ee911b9ef433dfbfcb4e5236922da390f44e355709ecaf390c741648dd2a17084950

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\.tlauncher\tlauncher-2.0.properties

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      1KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      6213e35aa9679cd40a98ff5f322c63f3

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      70789a2c795e3dae67e7037b7cb2264bfe3bfce8

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      709100e43652685c423c075173050e5784c91a535b3cf5a3de3faed80da4fec2

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      792c431f1d2d7e7a13dc717ef4a6752457508611c86ed5a13134413652a8b77b96fc35ae2f338357b937c9b773802389b054d590fa1e720ea8f980bab2fe7f0b

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      3KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      5333972cac548f3b4372d5f64fe1ed38

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      512f62075f4502e004dcd1433adb42aa5d144f4c

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      d249f250144cd12abfe1afa65858da26a5e0a1596c4a027ca5cef239d56c8225

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      dbdd8001391f1babaceca4e8958509206fa58fe1e1173afde5ee6f0cc86164140f59159925b74177abfdd242f95d55f4e6b3646d155fd8eb7c1e1ef4bdc52599

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\datareporting\glean\db\data.safe.bin

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      2KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      166bb1412e0e7fa4733fd530486edc87

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      fdf4c6ff65f7454ce3c15d2347348035e22128ff

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      052de56a2290971e5eecbb7f95e80eb5ead75d7045f69e3e90744303e6dadf24

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      ea3531702ce43071212136b98f5b7e6c547edd17cba77d2d571ca9f016b3d4cd1342e319bc8e7ee4485c618b6d3eafcbcb7671d70275fe445c91606bc17c324d

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\datareporting\glean\pending_pings\aa9ca0e5-dc26-4e7f-9b2e-b5e2bf113cc0

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      745B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      bb9f606c7c82446c443b7db7918cbe6c

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      3e734b53b8a3e763b75c189e54dff9429e3509b2

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      96460e288c58afdc4f30735af69953ee39b2b5f910ab4e82b7bbd6be4628e46f

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      3da643fd022609af3046f59d8f542c5617308803fb6d3050bdf5a61b4b6e707a13b714bdbed691f872cf14a03f9e293f128757c1ee8e6cbb4b0040b6cbc390a2

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\datareporting\glean\pending_pings\c7ae5308-fb4d-451b-bde4-484b815edf5d

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      10KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      c611e757d9f345a9a8f165d196ff19ea

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      803f30383696a5d0b3eacc5e3c364049c2edca88

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      bd987df48b42041546a37e7116f20c9c99880fb26b2f59a513b82075c4471562

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      9b06a1b1b6cd6f0ee19470428f661fbc1ffc8d5242629bb205da06d07e96189767c46fecf2d33696501fdc5b5f821c87365993ef9b0a893aa24ab3a79fe83989

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\prefs-1.js

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      6KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      4341e86b883f0223042ef2b482fcc7cc

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      5708ee6fc557b53cb510f0de4bacd73c548b965a

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      b51a04e7a000e2c19241da29bdba4c0a9918a6d104946647421fadbde7707d47

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      1677e8523583f5032770184957abf6c5c4d43d9b16ead4bcd16d112f8a95bc2f8263546751973a87ee3baa1fc925897da9474ff6ca736d2e1efcf5cfad13c03d

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\prefs-1.js

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      6KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      fba586d146351ced092d034fc3678aea

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      cbfcd531caabe7d6f0845f73c114a675f07f94ef

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      3011606beb60e392d47d71f8d7a2ef36705c85456b4d6abf965f048b4db6f5cc

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      1b628ed6770836a3e865f5e2e3b2749dcfb9c1f47ebf76f302041eaa55cac6e601643d15fe79ff47aadc37719806c41e9aac2ddaaa8be7e5852c8f842988b9cb

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\sessionstore-backups\recovery.jsonlz4

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      6KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      903062a8a33939adf3403ef17c81ff7f

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      08ab3bba90892f39db9a1a0322e3daa45fec0e18

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      04660c8e975ced9c1a3bb143e047b8442da3e7c7cb1b620e14a7e442bde02008

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      72ce08cf80967293665ce4afb0d03da5defbe2a89191c38ec618e576cf626a3ea2ba109dec12bf25efbd2f60b6231cde171c826c8ffc3e65f82e86cb81537bfc

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\sessionstore-backups\recovery.jsonlz4

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      7KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      8f1e5945bd075776dac63bb708f4609e

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      010acb1afd523ba339e98411ffa836c863e0e6aa

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      0b3afd9f9352b5aa978ca4cb72bec1eea8aec4a34bcc6e6440801c0e64654b07

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      ddd7da50a9e8992c408077cd26e65cd14798027075d178898bc5c2ce7604d03f1c116a86f8fb99b954d2ee91c1f9a315ecf5d713ec7bc0065af8d2fef25d46db

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\sessionstore-backups\recovery.jsonlz4

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      7KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      749b1b4539a1f27736443fdddca181f7

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      7f514da87c74040c092bd500b4d848ae1da5bd06

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      8ea22dd69e5b4891ebe2fd8b65ebed144e678ef9bb57a50e61da7b7c06a0506b

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      1dbf38dacc69bf9480c25ab7edcf492bfd027c655d31d96f64f7fb103221b813d460b060ea68e074d3c39600dbaba5eb97db2e9a7f0e4a92440b1dbfb2cf6db2

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\sessionstore.jsonlz4

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      6KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      aa8d0b6f77b29dcd8acde367caca597a

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      4d25c4f96d1fbd7a70fc40b7f713d665c4ca7669

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      c81d5671cfdbb567d5e2255f3c4a83c3c2b0553a2f32288a73dc33373223a840

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      389df5b8ff2f23b7e2d4056832cc8c0e45d510607a5cbf25a567d73a295880ee4c601246923238d560611082273be7956d557c5da70516c4e04bae346d3d20a1

                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      184KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      5e408510e49e400798db0c3d8d9d24b9

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      bdf1af36f1d03934209eac72ca486cf4c9810b45

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      81d5663f7cdc1caed0e23fb10c3798a9791c0bdac67b6ca96d321cdfe71c9532

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      20a1f7b4d4eb3117f0fae575a6d91bd37207c81fc831ee1baa54c752a3a1b547284ab198126eee37f0687dde2aae81085a555e0101074f391665317a61903357

                                                                                                                                                                                                                                                                    • C:\Users\Admin\Downloads\TLauncher-Installer-1.3.5.exe

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      23.0MB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      1a2ce8f6f111d438d4467a84d8c74351

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      6f2b6d316eb820ae6875b84df9615e412ae0773a

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      9aaa326da7ca2d0d7015742e3ffe5bce7df63cae147166e52f094a1c20897856

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      8f276c77a73f4035513d463be939e056a67cfcfb28df078b7e63a3f524a5c66d02128ac6a267e84226dfc2916ae74d0f945a12f7326fa89fa97070329d828193

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      914B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      e4a68ac854ac5242460afd72481b2a44

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      df3c24f9bfd666761b268073fe06d1cc8d4f82a4

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      1KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      a266bb7dcc38a562631361bbf61dd11b

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      3b1efd3a66ea28b16697394703a72ca340a05bd5

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      252B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      0241dff2b7f5fd76be12e972ede43860

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      0dc6ffb64681037ae944a1aefb3574650207251a

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      6071ad5cc855817d2db85a58d9ae3539d324571f14e9914ad07ee2455c2a998c

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      bba19c50dd4b89e7b8d46081552a395f75ceca8ae0917cd8f4d15060794f686819bc1706fb8540239b3782615f1bf4d63538f32f443bc98e75139e1a2223e4b4

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      344B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      e142cc5531f761a931b8e748c59d6e1f

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      55d3b90c3f47c2f67e68fa03a0d8b3c08c9ae3ac

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      785b685ee178c157ee482c0ffa7f5d4a2b6d85f4660a6f9bac22b007af398b95

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      03878f75f5c52dc25c49f5199e15bf8ab48e1456cee27f24cfe05eac0e1c46f689fedbf7ed03faf14c5b4a78ff4059dd19c7d9dd58e335b7771bfdff5fd47c46

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      344B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      11c7e1ede9d650dd0485a2074b03ed5f

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      b4d8cc2c811ff0d3e94b5a7357665db939723512

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      1c8d38607ae5a01f47c86f8490daa2d1a7423c0a94aebbbbd432b86aef7812b7

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      3dac782e45f8cdbf30dc275fdaaa3cc50255f078ec84985058982ba4cb89158cdb71c80ce0702380afa3d511c6d5a62053c188d78b954109b45107ccbc3bbb33

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      344B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      6c0464c86b5430b84a7ab78785a451bf

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      c7365e66476ff5582eed84c8b987bc86cd5bbadc

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      96dbe26df6e9b1fbbec8411528fc57fd17b8ad7cf35aa59609bc13ce966529c7

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      c35a8c399bdfd18f59e16319b7a7b127b5b4ddce3794212e243f60868ff7beec1b21db9c48843a203f0dd4fa6085c8d08a6b8cec18d508e976da0526be98e4c9

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      344B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      9aa855b86b250c534dfb4f6548384dc9

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      e04f964449daf590a05d3ba505fb23d478f31090

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      aba7b9a52c94caa397730b494b6d2e95affcf1db731d62afe7911e65e081a4ff

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      226157aabe2092bf5171b85354341a935160e884826584581ceef593a496877cef7670d025a37f71d7118683d28e932aa541f5da2ed4724bfa1657890bc3a46d

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      344B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      f3796f8c6f32c49831369993fca37212

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      7752241a0307712791d79fa459a444de96ee50b8

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      d40d299948d43f3ab8ec95fd4ddee713bbd0884d07039916cbbb2ac595b081d5

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      196edc52b4002c363fab4682938d6795a759f1df63ffde52baf3e1c9f91a406bfc6f8c34c077e41a4bf3dc7ecf34cad96eae5d22048cd1c9cce3d54735bd9a3b

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      344B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      64da8eaaa22cb7d425ae3918be641228

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      3b9413ff4b3bd9ef5ee198271adc4b814d111cc7

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      994ac5982e31d660092363836e262272913c335f0ac694b0ef4faa67b149eaa7

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      df2a33eb8828de1515848ab48e66619c68e143cc6f0fb36746d8116a65179c07b8882fd30c4016a15a717c66ce6bc6f05f6aa71b35cc28584598523bc363a7e0

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      344B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      f3a2883a5a083ab727bacc3dc092bf6c

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      f8b96c71ee9f5bde753ab986faa22460de61ef5c

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      3482fed0f10871a7e1d97f32a63f1cf2a5fb7ef344e30457f8257dae87d81083

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      39447cbab6081530d8e52f43dee4059718dd35cb085545627d893136868c9dda245af82719ecf39ba870b5c3eb14e0c9b12359ed00d7f0bca5f6554c2d45c538

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      344B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      14cd524de47fb34a356169c80ae0e897

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      ac6f28b74ef2f8971a9d4e5cf2206e22b083dd19

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      ef1169573b8b4b482f214f08e1430f6764c63cb3fba306a79a655e3c85c801a4

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      e59e11e4c9fef89f0d4877cde02241773e9d1bdc9991e62af5679a5867df7fd8873f99b5ce87f775eb18994c87d4c8962e08ff0c2ae39efad4b80b2e7653c843

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      344B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      325321ed8747b901b80f9e68c9929ba0

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      eac99d842cc021e2e76dacc11c6ac9ce963ac521

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      9c4128d2c648a6a7d7c465330059a265891bd7d40ba26a1cbb342f4045a3a83a

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      3b748f369f65c3bb61a8eb484809611362bd195e3f0f56ce8290e2c30dfc490c0b0ed51e479e559caa2a39e585cfec9c695053e38e3768fe601fc3feec6c5ef8

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      344B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      74bc6fd00b9b2627c382564492de7ffb

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      a385376bbb33c1e6c41db468635a29aae0fefd70

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      94410bc32d6badb1ac7e2966031e86aa11a6ed333e9890eed4ec037f9a51f2a1

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      e6d71db50459f5e000f895c4b73b29070dbb55f8d578b624d06ecb3df580c9e2c84fb65d32ce5b6cb84f621755f1463dfe24cfe697ae9d55bc0463a7165fa517

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      344B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      df5b6c55962a3aa84c042973570355fa

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      2eb5fe0d4631d228564e5a547ef3e9416afdd627

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      c4524ff1e3c02b745408678734a61f93b5676a9fd6955c2f8ac80d9c1dddc068

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      adbc693be764435b776258b0608c7cfc0b8c8f51fb0b4c68ed8fe1259d8ad5e703048aa0830d80aeed05a9546afe25960bd069fdd66c85351a3615a079790e11

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      344B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      f59120549ab663c2083baa4b103d03e2

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      e07e7e83c4cd4a2633995e905129d3ae0dbecd38

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      14080bf7939911f4c058d97023a484b5d3b7f0ad2e92ea82af2ca35ff7a91a2c

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      bbf078e7d0afd453391d0f9339321926779d08ad9677f6e01fe61e3ca47097cb416f990c6ee6622e09cf0bc14e8caf8ad801e97bc8823d7d768ad9450b1cd94f

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      344B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      f75a126ed7de9615e5161c97f37a5d50

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      1a03d3d3db668dd0df60df2412aaf16c7d52422a

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      9025f67afdaa810e2f1b0c2484a0e2bb1ab2ce5472aa11b83b3aad5de109f071

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      11f4a596feb0b0e8641a8f0c908fcf8b9811abbda08b50d4ca4b389c058c046da82a1259f8427587da923d3d0cb72af0a10de2d579213418381fcd7ebec7cae8

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      344B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      a1a37067fc6c054d2c15a7e4a3f9f1bc

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      76b22a7c77a4d840e1618446306e728dfff521ef

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      942c303c7ed37afa1c66e6a7f36237bfb2f97d22b6d1f4b2afa3ca4cc77b2ed7

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      7284830c1042d085635bee65d8655f3c054526ea371042d19a5990a2a41eae03d2c1b7ad71a82e3e2bdc905335ec2b264373029e61b9a120269bf89461cbbf2b

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      344B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      a4ab02947a9fe7c92a281b10d6a0e9ae

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      7c7fcaf20b02b2d59a2673b82af245a768514227

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      9e0cf6d4e20765f74e52abe0c861bb3ccd58089f51bacd448fcd01a6f3c5e75f

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      824222af156f3ebf9a1516bc0f5c8af5e89f4b3aff62df5da58d3485276536238fe1ac7cac7c0d732ad4a2c77677e90f717988dd4134c4b64f8612b10dda85cc

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      344B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      5a89936823abb06553398029fd9371d3

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      03be1c5e35da5e2984c60a18af80de825ef10aad

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      750d5f8cd72f308dea32b7b37363fb4175a93c4311cd2430d061049fe2019686

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      3510e78517e9696cbfa494217bb6cf484b8eb91bd4b730f1ef3a9125584a783475ff26b53cdf3dfec344efb097eeeeccdfa3d7ee5c9493c39565e33adbf6cfca

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      344B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      46ca1e14b16fa2195d049172d6e3d044

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      2f04baaf0a7ef665b2f0dc23a0a7136488841866

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      390a2539a8525ffe826e15b8256ed4b5f7275856893993a66ec03da7b2826b0c

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      d5d2e5b8cf67b2f9410356138d00b1415d3555dde610863399ade5146cd4f9b425cae82f8d4206002f612e9db90b90ec8eaaac483ae28eee4742a136d08ebb0b

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      344B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      4c9bac6691faed31717197d2eddfa554

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      0aad0f5713d4d7aca31d1e3e2b9b6ae448b7ce31

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      079978b39c150bf1a68fefca64e9ffe85e924b6393b13e7332ebf6280d543db9

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      997f45e6f4abe22aec487ef8191f9c4494a88cc66d5201628ac3fc1c41eb391b9f4eef3c6cb9bb0d9488353fbad9f4ba1c512829e94dbb139f430cab1c931174

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      344B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      367d0536cbdfc63259cc0812c13110fb

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      7103e27e9d0ca1e870898893398324f40c00fa99

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      7b812de2fd32d388b730d55faf94175134def0e11279b752218a94c2ff272e71

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      9425648caacb5efe1797803638d8de8b6a80a14377d5213bc1429922d424d9bc66c01b18ddbf16a90c3550f44b0254c6c9179c3bdc9c6d1de9ef1b3d400a06de

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      344B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      58fa9dba0130a2d2383871e59c604378

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      b64ddedfd9bee7d10960997ba7e511f28ddefc62

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      d308d4be7aaee5078cbbe799a13d3188673d0f76970c01f145ac2f088fddd14a

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      17c26a49c516c620a471d93f8cdbc4af7d37e70b3bda2d0b7ee67f2272fb54aafe76ea96805d3da7739cd08a984dff63a9e244e48ac98e2e9434447a6eb62d81

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      344B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      db92222cac237b22c41d296c4a9e79f1

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      764a64304ebee347a35ad94048cfed16ac037fca

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      48d7b5eda4a06e5a2610e5190d9fc0833dbd6967929424d26842cd1fece79682

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      20432110c664c9c26cbd120e02e7c2d86bbcd9a1f3142471cf53bebe8677b4a24263602142f97abb9d49e91562d48d11f2d1471d8b8a1e74931145eb3c719dd6

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      344B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      a0065bad28b154210f694b2cf310d733

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      7547c4e71f9da798d67d81492da3169f0624f433

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      f0bb53484ce8c772bed7024ae23817ffde02197a414704a768f54fb2ef506902

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      a49a9e584bd41a5da227ccbc619d06678d31bf1c51349afd8df469dbde48f2899b5f0be6b54c78a0109fd99880fd7ea6b540159ba2af883493be1169a08915a1

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      344B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      7261d9687a8b4d79d5903f71fc44da08

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      e7b12cf10ecd154beae66f68518085a8104551d6

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      bd9adb729942e1aab2103bf6f8c0b704acbf521a781633ec0b7619b2c02453fd

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      eb227533a5e73c1c63ac8cce700ae86eb8774eb8971bf7515e85bf46973df75b68ed86c02ef53824ff5817aa9a7d6c5beca72d6430c5ef8ebc8c911c89a584c7

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      344B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      89f83c3cc5b4782960bd53c54d6f3fd4

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      923ae4abae6fca939927f11c26a5b96fef8d2769

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      a0837aa60cf6dc627677c65e1c874a156678696b5467d1be097708d79d91a045

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      554415905f1fbc137ac2916bd7af0f1890698c2fb8229a73a517730361b49fa37d5ac3a114eb89dbbe9a00668aa0ce60050d976d7040c18bb8b096164a783542

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      242B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      c7622079d4fdd026e34cf0a68fb45997

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      1c00fe9e0a0ae9d3f2f286f85cc480ded418ea8c

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      96a8957312c9fb17247626fd66a0296fa04d37c123c2d8fb2d8b8783d2735b7a

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      0cc09ec53ff94dae8d8ea91d9a3e1931d5eab8372f693bc15cf6084dbdb5883ef95cd901ef0c33f7e1411a5263f779a1fef6a1ad4fbbfd1ca214b13e8d58b2d5

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      242B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      54233f1e65372632abd6cfc79df23c3b

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      4d3f6cc6637a3b56a85c2e9229af03f893ebc240

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      5785eb07f8d6599b0269f005d34b6ad854256102ea78cd0c862b0c89cea76a07

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      0de4180be4370a6cdec609def5343cd417ae715d8f52edcca32ed46cccc96d244a4aabdfbf3a5bf244f95579460b5c2a0c7bc0f2a8597f2f6520a87449c18726

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      da597791be3b6e732f0bc8b20e38ee62

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      1125c45d285c360542027d7554a5c442288974de

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Local\Adobe\Updater6\AdobeUpdaterPrefs.dat

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      198B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      7467bbbf6cafab8f76363e45f3031d00

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      94a024e4153e032cd4880de450e12e5fe6ab5e04

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      6ff318e6812282ab1ef8922fe15957642d8ea59c1de0939da220482a29200606

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      2d8ebcc18eec1122d929883d2348789d77f571f696a1017fb471650dbe03b28323cd1d75bf06926bb247b6902276c5e02b444f30a1a339c8d370dc3472fc23c0

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Local\Google\Chrome\User Data\67892915-d91c-455d-803a-9b28e9757220.tmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      1KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      451ac4dc06aed04b0b9ee9953ed28783

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      fcb20e3dd1332df11ac7ea68d78ec26d6c20d00f

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      a39bbdae9d814149ad0ea89f6b9f237cb3042995f8c9cdfa691633bd7f9b0a44

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      77d62b321a835dfcf927f254bbf4f24cd831cfecd56169a7557f3a430f8333e102f0a6fd41f96dfa61f4d50c329e37eee45594f894db98b8f8536da0bb9edfbe

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      8KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      cf89d16bb9107c631daabf0c0ee58efb

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_2

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      8KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      0962291d6d367570bee5454721c17e11

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      59d10a893ef321a706a9255176761366115bedcb

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      8KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      41876349cb12d6db992f1309f22df3f0

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      5cf26b3420fc0302cd0a71e8d029739b8765be27

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Local\Microsoft\Feeds\Feeds for United States~\USA~dgov Updates~c News and Features~.feed-ms

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      28KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      e562eaf2a07c06f6df713525b2c94e78

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      e5a80a57205ae56bf679fd1c9bf8304aa38854a9

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      16651594ea3306259e8ca77e3c17229cb34d3dbf43f6659fac1075000652c984

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      d12bba8a470cff04ee5c61038edc9c1bfcfbfc1232d7f76906ba3eb804218b9cc8d8d9a53c21536fbfc90a3369620219e1fb0f4ac0866ececc087496ef7a12a8

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Local\Microsoft\Windows Mail\edb.log

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      2.0MB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      bcace27bf2ac09003caeb522208ef3d7

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      bd067809c15609aaf118402f16215dbf5943a385

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      194010ae72b577dd5acbe6bf3f04a50d17e5c9f3422fe28f269e236531db8d16

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      b124dc8e6448630b93a29a5c28d7e02b8349d5530a3b8f0a4c00c3bd2388bd97cfc5cffbec05e8455936f6453ca055f75447c6bd1b4ca9acb83b87dbf32999c0

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Local\Microsoft\Windows Mail\edb.log

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      2.0MB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      8273169f6458f6a2140092fc93d060b0

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      c9e1afcfe0b7cd7750678f4e75f1e8106deca089

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      8f37dedadb27d370ea3a3e90a8eb5c2d9a146955c7b6f075624b22673ed7803f

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      61812f9bee36c61e366d4a3c967040d9bdee1db2fd870a27e942bb2f54a3b657e5809f892d160a3c52fad5b7f86cb645fb81a26ab834b912193622a6a083b98a

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      9KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      7050d5ae8acfbe560fa11073fef8185d

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      5bc38e77ff06785fe0aec5a345c4ccd15752560e

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      174B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      e0fd7e6b4853592ac9ac73df9d83783f

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      2834e77dfa1269ddad948b87d88887e84179594a

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      feea416e5e5c8aa81416b81fb25132d1c18b010b02663a253338dbdfb066e122

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      289de77ffbe328388ad080129b7460712985d42076e78a3a545124881c30f564c5ef8fb4024d98903d88a6a187c60431a600f6ecbbe2888ee69e40a67ce77b55

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\46IMXO38\googleapis.proxy[1].js

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      14KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      eab0dc82067fb5758a121009c7040231

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      8d869354f7a947ecc087b23868999bc53f77bdf7

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      9c77d6db3131248f92ae41075f189b4ecc2e51bcfdcca143719a83145f8ac070

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      280694c2a85a67cffb24deed946e46d7bf8f2c52194eee037f981ca25a58730974b5f0cdc74ce86e81c5d252362e6792eb0b38c8816b3bf6c096a58c6c84f1c4

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6COUL3QH\favicon-16x16[1].png

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      695B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      7fc6324199de70f7cb355c77347f0e1a

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      d94d173f3f5140c1754c16ac29361ac1968ba8e2

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      97d4556f7e8364fb3e0f0ccf58ab6614af002dfca4fe241095cf645a71df0949

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      09f44601fa449b1608eb3d338b68ea9fd5540f66ea4f3f21534e9a757355a6133ae8fb9b4544f943ca5c504e45a3431bf3f3d24de2302d0439d8a13a0f2d544f

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOQGZ03B\cb=gapi[1].js

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      77KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      7d8cbf3c10edeb25732380ab3a9485c6

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      dc6332379fa46051ae4884abaa785d2b71fb9daf

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      1b163608a38440e0853a40a67c2645f310d490a4be2dd556a258c642df2e57d7

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      ca6cbca85deb932d7e1cadf40967ee8de721fca1be990a879c5891c157a44e9db36683d5fcd0acb4ccca782b819dec74cea07f317811cfba9ea54091b88d58e4

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Local\Temp\7z4AE67C8C\Uninst.exe

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      14KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      ad782ffac62e14e2269bf1379bccbaae

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      9539773b550e902a35764574a2be2d05bc0d8afc

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      1c8a77db924ebeb952052334dc95add388700c02b073b07973cd8fe0a0a360b8

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      a1e9d6316ffc55f4751090961733e98c93b2a391666ff50b50e9dea39783746e501d14127e7ee9343926976d7e3cd224f13736530354d8466ea995dab35c8dc2

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Local\Temp\Guest.bmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      48KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      b0de08b6aada24cdd3458113d175f1a7

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      225797b52f320b3efb2643c55fe55ab3a5618ae9

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      40015814487b93a8372f33284d45586739a4a1e9d2b7961ab8c6d4d9561d10cb

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      fd59488e0223f49d66bb3ca7a70e74b7ca2052769f78790aee0682e0306f6e9421d28ab9a34487bd8934571cccb6798c98040b25934dfe1f0a13c7ca490ecbe2

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Local\Temp\RGI29DE.tmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      24KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      3006752a2bcfeda0f75d551ea656b2ef

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      b7198fc772be6d6261ed4e76aca3998e8f7a7bdb

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      dfd64231860c732dced3dc78627a7844a08d5d3e4cd253fd81186bae33cc368a

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      3fcfa7c8f46220852dc7efef5b29caba86825d0461a35559f26dbb2540c487b92059713f42fe1082a00a711d83216db012835673e1c54120ffa079e154950854

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Local\Temp\RGI2A7F.tmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      3KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      a828b8c496779bdb61fce06ba0d57c39

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      2c0c1f9bc98e29bf7df8117be2acaf9fd6640eda

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      c952f470a428d5d61ed52fb05c0143258687081e1ad13cfe6ff58037b375364d

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      effc846e66548bd914ad530e9074afbd104fea885237e9b0f0f566bd535996041ec49fb97f4c326d12d9c896390b0e76c019b3ace5ffeb29d71d1b48e83cbaea

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Local\Temp\Setup00000b24\OSETUP.DLL

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      5.5MB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      fcc38158c5d62a39e1ba79a29d532240

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      eca2d1e91c634bc8a4381239eb05f30803636c24

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      e51a5292a06674cdbbcea240084b65186aa1dd2bc3316f61ff433d9d9f542a74

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      0d224474a9358863e4bb8dacc48b219376d9cc89cea13f8d0c6f7b093dd420ceb185eb4d649e5bd5246758419d0531922b4f351df8ad580b3baa0fab88d89ec7

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Local\Temp\hehhe.bmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      31KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      dfd29f39029120433d3ac45d765b9dbd

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      d4768dbb61c2ea65d0b68dc65ba26c89f69d7f02

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      73430a7e7903a8bdfce675c5e13dd9e968b7e4e365f31fb1a6772f800d9b897a

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      7ddbb9c3b2d74ee974ff0df7e9638f5e7c11120062dcbe1e26da5c8bb99ab111ae3191a07a6f47242bc3d46b1bb3c8d7e53e3bf7dda734fc5ec00fdc417558e5

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Local\Temp\nsjD4FC.tmp\CityHash.dll

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      53KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      2021acc65fa998daa98131e20c4605be

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      2e8407cfe3b1a9d839ea391cfc423e8df8d8a390

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      c299a0a71bf57eb241868158b4fcfe839d15d5ba607e1bdc5499fdf67b334a14

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      cb96d3547bab778cbe94076be6765ed2ae07e183e4888d6c380f240b8c6708662a3b2b6b2294e38c48bc91bf2cc5fc7cfcd3afe63775151ba2fe34b06ce38948

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Local\Temp\nsjD4FC.tmp\ServicesHelper.dll

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      14KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      b9e8c2212ac8dae4b0eaf97c048529fa

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      331d172323480b0518abdb0cc9e256dc7f46c357

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      d6f6758adac2c073bec481e8de762af3a5574789bce3f43de02356afc9911e0f

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      d93aa032e27c8268a4f6883711cf41f7ee2b5d33673a26d78db24456f2c548af39b7b98ed4b4737245c278d524fffb3e4bf708b6815dc866acd371427ff6be96

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Local\Temp\nsjD4FC.tmp\System.dll

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      22KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      b361682fa5e6a1906e754cfa08aa8d90

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      c6701aee0c866565de1b7c1f81fd88da56b395d3

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      b711c4f17690421c9dc8ddb9ed5a9ddc539b3a28f11e19c851e25dcfc7701c04

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      2778f91c9bcf83277d26c71118a1ccb0fb3ce50e89729f14f4915bc65dd48503a77b1e5118ce774dea72f5ce3cc8681eb9ca3c55cf90e9f61a177101ba192ae9

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Local\Temp\nsjD4FC.tmp\UAC.dll

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      28KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      d23b256e9c12fe37d984bae5017c5f8c

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      fd698b58a563816b2260bbc50d7f864b33523121

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      ec6a56d981892bf251df1439bea425a5f6c7e1c7312d44bedd5e2957f270338c

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      13f284821324ffaeadafd3651f64d896186f47cf9a68735642cf37b37de777dba197067fbccd3a7411b5dc7976e510439253bd24c9be1d36c0a59d924c17ae8e

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Local\Temp\nsuD5D7.tmp\ApplicationID.dll

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      55KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      fdc0338e6faeaf6f7c271982e103473b

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      9a41f7932abe8be7e32c6371f085cf14de355d00

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      a9dad9fdaae93d10dc2ee346b231913445e731049554b8bb1506827e46f8a44e

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      a766eef11db4c94b1445d1cd70cf1d3b6141d6b3973562e9fa8d81c79195886b884dbc9b9f6952f8a6e8619534a6bf2d615d539d2cace9c8843dc19415051cc0

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Local\Temp\nsuD5D7.tmp\Banner.dll

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      14KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      2b3f617f22f70710aaf7f27efab15c40

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      66c2397748b46c0aa03f0de1d3b1ef0598512f7c

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      2393ee61dff10c520fea62b5d6dc1c3a559fcad55f5cf15b22e1f408692a35f8

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      69295601e8c20a97b512a99afec2609997b589d46a507b2738a6c974ee5b68bde0e56fce150ab1fc4355aa561e8125335378a9c648bbc533bc5b44de1b85b3e5

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Local\Temp\nsuD5D7.tmp\BitsUtils.dll

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      15KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      8dd17c172a24ebf9601308b949a9ea22

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      507e586c9f69ddc7e58442631efc44f3fe58089c

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      ab77c0a6c79e76ab0f509d655273b2ee5c682c702217f4f884bbab3d2fdfc4c0

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      7de5a35771ac8ead2e3096de29bdedd8e94696d35dc304388c1cff2a14bb264e389a576dae21aaf9cbac79de6c99606b61f1dc5f0ba35fd261b2f5553d389e59

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Local\Temp\nsuD5D7.tmp\InstallOptions.dll

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      25KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      fd249bc508706f04a18e0bc0afddec82

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      b94efda9f41c89fc6120ed385867125d03f28bea

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      c34f095e200db420ce9af5489c3e392be285e43c3f4c9fbe34686b1f0a1531ad

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      c820c06ad5ae21101602d9e7864fed9b470b25fa9a0ee025d05e72697d88c7e03cbee7ad476f4e3d5b6e467248b8ad1fefa2710c76011e2156b85068961404ba

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Local\Temp\nsuD5D7.tmp\ShellLink.dll

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      14KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      fa94d120efb029b43217c66bbc8c650c

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      1fcf2d76adf69b403b7400681ac91d50ed20385f

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      5f6f414b412c72b10f49eb92af1d368ede531b58fb200d539fd2b45e371612db

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      07ed0771d5bbb651ea7421a5f6b08fa234f9cc041315d9360a7135ba12180064fc99a27725385a8ecd3ceb25bed5c00de169f7dabb3ccf6e987f45254dff8158

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Local\Temp\nsuD5D7.tmp\ioSpecial.ini

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      818B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      7b067d56eeaaaa4e1331772929f1ed88

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      0b2c8947ed849bdf519c6003d807d0571b05d937

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      8572d9a412db0dcb0463abbfbe44e7866a99129bcb057badcaec8ff0e4047e3c

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      135bc05383b10cc446e45432e93861d6f347731a01ba696c314bb3e153aa40f27e66ad1de62f7cd1641fdc883ec69fef8489bb6d674e7253a5c3a8e3779e09a4

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Local\Temp\nsuD5D7.tmp\ioSpecial.ini

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      1KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      f7ec039deeba38e9a68a2f761b5c5d2d

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      27a6aaf4b782b8835a83fb1e2ac3ee6a926ea25c

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      58c89c8292e0a4c4019eab37e268691de3619ffe438e1d5ba11cbf13d304c3e7

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      59629997d8f52896688e933092da4563d5667198d36b3f197aafd2540e37eb6a536e9c85b1cbd32909b3f6fa584912b0c67f503dc623a84555c7ca594477c20f

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Local\Temp\nsuD5D7.tmp\ioSpecial.ini

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      1KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      1bfed254d058661293a619040b491748

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      38e2793fd34b1659b8612300b43b1fc2940347d0

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      f3d3e6b4725d47659ad99581fa188d1c546ef4f2917ee72962abfecc8d51f10e

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      30ef55223b0e91e385547d359b71452d08606a44b9e2ead598cabc8e2a478a2f395a666efb9fa1902f73f5a87bdaffd51f28cd8f50745b53e957aeb68ebd00fb

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Local\Temp\nsuD5D7.tmp\ioSpecial.ini

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      1KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      ec735849b809a4443f61b1aebe9d946d

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      4b7b3b5a7f39472e777c9b7a8d8ef4ff999aeb74

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      52d60bd4135d5f634f6868b27d18ccfa064c258565ade8a5ff3a476009aa27fe

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      3a99525d6a48d9ff265e3c3989458312ab968cdd160856f4f77440799458e1a396918cdff174dada759e38915c3bbb241d36815d695c7778d17d9c5648c61ab8

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Local\Temp\nsuD5D7.tmp\ioSpecial.ini

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      1KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      8f6c94936deb2c04a3dd912705bfb3bd

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      f633ce624000b8f2e83388a20723024c91a7f5a0

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      5fab9e63a106c693b1a3d23ea6c1ae5ce6d2855a4d522ddab4e5ea1032ed3b51

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      360403e52770a69b03c14168bd3f742ab709c940718c92009f567b52494570e52cebf9ca4f63e96f690d87fe44f16be3db3d5daee3652cfaa57d5debb40bb921

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Local\Temp\nsuD5D7.tmp\ioSpecial.ini

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      1KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      f3b6a8306906cecfe75232fde94e74ee

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      fadec33a32f85a723f198e02e0c3e56892c04e69

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      0da1e23b3240713362243822d813bbc2c8a62d1e6a0fdc5073d74dadd8fa5cb4

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      f30adfd902387cfdaa9fec4ebe0e3a7e6ba4558858046ab2105f1655902e3a0729032d8acaa2c2f89376ed1973c7c4e5bb9239b69a3c6bdb2d048040e558e3fc

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Local\Temp\nsuD5D7.tmp\ioSpecial.ini

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      1KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      571751c8158753f769c6953f3bd4b57c

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      2b8208fe51abfac9beefd3ca5ece8de03395ecfd

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      74864672f0f7baa094c4303b0f2ef9815666c54bbdae658a00e91fc01b8f25b6

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      0b47555af0c28807dad49c3b11066b5fa854c72fff66c8dd6e62ad31254fd95277828260e7eb6bc5005b2c91c05b6964fdf547a9a0d0fbd89f7014086f2cbd89

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Local\Temp\nsuD5D7.tmp\modern-header.bmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      25KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      d74f354a7dff27324b463404f4eec99b

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      c0cd9ec50ef163bb868f574db8ca97ccbaa109e4

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      bc08eabb8b11b7693ac5de4db4d787ae31fdc9f29f6020536c838793bb2d4438

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      09116cfc89e16c0cb104e13292976fe8cb97131f309228fd6488a13d2afff4b902ed490f12cb633be232654ceadaee00f23cbe6206677e61c0a9642c72486c4e

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Local\Temp\nsuD5D7.tmp\modern-wizard.bmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      150KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      49ff8ad8f51875597f3e919e8770c24c

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      1e840ce0f68281e312317bcbdbc10fdfcd3959c3

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      76da716588b8e51e36ee7a674cd873a8069e27fef73851d1e190face5a67fc66

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      dcf29bbef46b1bd8d9f6c6221955ab06da23bc6661c603c188ce34fed80984a3b6d2006ab38b49aa9d1908d714cc0f40e63b6230244e4d4a0c9baebbbda1ddb1

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Local\Temp\nsuD5D7.tmp\nsExec.dll

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      17KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      0e584c7120bd474c616013c58d51dc6b

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      0bc980892341b52985d92fb3d8fbb6be77951935

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      7fb626aa05bee1095633a75aeb7895ebd816a98e0aa1581a0154e4c196de5391

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      aa3a471b3f33c3ffdbe1b1e3c1e5d04367bcab3c16049396a8dd12c5a8317e4b153761f74f39b756dd4fb1806aedc4f1bb38bfbc12f16480eed3fd3087a0d157

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Local\Temp\nsuD5D7.tmp\unconfirm.ini

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      480B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      19313efd31f6576a8ce93ac026ffd896

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      4a4ea15e220c46df28bd5bfc8e6eb491e6b60355

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      822d328426d827c8fb8529cf17c548f57bf0873df3a4a2286977451c7ad5cc3a

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      7a4adc9534a9300f64a4f3fc86cd536f700c0e1b0e75cb5578ff422e24bd9f1ceab88e47d4bb088c624521220b1c2cbb1038c926f0b10583ad288e6ebf17226e

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Local\Temp\nsz1A37.tmp\LangDLL.dll

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      7KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      27cf377d1533f78135bb36ff36b6359f

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      8eda472e1cb83e67c1f118579ef01c1ad06d133a

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      998d77553254e5bd11a4826a2bdc8549d0e28e9199db799b919bc6d15f8b0694

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      f48e597f7d77bd03aa150927234a639c883d2937ee6b24a9f5bd13e70f2b609ae61301ef906ba2f5b047846d2f2818199f5bfb2457618709f2329bd5193d65c2

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Local\Temp\nsz1A37.tmp\System.dll

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      26KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      1fddcb352cab98f4bd46583dd6d71501

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      ef7bd2afa119945527fb9e2bdca6024e7622cf55

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      47e565ecd4e5523d6e4969f1108d6ba8894d2577b83e319fe4b53776a8ad5b5b

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      ab5e6c586801bc5ea8914b4bf42823d3a619990b32eecba39195370175a74e3984c9c87e6b01add2670796079f5fe2e44910340dafc9b4a4b2950fee14ed928f

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Local\Temp\nsz1A37.tmp\nsDialogs.dll

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      11KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      30dcc81f69c5d1790671c05be0e93ec1

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      9db43df563ed5144c0419534f47fad0af4c687c6

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      d43a3ac1b2ddd073c9d20f4391c212cf092c469fdae80a8a632f478205d58b2d

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      7b4019ef62840160c1b285214775a81074f14be4ed674a0dca11cca32a1b7156ef6aaadb85e96a4a34f52a89f473c7488a2116f9cadcb583286a1d352704411f

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Local\Temp\www2C73.tmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      134B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      873c8643cbbfb8ff63731bc25ac9b18c

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      043cbc1b31b9988d8041c3d01f71ce3393911f69

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      c4ad21379c11da7943c605eadb22f6fc6f54b49783466f8c1f3ad371eb167466

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      356b13b22b7b1717ded0ae1272b07f1839184e839132f3ab891b5d84421e375d4fc45158c291b46a933254f463c52d92574ce6b15c1402dfb00ee5d0a74c9943

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Local\Temp\www52F1.tmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      195B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      a1fd5255ed62e10721ac426cd139aa83

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      98a11bdd942bb66e9c829ae0685239212e966b9e

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      d3b6eea852bacee54fbf4f3d77c6ec6d198bd59258968528a0231589f01b32f4

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      51399b4eac1883f0e52279f6b9943d5a626de378105cadff2b3c17473edf0835d67437ae8e8d0e25e5d4b88f924fa3ac74d808123ec2b7f98eff1b248a1ab370

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Local\Temp\www52F2.tmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      216B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      2ce792bc1394673282b741a25d6148a2

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      5835c389ea0f0c1423fa26f98b84a875a11d19b1

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      992031e95ad1e0f4305479e8d132c1ff14ed0eb913da33f23c576cd89f14fa48

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      cdcc4d9967570018ec7dc3d825ff96b4817fecfbd424d30b74ba9ab6cc16cb035434f680b3d035f7959ceb0cc9e3c56f8dc78b06adb1dd2289930cc9acc87749

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Local\Temp\~DF0D138C59C8969204.TMP

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      16KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      f31ef58aaaec97af30bdaf2c575622c7

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      8ebd8d780c0b0c317f5e4258901898eae9bef7e4

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      5259b7449b8a6c334cd44709fe2cfffe9985043f7558e84d4096f1954fef8e5a

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      7ab019fe4b659f15fa59820dfc8a9f711c8b208f4f3c17fbf9123216da489c4471b9c0c07d76e86e10c84695c7626a48e1c200b92c5d6ad5c8edb6fbe560539b

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Local\Temp\~nsuA.tmp\Un_A.exe

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      228KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      5ba8b6e3a9d08a4fd4f71eed8cc56275

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      5bfd77c8ddbca1dd2d4e6a9e08a0d89b50a654d0

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      e202657abb97ac953185c97f0d4e3d3133fe760d8b8c4e97a2c53d94bb8d58e2

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      e8242d974ff4c103cc1af4d44e55070abca619dfbae0fe450fb2dbe165a0af629c5e010bc0cbc5d7a8d40a2c420aacb3857f4d410f65235da8099379458fe419

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Local\Temp\~nsuA.tmp\Un_B.exe

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      100KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      8d117f0cace088ed532bde151099bfef

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      1d27ba224308ab9dfa08d0b4c19dda4ab47d7e2c

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      3fbe674ede8c7099ba6c316e1e1562c6ebe1f3bbde96276d6676fe4309658c81

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      2560ebd7e040b9b7a3de60d16e00182f2b0fc0c0224125cd9bc6eff0fdcf23aa44c2683d7b1a39a16a5cf7f70cc5dfb84628cbfe6c2e6263e1d2936bf8723cd6

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      321B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      d5e535e4b017c0c5dda171adc1d399b3

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      180937b58f9a60f38012f72d574925b4a5d97da4

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      4b4f70069e2072c81219a465ffeaface0e912569c5efbdfd2e05155def3fe971

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      99cf1b5a44eb9fc9357f70560f10ef11ed977733635b105f9222c728094f23b10b643fee73f7a2cea90b5709ff0b0bd24e91e3ea8986deaac439a36b8e7687a7

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      1KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      1a255195e48185838d66e5094a7875b4

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      73774dbff1fcf5d2d1a570f8fd13466396331fc6

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      004efdc22f5bec06c63ed0441925927306612f922ba41ea698b0c6f68c8ee25a

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      bb86a0f2bf82c65db4b4cab178ca66bcb147bffc38b986fafcd2cc4dcae6ad89d3fe11b15a379f3414346d7ea53fafaf6bf7732c269b1bd6e161b36829d93203

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      1KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      47b2e1c4ddd5fa161f4e7314222d7a29

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      f8e0a57ad324aa0ce6eafcbee54361cfc3fac7a4

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      20b9ba1869ed5d109962522c7c9a09e2675c457edd780f3723d33f9b40475772

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      07c8e9fcc6441c45540ced17802aea9fc84197733cc13af77516813c3beb346ae2748445ae99318309cbdc2da8e69e622dd91e658b7e9ba27d424eae6f5acf1b

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      1KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      26d1196c058c2396610e31504074f7b5

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      38c6adf3bc2f3cea7c65def7f880b5aa1a437a8d

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      d7bd51e3a4ddd9c0c6db4ec5473906ee146a6c16438d537874028d8a8c30f8b8

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      e02f2caa771ba5bc6997d5011ead29edc06cb9aa061612e111108128941a102255f43206c545f317db58f0763d31e2b7e42dfea3ef02bfb969e0d9ce2c839987

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      82B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      1c61dc21f9b83172d65be1e94b79026f

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      7324473ddda64b87c299bf6e3b9e9aff53f7fd74

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      8e920d7893b682a049f6a5097f880d915dc2d7bf8bc87ae558cd7f14466d5d1b

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      9660cde4d7606826c2fb6623460a2a286339970256e677c8abf8189fd1d58e0284c024bbf5c0bf539189dafa3e8d5269c1e0f7e3717891f2ae4771634731bbd8

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      146B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      9a1b13fd914dd7054b83bc1760c99ab8

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      340c37602b11cd3cb9ae681d09bfc4c81f733742

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      7f0a9cc0be951d60d6c8e60d1a612bfa65fa390020d7c0c80f212ba2a47a4aa3

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      50d48a348c71fb9e89ab01e59fe599b692a1701f19d2c9de6ae09678e0a44ba95020b1989f9c776edcacacc5f2b2b348b0f31aa28c04850e69e47cda6dcaf88e

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      211B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      e5a8eb64419f6d85a1b7aed2152616c2

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      f5d94f8953bb235e35fccec0ea4f14ba69443081

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      5266b08d0c1bf229ec5eafdb6dae2a4849b6b394694d34033453cf8a379725a7

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      7c304bc842c81d3b5cff745d34b038a2a867063c65e502f4155439ba0642e8b0643f9b7254f74e85d5b150c134836b9e398a0dcb192550d97dfd431c3d93f1f6

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      3KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      7135f7ee163d5461bbfa422594517be4

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      045a82b46131ca4829b314334db0ccdd578cee37

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      0b0310ea07a0c3ba0013666d54282a04bb1131a339f5a6cb32cdd7d61131b875

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      8a65241bf2b3a330f88e4edd18c7c7158667666d099f0f7f5e423f0e384858e50cba598748e7db3de0d012db5f5c58700bd6f9e57550484bba0b3f7b55242a03

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      3KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      bc31d447a50c28675ec5acecd8b9de38

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      02c46601a0df47f9222acb0ea3f1901a11f62d44

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      c4db10df39313f3b28a1b515c3228c7cfc6df24bf9da905c1e294edfd1958ba1

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      9b910ae56be4987234bc9176c9b1e61a27bb0c152da27443c0bbd177fc18bcf9eac2891c85feb333d3528e5ea2c62ce84db6d544fe3a8470470f234d3329a1be

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      3KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      5b3cb03b21c9ac27e81bff6a3cb701fa

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      4ff2d865fd0495eb2045047b0e372f5218a6a391

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      79e11cedf1281c8b6bcab3c20c235242f3845758d3a589de28c3451bd4c21d0f

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      60c9b00f7e3bfd9e0f718e15a5517395ed60b6eeba119bb3c534394dd51e4d323ad41127d54850621c0de52e0f101862a55d859e482cc5f7ed4cba89850cf611

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      3KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      7a426dad9f1518ac8d25cdde4178e2c5

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      1a19a9099c5e0833eef6e31c6e3b24edc1662aa4

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      f0c5d2c4496a0b54663ae7eda0a0d97499c4d5edbb275f4db33f5df4d2e4a077

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      38348ecb316b0f01181ae4e4e8485238986cb27750dc25b73f186a8b6844ee9a9709bb35b947945e8b31652dbcd24950097e97451587094b1d79b76eaafd9fc4

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      3KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      f839a452743f295fe526ebd23a24c2d1

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      8569821ca0b2f6248c4bbed1dd8e437800033b7d

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      a7d4a44b62c141d3e1ecac2e20e469d03357d8719cca7a5121c814ea002b6507

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      49817cf9246f5d8675c34cb6bb7a6920400c26bd962e61da6912ab3660c3d3e570b36c6c3cb12ff1d5340cc973d6583b6e5f823bde0dfec28bf28fc8e75a32fd

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      3KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      74b1f8a7c6a760280b57b5228a183bff

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      077ccb8f0127dbf2d69d7c7404de8d4b1b696434

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      ca696aba6579f3bd957a8f8e7a268373321bee068cc53cd510d2e4dc5e14eadc

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      d752bfd14e497caaca8d13a3922fab2232c8991c25faa2da2ab1e734b5e1a70289507353014889b13c8371b314c513992e2f70bcb59e6f2706eeaccdb65363fc

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      3KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      a9de55c2270b90f4743c490318ad0636

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      007386d5b7bd347d10531fa6a4746e20f7b95bb7

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      222c79339da3fcef6ee29f12b24eb88fa15ba76ae9c794cd74d00942756fb84f

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      d89e4178d328c3cc00f44dc38f4773304d2d0abef6aed434d3288e3a930d2b456d909d9e07425e823710011d5383c0708a3f1f935e906447887c7707f58f4c5f

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      3KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      ad86b7eb7d80f4f439b070b8cb5826a5

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      d81e126f2359a0239b5e2b62d060687e9643ebfd

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      c2e8ebcdd21147c5560e8b6524e83be7fc58caf3f02e0a1c10dfdd34df111680

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      b665df568af0b734d77779c3483250166f850ffb7207f33891eb8b74a66bbf8baefde8087c4eabc8f05a1f865d2bbee77bb8aaf670a046fa9ea0cd7604d1246b

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      87B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      764bcd12f24f7fa8fa5887f720a19179

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      5c8348269c4161726f49fe257f0bf1d9179489dd

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      d3cdda5c91a4998c77a697056ab5b3f23f44483de31714d3a069e4a67055c518

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      581d7c9076f036482ea5b116fbc179e402f2264239c1f118af3fc9c2914eb23583b770f3d9e6f8d03c9017ee24a3d88873d547bb0d200017de72121c41dec160

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      151B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      0ff56a4620c3221ff64ec61a3a0d3033

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      3a45320be12b585dcdc5ab2af5ea1455b2c919a1

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      0b0a65accca705494739d03b6c2ea769c78cd0eee996bc95b0c6ebc0941f4b1a

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      962a340efeb6d18c85e5872997eebb83374e114be088689690ba438f0db8e2e4df6c24713a35cfaec518f58d5322cf9617638ea55ff279a9d161c4fdf9af74f6

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      274B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      453249f95d75eb5e450eb91fa755e1c8

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      3e200e187e8cd21d3d1976ea0f7356626254de18

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      01bef150c18e377a57843965d55f18f0b5cb3fa867c5ab30f1e67eacd6ece48a

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      6125ffc1ab457bc1ba957c78c2a89ca54060c1969c4a981acf71025a1d79760159816d5fc36e351429de3bb5820e755b9bc22386f3d6892bfdf3da67d86f157c

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5afe4de1b92fc382.customDestinations-ms

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      15KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      9a8927a516802f2b819ca74307688455

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      c9f471c9817cd47a779ce12c52a5dfc53d5e402d

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      31d1ac89c7afc2869a7cb15818472e31a647aa3185bd8b25a6e29a48a86b540c

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      98f6a9333fad20d537df8ef915135a69a970f680d11104a222c74cb96154fc5eb67cd75dd1523b510a1563950b57792c87fce074d9d06d1490e6dee83e9c7d31

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      432B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      f107d0270e21a2fe91099fdc15918d44

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      dabc2f24f4a4e90053743166e5c4175dcf2b2d2d

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      eb315c9d165b4916e3b00e4d148b53a6c03a2f0694a6a8821d98e76f935ca6a8

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      b5d51c0d6abe99121d4f4f1d236def4260b7d5c26c501d7735eba4f58e2597db0e89b2b1df16545e49fc39649806e5305efb912328541bdd31c01ff3d2bda49c

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      174B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      548b310fbc7a26d0b9da3a9f2d604a0c

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      1e20c38b721dff06faa8aa69a69e616c228736c1

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      be49aff1e82fddfc2ab9dfffcb7e7be100800e3653fd1d12b6f8fa6a0957fcac

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      fa5bb7ba547a370160828fe720e6021e7e3a6f3a0ce783d81071292739cef6cac418c4bc57b377b987e69d5f633c2bd97a71b7957338472c67756a02434d89f1

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      174B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      7f1698bab066b764a314a589d338daae

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      524abe4db03afef220a2cc96bf0428fd1b704342

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      cdb11958506a5ba5478e22ed472fa3ae422fe9916d674f290207e1fc29ae5a76

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      4f94ad0fe3df00838b288a0ef4c12d37e175c37cbf306bdb1336ff44d0e4d126cd545c636642c0e88d8c6b8258dc138a495f4d025b662f40a9977d409d6b5719

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      174B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      17d5d0735deaa1fb4b41a7c406763c0a

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      584e4be752bb0f1f01e1088000fdb80f88c6cae0

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      768b6fde6149d9ebbed1e339a72e8cc8c535e5c61d7c82752f7dff50923b7aed

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      a521e578903f33f9f4c3ebb51b6baa52c69435cb1f9cb2ce9db315a23d53345de4a75668096b14af83a867abc79e0afa1b12f719294ebba94da6ad1effc8b0a3

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      338B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      e4e50dfa455b2cbe356dffdf7aa1fcaf

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      c58be9d954b5e2dd0e5efa23a0a3d95ab8119205

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      9284bd835c20f5da3f76bc1d8c591f970a74e62a7925422858e5b9fbec08b927

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      bef1fad5d4b97a65fec8c350fe663a443bc3f7406c12184c79068f9a635f13f9127f89c893e7a807f1258b45c84c1a4fc98f6bd6902f7b72b02b6ffbc7e37169

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      2B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      f3b25701fe362ec84616a93a45ce9998

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      174B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      a2d31a04bc38eeac22fca3e30508ba47

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      9b7c7a42c831fcd77e77ade6d3d6f033f76893d2

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      8e00a24ae458effe00a55344f7f34189b4594613284745ff7d406856a196c531

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      ed8233d515d44f79431bb61a4df7d09f44d33ac09279d4a0028d11319d1f82fc923ebbc6c2d76ca6f48c0a90b6080aa2ea91ff043690cc1e3a15576cf62a39a6

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      627KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      da288dceaafd7c97f1b09c594eac7868

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      b433a6157cc21fc3258495928cd0ef4b487f99d3

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      6ea9f8468c76aa511a5b3cfc36fb212b86e7abd377f147042d2f25572bf206a2

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      9af8cb65ed6a46d4b3d673cea40809719772a7aaf4a165598dc850cd65afb6b156af1948aab80487404bb502a34bc2cce15c502c6526df2427756e2338626062

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\Contacts\desktop.ini

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      324B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      f91762a5493e05ed1cc04d4719221a3d

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      e75f6828d5114df44ad02dc439730c1144c556b2

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      ca57feeaedb6856dd479f4a0b836b2ca8b029c686ff0e38e7c80321f98004580

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      e978dd50edb80ebeee78e5e5100b3df83e65b1d83e575ccb01c2713b2e3e1b2c7e6b95fcf70fd3266adf78a5fc954c43bde16c1b37a260b7dfb9677f0218bcc4

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\Contacts\desktop.ini

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      412B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      449f2e76e519890a212814d96ce67d64

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      a316a38e1a8325bef6f68f18bc967b9aaa8b6ebd

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      48a6703a09f1197ee85208d5821032b77d20b3368c6b4de890c44fb482149cf7

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      c66521ed261dcbcc9062a81d4f19070216c6335d365bac96b64d3f6be73cd44cbfbd6f3441be606616d13017a8ab3c0e7a25d0caa211596e97a9f7f16681b738

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\Desktop\desktop.ini

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      282B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      9e36cc3537ee9ee1e3b10fa4e761045b

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      7726f55012e1e26cc762c9982e7c6c54ca7bb303

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      4b9d687ac625690fd026ed4b236dad1cac90ef69e7ad256cc42766a065b50026

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      5f92493c533d3add10b4ce2a364624817ebd10e32daa45ee16593e913073602db5e339430a3f7d2c44abf250e96ca4e679f1f09f8ca807d58a47cf3d5c9c3790

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\Documents\desktop.ini

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      174B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      c0d27ce20981388b3609d9d0cecbded3

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      314359c10e05a88a3e39029b4664272489bee81b

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      830a97fd09125e179c34f2da404dd7bf1da80329e33c639c2fde7ae705d62015

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      635365e3a1c5752f2dc09a0675a24b283eb6186db8a1ac8ec31b1c6ab1c3a4b943c437027707802cbd40df636de4c76c2a848f3a9ea34bfe5940e5795b17a199

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\Documents\desktop.ini

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      402B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      ecf88f261853fe08d58e2e903220da14

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      f72807a9e081906654ae196605e681d5938a2e6c

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      cafec240d998e4b6e92ad1329cd417e8e9cbd73157488889fd93a542de4a4844

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      82c1c3dd163fbf7111c7ef5043b009dafc320c0c5e088dec16c835352c5ffb7d03c5829f65a9ff1dc357bae97e8d2f9c3fc1e531fe193e84811fb8c62888a36b

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\Downloads\desktop.ini

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      282B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      3a37312509712d4e12d27240137ff377

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      30ced927e23b584725cf16351394175a6d2a9577

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      b029393ea7b7cf644fb1c9f984f57c1980077562ee2e15d0ffd049c4c48098d3

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      dbb9abe70f8a781d141a71651a62a3a743c71a75a8305e9d23af92f7307fb639dc4a85499115885e2a781b040cbb7613f582544c2d6de521e588531e9c294b05

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\Favorites\Links\Suggested Sites.url

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      129B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      2578ef0db08f1e1e7578068186a1be0f

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      87dca2f554fa51a98726f0a7a9ac0120be0c4572

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      bdc63d9fd191114227a6e0ac32aaf4de85b91fc602fcb8555c0f3816ac8620b3

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      b42be0e6f438362d107f0f3a7e4809753cf3491ab15145f9ffa4def413606243f4dfffc0449687bd1bb01c653e9339e26b97c286382743d14a2f0ed52e72f7ee

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\Favorites\Links\Suggested Sites.url

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      236B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      11cede0563d1d61930e433cd638d6419

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      366b26547292482b871404b33930cefca8810dbd

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      e3ab045d746a0821cfb0c34aee9f98ce658caab2c99841464c68d49ab2cd85d9

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      d9a4cdd3d3970d1f3812f7b5d21bb9ae1f1347d0ddfe079a1b5ef15ec1367778056b64b865b21dd52692134771655461760db75309c78dc6f372cc4d0ab7c752

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\Favorites\Links\Web Slice Gallery.url

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      206B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      c2858b664c882dcce6042c40041f6108

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      52eeaa0c7b9d17a8f56217f2ac912ba8fdc5041a

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      b4a6fb97b5e3f87bcd9fae49a9174e3f5b230a37767d7a70bf33d151702eff91

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      51522e67f426ba96495be5e7f8346e6bb32233a59810df2a3712ecd754a2b5d54d0049c8ea374bd4d20629500c3f68f40e4845f6bb236d6cca7d00da589b2260

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\Favorites\desktop.ini

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      174B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      1971d71c62ea75c4f433476600caa4f9

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      428e9b5498ba9746c123ebf3ffd86a14f73878f3

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      3f7e7774532126e2c175de962ce9d620471f4ac75463457e1b93ab615abd4de4

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      88667b670c3ffc78b442e0767ca0ea2c1409b8a2c5f18e69496831f7bfa7496e54843819fe725eda06de6deca9ba9dd769d4b5f3ade4126905ed3b1bb6f94422

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\Favorites\desktop.ini

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      402B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      881dfac93652edb0a8228029ba92d0f5

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      5b317253a63fecb167bf07befa05c5ed09c4ccea

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      a45e345556901cd98b9bf8700b2a263f1da2b2e53dbdf69b9e6cfab6e0bd3464

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      592b24deb837d6b82c692da781b8a69d9fa20bbaa3041d6c651839e72f45ac075a86cb967ea2df08fa0635ae28d6064a900f5d15180b9037bb8ba02f9e8e1810

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\Links\desktop.ini

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      174B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      a0937da2979e2c7350e48db916cac4be

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      acfa2bc3ffc65886ecf82ce2d7b997f132cf7927

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      11199cc268a92259c5a397a7559e56e84e03b48c792c51cef294405fd8f4e55e

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      6a9c642918203f089fdc11328bb2614eb5972a0fe666ffa93b00667b431bbad61a3833e2f1704e92fb5dfeec3c4895746990e8a69ea9da82010082ddf4dddeb1

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\Links\desktop.ini

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      282B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      98470d9bd7fba55a0c303065f9c4f9be

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      5303b190e29ba48332f7c90a832ef08af5a1953d

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      3830022d5d7ef2ae2ca0a2b6ad73f0d4716b49bf7eeeaa87b618988d531b7c72

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      134e072c3600bbb3c724c2700da399a14ba5b907153969362b3dbff32c480d39e7f5ecceebc9122a5a27265410557a16eb6bf82c9b635b90ef1fa0ae9efb849c

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\Links\desktop.ini

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      580B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      de8858093993987d123060097a2bad66

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      0a89e87ba46538cb73aff1a47e4dc0bcfb4760d5

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      4c0d757717dec80eca8c6cbbfdda4706eb38fbbb7624933d5429dafc7bb9f0ec

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      fa348ac4025b599f460cb831338ce010dde8fba87587a6d078d6d594a30fee87ed112e412078c10604553f326cc7bd7627ae93b0e3d8a60cfeda0720cad29f4c

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\Music\desktop.ini

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      504B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      06e8f7e6ddd666dbd323f7d9210f91ae

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      883ae527ee83ed9346cd82c33dfc0eb97298dc14

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      8301e344371b0753d547b429c5fe513908b1c9813144f08549563ac7f4d7da68

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      f7646f8dcd37019623d5540ad8e41cb285bcc04666391258dbf4c42873c4de46977a4939b091404d8d86f367cc31e36338757a776a632c7b5bf1c6f28e59ad98

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\Pictures\desktop.ini

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      504B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      29eae335b77f438e05594d86a6ca22ff

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      d62ccc830c249de6b6532381b4c16a5f17f95d89

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      88856962cef670c087eda4e07d8f78465beeabb6143b96bd90f884a80af925b4

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      5d2d05403b39675b9a751c8eed4f86be58cb12431afec56946581cb116b9ae1014ab9334082740be5b4de4a25e190fe76de071ef1b9074186781477919eb3c17

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\Saved Games\desktop.ini

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      174B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      dfb9f6037a6bc86b5aa6f224854a0cd2

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      499f866cccbb413ffd5b18f380d00c0529797f22

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      58047327df3fbbec7e816bd18057b9d0317f682c384eabb7e9a9d3e634502260

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      ea0dd50925937d1aecaa0a43b7d9d508e3bf1bba1fc4cc8645e3244aedae77fa50499655e6dfd72cad5d2c14d1fee47c35ccbf2df19c11a7466664989cbafa6d

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\Saved Games\desktop.ini

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      282B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      b441cf59b5a64f74ac3bed45be9fadfc

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      3da72a52e451a26ca9a35611fa8716044a7c0bbc

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      e6fdf8ed07b19b2a3b8eff05de7bc71152c85b377b9226f126dc54b58b930311

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      fdc26609a674d36f5307fa3f1c212da1f87a5c4cd463d861ce1bd2e614533f07d943510abed0c2edeb07a55f1dccff37db7e1f5456705372d5da8e12d83f0bb3

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\Searches\desktop.ini

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      278B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      8e11566270550c575d6d2c695c5a4b1f

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      ae9645fad2107b5899f354c9144a4dfc33b66f9e

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      1dc14736f6b0e9b68059324321acc14e156cd3a2890466a23bf7abf365d6c704

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      a9fc4b17d75f85ae64315ba94570cb5317b5510c655d3d5c8fb44091ea37f31e431e99ed5308252897bdd93c34e771bf80f456c4873ef0aa58ca9bbb2e5ff7e0

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\Searches\desktop.ini

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      524B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      089d48a11bff0df720f1079f5dc58a83

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      88f1c647378b5b22ebadb465dc80fcfd9e7b97c9

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      a9e8ad0792b546a4a8ce49eda82b327ad9581141312efec3ac6f2d3ad5a05f17

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      f0284a3cc46e9c23af22fec44ac7bbde0b72f5338260c402564242c3dd244f8f8ca71dd6ceabf6a2b539cacc85a204d9495f43c74f6876317ee8e808d4a60ed8

                                                                                                                                                                                                                                                                    • C:\Users\hehhe\Videos\desktop.ini

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      504B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      50a956778107a4272aae83c86ece77cb

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      10bce7ea45077c0baab055e0602eef787dba735e

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      b287b639f6edd612f414caf000c12ba0555adb3a2643230cbdd5af4053284978

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      d1df6bdc871cacbc776ac8152a76e331d2f1d905a50d9d358c7bf9ed7c5cbb510c9d52d6958b071e5bcba7c5117fc8f9729fe51724e82cc45f6b7b5afe5ed51a

                                                                                                                                                                                                                                                                    • C:\Windows\Installer\MSIDCA8.tmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      156KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      a44986470c4513447017ebf68fd2903b

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      d5816fd82873fc9b1b35131624daf70fb86c2e72

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      b75408cd4961060f0ebc89340d37fb94c42509c17d7540464f6a13e6a94c57c5

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      1b28e5f30049d8b50e1d4245b988a995a5901a250f8af3fea21a6b9155c7529ba6720784f7da0f63ad2be33b118c5a8f6c734939d8c49711d20486dd89ea0b84

                                                                                                                                                                                                                                                                    • C:\Windows\Installer\MSIE2EA.tmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      112KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      8f680e0f517d35bb14f984a7f197e35c

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      1ad84f7120c2712a32ef5aa82edde5b704eeb27f

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      030d6e3dadf9da76a1f5e15657cb7673265ea545402f181624cbf64a45e53805

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      dda5cec6042f2c255dcc814c5f19e7692beb07de9ab950bf817169d076b368cdfb268aff1b5b5caa12409058e015124206a9b87714133226b84d3eb5b850013a

                                                                                                                                                                                                                                                                    • C:\Windows\Installer\MSIE923.tmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      84KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      94ee5f4e1500435f1d8eba5a54c231ed

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      d8ab879fd681cdbf7cfab010523ab7c950b68e87

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      5fec0c3e5c0dafcb9950eb84e2b5e59a679877bd128bb9cf7290b47ed76f9495

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      10ea6ff3497d13b2f8e4f20e833297603f68f90ff42ac6224933d04aea8fd28365383b414acb513c155e032b642df33cd948ecb321bd337494de62a1b2f523a7

                                                                                                                                                                                                                                                                    • C:\Windows\Installer\MSIFB29.tmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      953KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      64a261a6056e5d2396e3eb6651134bee

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      32a34baf051b514f12b3e3733f70e608083500f9

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      15c1007015be7356e422050ed6fa39ba836d0dd7fbf1aa7d2b823e6754c442a0

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      d3f95e0c8b5d76b10b61b0ef1453f8d90af90f97848cad3cb22f73878a3c48ea0132ecc300bfb79d2801500d5390e5962fb86a853695d4f661b9ea9aae6b8be8

                                                                                                                                                                                                                                                                    • C:\Windows\Installer\f77f769.msi

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      60.9MB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      4b80c230492aedab6757f904167b4e17

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      ca169fc089c12341ac8a023e98e5f7d58a1d5d90

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      0d961da2bc9f0fe029c31beb616d5069b718abd7f494f28a86fc6ace8e4718ea

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      fcfbaa9c987bda1143f2596aca5bb3c04eebbb8ff7cacb9f855ef66d4c1b433a0a07c9694dcaff56f481df0234e8cc833e0c4b66aa52c2541db5fc562a741aca

                                                                                                                                                                                                                                                                    • C:\Windows\Installer\f77f76f.msi

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      1.0MB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      d7390d55b7462787b910a8db0744c1e0

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      b0c70c3ec91d92d51d52d4f205b5a261027ba80c

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      4a2f7d9d33e4ad643bf72722587f2b268d92dab3bb1d9bc56af316672e34728a

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      64f3837dd6099561ce9be97d6fae0b11f3f6cc08281f1a3266d5a6f3ca8baf13bbd780735ef62b449b577d62d086f942b48519671226c60f0e1480f9dbdde434

                                                                                                                                                                                                                                                                    • F:\$RECYCLE.BIN\S-1-5-21-2721934792-624042501-2768869379-1001\desktop.ini

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      129B

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      a526b9e7c716b3489d8cc062fbce4005

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      2df502a944ff721241be20a9e449d2acd07e0312

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      e1b9ce9b57957b1a0607a72a057d6b7a9b34ea60f3f8aa8f38a3af979bd23066

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      d83d4c656c96c3d1809ad06ce78fa09a77781461c99109e4b81d1a186fc533a7e72d65a4cb7edf689eeccda8f687a13d3276f1111a1e72f7c3cd92a49bce0f88

                                                                                                                                                                                                                                                                    • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      1.7MB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      dabd469bae99f6f2ada08cd2dd3139c3

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      6714e8be7937f7b1be5f7d9bef9cc9c6da0d9e9b

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      89acf7a60e1d3f2bd7804c0cd65f8c90d52606d2a66906c8f31dce2e0ea66606

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      9c5fd1c8f00c78a6f4fd77b75efae892d1cb6baa2e71d89389c659d7c6f8b827b99cecadb0d56c690dd7b26849c6f237af9db3d1a52ae8531d67635b5eff5915

                                                                                                                                                                                                                                                                    • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      97KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      da1d0cd400e0b6ad6415fd4d90f69666

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      de9083d2902906cacf57259cf581b1466400b799

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

                                                                                                                                                                                                                                                                    • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      1.2MB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      d795ef2a7b1d60d78cf3d4d083346a7c

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      68a623b6b821476e543ea8dadb02ee3a78c55762

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      c367e0f3b55b16ff6f167f19a3885b9dc7e9e34c0ccdf1df06af5ce7656bd61a

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      bbc4161586240074989c56c9abed3bb36cc68516f03a741438a07633c21343a2a3c2ce43d741f83096e28a541ffb58e56c348cf8ebaa3dc91ae8953bb72c1666

                                                                                                                                                                                                                                                                    • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      325KB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      c333af59fa9f0b12d1cd9f6bba111e3a

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      66ae1d42b2de0d620fe0b7cc6e1c718c6c579ed0

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      fad540071986c59ec40102c9ca9518a0ddce80cf39eb2fd476bb1a7a03d6eb34

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      2f7e2e53ba1cb9ff38e580da20d6004900494ff7b7ae0ced73c330fae95320cf0ab79278e7434272e469cb4ea2cbbd5198d2cd305dc4b75935e1ca686c6c7ff4

                                                                                                                                                                                                                                                                    • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      1.2MB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      a266e0ae1001da0023f9664afbcaee99

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      f943c180e5221a5943039c21b21f394dd99cbe14

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      819b9a02a788445ad6c4d8f38e05abe911e289e71e4d2c2e37923c9f66f576cf

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      525b8473b17732ba94942df63b0e43b26ee0157b137a1a39f52034b04ce686097e92ec8d9ea422acf02edc4385863c0179a6af73af01dfcfc1cb6d7c9dad1e7c

                                                                                                                                                                                                                                                                    • \Users\Admin\AppData\Local\Temp\jds259515104.tmp\jre-windows.exe

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      64.0MB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      96d622d62567def49ad8999324a66709

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      5a4749631631d97e9db816f5cca2392e69d0b7d9

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      953b06705f72bfffac774c41ceb359fe1d3f8a0c5d6a44f93597ce9c39399994

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      c2d350895f47c5164138d2e3befbeb0acda8097a7904a28d9ad9db70ea0aabb3ec54a476dcb2746a41308fb79616d810305c53f7e23a4856a3f9eb656896de0d

                                                                                                                                                                                                                                                                    • \Users\Admin\AppData\Local\Temp\jre-windows.exe

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      64.4MB

                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                      af1d24091758f1e02d51dc5f5297c932

                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                      dc3f98dded6c1f1e363db6752c512e01ac9433f3

                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                      e52a8d0337bae656b01cb76c03975ac3d75ac4984c028ba2a6531396dea6dddd

                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                      8d4264a6b17f7bbfd533b11ec30d7754a960a9f2fbef10c9977b620051c5538d8eb6080ea78e070904c7c52a6ce998736fad2037f6389ad4c5c0ce3f1d09e756

                                                                                                                                                                                                                                                                    • memory/800-6339-0x0000000000C30000-0x0000000000C8C000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      368KB

                                                                                                                                                                                                                                                                    • memory/800-6340-0x0000000000A70000-0x0000000000A9A000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      168KB

                                                                                                                                                                                                                                                                    • memory/800-6341-0x0000000000A70000-0x0000000000A9A000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      168KB

                                                                                                                                                                                                                                                                    • memory/800-6333-0x0000000000920000-0x000000000092A000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      40KB

                                                                                                                                                                                                                                                                    • memory/800-6336-0x0000000000C30000-0x0000000000C8C000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      368KB

                                                                                                                                                                                                                                                                    • memory/800-6337-0x0000000000C30000-0x0000000000C8C000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      368KB

                                                                                                                                                                                                                                                                    • memory/916-1937-0x0000000000E60000-0x0000000001249000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      3.9MB

                                                                                                                                                                                                                                                                    • memory/916-1866-0x0000000000E60000-0x0000000001249000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      3.9MB

                                                                                                                                                                                                                                                                    • memory/1196-3673-0x0000000000330000-0x0000000000331000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                                                    • memory/1196-3670-0x0000000000330000-0x0000000000331000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                                                    • memory/1532-1862-0x00000000031B0000-0x0000000003599000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      3.9MB

                                                                                                                                                                                                                                                                    • memory/1532-1863-0x00000000031B0000-0x0000000003599000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      3.9MB

                                                                                                                                                                                                                                                                    • memory/1532-1864-0x00000000031B0000-0x0000000003599000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      3.9MB

                                                                                                                                                                                                                                                                    • memory/1532-1865-0x00000000031B0000-0x0000000003599000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      3.9MB

                                                                                                                                                                                                                                                                    • memory/1644-3445-0x00000000002C0000-0x00000000002C1000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                                                    • memory/1644-3456-0x00000000002C0000-0x00000000002C1000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                                                    • memory/1644-3461-0x00000000002C0000-0x00000000002C1000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                                                    • memory/1644-3462-0x00000000002C0000-0x00000000002C1000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                                                    • memory/1644-3488-0x00000000002C0000-0x00000000002C1000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                                                    • memory/1644-3479-0x00000000002C0000-0x00000000002C1000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                                                    • memory/1848-3211-0x0000000000230000-0x0000000000231000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                                                    • memory/2272-3987-0x0000000000400000-0x0000000000417000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      92KB

                                                                                                                                                                                                                                                                    • memory/3480-3554-0x000007FFFFF80000-0x000007FFFFF90000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      64KB

                                                                                                                                                                                                                                                                    • memory/3604-1118-0x00000000034B0000-0x0000000003899000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      3.9MB

                                                                                                                                                                                                                                                                    • memory/3604-1107-0x00000000034B0000-0x0000000003899000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      3.9MB

                                                                                                                                                                                                                                                                    • memory/3604-1117-0x00000000034B0000-0x0000000003899000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      3.9MB

                                                                                                                                                                                                                                                                    • memory/3604-1116-0x00000000034B0000-0x0000000003899000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      3.9MB

                                                                                                                                                                                                                                                                    • memory/3684-4380-0x0000000000A60000-0x0000000000E49000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      3.9MB

                                                                                                                                                                                                                                                                    • memory/3684-1850-0x0000000000A60000-0x0000000000E49000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      3.9MB

                                                                                                                                                                                                                                                                    • memory/3684-3459-0x0000000000A60000-0x0000000000E49000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      3.9MB

                                                                                                                                                                                                                                                                    • memory/3684-1120-0x0000000000A60000-0x0000000000E49000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      3.9MB

                                                                                                                                                                                                                                                                    • memory/3684-1701-0x0000000010000000-0x0000000010051000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      324KB

                                                                                                                                                                                                                                                                    • memory/3684-1822-0x0000000002D90000-0x0000000002DA0000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      64KB

                                                                                                                                                                                                                                                                    • memory/3684-1821-0x0000000000A60000-0x0000000000E49000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      3.9MB

                                                                                                                                                                                                                                                                    • memory/3684-1857-0x0000000010000000-0x0000000010051000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      324KB

                                                                                                                                                                                                                                                                    • memory/3684-2479-0x0000000000A60000-0x0000000000E49000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      3.9MB

                                                                                                                                                                                                                                                                    • memory/3684-2508-0x0000000000A60000-0x0000000000E49000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      3.9MB

                                                                                                                                                                                                                                                                    • memory/3684-3796-0x0000000010000000-0x0000000010051000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      324KB

                                                                                                                                                                                                                                                                    • memory/3684-3795-0x0000000000A60000-0x0000000000E49000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      3.9MB

                                                                                                                                                                                                                                                                    • memory/3684-2982-0x0000000000A60000-0x0000000000E49000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      3.9MB

                                                                                                                                                                                                                                                                    • memory/3684-2509-0x0000000010000000-0x0000000010051000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      324KB

                                                                                                                                                                                                                                                                    • memory/3684-2511-0x0000000002D90000-0x0000000002DA0000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      64KB

                                                                                                                                                                                                                                                                    • memory/3776-3405-0x0000000000140000-0x0000000000141000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                                                    • memory/3776-3433-0x0000000000140000-0x0000000000141000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                                                    • memory/3776-3406-0x0000000000140000-0x0000000000141000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                                                    • memory/3776-3389-0x0000000000140000-0x0000000000141000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                                                    • memory/3776-3402-0x0000000000140000-0x0000000000141000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                                                    • memory/3792-6331-0x000000001C2A0000-0x000000001C2AA000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      40KB

                                                                                                                                                                                                                                                                    • memory/3792-6335-0x000000001E870000-0x000000001E87A000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      40KB

                                                                                                                                                                                                                                                                    • memory/3792-5914-0x000000001E870000-0x000000001E87A000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      40KB

                                                                                                                                                                                                                                                                    • memory/3792-5912-0x000000001E870000-0x000000001E87A000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      40KB

                                                                                                                                                                                                                                                                    • memory/3792-5913-0x000000001E870000-0x000000001E87A000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      40KB

                                                                                                                                                                                                                                                                    • memory/3792-5841-0x000000001C2A0000-0x000000001C2AA000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      40KB

                                                                                                                                                                                                                                                                    • memory/3792-5842-0x000000001C2A0000-0x000000001C2AA000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      40KB

                                                                                                                                                                                                                                                                    • memory/3792-6338-0x000000001E870000-0x000000001E87A000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      40KB

                                                                                                                                                                                                                                                                    • memory/3792-6334-0x000000001E870000-0x000000001E87A000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      40KB

                                                                                                                                                                                                                                                                    • memory/3792-6332-0x000000001C2A0000-0x000000001C2AA000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      40KB

                                                                                                                                                                                                                                                                    • memory/3984-4423-0x0000000000430000-0x0000000000431000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                                                    • memory/3984-5187-0x0000000000470000-0x000000000047A000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      40KB

                                                                                                                                                                                                                                                                    • memory/3984-5186-0x0000000000470000-0x000000000047A000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      40KB

                                                                                                                                                                                                                                                                    • memory/3984-4389-0x0000000000430000-0x0000000000431000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                                                    • memory/3984-4390-0x0000000000430000-0x0000000000431000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                                                    • memory/3984-4422-0x0000000000430000-0x0000000000431000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                                                    • memory/3984-4403-0x0000000000470000-0x000000000047A000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      40KB

                                                                                                                                                                                                                                                                    • memory/3984-4404-0x0000000000470000-0x000000000047A000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      40KB

                                                                                                                                                                                                                                                                    • memory/3984-4400-0x0000000000430000-0x0000000000431000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                                                    • memory/3984-6298-0x0000000000470000-0x0000000000472000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      8KB

                                                                                                                                                                                                                                                                    • memory/3996-3686-0x0000000000230000-0x0000000000231000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                                                    • memory/3996-3684-0x0000000000230000-0x0000000000231000-memory.dmp

                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                      4KB