Analysis Overview
SHA256
2e992e8dec38852aa826e898b601fc3591b982b10162475704f3394e4bc5f0a9
Threat Level: Known bad
The file FizzyCheat.rar was found to be: Known bad.
Malicious Activity Summary
Detect Xworm Payload
Xworm
Command and Scripting Interpreter: PowerShell
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Drops startup file
Looks up external IP address via web service
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
Enumerates physical storage devices
Program crash
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Creates scheduled task(s)
Modifies registry class
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Uses Task Scheduler COM API
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-30 22:35
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-30 22:35
Reported
2024-05-30 22:38
Platform
win7-20231129-en
Max time kernel
138s
Max time network
123s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_Classes\Local Settings | C:\Windows\system32\rundll32.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2364 wrote to memory of 2256 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\rundll32.exe |
| PID 2364 wrote to memory of 2256 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\rundll32.exe |
| PID 2364 wrote to memory of 2256 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\rundll32.exe |
| PID 2256 wrote to memory of 2664 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files\VideoLAN\VLC\vlc.exe |
| PID 2256 wrote to memory of 2664 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files\VideoLAN\VLC\vlc.exe |
| PID 2256 wrote to memory of 2664 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files\VideoLAN\VLC\vlc.exe |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\FizzyCheat.rar
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\FizzyCheat.rar
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\FizzyCheat.rar"
Network
Files
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini
| MD5 | 74b9fb954e75a22593c8af07b109012a |
| SHA1 | 44e339cc361f8948084b4c296ecddd92716d118a |
| SHA256 | 6f1335919add21929992f0120305ea905400729a04bb616b66f04454ea143afb |
| SHA512 | 2a4c5abd0373dde5d6c501e9039e95bd8e166eff766fa875d4108961be7a7ecfef9feba11997e24de1358b69dd3d5c338a6f126cff7293e19840a362dbd74e2d |
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini.lock
| MD5 | 2a4006ee7a5e9862693c9ca25470a226 |
| SHA1 | 3f19ab02ed708349ce5f7e347a6d120237c02d20 |
| SHA256 | 59938d1e769636ae0411c56d03b5af228f9b14e6bef2d33e4c1793468e3dd797 |
| SHA512 | 64e078acacb9137395ffc78213b035ad4ca583137fcd15beadfba505b90ba70ced94339f9410aef33d1fbef00982facacb9b2bcc758d9e6c6c1e730b4a2c5d2b |
memory/2664-92-0x000007FEFB510000-0x000007FEFB544000-memory.dmp
memory/2664-91-0x000000013F2E0000-0x000000013F3D8000-memory.dmp
memory/2664-94-0x000007FEFB810000-0x000007FEFB828000-memory.dmp
memory/2664-96-0x000007FEF7BF0000-0x000007FEF7C01000-memory.dmp
memory/2664-95-0x000007FEFB610000-0x000007FEFB627000-memory.dmp
memory/2664-98-0x000007FEF7BB0000-0x000007FEF7BC1000-memory.dmp
memory/2664-97-0x000007FEF7BD0000-0x000007FEF7BE7000-memory.dmp
memory/2664-99-0x000007FEF7B90000-0x000007FEF7BAD000-memory.dmp
memory/2664-100-0x000007FEF7B70000-0x000007FEF7B81000-memory.dmp
memory/2664-93-0x000007FEF63C0000-0x000007FEF6674000-memory.dmp
memory/2664-118-0x000007FEF4FE0000-0x000007FEF5004000-memory.dmp
memory/2664-115-0x000007FEF6D20000-0x000007FEF6D31000-memory.dmp
memory/2664-122-0x000007FEF4F50000-0x000007FEF4F62000-memory.dmp
memory/2664-101-0x000007FEF5310000-0x000007FEF63BB000-memory.dmp
memory/2664-121-0x000007FEF4F70000-0x000007FEF4F81000-memory.dmp
memory/2664-120-0x000007FEF4F90000-0x000007FEF4FB3000-memory.dmp
memory/2664-119-0x000007FEF4FC0000-0x000007FEF4FD7000-memory.dmp
memory/2664-117-0x000007FEF5010000-0x000007FEF5038000-memory.dmp
memory/2664-116-0x000007FEF5040000-0x000007FEF5096000-memory.dmp
memory/2664-114-0x000007FEF50A0000-0x000007FEF510F000-memory.dmp
memory/2664-113-0x000007FEF6920000-0x000007FEF6987000-memory.dmp
memory/2664-112-0x000007FEF6D40000-0x000007FEF6D70000-memory.dmp
memory/2664-111-0x000007FEF6D70000-0x000007FEF6D88000-memory.dmp
memory/2664-110-0x000007FEF6F50000-0x000007FEF6F61000-memory.dmp
memory/2664-109-0x000007FEF7950000-0x000007FEF796B000-memory.dmp
memory/2664-108-0x000007FEF7970000-0x000007FEF7981000-memory.dmp
memory/2664-107-0x000007FEF7990000-0x000007FEF79A1000-memory.dmp
memory/2664-106-0x000007FEF79B0000-0x000007FEF79C1000-memory.dmp
memory/2664-105-0x000007FEF7B10000-0x000007FEF7B28000-memory.dmp
memory/2664-104-0x000007FEF79D0000-0x000007FEF79F1000-memory.dmp
memory/2664-103-0x000007FEF7B30000-0x000007FEF7B6F000-memory.dmp
memory/2664-102-0x000007FEF5110000-0x000007FEF5310000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-30 22:35
Reported
2024-05-30 22:38
Platform
win10v2004-20240226-en
Max time kernel
131s
Max time network
132s
Command Line
Signatures
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Xworm
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\FizzyLoader\pngquant.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Steam.lnk | C:\Users\Admin\Desktop\FizzyLoader\pngquant.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Steam.lnk | C:\Users\Admin\Desktop\FizzyLoader\pngquant.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\FizzyLoader\.FizzyLoader..exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\FizzyLoader\jre\bin\javaw.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\FizzyLoader\.FizzyLoader..exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\FizzyLoader\jre\bin\javaw.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\FizzyLoader\pngquant.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\FizzyLoader\pngquant.exe | N/A |
Loads dropped DLL
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Steam = "C:\\Users\\Admin\\AppData\\Local\\Steam.exe" | C:\Users\Admin\Desktop\FizzyLoader\pngquant.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\WWAHost.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\WWAHost.exe |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\schtasks.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\FizzyLoader\pngquant.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\FizzyLoader\pngquant.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Desktop\FizzyLoader\pngquant.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Desktop\FizzyLoader\pngquant.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Desktop\FizzyLoader\pngquant.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\FizzyLoader\jre\bin\javaw.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\FizzyLoader\jre\bin\javaw.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\FizzyLoader\jre\bin\javaw.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\FizzyLoader\jre\bin\javaw.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\FizzyLoader\pngquant.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\FizzyCheat.rar
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\FizzyCheat.rar"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1420 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Desktop\FizzyLoader\.FizzyLoader..exe
"C:\Users\Admin\Desktop\FizzyLoader\.FizzyLoader..exe"
C:\Users\Admin\Desktop\FizzyLoader\jre\bin\javaw.exe
"C:\Users\Admin\Desktop\FizzyLoader\jre\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "lib\.;lib\..;lib\asm-all.jar;lib\dn-compiled-module.jar;lib\dn-php-sdk.jar;lib\gson.jar;lib\jfoenix.jar;lib\jphp-app-framework.jar;lib\jphp-core.jar;lib\jphp-desktop-ext.jar;lib\jphp-gui-ext.jar;lib\jphp-gui-jfoenix-ext.jar;lib\jphp-json-ext.jar;lib\jphp-runtime.jar;lib\jphp-xml-ext.jar;lib\jphp-zend-ext.jar" org.develnext.jphp.ext.javafx.FXLauncher
C:\Users\Admin\Desktop\FizzyLoader\.FizzyLoader..exe
"C:\Users\Admin\Desktop\FizzyLoader\.FizzyLoader..exe"
C:\Users\Admin\Desktop\FizzyLoader\jre\bin\javaw.exe
"C:\Users\Admin\Desktop\FizzyLoader\jre\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "lib\.;lib\..;lib\asm-all.jar;lib\dn-compiled-module.jar;lib\dn-php-sdk.jar;lib\gson.jar;lib\jfoenix.jar;lib\jphp-app-framework.jar;lib\jphp-core.jar;lib\jphp-desktop-ext.jar;lib\jphp-gui-ext.jar;lib\jphp-gui-jfoenix-ext.jar;lib\jphp-json-ext.jar;lib\jphp-runtime.jar;lib\jphp-xml-ext.jar;lib\jphp-zend-ext.jar" org.develnext.jphp.ext.javafx.FXLauncher
C:\Users\Admin\Desktop\FizzyLoader\pngquant.exe
pngquant.exe
C:\Users\Admin\Desktop\FizzyLoader\pngquant.exe
pngquant.exe
C:\Windows\SysWOW64\WWAHost.exe
WWAHost.exe
C:\Windows\SysWOW64\WWAHost.exe
WWAHost.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 1628 -ip 1628
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 2040 -ip 2040
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 400
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 396
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\Desktop\FizzyLoader\pngquant.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'pngquant.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Steam.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Steam.exe'
C:\Windows\System32\schtasks.exe
"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "Steam" /tr "C:\Users\Admin\AppData\Local\Steam.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| GB | 172.217.169.10:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | 10.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | 1.112.95.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pastebin.com | udp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| US | 8.8.8.8:53 | 235.4.20.104.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\7zE4A26D608\FizzyLoader\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif
| MD5 | 1e9d8f133a442da6b0c74d49bc84a341 |
| SHA1 | 259edc45b4569427e8319895a444f4295d54348f |
| SHA256 | 1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b |
| SHA512 | 63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37 |
C:\Users\Admin\Desktop\FizzyLoader\.FizzyLoader..exe
| MD5 | 0b65f0386ba941b6b611c06e5fc13bc9 |
| SHA1 | 2b14f00ea554baa5f77c764078bd3f6e5f196178 |
| SHA256 | b240d620b5fcd62182a16433c4990014d0a67e3a096838c0e6b2d849140b3199 |
| SHA512 | 211e93004a447bde01f0f8d9426c05026b6acb2ced055166a2e2a551d93d62d8a96173efdb99617bb200234d00d76207a5321f5b442fb087aa75097b1801fd1c |
C:\Users\Admin\Desktop\FizzyLoader\jre\bin\javaw.exe
| MD5 | 48c96771106dbdd5d42bba3772e4b414 |
| SHA1 | e84749b99eb491e40a62ed2e92e4d7a790d09273 |
| SHA256 | a96d26428942065411b1b32811afd4c5557c21f1d9430f3696aa2ba4c4ac5f22 |
| SHA512 | 9f891c787eb8ceed30a4e16d8e54208fa9b19f72eeec55b9f12d30dc8b63e5a798a16b1ccc8cea3e986191822c4d37aedb556e534d2eb24e4a02259555d56a2c |
memory/2556-473-0x0000000000400000-0x0000000000457000-memory.dmp
C:\Users\Admin\Desktop\FizzyLoader\jre\lib\i386\jvm.cfg
| MD5 | 9fd47c1a487b79a12e90e7506469477b |
| SHA1 | 7814df0ff2ea1827c75dcd73844ca7f025998cc6 |
| SHA256 | a73aea3074360cf62adedc0c82bc9c0c36c6a777c70da6c544d0fba7b2d8529e |
| SHA512 | 97b9d4c68ac4b534f86efa9af947763ee61aee6086581d96cbf7b3dbd6fd5d9db4b4d16772dce6f347b44085cef8a6ea3bfd3b84fbd9d4ef763cef39255fbce3 |
C:\Users\Admin\Desktop\FizzyLoader\jre\bin\client\jvm.dll
| MD5 | 39c302fe0781e5af6d007e55f509606a |
| SHA1 | 23690a52e8c6578de6a7980bb78aae69d0f31780 |
| SHA256 | b1fbdbb1e4c692b34d3b9f28f8188fc6105b05d311c266d59aa5e5ec531966bc |
| SHA512 | 67f91a75e16c02ca245233b820df985bd8290a2a50480dff4b2fd2695e3cf0b4534eb1bf0d357d0b14f15ce8bd13c82d2748b5edd9cc38dc9e713f5dc383ed77 |
C:\Users\Admin\Desktop\FizzyLoader\jre\bin\msvcr100.dll
| MD5 | bf38660a9125935658cfa3e53fdc7d65 |
| SHA1 | 0b51fb415ec89848f339f8989d323bea722bfd70 |
| SHA256 | 60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa |
| SHA512 | 25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1 |
C:\Users\Admin\Desktop\FizzyLoader\jre\bin\java.dll
| MD5 | 73bd0b62b158c5a8d0ce92064600620d |
| SHA1 | 63c74250c17f75fe6356b649c484ad5936c3e871 |
| SHA256 | e7b870deb08bc864fa7fd4dec67cef15896fe802fafb3009e1b7724625d7da30 |
| SHA512 | eba1cf977365446b35740471882c5209773a313de653404a8d603245417d32a4e9f23e3b6cd85721143d2f9a0e46ed330c3d8ba8c24aee390d137f9b5cd68d8f |
C:\Users\Admin\Desktop\FizzyLoader\jre\bin\verify.dll
| MD5 | de2167a880207bbf7464bcd1f8bc8657 |
| SHA1 | 0ff7a5ea29c0364a1162a090dffc13d29bc3d3c7 |
| SHA256 | fd856ea783ad60215ce2f920fcb6bb4e416562d3c037c06d047f1ec103cd10b3 |
| SHA512 | bb83377c5cff6117cec6fbadf6d40989ce1ee3f37e4ceba17562a59ea903d8962091146e2aa5cc44cfdddf280da7928001eea98abf0c0942d69819b2433f1322 |
C:\Users\Admin\Desktop\FizzyLoader\jre\lib\meta-index
| MD5 | 91aa6ea7320140f30379f758d626e59d |
| SHA1 | 3be2febe28723b1033ccdaa110eaf59bbd6d1f96 |
| SHA256 | 4af21954cdf398d1eae795b6886ca2581dac9f2f1d41c98c6ed9b5dbc3e3c1d4 |
| SHA512 | 03428803f1d644d89eb4c0dcbdea93acaac366d35fc1356ccabf83473f4fef7924edb771e44c721103cec22d94a179f092d1bfd1c0a62130f076eb82a826d7cb |
C:\Users\Admin\Desktop\FizzyLoader\jre\bin\zip.dll
| MD5 | cb99b83bbc19cd0e1c2ec6031d0a80bc |
| SHA1 | 927e1e24fd19f9ca8b5191ef3cc746b74ab68bcd |
| SHA256 | 68148243e3a03a3a1aaf4637f054993cb174c04f6bd77894fe84d74af5833bec |
| SHA512 | 29c4978fa56f15025355ce26a52bdf8197b8d8073a441425df3dfc93c7d80d36755cc05b6485dd2e1f168df2941315f883960b81368e742c4ea8e69dd82fa2ba |
C:\Users\Admin\Desktop\FizzyLoader\jre\lib\ext\meta-index
| MD5 | 77abe2551c7a5931b70f78962ac5a3c7 |
| SHA1 | a8bb53a505d7002def70c7a8788b9a2ea8a1d7bc |
| SHA256 | c557f0c9053301703798e01dc0f65e290b0ae69075fb49fcc0e68c14b21d87f4 |
| SHA512 | 9fe671380335804d4416e26c1e00cded200687db484f770ebbdb8631a9c769f0a449c661cb38f49c41463e822beb5248e69fd63562c3d8c508154c5d64421935 |
C:\Users\Admin\Desktop\FizzyLoader\lib\asm-all.jar
| MD5 | f5ad16c7f0338b541978b0430d51dc83 |
| SHA1 | 2ea49e08b876bbd33e0a7ce75c8f371d29e1f10a |
| SHA256 | 7fbffbc1db3422e2101689fd88df8384b15817b52b9b2b267b9f6d2511dc198d |
| SHA512 | 82e6749f4a6956f5b8dd5a5596ca170a1b7ff4e551714b56a293e6b8c7b092cbec2bec9dc0d9503404deb8f175cbb1ded2e856c6bc829411c8ed311c1861336a |
C:\Users\Admin\Desktop\FizzyLoader\lib\gson.jar
| MD5 | 5134a2350f58890ffb9db0b40047195d |
| SHA1 | 751f548c85fa49f330cecbb1875893f971b33c4e |
| SHA256 | 2d43eb5ea9e133d2ee2405cc14f5ee08951b8361302fdd93494a3a997b508d32 |
| SHA512 | c3cdaf66a99e6336abc80ff23374f6b62ac95ab2ae874c9075805e91d849b18e3f620cc202b4978fc92b73d98de96089c8714b1dd096b2ae1958cfa085715f7a |
C:\Users\Admin\Desktop\FizzyLoader\lib\jfoenix.jar
| MD5 | 6316f84bc78d40b138dab1adc978ca5d |
| SHA1 | b12ea05331ad89a9b09937367ebc20421f17b9ff |
| SHA256 | d637e3326f87a173abd5f51ac98906a3237b9e511d07d31d6aafcf43f33dac17 |
| SHA512 | 1cdca01ed9c2bc607207c8c51f4b532f4153e94b3846308332eccae25f9c5fddf8279e3063f44a75dd43d696eab0f9f340f9bf2f3ec805ab0f2f1de5135a426c |
C:\Users\Admin\Desktop\FizzyLoader\lib\jphp-gui-ext.jar
| MD5 | 6696368a09c7f8fed4ea92c4e5238cee |
| SHA1 | f89c282e557d1207afd7158b82721c3d425736a7 |
| SHA256 | c25d7a7b8f0715729bccb817e345f0fdd668dd4799c8dab1a4db3d6a37e7e3e4 |
| SHA512 | 0ab24f07f956e3cdcd9d09c3aa4677ff60b70d7a48e7179a02e4ff9c0d2c7a1fc51624c3c8a5d892644e9f36f84f7aaf4aa6d2c9e1c291c88b3cff7568d54f76 |
C:\Users\Admin\Desktop\FizzyLoader\lib\jphp-desktop-ext.jar
| MD5 | b50e2c75f5f0e1094e997de8a2a2d0ca |
| SHA1 | d789eb689c091536ea6a01764bada387841264cb |
| SHA256 | cf4068ebb5ecd47adec92afba943aea4eb2fee40871330d064b69770cccb9e23 |
| SHA512 | 57d8ac613805edada6aeba7b55417fd7d41c93913c56c4c2c1a8e8a28bbb7a05aade6e02b70a798a078dc3c747967da242c6922b342209874f3caf7312670cb0 |
C:\Users\Admin\Desktop\FizzyLoader\lib\jphp-core.jar
| MD5 | 7e5e3d6d352025bd7f093c2d7f9b21ab |
| SHA1 | ad9bfc2c3d70c574d34a752c5d0ebcc43a046c57 |
| SHA256 | 5b37e8ff2850a4cbb02f9f02391e9f07285b4e0667f7e4b2d4515b78e699735a |
| SHA512 | c19c29f8ad8b6beb3eed40ab7dc343468a4ca75d49f1d0d4ea0b4a5cee33f745893fba764d35c8bd157f7842268e0716b1eb4b8b26dcf888fb3b3f4314844aad |
C:\Users\Admin\Desktop\FizzyLoader\lib\jphp-app-framework.jar
| MD5 | 0c8768cdeb3e894798f80465e0219c05 |
| SHA1 | c4da07ac93e4e547748ecc26b633d3db5b81ce47 |
| SHA256 | 15f36830124fc7389e312cf228b952024a8ce8601bf5c4df806bc395d47db669 |
| SHA512 | 35db507a3918093b529547e991ab6c1643a96258fc95ba1ea7665ff762b0b8abb1ef732b3854663a947effe505be667bd2609ffcccb6409a66df605f971da106 |
C:\Users\Admin\Desktop\FizzyLoader\lib\dn-php-sdk.jar
| MD5 | 3e5e8cccff7ff343cbfe22588e569256 |
| SHA1 | 66756daa182672bff27e453eed585325d8cc2a7a |
| SHA256 | 0f26584763ef1c5ec07d1f310f0b6504bc17732f04e37f4eb101338803be0dc4 |
| SHA512 | 8ea5f31e25c3c48ee21c51abe9146ee2a270d603788ec47176c16acac15dad608eef4fa8ca0f34a1bbc6475c29e348bd62b0328e73d2e1071aaa745818867522 |
C:\Users\Admin\Desktop\FizzyLoader\lib\dn-compiled-module.jar
| MD5 | 20c17a402fb2bd39771b085d6e8b3f97 |
| SHA1 | 02afdab2fbad65ab2c667ff6e9a7832e4c7aa693 |
| SHA256 | e4a417ee30442d3d3dfdcf8aea00114468a0872a72976b3148985c8453c60080 |
| SHA512 | f27aa90a4958f1feafbaa816d4e2c6fa27da670b447fc5f54f07ec4750270137c4c13503eed5cc6ff0933dc7e96a9bada54ba99732ccf93447ecc82685dbf6ae |
C:\Users\Admin\Desktop\FizzyLoader\lib\jphp-runtime.jar
| MD5 | d5ef47c915bef65a63d364f5cf7cd467 |
| SHA1 | f711f3846e144dddbfb31597c0c165ba8adf8d6b |
| SHA256 | 9c287472408857301594f8f7bda108457f6fdae6e25c87ec88dbf3012e5a98b6 |
| SHA512 | 04aeb956bfcd3bd23b540f9ad2d4110bb2ffd25fe899152c4b2e782daa23a676df9507078ecf1bfc409ddfbe2858ab4c4c324f431e45d8234e13905eb192bae8 |
C:\Users\Admin\Desktop\FizzyLoader\jre\lib\ext\jfxrt.jar
| MD5 | 042b3675517d6a637b95014523b1fd7d |
| SHA1 | 82161caf5f0a4112686e4889a9e207c7ba62a880 |
| SHA256 | a570f20f8410f9b1b7e093957bf0ae53cae4731afaea624339aa2a897a635f22 |
| SHA512 | 7672d0b50a92e854d3bd3724d01084cc10a90678b768e9a627baf761993e56a0c6c62c19155649fe9a8ceeabf845d86cbbb606554872ae789018a8b66e5a2b35 |
C:\Users\Admin\Desktop\FizzyLoader\lib\jphp-json-ext.jar
| MD5 | fde38932b12fc063451af6613d4470cc |
| SHA1 | bc08c114681a3afc05fb8c0470776c3eae2eefeb |
| SHA256 | 9967ea3c3d1aee8db5a723f714fba38d2fc26d8553435ab0e1d4e123cd211830 |
| SHA512 | 0f211f81101ced5fff466f2aab0e6c807bb18b23bc4928fe664c60653c99fa81b34edf5835fcc3affb34b0df1fa61c73a621df41355e4d82131f94fcc0b0e839 |
C:\Users\Admin\Desktop\FizzyLoader\lib\jphp-gui-jfoenix-ext.jar
| MD5 | d093f94c050d5900795de8149cb84817 |
| SHA1 | 54058dda5c9e66a22074590072c8a48559bba1fb |
| SHA256 | 4bec0794a0d69debe2f955bf495ea7c0858ad84cb0d2d549cacb82e70c060cba |
| SHA512 | 3faaa415fba5745298981014d0042e8e01850fccaac22f92469765fd8c56b920da877ff3138a629242d9c52e270e7e2ce89e7c69f6902859f48ea0359842e2fb |
memory/1708-530-0x0000000002440000-0x0000000002441000-memory.dmp
C:\Users\Admin\Desktop\FizzyLoader\lib\jphp-xml-ext.jar
| MD5 | 0a79304556a1289aa9e6213f574f3b08 |
| SHA1 | 7ee3bde3b1777bf65d4f62ce33295556223a26cd |
| SHA256 | 434e57fffc7df0b725c1d95cabafdcdb83858ccb3e5e728a74d3cf33a0ca9c79 |
| SHA512 | 1560703d0c162d73c99cef9e8ddc050362e45209cc8dea6a34a49e2b6f99aae462eae27ba026bdb29433952b6696896bb96998a0f6ac0a3c1dbbb2f6ebc26a7e |
C:\Users\Admin\Desktop\FizzyLoader\lib\jphp-zend-ext.jar
| MD5 | 4bc2aea7281e27bc91566377d0ed1897 |
| SHA1 | d02d897e8a8aca58e3635c009a16d595a5649d44 |
| SHA256 | 4aef566bbf3f0b56769a0c45275ebbf7894e9ddb54430c9db2874124b7cea288 |
| SHA512 | da35bb2f67bca7527dc94e5a99a162180b2701ddca2c688d9e0be69876aca7c48f192d0f03d431ccd2d8eec55e0e681322b4f15eba4db29ef5557316e8e51e10 |
C:\Users\Admin\Desktop\FizzyLoader\jre\lib\currency.data
| MD5 | f6258230b51220609a60aa6ba70d68f3 |
| SHA1 | b5b95dd1ddcd3a433db14976e3b7f92664043536 |
| SHA256 | 22458853da2415f7775652a7f57bb6665f83a9ae9fb8bd3cf05e29aac24c8441 |
| SHA512 | b2dfcfdebf9596f2bb05f021a24335f1eb2a094dca02b2d7dd1b7c871d5eecda7d50da7943b9f85edb5e92d9be6b6adfd24673ce816df3960e4d68c7f894563f |
memory/1708-547-0x0000000002440000-0x0000000002441000-memory.dmp
C:\Users\Admin\Desktop\FizzyLoader\jre\lib\security\java.security
| MD5 | 409c132fe4ea4abe9e5eb5a48a385b61 |
| SHA1 | 446d68298be43eb657934552d656fa9ae240f2a2 |
| SHA256 | 4d9e5a12b8cac8b36ecd88468b1c4018bc83c97eb467141901f90358d146a583 |
| SHA512 | 7fed286ac9aed03e2dae24c3864edbbf812b65965c7173cc56ce622179eb5f872f77116275e96e1d52d1c58d3cdebe4e82b540b968e95d5da656aa74ad17400d |
C:\Users\Admin\Desktop\FizzyLoader\jre\lib\jsse.jar
| MD5 | fd1434c81219c385f30b07e33cef9f30 |
| SHA1 | 0b5ee897864c8605ef69f66dfe1e15729cfcbc59 |
| SHA256 | bc3a736e08e68ace28c68b0621dccfb76c1063bd28d7bd8fce7b20e7b7526cc5 |
| SHA512 | 9a778a3843744f1fabad960aa22880d37c30b1cab29e123170d853c9469dc54a81e81a9070e1de1bf63ba527c332bb2b1f1d872907f3bdce33a6898a02fef22d |
C:\Users\Admin\Desktop\FizzyLoader\jre\bin\net.dll
| MD5 | 691b937a898271ee2cffab20518b310b |
| SHA1 | abedfcd32c3022326bc593ab392dea433fcf667c |
| SHA256 | 2f5f1199d277850a009458edb5202688c26dd993f68fe86ca1b946dc74a36d61 |
| SHA512 | 1c09f4e35a75b336170f64b5c7254a51461dc1997b5862b62208063c6cf84a7cb2d66a67e947cbbf27e1cf34ccd68ba4e91c71c236104070ef3beb85570213ec |
C:\Users\Admin\Desktop\FizzyLoader\jre\bin\nio.dll
| MD5 | 95edb3cb2e2333c146a4dd489ce67cbd |
| SHA1 | 79013586a6e65e2e1f80e5caf9e2aa15b7363f9a |
| SHA256 | 96cf590bddfd90086476e012d9f48a9a696efc054852ef626b43d6d62e72af31 |
| SHA512 | ab671f1bce915d748ee49518cc2a666a2715b329cab4ab8f6b9a975c99c146bb095f7a4284cd2aaf4a5b4fcf4f939f54853af3b3acc4205f89ed2ba8a33bb553 |
C:\Users\Admin\Desktop\FizzyLoader\jre\lib\tzdb.dat
| MD5 | 5a7f416bd764e4a0c2deb976b1d04b7b |
| SHA1 | e12754541a58d7687deda517cdda14b897ff4400 |
| SHA256 | a636afa5edba8aa0944836793537d9c5b5ca0091ccc3741fc0823edae8697c9d |
| SHA512 | 3ab2ad86832b98f8e5e1ce1c1b3ffefa3c3d00b592eb1858e4a10fff88d1a74da81ad24c7ec82615c398192f976a1c15358fce9451aa0af9e65fb566731d6d8f |
C:\Users\Admin\Desktop\FizzyLoader\jre\lib\tzmappings
| MD5 | b8dd8953b143685b5e91abeb13ff24f0 |
| SHA1 | b5ceb39061fce39bb9d7a0176049a6e2600c419c |
| SHA256 | 3d49b3f2761c70f15057da48abe35a59b43d91fa4922be137c0022851b1ca272 |
| SHA512 | c9cd0eb1ba203c170f8196cbab1aaa067bcc86f2e52d0baf979aad370edf9f773e19f430777a5a1c66efe1ec3046f9bc82165acce3e3d1b8ae5879bd92f09c90 |
C:\Users\Admin\Desktop\FizzyLoader\jre\lib\resources.jar
| MD5 | 9a084b91667e7437574236cd27b7c688 |
| SHA1 | d8926cc4aa12d6fe9abe64c8c3cb8bc0f594c5b1 |
| SHA256 | a1366a75454fc0f1ca5a14ea03b4927bb8584d6d5b402dfa453122ae16dbf22d |
| SHA512 | d603aa29e1f6eefff4b15c7ebc8a0fa18e090d2e1147d56fd80581c7404ee1cb9d6972fcf2bd0cb24926b3af4dfc5be9bce1fe018681f22a38adaa278bf22d73 |
memory/1708-578-0x0000000002440000-0x0000000002441000-memory.dmp
C:\Users\Admin\Desktop\FizzyLoader\jre\bin\msvcr120.dll
| MD5 | 034ccadc1c073e4216e9466b720f9849 |
| SHA1 | f19e9d8317161edc7d3e963cc0fc46bd5e4a55a1 |
| SHA256 | 86e39b5995af0e042fcdaa85fe2aefd7c9ddc7ad65e6327bd5e7058bc3ab615f |
| SHA512 | 5f11ef92d936669ee834a5cef5c7d0e7703bf05d03dc4f09b9dcfe048d7d5adfaab6a9c7f42e8080a5e9aad44a35f39f3940d5cca20623d9cafe373c635570f7 |
C:\Users\Admin\Desktop\FizzyLoader\jre\bin\msvcp120.dll
| MD5 | fd5cabbe52272bd76007b68186ebaf00 |
| SHA1 | efd1e306c1092c17f6944cc6bf9a1bfad4d14613 |
| SHA256 | 87c42ca155473e4e71857d03497c8cbc28fa8ff7f2c8d72e8a1f39b71078f608 |
| SHA512 | 1563c8257d85274267089cd4aeac0884a2a300ff17f84bdb64d567300543aa9cd57101d8408d0077b01a600ddf2e804f7890902c2590af103d2c53ff03d9e4a5 |
memory/1708-610-0x0000000002440000-0x0000000002441000-memory.dmp
C:\Users\Admin\Desktop\FizzyLoader\jre\bin\prism_d3d.dll
| MD5 | 5aadadf700c7771f208dda7ce60de120 |
| SHA1 | e9cf7e7d1790dc63a58106c416944fd6717363a5 |
| SHA256 | 89dac9792c884b70055566564aa12a8626c3aa127a89303730e66aba3c045f79 |
| SHA512 | 624431a908c2a835f980391a869623ee1fa1f5a1a41f3ee08040e6395b8c11734f76fe401c4b9415f2055e46f60a7f9f2ac0a674604e5743ab8301dbadf279f2 |
memory/1708-613-0x0000000002440000-0x0000000002441000-memory.dmp
memory/1708-617-0x0000000002440000-0x0000000002441000-memory.dmp
C:\Users\Admin\Desktop\FizzyLoader\jre\bin\glass.dll
| MD5 | 434cbb561d7f326bbeffa2271ecc1446 |
| SHA1 | 3d9639f6da2bc8ac5a536c150474b659d0177207 |
| SHA256 | 1edd9022c10c27bbba2ad843310458edaead37a9767c6fc8fddaaf1adfcbc143 |
| SHA512 | 9e37b985ecf0b2fef262f183c1cd26d437c8c7be97aa4ec4cd8c75c044336cc69a56a4614ea6d33dc252fe0da8e1bbadc193ff61b87be5dce6610525f321b6dc |
memory/2792-623-0x0000000000400000-0x0000000000457000-memory.dmp
memory/1708-640-0x0000000002440000-0x0000000002441000-memory.dmp
memory/1708-639-0x0000000002440000-0x0000000002441000-memory.dmp
C:\Users\Admin\.oracle_jre_usage\b120ffeccee68964.timestamp
| MD5 | 6c101f0308ffc0a0b8a9c8b1d045ebff |
| SHA1 | 9275af0b9c4c5a3c69dfa0da6d9a04a5b0d68309 |
| SHA256 | 1f75fed211fc299d1f4da3acc7b34a3e4a7ad8b4bd6ba18c707121e571932b60 |
| SHA512 | 858180925d46c657c7bee7a1ddde0e2f14631aef41687ddd453333af40f72c7ff870fda354fbcdbafbd4ed9de006e99d821d370405c8a8a7a581048857aa5892 |
C:\Users\Admin\Desktop\FizzyLoader\jre\bin\javafx_font.dll
| MD5 | aeada06201bb8f5416d5f934aaa29c87 |
| SHA1 | 35bb59febe946fb869e5da6500ab3c32985d3930 |
| SHA256 | f8f0b1e283fd94bd87abca162e41afb36da219386b87b0f6a7e880e99073bda3 |
| SHA512 | 89bad9d1115d030b98e49469275872fff52d8e394fe3f240282696cf31bccf0b87ff5a0e9a697a05befcfe9b24772d65ed73c5dbd168eed111700caad5808a78 |
C:\Users\Admin\Desktop\FizzyLoader\jre\bin\awt.dll
| MD5 | 159ccf1200c422ced5407fed35f7e37d |
| SHA1 | 177a216b71c9902e254c0a9908fcb46e8d5801a9 |
| SHA256 | 30eb581c99c8bcbc54012aa5e6084b6ef4fcee5d9968e9cc51f5734449e1ff49 |
| SHA512 | ab3f4e3851313391b5b8055e4d526963c38c4403fa74fb70750cc6a2d5108e63a0e600978fa14a7201c48e1afd718a1c6823d091c90d77b17562b7a4c8c40365 |
C:\Users\Admin\Desktop\FizzyLoader\jre\lib\accessibility.properties
| MD5 | 9e5e954bc0e625a69a0a430e80dcf724 |
| SHA1 | c29c1f37a2148b50a343db1a4aa9eb0512f80749 |
| SHA256 | a46372b05ce9f40f5d5a775c90d7aa60687cd91aaa7374c499f0221229bf344e |
| SHA512 | 18a8277a872fb9e070a1980eee3ddd096ed0bba755db9b57409983c1d5a860e9cbd3b67e66ff47852fe12324b84d4984e2f13859f65fabe2ff175725898f1b67 |
memory/4332-863-0x00000000007F0000-0x0000000000802000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_03imos2f.bbw.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/2652-982-0x00000265F0040000-0x00000265F0062000-memory.dmp
C:\Users\Admin\AppData\Local\Steam.exe
| MD5 | 6570c2748e36a6849d7560c21b289834 |
| SHA1 | 7a57e5f4d0d4d34b15a1658bd8e7aa7c7ec19efc |
| SHA256 | 942f214b27507cd041d46f034403e5b6db0ff9867b4c5ec287f019dcd83d3fc3 |
| SHA512 | f0d9d3ac74228bb5332372d4508a582248c1b1549273a626a3e70b577d18d898c3955fec5fff0382a70dcec251a1db1289ad61d8a1fd6d853f85b3d0ca65dae9 |