Analysis Overview
SHA256
0d50bc931f04f543272690f3ad41312ed0bf4cd7dcb1ebb0fa48e3629a97b484
Threat Level: Likely malicious
The file b560f2513d6e0e4228616bc91e664351_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
UPX packed file
Executes dropped EXE
Loads dropped DLL
Writes to the Master Boot Record (MBR)
Adds Run key to start application
Checks installed software on the system
Drops file in Program Files directory
Enumerates physical storage devices
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-16 21:51
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-16 21:51
Reported
2024-06-16 21:53
Platform
win7-20240508-en
Max time kernel
122s
Max time network
122s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-1LLDH.tmp\b560f2513d6e0e4228616bc91e664351_JaffaCakes118.tmp | N/A |
Loads dropped DLL
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1576 wrote to memory of 836 | N/A | C:\Users\Admin\AppData\Local\Temp\b560f2513d6e0e4228616bc91e664351_JaffaCakes118.exe | C:\Users\Admin\AppData\Local\Temp\is-1LLDH.tmp\b560f2513d6e0e4228616bc91e664351_JaffaCakes118.tmp |
| PID 1576 wrote to memory of 836 | N/A | C:\Users\Admin\AppData\Local\Temp\b560f2513d6e0e4228616bc91e664351_JaffaCakes118.exe | C:\Users\Admin\AppData\Local\Temp\is-1LLDH.tmp\b560f2513d6e0e4228616bc91e664351_JaffaCakes118.tmp |
| PID 1576 wrote to memory of 836 | N/A | C:\Users\Admin\AppData\Local\Temp\b560f2513d6e0e4228616bc91e664351_JaffaCakes118.exe | C:\Users\Admin\AppData\Local\Temp\is-1LLDH.tmp\b560f2513d6e0e4228616bc91e664351_JaffaCakes118.tmp |
| PID 1576 wrote to memory of 836 | N/A | C:\Users\Admin\AppData\Local\Temp\b560f2513d6e0e4228616bc91e664351_JaffaCakes118.exe | C:\Users\Admin\AppData\Local\Temp\is-1LLDH.tmp\b560f2513d6e0e4228616bc91e664351_JaffaCakes118.tmp |
Processes
C:\Users\Admin\AppData\Local\Temp\b560f2513d6e0e4228616bc91e664351_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\b560f2513d6e0e4228616bc91e664351_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\is-1LLDH.tmp\b560f2513d6e0e4228616bc91e664351_JaffaCakes118.tmp
"C:\Users\Admin\AppData\Local\Temp\is-1LLDH.tmp\b560f2513d6e0e4228616bc91e664351_JaffaCakes118.tmp" /SL5="$4010A,213638,73216,C:\Users\Admin\AppData\Local\Temp\b560f2513d6e0e4228616bc91e664351_JaffaCakes118.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | int.dpool.sina.com.cn | udp |
| US | 8.8.8.8:53 | pv.sohu.com | udp |
Files
memory/1576-0-0x0000000000400000-0x0000000000419000-memory.dmp
memory/1576-2-0x0000000000401000-0x000000000040B000-memory.dmp
\Users\Admin\AppData\Local\Temp\is-1LLDH.tmp\b560f2513d6e0e4228616bc91e664351_JaffaCakes118.tmp
| MD5 | 2b09adc70955ec218148f31cc1eec881 |
| SHA1 | 24c3e753024a214add140dcad3c36fca713cbf56 |
| SHA256 | edb4a838aadcf5e596ca0d10cf401eb049028c19691f74240b713ca8d6a4bc1a |
| SHA512 | a53109a31140387af1d214e665c6d19df7b90fa6ba78ae549cd61ec36a06e497172d967a7b816b19d371dd6d8b9c18454aa1ab3c31a4df875cb1448f0da3af82 |
\Users\Admin\AppData\Local\Temp\is-I4I9L.tmp\_isetup\_shfoldr.dll
| MD5 | 92dc6ef532fbb4a5c3201469a5b5eb63 |
| SHA1 | 3e89ff837147c16b4e41c30d6c796374e0b8e62c |
| SHA256 | 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87 |
| SHA512 | 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3 |
memory/836-14-0x0000000000400000-0x00000000004C3000-memory.dmp
\Users\Admin\AppData\Local\Temp\is-I4I9L.tmp\_isetup\_isdecmp.dll
| MD5 | a813d18268affd4763dde940246dc7e5 |
| SHA1 | c7366e1fd925c17cc6068001bd38eaef5b42852f |
| SHA256 | e19781aabe466dd8779cb9c8fa41bbb73375447066bb34e876cf388a6ed63c64 |
| SHA512 | b310ed4cd2e94381c00a6a370fcb7cc867ebe425d705b69caaaaffdafbab91f72d357966916053e72e68ecf712f2af7585500c58bb53ec3e1d539179fcb45fb4 |
\Users\Admin\AppData\Local\Temp\is-I4I9L.tmp\CommonDll.dll
| MD5 | 3e5947c9ab62f5bf81efd6a17ac0811c |
| SHA1 | c959a3d2fec987b851ecc0025efcac1c9df2cae6 |
| SHA256 | 78ec700152441266670d7062f12ba99da4933e1134d1e748d74df198f3a427fe |
| SHA512 | bc7e631a16dc5bae5b25b431affab9f8fa7d341e8b2a734e67ffd58939d7e2eb97115f99128367bf841d73c2f9ae8cddf32c37f60fcc94bdd852eef8794a604f |
memory/1576-23-0x0000000000400000-0x0000000000419000-memory.dmp
memory/836-24-0x0000000000400000-0x00000000004C3000-memory.dmp
memory/836-27-0x0000000000400000-0x00000000004C3000-memory.dmp
memory/1576-29-0x0000000000400000-0x0000000000419000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-16 21:51
Reported
2024-06-16 21:53
Platform
win10v2004-20240611-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-1TCDP.tmp\b560f2513d6e0e4228616bc91e664351_JaffaCakes118.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Rising\RSD\popwndexe.exe | N/A |
Loads dropped DLL
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\RSDTRAY = "\"C:\\Program Files (x86)\\Rising\\RSD\\popwndexe.exe\"" | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
Checks installed software on the system
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Rising\RSD\Backup\RAV\CLOUDV3\Cloudv3.dll | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Rising\RSD\Backup\RAV\CLOUDV3\CLOUDV3.xml | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File created | C:\Program Files (x86)\Rising\RSD\update.xml | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File created | C:\Program Files (x86)\Rising\RSD\Backup\RAV\MONBASEDUI\rssrv.dll | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File created | C:\Program Files (x86)\Rising\RSD\Backup\RAV\RAVBASE\rstask.xml | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File created | C:\Program Files (x86)\Rising\RSD\Backup\RAV\RAVBASE\rspalvd.dll | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File created | C:\Program Files (x86)\Rising\RSD\Backup\RAV\RAVBASE\RAVBASE.xml | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Rising\RSD\Backup\RAV\RAVBASE\RAVBASE.xml | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File created | C:\Program Files (x86)\Rising\RSD\Backup\RSD\RSSetup\RsMgrSvc.exe | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Rising\RSD\Backup\RSD\RSSetup\rsdinfo.dll | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File created | C:\Program Files (x86)\Rising\RSD\Backup\RSD\RSSetup\RSD936\CHS.lag | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File created | C:\Program Files (x86)\Rising\RSD\Backup\RAV\MSCRT9\MSCRT9.xml | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File created | C:\Program Files (x86)\Rising\RSD\Backup\RAV\RSDK\dfw.dll | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File created | C:\Program Files (x86)\Rising\RSD\Backup\RAV\RAVBASE\pngdll.dll | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File created | C:\Program Files (x86)\Rising\RSD\Backup\RAV\CLOUDV3\dataups.dat | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Rising\RSD\Backup\RAV\RSMONDEF\selfmon.dll | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Rising\RSD\Backup\RSD\RSSetup\update.xml | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File created | C:\Program Files (x86)\Rising\RSD\RsAppMgr.dll | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File created | C:\Program Files (x86)\Rising\RSD\popwndexe.exe | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Rising\RSD\Backup\RAV\MSCRT9\Microsoft.VC90.ATL.manifest | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Rising\RSD\Backup\RAV\RAVMON\mond.xml | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File created | C:\Program Files (x86)\Rising\RSD\Backup\RAV\RSMONDEF\antipromotionmon.dll | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Rising\RSD\Backup\RAV\RSMONDEF\RSMONDEF.xml | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Rising\RSD\Backup\RSD\RSSetup\RSD950\CHT.lag | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Rising\RSD\rsdk.dll | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Rising\RSD\Backup\RAV\HOOKBASE\HOOKBASE.xml | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Rising\RSD\Backup\RAV\RAVBASE\LogDc.bmp | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Rising\RSD\Backup\RAV\RAVBASE\rspalvd.dll | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Rising\RSD\Backup\RAV\RAVCONFIG\ravcfg.xml | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Rising\RSD\Backup\RAV\RSMONDEF\x64\adefmon.mond | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Rising\RSD\Backup\RSD\RSSetup\rslang.dll | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Rising\RSD\updater.exe | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Rising\RSD\comx3.dll | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Rising\RSD\Backup\RAV\HOOKBASE\sysmon_if.dll | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File created | C:\Program Files (x86)\Rising\RSD\Backup\RAV\MONBASEDUI\rscombas.dll | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File created | C:\Program Files (x86)\Rising\RSD\Backup\RAV\MSCRT9\msvcp90.dll | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File created | C:\Program Files (x86)\Rising\RSD\Backup\RAV\RAVCONFIG\mergexml.dll | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File created | C:\Program Files (x86)\Rising\RSD\Backup\RAV\RSCOMM\rssqlite.dll | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File created | C:\Program Files (x86)\Rising\RSD\updater.exe | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File created | C:\Program Files (x86)\Rising\RSD\comx3.dll | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Rising\RSD\rsdinfo.dll | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Rising\RSD\rsmginfo.dll | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Rising\RSD\Backup\RAV\_RAV\_RAV.xml | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Rising\RSD\Backup\RAV\RSMONDEF\monrule.dll | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File created | C:\Program Files (x86)\Rising\RSD\rslang.dll | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File created | C:\Program Files (x86)\Rising\RSD\Backup\RAV\RSDK\rsxml3w.dll | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File created | C:\Program Files (x86)\Rising\RSD\Backup\RAV\RSCOMM\RsBaseNetWrapper.dll | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Rising\RAV\NetConfig.ini | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File created | C:\Program Files (x86)\Rising\RSD\Backup\RAV\CLOUDV3\cloudstore.dll | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File opened for modification | C:\Program Files (x86)\RsTest.ini | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Rising\RSD\setup.dat | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File created | C:\Program Files (x86)\Rising\RSD\RSD1252\Eng.lag | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File created | C:\Program Files (x86)\Rising\RSD\Backup\RAV\RAVBASE\RsSmall.bmp | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File created | C:\Program Files (x86)\Rising\RSD\Backup\RAV\RAVBASE\repairmanager.mond | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File created | C:\Program Files (x86)\Rising\RSD\Backup\RAV\RSMONDEF\x64\adefmon.mond | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Rising\RSD\rslang.dll | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Rising\RSD\syslay.dll | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File created | C:\Program Files (x86)\Rising\RSD\rsdk.dll | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File created | C:\Program Files (x86)\Rising\RSD\Backup\RAV\CLOUDQRY\cloudqry.dll | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File created | C:\Program Files (x86)\Rising\RSD\Backup\RAV\HOOKBASE\kguard.sys | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File created | C:\Program Files (x86)\Rising\RSD\Backup\RAV\RAVDEFDB\uprsuser.dat | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File created | C:\Program Files (x86)\Rising\RSD\setup.dat | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File created | C:\Program Files (x86)\Rising\RSD\Backup\RAV\RSCFG\RSCFG.xml | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Rising\RSD\Backup\RAV\CLOUDQRY\cloudnet.dll | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC3909C5-DC79-47e5-86CA-7FB5C041A37C}\Title = "ZYRUzFjKl8K88N/Dl5mk2tOPzA==" | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC3909C5-DC79-47e5-86CA-7FB5C041A37C}\ravmonexe = "ZYRUzFjKLVMaWgAfOxwJTwoW" | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC3909C5-DC79-47e5-86CA-7FB5C041A37C}\monShowName = "ZYRUzFjKDVMaFzwULUQFVApr" | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC3909C5-DC79-47e5-86CA-7FB5C041A37C}\rstrayexe = "ZYRUzFjKLUEYRQ4IcVcUUno=" | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F1CF8F61-AB1D-11d4-ABBD-0050BACEC828} | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC3909C5-DC79-47e5-86CA-7FB5C041A37C} | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAA2D3B1-4BB5-4a45-A17A-122773379D99}\ProcID = "{CF4A3D2C-5352-123C-3030-303133067200}" | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F1CF8F61-AB1D-11d4-ABBD-0050BACEC828}\RzNBMlVLLUswUDBORC1MMEVGU1UtRkg1MzAw | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F1CF8F61-AB1D-11d4-ABBD-0050BACEC828}\RzNBMlVLLUswUDBORC1MMEVGU1UtRkg1MzAw\ProcInfo = "1718574716" | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC3909C5-DC79-47e5-86CA-7FB5C041A37C}\RAV = "ZYRUzFjKDXM63g==" | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC3909C5-DC79-47e5-86CA-7FB5C041A37C}\InstallPath = "ZYRUzFjKemI-eCgjHn8ofj1UA2AFRAYfOG4-djk/" | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC3909C5-DC79-47e5-86CA-7FB5C041A37C}\regtray = "ZYRUzFjKDVMaYz0wBls=" | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAA2D3B1-4BB5-4a45-A17A-122773379D99} | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F1CF8F61-AB1D-11d4-ABBD-0050BACEC828}\RzNBMlVLLUswUDBORC1MMEVGU1UtRkg1MzAw\ProcKind = "5" | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F1CF8F61-AB1D-11d4-ABBD-0050BACEC828}\RzNBMlVLLUswUDBORC1MMEVGU1UtRkg1MzAw\ProcDll = "1750197116" | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F1CF8F61-AB1D-11d4-ABBD-0050BACEC828}\ProcKey = "RzNBMlVLLUswUDBORC1MMEVGU1UtRkg1MzAw" | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC3909C5-DC79-47e5-86CA-7FB5C041A37C}\monServerName = "ZYRUzFjKDUE-Vhk8MFx0" | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Rising\RSD\popwndexe.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Rising\RSD\popwndexe.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeBackupPrivilege | N/A | C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\b560f2513d6e0e4228616bc91e664351_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\b560f2513d6e0e4228616bc91e664351_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\is-1TCDP.tmp\b560f2513d6e0e4228616bc91e664351_JaffaCakes118.tmp
"C:\Users\Admin\AppData\Local\Temp\is-1TCDP.tmp\b560f2513d6e0e4228616bc91e664351_JaffaCakes118.tmp" /SL5="$E0064,213638,73216,C:\Users\Admin\AppData\Local\Temp\b560f2513d6e0e4228616bc91e664351_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe
"C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://121.43.19.176/YjU2MGYyNTEzZDZlMGU0MjI4NjE2YmM5MWU2NjQzNTFfSmFmZmFDYWtlczExOC5leGU=/40.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe103746f8,0x7ffe10374708,0x7ffe10374718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,439741856035469458,6456086071696223192,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,439741856035469458,6456086071696223192,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,439741856035469458,6456086071696223192,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,439741856035469458,6456086071696223192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,439741856035469458,6456086071696223192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe
"C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe"
C:\Program Files (x86)\Rising\RSD\popwndexe.exe
"C:\Program Files (x86)\Rising\RSD\popwndexe.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,439741856035469458,6456086071696223192,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,439741856035469458,6456086071696223192,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,439741856035469458,6456086071696223192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,439741856035469458,6456086071696223192,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,439741856035469458,6456086071696223192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,439741856035469458,6456086071696223192,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,439741856035469458,6456086071696223192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,439741856035469458,6456086071696223192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,439741856035469458,6456086071696223192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | int.dpool.sina.com.cn | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| N/A | 10.79.217.129:80 | int.dpool.sina.com.cn | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pv.sohu.com | udp |
| GB | 43.132.64.26:80 | pv.sohu.com | tcp |
| US | 8.8.8.8:53 | d.img005.com | udp |
| CN | 61.155.140.250:80 | d.img005.com | tcp |
| US | 8.8.8.8:53 | 26.64.132.43.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download.suxiazai.com | udp |
| CN | 111.48.162.242:80 | download.suxiazai.com | tcp |
| US | 8.8.8.8:53 | 242.162.48.111.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d.92youx.com | udp |
| US | 8.8.8.8:53 | w.x.baidu.com | udp |
| US | 8.8.8.8:53 | download.2345.cn | udp |
| CN | 120.52.95.247:80 | download.2345.cn | tcp |
| CN | 121.43.19.176:80 | tcp | |
| CN | 121.43.19.176:80 | tcp | |
| CN | 121.43.19.176:80 | tcp | |
| US | 8.8.8.8:53 | center.rising.com.cn | udp |
| CN | 211.103.159.80:80 | center.rising.com.cn | tcp |
| US | 8.8.8.8:53 | data1.iruixing.com | udp |
| US | 8.8.8.8:53 | data2.iruixing.com | udp |
| US | 8.8.8.8:53 | rsup10.rising.com.cn | udp |
| CN | 211.103.159.80:80 | rsup10.rising.com.cn | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| CN | 218.12.76.155:80 | download.2345.cn | tcp |
| CN | 121.43.19.176:80 | tcp | |
| CN | 121.43.19.176:80 | tcp | |
| CN | 121.43.19.176:80 | tcp | |
| CN | 211.103.159.80:80 | rsup10.rising.com.cn | tcp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| CN | 120.52.95.245:80 | download.2345.cn | tcp |
| CN | 211.103.159.80:80 | rsup10.rising.com.cn | tcp |
| CN | 121.43.19.176:80 | tcp | |
| CN | 121.43.19.176:80 | tcp | |
| CN | 121.43.19.176:80 | tcp | |
| CN | 218.12.76.156:80 | download.2345.cn | tcp |
| CN | 211.103.159.80:80 | rsup10.rising.com.cn | tcp |
| US | 8.8.8.8:53 | p2p.hd.sohu.com | udp |
| US | 51.141.184.179:80 | p2p.hd.sohu.com | tcp |
| US | 8.8.8.8:53 | data.vod.itc.cn | udp |
| US | 52.156.120.137:443 | data.vod.itc.cn | tcp |
| US | 8.8.8.8:53 | 179.184.141.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ocsp.dcocsp.cn | udp |
| GB | 79.133.176.219:80 | ocsp.dcocsp.cn | tcp |
| US | 8.8.8.8:53 | 137.120.156.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.176.133.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1008-52-1.vod.tv.itc.cn | udp |
| CN | 110.43.93.52:443 | 1008-52-1.vod.tv.itc.cn | tcp |
| CN | 211.103.159.80:80 | rsup10.rising.com.cn | tcp |
| US | 8.8.8.8:53 | 215.143.182.52.in-addr.arpa | udp |
Files
memory/4148-0-0x0000000000400000-0x0000000000419000-memory.dmp
memory/4148-2-0x0000000000401000-0x000000000040B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-1TCDP.tmp\b560f2513d6e0e4228616bc91e664351_JaffaCakes118.tmp
| MD5 | 2b09adc70955ec218148f31cc1eec881 |
| SHA1 | 24c3e753024a214add140dcad3c36fca713cbf56 |
| SHA256 | edb4a838aadcf5e596ca0d10cf401eb049028c19691f74240b713ca8d6a4bc1a |
| SHA512 | a53109a31140387af1d214e665c6d19df7b90fa6ba78ae549cd61ec36a06e497172d967a7b816b19d371dd6d8b9c18454aa1ab3c31a4df875cb1448f0da3af82 |
memory/3220-11-0x0000000000400000-0x00000000004C3000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\_isetup\_isdecmp.dll
| MD5 | a813d18268affd4763dde940246dc7e5 |
| SHA1 | c7366e1fd925c17cc6068001bd38eaef5b42852f |
| SHA256 | e19781aabe466dd8779cb9c8fa41bbb73375447066bb34e876cf388a6ed63c64 |
| SHA512 | b310ed4cd2e94381c00a6a370fcb7cc867ebe425d705b69caaaaffdafbab91f72d357966916053e72e68ecf712f2af7585500c58bb53ec3e1d539179fcb45fb4 |
C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\CommonDll.dll
| MD5 | 3e5947c9ab62f5bf81efd6a17ac0811c |
| SHA1 | c959a3d2fec987b851ecc0025efcac1c9df2cae6 |
| SHA256 | 78ec700152441266670d7062f12ba99da4933e1134d1e748d74df198f3a427fe |
| SHA512 | bc7e631a16dc5bae5b25b431affab9f8fa7d341e8b2a734e67ffd58939d7e2eb97115f99128367bf841d73c2f9ae8cddf32c37f60fcc94bdd852eef8794a604f |
memory/4148-24-0x0000000000400000-0x0000000000419000-memory.dmp
memory/3220-25-0x0000000000400000-0x00000000004C3000-memory.dmp
memory/3220-30-0x0000000000400000-0x00000000004C3000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-S2OSC.tmp\install1078565.exe
| MD5 | 63ba39f98e28fad9bef7cd57672fc028 |
| SHA1 | ab5059718c8483f91e543eb9206746318bc8d006 |
| SHA256 | 8491c297a332fb2085322e8f06d9ca5ff4fa0d0c0e5ea0bccf1cb5abeab8a122 |
| SHA512 | c7b22fba53d252e47966ffe1f5d26129f23ad555366ef6a9e8573eb66b71ff0bc5d93a28563ba9ff589e7f88fb73a3259ed704af62e1ac3d30d198238379f5c2 |
memory/3220-42-0x0000000000400000-0x00000000004C3000-memory.dmp
memory/1904-45-0x0000000000400000-0x00000000005EC000-memory.dmp
memory/1904-58-0x0000000000400000-0x00000000005EC000-memory.dmp
memory/1904-43-0x0000000000400000-0x00000000005EC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RsdSfxTmp\Auto.ini
| MD5 | 7696eda9678e733f0fdd18e7ceb96aaf |
| SHA1 | 67c5df7cef7c3b70a49c7f561ec1196ce173c4ae |
| SHA256 | 5e4d070ad0f5eb916cba822f3e0839589b7e785ee6f07231fcb061718fa7d14b |
| SHA512 | 9ea6db4d9fbea9b3387c866e4750744e0e1df00023285e4fbc32a558a694aa8884cb1d4c9cc9da4a18686cc89fc059c1040b55c94246a56973741ba0067ec684 |
C:\Users\Admin\AppData\Local\Temp\RsdSfxTmp\CompsVer.inf
| MD5 | 3b985e494611377a281d3aef40560fc5 |
| SHA1 | cdb4f4d8f756da94f1cf9e9176ac684e7fb84230 |
| SHA256 | b9b2a753857f18a1e77376cca7a8191292512ffab6aedb21559be06ea7c3f375 |
| SHA512 | 91c97f61918d90a1cd10063e7dae60deae53446b9ddd1767d9ce24d0c01fd78818656c35a74c3e8482abbf35d345556e2b611aac1305d66c1727416d37470db3 |
C:\Users\Admin\AppData\Local\Temp\RsdSfxTmp\RSD1252\Eng.lag
| MD5 | 20130a3d9adbfe3acf35534876b27817 |
| SHA1 | fb38a0bbfcf8fa687e8f1c3b85d756b687d7ff70 |
| SHA256 | 031c4d5d673b5686b54b2f9dabe29fa3466bc42824792aa31fa1fba8bfb55a6d |
| SHA512 | 0dba52e492aeec19a37c79de4680f66684de169fa6c93d9007c542e2215b36530687fd53490dc9b486f0cdc51925bb2487d0bac7b5b217578fd36e5c25499d4e |
C:\Users\Admin\AppData\Local\Temp\RsdSfxTmp\rslang.dll
| MD5 | af1b1fca64556fab4ce9c09e1dac4b96 |
| SHA1 | c4c6c9ab878bc779ddfcf45c6175bcc67a20f8ce |
| SHA256 | 6340dbb7152c32a54e55a12c054d06e6e98add697a2e5be5929806fec306b643 |
| SHA512 | 2feb1881bedc73b4e69bec79889fb03940b9165a62083f729682803e85e547fe848451f5cc94779f1746eba19cbc2bf26e5d60c7876b491d28bed5b4f1601945 |
C:\Users\Admin\AppData\Local\Temp\RsdSfxTmp\RsAppMgr.dll
| MD5 | 1f35136daa23c794a9561b46db35d5a5 |
| SHA1 | c70934be177b81bcc8f5d0e925a9c4b16cf2778e |
| SHA256 | 1a5b02c7eb208459cba7795c286c4df00de1eee2fa5f5ad9caebdf385f568851 |
| SHA512 | ec6bd64f525687c8ec772770c2e754dbb64b64f2b11c40a4799a641df2c0faee63c4cc7df3e1a935ce2496c68003297c3e66371c47fd285206dba27e396a7d6d |
C:\Users\Admin\AppData\Local\Temp\RsdSfxTmp\CfgDll.dll
| MD5 | 4bf3b0c552a575f4a0d09bf74e4083dd |
| SHA1 | 1d995c98685471e7b7df3ac1df5426b7c8a4a1de |
| SHA256 | 539b021a0c3d445c9d2f054e0a33d0e8497893c321732c3f2a41d912384fde90 |
| SHA512 | 15021142825e15efbee778df625bcbaae9587d1e41b23ac142b2b82c2c2b6592d61635f3a35ed10c8615ef29acdd44a8a3d52949202dc90a2058fc9666a30317 |
C:\Users\Admin\AppData\Local\Temp\RsdSfxTmp\license\12345678.000.bak
| MD5 | e6fff663de872bb4e1407cd2b173a3b0 |
| SHA1 | 8164ee4a2742672664030d5d7a22cb72df5652f5 |
| SHA256 | f2ef7f00b1a0043c7ee4985a9cba04aeafe748a928e371d8a290ed54af20a078 |
| SHA512 | a13b07f955607e525652f185673398ac653a8caff48a7337629cda7f095f85c3054be746ac70bb72e3ece735132de3ef3c3fdfe6fd3cbece1176824ad1874146 |
C:\Users\Admin\AppData\Local\Temp\RsdSfxTmp\ravbase\RavSetup.dll
| MD5 | 844b13a33adcc21e08e66d93f5606067 |
| SHA1 | 6216dcb8866083f07aefc677bf3580a2017d381e |
| SHA256 | 4ed07f391753f1c285f1f54d894e23acb897acc9703b4e57c5b4d159ff60e6b6 |
| SHA512 | 8a8bb03a7461b7989dbe392cd98931d3f4eaf847cc634093d3c6b8d159f6dbb0be994b15badd462a89035c7ee46eb48111a5b4ca1b7dcbf054aeef38158f9253 |
C:\Users\Admin\AppData\Local\Temp\RsdSfxTmp\syslay.dll
| MD5 | 6a2ad6ba7dece95286bc5eef92c62b28 |
| SHA1 | 61148917a206bf38c5f110eff5c9382ab940ff80 |
| SHA256 | bf46b98b27b82a666c2f22fc66c569f3566f33a638c9f5929d25cf071a5024bf |
| SHA512 | 81c6b8f7ce8a758255203eb0603ef5de8e4ffd1db290199c17b821a3731cf055cd007afa343fda44d6a43b21a4c8190abee83abe20e4677991541f68baeb22d0 |
memory/1904-456-0x0000000000400000-0x00000000005EC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RsdSfxTmp\comx3.dll
| MD5 | 92aa0e6a0be8766a98a74f05d202d4c3 |
| SHA1 | ea14ee946d61b014c2d0e463c454387d7f2fe527 |
| SHA256 | 152ce57d1b6fbc784373f770a4dbe9812f6b1abeec549276e9f9747719d439f3 |
| SHA512 | d7cc56b0d521859c50c80bc403f3cdf987252f28b6f7928302f83b9e7923c1dd3c3f4b12aa31b8cf9e9ff296ce213cd5c6f1500bf69c1adc1b07c38b66a06d3b |
memory/1904-446-0x0000000002AF0000-0x0000000002B1E000-memory.dmp
memory/1904-452-0x0000000002B20000-0x0000000002B39000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b704c9ca0493bd4548ac9c69dc4a4f27 |
| SHA1 | a3e5e54e630dabe55ca18a798d9f5681e0620ba7 |
| SHA256 | 2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411 |
| SHA512 | 69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32 |
memory/1904-383-0x0000000002AF0000-0x0000000002B34000-memory.dmp
\??\pipe\LOCAL\crashpad_1852_DNMJSZENOTLTWENL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 477462b6ad8eaaf8d38f5e3a4daf17b0 |
| SHA1 | 86174e670c44767c08a39cc2a53c09c318326201 |
| SHA256 | e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d |
| SHA512 | a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e |
C:\Users\Admin\AppData\Local\Temp\RsdSfxTmp\rscomm\Proccomm.dll
| MD5 | 7ae91c40093e829a971616b1e2f9113e |
| SHA1 | a6b4e970be9e2821bcc7ec8c1e77304a15f58e3e |
| SHA256 | 608cba4e01124a099758295103ba0e5f8d2665874d78b9e3aeb45f7d6c7c2264 |
| SHA512 | 242b1f46c6367f2b318460aafdc400340e01047ca5f6256e3f53977dc44c8d74f97d085551b39937e2e8b9848cf4fb409c7387fb20da6a5fed2cccebb70065ea |
memory/1904-479-0x0000000002DB0000-0x0000000002DDC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RsdSfxTmp\install1078565.exe.log
| MD5 | 50819ed3ecce9cb3fef30ba1096740f4 |
| SHA1 | c7dc134740af689a64f3aa3e2a69655d2df86131 |
| SHA256 | b0ec8dc09074e843bd71fcc085e5df56d7d583ac83dede4a6824dc04b204ec88 |
| SHA512 | 9c129ea6797fc5967c9f2526d75a5b9f0d837d17c3c42f3909d0cc8ebc6c40bc28dd3f508feb47d267743dbce0fd299ea02eab794ef5965331172e4b74b72cb0 |
C:\Users\Admin\AppData\Local\Temp\RsdSfxTmp\cloudv3\Cloudv3.dll
| MD5 | d5a4de2ba24c733642355d25357fa4b6 |
| SHA1 | 74df3cf87698a94ebcb9d28f700c7c6c111e5566 |
| SHA256 | cd30026412d94a43942ae5d443a104730a2e1a37d35faaf8cc24f21c7c300e91 |
| SHA512 | bd9d2431b2f0d3c1a869be92336197e5b0a28b5109842ab30eb426eac395150a24a6753ba5f014751284fac69fa30f5becba66d5c5ab6af7b0bd299650c29444 |
C:\Users\Admin\AppData\Local\Temp\RsdSfxTmp\install1078565.exe.log
| MD5 | 03c2cfe6b1321f9cb5938870c732e5d0 |
| SHA1 | ee981ed384d4cf7e91650d95a49fa9d1378e88cd |
| SHA256 | 39c3605b48c5487b7c9b1ad69f1717fc7845b8e788268ff1bdcdd23154b19343 |
| SHA512 | 61009712044a2471259d78aad45f5f179df76627a5b6e95b9e0a04f0461f11f4c11d0045a268e9f1eded6a38119e0df3071729dfff9549a803054d6be45bbdc0 |
C:\Users\Admin\AppData\Local\Temp\RsdSfxTmp\ravmaindui\rsmain.dll
| MD5 | 4f4500ee19410043cc338668d28f95a3 |
| SHA1 | 139aa70bff3696dcff575836ac8bb4b8e7bf9334 |
| SHA256 | 59caf0e3820af2e5d1e6652654c996ebb0857b79808d589d10ecd7fbbcf0df7b |
| SHA512 | 63cdee1ec89772479a45e9492f706e07daee07c56728bdf8d7b238b239b0efc087a2c07fa4488c349fb694ef2b9b298acfca6b488d17250868bec90ad7920a1d |
memory/1904-516-0x0000000003500000-0x0000000003518000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RsdSfxTmp\ravconfig\mergexml.dll
| MD5 | e28dd24338cae534a54a14d33020cbe9 |
| SHA1 | 1a21a926187d70eb7f8c431d9196b12f389b20f9 |
| SHA256 | 8e42df39dc1d92ccf1a503d8a79b6644106025f644f46c6ce5dd56f1658655f0 |
| SHA512 | f6072aa3637097731bda74b8aaa3aed3c7c26702b40693334c1c80a4d3cc027ea56c0e55521fe1df0fda8e025d301343a5a2325d1497cd129114b17b3cb4c3d2 |
memory/1904-507-0x0000000003500000-0x000000000351D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RsdSfxTmp\monbasedui\rssrv.dll
| MD5 | 00a45353f419bc4891645f1ad0150617 |
| SHA1 | 65b8410c9ac395a6ca5e027a237648064bf863b3 |
| SHA256 | 841b67ba124509ba01deb142a1af2d1e808e6973c41003e61a6922ac011d3043 |
| SHA512 | 6b7eeb4b8abd91b9577c476df09da28a8abc16cdda39c5c8eed0fe79667c19ff430f54984789f70958170fe3fbd59a6da6a8570d0f56a6f5f9b5e9118984aa9e |
memory/1904-501-0x0000000003990000-0x00000000039AC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\RsdSfxTmp\hookbase\hookbase.dll
| MD5 | 02342ba3a87b3974d612c15275c29446 |
| SHA1 | f2947aed0589572c37db724a0d50388d94aab187 |
| SHA256 | da9b1bb57116956645f2cae794b042831cb28615a5ca78c07583e64ff84dc799 |
| SHA512 | c5ff91306acb0fdd92fc4dc091dd560d15a3268cbfbb8c5fd65144feee5b57b4af851d3028d6e3b841d2f644b5563a2cb9152f36a59736241e0b1b60cd43dde5 |
C:\Users\Admin\AppData\Local\Temp\RsdSfxTmp\ravdefdb\mondef.dll
| MD5 | 62de362c75022744c5149e03d1191fff |
| SHA1 | 70b31802ac38d69e5189a65f76a371a722409753 |
| SHA256 | c5dbb1ef41851b44b272bf5280226353e285feaa254f21b941cb2f49811cd994 |
| SHA512 | 0eb1f953a21a68e55d71d268018db49a91705297a42dd25a6ef860c2d86b793b651718562cfbd77491a6ffa6dd498dce4b4aff46667b515bceea27df9fd74dfb |
memory/1904-536-0x0000000003500000-0x0000000003581000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c33fdc2cf96b75676a199c4bdf1c47aa |
| SHA1 | 0d2168af8a313a30d098d22157b694c215c8c169 |
| SHA256 | 531e432ab1165649c69621faa6e2e52be1f174102c3f763d2cf7b22bb4546cdb |
| SHA512 | 93753d789d8a253b7935792a6a37fedecdb4cf9209f2877bf7be0fd5cef8089ee152cb78e5edac1b666d5da590722359ccc668e9d269d8da7c2c12cdce3ebb19 |
memory/1904-494-0x0000000003990000-0x00000000039B4000-memory.dmp
memory/1904-524-0x0000000003500000-0x0000000003577000-memory.dmp
C:\Program Files (x86)\Rising\RSD\Backup\RSD\RSSetup\os.xml
| MD5 | e8cefadc14e81fdf88b43b316f301de5 |
| SHA1 | b7f6e875409597b8d6abf54682424312a7777d6e |
| SHA256 | ab6a7e96cf835aa4a2a99480832cca0c9b739c0a6df018798bfad8e4a9fdd27b |
| SHA512 | 5d95caed222b1eb49ae41a77dac0f088ad91b5378d7d0013adec594e1f0ff44c0f3c68db82e3696bc2f0aab3384bea6772fcbc9958b53831566f9ed85678ae62 |
C:\Users\Admin\AppData\Local\Temp\RsdSfxTmp\Setup.exe
| MD5 | 6e2517fd1ced9878e60075e1e696b408 |
| SHA1 | e1b55dce2b9261b47914c1c01762ff40df824ef1 |
| SHA256 | 60231e56cd80715b506f8a53bdc504572db392b7ac000532a97e8e20c1ca0803 |
| SHA512 | 69f70201e623706a8dbb1731bd9d930d1da9cd9caef676f0e675ddce93d78a29dcdb6b6f389e47e1b8840289ec9f1ef2233db8ce83f9670e452dc0d1f405d80b |
C:\Users\Admin\AppData\Local\Temp\RsdSfxTmp\updater.exe
| MD5 | 66e3df00feb94c09d687a6d544c1e909 |
| SHA1 | 65b97e879d4b0686be6522f0ac14b9404bcb2448 |
| SHA256 | 6da83a2308bd49d280b8e343f67da16daf9a163da3c574c5cf24df0cb4da99e7 |
| SHA512 | 99a8082f01625f692b82379cd1034fcbd5d989e35b60eb7895928d194e9330e840023523653b5b67d041490de957c7aed9d7839bd72f41f8a0c3e69f21570b2e |
C:\Users\Admin\AppData\Local\Temp\RsdSfxTmp\RsStub.exe
| MD5 | 7a762be1d46bb1ed07eacec047cbd1cc |
| SHA1 | 46494455d908d2fecd26d12d60b48510c8915431 |
| SHA256 | 6bf8b140a8e451227050acd5a2b586ad1b2e4da27c32ae1bb9fb64e2b58d8b29 |
| SHA512 | 0f8f55843747220fa0b69e3b4417bb87c5149b5bff4f4a4ee867e26c5e6a5bc59c4d396515bf0a564967304f94e8d32b8c0e999951ff02313d0a763d58950c98 |
C:\Users\Admin\AppData\Local\Temp\RsdSfxTmp\RsMgrSvc.exe
| MD5 | f9e7dc9ecf924163a06eed9944f74f56 |
| SHA1 | 4a737741979f80069d0e066f858b79ee3afa61cb |
| SHA256 | 6bb255abe347cf8ecff72c5b25822bbcad63a3e0f4a5b9b8feb5be1dc54b1a91 |
| SHA512 | d903700450a2cd7165dda4b80d0340186093bf910947506e6409d1ef7fe0cf23d38f2906dddeae5671f5891517f06e0544eb0a95f69dfe82bfee13e73d610fda |
C:\Users\Admin\AppData\Local\Temp\RsdSfxTmp\RsBackup.exe
| MD5 | 787524b75ce2e55ed671a5cd596d2b36 |
| SHA1 | fbfc4ac0a6cab35b172d3c37185fbc647fcfa2f4 |
| SHA256 | 6a242951c6ffa802d6d302f96c58c015d6543a034cf2bfe9d98fcee0a57b3b35 |
| SHA512 | 460c08c2035bddffa8344782bda00be1eecd78ef41926554baa59a22578326c27f1c99a83dca820993512347a87a636052cea7f4bbe50af680fc0d392c2169ec |
C:\Users\Admin\AppData\Local\Temp\RsdSfxTmp\setup.dat
| MD5 | 783749a918b23b8a581b48284d18a3a2 |
| SHA1 | 1a598f9bda2d79dd0230f2650826888501b0c593 |
| SHA256 | ebc9f8c12ec94c070209cc5d31ac985b94c29d7caff4098b807cc21575cfbad4 |
| SHA512 | ef69fcf3556e50e07a16d78e5f27518c7440dbdd4183e13ac1573bac44bccbae4726662883e345d6d9b5f3bf7552f2522bc0c6e28c150708ec76938a5964de6f |
C:\Users\Admin\AppData\Local\Temp\RsdSfxTmp\update.xml
| MD5 | 0f99e8eb5041ad830c3ffcfbd4e78558 |
| SHA1 | 4be4cf05dbafe701a8efd3417408491244fcaee2 |
| SHA256 | 1bb0ea03709e98b947f34e46e3a72578cc2bdacdcac45a9a7a8bdbfbd4e8bb33 |
| SHA512 | 1b1b485476472d3408d2b3d4aed9fb4e97d43998314d8ce7e6775234200ee4c9f694b6ec790866e41dcb6294f9ab6818bc3c3c428d7a8aa7e2bcf35bcf539f63 |
C:\Users\Admin\AppData\Local\Temp\RsdSfxTmp\RSD950\CHT.lag
| MD5 | afef6166dfcbfeaa59cd52fbc9ce8c1d |
| SHA1 | dbfe1bc525a0575a231d75c87c4b8df64a831788 |
| SHA256 | 5a92f893aa544b536fa4d46d2b37740cdd0f868459b16c8a3174e76a25dc69fc |
| SHA512 | 6b86ef17a880c89577dab0abfd7be75b31c549ffab1b3e272945f58935b80e9ac8adb7f54866c4e6e616e3aee879924d292a2f370206e018be0775e9819283db |
C:\Users\Admin\AppData\Local\Temp\RsdSfxTmp\localopt.dll
| MD5 | 7864be756f44fca55c58601b765d963f |
| SHA1 | 4a17e07a5974af24723cf078d8cfd19466499553 |
| SHA256 | 5c325bbce4c761888b2c41e41a3ffc4531ec982c016a2f90cb516b2177e452a1 |
| SHA512 | da0a72e635b07ea8a06e722e1fefcb5ba704fee89af0fe5e03febbd2d8202897d71e481d57c2f4c16208d184fd0d10f3d022e7c7275681547d36922126dd07d4 |
C:\Users\Admin\AppData\Local\Temp\RsdSfxTmp\RstoreDll.dll
| MD5 | 8353f3fdd33da4187b4411a51122174d |
| SHA1 | d2f1fcc6a031339b12ec4d961fe1fc2c30d91220 |
| SHA256 | ecd5e9bde7222ad76925d12d45d049b2139514fc902f1882052d03dc886b00c3 |
| SHA512 | 1dc873ae7cd2b244bd5cd1c505e2c01aac6c55aafd82a86faa5da431a2050b6439e9292507a349aa928b6f3ac2634d0bd8d1eb605a65fd92ca54f083de01850c |
C:\Program Files (x86)\Rising\RSD\Backup\RSD\RSSetup\RSSetup.xml
| MD5 | 8e8ec0745770e5d2044bab0394af573b |
| SHA1 | 48ad272c53436309d94d0b3a3580749f822da8c4 |
| SHA256 | aa00fe1e0b0a85ad1567c8c7f7b47abc085022dc08fd45b558e212daa249580d |
| SHA512 | 5ef12220c6dd303cab2aef89ebd4cbc2751fd3aa1ed2d20f23dc697cd82792ec8f49cf7caf9e62032c9af2d2ba4fc0efff94d3f0b366b65df5aabb47ad0e78a1 |
C:\Users\Admin\AppData\Local\Temp\RsdSfxTmp\ui\snin.htm
| MD5 | c425df2cc54e926ac47125c1ad995516 |
| SHA1 | 5232b8c627283acd796cbee7b7ef4cef54ccfa66 |
| SHA256 | 7c7e375bee5906b7d7cdf083e4627661a4e45aca79865f8cf0df8c02c68882c0 |
| SHA512 | b3c3859bd5ab478047579ff8e8facac80a8810cdfcb49e53aaeef1d5013720472d60a601bf0742c30c03e850947a483448b1e1ea692102562627b8625fb88a23 |
C:\Users\Admin\AppData\Local\Temp\RsdSfxTmp\rsdk.dll
| MD5 | 9dd8dfd3e7359021dcfa5e91537bafab |
| SHA1 | 07978c741136bdcdfaf06184752f499545cb48f4 |
| SHA256 | a721df54f839bb0e51d581f3678e60bf9b65f5da5d3ac282457059a43bf93f0a |
| SHA512 | 31e7ac7980315c73d41e9dddc0e67e9b7d55f1980ce8161876ed9a63c7eb77a4dc5b2bb2bd25dcaf4615f97d9b9f61d3882f52ef98b9136a99276b25c192b835 |
C:\Users\Admin\AppData\Local\Temp\RsdSfxTmp\rsmginfo.dll
| MD5 | 0353146a43705ff783ee2a6109f232df |
| SHA1 | 7599b8b47ee7973fd2fab1d4c760ef92d9dc160f |
| SHA256 | 9672251d7f08a0a2247bb5592b01eeece7496b384a12b8d8ede4f9c6639f68f8 |
| SHA512 | 0723d38669fbb0ce6b126cf6f818c5f3db0834103c6e81fac802be0f9b7b24f65360364f2c7734389811172eb2fe7560f011a06a37a7bbe0af6f743274cfebcd |
C:\Users\Admin\AppData\Local\Temp\RsdSfxTmp\popwndexe.exe
| MD5 | 9fc8d62cd7e5c9db50b515c26b968e00 |
| SHA1 | db51599827dcaaededa2fb4cf16b7853f30f5f84 |
| SHA256 | 3b2ac4bf98d9812a969aaaa02ff292105ed81c8794ffd84788ba9acc1808d989 |
| SHA512 | 244ccb61af416b03d9e383a98dd0da2f8ae428a0497af6b9a90dd2da223c710546b8df59236bb17d8ad06343331f2331f4f3d2b359243cd493d00a21b98c4847 |
C:\Users\Admin\AppData\Local\Temp\RsdSfxTmp\RSD932\Jpn.lag
| MD5 | b6c7bbabb02975ad2b4578bfd0cbc890 |
| SHA1 | a158b2cc22adc0b094db743eb4780fa38457f5bb |
| SHA256 | 30fda5e177f480c551166c0bc00ff3ee78bdf41f136040f8864bf714b1651f0b |
| SHA512 | 967cf79bac9632b296dc2a1579a18629efafdd311ed1cf088afeca97d14987435781c921a3041410e785efd709bf869ab39afdd86e0c8b832e27110095ee4037 |
C:\Users\Admin\AppData\Local\Temp\RsdSfxTmp\RSD936\CHS.lag
| MD5 | ff0385e51b16cba3a028e33c70334100 |
| SHA1 | 29ebea732d7f0645f07d2acb5b50b58089235b37 |
| SHA256 | 1b42e46c71ba5c3237d3c430fe6e32940d535e0efb71fb287f2c473698cf7f0c |
| SHA512 | b21981b3f4871c954aae1edc352de9a67ba9d054974e43fd906750db36c5596dd69fb39dbf8ab29c75cc94115d8c9befbeabab6e2c7403a00bffdd4e9db2468f |
C:\Users\Admin\AppData\Local\Temp\RsdSfxTmp\rsdinfo.dll
| MD5 | 72aec55622cac794f6525a6f9411ed3f |
| SHA1 | e7319b75f55acf2cee7edb6f0d27eee27789f6e8 |
| SHA256 | 3318bed0d41e7b39f1308ce1f5a41f52d9ff2cbda0fdeabe5c1f3aa6f29692f4 |
| SHA512 | cf98f6876873a17a0b3436e8557b2dc683d8ec85ed4bcfaa7a9295d2ea7d1c1e09d092adefbd331434347db4e02581edf51cd11f87e42860c9fbc1be7e71d4df |
C:\Users\Admin\AppData\Local\Temp\RsdSfxTmp\protreg.sys
| MD5 | 1a16b46fae0e4443927fabc89432f708 |
| SHA1 | 0a317b000627d149e221f2cce7c21b3acb2d33f1 |
| SHA256 | 5d2bdd64e335a9d1f4ef15aaa00d7ab342331a4674425d3d32ecdf5995e4962a |
| SHA512 | 0fa86d1fe95dfc5efad5682fca5d729049334bafa32660fbd2b3ee6b9edf31572b20c2f434180c67a9ecf5b1505e7d738edce873972c0e3ef56b09c6bea59a35 |
memory/3364-758-0x0000000000C60000-0x0000000000C79000-memory.dmp
C:\Program Files (x86)\Rising\RSD\RsMgrSvc.ini
| MD5 | 5bbe56a9322ce34371945380a3bae9a0 |
| SHA1 | 881f54234e34bdd08e987fb1628d6fe17afeea0b |
| SHA256 | 0a19332fa5041f4999b51f4a46bbffb5d07f09b920cb837e3c78b595ff5ce20f |
| SHA512 | 847b043bb4748c2e5317138f7216d7a3cbe7ddb01ea2f81cbfa575b606936a6e069d911141686e08f770e40db0f9388f38f8472b51901d1e1cbf562114df27a5 |
C:\Program Files (x86)\Rising\RSD\data\RAV\RAV.ini
| MD5 | 059d3164b4e40d70566b8ceee9091010 |
| SHA1 | 7057ff71132433d86f964f0a043f818a1d7b230e |
| SHA256 | 3d72550ed3ef9e4273035417ffba85fed8527e027c59a48042d5ed9ff872ad0e |
| SHA512 | 5ee224ec5446bdee96d3fc86f68f3a484c62c52f401f79fb03fcc3dbebe9863ede4f2449a1eeb90a7ef866bf07c0c4d6b9c259a40e995f5b5f5cae147f52112b |
C:\Users\Admin\AppData\Local\Temp\RsdSfxTmp\rsmondef\rsmondef.xml
| MD5 | 1507e6f9e24cbce29bbfc3912d07cba1 |
| SHA1 | 88f0290317ae913b91f45b6ee51eed3f8297ac3e |
| SHA256 | f923c8846605151699ec2c86936dbdfa1e80132470ae5e018d39c13d49945499 |
| SHA512 | 12a8ae807b76844eee006021caa17acaf28be2316bddc9a9964801381e5966b9b5fcd30228933183d7590e30e22443f84d11e9109dca463bad568e8eec57bedd |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\RSMONDEF\antipromotionmon.dll
| MD5 | da73284eed74d2a443c08559e3ed6e0e |
| SHA1 | 2d4e8231f78ed6f16b6245fcd7538fd8abbeb7d1 |
| SHA256 | f1594c01c71b00a8e0776d8c81125e533caf36bc4dee28a5d2ea1ce2b169b22b |
| SHA512 | 864da859aee385fa23aa67167d611a0d63412b1bf0d0cca4ff6a1233256ddb3f1341cdcecd97c9538f18f2c6b701dff9fbbdd38b918a38db9faf95f7b26c1eda |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\RSMONDEF\bawhite.dat
| MD5 | d52d2a728c417b2d97931f6b5805d1e1 |
| SHA1 | 45781f9ab4981631675065e4abda10bfbdd8d735 |
| SHA256 | 058c7e7883ff0d0e50800185a34254b02318c22163d0b9ab662ac0a536399334 |
| SHA512 | 3c6a18292478b2868d2d138dbb7a47cf70952695205272eaf4a0d9c121265323d13d67094508d55bb83993268dbbdc2080a839f3df16955f19324c7ff38324ce |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\RSMONDEF\bawhite.dll
| MD5 | dad3c0290a40f4efdab971fc0d316e35 |
| SHA1 | 013bc3e5903143b7b87a30484682f31a1925c8ec |
| SHA256 | 28baa3b7d66b340486582fdd20ea9129e33a54a7bde242f6ed883431480ad6a8 |
| SHA512 | f982bd117832fcfc23f789492bb4135844c85f54a4104a1d0b67ba04e436599a24ad26518101980ae95005f76df5fe23d107bee5fc37ef7c317544ed6134f793 |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\RSMONDEF\monrule.dll
| MD5 | 4fd2a695c22336cf6f802d697d0f6f6c |
| SHA1 | 4cc5524e33bf46fee8b01f2a49a657956d0e54db |
| SHA256 | 88880f4d4e330102dac831dee0af37ac6b7aa3867726e3b267cf54fa7f3f9f73 |
| SHA512 | 132924e1f84a9f0b9117884ec9935f5f426e786b604a55a2f466a5854815a82bfc9bf6cd38e0d4046972785f98da1a788459e8f6e40848cc772b786c3ba8513a |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\RSMONDEF\x64\adefmon.mond
| MD5 | d13955c2242cf65aca4e3b4c177a5a05 |
| SHA1 | c8b061a344a65b45856b3f2884f6011d68c4db7c |
| SHA256 | bb5a8a973f533107dfa1827b4b11822c7199dd10372a6c1f59d77fba1ed0da9d |
| SHA512 | 800810d8af5294bfd2fd737261e302e694e224a38c0fc32d0e3ff6fee5c380017df82f47587ed7e18a7c36559ec9edf2cbd71dbe9ce5a3999113df69fdc70e87 |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\RSMONDEF\adefmon.mond
| MD5 | 0bec28a31b68d6e9dfb9b4f5d05c3584 |
| SHA1 | b3be6b897ce59037cc240ed7005c16df1f594f05 |
| SHA256 | 7518e49b61621e66be434f1033f5309bfb781b86ed19392d959950c4c3045a3c |
| SHA512 | b2e0f143dd17f70c12e1864eb62c55759843c49b78326ef983c9345864fb3bc1bce7890b12f926a61ae4dd04fbb924ebbf2f8514fb5c53a490df11cf781347bb |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\RSMONDEF\defmon.dll
| MD5 | 21e45757451e136934cd235b8bcfb27d |
| SHA1 | e7045f23f7d39760e3f0efc7565eabd33c33589b |
| SHA256 | 44eb17e748bc6ae1d5bd2b6f32871f95338d397091dcafe7068c959b3c27066f |
| SHA512 | 639d4530bade7eba33ff3e7f37f04aeed468421ac63f14c7f70c81b79453fd9bedb7feb023bf9ab2337bc399abe3346041e6cecfffb69978edfcbf785288f8cb |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\RSMONDEF\bacore.dll
| MD5 | 3f46d49ad83708726ab33da67a08cea2 |
| SHA1 | caa155299ebcefd38d51a514c73f4c2f3d2f4d8d |
| SHA256 | 295eaa0452d86e4738bcef8c595691f7ac52ac66a00fdc94fe27029385d3a4b4 |
| SHA512 | 3ae12d9d6f0f30eace326c47788e6cb440d4d93918578a1beb14e76335296d707461eb316a64ee2ddd7891902203d2f8644fc4acb598b644ea57adf3123de6bf |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\RSMONDEF\selfmon.dll
| MD5 | 9f58e7b916defbd2f20633bb5e120def |
| SHA1 | 69468d33bb63077b23ebcbc27e5deb78eb41024d |
| SHA256 | 156b34b31b428e4fe23ed7c9dfa573ca8f658a9637cb0e494b23d32051ea4793 |
| SHA512 | 82c2a1afa4cc9c674d0453c4edfe50d8067f6700c0ed59649a6be9581b555fe4a55d11f2d4019fb328046375103231b7898c165209eef0df6af46a7eb23f3336 |
C:\Users\Admin\AppData\Local\Temp\RsdSfxTmp\ravdefdb\ravdefdb.xml
| MD5 | cd5f6738b635c1d43ade5c2b4370e346 |
| SHA1 | e8c83dd84396cf31cd84cae993ebf3bdeea45d19 |
| SHA256 | c4d857ccab4ad072a8eda35aef847e65ecd9f2aa6dd53ae847669758065d577a |
| SHA512 | 9a40693bd02ebdc3ce46a8491705a79bd3c6696fbd2a4fb82e9f3ca13117eef8fdd7a72e51ea0d8b484d0f53beabdcc08e96d9cee567c2ae4f55d85049d242a2 |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\RAVDEFDB\uprsuser.dat
| MD5 | 4c2795e1d361ac37200617f44883418d |
| SHA1 | 42d1f7ee694c5a5d8d0291046b4a129774db34da |
| SHA256 | a8c038669851342d6787d892eb1bf84d8cc975da72adaa6f8c373aee89d657cf |
| SHA512 | 825621362674388fb2928515837549c0050468e4cb710cef9113d069dfd16324cccefeb48c8652c6211206fcd8dc72029ede74ef84f7c9b2b3ce1d42ff2ceb8c |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\RAVDEFDB\uprsmon.dat
| MD5 | 348cdceb2d7a9d7f4c58de7a62d21123 |
| SHA1 | a188921c0f0544e97df29cbdd51f3994e48413af |
| SHA256 | 2fc1f5b0271b329ca97ec090583fd9e94f5d86e918a41d91a383898e829b98df |
| SHA512 | 61a5679828a9a115f15230b14594d052e36779c9194c3791cc4950ab40c78b6e99bd54030feb62f26de4c504032cf272f2527bee8b4c5081f5640f23951b13eb |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\RAVDEFDB\rsuser.db1
| MD5 | 334a74546208bbcf41a0be9d3a91ee08 |
| SHA1 | b64a402d60a902c39ea9030937b79f58a06f79a6 |
| SHA256 | 7a9f749547968bb79ad8d449f9fc5ebe9022d714146d6951c5a4b2cacabe1ac9 |
| SHA512 | 373dd267ebd1112794e3dc46350f2dddc97065302bd118e99fa4eae04652f45c3a4d801eac1649c91cbb8323b32ce9577eadfb1b906087be0d83bb2907236435 |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\RAVDEFDB\rsmon.db1
| MD5 | 1627d9e99f9a8c37f7d8d7a64d357fa9 |
| SHA1 | 6ef2aab1ed4f110b0ad56c1fc4339c3bf51f3409 |
| SHA256 | 1155ada913525eaca95bd53e2414c78171e0771db5e03fa4c6979d3352d2e35f |
| SHA512 | fddbcef288a92faea273f400431df37e6355d611f755769f7fb02239e2af8fbd53d0da4c5ee56456efbc0d024eb6acd4283337fbcef8763ea6ddb4ade30c6059 |
C:\Users\Admin\AppData\Local\Temp\RsdSfxTmp\cloudv3\cloudv3.xml
| MD5 | e504c74715c813946a2239fcea4360c3 |
| SHA1 | 6ff01815df6bf6c708c75eebf33f77bceb1c2d90 |
| SHA256 | f4c4032a7405c3c33d30ed3245b0e252c6ae883282a0da74248cb881d4fa07a8 |
| SHA512 | 8194f66fc144dddbdd1b298987814c7e90a69e294d145d4d73aac754620470a7a7feb8a4876b3af469e741b5b255d49a97c1faa89b9fca70ac13138839f213da |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\CLOUDV3\datastorage.db
| MD5 | 1b0fef4f03fe758fe4881884c042f451 |
| SHA1 | 5bd093bb0ed3bc24f36f5e6830139cce0d8fc978 |
| SHA256 | ee6864601416125287fcfd2e21f32ebc7633a92621115c5fe1c42e748e69d052 |
| SHA512 | 1e011095d91a4dfa90df7e0aed6f617e2bd32a8d4bc25dbbfd5319593b089e2c545571d7ab879f722bed5fff5c3e763b2d268de6b10e02a4c2a112752eaf6b86 |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\CLOUDV3\userdata.rstray
| MD5 | 79e881f506b9e1342ef1a79be97127b6 |
| SHA1 | 65c3fa960a5f2028124ef0b7c29b39b75e968a47 |
| SHA256 | fd0621fb7c7d16ea358aa35e7bc328151a474f9e161cb451b0c2bd3c0cb6a5a0 |
| SHA512 | a4784752bf797d5cb3f691059e01fcc68799a69e82ed9c89b4c660c993d9212fbf8232bbb132ef317e3e4484708d667d3f11cf0b7f9624b8831749ce4bef8d3f |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\CLOUDV3\userdata.mond
| MD5 | 3ee27f3d56064e5edfd36eb1724a3a24 |
| SHA1 | 978f943bee2804475d8c96c37ffe80b0cdb79bca |
| SHA256 | 29077ce4d0722824342be77bbf357d00d40b9d9e19c8bf90e1657ecfc3f8e163 |
| SHA512 | a1c915b3416db0d23d0a14737517ada639d3ff21caf44853711fcbec93a1a4473fc265214847af8dfa157db703c5418b958623e59f7bfb6fd7d9995b078a2dd8 |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\CLOUDV3\cloudnotifier.dll
| MD5 | 063510e07cfb8b97cbbcaf3ed4aabb03 |
| SHA1 | b2f860faf4e6ec25793199ffb42c0f4c3960f2fb |
| SHA256 | 5bde0a0e3a55f4ccf8f78e8a9923a9ac8e0a335afced1ef95e0ffa5ec46fdcbb |
| SHA512 | c53813866afcf60e403ed7121e87c91050a6c6e8062f2d8a1b42b21c7b36435bc08ee76d439f783420acf4c4d2f1c6b6abe4077396623ea3b8efef9c30584aaa |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\CLOUDV3\dataups.dat
| MD5 | 41b09af489b0178d8b66841159aa3c71 |
| SHA1 | 6e0dd17c6e23b05e24cfd7446a42787ab5ef7da2 |
| SHA256 | cb716c923afdb06fe32f42f98589ecb380e43e02dde999a4b4031d752c3b562d |
| SHA512 | 45ba90ad15bf74931e70cd0693b443dc28c3823a5fbf91b210f217f06f3a12aa6939c6fad0ab2ae33d324cb9e8c56b6526e322f306f6198f65c971511eed13d2 |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\CLOUDV3\cloudwork.dll
| MD5 | 6c996360bed3d6e78429da39b73e477a |
| SHA1 | da6daacb42d9415fb4d21ccb6570adc5a1930ce3 |
| SHA256 | 99e11ca2d8c4602043c866514f9fb2ae232c2d7dc804899e38f50508d420294c |
| SHA512 | cfbe8a71733fac49056c9c5e4baddccba36d1bfb7f3e87585ca5334acda8579a9e91e63c39fd58a7bb5a81089252ed0c632efef04393bec85042c56975d35b42 |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\CLOUDV3\cloudstore.dll
| MD5 | 9828f59608a18295e1c09573be65a83c |
| SHA1 | 93984056780122fae0223c0ba5143a7849bf7f27 |
| SHA256 | 4e3861b22c79e5bafb504b522d42a95fd58cfe04ca222a1252faee02457c0441 |
| SHA512 | 9763d5bbd38b691611bada797e1d3298540aa85f35cae99ec298a05a7d6fee1ae08096829e6db7ba89a5159df52b42e52388448abfb3249ba506f4ef7ab4f3dc |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\CLOUDV3\localopt.dll
| MD5 | 78f5881af930e81a9ffb246402b6a6e2 |
| SHA1 | 0a0c687ea93a767ba0332da16065cc0ca94ce23d |
| SHA256 | 0726d155b657c4bc5eb65e518a3ffff188950b563024574ab4f257c057552756 |
| SHA512 | 81c516b3dd21e4139459171ac57fc03b035b401c96413f9ad86afac4b14ede60548ae3ebb0f025882a018e78466a23fcc7db3f2c36478db36504f9ae2d8ddd81 |
C:\Users\Admin\AppData\Local\Temp\RsdSfxTmp\ravxp\ravxp.xml
| MD5 | 2afe89c907357759c559adf24e593038 |
| SHA1 | f697d639b7cc4438870c29b5d993b2a66ff8ba34 |
| SHA256 | fd83e6bc03291cb4ad0b2d463b43ce701a3dc169b7eae267579621c580914688 |
| SHA512 | c52dbbca41ce3315853c65cb70dcbde9dec8bf8d3b918209c926951ccfd3b7823edfcd361b49df175730450a1eb51237ceaa18d91df3a97ef45b18203a0edf0a |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\RAVXP\ravxp.exe
| MD5 | ef56ceeafa7b2464f44da3b3a46702f6 |
| SHA1 | de14fdf17af68d99eb749099ae1229cfc0dd40fa |
| SHA256 | 64b80ee63b36104f28fbaa08e9f57709969ddcdc71d2d958318e192a8bbb3d4b |
| SHA512 | 65bafd8c355039569f9a421551e6cf8dc51eb5744f7ba02fb7c38e230a7d3668ce66496ccbc300f7a712d7ba66705de9d16bb416a5f85bfa5c34b2a363dfe408 |
C:\Users\Admin\AppData\Local\Temp\RsdSfxTmp\rscomm\rscomm.xml
| MD5 | 9f0f78185c57946453d729604c7f3303 |
| SHA1 | 50748f3e666e32e91486a7083cf44e41292226fe |
| SHA256 | 245328c1a66b852b97a63830d66fcbdca83f0d7cbc9ca5aaf3bc8c7fff9743aa |
| SHA512 | 1fb02223c45aae124a9ecc8d03cd31d5ad4d13300e2937ceebb783f1fbe80932dd14594ca1aa2208644c30384212e4ba68d82efbc1c6a525b3dda484e7a46e97 |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\RSCOMM\RsBaseNetWrapper.dll
| MD5 | bd57bcbbed105791aba2b968354e466c |
| SHA1 | 0ce61f54a520f7aaa220dceb5089d58ed23d4b28 |
| SHA256 | fe5be381bf4542f38fbc528af74d1fdb4f98733b8e0f44535420e9266cec76ad |
| SHA512 | ce810e210d8e18c7b30234637634859d99a35adb69c4e398c35f93551c69fa5a79b9d0a77258b72681ea4d3e42e7cc42a02044c6543f0f3471bba39740d6514c |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\RSCOMM\rssqlite.dll
| MD5 | b4f78b19eed6248a10f3031baac0b517 |
| SHA1 | aaa41077d2d220fa8e15346333abdb991c26cebe |
| SHA256 | d03441eb400864bf9c7e258a3cc1c2f5ba603841b45188bf718e2bb9f2da0cd5 |
| SHA512 | 599e0d81579225528e60bec5879c6ef1b101bda655fac893cc0598a37af70b8a49234a23ec9d4ff13272f297bf0ba5267e7a786631412bc8241f9a918ea8c1f9 |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\RSCOMM\rscommx2.dll
| MD5 | 9e58445a57ead0fd320fcc58ec173c3c |
| SHA1 | 6b3f0e54f91c4a4d1b772b9ba4683c33364cb572 |
| SHA256 | 254721ff502d5bf1e7fff09fb4fa9c302881ddec74e7f3d22aae321a54cb1a6f |
| SHA512 | 7da428dc8c928c559698e4a377c0f39c164d949d99d323d2223e2c794a4ca1fccad4fe2f159d5e95d25589892b3eb80a584af85a66921851fd57ce804bead475 |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\RSCOMM\moncom08.dll
| MD5 | 82387571279847d2324297ea4722e14f |
| SHA1 | b618610a8c910294d95ac8c5dc70a6eaee3eae2b |
| SHA256 | 4c23f9b464132e5eb580f1db69a98b3368d57ac70cdd87d00e31e5211297f79c |
| SHA512 | 3e92f0cf3faa76153a08b9a91b6682ac54614ab4e043f2aefdde7d28353123a00d2e2f3ce27b1147db0891429fd691c022f3c19e71c7fd9c1a6e307e830c5c27 |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\RSCOMM\syslay.dll
| MD5 | 6beba6b5b2e5e5ce840cf7c02f3fb657 |
| SHA1 | 0922e75132dbb8a600763a7145eba1ccf6db62e8 |
| SHA256 | 9a83dba0226cf8ca622f8cc135763617c5849308d1a6807117190f7783e12aa0 |
| SHA512 | bfe7d6066405d0135967816a792c44a3fc03ec05ac77dab3bb0d4d52787741c523a35e7e4e89fa1d9484a7e5f83810c4006cd65a9b59a25f9d39877643f70874 |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\RSCOMM\Proccom.dll
| MD5 | fbc567d59b385341c53338ca58c3e248 |
| SHA1 | ff542e45d92f88c15b781f976ae0641769079605 |
| SHA256 | 7e5d24f765364518dff0e2523daef720aaf258b689a989877f63b5a2dd2baa7a |
| SHA512 | a435e8de812a47650f1d4eaf98060e4e90589c993b1d371ddb712c5c7166f7219dcf2d7bdba1b482d5e5487d68c419e99277546874a1e7d1b55173f14bf39276 |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\RSCOMM\cnt08.dll
| MD5 | 7a80c5c9e6955622d45ae9bdf86472ff |
| SHA1 | 1f964d7c2ec962fc3817fb013dc19eefc133ec3d |
| SHA256 | b9bd4dc7254ffeee8086152394792bf4755c6f8ac598881d98b012ebd7d56f37 |
| SHA512 | ae8b7a9e71af3f577a5557b42aac315baa3658ccadb9d195663c25d9df29f3132219bcded83fe6434f9608acd32e98e9f9bf8991cf59714ff07975a6e4ac2e5e |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\RSCOMM\cnt09.dll
| MD5 | 4918a3e5256d45c5ca1dea6a2592ca88 |
| SHA1 | dfc8c332ee987b08d71f02e0c7d6b4ec70922121 |
| SHA256 | 350885d7958eb4e404561d4e7a338f5abc290d937e1b80dddd2d0bd13ae44c6b |
| SHA512 | 2ab98f8a1393c338eb371375b3d50092e7d887c745cd14a0fb7542cf58acdd9a14bf010c4e2eec7fdb58590bc0016086e496001ed689e08543445cf7c0d11482 |
C:\Users\Admin\AppData\Local\Temp\RsdSfxTmp\ravmaindui\ravmaindui.xml
| MD5 | fc8ce8acd94acc66ac5aeb7028819ca1 |
| SHA1 | 73faf9d2e074e088b040134baec453228033a908 |
| SHA256 | e83b737639c43f3550d67f83e293d002ca391d3dbf7ef293b4926ae34d92d0cf |
| SHA512 | 022736133db851eed86b470fd5a95bedc859b822269449f4ff0aefc987ede8e76e12c7a27c1fdefc8e8b9d76797024940126d050d5ccbb2d58ae1f4dfebc709c |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\RAVMAINDUI\rsmain.exe
| MD5 | f5857084201bd2f578b2c04c12cc2ac8 |
| SHA1 | a557ce58deccdd3d2a8bf7e60c4ed2871e9a311e |
| SHA256 | b7dde72860964cf80677f9044a98c6f6e5523d67bff7f583a064e676de310610 |
| SHA512 | 0f782d647c8dee0e762508a7896e11bc8cfd6be5b778cc31208d4bfb3083f79bc0d6e2522ff5c0f288a3f3172f6a3495c98b3d6e93a1881281267601194d49b7 |
C:\Users\Admin\AppData\Local\Temp\RsdSfxTmp\ravlog\ravlog.xml
| MD5 | 0d73be899edc2c5963c0bbf4ac24a508 |
| SHA1 | 3773c08a662c735cc43c09214e85ea86526d403e |
| SHA256 | 6d237e5a59f6a45762596ea13dcc77adb49563f9ba5cebc42203cbb1a01aac6e |
| SHA512 | 0500179bf99180983f3018afa33a85eacab071d4a7253dd7e014ffacc88c4e5186efa23c2634ed4bd2c9c447392fb50eac53d7e6278d2c9d447851050ad51729 |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\RAVLOG\rslog.dll
| MD5 | 08dcba43400dc71b8145a30c6f0b55da |
| SHA1 | 52be40c5783f0ef15f50c3b6d8ac65b4d3af9213 |
| SHA256 | f53dcd481c81f91ed34cd36837b5c493453dadb1c4a566e0e586d3776a2ebf7b |
| SHA512 | 591ef8e7a5ffbb924873c07be062805491b013b9dfe56f4bce32b0e8cce8004a4e1e62be249736e8d66256f398a40596d77c8757110de4dfc07958dfc716cfc2 |
C:\Users\Admin\AppData\Local\Temp\RsdSfxTmp\ravconfig\ravconfig.xml
| MD5 | c3ff13e452600f5c7811ae9237a361f5 |
| SHA1 | 581fc60f8d0a361dc7b20b71f72ee73ad8ec685e |
| SHA256 | 4f5a62dcfbee1028e8da3323f33688d27f85860a7dce8537db22043b85705bc2 |
| SHA512 | a993a947acfafe434d7850d4de2fab557aa8ae1c918d3f80f3cdb166ec7983d4bc08d065a768d9102ed9d2efdbc63569e265aa4e3cb81e9359f158355c0c6f72 |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\RAVCONFIG\ravcfg.xml
| MD5 | c0e6a9e9d67801982841df21513dbe44 |
| SHA1 | e5fc88dc096b822bfcdac5a518fdcd57a098a08d |
| SHA256 | f86523f03eb839ecc8f485a07952bb8a319132ad669ac1eaaa598e455b1315ad |
| SHA512 | 130035503fa1faff86fe79b9172566b89a0b243faad2e62a7aeecf27d2fa9757f981115456de49e0b838f0534b4f57fb725800c33800f7ec38f619c4b94a3d68 |
C:\Users\Admin\AppData\Local\Temp\RsdSfxTmp\ravbase\ravbase.xml
| MD5 | 7a53d889e34d013977fea1e3672a064e |
| SHA1 | 058a04a47418a9a0b7a23a5f3d9d8f5a8ad00c16 |
| SHA256 | 00e3fd2987a628f2485b537a86c319133ebe378cc1be33055a671eb7a213ca0a |
| SHA512 | b829c91eac895cdf2d5e4231b0f1d50cbc936b7359a4cca067bffc16bccb3824fbae361add510d30dcdfd3255d6b351a789389849e8e0bdabd53ff70dcea995b |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\RAVBASE\repairmanager.dll
| MD5 | 249a270469f151ec278c95d63a3fbf79 |
| SHA1 | c205e1880137378c317e79c2422085543b6d0786 |
| SHA256 | 1020d6a0962ace4883b726e2d1e5ab4cc9cd095271ae5052fecb8093ed685911 |
| SHA512 | 8cf2a329fed754e4a1612796a9935820c1bf9f2557ca41c10d497f3ee833be02376eef4b0d8ef4f6ed29313160835bbbcde99ad29c043190893e00ca98c51567 |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\RAVBASE\repairmanager.mondcoms
| MD5 | b0d653b2d3c0714264432a97d4ca4ccd |
| SHA1 | 09916612c73e70bb81f5555eb4fb2b352151b5a0 |
| SHA256 | 55eb59274dd816f183a82752f24e2d803c34f9738aaf370d6ee5ca56a8607432 |
| SHA512 | 7badeedbc003037f6f9b2530c0c1f8059f25ec2315e8ac209090260d8e66ce409e2555236ae0ab85c33b227b8052185107c6b38d1eb75f567fe5231f99dcd262 |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\RAVBASE\repairmanager.mond
| MD5 | 7297f74e052d429c67c9427513b8426a |
| SHA1 | c938981e582d7cefda1edb97774d2737b18e71d9 |
| SHA256 | 40cdccdf76248f7abcf0ff13194064cd7c430a80e88a33eba8459595f814a1b7 |
| SHA512 | a6c9f47d14341353c25368b2de5b9b5f1b18624fd93ca1e2a5d33b80aa601c13b9e3b4147beab5b6f336470a3ac4de562e3341605b36d8ebe823729a9ec38daa |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\RAVBASE\RsSmall.bmp
| MD5 | faf1e870fd2e531c6c819c663ebffdf9 |
| SHA1 | d37038e351d9b6689ca70f920ee3cec0f85c3d99 |
| SHA256 | 618e3e299dd914641f612746f0fdab2ed1a7d64835573556b79cd5f462a53fae |
| SHA512 | 490e78c795f1ba79a1b1a6e409b92ccaf1a97ae65eefb16025d134fe8a482a0294e00b9f619384a671dc8ef3f2706cd69db90a4b92c228854e85d2c0c870cd8d |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\RAVBASE\pngdll.dll
| MD5 | 7d6bc107cd29293b274577d755662d05 |
| SHA1 | 02b54b2e5c5b8474f0046f381e2575cf3cb7d27e |
| SHA256 | 17c758efb729c504c73e600858617162352786de2d89b7694e9c3fffa5bc0108 |
| SHA512 | 2abe890eb20e6fe0b855af5db20912a31588617d7636ec699d1eb8a2a31d019247f7312d23245b318d5c1480df2025a38bc6cdbaf6a5f8ace399456137e6818a |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\RAVBASE\rspalvd.dll
| MD5 | 23d683209cef821f78ae2751d07455e4 |
| SHA1 | 7ce1772b8caad620dff01fe092a34f6aa77fdccc |
| SHA256 | 3a85de76fc66355bc19c9071052850d710a5407391aa0d59e7209c638df133a2 |
| SHA512 | 6a5c340e58b2d1fda6b1eb8d5d35f63de0a780927f25492bb3fca700731d3c0b2432ee046716862868be5c0a5357a4fcaab6b33c3fec0cfbc6fc19a3d2a987e1 |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\RAVBASE\Repair.url
| MD5 | 6046caca3f94704bcbc38771720fe5bf |
| SHA1 | a22b39351e86842fd5b64f6a57d6659655439393 |
| SHA256 | cecf6a5e04bd097fdd5cfe9b0739e0daac8fe67a447a34de24e4a7dec54439a8 |
| SHA512 | a24142c6d8caf765e855a89649bbc91f5f6f48cc056472bce45a2aa4deb7d2e428896c07aadcc3685f7b10c95ff33e162c36a8a172172ac2b5f6ccc0c1c7e8d8 |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\RAVBASE\url.ini
| MD5 | e40368b60a52f0c504975b0ecc1922b9 |
| SHA1 | ad338fd96a7eeb100bf36f3194f35fb96478c8a6 |
| SHA256 | 57df23ed3d2ce511b05bf897b48759a6c18fe99e3dc886b70a0fd9ae1af84b24 |
| SHA512 | b63e0f25e3bbaeb0bf0372ed76e7d0db4c517e44c5a1dfa050f138ccdf23a1a3d3f8e9272a45235e2c170616f8c79c8c5f19e9285923f63d0cc9959810647991 |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\RAVBASE\setup.dat
| MD5 | d3b9432cc4ccf146a47c36e4428ba2c0 |
| SHA1 | 84d10a012ba42f11a56e2a484157e65c2af6573f |
| SHA256 | cd174900f1b078622f44d747c129d07ced961f4689a74c68723cb16217c7553b |
| SHA512 | 9dfe2091c4a215476d38fdf30abb46a9a51e6a52d1836d9e4c45b87a3b4b3cc705d76c91a7a16c11d9d0bb3900cd1c09f2d39e0ff48c474dd2c71cc7bdb04d62 |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\RAVBASE\rstask.xml
| MD5 | f36cd6978ff5aa6b7bd2d773f6c780c0 |
| SHA1 | 18b488881ee227bb1ae2dd6176a56cefcb21d2b2 |
| SHA256 | 490db005887b0edf032372723dfb68daf746c49f56190d0b84567154aa638911 |
| SHA512 | bda73482e5b182f9671fcad02f9a9bd80300591597d8f0a2afb5dd13c5be1c522fd5ee6303c170c87cfe3278fca5cdfbffb39dee2763fa5c4ab4887eedbb25bf |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\RAVBASE\LogDc.bmp
| MD5 | 56f7ca81178b3ec4a6bf4efe353c6716 |
| SHA1 | 4b8cdbea684e839ac7a9bb06568ae25be4a607df |
| SHA256 | 5021d9981ff9428d9dc182e8ce068af337d761aa5bacc027901645ca0933bb8f |
| SHA512 | d5a507aa929c12f65864c79f7be22ff26b575de72ebf9283fb9d54c68f7c88781ce105080d264b5dfbf94fb3569ec331448362f4cc1217c427e7261dfe6c3e94 |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\RAVBASE\LogAc.bmp
| MD5 | ae9f062fee50f04960e6276bcf968175 |
| SHA1 | 05f3f49addedf5fed0142afab10d3eb9abdbcd8f |
| SHA256 | 565f77761ff62d386dc1953cccd8293b7e2d17bf09d2cc9e68fcd253881b73ee |
| SHA512 | c2921f663a6768b4e6f501c9689ec10dfffc95485a986ed2f894b159cbc2edf6d1fe695081f622d39c7dcf17dc2b9adc4cc2b975b9dc012029be2a81083a6d47 |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\RAVBASE\RAV.ico
| MD5 | 90d4e96dbbcff68690f37736655fada3 |
| SHA1 | 8861a1131de2774c0dbdbda1b005fbd312c95f08 |
| SHA256 | 07d0569acd1710efbc438154c1f39f86009731922dca81960629962f809184bc |
| SHA512 | 1ffd5ff0d78a4ae308cbbeccd40d9770f63fb96b6dd05f7587c81df558f8f895b95c263cbe556037186e04f11828c8f4683e953e1a64ebe813c5702311373799 |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\RAVBASE\RsMain.ico
| MD5 | 02e9aa1cc2496aa63a66aea38d93c8bf |
| SHA1 | bf2d921b1f65397db2007acefb720473e0f0b8da |
| SHA256 | 49b6b200ddb96fa9c95ede0927c3b1eb597edc0e21d0efe530ccefa9ec8f4010 |
| SHA512 | 95d5eebdd847953c959da68590f77bac84ec1e90f94a30e3f2f7e6a9ffef2d4d7b9f6e23690bd3985d1397f56f8d1717f057c50263c50490f62ff5c98a1ff47a |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\RAVBASE\Rising.ico
| MD5 | 91e3e180c0f67e774520c3a471fcc03a |
| SHA1 | e0e1f82c830773c236ecf00c3b592bad90c23b88 |
| SHA256 | 4ea17a524e1989e300b8946953ce3cec5f90cc0dedb3d9ddae52f44aa2d660ec |
| SHA512 | 92893444441b82331a335b0f2adcd18b4fd1534e007b6cd055a0db4a3abc9e40ec63e8caec8bae161cedd813babea0859e0d2cdc072a65cd34ae1038e807b7b3 |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\RAVBASE\RsTray.ico
| MD5 | 68d18a0915bbda36e573d5dbb9e6ea8e |
| SHA1 | 16a4da44ada8fbe61848c325105d5cc4223c2320 |
| SHA256 | ddd6f70209b2960c838eb152d6e0c3f303fc07f7d5a82eb3c55bbf468527f63b |
| SHA512 | 4a8fa3a413e050e87aa35616ccfb466d8cf7a8cce923edce0211ddfb4d24195bb8dbb513dfc62f411d4783337dc0dfb10d97487f308e6eb2023587b59ebde0a6 |
C:\Users\Admin\AppData\Local\Temp\RsdSfxTmp\rav936\rav936.xml
| MD5 | 31f41082399caf97599bde5b6e982135 |
| SHA1 | 585df754fd09e85f8c961b68781a05715a49cbcb |
| SHA256 | 3c88debc932ff802bd0177936c8f14faa5650f6ebdf251e87f204915b4f026a8 |
| SHA512 | 1246971e98463e6e07ee3950abee7e1e4847351b3f0960430ff0ce8a2a625d800aeef078cc638aa52d2e90ad38b0f75821a203453f7680c3c79e748ce91108a5 |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\RAV936\chs.lag
| MD5 | b9d7ab960ad18a76cf9c14663aac7c1e |
| SHA1 | f984ca3033ebed6ff4e0de881a04efaeac1ec127 |
| SHA256 | db7fde67da47f286247c6a1469ce88cd34b0d63e61210c47e964df845dedd955 |
| SHA512 | 5ad2b441d92e3167ee98fbaa0934015abcea75d83fe5ba9d3d459a2018d96a6b483f0b6ace5739a7d16299f0c7471368cd4b01623550cd34688da68c2e1fb80e |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\RAV936\lics936.txt
| MD5 | a181e8c0010f7dacb4a184814067cb02 |
| SHA1 | c78a093afa455d715269a3b436de1e75efb3b73c |
| SHA256 | 2ea3a8709e5b5d0f0cdee2720f08f24bcebdacb7e763ad18cd5cec8da1562de4 |
| SHA512 | 0cd4a92db12957c912d6e749efe863c719ed8142bfc2bd83421c3bbf4d2f4bcde65660ef9faa1308be2f4651a47db7aba71dc6729ff89ddc6db415eb3018957c |
C:\Users\Admin\AppData\Local\Temp\RsdSfxTmp\monbasedui\monbasedui.xml
| MD5 | 1e972c5d54bc01e368472d92881b181c |
| SHA1 | e46af971c571571218e481c1e7485bbe3e74a3ec |
| SHA256 | 1c475a9d996f4d6ceb15ad4374fc29b060f40f4ef26a886f1a64af3450cafb23 |
| SHA512 | aa047cc368c5476eada54a29de9601461c0dff8140e38a59f1d292c0ea4a0bf749daf74b60b0ed685cd9edcbe54ca95cbb0903704548a870c9b5d84b03ad0be9 |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\MONBASEDUI\ravmond.exe
| MD5 | 28d944cae5632248d3a546aaf7601160 |
| SHA1 | f4116371e80ff3053e4d11d13fbfef69b2c4de60 |
| SHA256 | 43239bce0a3200c5d61d968f8e130dbaa3bf987e02417d49191c72bbf1636d4e |
| SHA512 | 2fd9c1e01c6a66d3785d056c23853fac3a65f4e076ecc9b962181e5f501091d95c672ac544a5a0731014295c962417a57a7d1d022eab4ce4ba25cb3e98e2b010 |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\MONBASEDUI\moncomm.dll
| MD5 | 0a44f63c07112bb325aac94321ae8ff6 |
| SHA1 | af17ce35de0d22b0202111e5bd34cea446f428a4 |
| SHA256 | 2755e8e05422ed75e43bc83d57cc8f441b5f7063ed0ea01a016384f3ff48640b |
| SHA512 | c67f445a81f29463baa497f7513ec3934665541bd1e00b2b459e81190b90f6859e6a9cd38acf69e038c03c2a197a2bbca2a888d555eae98dfe06790ba91c6490 |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\MONBASEDUI\rscombas.dll
| MD5 | 7f06e8ee5ed127b9b4d33c8fd37d7cfd |
| SHA1 | b1bc08b4ae3ff433e3aae8631ce1a0f0d351d2e7 |
| SHA256 | 89a50e77272251558218a924a12bc329b73a4eecf67b341f194f05dccfdffa69 |
| SHA512 | d22558233d818ce377bd7e8777786928c2c2e429d3d67b7a9429fa686881979f42434855e25ffc0eac94bf67d810ad3c4b36cd22e6430608fb7fb890614339dc |
C:\Users\Admin\AppData\Local\Temp\RsdSfxTmp\ravmon\ravmon.xml
| MD5 | 4f5d69f4b5b2ecff1a755be08fca655a |
| SHA1 | e840f09fcb466629581334ffbecb2803f01f504e |
| SHA256 | 75b1f9d9ce451429e304d60042a2ca5e761d0adad41f30fd878ba9e5756b50c6 |
| SHA512 | 7d898d4f4c1974ec398c63f714916b2670ac36cede25e33f7bccb6629f2ffec62a21a0f8167ca1677bb0b03a4a29e7483d8347bb8837bcee749226ee085aed53 |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\RAVMON\mondcoms.xml
| MD5 | 5858af21b443c4b0fd0948bd9cb3150b |
| SHA1 | 2e3e11aebee04d5dea05c7b1b4f504e90e888b95 |
| SHA256 | 9158d331bc42726b0d6f5337f3f8c5921845953def1afa429e4b5145b07a83ad |
| SHA512 | 1ed1480937c1f3a4b3f9a12f2e135e96d2b6c0fef629ab4e04b3226ab3411bdf2db3f8a728b60165fa93cb3f0be9baf0be3e9aca7a040d7524a76c0cde7a6ae4 |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\RAVMON\mond.xml
| MD5 | 2064de07198e0908e7d836991bc82d2b |
| SHA1 | acc9932ad318171be8ed7599c2de6b276356fc2d |
| SHA256 | f0d58798064e24075f39b0c65f5640391a675130162db14d68f95300b59c9157 |
| SHA512 | 63bcb5497c7cd095292649a09df0d5e07dfa693a1d5b84f330f46cd7eb8aec3ceb02291945a8929e593d5011cc0630cd866650b48f2da8cc1d7d48389c1b1460 |
C:\Users\Admin\AppData\Local\Temp\RsdSfxTmp\rsdk\rsdk.xml
| MD5 | f187dda12186f9adb6d4877d70fe57e6 |
| SHA1 | c843a4a2cc0e2fd87ad339927f2cd3af00b6a317 |
| SHA256 | df1b54d4d2665e9992505861414500eabfefdc9689a9c217dcd77939480c68a6 |
| SHA512 | c7809b1133231bd5d7bee77ed0c3d900ee7d43f7a352cdba73d9fb556b7799da76a27c28f4e6d7405f1a74904eba69dda99e9a28f54521d3aa4e5ba2e8b4ac12 |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\RSDK\rsxml3a.dll
| MD5 | b19eaceaf35f2db4976db8da259a498d |
| SHA1 | 19e0f49dbd10b14567fdfbcd9af31858e8048347 |
| SHA256 | 99f3d0e3238060b0e275a0f841b592232222619b870503164bbfc78a687e5180 |
| SHA512 | 1680d949b6b37e05761de41b052c03135e2fe1c33849d3d3289a5959ac84dab0ac546a60f3f29cd4c285d2c395c0b09da074f32d098e1e17173a7857447ba7f5 |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\RSDK\rsxml3w.dll
| MD5 | 3cc9f8d9db63e973433637945232fff4 |
| SHA1 | dcaff29e7d31d6f308c2b14aad587b24ca1fc70f |
| SHA256 | b6eab0aa210dbde66559069250836862be214bf6f27eed45b9b2ef123ad8383b |
| SHA512 | 518de27287bb01b056924eee01cfeb6dd4623f108ba0c8194fa01baa17a23dded1eef476a50544fd5c4def05f7c14e56f117ce7960fff71239c28db771d5ae47 |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\RSDK\comx3.dll
| MD5 | 904607ed3d2e8a29c13dcaf80cb311a9 |
| SHA1 | ccda8a44dc90d2961f1e23860d97629526186824 |
| SHA256 | efa373c1913e3bffa44191dfca239a97746e5f08612fc98fedee3a8504e31699 |
| SHA512 | 6b51928652af987efec583ad91194166a8b8e26a615659522205bc10cd28546e486e5af153fa341ecc7c4d0215f0c8166cf7ab047986b4576b96a335f64713fb |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\RSDK\dfw.dll
| MD5 | 12d2d81f07d7557cb4fbe3af6a3ea9f6 |
| SHA1 | 259f2d593c236c009a97745ae2b462fca1e1b12a |
| SHA256 | f79eb76227f6088a30d9ac620b48f5d03098e2b78df19e06b7a2fdca559e426c |
| SHA512 | 1dd335705aca3bb65c43d84c4679ee1a2b118422e6c98da29633bf07610e1dc3336d60ea7520d1c3b2b756087a16176b1da690dbe163c28a265fbe311c96ad6d |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\RSDK\traywnd.dll
| MD5 | 412638fde23d2ba33aa194a67165866f |
| SHA1 | d163c87a25b97cf5f1739689ad453dfc959e81ee |
| SHA256 | b3a26d1d43280636f9c909fc71ddb7257085c024966c5948c0c22ca0a3c79071 |
| SHA512 | 8fca4b2594bbf4fefff7a372a7480e87072a47a09e3a44cca2ea239661ecd6608a4e39f5307ed42608f7fcc49aaa1bbf801b08e50eba347d73191c3f182a2e84 |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\RSDK\procenv.dll
| MD5 | 2349983d784ed407a64f274acb8d4b18 |
| SHA1 | 7599976142e0bb8f07ee36c81337e02d59e70e28 |
| SHA256 | 317a4c627d4820c44c49ceb7a805971644d9563e199edc6ccc626adf77f8086e |
| SHA512 | 57b1dbd0d2908f42274ad4f221ebe550d35bef0021d670c53f76efc5debb4756120e041fc2d6b02ffddeaab5fafac1f1db3cf2b071b59a0b987b5d759947eb33 |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\RSDK\rscom.dll
| MD5 | 5bb8c8a5a7abac3b8478b254956ab580 |
| SHA1 | 98d6271be71802ac37b8c19daa88839f4ebf5b66 |
| SHA256 | 2d5e1b4bcf5b5ae20f9aed61b342861290e8d520f09be48c1fff94a97132e282 |
| SHA512 | 8a2a641b75bddd6e4d317fd9451586dfcff919c8d1e6d7aab715d10e7812d3a2a34ff06c5b21ac01316ceb22133de9306467dd1ad56e661cbb28dde915f1378d |
C:\Users\Admin\AppData\Local\Temp\RsdSfxTmp\mscrt9\mscrt9.xml
| MD5 | 6c8b39a852e86ccaeba6d0eda81fde47 |
| SHA1 | a9bc4970bd6473e42a3807b9c1d10e152f124ef2 |
| SHA256 | 1f5b87b7af68e38d66fca44b1d6518fba769113482280269f9805974d79dc858 |
| SHA512 | 043bdfeffadc86c3c80471d7f028a8576ee91778a3181884fa33c35b67d5bcfafb8196813b839f40a657b3a6b52f4341e024d09b2f1a4c08a0d8f9fd01938bbf |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\MSCRT9\msvcr90.dll
| MD5 | f1f9eeef647cfa62a7104c054ce0999b |
| SHA1 | 4ae6a48e67b76fa91252c9ec6980951469a007a4 |
| SHA256 | e77c7bb47f927865e7b4d689172321cdb70e296bd9a77cb64ff5c405aedc6973 |
| SHA512 | 1076b7c34257b9efeef0597000e93253741fbcf1fc689ad19d295f07586fac439ce5318bf4c461fd6fd1ad1d174f089db8ae50a72bfe82c6a3d6bce87de0eb38 |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\MSCRT9\msvcp90.dll
| MD5 | 874c8b1317c58ffe62d4d6aa591eabe2 |
| SHA1 | b96ea022f921890b7e13e3b905ac606032682693 |
| SHA256 | a928241b03b0106f57625c78811ebd65262a695401e921c1425ab6596d5dc202 |
| SHA512 | 2fe829a25d4e178931b71117679e0a2c9f88a2353e4971a646f28b147f7210ea1eaa9a617caf732626d8d418e69af2968b14e2fd1a9517a5035c877efaf88f90 |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\MSCRT9\Microsoft.VC90.CRT.manifest
| MD5 | e18153853187cdc8026e0e1275ad1209 |
| SHA1 | 3cffef88ab75f922313ae8d8fd98377b00538ebe |
| SHA256 | 041c76639c796dc5781e88cfeb3f85652c4286b9fe9624c6161e44397b548d05 |
| SHA512 | 653f0cef5c916cba7f726a680a5101dc34c3540b39936d693ba7d6f9ac0395152ee82465301e9673779d9029a99762ff9e75fc3d1525e36c9d200bbc08c8c1b4 |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\MSCRT9\Microsoft.VC90.ATL.manifest
| MD5 | b41644a01c05740576b4e77662c7e86c |
| SHA1 | 91d9a44ee27f321b8eb844709555e5cda4d8d469 |
| SHA256 | a9a98fc7062262a47a1c0727339c760d18589b8549e4267762f7f4c88a103632 |
| SHA512 | c2b29ce13d2c84c4165196df1a561b1de35938f93714580b728a2fb2af7c4606abc410077645261250abf73e66cca64683715e3c3b1aad6fddffdbaefa8704a4 |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\MSCRT9\atl90.dll
| MD5 | 78b62e4c13378f737603136975a07e1a |
| SHA1 | fe49df71b950a304512a3633f7e3db9380664855 |
| SHA256 | 7cc6c299a20b2de62b3844417f085fce7fea32cc006a10658b3e4815b536329f |
| SHA512 | dc315bf8cfc93a9001e023dc65ac4d9c882ea2da0d8bc4a2fb8dc4783c502c7ec8b0ed0d917a6b9ed398c2f63ca6713cdb266c25950e4c2742f02b01b7582b62 |
C:\Users\Admin\AppData\Local\Temp\RsdSfxTmp\license\license.xml
| MD5 | 31d5f7dd00ae66a4b9d78e371f1ffd02 |
| SHA1 | 8e543b0979af8f78c81aaaec17d2ccbf374e6945 |
| SHA256 | 32af9c3ae5962e86c17f0d5ab753a1b6e5776068f5abadfaabcac711d0bd1885 |
| SHA512 | eee29fcceb9344d0841bfb8cdcb2b65cab12391d83ad9bb7d1615655b34a4e4bcafd5c34e34c883d4883d8b03d815bface7549f0277bb45d5e3915b6981a0ca3 |
C:\Users\Admin\AppData\Local\Temp\RsdSfxTmp\hookbase\hookbase.xml
| MD5 | 939e26405c6ad15f11ed93d8121d1187 |
| SHA1 | adacde279889634fd5c9226fdb58262821ecfc6b |
| SHA256 | 12bb0e027c14f5b3d086235d0f72d316b592054016c0eec91feefe7d7efc8865 |
| SHA512 | 2497f87c29d7587f89ee6d3f7264d8b50a3e33b90cc3ac708ba0daeebe11a9f35c7a72f138f6c537d3d4ea63250c6e8eafac6bc51c9b6f05bb1126fc5ee9698d |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\HOOKBASE\rsdll.dll.dat
| MD5 | f91bdfa69dc80134b7bb34b3e6b6be77 |
| SHA1 | 6399f515fd0951a9e9afd5b64427e4aa63059481 |
| SHA256 | 265a7937e0d6e0f79cf4d41872a9361a3d57c5b08780c899ab7b85fee97a76cf |
| SHA512 | 741b4c1c25f66f9b647bb4ac0795b995fa72728c78099fc6f9dcdb4438f37356b9c0dc8e3c3dae49ad46c9aee8cab5a592d0cbe8582812c346225e8840aee457 |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\HOOKBASE\kguard.sys
| MD5 | 2309b63214988450a91573debf9ef11f |
| SHA1 | 59ae0ac15e8f6ea3ec2d634768c2f67933d78096 |
| SHA256 | 75e5100b0e6ea08bb4e12fac3e9f26a49a2a96d684d2790dff5835e10a14a8a8 |
| SHA512 | 285fe0409ce4f2e16a8e9255b7c987647954800efedc6b93e5ca0ec136a744af629fd6d50f4e4a2d12031e2f784e8830bedb9a1404c6fed4377c374e7712cbbd |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\HOOKBASE\kguard_if.dll
| MD5 | 1c013e59a1990e0fd7747cb2d5c69bcc |
| SHA1 | f2c43b30928e33ce0ba265698b3b649137f24515 |
| SHA256 | e38714a7462c21ac7c7d4f9f3d8738fc6d291a61182ae99029c00dacfcfb6159 |
| SHA512 | 9a48c677df212f0319f3abf802c4ec2b4ebe8e2e07c45e50c2f6477cb844722445b17e8b77f26e2814a08b2845d9f0238e9aed663444de8ce578148072aff10a |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\HOOKBASE\rsndisp.sys
| MD5 | 595587c6d7366726203885f14a1dfc32 |
| SHA1 | feab44a2dcd6df5f6d5cff56a0ff81efaa7b3dbc |
| SHA256 | 4f269ea78ec88721cff5dbeb9d1764cecba2bf7012d6e9a07fbf4a10614e9b44 |
| SHA512 | 2f6bd58dab02abd0d4094fcd1245a8756fc64403747ecc122cff08cd613256dfef0e9cfec1ccfdc315f6f0e6a3fc41c5ccf7dda0044888ba9bd4939fc80c3dd4 |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\HOOKBASE\64\rsndisp.sys
| MD5 | 2649f027aa2dae21a4d87419c7b98e46 |
| SHA1 | c7b8ed65849a024159323d57df00362acd65c350 |
| SHA256 | af94607edcd8fa2a4044e3ccdce6d055d182aca7e2ad66a0a907992d8b4b57c0 |
| SHA512 | edb9a74b1238104b2b33d95292c5f82c7e8f7c5a32decb71d942c1523223d4072673f38ed5b3025975920052e7e5ba371791ce51109b6217602f679fcbcbbeaf |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\HOOKBASE\rsutils_if.dll
| MD5 | 1ac62583254fc92a143c4780489c3762 |
| SHA1 | 7adf68ee68fb33c98ea38ee3ed244fc04264f490 |
| SHA256 | 8f58a127bda67a27814d23b10b8c8bda362a1026713a2a9fa0667bfbd90b5abe |
| SHA512 | 16f8e06527e241d88fc545b2af753749ac00123f78ab102cbe3c36f262b44bb6a26bd205e0379e244bd43c51158aed4ce374b7c916c206788d38539faf8df7ad |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\HOOKBASE\rsutils.sys
| MD5 | 0c1667ffb5d3fc4126ce2ada1cdf400f |
| SHA1 | f6ee331794bab13eec8cc251a7f971ee5d5cfbcb |
| SHA256 | a09d0a2b85cee2565c33f63df6ec13ac66e8c00562d79da94e1a0e46d2da6342 |
| SHA512 | 1eceb5aeefcad7b43161bd4cee9b9835fcaf6c3e706a69157854e59aa467afbf542147106d6a68f61a20c8474debb867c35f24f508a7e5866690e5784ecdfee9 |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\HOOKBASE\64\rsutils.sys
| MD5 | e029574dc4096bf8b124ce0e26708e7a |
| SHA1 | 04c6f87005c53226564c1af5f1c3cad0034218b3 |
| SHA256 | 392e619387445dcd8926270c6b5589d488599a2e5d1a6c213f37117f7cd05aae |
| SHA512 | 7c3b5bac4d41ab82b81052c04db21b589bc38189817fc490c35b0d84d36f2b7b7132c61bccca9840b916c16378b27feb85a6ddc89c89b11ac5766d8d31dbe8f5 |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\HOOKBASE\sysmon.sys
| MD5 | f3d76d052f6a2d5c15dbf6bba7d72fc0 |
| SHA1 | 9f6264f758e381499585dfe5891d93ba4d194dfb |
| SHA256 | 768161d2240b6535da281706f20dec35511cbc34016ee9e79b8ad1b94d7621a3 |
| SHA512 | 7cc48fedd085d742851b1a18109f42757a5cce2a05787aabd45109ac03893effa79d0623cc4716f066177ea0bba0608f6f6804d69a85a4f502a458a293a7bbc2 |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\HOOKBASE\sysmon_if.dll
| MD5 | 5a866622a428d8dd979751975ab881f5 |
| SHA1 | bf3817573d33f17e8542e91e849c33624a6a0995 |
| SHA256 | ddf4ca96a8526964748b2162fe1402d7cfcee9a2c9b8dfd1500fcdc7ee935cdc |
| SHA512 | dfe110470600c8e1f4405999942961d15434121cfbf258e3391091ae27ac2bc5da6bc6b9b5c81a110ceb09f8c8451f1ebfebb86d51e0216eda8b52843419408c |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\HOOKBASE\64\sysmon.sys
| MD5 | cb13521249813c485b912bed9df94774 |
| SHA1 | 5de0be2af2dce35d65e4050dc1b0d601415ecef1 |
| SHA256 | 95e678a577160c7a2967767d5f6c37cf5ca4bfa2ea01d64fcaa804e790444ade |
| SHA512 | 8718e2022ba058c2794efda2786a99430f99fb4bf3b7f73010ba365e32dbd006ef17b411779595255c14290b665ebbd415c886d711cf987761ece86b8ed4e464 |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\HOOKBASE\mondrv.dll
| MD5 | d226c6926ec3aaee6a144466bdf8dc99 |
| SHA1 | 83529ea6e37fa3623d77057e0aac8d6fb02c622a |
| SHA256 | f0409fab740df7b8331c9c88c558dd7365e4cbf2b0358af9debd5f676be2fbfb |
| SHA512 | 65c8f82c32c614614ef970319f4e68b6aa3e2dad0a43372ddc7ef0393ef28c2144c96e1e8488cc4b4bffb0ac7bde4ccec23ca8428f23f0b3f01a6c2488fcc5c8 |
C:\Users\Admin\AppData\Local\Temp\RsdSfxTmp\cloudqry\cloudqry.xml
| MD5 | f5e0173b1288b5e579f23df3219d7223 |
| SHA1 | 8c043a16cccf0f36f70b4c6d61cdd0865f06b2e4 |
| SHA256 | bc0f5f64407fb1f2d4548a96509a85c9556ef15995daea09eb6c6b3903982555 |
| SHA512 | 48f48a134044c7d437aacd6d810c8e562fa9a831a7b087b75ed651d5a6a6b38c71368762a1138d089cb3e528f3ea35560174791682e2fe640ef602f2ffb9ba61 |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\CLOUDQRY\rsnscfg.dat
| MD5 | 9857450cacad67862fbfe4a65352573e |
| SHA1 | fe8e6665c9292f7164040323e98faf863f2800a0 |
| SHA256 | b19d3acbcba17c73612ef9926bbebf96e3d43d2d9ac8f9b4c2a55802575b220b |
| SHA512 | 4961de97de2bfcd2cdedf9381759489b0f3139879ccd18b87571f49de026ac3c3bd9288701d27351e8810048208d8305dd9e71462ff3821ce7987d4e141df545 |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\CLOUDQRY\rscurl.dll
| MD5 | 0d5a512acf6fda7d1db742a928a423e4 |
| SHA1 | 007c67222b554dcd727610a103856c1f3dd13abe |
| SHA256 | 526519e489ad33cd8e300848e7e89fc76e1b5c33545066e055a7199652b1d3e2 |
| SHA512 | 7cdead36c951397c18ccb381ed57173c27054f368facadadd5dc5f6317fef2be28e3922384bf82864f538ebc5e54d417c44eacb8e2f5db6392a070735ea33c66 |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\CLOUDQRY\cloudnet.dll
| MD5 | 0f0aa3f8b1ceab59168724a6037c8a8b |
| SHA1 | 7d348f10f2c68eb1c030802f589d18c574ae2c2c |
| SHA256 | 2156f089dc651792fcea339f07eecc99abf71db3fac0322e033d6ccd2d104eb6 |
| SHA512 | 9211e2ad148010bdc1eb315f4245019b2c06396bde8a2f6350f7bc5dc2f837269eb20579db6d2715c2da001e7b4f3aedb9734e951c736c3d746362e6e822da79 |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\CLOUDQRY\cloudsta.dll
| MD5 | 9941a9a12196696c1fa9bb6d6442d359 |
| SHA1 | c07ea10ac14b062a050c1aea351880bf5b1b0bc1 |
| SHA256 | d9fea6444d2dd5384b3a91143856b3fdcea71146a3891f2f58aa2238332ed6ae |
| SHA512 | 7e533dd4c52272d7cf8fcff1f9b20c2a68432a3864d08a2d814079ba957ab644ddeff01b889225aa2e802897605933f80817aa5b6a9efa7db16b151f17274670 |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\CLOUDQRY\cloudqry.dll
| MD5 | 82252df0fc1baafd24964731f156112b |
| SHA1 | 536e4509882c3caed8c071ee6b5b961e96c44b91 |
| SHA256 | 6a43007dd32f50b8353bf52238b970d2b645f51d578ac1fdd39b8c58ea0f012c |
| SHA512 | 20942a0e098f80cd6bfb8eed6e7b8b77ebdd718e7a940d935d3fb3755335fab9e8bfaae4c6ebe445e43c5575573857c03c8c801318f8022a5a346699d38d60cc |
C:\Users\Admin\AppData\Local\Temp\RsdSfxTmp\rscfg\rscfg.xml
| MD5 | cb1cfae833ab526d8b7a3fbfb0512c0b |
| SHA1 | 9cc8363a0828af1212d38c91f74baa714559b946 |
| SHA256 | 50a5aeeb5da3eb81db80f197e633312e08dc9118ad3237e887803281bfe5d3e6 |
| SHA512 | 83ee9904df7c4862409dd00c2a393272ee5db8edbb1d16ca488fa2805563e49d9d79432d04be844dc45f3ac048b7acf841bbe06de356038a2eb69f6f5877886f |
C:\Program Files (x86)\Rising\RSD\Backup\RAV\RSCFG\rscfg.dll
| MD5 | e8c78de68ec8e77e27af803074b08ce5 |
| SHA1 | 405abc26a53582b6ae05d61d2518ddd735c85c15 |
| SHA256 | b69432de32ca98a7919b6e57c8fe963d3ecf3d86fe4d3873cd98b9e398f5352f |
| SHA512 | 1c19279a902180fe1687261bd5b275a22383e36c3609c383aa84dbd5aecfadaff4576b23a42d3646657d3cf8faaa5699bd2d5209f742e60369f1d03118249e56 |
C:\Users\Admin\AppData\Local\Temp\RsdSfxTmp\_rav\_rav.xml
| MD5 | b77d92dd92b9da87177c63cfe1be69a7 |
| SHA1 | 2eeb99eab6e60185a2af9a86cd7aaef866f370d9 |
| SHA256 | 901da08215137b8e3c38bf6bb6d9adfc127a92395c9560803774b37046ad7de9 |
| SHA512 | 1dff93139d3a4d903d2cb5c83307ac252c1b8367658282b044c60369ae9172e7aa73c95744c93a606d51414f6bdfbad8636e5d7fb3bd3d77b08adb23aa39956a |
C:\Users\Admin\AppData\Local\Temp\RsdSfxTmp\_rav\setup.xml
| MD5 | 98c242a2d7f5c0e35f6d76c971dd274f |
| SHA1 | adb024db0f7bef93f8e3c70da394c6cebbf55458 |
| SHA256 | 065321833b123e6323ee5d9fc1d0109f68c6d3ae6954eea75d58d9f831fea785 |
| SHA512 | 8c88621134cdf048f4c9e637fdb8d2a69c6167dfd1ef3288564205fc61e647957ceed6d262565eba0b1ef129160c02812e4630fec03c846630c36508755d2c23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
memory/3220-1382-0x0000000000400000-0x00000000004C3000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5fa91847535c5956d08cdc6665bc8207 |
| SHA1 | ceb7c9db6e4801049c5436ab025e2fff9277091b |
| SHA256 | befb7ff44040bb3f04ea4b0cf6b3d9910dea78be49475f62d614abea06792939 |
| SHA512 | d13b34366a235ad514c43ceebc43ff0f3bb31cde62684585382f4c67e2481cd4b995274c1791e50d7ebcba5e0fb04c42cdfb10f123a27fabfadc5331bed4edb2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b2792220e7d7f8d207f66767f748c571 |
| SHA1 | 723e2992dc30104bbf48954f36b41df9c4c2dce5 |
| SHA256 | e16ee63098f745c3edf31eefbae7299e7b9d966caaaccbc1ffece89916931d44 |
| SHA512 | db7f2fa4648cff448b2b6eefbc2935fecea86acb6f6120481b925101a71844004d155ccfb298544d87902d894a85f0af7e2fe8d0ea8bebfcb41e422f0f50a104 |
memory/1904-1397-0x0000000000400000-0x00000000005EC000-memory.dmp
C:\ProgramData\Rising\RAV\RAV.ini
| MD5 | 9b2c3fff2ac5897377b0c7bf1a5e2157 |
| SHA1 | 3abd5bb403d9bc32ce461e0706cfdb5960e44974 |
| SHA256 | e740b098b9ee06a803fb7811d2e2df0b259d75451e1c7f207dd55ab4ef3ea87d |
| SHA512 | b4beb4c5f4b708cd9d2b32c5516a13d0388e39292102c6140ab6ea730f50f45bfb38a689499f419012135acebf0fe65056f25e3fc1e02cfe94140d065adc824d |
memory/1904-1415-0x0000000000400000-0x00000000005EC000-memory.dmp
memory/1904-1427-0x0000000000400000-0x00000000005EC000-memory.dmp
memory/1904-1441-0x0000000000400000-0x00000000005EC000-memory.dmp
memory/1904-1490-0x0000000000400000-0x00000000005EC000-memory.dmp
memory/3220-1507-0x0000000000400000-0x00000000004C3000-memory.dmp
memory/1904-1508-0x0000000000400000-0x00000000005EC000-memory.dmp