Malware Analysis Report

2024-08-06 12:51

Sample ID 240627-xel6zaxbpn
Target Infected.exe
SHA256 b8e339416fee9d765edf4bdf4c80b2435842cb7af093e55d5d341f6293b797df
Tags
rat default asyncrat stealerium collection persistence privilege_escalation ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b8e339416fee9d765edf4bdf4c80b2435842cb7af093e55d5d341f6293b797df

Threat Level: Known bad

The file Infected.exe was found to be: Known bad.

Malicious Activity Summary

rat default asyncrat stealerium collection persistence privilege_escalation ransomware spyware stealer

AsyncRat

Asyncrat family

Stealerium

Async RAT payload

Renames multiple (3152) files with added filename extension

Grants admin privileges

Checks computer location settings

Reads user/profile data of web browsers

Executes dropped EXE

Looks up geolocation information via web service

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Drops desktop.ini file(s)

Sets desktop wallpaper using registry

Drops file in Program Files directory

Launches sc.exe

Unsigned PE

Enumerates physical storage devices

Event Triggered Execution: Netsh Helper DLL

Checks processor information in registry

Gathers network information

Gathers system information

Runs net.exe

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Enumerates processes with tasklist

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

outlook_office_path

Checks SCSI registry key(s)

outlook_win_path

Modifies registry class

Opens file in notepad (likely ransom note)

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Uses Volume Shadow Copy service COM API

Suspicious behavior: LoadsDriver

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Command and Scripting Interpreter
T1059
Persistence
TA0003
Account Manipulation
T1098
Event Triggered Execution
T1546
Netsh Helper DLL
T1546.007
Privilege Escalation
TA0004
Event Triggered Execution
T1546
Netsh Helper DLL
T1546.007
Defense Evasion
TA0005
Modify Registry
T1112
Credential Access
TA0006
Unsecured Credentials
T1552
Credentials In Files
T1552.001
Discovery
TA0007
Query Registry
T1012
System Information Discovery
T1082
Peripheral Device Discovery
T1120
Process Discovery
T1057
Lateral Movement
TA0008
Collection
TA0009
Data from Local System
T1005
Email Collection
T1114
Exfiltration
TA0010
Command and Control
TA0011
Impact
TA0040
Defacement
T1491
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-06-27 18:46

Signatures

Async RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A

Asyncrat family

asyncrat

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-27 18:46

Reported

2024-06-27 19:01

Platform

win10v2004-20240611-en

Max time kernel

885s

Max time network

647s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Infected.exe"

Signatures

AsyncRat

rat asyncrat

Stealerium

stealer stealerium

Grants admin privileges

Renames multiple (3152) files with added filename extension

ransomware

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A

Reads user/profile data of web browsers

spyware stealer

Accesses Microsoft Outlook profiles

collection
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification \??\c:\users\admin\desktop\desktop.ini C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A icanhazip.com N/A N/A
N/A ip-api.com N/A N/A

Looks up geolocation information via web service

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oVcBLd9.png" C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_EyeLookingUp.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteMediumTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\ExchangeBadge.scale-400.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarAppList.targetsize-72_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\RTL\contrast-black\SmallTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\Glyph_0xe7dd.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-24_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fur.txt C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNotePageMedTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-32.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-black_targetsize-80_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-16_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\LICENSE C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_CA\List.txt C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_CA\added.txt C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL048.XML C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-checkmark.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\rsod\proof.fr-fr.msi.16.fr-fr.tree.dat C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarSplashLogo.scale-125.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\Weather_SplashScreen.scale-200.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteNotebookLargeTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-20_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-64_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\LargeTile.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libffi.md C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-48_contrast-black.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-80_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-64_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\uk\LC_MESSAGES\vlc.mo C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\StoreLogo.scale-400.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\MicrosoftSolitaireAppList.targetsize-24_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\MixedRealityPortalAppList.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-80_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\NavigationIcons\nav_icons_home.targetsize-48.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\AppIcon.targetsize-40_contrast-white.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\ccloud_retina.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-black\MedTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-40_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\SkypeAppList.targetsize-24_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Car\LTR\contrast-white\LargeTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-white_targetsize-36_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.targetsize-36_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\Classic\Spider.Medium.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-36_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-24_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\RTL\contrast-black\WideTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_x64__8wekyb3d8bbwe\images\PaySquare150x150Logo.scale-200.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Yahoo-Light.scale-125.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.513.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-16_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\MicrosoftSolitaireAppList.targetsize-96_altform-unplated_contrast-black_devicefamily-colorfulunplated.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalMedTile.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsMedTile.contrast-white_scale-200.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\ExchangeLargeTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jopt-simple.md C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\RTL\contrast-black\MedTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\StoreLogo.scale-200.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\AppxManifest.xml C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_2020.1906.55.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarBadge.scale-200.png C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Integration\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\system32\sc.exe N/A

Enumerates physical storage devices

Event Triggered Execution: Netsh Helper DLL

persistence privilege_escalation
Description Indicator Process Target
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A

Gathers network information

Description Indicator Process Target
N/A N/A C:\Windows\system32\ipconfig.exe N/A
N/A N/A C:\Windows\system32\NETSTAT.EXE N/A
N/A N/A C:\Windows\system32\ipconfig.exe N/A

Gathers system information

Description Indicator Process Target
N/A N/A C:\Windows\system32\systeminfo.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Applications\crashreporter.exe C:\Program Files\Mozilla Firefox\crashreporter.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Applications\crashreporter.exe\IsHostApp = "0" C:\Program Files\Mozilla Firefox\crashreporter.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Applications\crashreporter.exe\NoOpenWith = "0" C:\Program Files\Mozilla Firefox\crashreporter.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Applications\crashreporter.exe\NoStartPage = "0" C:\Program Files\Mozilla Firefox\crashreporter.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings C:\Windows\system32\calc.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Applications C:\Program Files\Mozilla Firefox\crashreporter.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Runs net.exe

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\NETSTAT.EXE N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5080 wrote to memory of 656 N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe C:\Windows\SYSTEM32\cmd.exe
PID 5080 wrote to memory of 656 N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe C:\Windows\SYSTEM32\cmd.exe
PID 656 wrote to memory of 2644 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\calc.exe
PID 656 wrote to memory of 2644 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\calc.exe
PID 656 wrote to memory of 4252 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\cmd.exe
PID 656 wrote to memory of 4252 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\cmd.exe
PID 4252 wrote to memory of 1392 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 4252 wrote to memory of 1392 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 5080 wrote to memory of 944 N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe C:\Windows\SYSTEM32\cmd.exe
PID 5080 wrote to memory of 944 N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe C:\Windows\SYSTEM32\cmd.exe
PID 944 wrote to memory of 3536 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\chcp.com
PID 944 wrote to memory of 3536 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\chcp.com
PID 944 wrote to memory of 560 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\netsh.exe
PID 944 wrote to memory of 560 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\netsh.exe
PID 944 wrote to memory of 1884 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\findstr.exe
PID 944 wrote to memory of 1884 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\findstr.exe
PID 5080 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe C:\Windows\SYSTEM32\cmd.exe
PID 5080 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe C:\Windows\SYSTEM32\cmd.exe
PID 2388 wrote to memory of 3296 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\chcp.com
PID 2388 wrote to memory of 3296 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\chcp.com
PID 2388 wrote to memory of 4944 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\netsh.exe
PID 2388 wrote to memory of 4944 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\netsh.exe
PID 5080 wrote to memory of 392 N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe C:\Windows\SYSTEM32\cmd.exe
PID 5080 wrote to memory of 392 N/A C:\Users\Admin\AppData\Local\Temp\Infected.exe C:\Windows\SYSTEM32\cmd.exe
PID 392 wrote to memory of 4472 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\systeminfo.exe
PID 392 wrote to memory of 4472 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\systeminfo.exe
PID 392 wrote to memory of 5104 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\HOSTNAME.EXE
PID 392 wrote to memory of 5104 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\HOSTNAME.EXE
PID 392 wrote to memory of 992 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\net.exe
PID 392 wrote to memory of 992 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\net.exe
PID 992 wrote to memory of 4560 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 992 wrote to memory of 4560 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 392 wrote to memory of 3588 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\net.exe
PID 392 wrote to memory of 3588 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\net.exe
PID 3588 wrote to memory of 1140 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 3588 wrote to memory of 1140 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 392 wrote to memory of 3176 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\net.exe
PID 392 wrote to memory of 3176 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\net.exe
PID 3176 wrote to memory of 4348 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 3176 wrote to memory of 4348 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 392 wrote to memory of 2500 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\net.exe
PID 392 wrote to memory of 2500 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\net.exe
PID 2500 wrote to memory of 4996 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 2500 wrote to memory of 4996 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 392 wrote to memory of 2128 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\net.exe
PID 392 wrote to memory of 2128 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\net.exe
PID 2128 wrote to memory of 4324 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 2128 wrote to memory of 4324 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 392 wrote to memory of 4052 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\tasklist.exe
PID 392 wrote to memory of 4052 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\tasklist.exe
PID 392 wrote to memory of 3776 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\ipconfig.exe
PID 392 wrote to memory of 3776 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\ipconfig.exe
PID 392 wrote to memory of 3028 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\ROUTE.EXE
PID 392 wrote to memory of 3028 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\ROUTE.EXE
PID 392 wrote to memory of 4368 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\ARP.EXE
PID 392 wrote to memory of 4368 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\ARP.EXE
PID 392 wrote to memory of 4488 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\NETSTAT.EXE
PID 392 wrote to memory of 4488 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\NETSTAT.EXE
PID 392 wrote to memory of 3924 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\ipconfig.exe
PID 392 wrote to memory of 3924 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\ipconfig.exe
PID 392 wrote to memory of 3352 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\sc.exe
PID 392 wrote to memory of 3352 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\sc.exe
PID 4848 wrote to memory of 1708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4848 wrote to memory of 1708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Volume Shadow Copy service COM API

ransomware

outlook_office_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A

outlook_win_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\Infected.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Infected.exe

"C:\Users\Admin\AppData\Local\Temp\Infected.exe"

C:\Windows\SYSTEM32\cmd.exe

"cmd"

C:\Windows\system32\calc.exe

calc

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\cmd.exe

cmd

C:\Windows\system32\cmd.exe

cmd

C:\Windows\SYSTEM32\cmd.exe

"cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\netsh.exe

netsh wlan show profile

C:\Windows\system32\findstr.exe

findstr All

C:\Windows\SYSTEM32\cmd.exe

"cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\netsh.exe

netsh wlan show networks mode=bssid

C:\Windows\SYSTEM32\cmd.exe

"cmd.exe"

C:\Windows\system32\systeminfo.exe

systeminfo

C:\Windows\system32\HOSTNAME.EXE

hostname

C:\Windows\system32\net.exe

net user

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 user

C:\Windows\system32\net.exe

net localgroup

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 localgroup

C:\Windows\system32\net.exe

net localgroup administrators

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 localgroup administrators

C:\Windows\system32\net.exe

net user guest

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 user guest

C:\Windows\system32\net.exe

net user administrator

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 user administrator

C:\Windows\system32\tasklist.exe

tasklist /svc

C:\Windows\system32\ipconfig.exe

ipconfig /all

C:\Windows\system32\ROUTE.EXE

route print

C:\Windows\system32\ARP.EXE

arp -a

C:\Windows\system32\NETSTAT.EXE

netstat -an

C:\Windows\system32\ipconfig.exe

ipconfig /displaydns

C:\Windows\system32\sc.exe

sc query type= service state= all

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff2b54ab58,0x7fff2b54ab68,0x7fff2b54ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff2b54ab58,0x7fff2b54ab68,0x7fff2b54ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff2b54ab58,0x7fff2b54ab68,0x7fff2b54ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff2b54ab58,0x7fff2b54ab68,0x7fff2b54ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff2b54ab58,0x7fff2b54ab68,0x7fff2b54ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff2b54ab58,0x7fff2b54ab68,0x7fff2b54ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff2b54ab58,0x7fff2b54ab68,0x7fff2b54ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff2b54ab58,0x7fff2b54ab68,0x7fff2b54ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff2b54ab58,0x7fff2b54ab68,0x7fff2b54ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff2b54ab58,0x7fff2b54ab68,0x7fff2b54ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff2b54ab58,0x7fff2b54ab68,0x7fff2b54ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7fff2b54ab58,0x7fff2b54ab68,0x7fff2b54ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff2b54ab58,0x7fff2b54ab68,0x7fff2b54ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff2b54ab58,0x7fff2b54ab68,0x7fff2b54ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff2b54ab58,0x7fff2b54ab68,0x7fff2b54ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff2b54ab58,0x7fff2b54ab68,0x7fff2b54ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff2b54ab58,0x7fff2b54ab68,0x7fff2b54ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff2b54ab58,0x7fff2b54ab68,0x7fff2b54ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff2b54ab58,0x7fff2b54ab68,0x7fff2b54ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xd8,0xd4,0x100,0xe0,0x104,0x7fff2b54ab58,0x7fff2b54ab68,0x7fff2b54ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff2b54ab58,0x7fff2b54ab68,0x7fff2b54ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff2b54ab58,0x7fff2b54ab68,0x7fff2b54ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0x80,0x108,0x7fff2b54ab58,0x7fff2b54ab68,0x7fff2b54ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff2b54ab58,0x7fff2b54ab68,0x7fff2b54ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff2b54ab58,0x7fff2b54ab68,0x7fff2b54ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff2b54ab58,0x7fff2b54ab68,0x7fff2b54ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff2b54ab58,0x7fff2b54ab68,0x7fff2b54ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff2b54ab58,0x7fff2b54ab68,0x7fff2b54ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xe0,0xfc,0x100,0xd4,0x104,0x7fff2b54ab58,0x7fff2b54ab68,0x7fff2b54ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff2b54ab58,0x7fff2b54ab68,0x7fff2b54ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff2b54ab58,0x7fff2b54ab68,0x7fff2b54ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff2b54ab58,0x7fff2b54ab68,0x7fff2b54ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff2b54ab58,0x7fff2b54ab68,0x7fff2b54ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff2b54ab58,0x7fff2b54ab68,0x7fff2b54ab78

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Users\Admin\Desktop\DECRYPT.exe

"C:\Users\Admin\Desktop\DECRYPT.exe"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox.lnk.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox.lnk.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain"

C:\Program Files\Mozilla Firefox\crashreporter.exe

"C:\Program Files\Mozilla Firefox\crashreporter.exe" "C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jhlyxaos.default-release\minidumps\1ce119f0-ece8-4e7e-9348-b64bba6ff192.dmp"

C:\Program Files\Mozilla Firefox\minidump-analyzer.exe

"C:\Program Files\Mozilla Firefox\minidump-analyzer.exe" "C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jhlyxaos.default-release\minidumps\1ce119f0-ece8-4e7e-9348-b64bba6ff192.dmp"

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\README.txt

C:\Windows\system32\sihost.exe

sihost.exe

C:\Windows\system32\sihost.exe

sihost.exe

C:\Windows\system32\sihost.exe

sihost.exe

C:\Windows\system32\sihost.exe

sihost.exe

C:\Windows\system32\sihost.exe

sihost.exe

C:\Windows\system32\sihost.exe

sihost.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 204.79.197.237:443 g.bing.com tcp
BE 88.221.83.232:443 www.bing.com tcp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 232.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 during-goto.gl.at.ply.gg udp
US 147.185.221.20:45478 during-goto.gl.at.ply.gg tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 20.221.185.147.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 147.185.221.20:45478 during-goto.gl.at.ply.gg tcp
US 147.185.221.20:45478 during-goto.gl.at.ply.gg tcp
US 8.8.8.8:53 icanhazip.com udp
US 104.16.184.241:80 icanhazip.com tcp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 241.184.16.104.in-addr.arpa udp
US 8.8.8.8:53 1.112.95.208.in-addr.arpa udp
US 8.8.8.8:53 api.mylnikov.org udp
US 172.67.196.114:443 api.mylnikov.org tcp
US 8.8.8.8:53 114.196.67.172.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 129.83.221.88.in-addr.arpa udp
US 147.185.221.20:45478 during-goto.gl.at.ply.gg tcp
US 147.185.221.20:45478 during-goto.gl.at.ply.gg tcp
US 8.8.8.8:53 25.73.42.20.in-addr.arpa udp
US 147.185.221.20:45478 during-goto.gl.at.ply.gg tcp
US 147.185.221.20:45478 during-goto.gl.at.ply.gg tcp
US 147.185.221.20:45478 during-goto.gl.at.ply.gg tcp
US 147.185.221.20:45478 during-goto.gl.at.ply.gg tcp
US 8.8.8.8:53 i.imgur.com udp
US 199.232.196.193:443 i.imgur.com tcp
US 8.8.8.8:53 193.196.232.199.in-addr.arpa udp
N/A 127.0.0.1:56514 tcp
US 147.185.221.20:45478 during-goto.gl.at.ply.gg tcp
US 147.185.221.20:45478 during-goto.gl.at.ply.gg tcp

Files

memory/5080-0-0x0000000000160000-0x0000000000176000-memory.dmp

memory/5080-1-0x00007FFF2CD33000-0x00007FFF2CD35000-memory.dmp

memory/5080-2-0x00007FFF2CD30000-0x00007FFF2D7F1000-memory.dmp

memory/5080-3-0x00007FFF2CD30000-0x00007FFF2D7F1000-memory.dmp

memory/5080-6-0x00007FFF2CD33000-0x00007FFF2CD35000-memory.dmp

memory/5080-7-0x00007FFF2CD30000-0x00007FFF2D7F1000-memory.dmp

memory/5080-8-0x00007FFF2CD30000-0x00007FFF2D7F1000-memory.dmp

memory/5080-9-0x000000001C200000-0x000000001C276000-memory.dmp

memory/5080-10-0x000000001AC90000-0x000000001ACAA000-memory.dmp

memory/5080-11-0x000000001C1A0000-0x000000001C1BE000-memory.dmp

memory/5080-12-0x000000001C580000-0x000000001C708000-memory.dmp

memory/5080-17-0x00000000007A0000-0x00000000007AA000-memory.dmp

C:\Users\Admin\AppData\Local\f6e6d9a0d73c2e292f36d7b25c21f158\Admin@PKVHMXKI_en-US\System\Process.txt

MD5 14f7bf7eea38d73817e6829ce4a51763
SHA1 ead038ab39df799351d185c341e1ca632b0d1fc9
SHA256 71521dcc8f39ef6646cb560555e34f7f8bd1f49519b080ce26be09ea77d2af3f
SHA512 fe3b5fe2fe4ae82eac75e554c9fb5d528e0e12f95fa25cb78072297b1a3b0c62ca4db33de962f8749a8550455031c32ea702a0846e547f815405a20bd5ec2868

C:\Users\Admin\AppData\Local\f6e6d9a0d73c2e292f36d7b25c21f158\Admin@PKVHMXKI_en-US\System\Process.txt

MD5 6ad2371f11a70a96b24675a8c8bac0ac
SHA1 59154740de5e24b2b39a72c440c8e3474581eb2f
SHA256 482f78decabbe781e6759e10537ea9c767cb2294e0091dcb777b23ee88041306
SHA512 ed510c94a5dd7416d966a2cb87781f54ea446a7340328afcd4b5574b5ca5c7a5903ef2eafa92f256b5a88fa5f25f188f4ebfe85835711414328f6785edd9007e

C:\Users\Admin\AppData\Local\f6e6d9a0d73c2e292f36d7b25c21f158\Admin@PKVHMXKI_en-US\System\Process.txt

MD5 488885d8f6719353f6a699f24ae6d2a6
SHA1 ac3df5a411ddf13af6978dc34250c90a44af689d
SHA256 7c94d87f675c2a24fde26d683972b6faba24caa09f6b8f958d6fad26b941848b
SHA512 a0713ddfda7c195b539cabceebc9b04742de15fd3fcc8ac144a329628d192adb55de268911324e41d5877d9e08c9b0a1eb55acad1d53dad34b83f6c30b75ff4e

memory/5080-167-0x00000000008E0000-0x000000000095A000-memory.dmp

memory/5080-202-0x0000000000980000-0x00000000009B0000-memory.dmp

memory/5080-203-0x00000000009B0000-0x00000000009E4000-memory.dmp

memory/5080-204-0x000000001D050000-0x000000001D51C000-memory.dmp

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

MD5 744a9c411dc77c05d525588dc9211637
SHA1 77e6a30c6c45a3aee239051a02473e4f52bbf6bb
SHA256 2cdef8a3f61907ff083a509c46749cd3d6331c99f68395b81fcd7d11dba5efed
SHA512 b8cf603003ab726022c32a796f851597f1ffc86c3d1f698a289c5b64a53356b6acb3967f738c088cf6243369bd3d1ef600589a5540525b8dc34c230683c4699a

C:\Program Files\Java\jre-1.8\LICENSE

MD5 ff070ab70b186ba6751f7e18b60e93d2
SHA1 96956a78766f4270a381fab19909e0a95c9910a0
SHA256 8f3462895e17585eea2dc279fe4128c59c63a18771a9ee2e9cec153fe5760d03
SHA512 eb228b89cc5d13f57a0a43a6255a15a22d35687caf023ac102b3e9f5ec7785faf5cc484c22ca9e99984cf79388ade95ccfc78ff550b421762bde2f4f0f3ca97a

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 f30962e5c9460716aa3125a5d883e221
SHA1 08afc13624a4bf0a19257da85faa49af2427e140
SHA256 fa948f3cd7e20f220f6af611ce4989eb268391370697855f46c5f4c23af0bfce
SHA512 0799f3678df975136773ce69ac48d5d27b3488ca1dbc3cfdf0369756280427ae88ce06b951a1a9f974e33e1b6d4251db9d9bfa6f9def9cb2731e546a1ed74809

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 29da37f41dbeba239cd8c3e7befa2ce7
SHA1 97d5db4ef67a25395deaa7d35c84ff36a4783f4a
SHA256 868299483ce750f2351abbc44ec9a4df71fd07015aac7b93f1ab4f9e1312498b
SHA512 2b0b4afff25f50aa8fd32429ad27e15698818a5e5d9e429f244f4adbc33f3754e6f281283a02946f8292d56b3a8eb091d9b84b92927c68494acffb7a2a7e103d

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 46b2559095e305119fc4ed0143b7d886
SHA1 6ee03e3f554dab35dedd88123b4251aee65e8158
SHA256 fa6c328b261467231d696deda8d551529a12c1138bb5d8c8856ece8d3fb5fc90
SHA512 5313da38a5c2b0de6f12095805a58ea982bcad5e4a2e9a1f7cfa5422aa47192beaf23f673409cbe55303a5ba3f86b8d37b78c5c32f9a0693649eeb1a3588c8b3

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 4a2cf3769db75075b9f55632d637c60e
SHA1 b776d8ef839822477471b057bdd4c5444d545eb2
SHA256 003177ae69c2dd261d8680b3f1263c4fd99848eebff40ac74fa013393cd3344e
SHA512 d4b232ce97eeae679fe3240cb91e5592b4bf972a0b2f8e3d6a7e55b4f9333609ed1e1c109b107f918548491b4f847ca950a84bca0678d816fb99bfb0ba447d0a

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 cdddd0e7b6f446258e4f71c205d96c98
SHA1 bdb0576609be699d952d6fe6502241399828f742
SHA256 e823326a95b35a3a7342389007429b27e5e1d2ef00fdfc4f6079cd8a94bb8951
SHA512 e03e42fad437dbea78af4e293fc57815d6d92e8a16541388e6673d73a1f574e9c2b9288ac9d9fdfca180eac3a7ed9596e0699d4d1f10af20e7969a410d4487b3

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 cfa2f06555da9a9857d1daa99e88c6ad
SHA1 e7cd2cea825dfc40af20bdff87c19c53013b8775
SHA256 d7c474ec652861e288fba6c05e3ec7a0fe4185e53b1a4aceed3b6d0e8da15ef3
SHA512 e7b152de47bb6f8f234a8440a8dcccd4479b34bc89db3108ec6caa9fcbda15758fe5b16c943c64265c06b37a2787aff253490f28e161b8b595a1a01a3fa68d05

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 05ef321bace853fe93bc57e2a5e4cb7f
SHA1 caac34ef3df3a877b5997acb17fde1e0197cd135
SHA256 f501aa319f26ca913342582602a4923b1237858655ec8ba6fa3b982c76c17398
SHA512 cc48bee026f759757223a8c5ceef1c1c122420bd894064792da53e2c1e4f7b62ea058c9801e41dff73456644197c2d48bb67eaed5013705f6f56c04c7d45b3bf

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 680a42d8211d8e5cba71f2f18d97c942
SHA1 8ee05b50766dcd51e3f0c47507a70ed502a4fca8
SHA256 aeac3ced2740797684661f0cc26ecbaaed32e5391297b260514d903b3fdfdd80
SHA512 f57eeae604d46bf77b47a35fff84f9b3d67aa15c0165ae695cf53806b71506c75ddd72d4307b4e2b116ba52b25c5950125b93dd86542cc17efa8a10e7c5a41ab

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 ad4a810f4cfbb1093a3d90057a56ef51
SHA1 9126d203ec1ddd5add8346327b4e04ed72548b30
SHA256 b99609d84278d1fe2ff66b8d4a34160eebf955784e0f0faf086d2c350412b1dd
SHA512 c68a46d424d470f39ef3b8bfb7395bfef167b6fdb6178210c19935790dd6ed52cadf8515eaf98111c7b95bfebf17d175ed6bdd84053080c055edefa0bcce24ee

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 96bd0b7b152736dc5a519b17df89a917
SHA1 b8c3e38bb98a7f750dd1d91cd7b2bbaae32143a8
SHA256 9ba44272f1818b8bf78e4b4c6809b79d4c9fd43dc66c6c49842276edaeaa23b1
SHA512 696d3f22e164e5d72fba1f0c71a5e8ea4850380f6ba3c8987b066c25aab7000546131ed773e46d47e5288694b2f19d6f128b30b431a0052d8ef61551f0d970f2

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 b7e63fc05ffa98c2412598cbbef02d56
SHA1 a9a2369e23bca825951f5850db319f0e3c3cd4b2
SHA256 67ab0bd54a97b78eac079ab721387eb25c0715c0dce83a5725d604e8c9b299b0
SHA512 484489c4a443ec9c02a66fd89bb245108d9ebec5fd7dbda42a20204fa5d5a302f4871471b587c3f6402545b99bcce0dbf5ee2417b2a1ab97df07e20d352bacd6

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 8fe3ca6d78fc31a15b2e625b2785ef5f
SHA1 3d6850d269b86b3ba43ec2c959ea06fd3fc077d4
SHA256 417cde0d7590ba9e82ef13ae4b36455bf8e6ddef95db1679c8562ff5b7ffc44e
SHA512 466d15859ac25d60df751c8b1bd90684a926453d3445eaf7013d8f6c4731a862460108dd7b97853e9451d975dace5c94babadf4700fb5fd6f548598d3d6e9d9b

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 fba7597fee2412302d7282aba22f22cd
SHA1 dc8fd580b2415b2782540545bc37264fa9276e34
SHA256 446f507edd218a314f1d1786558db6af2747c8166bf647c2537b9d0b6d8bb737
SHA512 8d06bc10d2bddd153a765c78b992985b0b3cddcc3e8c65d7f392519ed3367e9e355b46ae69aec6aa53c5fb255badf20a221827e87bc0e816eb310f52aa098e4b

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 e628a78124335389f9383b09f9e7db7e
SHA1 ff2f7c83182975e575116258ed6086323a1bfb2c
SHA256 25afb3ae4a121f13e4a1f182cdfd5c66b6e3103d0513e59ad9e048b040ed829c
SHA512 ccf83431f296abe80b290014c41a3d185fdc8b05ac21d4438569944d1b3d1d4ac3bdd088d10a487cf5e4cc967d452bf6725865cd816eb9218521f55717b0a742

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 badc9209a0fbb144fba3a18317c99efe
SHA1 34b45ea5d38867bb6ab00af42d9dd9725a971852
SHA256 9c97d9cf537309516af5706f29b84f06db4ed9aedb040c25e917749b270ee482
SHA512 d557b03b65c8512cf9822f6aaaa833298b3fcf92ee00ffb6be71a1201ba760473c1c07aeb8910d15cfaf2254f75b6b4e3a6118f3e7037a3abc12051a0e607ff7

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 0a32a4c6c5a2d9a599ad7d170ab80f24
SHA1 3af3f526aa0079ed040878ca100b2ed98acd1c57
SHA256 6b145d877d42b4354c9e67f9e0a36a38fc2e9970fc418b203fc72eaf8c0191e6
SHA512 72235d46a25992678095238c3604be78df048020c89839880ac883d98cb68895a2283e4d2befcd4762cb0e9c2753f524dbd668585a5c856ad702915e2e051e67

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 86af17951830a263c05273f805943cdb
SHA1 c5a66e55254742f62b91e77a62910b46477c36b1
SHA256 a405c5dadc570662b03c4ad5a25ef4674866b5a0e2530f4a37b3ae49a125e4df
SHA512 ef8f5cbd719086bc8b40e072d565bb61496af2af354ce0c7804edcc97b1fabdcadea6579f5e7c623601d8160994603a7f79b5be94a9c3d699ed5881dc82e6b46

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 56dd6f435c042eb019722689c75c843d
SHA1 e74d53b311935be8b516a42981bb38bad7efa5ba
SHA256 ee1a2f17311a607e097db5896e45d45724f5694dbf073b41b3c3f95d13dbd3db
SHA512 6f08d30992d636c2791592064d3b1656c1aa5d65451225d3dd41ff67fe31969ef1ed01dfee1e0c97ff2dd26c0c1051e63f398831031c6a3e5c415f386fdfb287

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 07c47f524b92f92ec4793cec94cc2115
SHA1 28519d0b94d622169247a227bc7444095cb123a9
SHA256 13080eb6bcb9a0d551566616b297888a6cfcf0da09159af6379bf7a7039998b3
SHA512 9cd2ec6604d88fa3bb352f1f43f7b16fc551a1c33f8d2d5dd644b8e94fc7c90676e57752a9af5b6542a127403697aa12ba50d69498afcde6c724ca7ccd1f0188

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 a671518ad92e06e237ec05065e9d8d99
SHA1 e1133f9964b96187df50daa20c893233797260d0
SHA256 3dc24925030d7227a4c46854087d970e5fd1b4dd7969afbe4105c5fe0a88bd09
SHA512 2a460af9adda6073736dfe346571f2f3b874d85d288154245a23f58171d21816d8440977f9ef33611736fc520c104dd60b6a94fa71415caa3ab22d908172b5e8

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 25788e1765e65a518e9c20dded32aa03
SHA1 354bce517a5eca93c72213ee24c852cd8f214b85
SHA256 e703c5cdbed2ca922ceba3919c61eec08789cc94eed0dbf3c31bd02c7747ca9f
SHA512 a47e220296295aec7cb1c63d0dc1c6be6950079c111dcca75dcb471f2fd2018ff5b1e748552ae767ba4b50067a35bf29ea5ec78dd173789212f3607833887c9a

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 5ec9165c71ec385578876be5d29a3eba
SHA1 39e01624f261981be2f62a438ab4e29c90a714c6
SHA256 778a7e1b0dc02097a9ebb3a3b8735ca56fa8236f4f3a025017013c3890cd3f26
SHA512 a2ee09414acbc48d0626878aea68235b3656daef390d59414670a4ca232678297c299bfc30d4678d6fa6ee6415ddd46ca15637fdaf58fac7dbb317e049e5ab1f

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 37132a15dfd976e3da5268e6f1e5d5c6
SHA1 b0bc2a224ee718b572a891aa70c5ac877f1f7de0
SHA256 c3a4d24f51f6423ed5e8e2fd1cd7571debfba4c8cfb2cc79025b7401c177307c
SHA512 e604e2cc00df22c2074a571e2479ce2fc941e131de8146eb3df7bc131ce358273ac5e835cc45fe78f5d883549aed9801e1dbd01e0d3559e0af6316b8ebbe6b1e

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 5dd576bc121e26221f2a07926030d1e3
SHA1 2eb5350d212f5ff89f779a27515f549cb84ea518
SHA256 a9ec2342ba707eeb4f1ba4cedfbc97036d5a1cbe0f51e369c47914e71982e23f
SHA512 0053f896fa79dc63e82074950d56e1da2241cc62d08702d8bcdecf6e1bf4f6e5ff3519421aaebc979be7c7758dce1f682d0369fcaa6374a84ea9a614da25377e

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 89c463faa55e3eee34636b2c03fdfb8a
SHA1 51ff29d50a44ab687f44099450081ad929afd6d7
SHA256 0b9f6ffa02313689432b94c6e9635a72d5c827530a5ca3ebc24f8b78a559b11d
SHA512 c2fb4eac471b88c6cf4030bdba725fd79ab237e9f69e9b2038e82f5107f07ae56f98caeb2f8394596b1c7f9c0b9848062f2f9e8535eeb25c802c959a89277190

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 f8227d3d1539af8c2be9edc4682ee36a
SHA1 d9d409f77e47e9a23c94ef0e6bb80b8fd46f8de2
SHA256 05088153be44075ac932d97b9ac1eac0d1492d8971b6644634bc3210ab8b26b8
SHA512 25bd2cd14a80b220e009b17d68ff3481e93b381f3f89e3a53227bd67a7dfeca3841dae2e98b6c7a81fde5bc8ce53c49aefebda0a31d0e6349e4fe100f6e22ec4

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 5255495eeb49f8c67dc76d5438d3e782
SHA1 5af4a0df2869a0e1914a471328f273c475d949f8
SHA256 1b50965914948176ac36fe0392ad11696e1ca5797c34171681d5c67a92c7f64f
SHA512 30413b0779f9e71255b7de0d37384763d086be6cad13cebcb9ba3595bf53b94b846af9a8e503374e577fe7567929e0404a9b08fc8af1c2edc2f332cfdc440c02

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 f3c1f6ee85580f504ef419505b8b7fd7
SHA1 7715768778b7e8839778b6e0af023387f1c3c876
SHA256 5cacc9de39732807deda57d4186cbd7abee8d1483277e7b5009cca3e64dc0623
SHA512 0a330dae5d224a75b3d49ec14daf0f0f1848c7f939f682bf3b34a7d95afd1fc5ffc24028aa4b4ed5c4b39179bb0bc762a254d58fe7c6cb7cab4d67c10391513a

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 22d2c2e8bd7826f1ee6a978979771919
SHA1 f7b869d318f04c25fb547749cdd74a9745d3d056
SHA256 200deb110cf60c6d0caab3dd1b05adb9ac377a649d3aadf035d486a805bba503
SHA512 5f0f754e22af134a324f54a6009167fa2b613e0d996f087a5d2876c386ab44bc527a7947367d657428265b60a252c2818d3a2f3310fbe0073524cde29cb73bc4

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 ff894e1bc2e51025969108fb8265d3c1
SHA1 6aa6708bd246fe040467878c7d72a50ac6ac1849
SHA256 f55b9514c7a36d69c3f763abfa31107c080701379daace0a1369f62bb3bec716
SHA512 27ff0c421bb786d251f4bbc4c57185aac8d79f5a6e31b59a89b36d60ed5d62af692e7f3bcbdfa9221fa315d552f11738e9a61412ba5844eed8aca765b41e6e59

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 df82fb72f03515d1921acae80fefb321
SHA1 c3d6e3dbc3355b5022008b421a3156d5ab5d1f9c
SHA256 e06ac16f03a0e15b56133a912dab23e6f587c04ddcb7ee2f5737e2e55ea6a2fd
SHA512 7b7c2be3988580a0dd51037418457904b58c52aca0c21689b6f5c2f2edb851229bf687e3d8d78e3992bbf9da4b0f5012daa08b06f26bc8f1472b945f0ec9df57

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 45478a3079fb6cc68aab4ac1e3dbdbea
SHA1 510ff9ba8868a40336d02091e30766f654e7e405
SHA256 2b4a3bd910fcb8e57b0bed17e0b78115f8b5175b5615694a31850716871a07bb
SHA512 481c677fe5dfb7564be391b30acb9209f137fa3c49ffbaf5db076f9dc6ed83f700a858c7ad7897b88aea7d337b342c6be74bb051636dcb3caef76e3ca68a43b6

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 70384f5303daaa3bc682ffa038d0487c
SHA1 87e7fef730933e76022170a1f51d04bea0a7224e
SHA256 78a5c53892ec8cc16180fca0a5982e7aa246925d2df955728a39b1bccdfcf1b5
SHA512 598489ba29b0931f222f17edecd1a5544ac195a03df3380ea60f14bfc50b174b7546312c7c6a4b66e33b84137b1b0f4683ff9411e0adabdf18092237635a1cb3

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 ab85fb9f11c857707ea2665c21e6dba4
SHA1 0e847d6a61e5f18f6297682400fffb64cfa8571e
SHA256 b303a33075f39ecee42b5f3a8c694bbb17ed67a478206923902edaeb24a81342
SHA512 f725d7a2dd7ae02a0746d87cef6bd17e1a243b81da966347702dd9cd92e9898b131374b40f15f4e047ef4c170cc9e5b7830235e032315e98a6388e244335ac2c

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 60036623a5e81dab492aea6b704858ee
SHA1 ab224e28e967e7435ade44020c19e1f1ef5a2aed
SHA256 bcc0e1ef6e0916b47d030ebd53e46e240f616b334a9d621967607e2e732b0e27
SHA512 0e68ca6ef9f30cf4188777933cdfdf6362d780dfeb9df57384623242f4d209d75d70e76b13d9ab0e6fa99bf0d5597a285b0216527982aae8ae718b4602bc043a

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 260ea9d264a5c3d6d94f5af4207973da
SHA1 68d96c8dcd161b63ede182d97f0f78629d193f02
SHA256 174f87ce1efeab53308f8a0e54e5984724a10466d78d1e3920c1d1f14d8637fe
SHA512 60145499d841e4f489727948c380a66c06688f782af370ef25fb883e5e37f145cd62c4cf45cc9332869dc04b473ebde0b2c983849532cc4b45b841f1f1493b6f

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 39793dd12d71130228b5481df7b64023
SHA1 960c074ab96e574b00db082be5cf9a59557831ec
SHA256 b460e9ccb393c3cf5e2590562fd6feb3f7abfa71f5f8ad19d2e1405c0d86829d
SHA512 f3d2e3453d9992ff41fc7d8404d11dd4446591da8ee4946a1a918e36550105577d126c1f4082a9d5d8a30af8fc7da81ade4eae14db7cb75c26ac4e0096209310

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 a6f9a1fa0cb08769a7f7751fdf4200c3
SHA1 1ea66d13da54cfa13d34e6360a7f858bfabe49e2
SHA256 8b8b0905210059d40d2b5737262a187d0e7b1e08fa68708d0c54ccf780d00d0a
SHA512 b316ca6237bc589793b6ba20dc24dd731d8bbac432bcc16b4ac554b256b37c59f937210cc27c1717ac86c98db06e7145aef5a7de7d31f08cf0a2b58d09e248a7

C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

MD5 92177b53a430cb456cd04ddc1cde1f87
SHA1 49ee114b8d6b3aedd86badf13ff42487b8819688
SHA256 6de130f79d9fc58902d4183fce98a0c1a73c3989cfdff8978a6f9254e301b96a
SHA512 314fdb82069051b7dd3def8c9379fc1b0fe66160dfb8ebad1cefca2731364012ab07678fdb14278d099a7c25c8892c325dc34d0d4d2e8ef8f85b686a9b5367fc

C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\vlc.mo

MD5 0c0469f740b7160136098a4df8996adb
SHA1 3bf45902b7387a1976af6ec7eb7f6969d071f59a
SHA256 b9ca21607894d1370265f3ba391ef0ba3c71c775bdeef8cc5e1ca48ae55a6442
SHA512 22e1cd2b6f8268546c8cbd40d9d5d791efb98efbe7e4b0c2d0fe8e917cacdae5bfcd91781b268d80552b8f2de6f72a9d134214e18a14ed368f0f205e0c675bb3

memory/5080-2761-0x000000001A6E0000-0x000000001A712000-memory.dmp

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 fe98075c969b60b04986811e9e41afcb
SHA1 461c662797051050e25c16d0312a13a35de8cf90
SHA256 fcd7ff5f05911a29a367262dc27110b77cca6ff02deaf3836ea307d4dcb49487
SHA512 0244542da19f7e304cc6853ffef0e7f892cbb11e22d462f04ece6a9f38ad07fd435da5990a375590bd586ca983cf09e4960b854ff7d5d17ad76c6341107fb90b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\selection-actions.png

MD5 d44c8751f1bf5a7e9f02a0bda67b4323
SHA1 b626855b263f1e1f2a1e7f7c61246d27eb0f49e5
SHA256 df05035aac8b117445b25df4cb7d6cff111613de51cccb9bbdecc18dec0b4bb8
SHA512 d460fc33cfe1ba5766d8bb25d4fa7f66771c3ff3c19a6ec3a5b2cc4e577c41b813cc8f8f23d105be18bdc8ec21d93d4d5e9c8bf075ee10131f1cda059f3fc83f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\selection-actions2x.png

MD5 599da00c41c0865c6d3e078ba38cb3c5
SHA1 12594941922b65b3f6f63cae887ef367ff770cce
SHA256 1586a3a804adf50e9648ff5c5f94fa29632947ba9859e3444cdd30946616f8f9
SHA512 68fc3b52935fcd9a6bf559ef55575127ff77ec4e79a10ba746d1cbb85d0c02f211c865e39e1f51f19138f93cd22d9a26cd463016554d8056b216ee6a6606f75e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 7df247a260d9daf94cf92c827e63f629
SHA1 7345210e7bb867d286db4aaa6ad78d7c42f06529
SHA256 3c655bdd96d09342aceceb8ea1f336a87fac68591769eda619a16de8173bbb72
SHA512 f0fec767b49a3b027b56f4820c357a3ca575fe8bc086631cdb290214a972c59789b943f9cc8c60f39120f00d9bc7d14d9e9d7fada654c647a09b1b5300a4b96a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 84ec042ec4438819ce2da766380704ff
SHA1 0a86ea365a40d54bd90e02415e9f06cef3589cb4
SHA256 83ad6971e427604c4f502cefee372d18791bf9415bf01d832d6cda14de080763
SHA512 e2751e9426a28e0c7db5f778146ee97679ac5f7e4d7b3cbcc9677dba2efaaebaf33e06d21cb09834d40f49307d8be9ac03cf55d5672c5166d69859358b00247b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 96582cc5892649ab5fbd56db49214bfb
SHA1 1dceaca81952ac577602f6b7d43d199ba17286cc
SHA256 43cb710236c3a394c1a57343d607635e846cf986499d68f0ebd6f179d69a44f6
SHA512 ad45f82b65e19c16b8db1324e97510a2f26ad428ec44406746fceae36b33f1d703833830f4eb1bb69cf3febbd73ffcc5487ab003b0d7770b0dbbc2a9437f237f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 84211a6d0f5b2439bda3bb61d5191ae9
SHA1 93b09db3deb635aeeb74f6177ee78c4701bdb1e8
SHA256 95e70768f8c31f2d9c0ccce81fb0d30ca3d58d86ba090a2d27a22594e5662836
SHA512 058fdeee3a04b6dc8c92a09524843ac97d548794e0a2ba3d0c27a170060fe8b1c4671760e095823f506e4d625a557095e364252d78f304986b665666a497008d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 e79cd76e0b02158062491278e72232af
SHA1 86de79bed588f5c2ed9f2cb20c40733f966b154d
SHA256 d806b398e1cfb7e86cdae9b6dba7d1e6071cc4445b39da4c3904b064ac218896
SHA512 c4042de3e23c923a0f61bac737f6636cdfd4f2e2d868f710215d20bdc3d5f8c1ef047e8c9f708294534f2a385c55f2c50042257e9145c4c51a50a456a9174fcf

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 b3a86cd2ccc42f6905be094f7a5f6863
SHA1 6b4d263506b677a5543fe83b53f795868bea1864
SHA256 e70e5f47df56dd95c011347f511a32d9f91239b0c05d458d2ee67cd728428177
SHA512 ed04c61b7e4f37e79dcb7424c9f126c5740132dc3384d7803114efbe456f342b6ed2a3d665cab1067637f45fb9593e8bad3e5af3e64a77bd1b358099305dc63d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 a194662f3dbc69a40f3501594f24afbd
SHA1 a6a385c49726dc85935a2cc563767c5cd8f4e7a6
SHA256 1397c9aaec4c571e686cbc31bf10922f0db4c4b9a75359fd9a67dcf4f487004d
SHA512 95f0c0a2e419edbfa6cef030d665de2477e988a0366d727cde332ec57bb936003e7f5fb52d97da1022076c9ed78d4e7a39258b2033199f126899b5cc11c9973a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 30eb0f07257a36faf380ccda1e49c6e9
SHA1 785b2e49997e32932f4f41868ddacbaec5488796
SHA256 55395e6dcdbcf8515cf870e150f1f55840fca8da20a0181d59b3b40875ca76a8
SHA512 8e36291736b47bdfaee49939e37ddd5687837098046202ddcd40a04946dea206e39ad911f85b5d5543255dad288aa4b5374b09ad31e31bf465dd6653bebbebd7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 efbee63db9095c92e2278fbd88bc2d5a
SHA1 0669b018b9e6074621767d5f09273a845fc9ebbf
SHA256 df67cc0d09f5a3093e039f1fe1e00ca6b8060e595786f36f30f88eeeb9d455bb
SHA512 0c93bb1a02fdcfc5d826d515468b73e3edc714b56ffafdfccbdb727696f67a3dd7d5acc707038b75f9a94935c225241be04b72adf7bc2684bb11330ef97822a5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 f4293a1d6361ce8e6aade1eb49563422
SHA1 9066c738f4fd7ca5dcbed7e59d310e44e120d8dc
SHA256 0f9e4d1b3a966461abb66a6150bac3fa53f067a2a6d9775b92a29ab56a0e369d
SHA512 e647ff251be36071f86485f5b41013187f05eb4f00426aa0c781a8350c0311ec073a0e6be15f52125db4e08f6979a6b2fa609da4b1380452451c93600caa8a6e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 c2e418ab31660c6ae82e9ae70e345944
SHA1 9a2cdfebfd3251e03961131f682472805b69002a
SHA256 2174b455e8379594315a521ddcc7afe49f065854d1c0f75fc97eefe5f2e009f1
SHA512 25251ba03b8bc8ad6572c0b9dd21091c7babe65fb8a81136fcf269ce99f63cc0072329e21d444b71bc1fe5e8350df490bc8e8aba6056cfc73596e41528cafc50

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 5851b08220e6cd3a26eed3c92983db9e
SHA1 50c82f966934eac2cfacf4b20522bc7d9853e3f3
SHA256 ac794dbbc96c5a105f95a9873b5d66bb9570cbc1c59b6e4ded5a8a35b26bd2c7
SHA512 df3d04154de8666fb3ae4cd9de829b2ac30d32f9f6be26528422cf6d0dd56d0f42a2ca3a6d6590dfecf8e1d7c0a15f7217bbaf20a07b2f5636b24496cfc9f117

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 89fbaa5c54639dc26491ea1fddc53421
SHA1 2161d8df61ed992b6887b4ded46747d76b2948ed
SHA256 00618e4b6ef7cd5d33cb3cab1a162dee9fc9cdbc08883dbce7f118ed11e7b551
SHA512 3279b78a43a8534383810d7647de3482f29c5e19275673781685c1f03985ee1a7fbfcb447f29ad50f36a6b0d004fb2d8555c1a1f5242491058ce9cc970315861

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 ec85456619622742363dbe2e57c3845d
SHA1 38bb3865d48b84b5833a1f3396c3a00b2d144614
SHA256 5231b5762f0e573a2dbf5c31fc052ddf14fa76025d6b0947b32fb5c9f27e9fd1
SHA512 9b045868bf86575ea6489b321a1956031d33ff3d3ac68b98e904238ee0a36841794b1ee9947c83da081a394b4d5d209f3497f599b20fac229c5c2c9f62172ca9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 97fab7353448dc583aff651d72240326
SHA1 28f134f231ebf03045c671aa8d4c64946969d74a
SHA256 e044dd7a2ba37f1f2d9a5bf181bdd10330c7889daa1b6eeea912b4877295f629
SHA512 596d3471559f6b8ac454b1bab48b7d89c76cd8bced74b17c8bb0d633ff6f4b5d7820a744e73995caa90b06a2ec78ad95de0af4cf614a630f6dd8be44b1a4a5f3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 6fdd9d004a9e17025bbf5c2f68dc3f69
SHA1 deb50762883dd0519a07931fd191ab61845982c1
SHA256 9c97330b379c43dd597757c3d8884fd2199a5073c771c5d7e675fd43be7241da
SHA512 48e0d5c4e60826377e564fb6d1e9c77cf47fb27b011131193ef92944e48f0f3ce17e14d73ab913ad0fca067a911fc8968a5ac0109b3778aaef136a0d3a302c19

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 840cdeb9796e94197c3e5e92bc703306
SHA1 4d3fa221226eb535056014217e134ad80221dea1
SHA256 4901ce0657773dab178cf897e0b0892e575330820faa5d3cad7ead42f5597ba6
SHA512 a1062a6c093394b5d37cb4ad47f00fc5e9cd72f71ebe97240e59c9e3f77b991274eece7b36c16e9030e499b12704bba97e743fb3061c6beea5ac25d34107f4c2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 7c12df44d3bf2c1fc4a9af5cfc6b0bb7
SHA1 1b8bdae6951212c3c690c609a99761a9e840eab3
SHA256 e66f288d2dae0cc7f38a395126e4dad19c98ab966adb28c80ae244d750de118e
SHA512 59e7fe8ba2d0e361872226f0a2af2d78908d6b90b1179d7937e4b8010e5939f71ff7979f6a3173e39a2c898a2e898d8bb2518f3438e954072902b4e35fa33fd5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 7930fddcfa2861b9325834436c79494f
SHA1 6e09cc59a91fdf268037b04420e6dc00ed335781
SHA256 56319258ade7f6603bd8a85eef191171fb50bb8d0a6ae691fb8bdddee009e318
SHA512 006895c40bea51e1f953af29592dd70fbb3ebfa31aaa2cce5b02412e7db727d677d8814753e8fd3e8c906b3d0ee958ccb11b847dd5b5cec98a678497ddbf9c8e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\progress.gif

MD5 e2cb011f41b34ef7abdf35a01466aa60
SHA1 3998ea55ab26d54e5426a1958795615380db0333
SHA256 1b9b44b01523f11f294e399d6db1aad22ea666d06612008f57c13ad0cbc39cf0
SHA512 b808477d553ddd23f88c77546a435471280468c104407471b3eeca25954820c1f4dd304544a1293476fe4c254fa381b67b0f8556655ce8d8a636d1e43a86d386

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 fd00ce47d6716b07e4d43954d8087fbb
SHA1 f9eb07d43b48dc4083635c6107186dc46e066f18
SHA256 431e35a2a13c997360370cfed7f36b4c422e9339f461f6ea141d2dbebc1aa821
SHA512 2b0f0aeeb474f08da3dd1ee901e3f602a6c9a48c9684a2720ff1fca5c0f56a9d477382d95feac8159be29e490c0b2ed3c25e615033928f6567c9b8c8d46d69ef

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 4f37ab9b6d6d3abf88845c397ad78417
SHA1 32f30dc4936bbf4a41b54e755b31f66642e9fc30
SHA256 2eae8b45ce36fe2477dcab54c9c89a42a11ed144329839e0033fe094fd694915
SHA512 925d50622df08b002098e3f7f6ed33e9f78225de727c69b73309ed12712f71dcf5045798fa4581ea1264ae61a80aa4181ac16a63913a7537c034460710dfc883

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

MD5 cc4b494f9be3c5877624690e6e386dae
SHA1 254057b63bff8f134725cf3d72c69209fb86e0be
SHA256 e34c5743aeb418e6714a56c099d13b95cc2a42680a3d4cccb54a322fa64d0647
SHA512 8cf067030a11efece7f620decad2235f024b830f4de0d83bdcabc6da73dd14f4e021ce1a0339f243cddd9443c61866394a5a3aa3843a2964efd162b334e4553e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 d7bac7f0002d118f9cc906eb478ace87
SHA1 94fd2fdbddf430ae93d6ade448e8c1950c7f4e01
SHA256 223d61f85c241f000a0c93ea52e55229bcae4b57a2d1d1ee75606a6e2ddaf43b
SHA512 29183f78f6d3675b6dc0b72799dc478f26776e0b8256e04cf59b9a21c3655257648070964d69634d0f87cbb1f8bee02acf1fd38a7c494f7187c2c37ad70d20a1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 4def1f39e5b4cba3df6feadef58f92da
SHA1 62844b034b077b959378f18899e75856a79f151b
SHA256 001eaf8c0c5982940fa159ccd0b0b2fd00688fd25e7448765125615bfa0b2ca7
SHA512 47e76a285e73352cab163e222e518e42116fba29a17730b7f4b9b7fb9c94128b838f2236185ef27156c9d812182d094ca90027bb6e407d31b8e111779e5fc5d6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 382278671eddc7fd8c380f0b458e1257
SHA1 8b0bf27738b91b1ab29b1d78251036a31bb30ee6
SHA256 c0b1082b54eabc66a78a2921cb67276cc1c0bc595a9af2ebc823c3acc10ee077
SHA512 6347fa8137a7f286d650cac933386453d4a02d44e2037a2f6d0e76d149a2baa7cef46a2622198cef1b53ce52f9f17ef520e69e3fa2c3857d7a3378df5ab5dbf3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 8bd25e2300664a87a426f0cb57a44810
SHA1 982b026e450707e1f57f54ae519506398a0bfc21
SHA256 e3c118f46dcdaf6d6124c427349ba60928d1068f4bf38595f3d715027c2a3be3
SHA512 1ccbcec548f789ef0552a2786f332b9e635bad08c29127b82060fddebd09a8ebfac3df9f9e6ac98d80ac80eb9f721502e59322ef9a76b83515c5ea3e610b478e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 4d136e01ba881d01dc4c5e8535b103d2
SHA1 571acb8418868b4e3fd89083baf466f0130216f7
SHA256 ccd25f1aff4506c8c97b4c060eabc3c0038aac9bc0d6336c4c93693ac202aab5
SHA512 ed22c38b8f46ce5fdb9f1a0d8c932af6e137dc1c66eebe1788a6eaee87f4a42fec07b1376b7a83559009b33f60105c3d59182f6af96385de8c3ffba68de18590

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 42db4e85e5e57441455d916575af5e56
SHA1 e19db5c67ba83932ff23659976dc0e552a7e5181
SHA256 72fd2e050589e654fe6c70694a179b6f205bf80e8116a3a4416d89279160414b
SHA512 13194b7fbd8f03c77dc3483dd07844c1213c7349c43dffeae92efd331b4a95b9456287ac6612845d4b66524a502d62cd5a60998997707cd97e358a4ebe03653a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 2337da1c6054c8ce16f7983653e90cef
SHA1 e0f58077edc4ea844263cb385c5a565fb7d9453a
SHA256 ce8d9eb1d69898709e3068c04032c46543ac926eb72ddfb4fc0c5a0b8a1255ae
SHA512 79b59ddef09c61c62d85b92ae89cb24fe78cddf4ab0ef9445740ebd5c131af03c1cba6df3053293fe33ec3934e668492b018cddb9264e62eeb34ac8d73998acc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 2b5e42dba79b7dd59bbe148c2851a925
SHA1 f8ac014d24b8211a6ae3d136dd988ab9de21606a
SHA256 2f30a1eff7bbed8c4d641e5c0c4af39346ea7cbe8c15191dd64b4f64d3c9007b
SHA512 963dfe39d1c23a9319887f8ce44bbcf3baadd95b5e2b3f6ee293bdd7703143f2f2d7c11f1f23dbcaeb8c18ce8c48436de7d53a51c2768d3897b5eb32e968aa74

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 29492988b50ba04038248c2b3d160f36
SHA1 e27015fb12590c9f39c49a76f25b08806b20afbe
SHA256 74ce7b07678e9d960fb0f2d3636ae59116ec3cd37166895a141082ec3ff4e969
SHA512 e11226e0cf1bbabb0a52a9a27e2a3842b07bac75c53c5e49c8ae15c2f2f5c902903a581a8657179017a5f66f22fda4f553037d86409378b7c001d74ebe6ceb8e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 7f3d1cebb48bef56643c5b7a7d2d8230
SHA1 5ecb6429a49239a5221678ecd1c3044b6c24a6cb
SHA256 7dddac8750c7a22b9d4d0b62c040f755559ff943148d318ee721a7ab4a1d836e
SHA512 69c7ab78d293eed51f8806ec02a6433444b59bce82fa6686d29ab284649852370269e570e55c01386aff1a97ec2551962bcfd3b1996bab417c8de59b0b0822f3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 bbd53e0e4b9295c23770d55a491b7b7e
SHA1 566da7a26c02ab5eb880face8e2fdf0c48da5af8
SHA256 2ba7b56527b4482d4f12a674a4b86166dcbf797c0f8296116f93de92e7ce3968
SHA512 914a54ce0cb55264c16400e2caf3f2a9d47b91d52ce4ab55864c8579e3ea95a4e4a3d856e54110cd9b7d8c6298001fa1700f956d6fdad8632f56b5fe7c1e3148

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 0d42b4a3d52d35561912525ee91b9eec
SHA1 da498662e2a3035d1e34c38e81370de244befd96
SHA256 bd1d9006686e4c8f338d52412390221e46687cb2a98df096fb045d801ee5fff3
SHA512 4733e47f9611a93783a8d611c0b50251a2fbd0124514d16771c47c6ad8938ba71daabefbfcfe308d0ca976fb1dd6e7ab17114788af26fd9d1c8adede314d4b4d

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 d8c33fa125ada0a908be1707f2e02da8
SHA1 7a1b41066b87bdbdad319077dd7d4a2a6f9de3e0
SHA256 8a8b6277726fdc0bfed9e4264b6ac23bbfee6cac4de24a289a322330a8651a79
SHA512 85cd2d5447de45802bb834b56f82c369fb481316a5161b4b5065a46ecae386e976cfbe43a0117e7ac4ac091fc85d7c1aedbb31aeec8d0abc9c0fdd1da916ac4e

C:\ProgramData\Microsoft\Diagnosis\parse.dat

MD5 a121c5e1a6e2559808ec6bdee4fbdc63
SHA1 b19dbc1b9c144d55f6fdf78b4d86a416c60aaa63
SHA256 f8fc3a70da39c08a519d6cb4ae470aef12f33e7dbfa49e8fa8e4da268f9f517f
SHA512 2c80c0a3eac20de5445c11925e846228b539e84f261214fe701d6f1f5fbcfe82d247c2478b9a760805bae582739ab5f1e945045af27218605644f8fe9eb1f334

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\CURRENT

MD5 77b5e9683d13c2edf61412125be7f8da
SHA1 6c8703dcc54dbca07d783a4d68757dee37670c28
SHA256 1a252ab63c6ea770319ba5e2ab9510d580e2c87fdd6f21cefbea9df561f504ea
SHA512 9526176309e6a149fed05dac3ff8b5a639c1273444db4a255335e554e27c63801bc0a061e3445e1ffa41ba8b0dad4d04d7d76e219237482671a6573920a74885

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000001

MD5 b3da9079dc60723b0c59060372e65c9e
SHA1 658f6f004122af643acdcc73816bbb87c0a2f205
SHA256 23c62b1dc752d939a0d3fa030b49b15f7b5b6bbbb7686180486f047ec1731c03
SHA512 2d83d447395ed0caf5eb888b6195ada033bc9830334ddb954255e44e60a69ac1eca93cdf312ce32d9efcf71fb682195a03031b00f02ecc2178b58b5880542d24

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index

MD5 78d93440a628c36386f03e709e2818ee
SHA1 581546c13055f9d2a9fce32bde5710c98c3d3803
SHA256 65d1774e1c45a6f17e49f608229b3d4da1e19a791e9a319b7864b1b34df89968
SHA512 25cf1e17d216e1d6ad4e07a1f755891c9cf50704ae4ec56930df76eb93ca8c41ae66b31584567840811c1f795d8954b354d6b3fe28078c7e01a3d51489c3805d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\data_0

MD5 74befb5258988ff890048ab4d5f31294
SHA1 e87d2e53fb8f06f7f6a6cdfc6ff259794e60dcac
SHA256 31767eb97b294c45f8a9fb17b63aa76448f79e5b0c96f5c60e7b18675a95ca44
SHA512 1ff84883a5a958c377dd07d0bac9838d47d583068141b4febfd6409323e907b02d96727f7c4b24debe4bf95f11009cdc0b43fb5a249d8b3917568de19c97094a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\data_1

MD5 6d8e90717a614a3d621161ce9eda1d63
SHA1 24bf0e8282745dae37ff48cc2e320527875e3c4d
SHA256 7cb65ce83d661a2c5b422282a2747ee1f14c4a6f9b765d3235a89f0a776750a7
SHA512 d2a19c3a2c6de5ac15eb5093544b3b6bcbad9f74988999c1ea9697994e496d42aec6a08cfb5be6ad9ac6c003af4aeafb6ac3755a358379736993f3c6c6168b3d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\data_2

MD5 ba0543ac7ebab5374bda934c5bcda4ae
SHA1 5bd7a8e7ec245327ba0b130630076c966033cb41
SHA256 4441ea6046dfab17472688387304b650fd968d376e170c899b4c1477f47b0a5f
SHA512 d709adc0bb39c33d8ee70f5b788fd515f44da19c515c62be6fe41ea2c1a470dc6604ae021b3bcbd6c3859557a945fc3a65513da15b5112d7eaa26bd6718ae0f2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\data_3

MD5 47e91aaa6397284afc2f9ed140c76cbc
SHA1 9a7891c33630ae579f88db91d778f03dcccf32a4
SHA256 ab8039eaeadb80c031e2de0dae4472cc335caf9e8c4b187b56a37d278983c754
SHA512 a43d9ec35ae47d39ce46238887c0e3f32cbfedf569a497c534a7bc556b1aa7b4b2bde26431fb9868aa728c075c7db1c4cd394f1c852076740abbe39f711cba2f

C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\winword.exe_Rules.xml

MD5 146d6e8a20a05a338d98bc13cc604e69
SHA1 9a696f23b1d15cfc7a18956c0c9dd2c160abefe8
SHA256 5fc4986ad668cd363ebec65e0ddaaa35d0158f50a6f0c8c811b95b2859695272
SHA512 2c53e040b6d656f3548d9be35f567e74398c793618b0f434bf939b444fa208129a8e63aeb2d6367fcf281fd1fcb28e52f2665b1d5825e03f4d5b615168044a8e

C:\Users\Admin\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\Settings\settings.dat

MD5 f1fe38c1cc4e22455cd0ba486841f57f
SHA1 1281f7603ab8d19e07d3264294564e76de8844aa
SHA256 697943790ad3fd7970123fb3de694156b4fadc4846f6b8552f70ae1e89c49ded
SHA512 4bb48f216fd92ba9399d455be00b799ac633342244f750c17eda6beaa59a7debabc18da8770c683642dc2d201eca863c31db6a9b97077ccf989278e54fde2423

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\https___java_com_help

MD5 ebcc1a3644ac8d83e1e24b2f0d16d5ee
SHA1 779301cd9a434741a6c1185176e72b04624e1aa6
SHA256 b3565c26cd1060e91d4fb4b7f5f1e49c0eede3b4d05373c59186a4b27e9f2c17
SHA512 8b4a355de5dcbb0f0de4320cd0a553cca993ab630c88e25dd689d5fa2a995ef37bfd38ff038feb1b0e218ece6bfd916fc1e97c0076bc98d46236a61755da8832

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_charmap_exe

MD5 8a577d146acb576296c0c8ecdc8311ec
SHA1 df8eaa431bac4502d830a5b4e27c5f07c0da100e
SHA256 7f9ef5cde766b6c5e15d28282df009c1f6e99a17e1d7d4663c065a08b0d097e9
SHA512 9f737b432037390bc6f79114aa5c4d98a2546fc718bb97daf78792e277088a184cb70980021545c24146c89f6d340f2a7d2d6e3eebf023b09f3c02112b67fda0

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_VideoLAN_VLC_VideoLAN Website_url

MD5 a7d0df5708d6b1df358e557771fdd72f
SHA1 95ad6e82de974962fe8c915b563a63908a069779
SHA256 6d7197cc9427c1ef0c566b3616572e6a8d2fa65b6ec411359b3620308ec839b9
SHA512 1c78514be4c06de0cec313a3230cc3ebd2f05ca8fe1559ab612b3caf87d2557fa51f583f094b188225d25d7b7eeb2e001aeee58daf9ba6b3f2515be8388c87ef

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_VideoLAN_VLC_vlc_exe

MD5 f8daa7ddcf101a474260812109ff5d72
SHA1 bd68e19667cde75c4e017d58cdcc54d7c97c3ced
SHA256 25b7ab820a5a1da754b12b58695b7f4ca88bdd32e60917f590f45e448e5cb939
SHA512 bbd039be6efc999fdb1f832dd2acef8535230b91f497adf198e65f7c5cbc239ed83dbfa6ff35fe45f27e8ed2dc494826117b2ee64d34fdf5095b2adcc6b4e34e

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{f889eded-c1fd-473e-a23d-5dd95f931ff8}\0.1.filtertrie.intermediate.txt

MD5 a232bf3928137cd7fdcbfc8a2edff4f9
SHA1 4713e302751edd7e23dcef7c06ed9a5bfebbf978
SHA256 929954cf816acb8b57aa25cbd998eb1d88ec9a5360f2ecd2c2a072f0439646d6
SHA512 714e108e71c45a5a7685ad1ea7a3ba1cd5016f51a69151084708f90e19a94492b9c96bb201b9e13d81ed73feac3aa181bc4c03d0bb3b5cde89e8e37e6993f85d

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{f889eded-c1fd-473e-a23d-5dd95f931ff8}\0.2.filtertrie.intermediate.txt

MD5 50a794484160f42f3313656db4ecb906
SHA1 4f32380fded4519e192204580616c211a6f8bdbc
SHA256 a1878825df65fbefe0233dfef2de72f3fe1be27a253966bc573bfdf35d731ba7
SHA512 deb2aa887fde135749013b27471ec30894150dfba6088aa8be53e9a86d175ec37f897d67f35be56979b5c2d0a60526b7e32ad3c18ecca898bbe0b48ce1e1c39a

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133626047777934806.txt

MD5 080fceba39eb3d724d70e1e28af975c3
SHA1 0d6f153cb39c9956c2b0294b118089b09b678bec
SHA256 fb601631c2d6881f93c699477d7b3e7e9bc54de5da0e513366df273069d63f2a
SHA512 696992e665d9ac1af75d48a165b4e89110573123cfc46305dece656bd3096f5678f0388ec9bfa552ae79d0fcc102c568ad6cf673c0564e539aa68d16e25eff5a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 43d1c47e64b352ea5c52fb207118ba55
SHA1 b6bc27ad851c96ca33412f37aa339f5eab1c7740
SHA256 fb1f0810265a7dd90c3577610f07edc2ffefa0486ba1500f2eb5069133dc9e6d
SHA512 7ef59af0c32bd15eb0f28a06f8745d51da24321de6691f31e4943534fa423c73530633dd227a950b03ae5e99c20d06181e0f8d5a4e847cad9aa26e3175db9075

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133626048378180668.txt

MD5 1dcb2ae85c44865bbcafa7bcad5c0489
SHA1 a6ae7b2b8a69f96e3d158fde439c411d3261f15e
SHA256 3847ab9b05b5bcc8fcd4105e7f0f90881fef684da9776ee0fdc0442150a39fa2
SHA512 86aa0538053ee137df7a976c3c4684fafa7bd18b9fcb9e501760063d76e377f89a8ae94e70e8456e3b762af538a6dae7a25067e15afbd0e0bb4fd24c306c07c8

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133626055715680511.txt

MD5 b1fac2d6a815b08fbab3901e67d82f1c
SHA1 fbec388f774130b9cc5ea40642a9bea64f3d1f21
SHA256 4e8d4dce0084138d4391d4a779c3c8b72e81025174c69752df22ad5e387e5123
SHA512 a260638e502eb30e43c90011d3df9734785330f754b10c1f6d8a5925456488b01791e4dd7aa32ceb56480fc1ede5394e9d670acbabe43265c0ff4938710724a4

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133626067918275725.txt

MD5 9d107c50a11d20bd720b7592d8023eba
SHA1 3f274c441e48b986b0cb5374db456ecfabc03892
SHA256 4e6d07286a7dec860c0039566bda2763354d893bb7226e180552dd1bcfedbc54
SHA512 ebf86a10657271732b7ec1d015b1ac3ba3781e76804dd7f0da1287a51588ef136cffbfdf9c616ed6f39da0015be96d9c023da13f77ea0a404ef9facfc41ac50f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\reports\c6643c7c-af48-403e-b094-6938c247cebf.dmp

MD5 05e746c8986d0b149d8bf26f2942670a
SHA1 01ad38fa812a25df694e7646e02b85505acaa1a9
SHA256 ef4ca9c97ebdaa7dd30346d1ff989dc099b02fede48b658e172165482ea00f46
SHA512 112d03d7effe5292fba1baec95500635dbd1b0b4657ad6654e340c7afc765a22eb8619c701cc7e4d461898e28292ca002efa5209509d51a271eed8a52664e95b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\metadata

MD5 6c255190e0220816960f7274c0e905eb
SHA1 97d860cc850ce481c5c7600e3f2ed9ace2f7b472
SHA256 246ee7ecd68185835d82b02ccd1db706009b0f3c27ef94af5c78dc2ff7dba58c
SHA512 82801ed06b754c1b62aafea786a9821a2212e320d751e3fc9fd863a7b66ecec4379bca9391487d9adafd9bbf325753e1f692df7b8d119c3e0c855ce31eb013a5

C:\Program Files\Google\Chrome\Application\debug.log

MD5 11887560f56e1417215fe26d16a47ebc
SHA1 5d5c0de7cdaa6f40f57a8e53291090a18c831c43
SHA256 5cd394680134e90b11af05de52dc19c888878d6622b4dd03f639b0fbe6b3e4ba
SHA512 50bb477850ac976d263ef52d8fde39cc29671446f95d85fcb4e24b22cc839a1017ba02ba0cebcaea67e2ec9d8d7ba2c3b6a27eb9f49926ed9ea4cc06e5c5c3fb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\metadata

MD5 b404626d6da10e5f6a6324ce1ff315b0
SHA1 55e99c5c4639ac71718e31253060565573a00b86
SHA256 d207a0f4400fdc7ed46181955eada21168a5a38fa99c543beed506bfa292bfee
SHA512 35c44cccff5f2acaadeb33d38492b0c73c37e4c4f2cd5785676c9cb07ce9c642e3309346ee894e39f0f35ecd39000e549842a517f3c9bcc698baa2fd380ce1da

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\reports\0cd8678a-805d-446f-b3bf-208658f443fd.dmp

MD5 bcc228ff6d2485872021d439f4bcff22
SHA1 377d1d028d5f7384a83f2021324ab41f968328e3
SHA256 8d7355454c226eef1d02b20e2c6aabce4fcb3393e3f41e75b388c0292f2b2829
SHA512 e342daedf94f90588d0891ce46ce38f5fe275aa7a4ba650fd33d4682105b798a7888cdc036271a1913ce0fc75e2aac09aaf7f6a5297caa4817be94f1e07e5928

C:\Program Files\Google\Chrome\Application\debug.log

MD5 beea32d62fa04fee302276e9278ec434
SHA1 488901cdcc6b6877f4b52ab73bd930c1b5c8af7a
SHA256 57861394bede92630341b669eed43814cc178ffc20e78f8de508cc5f14cc7337
SHA512 c86aa18ae168f97839596ac8a56495ec86eba5ea3f3276fa6ddc11a18ac3e004c23e5429109c289ce513a408034e926ada7bbd5ab91e1cc7aea97b0c75a0d38a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\metadata

MD5 5c28c2717402aa619ba78cdb641c704e
SHA1 3bb0bd7a2ca362210b51e87aec3e2795dfee8f6e
SHA256 db029ee91512f46cd6502dac69adf746e21beb47c9064d7127badd856e710539
SHA512 490eadca05ebd8be36179cad2df8f12895dc595983961bfba8996284de61139fb54015568cc52d899e3e86ad31b814d4407710b50a80b69d57776c70555b9ea6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\reports\8f597420-ae6e-4971-8ea4-6cb52eb95738.dmp

MD5 4664d8e5917061123945bc2c9d51bb8f
SHA1 60ba4c4244c34d1f3951e43237151aa44a2243a9
SHA256 cc7038ccd32939a35c285eb7f4964cf893f6a004855f4786003be3f1feb4bf98
SHA512 ee297d156d0d7a56939a7cb8679b3b396bf7e3250ce6f2dbbe9820fff72e03f901732c5371311f31a08c3b197ff1e741e9a726db2d6b24fcf223a7046f0bd89d

C:\Program Files\Google\Chrome\Application\debug.log

MD5 987da68d286b9f6f497beaf3c1091ec7
SHA1 97e69ed303d34bbab4844e9acc0b141d7c895db0
SHA256 3facb418e3052bc3c86b06702c1070d0cfe8e83955cec143b325e145f2116ee7
SHA512 2c1cebe752183a1226c3a50ab77e06f6ff82c179408b0dde1ecf6016d6597d2af4e992500c43635f2a92f0af13a37caf840c8fe0ebabad44de6de8645a5633ec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\reports\02992297-5b9a-4fe9-93e1-7e1ec51df182.dmp

MD5 10944356f93d36e7f10543e9a5fbe46e
SHA1 64c64cbe1a5cb9fe95adf256edf23e61c7087919
SHA256 94a645d667a4f71a9a5dccba0d85020b6f54598c680b5f2d5b64e7d9c6dddbb5
SHA512 d3460145f88427f2ea4dc9d0d404863d9a1272bca4ed5a8d61f11b7c22e94d99c4a7091be04538fc38772663e9497ee8cd0be6e2d12f4a85c6ec8cafed3a4cea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\reports\07760f6b-aa5b-4a2d-a548-48cc44857e3e.dmp

MD5 57ae3eb3e4e29ef8efc31b819c87bb67
SHA1 ba0fc28c6aa5af4ad2946d6a181327945f0160f5
SHA256 548085d4cb3e45b66088dec338f7482d91ebcc8d9f0d211788e9093e7bc5f719
SHA512 3d219df45bf2ea74303527fc87f8c085b77dba7e6d392e461ea43998862dede9897c5a852c6f2fbd82862b37a3aca6b238268c4f0e155968ac45a689ccf5189b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\metadata

MD5 dd6d2599caa2551a0be4f7ef689f6081
SHA1 42ae2443a603078dfbdd889e0ad7a38afe2dcb04
SHA256 f3635ce81a9fb12ebf5476c688bf2a09e52d3500171c5feee0ed2e736605375f
SHA512 83d89f367b75fb96daca126c8f07a0c858b98bc0bde48b5f08b05d2798870b8180fbbadceb3d5c8d76babeecc8f8fbd69937c31fc0459917f4eb0ff4c353245b

C:\Users\Admin\AppData\Local\Temp\Microsoft .NET Framework 4.7.2 Setup_20240611_184533026.html

MD5 347e644dd8eb1cb0389e622536a4c374
SHA1 433ea13c6d99d2fba7865b1308eef2ccaf0dfa70
SHA256 bbb050f307eeb75bc8ef9be0ed72da421da7b8ba2d4602786c3173259d5c15db
SHA512 25cda9072c039b33d60e24ed2db04945c208c745aaf8ac65d66f037e6547e2877ecba4e5c908e80a0d4a13428193fb5ec2be7c682818994fcf530c7a10b5a3be

C:\Program Files\Google\Chrome\Application\debug.log

MD5 943674c1b0893a375e1f26b253ab9198
SHA1 9bd05a45a832d33ead660edbbefb091ea207e829
SHA256 535d4030c9d04fc1580b74acf4cd5d2be180b343f73281ad12f3c1c841c2d3df
SHA512 8c0072e5b4b43020a366e9b3a8a17adf85f2bc4666d4f1774c3381d79961cb4611a975ff4456c708841d3e835764981f371c61d21fed954992b0215eb76859b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\reports\f682c31f-bc9e-49bd-8c1e-139ee02c77bc.dmp

MD5 e3679d5d9ac5c4f9e8f3583a0c5bb957
SHA1 2afadc20eb682d3a014c29a2ff0a7fe071d04a76
SHA256 f7bc5124df28aea985a932c25befdee2ac4d484622490b01ac0c3635e63b9ba7
SHA512 262866155f6dabd46b52e320f1e7bf41bdc4d787d8936c1f103d0751b72253fdde6289daff6769505eda77ffedab5a1c4a6344a984fd4a4e53e10d6d11f56ba7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\metadata

MD5 ae07ba96b8a568a9ec4a7b955ac8a5eb
SHA1 ff63adffa65ec7280394536a76e32cd9ff77f278
SHA256 87f44ec6072023de0d4784fc4f9aa8187dc6ce86dbe5656f63c5a790cef4fde1
SHA512 7b44dfad252b6765453cbc0265c809c7b51e47c517cd3a5efa38e28229b88284569c721e4e32093a523b40d3bfa3334b3ee345349981dd6c845723a81b72a3e9

C:\Program Files\Google\Chrome\Application\debug.log

MD5 a9a97083c458deb749ac5c235e78653d
SHA1 8db5f0ab573d57d2fb1640849d9e620a816848ee
SHA256 0b82fca0858407ffff8dda639a4fe7ab62e555e9f4db5f9a84fc5aa738e0083e
SHA512 db1010e13da90cbb66e6db41de04b93071168861409213ad48b0622a62b539aa09e4f200db010650b8e16d9cc9c8ee92f8801183285be2872e7a6f2c52ae522b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\reports\d8a566f8-d263-47d4-8852-0495d0643156.dmp

MD5 815fed2c0860db3132712b25cc95eaa5
SHA1 dd7fe112c126071d5149e1e300b076e94f3ccd4a
SHA256 ad7a4f7dd8435a323b3f54290579bc2647c004d252dae3e66962669318e4bea2
SHA512 fea9420b6d6440f25a1a2b3c194f839dd06e0e52ced87727295610590e36f749428cf14e8505a4c48d01771c08a137a2a194dbb8bc61db2190a8eaa56d72854d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\metadata

MD5 c7eb94bded91676f0cdaa7f7bb1526a5
SHA1 05915888037c0111747af7c05f88f95d996e8735
SHA256 1b3729bb1941f2137e71d1ba77bb270cc7f68ace0f9dce17df5872ebe724d41c
SHA512 86e5d5be1bfc401fa30489a22b35d9f7261561be87456f8f53fc663b0d15fdecd00d72c5a213abd1619b66a4150e07afeef7ebe3c600726433d93f94010e02d3

C:\Program Files\Google\Chrome\Application\debug.log

MD5 7c7937a84736162dda045d44cec522be
SHA1 5b04f628089f060a14731d88d9d0e5d91d4d4c6f
SHA256 8c85d8b1dd9c849e460a03f9b18e0e1055b1c0008c5e6abb77cd7ae25b0a947d
SHA512 15e065ab12af523f73dbe6629ee0947b211a2eafdf9a69ce8ef7c6cffe28c9cccf7c9805a3057e59ab5759e0e4a28796b899f28e1e9fbcae94df933743a23b4f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\reports\c453d013-f472-472f-8ec0-12ac16eb33bc.dmp

MD5 8cef71f2f55f839313ded256716af54a
SHA1 659235beaea7dc72351808024a3d01e62a8a385e
SHA256 f1ec29589f2337b88dc06819fff785e698af221ba3acc44f262f93732835d08d
SHA512 697fda07692f675e5aafa66ef9d16acd85cdc1103bd57ef9acc870c76a74e90d85bcf3417a88b1d4204749e3d80847df8792aaf4bd9b2509114c6a97df0f1158

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\metadata

MD5 90cdbb1e41808739b53fd002d531d21c
SHA1 ff9d487467a0ab5799d05fd33fba89d45f7fb29e
SHA256 f5a9d848a3da2165ed6d697cbf089ce31330d958fbac3989f732722a57e74957
SHA512 5c5a98ac0aa50d69e70f2c082c125e448869712b7e5caee735b1022ff97514b584910fa068f169ce756ff476a0d18a58de13a50746ddd2b851fbe328133c3d5f

C:\Program Files\Google\Chrome\Application\debug.log

MD5 0715f84d27fdf2ae0d9b5e12580948d9
SHA1 3148c4bdc6f04a39ab7564841b8720c3b82e2980
SHA256 0a1a859f73f210fa2f7dd4551a237323b946db0cae901b964d1fc15d144c1644
SHA512 d8ea155692a200db4b06d7fcf755381870e6b11b0b8708edf1a46b1d0b97178a187fcacf20777a340f7cd63f66e8617f91e1b774de743a083f5c68130983e452

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\reports\4384b253-8763-4e6e-97b8-ffbe0885a580.dmp

MD5 ecef4aa526fdba3f86b523bc179a5ca9
SHA1 6263b7842ca13d38b2e7a1b04433389a1befc781
SHA256 50abb12cf7e8ee8b33d1b5c82076b2d96878431ac2b65a86d7e015e1451c042b
SHA512 f0e6b33997af9c8ee0b776637cdb1618928c07c69f27b16852429ef2fb0878bada62a26c2ac44432d1638ba3c6235120064526a59439677c705fc458582c3778

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\metadata

MD5 eb09548d58e5f4c6bc6e2848016e8ea9
SHA1 232bb2e460e89ec1904fab0a3d8f7e6a4ce0c448
SHA256 7987fbb3fd10231982d841683faffd755c9ddc5f0e61a38796ce9477e87dcabe
SHA512 d6780dd3ef857615b6dd1f662d6f697430d2cffac80734d7b7dab3b570f408f3295178f9fdeaf86b8f65a05f0d377542d35c09c75aa84fbf80b773884ddff22e

C:\Program Files\Google\Chrome\Application\debug.log

MD5 5895a1e8d30be960f63d4eaa119893f9
SHA1 634ecdaa732a428d93b6faa21edc160e4360ef2a
SHA256 74efe8d1302cf4c5b5e5709358f2bff94d43d39b4e065e5fc78151cbaf9cd6b7
SHA512 17fa302c0e42bd768c04fdff0d2c1c6d9b975e148c2bdf7bf0833b78ef58ffdc0983c50d623418f7bcb45b8edeb76da47545db7f9a96a311e33cb7599dd349a3

C:\Program Files\Google\Chrome\Application\debug.log

MD5 4d462e1b26bf35f1f77ed1433abb2368
SHA1 2a5f8d2ab88dd422e381acd6d9f698248cf0d32f
SHA256 8a576cbfeab241a50e3bbc9514fd5e149bffc56c5c1881f018e144838ae27673
SHA512 91c7c6f3573e9c802ba0db2b37d9d0e5ec7a382e8968d18b32b50a6e4d6fa2ff0ffa309b0b55e820aa8b79980cd854ac5b6bc4365bd341d9d701662284aabf77

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\metadata

MD5 ab44196d565a318caed350ab5bf20752
SHA1 482471b18397ffd5bd94f3bae01e91328f6262c0
SHA256 864a6b5277864c33c6a0a21a0493a2aa50fa920eb35525572937269a54816b2c
SHA512 68f73d6e7a1c71cb0af74a77418917eb3e551ad05aa3f7d28d0c2f0e3dc886a7926cb6d9bcd7624cb9c1c2505e4ef85a10cad339d5f08cea0cd5b9e9687317f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\reports\99824d27-8fc4-41a6-8696-4212d0b6eabc.dmp

MD5 bb28686b460ac2a1f7a012717d245b6f
SHA1 f0cc15ecc6786a26ced5b8a7644e8a2291b3b7ee
SHA256 0dc36656a7ef447843e5c4c99e19b608020fbf9ebefe41b4bf132400b8aa1343
SHA512 ac2e31ae7711686f24ae1aa3918d354a2539f15327d56fbe907a548d7667014d2c84fa7a6b37a14f70fa775eba13bb6a3d2b5e96698ffee1219e61e2629c4e26

C:\Program Files\Google\Chrome\Application\debug.log

MD5 65c802cd4ab6680beb40b605d339f93a
SHA1 e554fef1ea0831dc5b69644b98f051f1db3cd039
SHA256 9f0f763354f7435b1b052cb19913052e06841b0c788832bce532bd445ea61e38
SHA512 601b0dc8b9c0cf1bade37c5f215e6e2fef88bf981a90daa526ea5ceea5fe9ab31f641535e9d2aa41edb4bf8602179887c1442b1f1409d09815d2a5ea52e07037

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\metadata

MD5 79e66eed32c4829f49ad9a44d5ea2ce7
SHA1 8edc4f8e917e421ad61e9038827aea4e95d38ca2
SHA256 77579ec2bc21a7ec361a80c914fd9b717743e2768d3fbfc5c6489a8897c23b72
SHA512 c630c208923d1ef1da158270d8bdb08e22d920118178ccbeaa28bfe6b0a8358a3c0c56930f001d9e6ab3dba144728bf4530e291f7967c04575a8af073907d452

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\metadata

MD5 1c29012fe15787638da7823f972aee3e
SHA1 9be89a5742cab95eb8085bfec5e835f3aedb8db5
SHA256 4a1bf7bc94c7a65ab298e5148f007e84d042a4a0ece61aac256d9112ec9e12d9
SHA512 c00738cb7c63fa0ae143ec8ad309f6f6a37da0e7224ed4ec74a3afbb7bf4474b891fcd1ddeba8d0000533e3ef399f8d54c4b9523edf5f64a5d0ac2a928fb59f3

C:\Program Files\Google\Chrome\Application\debug.log

MD5 9b33c73a3f896af27469c03229ff769a
SHA1 e23d6d9151b265e7066c4c012f13a7a5719be3c1
SHA256 662ad91b43f17f86aaf26f85f6cef6925ba6225e8635e7674bfd56c143f42f7c
SHA512 063286a7da977ed5816f0ae51586019b1a819b03d0d8c69f47910447a03d87aa4958132af7f7daaf19f280ccac97e91f10f8d6f472c601d7d7030651b6697595

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\metadata

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\metadata

MD5 c52afb85bf4ecb1ad557084ad4d422c8
SHA1 59340550ce3402c2ea3db4d7909a69e6d6ff42f8
SHA256 c14f86467e65af217369ce78591a9cbd2aee822c563795b0ee6714da456595b3
SHA512 af2af8c52086697068a361416b82f2b2722673094caa4b53a21f6cb049940ae14feaf5ca0bff4dd559325ddcaca728673e480ba7d2ed287a7bec40e619028d4b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\metadata

MD5 764e2a203c334ed073e3c9a4d3c6de9e
SHA1 28526ec05df735be5cec9765587255cb6c87b709
SHA256 923c1d3e871275d1590c31b6928399f3afdb4894e0b1ba2fffff2843d5b6c387
SHA512 06f22c1246cdd82203c8186a8ecfffc4900d4017074e96f989389960af8454476d546f4778d7ca9c713298469fc201329a27fcaacf3a1651e2bbe11860d87d1b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\reports\6bebab8c-06ee-4637-86e5-035146d583a4.dmp

MD5 4eaf91ac396c01cb51ee568ef6bd80a6
SHA1 86c72c351c6f5573775e8db281c069b34de4259f
SHA256 46f4d5e6bdda8fd766b92847d3a950a39ee01df681123e8f9d5042432bb66fa4
SHA512 b653272cf8cc1cc3864f8b4c866b7584e6348c977d4a932eb3860b52e818cf1c81e440d493653a897cb7362990735da99ae5ed13aa4c535617bca8b39f0b105e

C:\Program Files\Google\Chrome\Application\debug.log

MD5 ed64d266b1349decad8f1fbcb2322986
SHA1 c26c78fb0772c7a7abbf49bac2296de6e7ebd777
SHA256 a18e2fd9fb1a9c180ba4b4215596bffa68de1c8989c0f6a25c3c090b4afa6180
SHA512 1559a2246a337ce573b9d922d4fbf11feb80e0ca250b02189e4ea1488c4c5955b675f543b15b7d8b0eb9d88793dbc352a4ccef0fcb406fd616dbee1549732bb4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\metadata

MD5 949a3c8a76bec1baa13ad973bc06dc80
SHA1 e7e81458461d5402abf5eb959b49be928f9efc33
SHA256 0f7e4f4dd2e9efbdd2bffed0c459961468a5e026aabfda9632d233e5639e3372
SHA512 f22fc9bfd52fdb8611dc96d5f9f5a6f91dd28d10286c2941ab05e804000e1149c4a845ab02509bcbce9570309cf396ed7ce6b6d0cc1e29aff4dc44afe5f4a53a

C:\Program Files\Google\Chrome\Application\debug.log

MD5 dd5c0a292e5b775bb65f1b2a58f00581
SHA1 6c41981bd6f94009268da555808df87eb2852cb3
SHA256 9593551916eba655c774652404f126cb18d1ccc4a847689d3c450e2bd005bd82
SHA512 5024fd0eaec937332abafb7180c4645cd7372a5257d9c0667fd7009bd92d5b66d2d5392eca31b24f00db95378dc05b242b32daf2b8a671f9fe84d4e9724d99c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\reports\74c99b3b-cd7a-4702-9593-262b6b4bf572.dmp

MD5 01a22f58efa882df07c8ff10378a5a8c
SHA1 aa93e7afae6ca1a6f8ce28a680d78078cf13c375
SHA256 6e00eaed16508eb16b57d27de88b7f82e9f10494e3ab2a7a386d3942486e563d
SHA512 75bd71ba8f0f11a6690f204580d1d4737e6671ed7699f53b7c1e9f4b38def83cab23e2ec6d041a406b55109d8f2021bf9fdfe1fd2552cca2b6bbb656ab1d6035

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\metadata

MD5 53259b8402d782180a4c11d138fed4bb
SHA1 b18504893b2bd5f6cd0aef2e8fe8b75fcff59876
SHA256 14e942dc5bbf2e31d8c950e5edb737af922b05f3e636c3f2e22a86b2e2bce614
SHA512 341940ffac68dac253910426333d725e138ab21c060c0cbf09722899a2164259743a06eba7560a46f1abbc7b98ecf37c66dad1f9e82e094aad9e6849711e1313

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\metadata

MD5 07117b9973985c3042fc9d5157210e5a
SHA1 449c2adffd4465c4183aa15aff715d9012b733e5
SHA256 4786874b3441aa8a74485e74e2e96f4f0f2d12523a142b3fb17953b9c9eaae4d
SHA512 c17f8e419f1f718f9f61e1da18feeadbe850a257c33741ea311e5fdeb19c5c2c26337a17052e27225d8db4ec5fccf79aad38a01a314c49c07026487299be9008

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\reports\b884ea49-784a-49b4-8d95-ba5ffb7a086b.dmp

MD5 8998166e7f0649f816f6b15e3f672118
SHA1 abc55078b8a513ca15cad0f2554d43f5881572f9
SHA256 80ab555f0b68817de11732523f503428ae7356f6eb73c5d0b8524eea35751300
SHA512 59784bd792a3de3f8a5a9b8b37c9cd94816bff9a051de3ab8c8ce10ad3de8c235f061930de32b9da1b081202ca674c39600ad3bbaf338746c1c0589856fb58db

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

MD5 35a71fc9765004590b456d7aa317600f
SHA1 252d17e5e7a658aa3af12ced1f714936e39fc51f
SHA256 f3d92d4c69044e2dbc63d69ba8b4c05960d5042a3348dca7c0ca25d591f8e2c2
SHA512 8fef128508492dc4f2dddaf43dacb579cbebde2e5fc7a0e5173e22837be74eb096f3bc972b2029d4c90ee55231eda3bad66e68cfcf8f7520a133f238fe971a06

memory/5080-6973-0x000000001C3D0000-0x000000001C402000-memory.dmp

C:\Users\Admin\Desktop\DECRYPT.exe

MD5 13cc3bff0f824ebe590c7f9d6515532f
SHA1 1f0d2c9f699f56b2e6019b4bdf963aa4606c0ef8
SHA256 28921f3da130eb80c2f3cb546750b76d6ba6865380e3d576d525b7fd80d234fb
SHA512 a5e9c518a945f152fd06eacf6f37ccab067d564b34efb01938529a1619191bda3480c9275d871a1ed7e445627f515c8274671ae806531d1ecc59118da348fe15

memory/940-6985-0x0000000000D30000-0x00000000011F2000-memory.dmp

memory/6000-6989-0x00000125034F0000-0x00000125034F1000-memory.dmp

memory/6000-6987-0x00000125034F0000-0x00000125034F1000-memory.dmp

memory/6000-6988-0x00000125034F0000-0x00000125034F1000-memory.dmp

memory/6000-6993-0x00000125034F0000-0x00000125034F1000-memory.dmp

memory/6000-6999-0x00000125034F0000-0x00000125034F1000-memory.dmp

memory/6000-6994-0x00000125034F0000-0x00000125034F1000-memory.dmp

memory/6000-6998-0x00000125034F0000-0x00000125034F1000-memory.dmp

memory/6000-6997-0x00000125034F0000-0x00000125034F1000-memory.dmp

memory/6000-6996-0x00000125034F0000-0x00000125034F1000-memory.dmp

memory/6000-6995-0x00000125034F0000-0x00000125034F1000-memory.dmp

memory/5080-7007-0x000000001A5A0000-0x000000001A5C4000-memory.dmp

C:\Users\Admin\Desktop\EnterHide.htm.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 8024126ef1b88faf9cfbcdd5bb261a67
SHA1 36ba307d5be203941847b30676caffff6db17210
SHA256 245fd335e42e30a78d36019da187b550d8a97c786418ba263ecc82eb9061b52a
SHA512 2fe619f59257fe6abac36d3f8082c2ea49908424953153525cbf0ccfeee3a8d37f74c0e94092c8f8caa26479de5103289b243277f540677087d8c98996fd7e91

C:\Users\Admin\Desktop\FindGrant.mpe.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 93d8fdd8cddc22193fb9234fe03ce63e
SHA1 ce2bd3fd97a2ba8dd835c723f235b32d2be3cb7c
SHA256 4c73c00b20f31ca1236b56408d9b767ed220b332b637210ceb2deb7e6af3aedf
SHA512 172d49cebc996299a70c4bbc0b89058ac538541ae8b2573acedca7ed517ce6ea2fe4a45ef6151a76f441cada2daabe35a75484e2d4fa76a2380a087ecbd19e1d

C:\Users\Admin\Desktop\RestorePop.png.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 1655206bc82e11328ed9e161bec410c0
SHA1 8ad62cf150675b78acfa09fc9ed8b6a37bb83c43
SHA256 19dd474065faff94bef7375a1b3b32ecdb245b10b05f10c623a51d86dee9505e
SHA512 1fe0a705a9baf1b279064bc7291e7453dfd167019448737a3c174c4d7969464d391180806171bb6ae9b8c80093013dff9a97c65d0e5134b8395a52dc6c8e7df1

C:\Users\Admin\Desktop\ProtectStart.html.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 358b2878b124f8826a3421924c4ab8e2
SHA1 9f846bc8aff6ddc4e5dfe1336fcc2b7bac79ca3f
SHA256 a15d991ffb30e2d46353e8a1a8bc242dd72bd5d4b572aa0f5f08df1eb0458f82
SHA512 be84fbbd1f4f21b7b62208f57d43060b8534ce61676657dd0c165b88731346d7b9d9d5e2b6eda3f36fdb2dfc0deee5f4580d52264b38ca012b3b469d8e941c91

C:\Users\Admin\Desktop\Microsoft Edge.lnk.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 9bec3517d0f7f5223c8551d383a8fd01
SHA1 4c66572e3775d1b40a93aa34a15101533fe25c7e
SHA256 397c3eba40a3301a00aa9e0ae7891364d24777f875d3e8289405eef23436ea18
SHA512 f991f2456dd12358b1d2668a3d48cde58bbf08eefbe391e68c962b892e14eebc52e106478dcbfbc0ea9885510542a6b63228c2eea706c335f3a3260ec1b2e7e5

memory/5080-7023-0x000000001C710000-0x000000001C742000-memory.dmp

memory/5080-7024-0x00007FFF2CD30000-0x00007FFF2D7F1000-memory.dmp