e11ade8b94dbb5374102669ea589bc1072ea07b93897f3b36fa045f5192ef0ba

Resubmissions

11/07/2024, 20:44

240711-zjbl5stbjk 7

11/07/2024, 20:30

240711-y939easfqk 7

Analysis

max time kernel
111s
max time network
115s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
11/07/2024, 20:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

anki-24.06.3-windows-qt6.exe
Size

145.8MB
MD5

3c83f63116220d1972f3c8c30b0c143d
SHA1

ea46fb7e0c9b0ce365c23039237a7531642dc079
SHA256

e11ade8b94dbb5374102669ea589bc1072ea07b93897f3b36fa045f5192ef0ba
SHA512

c2516bfe26b51fd89dbc996b3d6c2f7bff5efa1a0f93042cfd0b2e3fe1f76344bd02a75e83d2aac901d6d5dafbec5ddf0fb136eec8fd926cfab8c7569d2c494b
SSDEEP

3145728:lsrWZaVmBrEfme9vrTyVAhdpFD6OrTggWcU5Gzupj4:SKZaXfmcv6VqdpFD3TggUku94

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Executes dropped EXE 6 IoCs

pid	Process
3484	anki.exe
3992	QtWebEngineProcess.exe
5024	QtWebEngineProcess.exe
3752	QtWebEngineProcess.exe
3368	mpv.exe
3044	QtWebEngineProcess.exe

Loads dropped DLL 64 IoCs

pid	Process
3892	anki-24.06.3-windows-qt6.exe
3892	anki-24.06.3-windows-qt6.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 39 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\anki.apkg	anki-24.06.3-windows-qt6.exe
Key created	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\anki.apkg\DefaultIcon	anki-24.06.3-windows-qt6.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\anki.apkg\shell\ = "open"	anki-24.06.3-windows-qt6.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\.colpkg\anki.colpkg_backup	anki-24.06.3-windows-qt6.exe
Key created	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\anki.ankiaddon\shell	anki-24.06.3-windows-qt6.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\.apkg\ = "anki.apkg"	anki-24.06.3-windows-qt6.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\anki.colpkg\ = "Anki collection package"	anki-24.06.3-windows-qt6.exe
Key created	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\.ankiaddon	anki-24.06.3-windows-qt6.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\anki.ankiaddon\shell\open\ = "Open with Anki"	anki-24.06.3-windows-qt6.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\anki.ankiaddon\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Anki\\anki.exe,0"	anki-24.06.3-windows-qt6.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\anki.apkg\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Anki\\anki.exe \"%L\""	anki-24.06.3-windows-qt6.exe
Key created	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\.colpkg	anki-24.06.3-windows-qt6.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\.ankiaddon\ = "anki.ankiaddon"	anki-24.06.3-windows-qt6.exe
Key created	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\anki.ankiaddon\DefaultIcon	anki-24.06.3-windows-qt6.exe
Key created	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\anki.ankiaddon\shell\open	anki-24.06.3-windows-qt6.exe
Key created	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\anki.ankiaddon\shell\open\command	anki-24.06.3-windows-qt6.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\.apkg\anki.apkg_backup	anki-24.06.3-windows-qt6.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\anki.apkg\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Anki\\anki.exe,0"	anki-24.06.3-windows-qt6.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\.colpkg\ = "anki.colpkg"	anki-24.06.3-windows-qt6.exe
Key created	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\anki.colpkg\shell\open	anki-24.06.3-windows-qt6.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\anki.colpkg\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Anki\\anki.exe \"%L\""	anki-24.06.3-windows-qt6.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\anki.ankiaddon\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Anki\\anki.exe \"%L\""	anki-24.06.3-windows-qt6.exe
Key created	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\.apkg	anki-24.06.3-windows-qt6.exe
Key created	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\anki.apkg\shell	anki-24.06.3-windows-qt6.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\anki.colpkg\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Anki\\anki.exe,0"	anki-24.06.3-windows-qt6.exe
Key created	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\anki.apkg\shell\open\command	anki-24.06.3-windows-qt6.exe
Key created	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\anki.colpkg\DefaultIcon	anki-24.06.3-windows-qt6.exe
Key created	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\anki.colpkg\shell\open\command	anki-24.06.3-windows-qt6.exe
Key created	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\anki.ankiaddon	anki-24.06.3-windows-qt6.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\anki.ankiaddon\ = "Anki add-on"	anki-24.06.3-windows-qt6.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\anki.ankiaddon\shell\ = "open"	anki-24.06.3-windows-qt6.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\anki.colpkg\shell\open\ = "Open with Anki"	anki-24.06.3-windows-qt6.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\.ankiaddon\anki.ankiaddon_backup	anki-24.06.3-windows-qt6.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\anki.apkg\ = "Anki deck package"	anki-24.06.3-windows-qt6.exe
Key created	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\anki.apkg\shell\open	anki-24.06.3-windows-qt6.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\anki.apkg\shell\open\ = "Open with Anki"	anki-24.06.3-windows-qt6.exe
Key created	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\anki.colpkg	anki-24.06.3-windows-qt6.exe
Key created	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\anki.colpkg\shell	anki-24.06.3-windows-qt6.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\anki.colpkg\shell\ = "open"	anki-24.06.3-windows-qt6.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3484	anki.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3892	anki-24.06.3-windows-qt6.exe
3892	anki-24.06.3-windows-qt6.exe
3892	anki-24.06.3-windows-qt6.exe
3892	anki-24.06.3-windows-qt6.exe
3484	anki.exe
3484	anki.exe
3992	QtWebEngineProcess.exe
5024	QtWebEngineProcess.exe
3752	QtWebEngineProcess.exe
3044	QtWebEngineProcess.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3484	anki.exe

Suspicious use of AdjustPrivilegeToken 60 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3484	anki.exe
Token: SeCreatePagefilePrivilege	3484	anki.exe
Token: SeShutdownPrivilege	3484	anki.exe
Token: SeCreatePagefilePrivilege	3484	anki.exe
Token: SeShutdownPrivilege	3484	anki.exe
Token: SeCreatePagefilePrivilege	3484	anki.exe
Token: SeShutdownPrivilege	3484	anki.exe
Token: SeCreatePagefilePrivilege	3484	anki.exe
Token: SeShutdownPrivilege	3484	anki.exe
Token: SeCreatePagefilePrivilege	3484	anki.exe
Token: SeShutdownPrivilege	3484	anki.exe
Token: SeCreatePagefilePrivilege	3484	anki.exe
Token: SeShutdownPrivilege	3484	anki.exe
Token: SeCreatePagefilePrivilege	3484	anki.exe
Token: SeShutdownPrivilege	3484	anki.exe
Token: SeCreatePagefilePrivilege	3484	anki.exe
Token: SeShutdownPrivilege	3484	anki.exe
Token: SeCreatePagefilePrivilege	3484	anki.exe
Token: SeShutdownPrivilege	3484	anki.exe
Token: SeCreatePagefilePrivilege	3484	anki.exe
Token: SeShutdownPrivilege	3484	anki.exe
Token: SeCreatePagefilePrivilege	3484	anki.exe
Token: SeShutdownPrivilege	3484	anki.exe
Token: SeCreatePagefilePrivilege	3484	anki.exe
Token: SeShutdownPrivilege	3484	anki.exe
Token: SeCreatePagefilePrivilege	3484	anki.exe
Token: SeShutdownPrivilege	3484	anki.exe
Token: SeCreatePagefilePrivilege	3484	anki.exe
Token: SeShutdownPrivilege	3484	anki.exe
Token: SeCreatePagefilePrivilege	3484	anki.exe
Token: SeShutdownPrivilege	3484	anki.exe
Token: SeCreatePagefilePrivilege	3484	anki.exe
Token: SeShutdownPrivilege	3484	anki.exe
Token: SeCreatePagefilePrivilege	3484	anki.exe
Token: SeShutdownPrivilege	3484	anki.exe
Token: SeCreatePagefilePrivilege	3484	anki.exe
Token: SeShutdownPrivilege	3484	anki.exe
Token: SeCreatePagefilePrivilege	3484	anki.exe
Token: SeShutdownPrivilege	3484	anki.exe
Token: SeCreatePagefilePrivilege	3484	anki.exe
Token: SeShutdownPrivilege	3484	anki.exe
Token: SeCreatePagefilePrivilege	3484	anki.exe
Token: SeShutdownPrivilege	3484	anki.exe
Token: SeCreatePagefilePrivilege	3484	anki.exe
Token: SeShutdownPrivilege	3484	anki.exe
Token: SeCreatePagefilePrivilege	3484	anki.exe
Token: SeShutdownPrivilege	3484	anki.exe
Token: SeCreatePagefilePrivilege	3484	anki.exe
Token: SeShutdownPrivilege	3484	anki.exe
Token: SeCreatePagefilePrivilege	3484	anki.exe
Token: SeShutdownPrivilege	3484	anki.exe
Token: SeCreatePagefilePrivilege	3484	anki.exe
Token: SeShutdownPrivilege	3484	anki.exe
Token: SeCreatePagefilePrivilege	3484	anki.exe
Token: SeShutdownPrivilege	3484	anki.exe
Token: SeCreatePagefilePrivilege	3484	anki.exe
Token: SeShutdownPrivilege	3484	anki.exe
Token: SeCreatePagefilePrivilege	3484	anki.exe
Token: SeShutdownPrivilege	3484	anki.exe
Token: SeCreatePagefilePrivilege	3484	anki.exe

Suspicious use of SetWindowsHookEx 53 IoCs

pid	Process
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe
3484	anki.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3484 wrote to memory of 1748	3484	anki.exe	83
PID 3484 wrote to memory of 1748	3484	anki.exe	83
PID 3484 wrote to memory of 3996	3484	anki.exe	85
PID 3484 wrote to memory of 3996	3484	anki.exe	85
PID 3484 wrote to memory of 3752	3484	anki.exe	88
PID 3484 wrote to memory of 3752	3484	anki.exe	88
PID 3484 wrote to memory of 3752	3484	anki.exe	88
PID 3484 wrote to memory of 3752	3484	anki.exe	88
PID 3484 wrote to memory of 3752	3484	anki.exe	88
PID 3484 wrote to memory of 3752	3484	anki.exe	88
PID 3484 wrote to memory of 3752	3484	anki.exe	88
PID 3484 wrote to memory of 3752	3484	anki.exe	88
PID 3484 wrote to memory of 3752	3484	anki.exe	88
PID 3484 wrote to memory of 3752	3484	anki.exe	88
PID 3484 wrote to memory of 3752	3484	anki.exe	88
PID 3484 wrote to memory of 3752	3484	anki.exe	88
PID 3484 wrote to memory of 3752	3484	anki.exe	88
PID 3484 wrote to memory of 3752	3484	anki.exe	88
PID 3484 wrote to memory of 3752	3484	anki.exe	88
PID 3484 wrote to memory of 3752	3484	anki.exe	88
PID 3484 wrote to memory of 3752	3484	anki.exe	88
PID 3484 wrote to memory of 3752	3484	anki.exe	88
PID 3484 wrote to memory of 3752	3484	anki.exe	88
PID 3484 wrote to memory of 3752	3484	anki.exe	88
PID 3484 wrote to memory of 3752	3484	anki.exe	88
PID 3484 wrote to memory of 3752	3484	anki.exe	88
PID 3484 wrote to memory of 3752	3484	anki.exe	88
PID 3484 wrote to memory of 3752	3484	anki.exe	88
PID 3484 wrote to memory of 3752	3484	anki.exe	88
PID 3484 wrote to memory of 3752	3484	anki.exe	88
PID 3484 wrote to memory of 3752	3484	anki.exe	88
PID 3484 wrote to memory of 3752	3484	anki.exe	88
PID 3484 wrote to memory of 3752	3484	anki.exe	88
PID 3484 wrote to memory of 3752	3484	anki.exe	88
PID 3484 wrote to memory of 3752	3484	anki.exe	88
PID 3484 wrote to memory of 3752	3484	anki.exe	88
PID 3484 wrote to memory of 3752	3484	anki.exe	88
PID 3484 wrote to memory of 3752	3484	anki.exe	88
PID 3484 wrote to memory of 3752	3484	anki.exe	88
PID 3484 wrote to memory of 3752	3484	anki.exe	88
PID 3484 wrote to memory of 3752	3484	anki.exe	88
PID 3484 wrote to memory of 3752	3484	anki.exe	88
PID 3484 wrote to memory of 3752	3484	anki.exe	88
PID 3484 wrote to memory of 3752	3484	anki.exe	88
PID 3484 wrote to memory of 3752	3484	anki.exe	88
PID 3484 wrote to memory of 3992	3484	anki.exe	89
PID 3484 wrote to memory of 3992	3484	anki.exe	89
PID 3484 wrote to memory of 3992	3484	anki.exe	89
PID 3484 wrote to memory of 3992	3484	anki.exe	89
PID 3484 wrote to memory of 3992	3484	anki.exe	89
PID 3484 wrote to memory of 3992	3484	anki.exe	89
PID 3484 wrote to memory of 3992	3484	anki.exe	89
PID 3484 wrote to memory of 3992	3484	anki.exe	89
PID 3484 wrote to memory of 3992	3484	anki.exe	89
PID 3484 wrote to memory of 3992	3484	anki.exe	89
PID 3484 wrote to memory of 3992	3484	anki.exe	89
PID 3484 wrote to memory of 3992	3484	anki.exe	89
PID 3484 wrote to memory of 3992	3484	anki.exe	89
PID 3484 wrote to memory of 3992	3484	anki.exe	89
PID 3484 wrote to memory of 3992	3484	anki.exe	89
PID 3484 wrote to memory of 3992	3484	anki.exe	89
PID 3484 wrote to memory of 3992	3484	anki.exe	89
PID 3484 wrote to memory of 3992	3484	anki.exe	89
PID 3484 wrote to memory of 3992	3484	anki.exe	89

C:\Users\Admin\AppData\Local\Temp\anki-24.06.3-windows-qt6.exe
"C:\Users\Admin\AppData\Local\Temp\anki-24.06.3-windows-qt6.exe"
1⤵
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:3892

C:\Users\Admin\AppData\Local\Programs\Anki\anki.exe
"C:\Users\Admin\AppData\Local\Programs\Anki\anki.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3484
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c "ver"
  2⤵
  PID:1748
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c "ver"
  2⤵
  PID:3996
- C:\Users\Admin\AppData\Local\Programs\Anki\lib\PyQt6\Qt6\bin\QtWebEngineProcess.exe
  "C:\Users\Admin\AppData\Local\Programs\Anki\lib\PyQt6\Qt6\bin\QtWebEngineProcess.exe" --type=renderer --webengine-schemes=qrc:sV --first-renderer-process --disable-speech-api --enable-threaded-compositing --disable-databases --disable-gpu-compositing --disable-blink-features=EyeDropperAPI --lang=en --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --mojo-platform-channel-handle=3556 --enable-features=NetworkServiceInProcess2,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,EyeDropper,InstalledApp,WebOTP,WebPayments,WebUSB /prefetch:1
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:3752
- C:\Users\Admin\AppData\Local\Programs\Anki\lib\PyQt6\Qt6\bin\QtWebEngineProcess.exe
  "C:\Users\Admin\AppData\Local\Programs\Anki\lib\PyQt6\Qt6\bin\QtWebEngineProcess.exe" --type=renderer --webengine-schemes=qrc:sV --disable-speech-api --enable-threaded-compositing --disable-databases --disable-gpu-compositing --disable-blink-features=EyeDropperAPI --lang=en --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=3600 --enable-features=NetworkServiceInProcess2,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,EyeDropper,InstalledApp,WebOTP,WebPayments,WebUSB /prefetch:1
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:3992
- C:\Users\Admin\AppData\Local\Programs\Anki\lib\PyQt6\Qt6\bin\QtWebEngineProcess.exe
  "C:\Users\Admin\AppData\Local\Programs\Anki\lib\PyQt6\Qt6\bin\QtWebEngineProcess.exe" --type=renderer --webengine-schemes=qrc:sV --disable-speech-api --enable-threaded-compositing --disable-databases --disable-gpu-compositing --disable-blink-features=EyeDropperAPI --lang=en --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3844 --enable-features=NetworkServiceInProcess2,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,EyeDropper,InstalledApp,WebOTP,WebPayments,WebUSB /prefetch:1
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:5024
- C:\Users\Admin\AppData\Local\Programs\Anki\mpv.exe
  C:\Users\Admin\AppData\Local\Programs\Anki\mpv.exe --idle --no-terminal --force-window=no --ontop --audio-display=no --keep-open=no --autoload-files=no --gapless-audio=no --reset-on-next-file=pause --af-add=lavfi=[apad=pad_dur=0.150] --input-media-keys=no --config-dir=C:\Users\Admin\AppData\Roaming\Anki2 --input-ipc-server=ankimpv3484
  2⤵
  - Executes dropped EXE
  PID:3368
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c "ver"
  2⤵
  PID:3084
- C:\Users\Admin\AppData\Local\Programs\Anki\lib\PyQt6\Qt6\bin\QtWebEngineProcess.exe
  "C:\Users\Admin\AppData\Local\Programs\Anki\lib\PyQt6\Qt6\bin\QtWebEngineProcess.exe" --type=renderer --webengine-schemes=qrc:sV --disable-speech-api --enable-threaded-compositing --disable-databases --disable-gpu-compositing --disable-blink-features=EyeDropperAPI --lang=en --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=5232 --enable-features=NetworkServiceInProcess2,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,EyeDropper,InstalledApp,WebOTP,WebPayments,WebUSB /prefetch:1
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:3044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Programs\Anki\lib\PyQt6\Qt6\translations\qtdeclarative_en.qm

Filesize
16B

MD5
bcebcf42735c6849bdecbb77451021dd

SHA1
4884fd9af6890647b7af1aefa57f38cca49ad899

SHA256
9959b510b15d18937848ad13007e30459d2e993c67e564badbfc18f935695c85

SHA512
f951b511ffb1a6b94b1bcae9df26b41b2ff829560583d7c83e70279d1b5304bde299b3679d863cad6bb79d0beda524fc195b7f054ecf11d2090037526b451b78

Download Submit
C:\Users\Admin\AppData\Local\Programs\Anki\lib\_bz2.pyd

Filesize
77KB

MD5
c5f78627cff76af72b2fec9ba6f2bc54

SHA1
fb4d161e82f4cf37af00bb4cb659d46f576d6d75

SHA256
12364cbd20d1d4c1718daa0681882f5b0661787e834b0aa0c659aa189017377d

SHA512
55626a6d0e71e3a5edeb70f931f693b96d076b421670e1d39d593310f567d779f0e5086f01b0a36904a54810053aec8fc64fda1d552f08771f5769705c9b7694

Download Submit
C:\Users\Admin\AppData\Local\Programs\Anki\lib\_ctypes.pyd

Filesize
123KB

MD5
358963b8c78510fd719181f3459d5382

SHA1
25f1fe963e23d52b518e410b6a022d27938707be

SHA256
fe76b8b3f232704841fbbcceaceb153d21114ee05e69e1b02da5fd48db2e5723

SHA512
b1c99b55cee2989cd96e7d7b96ea277f240eba4c2d5409389108724e586c9e3c57c07d0495d3dab6427ae679d7d23cf7d7538e8b28b81ad11d58bff97e4069ed

Download Submit
C:\Users\Admin\AppData\Local\Programs\Anki\lib\_elementtree.pyd

Filesize
179KB

MD5
6ccdac3adbc8fb298bec5099b5213490

SHA1
b03d42e8e47c8de45425c5f9378a4000f3068771

SHA256
315702df71644b82f5ca29e2f242674b5218b3c38d9495a132269a42ee6797e9

SHA512
f6f40878592077821ea5ae23febe83b2a48e0f98f2db57e62973ef8bedb28b291e5b907f70463dbb798b1afb490a457ac4e0105ff4d218d8b6aa9d108859a6b4

Download Submit
C:\Users\Admin\AppData\Local\Programs\Anki\lib\_lzma.pyd

Filesize
153KB

MD5
442b28b3a8e0df4beb7702e28f81c950

SHA1
0d8873781089f366ff18181a995d6a7ec651dcbf

SHA256
6c666bc84b54bc77d9d287981a8b5e17a93914bc35d4a1c0002cbbfbefbf43b1

SHA512
5a4684e9d44eae66d451c011977a8ddfb0039401d9a2ca285e694222ab584604d07309a768ee3f5389e494739f2250c639f18ab5221c744574044c846c4e04a0

Download Submit
C:\Users\Admin\AppData\Local\Programs\Anki\lib\anki\_rsbridge.pyd

Filesize
23.3MB

MD5
e181d1de97e2e9725ebcc5e3e59ea76c

SHA1
87d7118e1f595a53887f90e0306d6d19330f7c46

SHA256
a1a1f9dbf543841ba0dde782b1e2c476d9f86d95474d15f1631da00d02d39bb7

SHA512
317716e8a465abb4ad81dec557fc92586462b9b58a348fcf992e0abd26610bb29ef07b2bac120b681c1d234a2d84cb7ae4d799f55c2894f0180112aaeefcd132

Download Submit
C:\Users\Admin\AppData\Local\Programs\Anki\lib\google\_upb\_message.cp39-win_amd64.pyd

Filesize
749KB

MD5
bdfe4ec2f50aa6e97d5844843d5fb972

SHA1
58826660861316184c77bf25c39c9b64116850d4

SHA256
5fa0311657d573addc1a55b9bc85cd7a2587e4fffe52d67d4f82e21905bd6949

SHA512
89ffafd259ec38a33517e632a5ee8bef6f664225b16f69953ff94ee1440e2bed1b3a2dbaa0ed976aae0e289428decbd6b9321d2db9cc98fa43edfd999abdd5e7

Download Submit
C:\Users\Admin\AppData\Local\Programs\Anki\lib\google\protobuf\__init__.py

Filesize
346B

MD5
0be9054f9f1eac9c1baa58c766492604

SHA1
818a67d1e8a1d9db31310d4277e3b54a3f30868d

SHA256
aa4d9b64da656f22bebe42fe347952a785f79c09972252631a06e4e7158095d2

SHA512
ec1c532526cf8315239dfad23601a0d400d31c1b54917683df032f18d9e2cd14b879f4e04ff8ad3183587b452902ec45d9efb7ecebbcf6c712bd0d7209c073b3

Download Submit
C:\Users\Admin\AppData\Local\Programs\Anki\lib\google\protobuf\__pycache__\__init__.cpython-39.opt-2.pyc

Filesize
167B

MD5
88a6255d72defca6e21d35a8b62f0a43

SHA1
8b6aea26073415294b70022aaa81b4c703fa4123

SHA256
20b05792f7c16ca56fc8548bef713a8fc66b34d23879602ed27bbc9a99f20012

SHA512
5ec9271d17a173cdedb8f94b67c24ecee406344c4043c4f287bcb5c828e987b875d660da55971fcbf8231c3d76fbc55ecdd6ddeeab28899d17ee973c5946d0c8

Download Submit
C:\Users\Admin\AppData\Local\Programs\Anki\lib\google\protobuf\__pycache__\descriptor.cpython-39.opt-2.pyc

Filesize
20KB

MD5
a86bec3315e75577e19dc44f282f4b98

SHA1
af059f00808c36cf9687c18356abfed6ecf54fe0

SHA256
81e0fc0bb827acbc0f9e0a6e345f9ffeb04c6067cf083a8dae6f1e44d6480689

SHA512
703761b7563e46ee71cd4c0eb4f53f9646f58f206f3f71bc07c2c0575a0a716fdf8ae792a0362afd58b762f132d0b17a528dfaf58c239788d68a288583fecaba

Download Submit
C:\Users\Admin\AppData\Local\Programs\Anki\lib\google\protobuf\__pycache__\message.cpython-39.opt-2.pyc

Filesize
5KB

MD5
dec440d30e08b449ab90348365a53de8

SHA1
2aa3d7cdc188f44ac31e7d49380b2c4719d6db95

SHA256
0f4350f62540c168c83de621dd8ca9a73f52173929c5c7d10b25a77718d982be

SHA512
f36920808a85c84b53331c9ab34a83cf7d5d29f1258fea73c6d665ac5c43153ee0b73ddd2373a28738931cd0dcd725c43e2b346747520cdf73e09e125a8c7232

Download Submit
C:\Users\Admin\AppData\Local\Programs\Anki\lib\google\protobuf\__pycache__\text_format.cpython-39.opt-2.pyc

Filesize
28KB

MD5
75a556aa04f518d11a6990df630e37aa

SHA1
bb14f5589f6bba59e64815974230d9b0f12334ce

SHA256
5a452822fdf2b3e0ccab31f3a1029d249c84b004112407122cb26d6089cc95fd

SHA512
c279618eec38f5b218468a4cbf9116bf8443538a23c71adc4c9cf0578a67cfbd579e9caf0e3eaf8bf9445e4176495742c2214d087e7ff35acf3e6c8b9cf4218d

Download Submit
C:\Users\Admin\AppData\Local\Programs\Anki\lib\google\protobuf\descriptor.py

Filesize
46KB

MD5
daba9ab2d8274765f9ffb6aa8de7ef5c

SHA1
1997a14545e825bcbef341cb4a8956f535370a67

SHA256
f79d40f5bdcc8bf84636181a05d46f51566f251c55f8e6bff264b49da583d5b3

SHA512
cec63d66b084fef25d8cb01c2d3b375c04ad121beeb60d84848c18b2f8740331d35268123a53bf0d7d0aa72c682dc43a9d59dc40ab54ad0ca313f5ad34e10f79

Download Submit
C:\Users\Admin\AppData\Local\Programs\Anki\lib\google\protobuf\internal\__init__.py

Filesize
272B

MD5
624bba45252708a760752704ededffc2

SHA1
8c01984da61d72fef6b8a260d0d1c3aff1314839

SHA256
f1dfe4d64b0d588baa3c310412d3a3802dd7c7c9005c3dbed3847b9b126549bb

SHA512
398fba4ba3d3bc4ae7252fc880ea867f7d0dff5fe9c6b2fe6837c016da722c146922808850828212f892ef8e2a3e3e945e13fa3103482cd19a21e26f877cd08e

Download Submit
C:\Users\Admin\AppData\Local\Programs\Anki\lib\google\protobuf\internal\__pycache__\__init__.cpython-39.opt-2.pyc

Filesize
154B

MD5
55472bd3b1cf1311f2722c13dbbc0c13

SHA1
88d37d509841f0f4adcd0324a6d7bda49b6bb67b

SHA256
3f4029361c1db4a81d695932f78e2972f430487ce099517f85e5765d7eda89ed

SHA512
b5129bcd83e2a4d367dcf84490ba48930557be31bb31d7322325d108488b3986f72551f20740f17d74317043c884db349d961ea0f8b63ecd78b71819a6cef55d

Download Submit
C:\Users\Admin\AppData\Local\Programs\Anki\lib\google\protobuf\internal\__pycache__\api_implementation.cpython-39.opt-2.pyc

Filesize
2KB

MD5
236c8879d640ab2fdc658dbec484fb9b

SHA1
aacbb6133097843d1594a51e9eaa4475609eb858

SHA256
463d41a2add6bab261c6154b706797e2b117d839491810bdd27c50576a01b70a

SHA512
7400707fe27cf8ebba6d89be78c863eda66a463b4cbc8a125e9b473590e5b6379cd9f08fa4369fb20e356539249335c985f03de2732bfd8245e8235ed76e0130

Download Submit
C:\Users\Admin\AppData\Local\Programs\Anki\lib\google\protobuf\internal\__pycache__\builder.cpython-39.opt-2.pyc

Filesize
2KB

MD5
3a809dccc7d728c10d5269175c7ed83b

SHA1
d621b8569b9999fa942546fe09645865a0212fdc

SHA256
2063f8388eb456e2335a0b37d3bc0b02070cae4447f560305fe2dcc38c740000

SHA512
1ef20ab5b893f02f7fab0201c013012dae784442cd73dbd2b05d5eac832886d022a61ee21d38ba9c7f09c82c61c207020d10ab157ff2e97879632a22ab5c9cb7

Download Submit
C:\Users\Admin\AppData\Local\Programs\Anki\lib\google\protobuf\internal\__pycache__\containers.cpython-39.opt-2.pyc

Filesize
18KB

MD5
c00977e2f4f38db0707476730ec37d9e

SHA1
b8778f2dd5911cddec4768a322c88593252a13e2

SHA256
ed5851bbe1b40cdd5e306e2aa2cd9d80d1897c1d3faf63822a1549700e91a0ea

SHA512
b37f53a23d26e2e1292118ea083f4316c1bee28c8cc4fa3c75bdc28855a7f0fe7b7b032b118efd37bf4e37e505647fb49dd97f242eb0883f3f69490d3e673f9f

Download Submit
C:\Users\Admin\AppData\Local\Programs\Anki\lib\google\protobuf\internal\__pycache__\decoder.cpython-39.opt-2.pyc

Filesize
16KB

MD5
61dd6da3e220d3de76687f7b023ddf13

SHA1
cc05fe2b8ed0ff4058df09f5962ee0193ec39250

SHA256
91d04d24736378ac83e7d39c2815a788e3f4357a1ed896345893f3189147e1fb

SHA512
1ec8c71e10521df14053a6666fb4a9efd9f361090bf15b92fad6d5dc72567887eb7213c2ed9694c8c8cc6eee1d1bdc4c0f12ffe4988fabbf5f0169f526b7379d

Download Submit
C:\Users\Admin\AppData\Local\Programs\Anki\lib\google\protobuf\internal\__pycache__\encoder.cpython-39.opt-2.pyc

Filesize
17KB

MD5
cdf579c2b753c9b439421f50f91db4aa

SHA1
e5276fd6e123d9a16b2d8d90f0f4fd1b7a8c4356

SHA256
c219e673010f4478278f71c66a188ac70457935eb9886d6690b4b6eb56d287bc

SHA512
e98d58280125f28fb666b3d6bd84d74359b20b00bf834817d6ba2723d006e4838e9793dc298937ea6ffb415047896defe7f4a8d8d465f5a7c09b3a0042de69f4

Download Submit
C:\Users\Admin\AppData\Local\Programs\Anki\lib\google\protobuf\internal\__pycache__\enum_type_wrapper.cpython-39.opt-2.pyc

Filesize
2KB

MD5
5ce95cd1dcf382a546ec323aca35d22f

SHA1
ffa503dd67445c304298d92f89f70a4f84fa99e4

SHA256
963523ceb698af5e962f4ed47f0cb8543fe0cca9ad9c2905ee0e66c5e99669bc

SHA512
2204f7238df9e0a1c3c3adaf9a6b99f6d55091f1a9c8e21b8427ce639c52617888ab4996eb62cd9a6ef98a9a1ce7cc842b3a8159f23d2ed010d76951c94100f5

Download Submit
C:\Users\Admin\AppData\Local\Programs\Anki\lib\google\protobuf\internal\__pycache__\python_message.cpython-39.opt-2.pyc

Filesize
30KB

MD5
53df2e088c26493d1fbcfcb98c88c686

SHA1
aa64eb9ac9e610ecbb5fc2ad172e4fb7765a78e0

SHA256
be4adba48f6ac5ca62827e5d3063efa8f58806b3fc663c05c7f28a1b54d7115f

SHA512
26228bc1e29fbf3f9f19dd75d92b1f3dc473d978cd6d43ff3b7136bdf78e223c64eb358030fb68121a3216c022717c5ddc4c820cf6eca5c73396452a782c31ea

Download Submit
C:\Users\Admin\AppData\Local\Programs\Anki\lib\google\protobuf\internal\__pycache__\type_checkers.cpython-39.opt-2.pyc

Filesize
9KB

MD5
120ff88f0a7639f9612f1785f4daf8da

SHA1
30adf9668584955cedbb3ccecedc4b059e69ddaf

SHA256
72e73eb4bfbf950d4565e1a1b7bf4bf7626a08f806503587cffab59b81da9e9c

SHA512
24b41128ed7d6fa2aab73133e8cce6da24de64ff071821c9190943362e6af51614d2711bda4a6eef1dd5353f60177af8ced7a93f7797f74c4d88c8de2fbdc77d

Download Submit
C:\Users\Admin\AppData\Local\Programs\Anki\lib\google\protobuf\internal\__pycache__\wire_format.cpython-39.opt-2.pyc

Filesize
5KB

MD5
dbc9ce27b6680c986367eeb9e10f00a6

SHA1
47c5dc44cc482b26dc3279fbd2456cab5dab060f

SHA256
38be665ca8a4b3efb8449f0f5e8025f1c3cd30b525974364b97cc25e39692c1c

SHA512
7d391d632cff0836666b9a2f4e80e5aaa7e7383c9c6f8a25e671c5d285583420200804edcd1361f56ea93f2d0f5a0810088604e7983c15c49f31bc4be3bce445

Download Submit
C:\Users\Admin\AppData\Local\Programs\Anki\lib\google\protobuf\internal\api_implementation.py

Filesize
4KB

MD5
84046a54159997aff1cc8d51b80012a2

SHA1
45260b1dd7c3a762a5b47bcaa863255a3371c4e7

SHA256
89645eaa70f0d92237437a86256aff4915dc9dba67d5fd411f7097926bbd47c5

SHA512
1df5b5b25d75531fd568beff0c70dc38aaf633aaab9e887b253b10a5f201565b739837fa19fae9cf04af96480cb2c6a5b79cd9619cd418eaf5fe45e74b40828e

Download Submit
C:\Users\Admin\AppData\Local\Programs\Anki\lib\google\protobuf\internal\builder.py

Filesize
3KB

MD5
1a5552deebaa3ea616bda8e4a52aaa1d

SHA1
e8a7276be29714964b9b654012de6877db624784

SHA256
4da34823ba235a226994fc2478b67c4f697c3010b717dd962aca70cc5172d940

SHA512
abd86ed06635f87c43716932a44195baa9d68e9cfc20f2985e2226f596b9b1c75b1a20aee577cae8ce924fbf22b42fb267104908218a26b119c6db5a6598c995

Download Submit
C:\Users\Admin\AppData\Local\Programs\Anki\lib\google\protobuf\internal\containers.py

Filesize
21KB

MD5
76898bb7c73c86702ae151af085f3e36

SHA1
3a8d16ac176e8815436f63ae3c2a9c27b7e3fbdc

SHA256
1db919c7b9a25c6c3ab5651161f9b1c6298a6d10708ef931601d1eedd7df22a5

SHA512
108f84daa69dba00b417e3ec4aaf03f054adc3f12dbfdc0e57563266ddfac62d233ca024be7ca8e36dedce051e7c01e3ba8487828a14bc3c761e636a145cdc46

Download Submit
C:\Users\Admin\AppData\Local\Programs\Anki\lib\google\protobuf\internal\decoder.py

Filesize
36KB

MD5
8a668e987d006fbd58989144d0c8dc2d

SHA1
55efe2bde05bcb05e05e5b189a005c13052f3396

SHA256
0a771ed647969b31ff61e03285b7a68a81fd87a38b1dcfc7e9bfe2e00b57d460

SHA512
53579eeb96554cb492d9624aefbe1b17f2283372a93adeb02e05933aa97de8f4393a10252dee3c61bae210274cb8545b0ecdaf27b59992fd816582eea6611f4d

Download Submit
C:\Users\Admin\AppData\Local\Programs\Anki\lib\google\protobuf\internal\encoder.py

Filesize
26KB

MD5
94be766ad81522dde50a57c7a6767572

SHA1
2db2ae022780ad6e861917cda5d7ca53a3b2b83f

SHA256
56e8e9ddb535d1d2c16ac52745a199283f994cbabbcc4180f302a1ee654b47e8

SHA512
9c3d6855a3e51706d0fe2126a4a54f59537e9f846597ad98c877b6a5d3232f43f814a1735cfdadd4156ae3465ba5315f3a95399a931a3bf58ecc15641b943473

Download Submit
C:\Users\Admin\AppData\Local\Programs\Anki\lib\google\protobuf\internal\enum_type_wrapper.py

Filesize
3KB

MD5
499fd1c559bbc5f73ad0d995e3769f12

SHA1
28ad362253f77c7fcc462c5e4d434905f68a0319

SHA256
f5e5a1b87860cd7de9893df71ccc7dcbcfd8d4a4ee7721a12280e93cfd34f828

SHA512
58cb661022e758b8bc54f259fc267821fb7b468f84ae075f6ebbd0921ae0c27e345bdc9573629c00946eb55b0aa526ec85b9eee7c58025b904dc2fcab9bb8f54

Download Submit
C:\Users\Admin\AppData\Local\Programs\Anki\lib\google\protobuf\internal\python_message.py

Filesize
55KB

MD5
434aaaf3759a07cb8a6c65da6838433c

SHA1
c20d640da06c9c56cf8a0d6d6da8e6b6a3249ca3

SHA256
47670fa44439633e9710382d8650d701df593e07e12bf12bb81de5975a8c14ad

SHA512
8295c00ecfc89dee5ca55b234b0e07ffab599639b926af4c24f4fd499804abda629e23c9394e3f82a357fce7842adbf143803f83a9b5fd84eabfd507cdeb970c

Download Submit
C:\Users\Admin\AppData\Local\Programs\Anki\lib\google\protobuf\internal\type_checkers.py

Filesize
15KB

MD5
a2a08ff6ee9d0c354da1d32f0d80285b

SHA1
d0adc4ac7265a92dc7b4ae9a09624bdd35d7358d

SHA256
60525496e36ccd6f7b9335a9c26ed632516605d49eb9042d56d5539c7fbabf1d

SHA512
26f5ada63923cd49ca8188699f9e7ac43567e92a3376d09f186083d69c4707480b7603057d0387993db95c0434ff129c3a1a08a6102deb1208b95099ca4bbd13

Download Submit
C:\Users\Admin\AppData\Local\Programs\Anki\lib\google\protobuf\internal\wire_format.py

Filesize
6KB

MD5
df8d33fa206457e1a480256a6c4db974

SHA1
c536c729f0e34303c8ceb48b32534fcb3668e79f

SHA256
11b01765d6f6de208e6c267136068cc7cf95445d948e0c8fac1093b55d74471f

SHA512
6bee2912589ccb18e1c4fc51683fa893e608b491ae352379ecae6ad0f4d1357b02c9366b867a53b22cf6f9d40936a37bbd3426fdfdb439c23b256ca9f6ef2dd9

Download Submit
C:\Users\Admin\AppData\Local\Programs\Anki\lib\google\protobuf\message.py

Filesize
12KB

MD5
e5a30a214d8adfbf6ca3172d6a428e8d

SHA1
87692a76767ee79b1e8064f597c06b1dda27ad1e

SHA256
beb4ee2977a0eb8f6976e6a64e5beee02e93163c89b92c90e0ca5646bb652753

SHA512
d34326ea88ef0500d5b5d8800e3a42aa48d6fdb81dead925934ddb0685a187e8bf87b5c1970aa0025af7ecf98ee3fcf4829c13b2b97bb2b25f59f7cd8b7e0614

Download Submit
C:\Users\Admin\AppData\Local\Programs\Anki\lib\google\protobuf\text_encoding.py

Filesize
3KB

MD5
518a6ee25905c30cbdc0defa80319a39

SHA1
2f174f4b93d3319bdb64cdfac499c38a9c420c27

SHA256
6c2f4aedfceecb478cc054da9e4038088bfd6c13112e286df6565a489182fe5d

SHA512
b1d0b82b183fe456959bde4db760fbe13439f2a25a557404bf2c0203d343996671e9cba53bbd6278cbfc05bf23b3c3f03d9207645cba0c46f7d7ab89bbf5b325

Download Submit
C:\Users\Admin\AppData\Local\Programs\Anki\lib\google\protobuf\text_format.py

Filesize
61KB

MD5
63bc7e907485658596a9155405f9a48a

SHA1
a5993512b5b7b1dd9f8929ca08c4c37699269a5b

SHA256
8fea22e69c36ee6004c6978379b1c00767ed51f53d53872c76567594b9b0364d

SHA512
513a4ce2578c31a3982e91484a9ed87d59f87d3cf2f425ca5ecd853ba1bde7e56d581f0d898785345399df20cf3db5e65eef46274a74a7902b1dae53a190d5f8

Download Submit
C:\Users\Admin\AppData\Local\Programs\Anki\lib\libffi-8.dll

Filesize
27KB

MD5
690f10cd1d85d2e728ed2ce382f8a9a5

SHA1
79ef042b82f52931cbe731039eb28d9ea489994b

SHA256
3e59f9b69ac60174a3445f2563134be9c8dd1597b9e14d0f9494adf6fd2413c3

SHA512
a6c9c25a4064534391757df64448164e81ae7518ab50979a56925ef90b2986cb218a808eee836a059758150aa89528082f4bf36ea7ed5979cb63d77cfddcbdf1

Download Submit
C:\Users\Admin\AppData\Local\Programs\Anki\lib\pyexpat.pyd

Filesize
194KB

MD5
1fdcc045a75d02d585d5e0bce809c41b

SHA1
c7f74a8e9ca25b4aeb7756e226222a3472a1e36d

SHA256
1a7343c75c5399a51e2baae795f1f077513701d205af2f5b64190bc839c088e3

SHA512
af537758e0ba1727499e81e483cc1b201e2dcfd2c2296d644d43e0cd48958dcc8e8586c11344fdbdd6f29fe8c5ff5025cb1cb21c7120d4b03e2135b6e4c53300

Download Submit
C:\Users\Admin\AppData\Local\Programs\Anki\lib\pywin32.pth

Filesize
178B

MD5
322bf8d4899fb978d3fac34de1e476bb

SHA1
467808263e26b4349a1faf6177b007967fbc6693

SHA256
4f67ff92af0ea38bf18ac308efd976f781d84e56f579c603ed1e8f0c69a17f8d

SHA512
d7264690d653ac6ed4b3d35bb22b963afc53609a9d14187a4e0027528b618c224ed38e225330ceae2565731a4e694a6146b3214b3dcee75b053c8ae79f24a9dd

Download Submit
C:\Users\Admin\AppData\Local\Programs\Anki\lib\pywin32_system32\pythoncom39.dll

Filesize
654KB

MD5
f81a9fecc26f080a8c78edaf2a46f1e4

SHA1
d0f99829774bce3db8ce03470b20ed4fbc75a055

SHA256
a9cc9c111293f8edf91c439858ff8b97b2197574cd37d9d07bbbd455e09421e6

SHA512
c6ec31dee7c4bf36bb05688955ddeeb239adfefc9140c4f0067f718aa841bf83bc4a19523b609393674358842628f58adbfbc6fe3edef055d20aad9222657a29

Download Submit
C:\Users\Admin\AppData\Local\Programs\Anki\lib\pywin32_system32\pywintypes39.dll

Filesize
129KB

MD5
74f0a90fbdd64f0c431cbf55a47eab35

SHA1
ef8711c4d6539ef0fde786976f665cd3bacff901

SHA256
684267ae1acf4a7cc069e511ffd72bbc8d9d071ee23c4a7d98156374dbf87958

SHA512
69cfa5766d376fb4caf23e2adb4fa374eb01ec645e1d1b71f44e264c130eee888e75bc46b99465def162601f487b41917bc245aa2d1f9bd194aa7dff31ebb6c8

Download Submit
C:\Users\Admin\AppData\Local\Programs\Anki\lib\win32\lib\__pycache__\pywin32_bootstrap.cpython-39.opt-2.pyc

Filesize
474B

MD5
94912c7e3ac32d74e58612b4196debe8

SHA1
2aff79483347758a826c28ab2399d1d6ffc497ed

SHA256
01cf34b7a4338c2ea1893c9c9cb4fa39e3f29762d4b2263413b6ad59f6f982f0

SHA512
f15e239c8ffbf20c221f6f5c7b2b5f88042166c208b258cf4f2d62715ef2b555e327d3a1a340a2d5ba758d6ec666b74eedf861ba96416cda4e3831294beb4b09

Download Submit
C:\Users\Admin\AppData\Local\Programs\Anki\lib\win32\lib\pywin32_bootstrap.py

Filesize
1KB

MD5
5d28a84aa364bcd31fdb5c5213884ef7

SHA1
0874dca2ad64e2c957b0a8fd50588fb6652dd8ee

SHA256
e298ddcfcb0232257fcaa330844845a4e7807c4e2b5bd938929ed1791cd9d192

SHA512
24c1ad9ce1d7e7e3486e8111d8049ef1585cab17b97d29c7a4eb816f7bdf34406aa678f449f8c680b7f8f3f3c8bc164edac95ccb15da654ef9df86c5beb199a5

Download Submit
C:\Users\Admin\AppData\Local\Programs\Anki\lib\win32comext\internet\__init__.py

Filesize
135B

MD5
f45c606ffc55fd2f41f42012d917bce9

SHA1
ca93419cc53fb4efef251483abe766da4b8e2dfd

SHA256
f0bb50af1caea5b284bd463e5938229e7d22cc610b2d767ee1778e92a85849b4

SHA512
ba7bebe62a6c2216e68e2d484c098662ba3d5217b39a3156b30e776d2bb3cf5d4f31dcdc48a2eb99bc5d80fffe388b212ec707b7d10b48df601430a07608fd46

Download Submit
C:\Users\Admin\AppData\Local\Programs\Anki\lib\wrapt\_wrappers.cp39-win_amd64.pyd

Filesize
35KB

MD5
952f6b9946bba9e2fe931cd775cf0bd4

SHA1
967bd3a23cce0df48a285f4228b62f9bb7fb9f44

SHA256
e594804f0771ee06069f85fa5bdfd477dbd143fd3b11d7c945fc5f761df19604

SHA512
58f8bdddb34bdf2a7fca9bd1c7e0f1fcaf2e37274195ac148f54fbb28448a731bc8a023e0bedba0bc8b597e891ce62b20097a82480005103b31b0cf784be6af0

Download Submit
C:\Users\Admin\AppData\Local\Programs\Anki\python3.dll

Filesize
51KB

MD5
75b8b78849032eacc3bec2ec5db5adfd

SHA1
43955be6288f88989da9b8b5cff3ca9eb44185ce

SHA256
add5303cee977c319ef3bb1bf11359f524299eb0be6091f7f0a27fa9c4efc8dc

SHA512
afd8cce726023dddb06ac3e024fa4dae985726c351a8cf12a8161b767c0207c23de49a33c7205adef760d2d83a8c11b3023c0f64009c0ad0e53cd9562deab2c5

Download Submit
C:\Users\Admin\AppData\Local\Programs\Anki\python39.dll

Filesize
4.3MB

MD5
bf4b8330afef0360137329e8ab48a090

SHA1
cad3780b5202991023caaef58f52221036ac16ac

SHA256
a754c245e2f4572cbc62bc2ee00554c43b28b628af7acb765147d07ff00b911a

SHA512
ceea8ce68134b511989880ae7b46b85d81563af0d70a025ea5cee62e25ef65d96fa72db4e0340506b95d28afeba0b7e7f78ed4b8f14f74c904863002e77b50f0

Download Submit
C:\Users\Admin\AppData\Local\Programs\Anki\vcruntime140.dll

Filesize
94KB

MD5
a87575e7cf8967e481241f13940ee4f7

SHA1
879098b8a353a39e16c79e6479195d43ce98629e

SHA256
ded5adaa94341e6c62aea03845762591666381dca30eb7c17261dd154121b83e

SHA512
e112f267ae4c9a592d0dd2a19b50187eb13e25f23ded74c2e6ccde458bcdaee99f4e3e0a00baf0e3362167ae7b7fe4f96ecbcd265cc584c1c3a4d1ac316e92f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc8C44.tmp\System.dll

Filesize
12KB

MD5
4add245d4ba34b04f213409bfe504c07

SHA1
ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

SHA256
9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

SHA512
1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc8C44.tmp\nsProcess.dll

Filesize
4KB

MD5
faa7f034b38e729a983965c04cc70fc1

SHA1
df8bda55b498976ea47d25d8a77539b049dab55e

SHA256
579a034ff5ab9b732a318b1636c2902840f604e8e664f5b93c07a99253b3c9cf

SHA512
7868f9b437fcf829ad993ff57995f58836ad578458994361c72ae1bf1dfb74022f9f9e948b48afd3361ed3426c4f85b4bb0d595e38ee278fee5c4425c4491dbf

Download Submit
memory/3044-1380-0x00000131016D0000-0x000001310173F000-memory.dmp

Filesize
444KB

Download
memory/3044-1375-0x00007FFFBD920000-0x00007FFFBDE64000-memory.dmp

Filesize
5.3MB

Download
memory/3368-1350-0x00007FF7F7830000-0x00007FF7F7840000-memory.dmp

Filesize
64KB

Download
memory/3368-1385-0x00007FF7CA360000-0x00007FF7CF51E000-memory.dmp

Filesize
81.7MB

Download
memory/3368-1412-0x00007FF7CA360000-0x00007FF7CF51E000-memory.dmp

Filesize
81.7MB

Download
memory/3368-1349-0x00007FF7F7830000-0x00007FF7F7840000-memory.dmp

Filesize
64KB

Download
memory/3484-1371-0x0000025763550000-0x0000025763DE4000-memory.dmp

Filesize
8.6MB

Download
memory/3484-1312-0x00007FFFBF050000-0x00007FFFBF2B9000-memory.dmp

Filesize
2.4MB

Download
memory/3484-1313-0x00007FFFBC7A0000-0x00007FFFBCDCD000-memory.dmp

Filesize
6.2MB

Download
memory/3484-1421-0x0000000051140000-0x00000000511E8000-memory.dmp

Filesize
672KB

Download
memory/3484-1370-0x0000000051140000-0x00000000511E8000-memory.dmp

Filesize
672KB

Download
memory/3484-1393-0x0000025763550000-0x0000025763DE4000-memory.dmp

Filesize
8.6MB

Download
memory/3484-1387-0x0000025763550000-0x0000025763DE4000-memory.dmp

Filesize
8.6MB

Download
memory/3484-1422-0x0000025763550000-0x0000025763DE4000-memory.dmp

Filesize
8.6MB

Download
memory/3752-1382-0x000001FEA3600000-0x000001FEA366F000-memory.dmp

Filesize
444KB

Download
memory/3752-1347-0x00007FFFBD920000-0x00007FFFBDE64000-memory.dmp

Filesize
5.3MB

Download
memory/3992-1383-0x000001EFE68F0000-0x000001EFE695F000-memory.dmp

Filesize
444KB

Download
memory/3992-1332-0x00007FFFDFE10000-0x00007FFFDFE11000-memory.dmp

Filesize
4KB

Download
memory/3992-1331-0x00007FFFE0F10000-0x00007FFFE0F11000-memory.dmp

Filesize
4KB

Download
memory/3992-1339-0x00007FFFBD920000-0x00007FFFBDE64000-memory.dmp

Filesize
5.3MB

Download
memory/3992-1340-0x00007FFFA51A0000-0x00007FFFA61A0000-memory.dmp

Filesize
16.0MB

Download
memory/5024-1341-0x00007FFFBD920000-0x00007FFFBDE64000-memory.dmp

Filesize
5.3MB

Download
memory/5024-1384-0x000002850FCA0000-0x000002850FD0F000-memory.dmp

Filesize
444KB

Download