Malware Analysis Report

2025-01-02 12:17

Sample ID 240713-zytfhazbpd
Target rufus-4.5.exe
SHA256 c6e6cdba209f899e5087f1a1a4babc759414b4a687b60ba4bce62b6b37e8e82b
Tags
upx asyncrat default adware discovery persistence privilege_escalation ransomware rat spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c6e6cdba209f899e5087f1a1a4babc759414b4a687b60ba4bce62b6b37e8e82b

Threat Level: Known bad

The file rufus-4.5.exe was found to be: Known bad.

Malicious Activity Summary

upx asyncrat default adware discovery persistence privilege_escalation ransomware rat spyware stealer

AsyncRat

Renames multiple (6776) files with added filename extension

UPX packed file

Reads user/profile data of web browsers

Modifies file permissions

Drops desktop.ini file(s)

Adds Run key to start application

Installs/modifies Browser Helper Object

Downloads MZ/PE file

Enumerates connected drives

Legitimate hosting services abused for malware hosting/C2

Drops file in System32 directory

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

Drops file in Windows directory

Loads dropped DLL

Drops file in Program Files directory

Enumerates physical storage devices

Event Triggered Execution: Accessibility Features

Suspicious behavior: CmdExeWriteProcessMemorySpam

Modifies Internet Explorer settings

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Modifies data under HKEY_USERS

Enumerates system info in registry

Suspicious behavior: RenamesItself

Uses Task Scheduler COM API

NTFS ADS

Checks processor information in registry

Opens file in notepad (likely ransom note)

Suspicious use of SendNotifyMessage

Delays execution with timeout.exe

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious behavior: AddClipboardFormatListener

Modifies registry class

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-13 21:07

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-13 21:07

Reported

2024-07-13 21:24

Platform

win7-20240708-en

Max time kernel

972s

Max time network

960s

Command Line

"C:\Users\Admin\AppData\Local\Temp\rufus-4.5.exe"

Signatures

AsyncRat

rat asyncrat

Renames multiple (6776) files with added filename extension

ransomware

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched = "\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" C:\Windows\system32\msiexec.exe N/A

Downloads MZ/PE file

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\Saved Games\Microsoft Games\desktop.ini C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft Games\Purble Place\desktop.ini C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\NoExplorer = "1" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\NoExplorer = "1" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435B-BC74-9C25C1C588A9} C:\Windows\system32\rundll32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Windows\system32\rundll32.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\WindowsAccessBridge-32.dll C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
File opened for modification C:\Windows\SysWOW64\WindowsAccessBridge-32.dll C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
File created C:\Windows\SysWOW64\WindowsAccessBridge-64.dll C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Java\jre-1.8\lib\security\policy\limited\local_policy.jar C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Stockholm C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\misc\libxml_plugin.dll C:\Users\Admin\Desktop\Client.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\windows-amd64\profilerinterface.dll C:\Users\Admin\Desktop\Client.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_avi_plugin.dll C:\Users\Admin\Desktop\Client.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_filter\liboldmovie_plugin.dll C:\Users\Admin\Desktop\Client.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system.png C:\Users\Admin\Desktop\Client.exe N/A
File opened for modification C:\Program Files (x86)\Java\jre-1.8\lib\images\cursors\win32_MoveNoDrop32x32.gif C:\Users\Admin\Desktop\Client.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Tashkent C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\eventlog_provider.dll C:\Users\Admin\Desktop\Client.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_windy.png C:\Users\Admin\Desktop\Client.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\IPOLK.DLL C:\Users\Admin\Desktop\Client.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\deploy\messages_zh_HK.properties C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0101862.BMP C:\Users\Admin\Desktop\Client.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\Calendar\GlobeButtonImage.jpg C:\Users\Admin\Desktop\Client.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT-10 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\Java\jre7\bin\awt.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\minidump-analyzer.exe C:\Users\Admin\Desktop\Client.exe N/A
File created C:\Program Files (x86)\Internet Explorer\jsprofilerui.dll C:\Users\Admin\Desktop\Client.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp C:\Users\Admin\Desktop\Client.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_selectionsubpicture.png C:\Users\Admin\Desktop\Client.exe N/A
File created C:\Program Files\Windows Defender\MpCmdRun.exe C:\Users\Admin\Desktop\Client.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Garden.htm C:\Users\Admin\Desktop\Client.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10268_.GIF C:\Users\Admin\Desktop\Client.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\bin\wsdetect.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-io_zh_CN.jar C:\Users\Admin\Desktop\Client.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_disabled.png C:\Users\Admin\Desktop\Client.exe N/A
File created C:\Program Files (x86)\Java\jre-1.8\legal\jdk\bcel.md C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Conversion.v3.5.resources.dll C:\Users\Admin\Desktop\Client.exe N/A
File created C:\Program Files\Windows Defender\MpEvMsg.dll C:\Users\Admin\Desktop\Client.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15170_.GIF C:\Users\Admin\Desktop\Client.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\TipsImageMask.bmp C:\Users\Admin\Desktop\Client.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\PGMN027.XML C:\Users\Admin\Desktop\Client.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-filesystems.xml C:\Users\Admin\Desktop\Client.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\api-ms-win-crt-time-l1-1-0.dll C:\Users\Admin\Desktop\Client.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD15184_.GIF C:\Users\Admin\Desktop\Client.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\APPTL.ICO C:\Users\Admin\Desktop\Client.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\settings.html C:\Users\Admin\Desktop\Client.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kiritimati C:\Users\Admin\Desktop\Client.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_ja_4.4.0.v20140623020002.jar C:\Users\Admin\Desktop\Client.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\tile_bezel.png C:\Users\Admin\Desktop\Client.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EXPEDITN\PREVIEW.GIF C:\Users\Admin\Desktop\Client.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02291U.BMP C:\Users\Admin\Desktop\Client.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PRTF9.DLL C:\Users\Admin\Desktop\Client.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\ACWIZRC.DLL C:\Users\Admin\Desktop\Client.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.resources.dll C:\Users\Admin\Desktop\Client.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\fontconfig.bfc C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\jfr\profile.jfc C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.nl_ja_4.4.0.v20140623020002.jar C:\Users\Admin\Desktop\Client.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_output\libdrawable_plugin.dll C:\Users\Admin\Desktop\Client.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\settings.html C:\Users\Admin\Desktop\Client.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143758.GIF C:\Users\Admin\Desktop\Client.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_hover.png C:\Users\Admin\Desktop\Client.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Microsoft.SharePoint.BusinessData.Administration.Client.xml C:\Users\Admin\Desktop\Client.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\Discussion\DiscussionToolIconImages.jpg C:\Users\Admin\Desktop\Client.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-execution_zh_CN.jar C:\Users\Admin\Desktop\Client.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Oracle\Java\java8path\javaw.exe C:\Users\Admin\Desktop\Client.exe N/A
File opened for modification C:\Program Files (x86)\Java\jre-1.8\bin\mlib_image.dll C:\Users\Admin\Desktop\Client.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\QRYINT32.DLL C:\Users\Admin\Desktop\Client.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\epl-v10.html C:\Users\Admin\Desktop\Client.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office64.en-us\Office64MUISet.XML C:\Users\Admin\Desktop\Client.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_zh_CN.jar C:\Users\Admin\Desktop\Client.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\J0143745.GIF C:\Users\Admin\Desktop\Client.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\MSIB9B2.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIBB6E.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f7db73d.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f7db72f.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIBA83.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f7db734.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIF181.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI2FA0.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f7db73d.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f7db72f.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB9E2.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIBA52.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIBC99.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f7db73a.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f7db735.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIF578.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI2F9F.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB943.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIBA32.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f7db732.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIF655.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f7db738.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIBA63.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIBB7F.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f7db738.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI4755.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI4767.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\sc_reader.exe C:\Users\Admin\Desktop\3udj3\DcRat.exe N/A
File opened for modification C:\Windows\Installer\MSIBA12.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIEF0F.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f7db732.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f7db735.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI4756.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe C:\Users\Admin\Desktop\3udj3\DcRat.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\system32\mspaint.exe N/A
File opened for modification C:\Windows\Installer\MSIB9A2.tmp C:\Windows\system32\msiexec.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\DCRat\DCRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dcratk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DCRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ChromeHandler.exe N/A
N/A N/A C:\Users\Admin\Downloads\JavaSetup8u411.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jds259883828.tmp\JavaSetup8u411.exe N/A
N/A N/A C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_411\LZMA_EXE N/A
N/A N/A C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_411\LZMA_EXE N/A
N/A N/A C:\Users\Admin\Desktop\DCRat\DCRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dcratk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DCRat.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ChromeHandler.exe N/A
N/A N/A C:\Windows\Installer\MSI4756.tmp N/A
N/A N/A C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe N/A
N/A N/A C:\Users\Admin\Desktop\DCRat\DCRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dcratk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DCRat.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ChromeHandler.exe N/A
N/A N/A C:\Users\Admin\Desktop\DCRat\DCRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dcratk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DCRat.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\Desktop\DCRat\DCRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DCRat.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\Desktop\DCRat\dcrat_updservice.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ChromeHandler.exe N/A
N/A N/A C:\Users\Admin\Desktop\DCRat\dcrat_updservice.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Users\Admin\Desktop\Client.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\DCRat\DCRat.exe N/A
N/A N/A C:\Users\Admin\Desktop\DCRat\DCRat.exe N/A
N/A N/A C:\Users\Admin\Desktop\DCRat\DCRat.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dcratk.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\dcratk.exe N/A
N/A N/A C:\Users\Admin\Downloads\JavaSetup8u411.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jds259883828.tmp\JavaSetup8u411.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jds259883828.tmp\JavaSetup8u411.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jds259883828.tmp\JavaSetup8u411.exe N/A
N/A N/A C:\Users\Admin\Desktop\DCRat\DCRat.exe N/A
N/A N/A C:\Users\Admin\Desktop\DCRat\DCRat.exe N/A
N/A N/A C:\Users\Admin\Desktop\DCRat\DCRat.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A

Enumerates physical storage devices

Event Triggered Execution: Accessibility Features

persistence privilege_escalation

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\msiexec.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\msiexec.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\timeout.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\Total = "42" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.java.com\ = "22" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\Policy = "3" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\jds259883828.tmp\JavaSetup8u411.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "122" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "229" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppPath = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.java.com\ = "42" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\Total = "318" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "224" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.java.com\ = "276" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\Policy = "19" C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppPath = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\AppName = "ssvagent.exe" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}\AlternateCLSID = "{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.java.com\ = "318" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppPath = "C:\\Windows\\SysWOW64" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}\Policy = "3" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppName C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppPath C:\Windows\system32\rundll32.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.java.com\ = "122" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9167671E-7E42-49E1-97FC-4F4712EB4CEE}\AppPath = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "42" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DOMStorage\java.com\Total = "229" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "209" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9167671E-7E42-49E1-97FC-4F4712EB4CEE}\AppName = "jp2launcher.exe" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}\AppName = "jp2launcher.exe" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0324-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0017-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0281-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_281" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0064-ABCDEFFEDCBB}\ = "Java Plug-in 1.4.2_64" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0076-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0129-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0394-ABCDEFFEDCBA}\ = "Java Plug-in 1.8.0_394" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0198-ABCDEFFEDCBB} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0340-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0105-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0011-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0072-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0089-ABCDEFFEDCBB} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0283-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_283" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0145-ABCDEFFEDCBC}\ = "Java Plug-in 1.8.0_145" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0052-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0088-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0167-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0058-ABCDEFFEDCBC} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0181-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0288-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0097-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0281-ABCDEFFEDCBA}\ = "Java Plug-in 1.8.0_281" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0110-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0096-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0075-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBC} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0071-ABCDEFFEDCBC} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0231-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0399-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0171-ABCDEFFEDCBB}\INPROCSERVER32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0299-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0311-ABCDEFFEDCBB} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0041-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0205-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0042-ABCDEFFEDCBC} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0319-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0118-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0157-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_157" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0240-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0131-ABCDEFFEDCBC} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0097-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0052-ABCDEFFEDCBA}\ = "Java Plug-in 1.5.0_52" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0314-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0386-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0112-ABCDEFFEDCBC}\ = "Java Plug-in 1.8.0_112" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0304-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0298-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0201-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_201" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0358-ABCDEFFEDCBC}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0076-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0208-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0257-ABCDEFFEDCBC}\INPROCSERVER32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0070-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0239-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0018-0000-0278-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0310-ABCDEFFEDCBA}\INPROCSERVER32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0087-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0124-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0289-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0085-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0401-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0174-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0211-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0233-ABCDEFFEDCBC}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0123-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0178-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0198-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0224-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC} C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBB} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0044-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_44" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0050-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0138-ABCDEFFEDCBC} C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0345-ABCDEFFEDCBB} C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0089-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0259-ABCDEFFEDCBB} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0146-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0347-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0359-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0095-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}\ = "Java Plug-in 1.5.0_09" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0083-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0066-ABCDEFFEDCBB}\ = "Java Plug-in 1.5.0_66" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0100-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0143-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0348-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0031-ABCDEFFEDCBA}\INPROCSERVER32 C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0062-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_62" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0084-ABCDEFFEDCBB} C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0057-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0263-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0259-ABCDEFFEDCBB}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0407-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0117-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_117" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0002-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0014-0002-0055-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0059-ABCDEFFEDCBA}\ = "Java Plug-in 1.5.0_59" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0202-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_202" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0091-ABCDEFFEDCBB} C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0299-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_299" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0116-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0130-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_130" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0166-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\CLSID\{CAFEEFAC-0017-0000-0048-ABCDEFFEDCBC}\INPROCSERVER32 C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0078-ABCDEFFEDCBB}\ = "Java Plug-in 1.5.0_78" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0015-0000-0094-ABCDEFFEDCBC}\ = "Java Plug-in 1.5.0_94" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0366-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0418-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0207-ABCDEFFEDCBC}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0208-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0098-ABCDEFFEDCBC} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0236-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0294-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_294" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0332-ABCDEFFEDCBA} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0231-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files (x86)\\Java\\jre-1.8\\bin\\jp2iexp.dll" C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0292-ABCDEFFEDCBC} C:\Program Files (x86)\Java\jre-1.8\installer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0072-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_72" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0414-ABCDEFFEDCBA}\InprocServer32 C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\Wow6432Node\CLSID\{CAFEEFAC-0018-0000-0164-ABCDEFFEDCBB}\ = "Java Plug-in 1.8.0_164" C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\DcRat.zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\DCRat.rar:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\JavaSetup8u411.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\System32\NOTEPAD.EXE N/A
N/A N/A C:\Windows\System32\NOTEPAD.EXE N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious behavior: CmdExeWriteProcessMemorySpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\DCRat\DCRat.exe N/A
N/A N/A C:\Users\Admin\Desktop\DCRat\DCRat.exe N/A
N/A N/A C:\Users\Admin\Desktop\DCRat\DCRat.exe N/A
N/A N/A C:\Users\Admin\Desktop\DCRat\DCRat.exe N/A
N/A N/A C:\Users\Admin\Desktop\DCRat\dcrat_updservice.exe N/A

Suspicious behavior: RenamesItself

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\Client.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\ChromeHandler.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259883828.tmp\JavaSetup8u411.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259883828.tmp\JavaSetup8u411.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259883828.tmp\JavaSetup8u411.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259883828.tmp\JavaSetup8u411.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259883828.tmp\JavaSetup8u411.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259883828.tmp\JavaSetup8u411.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259883828.tmp\JavaSetup8u411.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259883828.tmp\JavaSetup8u411.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259883828.tmp\JavaSetup8u411.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259883828.tmp\JavaSetup8u411.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259883828.tmp\JavaSetup8u411.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259883828.tmp\JavaSetup8u411.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259883828.tmp\JavaSetup8u411.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259883828.tmp\JavaSetup8u411.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259883828.tmp\JavaSetup8u411.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259883828.tmp\JavaSetup8u411.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259883828.tmp\JavaSetup8u411.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259883828.tmp\JavaSetup8u411.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259883828.tmp\JavaSetup8u411.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jds259883828.tmp\JavaSetup8u411.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\System32\Magnify.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\System32\Magnify.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jds259883828.tmp\JavaSetup8u411.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jds259883828.tmp\JavaSetup8u411.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jds259883828.tmp\JavaSetup8u411.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jds259883828.tmp\JavaSetup8u411.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\3udj3\DcRat.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2780 wrote to memory of 3000 N/A C:\Windows\system32\utilman.exe C:\Windows\System32\Magnify.exe
PID 2780 wrote to memory of 3000 N/A C:\Windows\system32\utilman.exe C:\Windows\System32\Magnify.exe
PID 2780 wrote to memory of 3000 N/A C:\Windows\system32\utilman.exe C:\Windows\System32\Magnify.exe
PID 344 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 1616 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 2228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 2228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 2228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 2228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 2228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 2228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 2228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 2228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 2228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 2228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 2228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 2228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 2228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 2228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 2228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 2228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 2228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 2228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 2228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 2228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 2228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 2228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 2228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 2228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 2228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 2228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 2228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 2228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 2228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 2228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 2228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 2228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 2228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 2228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 2228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 2228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 2228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 2228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 2228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 2408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 2408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 2408 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 344 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\rufus-4.5.exe

"C:\Users\Admin\AppData\Local\Temp\rufus-4.5.exe"

C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe

"C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe"

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Windows\system32\magnify.exe

"C:\Windows\system32\magnify.exe"

C:\Windows\system32\utilman.exe

utilman.exe /debug

C:\Windows\System32\Magnify.exe

"C:\Windows\System32\Magnify.exe"

C:\Windows\system32\utilman.exe

utilman.exe /debug

C:\Windows\system32\mspaint.exe

"C:\Windows\system32\mspaint.exe"

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5209758,0x7fef5209768,0x7fef5209778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1112 --field-trial-handle=1184,i,50233995388034671,6598275047644170917,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1416 --field-trial-handle=1184,i,50233995388034671,6598275047644170917,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1620 --field-trial-handle=1184,i,50233995388034671,6598275047644170917,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2248 --field-trial-handle=1184,i,50233995388034671,6598275047644170917,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2256 --field-trial-handle=1184,i,50233995388034671,6598275047644170917,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1592 --field-trial-handle=1184,i,50233995388034671,6598275047644170917,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1504 --field-trial-handle=1184,i,50233995388034671,6598275047644170917,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3656 --field-trial-handle=1184,i,50233995388034671,6598275047644170917,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3748 --field-trial-handle=1184,i,50233995388034671,6598275047644170917,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2136.0.592224126\47115333" -parentBuildID 20221007134813 -prefsHandle 1200 -prefMapHandle 1192 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {02d01da6-553e-456d-a034-dd1b70e1151f} 2136 "\\.\pipe\gecko-crash-server-pipe.2136" 1264 11ed5558 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2136.1.1422243616\289794529" -parentBuildID 20221007134813 -prefsHandle 1460 -prefMapHandle 1456 -prefsLen 20928 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f5f27bc1-f6d7-4ca2-ae1b-156cd682ff30} 2136 "\\.\pipe\gecko-crash-server-pipe.2136" 1472 e6f558 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2136.2.622608567\1404953339" -childID 1 -isForBrowser -prefsHandle 2076 -prefMapHandle 2072 -prefsLen 21031 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1e4565c-3793-460b-8b92-ee466f9c0328} 2136 "\\.\pipe\gecko-crash-server-pipe.2136" 2088 1a67ec58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2136.3.1965505790\512373284" -childID 2 -isForBrowser -prefsHandle 2708 -prefMapHandle 2656 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c566760-b3d6-4134-aefb-ff9dea98dd54} 2136 "\\.\pipe\gecko-crash-server-pipe.2136" 2720 1c177c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2136.4.2084793871\441791431" -childID 3 -isForBrowser -prefsHandle 2916 -prefMapHandle 2912 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cee4173b-771e-4093-af8d-d679242dd117} 2136 "\\.\pipe\gecko-crash-server-pipe.2136" 2928 1c176458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2136.5.960866766\580935040" -childID 4 -isForBrowser -prefsHandle 3760 -prefMapHandle 3756 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {332645a0-80c8-4483-b799-63870f3e1f74} 2136 "\\.\pipe\gecko-crash-server-pipe.2136" 3776 1e8b9858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2136.6.2009316192\1386282879" -childID 5 -isForBrowser -prefsHandle 3884 -prefMapHandle 3888 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ceb63255-352f-4c96-b533-f42d060c1836} 2136 "\\.\pipe\gecko-crash-server-pipe.2136" 3872 1f324858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2136.7.256570068\815714495" -childID 6 -isForBrowser -prefsHandle 4076 -prefMapHandle 4080 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {57133e6f-e18d-49dc-a746-1806a13d9797} 2136 "\\.\pipe\gecko-crash-server-pipe.2136" 4068 1f325458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2136.8.1716796739\2121159532" -childID 7 -isForBrowser -prefsHandle 4476 -prefMapHandle 4472 -prefsLen 26531 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3d012b1-928a-40f8-b936-0acc1fe5b2c1} 2136 "\\.\pipe\gecko-crash-server-pipe.2136" 4488 21ba1d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2136.9.622424141\453575842" -childID 8 -isForBrowser -prefsHandle 3956 -prefMapHandle 3896 -prefsLen 26531 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9dcb179a-7ce8-4a87-8c4b-5f55933c5d6b} 2136 "\\.\pipe\gecko-crash-server-pipe.2136" 4512 1f626258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2136.10.1578910466\973700931" -childID 9 -isForBrowser -prefsHandle 3880 -prefMapHandle 3876 -prefsLen 26531 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c87308a4-388a-446a-b619-957bda0399c5} 2136 "\\.\pipe\gecko-crash-server-pipe.2136" 4588 21ad0758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2136.11.1929356199\1684706865" -childID 10 -isForBrowser -prefsHandle 8412 -prefMapHandle 1708 -prefsLen 26796 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c64b6de5-db72-436c-a523-22f8910de825} 2136 "\\.\pipe\gecko-crash-server-pipe.2136" 8504 22652858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2136.12.793952488\272640216" -childID 11 -isForBrowser -prefsHandle 2508 -prefMapHandle 8512 -prefsLen 26796 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {007d5fb9-0593-477d-92b0-a8d7192a2553} 2136 "\\.\pipe\gecko-crash-server-pipe.2136" 8472 22a1e658 tab

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Downloads\DCRat.rar

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\DCRat.rar"

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Desktop\DCRat\dcrat_updservice.exe"

C:\Windows\System32\NOTEPAD.EXE

"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\DCRat\Bypass_license.bat

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Desktop\DCRat\DCRat.exe"

C:\Windows\System32\NOTEPAD.EXE

"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\DCRat\updatelauncher.bat

C:\Windows\system32\cmd.exe

cmd /c ""C:\Users\Admin\Desktop\DCRat\Bypass_license.bat" "

C:\Users\Admin\Desktop\DCRat\DCRat.exe

DCRat.exe

C:\Users\Admin\AppData\Local\Temp\dcratk.exe

"C:\Users\Admin\AppData\Local\Temp\dcratk.exe"

C:\Users\Admin\AppData\Local\Temp\DCRat.exe

"C:\Users\Admin\AppData\Local\Temp\DCRat.exe"

C:\Users\Admin\AppData\Local\Temp\ChromeHandler.exe

"C:\Users\Admin\AppData\Local\Temp\ChromeHandler.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://java.com/download

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2232 CREDAT:275457 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2136.13.886117240\441068454" -childID 12 -isForBrowser -prefsHandle 7848 -prefMapHandle 7944 -prefsLen 26845 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2696ffc9-abf1-4ce2-b0d0-09bef28f9f96} 2136 "\\.\pipe\gecko-crash-server-pipe.2136" 3656 25c2f258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2136.14.231130586\461151018" -childID 13 -isForBrowser -prefsHandle 4344 -prefMapHandle 4592 -prefsLen 26845 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7b24f5d-587e-488b-b0a0-643eac4e39f5} 2136 "\\.\pipe\gecko-crash-server-pipe.2136" 8176 25c31c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2136.15.533932867\361734059" -childID 14 -isForBrowser -prefsHandle 7944 -prefMapHandle 7848 -prefsLen 26845 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {45cb41b9-750c-4b01-9370-66bcff6afd47} 2136 "\\.\pipe\gecko-crash-server-pipe.2136" 7700 1fc61658 tab

C:\Users\Admin\Downloads\JavaSetup8u411.exe

"C:\Users\Admin\Downloads\JavaSetup8u411.exe"

C:\Users\Admin\AppData\Local\Temp\jds259883828.tmp\JavaSetup8u411.exe

"C:\Users\Admin\AppData\Local\Temp\jds259883828.tmp\JavaSetup8u411.exe"

C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_411\LZMA_EXE

"C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_411\LZMA_EXE" d "C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_411\au.msi" "C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_411\msi.tmp"

C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_411\LZMA_EXE

"C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_411\LZMA_EXE" d "C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_411\jre1.8.0_411.msi" "C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_411\msi.tmp"

C:\Windows\system32\cmd.exe

cmd /c ""C:\Users\Admin\Desktop\DCRat\Bypass_license.bat" "

C:\Users\Admin\Desktop\DCRat\DCRat.exe

DCRat.exe

C:\Users\Admin\AppData\Local\Temp\dcratk.exe

"C:\Users\Admin\AppData\Local\Temp\dcratk.exe"

C:\Users\Admin\AppData\Local\Temp\DCRat.exe

"C:\Users\Admin\AppData\Local\Temp\DCRat.exe"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding A5A776D0E11231D0AA59431CC145E99F

C:\Program Files (x86)\Java\jre-1.8\installer.exe

"C:\Program Files (x86)\Java\jre-1.8\installer.exe" /s INSTALLDIR="C:\Program Files (x86)\Java\jre-1.8\\" INSTALL_SILENT=1 REPAIRMODE=0 ProductCode={77924AE4-039E-4CA4-87B4-2F32180411F0}

C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe

"C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe" -Xshare:dump -Djdk.disableLastUsageTracking

C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe

"C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe" -doHKCUSSVSetup

C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe

"C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe" -wait -fix -permissions -silent

C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe

"C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files (x86)\Java\jre-1.8" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlLTEuOFxsaWJcZGVwbG95LmphcgAtRGphdmEuc2VjdXJpdHkucG9saWN5PWZpbGU6QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxKYXZhXGpyZS0xLjhcbGliXHNlY3VyaXR5XGphdmF3cy5wb2xpY3kALUR0cnVzdFByb3h5PXRydWUALVh2ZXJpZnk6cmVtb3RlAC1Eam5scHguaG9tZT1DOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlLTEuOFxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmUtMS44XGxpYlxqYXZhd3MuamFyO0M6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmUtMS44XGxpYlxkZXBsb3kuamFyO0M6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmUtMS44XGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlLTEuOFxiaW5camF2YXcuZXhl -ma LXdhaXQALWZpeAAtcGVybWlzc2lvbnMALXNpbGVudAAtbm90V2ViSmF2YQ==

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://java.com/download

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2036 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe

"C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe" -wait -fix -shortcut -silent

C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe

"C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files (x86)\Java\jre-1.8" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlLTEuOFxsaWJcZGVwbG95LmphcgAtRGphdmEuc2VjdXJpdHkucG9saWN5PWZpbGU6QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxKYXZhXGpyZS0xLjhcbGliXHNlY3VyaXR5XGphdmF3cy5wb2xpY3kALUR0cnVzdFByb3h5PXRydWUALVh2ZXJpZnk6cmVtb3RlAC1Eam5scHguaG9tZT1DOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlLTEuOFxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmUtMS44XGxpYlxqYXZhd3MuamFyO0M6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmUtMS44XGxpYlxkZXBsb3kuamFyO0M6XFByb2dyYW0gRmlsZXMgKHg4NilcSmF2YVxqcmUtMS44XGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzICh4ODYpXEphdmFcanJlLTEuOFxiaW5camF2YXcuZXhl -ma LXdhaXQALWZpeAAtc2hvcnRjdXQALXNpbGVudAAtbm90V2ViSmF2YQ==

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 1563DBA0538CF49C96278EB6DEDB172E M Global\MSI0000

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 607F74B4FDD3D7A76D6CC7513985171C

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding BA226114710AA4A47D7CF31FC4522057 M Global\MSI0000

C:\Users\Admin\AppData\Local\Temp\ChromeHandler.exe

"C:\Users\Admin\AppData\Local\Temp\ChromeHandler.exe"

C:\Windows\system32\MsiExec.exe

C:\Windows\system32\MsiExec.exe -Embedding AD54D9BBFCC92429D900DC5CB25EADCE

C:\Windows\Installer\MSI4756.tmp

"C:\Windows\Installer\MSI4756.tmp" C:\Program Files\Java\jre7\;C;2

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Program Files\Java\jre7\bin\\installer.dll",UninstallJREEntryPoint

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\SysWOW64\regsvr32.exe" /s "C:\Program Files (x86)\Java\jre-1.8\bin\wsdetect.dll"

C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe

"C:\Program Files (x86)\Common Files\\Java\Java Update\jaureg.exe" -u jre

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\DCRat\Notify.wav"

C:\Windows\system32\cmd.exe

cmd /c ""C:\Users\Admin\Desktop\DCRat\Bypass_license.bat" "

C:\Users\Admin\Desktop\DCRat\DCRat.exe

DCRat.exe

C:\Users\Admin\AppData\Local\Temp\dcratk.exe

"C:\Users\Admin\AppData\Local\Temp\dcratk.exe"

C:\Users\Admin\AppData\Local\Temp\DCRat.exe

"C:\Users\Admin\AppData\Local\Temp\DCRat.exe"

C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe

"C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath " org.develnext.jphp.ext.javafx.FXLauncher

C:\Windows\SysWOW64\icacls.exe

C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M

C:\Users\Admin\AppData\Local\Temp\ChromeHandler.exe

"C:\Users\Admin\AppData\Local\Temp\ChromeHandler.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1664.0.737414955\1885469350" -parentBuildID 20221007134813 -prefsHandle 1064 -prefMapHandle 1092 -prefsLen 21245 -prefMapSize 233536 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e7cfd02-6ea4-46cd-8aff-c35f367499f7} 1664 "\\.\pipe\gecko-crash-server-pipe.1664" 1212 f3e4958 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1664.1.1410531686\2077701403" -parentBuildID 20221007134813 -prefsHandle 1344 -prefMapHandle 1340 -prefsLen 21290 -prefMapSize 233536 -appDir "C:\Program Files\Mozilla Firefox\browser" - {90e48397-ad54-4000-aaba-42384f107947} 1664 "\\.\pipe\gecko-crash-server-pipe.1664" 1356 de4658 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1664.2.265392675\1529069118" -childID 1 -isForBrowser -prefsHandle 1920 -prefMapHandle 1980 -prefsLen 21751 -prefMapSize 233536 -jsInitHandle 752 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3dbefd9d-2ccb-458c-8903-aa783adab6f8} 1664 "\\.\pipe\gecko-crash-server-pipe.1664" 1912 1105a458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1664.3.714727688\926762196" -childID 2 -isForBrowser -prefsHandle 2428 -prefMapHandle 2424 -prefsLen 26936 -prefMapSize 233536 -jsInitHandle 752 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3dda135-4462-46c8-9e19-57665b63ab2c} 1664 "\\.\pipe\gecko-crash-server-pipe.1664" 2440 d62258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1664.4.231655584\974733501" -childID 3 -isForBrowser -prefsHandle 2452 -prefMapHandle 2444 -prefsLen 26936 -prefMapSize 233536 -jsInitHandle 752 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c055af5a-d644-489e-9a35-2944f58e37a2} 1664 "\\.\pipe\gecko-crash-server-pipe.1664" 2408 1cd6c358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1664.5.257121252\1637630761" -childID 4 -isForBrowser -prefsHandle 1612 -prefMapHandle 1608 -prefsLen 26936 -prefMapSize 233536 -jsInitHandle 752 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef518dec-2b8a-4153-83c6-531debe1d358} 1664 "\\.\pipe\gecko-crash-server-pipe.1664" 3424 13db8258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1664.6.1025680271\21763619" -childID 5 -isForBrowser -prefsHandle 3488 -prefMapHandle 3492 -prefsLen 26936 -prefMapSize 233536 -jsInitHandle 752 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b8ac1bb4-0dbf-4d81-a099-0e2d68038a30} 1664 "\\.\pipe\gecko-crash-server-pipe.1664" 3476 1d8e9558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1664.7.1006052624\747450779" -childID 6 -isForBrowser -prefsHandle 3664 -prefMapHandle 3668 -prefsLen 26936 -prefMapSize 233536 -jsInitHandle 752 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2fcf7171-48d8-4029-bee2-7eb8d4a3904f} 1664 "\\.\pipe\gecko-crash-server-pipe.1664" 3652 20a1d858 tab

C:\Windows\system32\cmd.exe

cmd /c ""C:\Users\Admin\Desktop\DCRat\Bypass_license.bat" "

C:\Users\Admin\Desktop\DCRat\DCRat.exe

DCRat.exe

C:\Users\Admin\AppData\Local\Temp\dcratk.exe

"C:\Users\Admin\AppData\Local\Temp\dcratk.exe"

C:\Users\Admin\AppData\Local\Temp\DCRat.exe

"C:\Users\Admin\AppData\Local\Temp\DCRat.exe"

C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe

"C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath " org.develnext.jphp.ext.javafx.FXLauncher

C:\Users\Admin\Desktop\DCRat\DCRat.exe

"C:\Users\Admin\Desktop\DCRat\DCRat.exe"

C:\Users\Admin\AppData\Local\Temp\DCRat.exe

"C:\Users\Admin\AppData\Local\Temp\DCRat.exe"

C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe

"C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath " org.develnext.jphp.ext.javafx.FXLauncher

C:\Windows\system32\cmd.exe

cmd /c ""C:\Users\Admin\Desktop\DCRat\updatelauncher.bat" "

C:\Windows\system32\timeout.exe

TIMEOUT /T 1 /NOBREAK

C:\Users\Admin\Desktop\DCRat\dcrat_updservice.exe

"C:\Users\Admin\Desktop\DCRat\/dcrat_updservice.exe"

C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe

"C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "C:\Users\Admin\Desktop\DCRat\dcrat_updservice.exe" org.develnext.jphp.ext.javafx.FXLauncher

C:\Users\Admin\AppData\Local\Temp\ChromeHandler.exe

"C:\Users\Admin\AppData\Local\Temp\ChromeHandler.exe"

C:\Users\Admin\Desktop\DCRat\dcrat_updservice.exe

"C:\Users\Admin\Desktop\DCRat\dcrat_updservice.exe"

C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe

"C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "C:\Users\Admin\Desktop\DCRat\dcrat_updservice.exe" org.develnext.jphp.ext.javafx.FXLauncher

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1664.8.1056028824\1330329008" -childID 7 -isForBrowser -prefsHandle 4116 -prefMapHandle 4108 -prefsLen 26945 -prefMapSize 233536 -jsInitHandle 752 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a84b141-1ff1-401e-b505-26f16db2af61} 1664 "\\.\pipe\gecko-crash-server-pipe.1664" 4144 2164c958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1664.9.178158604\1161532365" -childID 8 -isForBrowser -prefsHandle 2572 -prefMapHandle 3888 -prefsLen 26945 -prefMapSize 233536 -jsInitHandle 752 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c41adbc1-6fcd-4a76-85b0-5d20d8b653ef} 1664 "\\.\pipe\gecko-crash-server-pipe.1664" 2604 1eba3d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1664.10.2036039478\971941263" -childID 9 -isForBrowser -prefsHandle 4488 -prefMapHandle 4492 -prefsLen 26945 -prefMapSize 233536 -jsInitHandle 752 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9d6bb857-759f-4266-860c-c3ce34e4cc92} 1664 "\\.\pipe\gecko-crash-server-pipe.1664" 4476 1f41a258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1664.11.57811814\2005999252" -childID 10 -isForBrowser -prefsHandle 3136 -prefMapHandle 1736 -prefsLen 26945 -prefMapSize 233536 -jsInitHandle 752 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c7dfc929-6d62-41fa-bbd0-c11afc734dd9} 1664 "\\.\pipe\gecko-crash-server-pipe.1664" 8504 1f4c4358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1664.12.2087929276\761011615" -childID 11 -isForBrowser -prefsHandle 8408 -prefMapHandle 8404 -prefsLen 26945 -prefMapSize 233536 -jsInitHandle 752 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9ecd26a-86ae-497e-9da6-79fb151e02f8} 1664 "\\.\pipe\gecko-crash-server-pipe.1664" 8420 1f4e2b58 tab

C:\Users\Admin\Desktop\3udj3\DcRat.exe

"C:\Users\Admin\Desktop\3udj3\DcRat.exe"

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Users\Admin\Desktop\Client.exe

"C:\Users\Admin\Desktop\Client.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.201.106:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.117.188.166:443 spocs.getpocket.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 44.238.192.228:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 bing.com udp
US 13.107.21.200:80 bing.com tcp
US 8.8.8.8:53 bing.com udp
US 13.107.21.200:80 bing.com tcp
US 8.8.8.8:53 bing.com udp
GB 92.123.142.171:80 www.bing.com tcp
US 8.8.8.8:53 e86303.dscx.akamaiedge.net udp
US 8.8.8.8:53 e86303.dscx.akamaiedge.net udp
GB 92.123.142.171:80 www.bing.com tcp
US 8.8.8.8:53 r.bing.com udp
GB 92.123.142.171:80 www.bing.com tcp
GB 92.123.142.171:80 www.bing.com tcp
GB 92.123.142.155:443 r.bing.com tcp
GB 92.123.142.155:443 r.bing.com tcp
GB 92.123.142.155:443 r.bing.com tcp
GB 92.123.142.155:443 r.bing.com udp
US 8.8.8.8:53 www.msn.com udp
US 8.8.8.8:53 www.start.gg udp
US 8.8.8.8:53 www.takelessons.com udp
US 8.8.8.8:53 a-0003.a-msedge.net udp
US 8.8.8.8:53 a-0016.a-msedge.net udp
US 8.8.8.8:53 s-part-0036.t-0009.t-msedge.net udp
GB 92.123.142.155:443 r.bing.com udp
US 8.8.8.8:53 a-0003.a-msedge.net udp
US 8.8.8.8:53 a-0016.a-msedge.net udp
US 8.8.8.8:53 s-part-0036.t-0009.t-msedge.net udp
US 8.8.8.8:53 outlook.com udp
US 8.8.8.8:53 microsoft365.com udp
US 8.8.8.8:53 www.onenote.com udp
US 8.8.8.8:53 microsoft365.com udp
US 8.8.8.8:53 outlook.com udp
US 8.8.8.8:53 sway.office.com udp
US 8.8.8.8:53 microsoft365.com udp
US 8.8.8.8:53 outlook.com udp
US 8.8.8.8:53 sway.com udp
US 8.8.8.8:53 onedrive.live.com udp
US 8.8.8.8:53 calendar.live.com udp
US 8.8.8.8:53 sway.com udp
US 8.8.8.8:53 calendar.live.com udp
US 8.8.8.8:53 dual-spov-0006.spov-msedge.net udp
US 8.8.8.8:53 outlook.live.com udp
US 8.8.8.8:53 calendar.live.com udp
US 8.8.8.8:53 dual-spov-0006.spov-msedge.net udp
US 8.8.8.8:53 olc-g2.tm-4.office.com udp
US 8.8.8.8:53 olc-g2.tm-4.office.com udp
GB 92.123.142.171:80 www.bing.com tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 assets.msn.com udp
US 8.8.8.8:53 a4.bing.com udp
US 8.8.8.8:53 e11290.dspg.akamaiedge.net udp
GB 92.123.142.171:80 www.bing.com tcp
GB 2.17.209.140:443 assets.msn.com tcp
GB 2.17.209.64:80 a4.bing.com tcp
GB 2.17.209.64:80 a4.bing.com tcp
GB 2.17.209.64:80 a4.bing.com tcp
US 8.8.8.8:53 e86303.dsca.akamaiedge.net udp
GB 2.17.209.64:80 e86303.dsca.akamaiedge.net tcp
GB 2.17.209.64:80 e86303.dsca.akamaiedge.net tcp
GB 2.17.209.64:80 e86303.dsca.akamaiedge.net tcp
US 8.8.8.8:53 e28578.d.akamaiedge.net udp
US 8.8.8.8:53 e11290.dspg.akamaiedge.net udp
US 8.8.8.8:53 e86303.dsca.akamaiedge.net udp
US 8.8.8.8:53 e28578.d.akamaiedge.net udp
US 8.8.8.8:53 login.microsoftonline.com udp
US 8.8.8.8:53 www.tm.ak.prd.aadg.akadns.net udp
US 8.8.8.8:53 www.tm.ak.prd.aadg.akadns.net udp
IE 20.190.159.4:443 login.microsoftonline.com tcp
US 8.8.8.8:53 platform.bing.com udp
US 204.79.197.237:80 platform.bing.com tcp
US 8.8.8.8:53 www.tm.v4.a.prd.aadg.trafficmanager.net udp
US 8.8.8.8:53 dual-a-0034.a-msedge.net udp
US 8.8.8.8:53 dual-a-0034.a-msedge.net udp
US 8.8.8.8:53 www.tm.v4.a.prd.aadg.trafficmanager.net udp
US 104.18.33.89:80 www2.bing.com tcp
US 8.8.8.8:53 www.bing.com.cdn.cloudflare.net udp
GB 92.123.142.171:443 www.bing.com tcp
US 8.8.8.8:53 www.bing.com.cdn.cloudflare.net udp
GB 92.123.142.171:443 www.bing.com udp
US 8.8.8.8:53 support.microsoft.com udp
US 8.8.8.8:53 help.bing.microsoft.com udp
US 8.8.8.8:53 e3843.dscb.akamaiedge.net udp
US 8.8.8.8:53 waws-prod-bay-231-5e23.westus.cloudapp.azure.com udp
US 8.8.8.8:53 e3843.dscb.akamaiedge.net udp
US 8.8.8.8:53 waws-prod-bay-231-5e23.westus.cloudapp.azure.com udp
US 8.8.8.8:53 support.mozilla.org udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
GB 92.123.142.185:80 th.bing.com tcp
GB 92.123.142.185:80 th.bing.com tcp
GB 92.123.142.185:80 th.bing.com tcp
GB 92.123.142.185:80 th.bing.com tcp
GB 92.123.142.185:80 th.bing.com tcp
GB 92.123.142.185:80 th.bing.com tcp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 e-0001.e-msedge.net udp
US 8.8.8.8:53 e-0001.e-msedge.net udp
GB 2.17.209.64:80 e86303.dsca.akamaiedge.net tcp
GB 92.123.142.171:80 www.bing.com tcp
GB 2.17.209.64:80 e86303.dsca.akamaiedge.net tcp
US 8.8.8.8:53 8dbe9c81b61ae9e741a974b8e9028d54.clo.footprintdns.com udp
ES 68.221.64.26:80 8dbe9c81b61ae9e741a974b8e9028d54.clo.footprintdns.com tcp
US 8.8.8.8:53 mad21prdapp01-canary.spaincentral.cloudapp.azure.com udp
US 8.8.8.8:53 mad21prdapp01-canary.spaincentral.cloudapp.azure.com udp
ES 68.221.64.26:80 mad21prdapp01-canary.spaincentral.cloudapp.azure.com tcp
US 8.8.8.8:53 41f8309e73e7cb60213051a4cc623c79.clo.footprintdns.com udp
US 13.107.6.163:80 41f8309e73e7cb60213051a4cc623c79.clo.footprintdns.com tcp
US 8.8.8.8:53 b-0008.b-msedge.net udp
US 8.8.8.8:53 b-0008.b-msedge.net udp
US 8.8.8.8:53 d43f91c8af8f6b6191f2c03d9d8fc2e1.clo.footprintdns.com udp
US 204.79.197.222:80 d43f91c8af8f6b6191f2c03d9d8fc2e1.clo.footprintdns.com tcp
US 8.8.8.8:53 a-0019.standard.a-msedge.net udp
US 8.8.8.8:53 a-0019.standard.a-msedge.net udp
ES 68.221.64.26:80 mad21prdapp01-canary.spaincentral.cloudapp.azure.com tcp
ES 68.221.64.26:80 mad21prdapp01-canary.spaincentral.cloudapp.azure.com tcp
US 204.79.197.222:80 fp.msedge.net tcp
ES 68.221.64.26:80 mad21prdapp01-canary.spaincentral.cloudapp.azure.com tcp
US 13.107.6.163:80 b-0008.b-msedge.net tcp
US 204.79.197.222:80 fp.msedge.net tcp
US 8.8.8.8:53 fc1c4e7e19d29bdadca52f49c165b8de.clo.footprintdns.com udp
MY 20.17.11.191:80 fc1c4e7e19d29bdadca52f49c165b8de.clo.footprintdns.com tcp
US 8.8.8.8:53 jhz20prdapp01-canary.malaysiasouth.cloudapp.azure.com udp
MY 20.17.11.191:80 jhz20prdapp01-canary.malaysiasouth.cloudapp.azure.com tcp
US 8.8.8.8:53 jhz20prdapp01-canary.malaysiasouth.cloudapp.azure.com udp
US 8.8.8.8:53 cd924e1eeb2726744bb2a5ff4f62e035.clo.footprintdns.com udp
IE 20.123.29.87:80 cd924e1eeb2726744bb2a5ff4f62e035.clo.footprintdns.com tcp
US 8.8.8.8:53 db3prdapp01-canary.northeurope.cloudapp.azure.com udp
US 8.8.8.8:53 db3prdapp01-canary.northeurope.cloudapp.azure.com udp
IE 20.123.29.87:80 db3prdapp01-canary.northeurope.cloudapp.azure.com tcp
US 8.8.8.8:53 a654fcc759e1ddaa5eb0dc5f65f577bf.clo.footprintdns.com udp
US 204.79.197.222:80 a654fcc759e1ddaa5eb0dc5f65f577bf.clo.footprintdns.com tcp
IE 20.123.29.87:80 db3prdapp01-canary.northeurope.cloudapp.azure.com tcp
IE 20.123.29.87:80 db3prdapp01-canary.northeurope.cloudapp.azure.com tcp
US 8.8.8.8:53 e86303.dscx.akamaiedge.net udp
US 8.8.8.8:53 e86303.dscx.akamaiedge.net udp
MY 20.17.11.191:80 jhz20prdapp01-canary.malaysiasouth.cloudapp.azure.com tcp
MY 20.17.11.191:80 jhz20prdapp01-canary.malaysiasouth.cloudapp.azure.com tcp
US 204.79.197.222:80 a654fcc759e1ddaa5eb0dc5f65f577bf.clo.footprintdns.com tcp
N/A 127.0.0.1:49520 tcp
N/A 127.0.0.1:49528 tcp
MY 20.17.11.191:80 jhz20prdapp01-canary.malaysiasouth.cloudapp.azure.com tcp
US 8.8.8.8:53 fc1c4e7e19d29bdadca52f49c165b8de.clo.footprintdns.com udp
US 8.8.8.8:53 jhz20prdapp01-canary.malaysiasouth.cloudapp.azure.com udp
US 8.8.8.8:53 jhz20prdapp01-canary.malaysiasouth.cloudapp.azure.com udp
MY 20.17.11.191:80 jhz20prdapp01-canary.malaysiasouth.cloudapp.azure.com tcp
IE 20.123.29.87:80 db3prdapp01-canary.northeurope.cloudapp.azure.com tcp
US 8.8.8.8:53 cd924e1eeb2726744bb2a5ff4f62e035.clo.footprintdns.com udp
US 8.8.8.8:53 db3prdapp01-canary.northeurope.cloudapp.azure.com udp
US 8.8.8.8:53 db3prdapp01-canary.northeurope.cloudapp.azure.com udp
US 8.8.8.8:53 cd924e1eeb2726744bb2a5ff4f62e035.clo.footprintdns.com udp
IE 20.123.29.87:80 cd924e1eeb2726744bb2a5ff4f62e035.clo.footprintdns.com tcp
US 8.8.8.8:53 cd924e1eeb2726744bb2a5ff4f62e035.clo.footprintdns.com udp
US 8.8.8.8:53 e86303.dscx.akamaiedge.net udp
IE 20.123.29.87:80 cd924e1eeb2726744bb2a5ff4f62e035.clo.footprintdns.com tcp
US 8.8.8.8:53 e86303.dscx.akamaiedge.net udp
IE 20.123.29.87:80 cd924e1eeb2726744bb2a5ff4f62e035.clo.footprintdns.com tcp
MY 20.17.11.191:80 jhz20prdapp01-canary.malaysiasouth.cloudapp.azure.com tcp
MY 20.17.11.191:80 jhz20prdapp01-canary.malaysiasouth.cloudapp.azure.com tcp
US 8.8.8.8:53 r.bing.com udp
GB 92.123.142.112:443 r.bing.com udp
US 8.8.8.8:53 a4.bing.com udp
US 8.8.8.8:53 e86303.dsca.akamaiedge.net udp
US 8.8.8.8:53 e86303.dsca.akamaiedge.net udp
GB 92.123.142.178:443 www.bing.com tcp
GB 92.123.142.178:443 www.bing.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.112.22:443 collector.github.com tcp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 140.82.112.22:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.109.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 java.com udp
GB 92.123.142.98:80 java.com tcp
GB 92.123.142.98:80 java.com tcp
US 8.8.8.8:53 www.java.com udp
GB 92.123.142.98:80 www.java.com tcp
GB 92.123.142.98:80 www.java.com tcp
GB 92.123.142.98:443 www.java.com tcp
US 8.8.8.8:53 static.ocecdn.oraclecloud.com udp
GB 104.103.246.175:443 static.ocecdn.oraclecloud.com tcp
GB 104.103.246.175:443 static.ocecdn.oraclecloud.com tcp
US 8.8.8.8:53 s.go-mpulse.net udp
GB 95.100.244.132:443 s.go-mpulse.net tcp
GB 95.100.244.132:443 s.go-mpulse.net tcp
GB 92.123.142.98:443 www.java.com tcp
GB 92.123.142.98:443 www.java.com tcp
US 8.8.8.8:53 c.go-mpulse.net udp
GB 2.18.108.132:443 c.go-mpulse.net tcp
GB 2.18.108.132:443 c.go-mpulse.net tcp
GB 92.123.142.98:443 www.java.com tcp
US 8.8.8.8:53 c.oracleinfinity.io udp
US 8.8.8.8:53 www.oracle.com udp
GB 95.100.246.138:443 www.oracle.com tcp
GB 92.123.142.178:443 c.oracleinfinity.io tcp
GB 92.123.142.178:443 c.oracleinfinity.io tcp
GB 95.100.246.138:443 www.oracle.com tcp
US 8.8.8.8:53 dc.oracleinfinity.io udp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
US 8.8.8.8:53 a4.bing.com udp
US 8.8.8.8:53 a4.bing.com udp
GB 92.123.142.130:80 www.bing.com tcp
GB 92.123.142.130:80 www.bing.com tcp
GB 92.123.142.130:80 www.bing.com tcp
GB 92.123.142.130:80 www.bing.com tcp
GB 92.123.142.130:80 www.bing.com tcp
US 8.8.8.8:53 e86303.dscx.akamaiedge.net udp
US 8.8.8.8:53 e86303.dscx.akamaiedge.net udp
GB 92.123.142.130:443 www.bing.com udp
GB 2.17.209.64:80 a4.bing.com tcp
US 8.8.8.8:53 e86303.dscx.akamaiedge.net udp
US 8.8.8.8:53 e86303.dscx.akamaiedge.net udp
US 8.8.8.8:53 e86303.dsca.akamaiedge.net udp
GB 92.123.142.130:443 e86303.dscx.akamaiedge.net tcp
GB 92.123.142.130:443 e86303.dscx.akamaiedge.net tcp
US 8.8.8.8:53 e86303.dscx.akamaiedge.net udp
US 8.8.8.8:53 a4.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 e86303.dsca.akamaiedge.net udp
GB 92.123.142.162:80 th.bing.com tcp
GB 92.123.142.162:80 th.bing.com tcp
US 8.8.8.8:53 th.bing.com udp
GB 92.123.142.130:80 th.bing.com tcp
GB 2.17.209.64:80 a4.bing.com tcp
US 104.18.33.89:80 www.bing.com.cdn.cloudflare.net tcp
US 8.8.8.8:53 8dbe9c81b61ae9e741a974b8e9028d54.clo.footprintdns.com udp
US 8.8.8.8:53 41f8309e73e7cb60213051a4cc623c79.clo.footprintdns.com udp
US 8.8.8.8:53 d43f91c8af8f6b6191f2c03d9d8fc2e1.clo.footprintdns.com udp
US 8.8.8.8:53 b-0008.b-msedge.net udp
US 8.8.8.8:53 a-0019.standard.a-msedge.net udp
US 8.8.8.8:53 mad21prdapp01-canary.spaincentral.cloudapp.azure.com udp
US 8.8.8.8:53 fc1c4e7e19d29bdadca52f49c165b8de.clo.footprintdns.com udp
US 8.8.8.8:53 mad21prdapp01-canary.spaincentral.cloudapp.azure.com udp
US 8.8.8.8:53 cd924e1eeb2726744bb2a5ff4f62e035.clo.footprintdns.com udp
US 8.8.8.8:53 jhz20prdapp01-canary.malaysiasouth.cloudapp.azure.com udp
US 8.8.8.8:53 a654fcc759e1ddaa5eb0dc5f65f577bf.clo.footprintdns.com udp
US 8.8.8.8:53 db3prdapp01-canary.northeurope.cloudapp.azure.com udp
US 8.8.8.8:53 jhz20prdapp01-canary.malaysiasouth.cloudapp.azure.com udp
US 8.8.8.8:53 db3prdapp01-canary.northeurope.cloudapp.azure.com udp
US 8.8.8.8:53 en.wikipedia.org udp
GB 2.17.209.64:80 a4.bing.com tcp
GB 92.123.142.162:80 www.bing.com tcp
GB 92.123.142.162:80 www.bing.com tcp
GB 92.123.142.162:80 www.bing.com tcp
GB 92.123.142.162:80 www.bing.com tcp
US 8.8.8.8:53 dyna.wikimedia.org udp
US 8.8.8.8:53 e11290.dspg.akamaiedge.net udp
US 8.8.8.8:53 dyna.wikimedia.org udp
US 8.8.8.8:53 e11290.dspg.akamaiedge.net udp
GB 2.17.209.64:80 a4.bing.com tcp
GB 2.17.209.64:80 a4.bing.com tcp
GB 92.123.142.130:80 www.bing.com tcp
US 8.8.8.8:53 bing.com udp
US 8.8.8.8:53 bing.com udp
GB 92.123.142.130:80 www.bing.com tcp
US 8.8.8.8:53 9754473ea8c77e873167b7ab44dad47e.clo.footprintdns.com udp
US 13.107.4.254:80 9754473ea8c77e873167b7ab44dad47e.clo.footprintdns.com tcp
US 8.8.8.8:53 c-9999.c-msedge.net udp
US 8.8.8.8:53 c-9999.c-msedge.net udp
US 8.8.8.8:53 85b58c4f78cfa685a956cb19059db969.clo.footprintdns.com udp
US 13.107.4.254:80 85b58c4f78cfa685a956cb19059db969.clo.footprintdns.com tcp
US 8.8.8.8:53 15f20032d0f12aca54707d36f92c9a15.clo.footprintdns.com udp
FR 20.111.38.59:80 15f20032d0f12aca54707d36f92c9a15.clo.footprintdns.com tcp
US 8.8.8.8:53 par20prdapp01-canary.francecentral.cloudapp.azure.com udp
US 8.8.8.8:53 par20prdapp01-canary.francecentral.cloudapp.azure.com udp
FR 20.111.38.59:80 par20prdapp01-canary.francecentral.cloudapp.azure.com tcp
FR 20.111.38.59:80 par20prdapp01-canary.francecentral.cloudapp.azure.com tcp
FR 20.111.38.59:80 par20prdapp01-canary.francecentral.cloudapp.azure.com tcp
GB 92.123.142.177:443 www.bing.com udp
GB 92.123.142.177:443 www.bing.com tcp
US 8.8.8.8:53 www.java.com udp
GB 92.123.142.98:443 www.java.com tcp
US 8.8.8.8:53 e91569.dscx.akamaiedge.net udp
US 8.8.8.8:53 e91569.dscx.akamaiedge.net udp
US 8.8.8.8:53 static.ocecdn.oraclecloud.com udp
GB 104.103.246.175:443 static.ocecdn.oraclecloud.com tcp
US 8.8.8.8:53 e11445.dscx.akamaiedge.net udp
US 8.8.8.8:53 e11445.dscx.akamaiedge.net udp
US 8.8.8.8:53 s.go-mpulse.net udp
GB 95.100.244.132:443 s.go-mpulse.net tcp
US 8.8.8.8:53 e4518.dscx.akamaiedge.net udp
US 8.8.8.8:53 e4518.dscx.akamaiedge.net udp
US 8.8.8.8:53 c.go-mpulse.net udp
GB 2.18.108.132:443 c.go-mpulse.net tcp
US 8.8.8.8:53 e4518.dscapi7.akamaiedge.net udp
US 8.8.8.8:53 e4518.dscapi7.akamaiedge.net udp
US 204.79.197.222:80 fp.msedge.net tcp
GB 2.18.108.132:443 e4518.dscapi7.akamaiedge.net udp
US 8.8.8.8:53 www.oracle.com udp
US 8.8.8.8:53 e2581.dscx.akamaiedge.net udp
GB 95.100.246.138:443 e2581.dscx.akamaiedge.net tcp
GB 95.100.246.138:443 e2581.dscx.akamaiedge.net tcp
US 8.8.8.8:53 e2581.dscx.akamaiedge.net udp
US 8.8.8.8:53 c.oracleinfinity.io udp
US 8.8.8.8:53 e212895.x.akamaiedge.net udp
GB 92.123.142.128:443 e212895.x.akamaiedge.net tcp
US 8.8.8.8:53 e212895.x.akamaiedge.net udp
GB 92.123.142.128:443 e212895.x.akamaiedge.net tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
US 8.8.8.8:53 dc.oracleinfinity.io.akadns.net udp
US 8.8.8.8:53 dc.oracleinfinity.io.akadns.net udp
US 8.8.8.8:53 consent.trustarc.com udp
IE 18.66.171.2:443 consent.trustarc.com tcp
US 8.8.8.8:53 consent.trustarc.com udp
US 8.8.8.8:53 consent.trustarc.com udp
GB 147.154.230.206:443 dc.oracleinfinity.io.akadns.net tcp
GB 147.154.230.206:443 dc.oracleinfinity.io.akadns.net tcp
US 8.8.8.8:53 consent-pref.trustarc.com udp
IE 13.224.68.96:443 consent-pref.trustarc.com tcp
US 8.8.8.8:53 consent-pref.trustarc.com udp
US 8.8.8.8:53 consent-pref.trustarc.com udp
US 8.8.8.8:53 consent-st.trustarc.com udp
IE 3.162.140.90:443 consent-st.trustarc.com tcp
US 8.8.8.8:53 consent-st.trustarc.com udp
US 8.8.8.8:53 consent-st.trustarc.com udp
US 8.8.8.8:53 consent-pref.trustarc.com udp
US 8.8.8.8:53 consent-pref.trustarc.com udp
US 8.8.8.8:53 dpm.demdex.net udp
US 8.8.8.8:53 dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com udp
IE 63.32.81.13:443 dpm.demdex.net tcp
US 8.8.8.8:53 dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 consent-pref.trustarc.com udp
US 8.8.8.8:53 consent-pref.trustarc.com udp
US 8.8.8.8:53 oracle.sc.omtrdc.net udp
IE 66.235.152.221:443 oracle.sc.omtrdc.net tcp
US 8.8.8.8:53 oracle.sc.omtrdc.net udp
US 8.8.8.8:53 oracle.sc.omtrdc.net udp
US 8.8.8.8:53 consent-pref.trustarc.com udp
US 8.8.8.8:53 consent-pref.trustarc.com udp
US 8.8.8.8:53 e13073.dscx.akamaiedge.net udp
GB 104.103.251.196:443 e13073.dscx.akamaiedge.net tcp
US 8.8.8.8:53 e13073.dscx.akamaiedge.net udp
US 8.8.8.8:53 e2875.dscd.akamaiedge.net udp
GB 2.21.184.113:443 e2875.dscd.akamaiedge.net tcp
US 8.8.8.8:53 e2875.dscd.akamaiedge.net udp
US 8.8.8.8:53 javadl-esd-secure.oracle.com udp
GB 2.22.96.153:443 javadl-esd-secure.oracle.com tcp
GB 104.103.251.196:443 e13073.dscx.akamaiedge.net tcp
GB 2.21.184.113:443 e2875.dscd.akamaiedge.net tcp
US 8.8.8.8:53 e86303.dscx.akamaiedge.net udp
US 8.8.8.8:53 e86303.dscx.akamaiedge.net udp
US 8.8.8.8:53 rps-svcs.oracle.com udp
GB 2.22.96.153:443 rps-svcs.oracle.com tcp
US 8.8.8.8:53 java.com udp
US 8.8.8.8:53 www.java.com udp
US 8.8.8.8:53 static.ocecdn.oraclecloud.com udp
US 8.8.8.8:53 s.go-mpulse.net udp
GB 92.123.142.98:80 www.java.com tcp
GB 92.123.142.98:80 www.java.com tcp
GB 104.103.246.175:443 static.ocecdn.oraclecloud.com tcp
GB 95.100.244.132:443 s.go-mpulse.net tcp
GB 92.123.142.98:443 www.java.com tcp
GB 92.123.142.98:443 www.java.com tcp
US 8.8.8.8:53 c.go-mpulse.net udp
GB 2.18.108.132:443 c.go-mpulse.net tcp
GB 2.18.108.132:443 c.go-mpulse.net tcp
US 8.8.8.8:53 c.oracleinfinity.io udp
US 8.8.8.8:53 www.oracle.com udp
GB 92.123.142.178:443 c.oracleinfinity.io tcp
GB 92.123.142.178:443 c.oracleinfinity.io tcp
GB 95.100.246.138:443 www.oracle.com tcp
GB 95.100.246.138:443 www.oracle.com tcp
GB 92.123.142.98:443 www.java.com tcp
US 8.8.8.8:53 sjremetrics.java.com udp
IE 66.235.152.156:443 sjremetrics.java.com tcp
N/A 127.0.0.1:53983 tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
N/A 127.0.0.1:53988 tcp
US 8.8.8.8:53 cdn.dcrat.ru udp
US 172.67.145.169:443 cdn.dcrat.ru tcp
US 172.67.145.169:443 cdn.dcrat.ru tcp
GB 92.123.142.152:80 www.bing.com tcp
US 8.8.8.8:53 e86303.dscx.akamaiedge.net udp
US 8.8.8.8:53 e86303.dscx.akamaiedge.net udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 a4.bing.com udp
US 8.8.8.8:53 e86303.dsca.akamaiedge.net udp
US 8.8.8.8:53 www.bing.com.cdn.cloudflare.net udp
GB 92.123.142.152:80 e86303.dscx.akamaiedge.net tcp
GB 92.123.142.152:80 e86303.dscx.akamaiedge.net tcp
US 8.8.8.8:53 th.bing.com udp
GB 92.123.142.168:443 r.bing.com udp
GB 92.123.142.152:80 th.bing.com tcp
US 8.8.8.8:53 www.bing.com.cdn.cloudflare.net udp
GB 92.123.142.168:443 r.bing.com udp
US 8.8.8.8:53 www.msn.com udp
US 8.8.8.8:53 www.start.gg udp
US 8.8.8.8:53 www.takelessons.com udp
US 8.8.8.8:53 a-0016.a-msedge.net udp
US 8.8.8.8:53 a-0003.a-msedge.net udp
US 8.8.8.8:53 s-part-0036.t-0009.t-msedge.net udp
US 8.8.8.8:53 s-part-0036.t-0009.t-msedge.net udp
US 8.8.8.8:53 outlook.com udp
US 8.8.8.8:53 microsoft365.com udp
GB 92.123.142.152:80 th.bing.com tcp
GB 92.123.142.152:80 th.bing.com tcp
US 8.8.8.8:53 outlook.com udp
US 8.8.8.8:53 www.onenote.com udp
GB 2.17.209.64:80 e86303.dsca.akamaiedge.net tcp
GB 2.17.209.64:80 e86303.dsca.akamaiedge.net tcp
GB 2.17.209.64:80 e86303.dsca.akamaiedge.net tcp
GB 2.17.209.64:80 e86303.dsca.akamaiedge.net tcp
GB 2.17.209.64:80 e86303.dsca.akamaiedge.net tcp
GB 2.17.209.64:80 e86303.dsca.akamaiedge.net tcp
US 8.8.8.8:53 assets.msn.com udp
US 8.8.8.8:53 microsoft365.com udp
US 8.8.8.8:53 platform.bing.com udp
US 8.8.8.8:53 sway.office.com udp
US 8.8.8.8:53 microsoft365.com udp
GB 92.123.142.152:80 th.bing.com tcp
US 8.8.8.8:53 onedrive.live.com udp
US 8.8.8.8:53 sway.com udp
US 8.8.8.8:53 calendar.live.com udp
US 8.8.8.8:53 dual-spov-0006.spov-msedge.net udp
US 8.8.8.8:53 sway.com udp
US 8.8.8.8:53 calendar.live.com udp
US 8.8.8.8:53 outlook.live.com udp
US 8.8.8.8:53 olc-g2.tm-4.office.com udp
US 8.8.8.8:53 e28578.d.akamaiedge.net udp
US 8.8.8.8:53 e11290.dspg.akamaiedge.net udp
US 8.8.8.8:53 olc-g2.tm-4.office.com udp
US 8.8.8.8:53 dual-a-0034.a-msedge.net udp
GB 92.123.142.152:80 th.bing.com tcp
GB 92.123.142.152:80 th.bing.com tcp
GB 92.123.142.152:80 th.bing.com tcp
GB 92.123.142.152:80 th.bing.com tcp
GB 92.123.142.152:80 th.bing.com tcp
GB 92.123.142.152:80 th.bing.com tcp
GB 92.123.142.152:80 th.bing.com tcp
US 8.8.8.8:53 e11290.dspg.akamaiedge.net udp
US 8.8.8.8:53 dual-a-0034.a-msedge.net udp
US 104.18.33.89:80 www.bing.com.cdn.cloudflare.net tcp
US 8.8.8.8:53 support.microsoft.com udp
US 8.8.8.8:53 help.bing.microsoft.com udp
US 8.8.8.8:53 e3843.dscb.akamaiedge.net udp
US 8.8.8.8:53 waws-prod-bay-231-5e23.westus.cloudapp.azure.com udp
US 8.8.8.8:53 e3843.dscb.akamaiedge.net udp
GB 92.123.142.152:80 th.bing.com tcp
GB 92.123.142.152:80 th.bing.com tcp
GB 92.123.142.152:80 th.bing.com tcp
GB 92.123.142.152:80 th.bing.com tcp
GB 92.123.142.152:80 th.bing.com tcp
GB 92.123.142.152:80 th.bing.com tcp
GB 92.123.142.152:80 th.bing.com tcp
GB 92.123.142.137:80 th.bing.com tcp
GB 92.123.142.137:80 th.bing.com tcp
GB 92.123.142.137:80 th.bing.com tcp
GB 92.123.142.137:80 th.bing.com tcp
GB 92.123.142.137:80 th.bing.com tcp
GB 92.123.142.137:80 th.bing.com tcp
GB 92.123.142.137:80 th.bing.com tcp
GB 92.123.142.137:80 th.bing.com tcp
US 8.8.8.8:53 bing.com udp
US 8.8.8.8:53 bing.com udp
GB 2.17.209.64:80 e86303.dsca.akamaiedge.net tcp
GB 92.123.142.152:80 th.bing.com tcp
GB 92.123.142.152:80 th.bing.com tcp
US 8.8.8.8:53 c2c3dc4e89912beaf4df5ca2289c46d7.clo.footprintdns.com udp
US 8.8.8.8:53 s-9999.s-msedge.net udp
US 13.107.3.254:80 s-9999.s-msedge.net tcp
US 8.8.8.8:53 s-9999.s-msedge.net udp
US 8.8.8.8:53 d6fae920885c74dfdf0af671f8608d4e.clo.footprintdns.com udp
AU 20.37.4.118:80 d6fae920885c74dfdf0af671f8608d4e.clo.footprintdns.com tcp
US 8.8.8.8:53 cbr20prdapp01-canary.australiacentral.cloudapp.azure.com udp
US 8.8.8.8:53 cbr20prdapp01-canary.australiacentral.cloudapp.azure.com udp
AU 20.37.4.118:80 cbr20prdapp01-canary.australiacentral.cloudapp.azure.com tcp
US 8.8.8.8:53 browserdefaults.microsoft.com udp
US 8.8.8.8:53 waws-prod-sn1-021.southcentralus.cloudapp.azure.com udp
US 8.8.8.8:53 waws-prod-sn1-021.southcentralus.cloudapp.azure.com udp
GB 92.123.142.152:443 th.bing.com udp
GB 92.123.142.152:443 th.bing.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.114.22:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 6280e0b06f1c84469379a8344984557c.clo.footprintdns.com udp
US 20.115.155.233:80 6280e0b06f1c84469379a8344984557c.clo.footprintdns.com tcp
US 8.8.8.8:53 mwh01prdapp02-canary.westus2.cloudapp.azure.com udp
US 8.8.8.8:53 mwh01prdapp02-canary.westus2.cloudapp.azure.com udp
US 20.115.155.233:80 mwh01prdapp02-canary.westus2.cloudapp.azure.com tcp
GB 92.123.142.152:80 th.bing.com tcp
AU 20.37.4.118:80 cbr20prdapp01-canary.australiacentral.cloudapp.azure.com tcp
AU 20.37.4.118:80 cbr20prdapp01-canary.australiacentral.cloudapp.azure.com tcp
US 20.115.155.233:80 mwh01prdapp02-canary.westus2.cloudapp.azure.com tcp
US 20.115.155.233:80 mwh01prdapp02-canary.westus2.cloudapp.azure.com tcp
US 204.79.197.222:80 fp.msedge.net tcp
US 8.8.8.8:53 a-0019.standard.a-msedge.net udp
US 8.8.8.8:53 e86303.dscx.akamaiedge.net udp
US 8.8.8.8:53 e86303.dscx.akamaiedge.net udp
US 8.8.8.8:53 d6fae920885c74dfdf0af671f8608d4e.clo.footprintdns.com udp
AU 20.37.4.118:80 d6fae920885c74dfdf0af671f8608d4e.clo.footprintdns.com tcp
US 8.8.8.8:53 cbr20prdapp01-canary.australiacentral.cloudapp.azure.com udp
US 8.8.8.8:53 cbr20prdapp01-canary.australiacentral.cloudapp.azure.com udp
US 8.8.8.8:53 d6fae920885c74dfdf0af671f8608d4e.clo.footprintdns.com udp
AU 20.37.4.118:80 d6fae920885c74dfdf0af671f8608d4e.clo.footprintdns.com tcp
US 8.8.8.8:53 d6fae920885c74dfdf0af671f8608d4e.clo.footprintdns.com udp
US 20.115.155.233:80 mwh01prdapp02-canary.westus2.cloudapp.azure.com tcp
US 8.8.8.8:53 6280e0b06f1c84469379a8344984557c.clo.footprintdns.com udp
US 8.8.8.8:53 mwh01prdapp02-canary.westus2.cloudapp.azure.com udp
US 8.8.8.8:53 mwh01prdapp02-canary.westus2.cloudapp.azure.com udp
US 8.8.8.8:53 6280e0b06f1c84469379a8344984557c.clo.footprintdns.com udp
US 20.115.155.233:80 6280e0b06f1c84469379a8344984557c.clo.footprintdns.com tcp
US 8.8.8.8:53 6280e0b06f1c84469379a8344984557c.clo.footprintdns.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 api.github.com udp
AU 20.37.4.118:80 d6fae920885c74dfdf0af671f8608d4e.clo.footprintdns.com tcp
AU 20.37.4.118:80 d6fae920885c74dfdf0af671f8608d4e.clo.footprintdns.com tcp
US 20.115.155.233:80 6280e0b06f1c84469379a8344984557c.clo.footprintdns.com tcp
US 20.115.155.233:80 6280e0b06f1c84469379a8344984557c.clo.footprintdns.com tcp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 185.199.109.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 8.8.8.8:53 e86303.dscx.akamaiedge.net udp
US 8.8.8.8:53 e86303.dscx.akamaiedge.net udp
N/A 127.0.0.1:8848 tcp
N/A 127.0.0.1:8848 tcp
N/A 127.0.0.1:8848 tcp
N/A 127.0.0.1:8848 tcp
N/A 127.0.0.1:8848 tcp
N/A 127.0.0.1:8848 tcp

Files

memory/2876-0-0x000000013F4E0000-0x000000013F8FF000-memory.dmp

memory/2876-1-0x000000013F4E0000-0x000000013F8FF000-memory.dmp

C:\Users\Admin\Desktop\ConfirmReceive.otf

MD5 384e2f99f005ca16a4bca18e21605e08
SHA1 befe738e518d035c41a2c233a0888f41410bde54
SHA256 845e623ef22daff650c50c606579fc02039ec8c5f661db9d57ffcc00650a589f
SHA512 ac151d9221037fa29be6b3e46b36d04996d2336110d38393218fadd83de8a6f8773ba29423f932cbb39da45c000ddd060bb1dddfbcf3d05e5943660960f52b1d

C:\Users\Admin\Desktop\DebugReset.jpe

MD5 e243817892d66ba4cfd54263c5668ab4
SHA1 5f0b90335457d5066e0ad55fef27509f4b0cb024
SHA256 133c504945fb315ce4685a4acc5e7288ef99c19b33c7e90328985d5681e6a0a2
SHA512 df2e438c7d7f69eac7024d8b536eb42acfe2ba573cfcf327da23826d95aec03f12b08e2cce5f82d76c5eed49f316be4721296cef609101b73b7d38e8ad33dbc5

C:\Users\Admin\Desktop\DenyClear.jpe

MD5 4ba723ce4bcc2a3edefe8a363e53e4c8
SHA1 205a4fb56244c6f23f3ce9ba7a7be8b3b547cf90
SHA256 fd51d245daa6c5723ee3230654dfd1e6c2d1d74305cd427c819f72e58e7058b5
SHA512 632dff0f6031bdb702a55c869cffc27377d2bb08b3aefd7958ab9b80ff4bca84fd9245bd72a7f4febdf68d5978df49f52e67ae4ec5b43287c9aa5a5136e91e21

C:\Users\Admin\Desktop\DisconnectWrite.avi

MD5 356c92d1883dfdf423294ae9cc04dafd
SHA1 d80d174921c283ddfbbdb17a1fb696efe86b83d3
SHA256 b29d15ace305ff6a2ae72c22b995169d17a007e8e38600bff9fdffff99783857
SHA512 5810ed8ddb389bca22cbe35d5bf83b7da38837b16820e2afda707818f54c9189dc046f78388a4a07d81af4ff63eec06e228835fdfe697b0d2e7bdd2b0af9a70d

C:\Users\Admin\Desktop\DismountTest.mht

MD5 2e8fe065ffee7f89fbf0be64f109138d
SHA1 0aa3b4d0f7b2b78fd6da1bf42d6c0b72a82856a1
SHA256 0c24fd5356bec942cbb7894fe30a04f5e9545447e51185d7a05832f9c4db62db
SHA512 585ff98e9c2809b288d8ad4734bbec1da2a07dd4c6195f6fca2d6fc27248520d66ef56c99f0f5f3bf0047a45115d07b940ab4efb65e168a8bf35bf09aa117529

C:\Users\Admin\Desktop\EnterMerge.mht

MD5 01ab3edca875aa6787ccb00462bda8a8
SHA1 e6a84abfbf7ed7aa949f0405652d7f59ff576552
SHA256 184b30944cd4653c95b5636dd3616d8f18e7eed2c4c04a4d0db77a2c7d3c496e
SHA512 c4d809a06a7e4c962096d03ef92bf9a27293e2bcbee1ebeb329702772d9b9b108a8d1f3954b7823fe0e61731a8fec7ea175a6908765b578252516d6a411f63f9

C:\Users\Admin\Desktop\GetConnect.wax

MD5 a1b6930d673ea4630bf1d2fd9cc3edca
SHA1 93a436301c213cefd38cbec25d590f8e0ba0bfb3
SHA256 cc3ceb5a0077d950ed0575e0dcb219122d94f3a30388d7ba067fe0a3f2f5cb92
SHA512 f7b11cf28f3273ffe4a524d72e70f54b6f4603aad20aa3448514fb1168041377364a6f19fdd2edc9bde492734310f9f6c3748818d1d7987851c792b48a335aa9

C:\Users\Admin\Desktop\GetMerge.TS

MD5 dc10033aafcbd11b15b167676210d59e
SHA1 31e8ba3ef7cbd4a344812d88063a39900f133338
SHA256 83733d390516a5b8243c992405e95ec42da26086e985db043c9235e04e2eceea
SHA512 516e4a386dcbfd08aeefed486146cf0349c41e9f829dbb4e66cb91fa47a64ca8c809212c7749c1d19091c18b4e1aeb7683e724f76db431580c4b053539ef8109

C:\Users\Admin\Desktop\InitializeConvert.wmx

MD5 a01b60dc329ae503d2fd7fc987163d76
SHA1 d1965a525413f9a0cfe8c4f756a01a5d477d2337
SHA256 fdc260d5b23d8935e8cd96560192bdab35e115cba229aa4a8aa4cc3f84682ce8
SHA512 1f122a91a1c0363ee7d7974468e74060f2163b753ca09847d92307cd63a8cf640c9334de04a2601a461e0f9ef318690f72e72e5c652bb73a8c3483ed9c98c2ff

C:\Users\Admin\Desktop\InvokeInstall.mpv2

MD5 9df624592c53cace58fdd6de91f18d29
SHA1 aeb94900600f201aba184e9b03abe8184cb7022c
SHA256 d5f526561e8b3b444cb5dc5c70c77a8481a0c7f8541739029b746c9834893691
SHA512 65f2d729aff18f8e39bb5ec09f645cfaad571a73f59652116018880358b8fe3a8d802bb70cd406fffb3b8792e668f549621241b1379eec2d4ef01ac387c1eec8

C:\Users\Admin\Desktop\LockPush.cfg

MD5 452bfa0f2026a80642f7c588ed3da730
SHA1 b1ef8cf455b469ff1293e8614f6aa69dde37a45f
SHA256 c41ab7bbee1a7bc97e1007ad259c8a4763e8fd5ba6ffcb9b167cf461c7f0ef9b
SHA512 ffd986d4f08990d999640314891470b3a2cc64ae828371505fc04643a373b11aed8610fea90da2fe0f3874c92a851335cde9fbfe2d8a52d69bb4993c02d23ad5

C:\Users\Admin\Desktop\OutDismount.au3

MD5 fce420df0aa3b5145ef7380ad4d5a0cf
SHA1 ef5ceacce1ff1ee086cda86636dd120ff9b8fa7a
SHA256 22ca25793e3bbc76b4ec7c0b422ac167286f499ac5f2890597a2cdc6f13d22ed
SHA512 3a1c4d8ceddcef2c3fc4ff215d03ff25ff4311a238c8b57e60eb26efe984eb0a36dbbcbfc31e1414b0b3af148d12329274e9f4a1a58f374815079b4bd97f8b76

C:\Users\Admin\Desktop\RepairRestore.vssm

MD5 bc156b45adbdb9ce9d6cebb40009a6c8
SHA1 813d0fead1f6d7f88873c07ed189b4af8fe8c3c6
SHA256 3a69a5634c002161238d07acff21626570df634f28e442e3b0496a538b3e492a
SHA512 7a8158ad51d4b0a0d826ae49f2927767fc88cdc3f835c73ee7b71c54f0d0b7615093702a24b909cf1be4d601ac6b75bcef8455f9d75ad807c6b53c9850e4f3c2

C:\Users\Admin\Desktop\PopFind.potm

MD5 f864098ab17b60d441f7b0b962bf347d
SHA1 84fd4818028c0b4563c863bc24dd06e7f2330253
SHA256 7f84b49c26d24b64bb942c22da92d9c93eae31a83b324bbb0edd4e448ccbb805
SHA512 ab07f86278cd77e6d725bc6f061bf5812b5903833e0ffa6bb750cfc01b2eb9436cff953e267a577e6686d7c99454a7fd1899909a3c7466a90198f4482e6aa9a8

C:\Users\Admin\Desktop\RequestUnlock.wmf

MD5 dec76dd96c7b2a99cad6ac32ab3f223c
SHA1 4c73a99d50ea677123fd15780a70a89d89d750bc
SHA256 17516d3d6ac6f0f123e8b8f65e811202acdb62a191d34325b771e945a92e22b3
SHA512 34c500d942efb39d086ea2e2a179f8d65b2007cd9f59324a20ab56c1b80cc8282b43c1a25a0b4a512b706e099ef6d2a4a1004fc9311a54b3045f708f86ea12a0

C:\Users\Admin\Desktop\RestoreBlock.jpeg

MD5 f762ffd863d2bfe1002f21b59f4ab4c6
SHA1 53bc33e46dc4cb96d331b9fb12300af133910093
SHA256 819ebdefc64051d49af72009a0c1e3bd5450e2d6cca74ca6312159043b2e6b23
SHA512 ef8e1f20ccf32960525b8b04f21dfa3b281a4669d027ffac98563fbe715f602825a3e884bcb26be80c3f9b76e876a5f50d2125e82fe7169c24a80b3904fdb660

C:\Users\Admin\Desktop\ResumeConnect.MTS

MD5 e05d42b9419e7648cd2f65662da3a95c
SHA1 b30cef73c1a954097537a9f5e3e8c3ce8a7b691f
SHA256 d44c31fff86ff5539b7ef3cc604e6c5179075107a9cbe3095e5e8d9a6ecdcc7c
SHA512 c376b1060915e83a2fe026c760617a4902b9819d898c29e0c4f6c0bbe57e461c40a9c0dd19b173fafa24426d5eadf5438786df923efa46da5e5e00b9ec83218d

C:\Users\Admin\Desktop\RevokePing.asf

MD5 16ff531c3ce48672c39f31a348cb1719
SHA1 7c982508f7f7402258afb52435b26d28020cbe01
SHA256 7975e864e051c5afbc8bdf10788e0a1458acaea37dca5f3c8cf183751f9d9046
SHA512 b9ccff19347501e0009ea34c61f494e439dd7a879e426ea0c89504f186d62b02f8abd1ea8d8527d695e1dc392a1c134a434054c73430ef707e2aef0242557965

C:\Users\Admin\Desktop\RevokeUnregister.ex_

MD5 3c9d049ea841b23840572c327f348248
SHA1 7547f0ca3698728e0f87a3d1771e088b548936d7
SHA256 cd0dbc06b005d8bbbf1832c4f3701fff97f6588b49e30653f2b8492144d049da
SHA512 a0bf14e8990a70bd4b01b1c13a5c7fa846e4c892b8eb972fbfa041fb052899e2f990d276341e1ecabe9432cb69da704e5bea4729a647ca3bca04ea8e58041db0

C:\Users\Admin\Desktop\ResumeTrace.asp

MD5 3a372672bea245041ed45e86e5a05929
SHA1 d38d52ba238819812ed84b911af704213c17330d
SHA256 ab9ea8ff1bfcd1e157131b4d846068d581a001d158a1db2da7b5a0e96f842ab8
SHA512 4ca0d5043d2b9a94b3a75048c20eadc8d3c3c6892a5b982eb72aa5dc4fc4f29bb0ee354b8d9e2d41704019cd6870cf68778c3aab90e9dfb9546162ce54df12db

C:\Users\Admin\Desktop\RestartUnpublish.crw

MD5 eaae31127947d78af9ad54add64d1890
SHA1 7b3456299539ad93f712a9af8cb41add07f209fd
SHA256 99554db669fbb851153714b46d52ebc8b9fc6e0a03aa0718329d070df605e9b5
SHA512 93ea46cc95dd7d8ee33f6fb145f174e122ac245bbee989e597a1fdff931f6fec1b1c5baec2539ebf6c4f74bde03c0d4763deabd8fe52a321f804a4e9f11838c2

C:\Users\Admin\Desktop\DebugNew.xlsx

MD5 5c9fa5da02594019f8090b79393e7074
SHA1 2d7f6bed46c179357dd6a98bf2b75cd6a8425ddc
SHA256 128d028f15eaac01a26f0b0680c3e956314c4845bd26d7cfbc2a224439453383
SHA512 824e96dc6cb0280441e70c8666a5b19d11602186ce611caa9fb900150923ae69641e58c8ec7e4697a84648bf87973bc6b30262a1c76364d441f2080b6c7cedb5

C:\Users\Admin\Desktop\RenameDisconnect.docx

MD5 80d2a061390bf2c0ce7b465b99ef59d0
SHA1 20f146206ce7391b8e5830fc5c6447c51dc8c72b
SHA256 cbe054d59987771ce1b4f307397fa09751f7debeebe27bbc4d0615111b9fd88c
SHA512 03baaa041ff954f5cd59e7aaeec4e7b17fda3fb4b96fe3c8d32389c5787fda854d0f5ecae66919025731b76287f17e0013ed74384db7190d625935f1a6acb17c

C:\Users\Admin\Desktop\UseEdit.ods

MD5 3c0156aee020120366e845a62c66d3a8
SHA1 befe7a00c681b21c3407fb953f934018d6c13dea
SHA256 0652a42d1f6cf9b36cd05c8b0ec9f0f45683a328bb8a40cd0f11874da21e0d53
SHA512 69fb6442eebbc918c0faaa502c752193705f0cfb3c0b1d5ac34cf9d56c0fe28bb77b1a71d13dae80d4170934ecf1c1a29593d2ef5b0c848fbdeb3803b54c4a8d

C:\Users\Admin\Desktop\CompareBackup.dib

MD5 36f0fd8193190efa126d2314272b9a68
SHA1 686670da018ca72a16629dbe56e982b1b4da9f27
SHA256 45c2bcfaa94707a831370a1ec8ae164b251b3fbe1cb9a369112d166856c4b4b2
SHA512 29e8f3eeba661c6e46303af5c42ceec5642d6b970bd80fdba5c67d2c58449d4462d92e317157c6732c03e2318f4d3691e50c991d63e4220697fd7cb997597f07

memory/1928-28-0x00000000021B0000-0x00000000021B1000-memory.dmp

memory/1928-34-0x00000000021C0000-0x00000000021CA000-memory.dmp

memory/1928-33-0x00000000021C0000-0x00000000021CA000-memory.dmp

memory/1928-32-0x00000000021C0000-0x00000000021CA000-memory.dmp

memory/1928-31-0x00000000021C0000-0x00000000021CA000-memory.dmp

memory/1928-30-0x00000000021C0000-0x00000000021CA000-memory.dmp

memory/1928-29-0x00000000021C0000-0x00000000021CA000-memory.dmp

memory/1928-35-0x0000000002210000-0x000000000221A000-memory.dmp

memory/1928-47-0x0000000002210000-0x000000000221A000-memory.dmp

memory/1928-42-0x0000000002210000-0x000000000221A000-memory.dmp

memory/1928-41-0x0000000002210000-0x000000000221A000-memory.dmp

memory/1928-56-0x0000000000480000-0x0000000000580000-memory.dmp

memory/1928-57-0x0000000000480000-0x0000000000580000-memory.dmp

memory/1928-55-0x00000000092B0000-0x0000000009AB0000-memory.dmp

memory/1928-61-0x000007FEF51EB000-0x000007FEF5200000-memory.dmp

memory/1928-62-0x00000000021B0000-0x00000000021B1000-memory.dmp

memory/1928-68-0x00000000021C0000-0x00000000021CA000-memory.dmp

memory/1928-67-0x00000000021C0000-0x00000000021CA000-memory.dmp

memory/1928-66-0x00000000021C0000-0x00000000021CA000-memory.dmp

memory/1928-65-0x00000000021C0000-0x00000000021CA000-memory.dmp

memory/1928-64-0x00000000021C0000-0x00000000021CA000-memory.dmp

memory/1928-63-0x00000000021C0000-0x00000000021CA000-memory.dmp

memory/1928-69-0x0000000002210000-0x000000000221A000-memory.dmp

memory/1928-70-0x00000000092B0000-0x0000000009AB0000-memory.dmp

memory/1928-72-0x0000000000480000-0x0000000000580000-memory.dmp

memory/1928-71-0x0000000000480000-0x0000000000580000-memory.dmp

memory/1928-73-0x000007FEF51EB000-0x000007FEF5200000-memory.dmp

memory/1928-100-0x00000000021C0000-0x00000000021C4000-memory.dmp

memory/2924-101-0x000007FEF52D0000-0x000007FEF531C000-memory.dmp

memory/2924-102-0x000007FEF52D0000-0x000007FEF531C000-memory.dmp

\??\PIPE\samr

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

MD5 151fb811968eaf8efb840908b89dc9d4
SHA1 7ec811009fd9b0e6d92d12d78b002275f2f1bee1
SHA256 043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed
SHA512 83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7f5a1c2713776900b338cc3adae61f71
SHA1 b4f3079da38f1904a41e22bae8bcc9ef508f9f7b
SHA256 d9650dc0b44871da5e90b1f94b60405f642ad239184cdf84bfa0bd7d1c9fb524
SHA512 2eaccc98367c051f3c8ba19e069348fd637af94d5ef3e24940542c97a0bc8228d111bc049e7065ad8c140337f77cd5ae2951d01844c4bcd7e7c79c6056554325

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 062e93d34638d46bc60f0833c0369dc5
SHA1 eb83660a430f38e0e062a4e4beae107862e80031
SHA256 f12e9b0ddca4da3dfe4124b2788cd0297d8e1e8fcbb2f336a033fd690cbec9ea
SHA512 1f15bc18c1fec758f977fc6a567411453138c9250b2d7cde11ac1bd8a2fdfea3749a0347dcb52bca097540cb30fc0823ada242385b6013facceeb43b977c4c2b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\a2bd89de-0e5e-414f-8553-c5f3cae2537d.tmp

MD5 614ebf4e6dce31456a2346b1cd34671b
SHA1 4b705e5fdbfbd886e38f220951af6d87c6d479f5
SHA256 9f8c206083bfe9c686b315dcf6840fae906fbd570c7f8824e0f499e5e01c0263
SHA512 6a73f04e5c43aa3bf4400bb5decdbea268a50669d744cf24a99cf8ad6d1c76fe9182c9586655b8342bc2ea798d6e21ceed96d35fddb8f79ae139cfb58c84ed88

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c9f37fe28107b5302e77d9a28de8586b
SHA1 d0b00675369bcdf0f314d1285d3f70445e5b2a9e
SHA256 3eaf3964f3f1f94f301c70f464582e171b1515aed9d536fefa7b29a80584fdde
SHA512 8f95cf90305c0f7d73667888ca58eb084cd6ce75722f850ec98ec893807d592fe2c1e73509f575f3c09ff776bac8e6ba759252417b0b708dccd4721e4952d95b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\datareporting\glean\pending_pings\a876f858-184a-4f1f-b7ea-88bc5b2872cf

MD5 bcbe45877df3776e7583784169f916fd
SHA1 7afc9d449808499cb2e8cd9bca4b5110e4543e7c
SHA256 587afb6e747fc3f0857e5503026f51b9a9324447f6f1f269dd172b3a8bc8d465
SHA512 a7902da45d8936d0cea3345eb58006728fdc741add252eb0f04e0f6827abfed1a58697836c5d0f5742a27fcb7602887a4dec9543933ccffe97583eca7bb6038f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\datareporting\glean\db\data.safe.bin

MD5 01de5dfaaa01983e9dfb19a40b776898
SHA1 963d80bb87de281123b4a2f973e188c500211059
SHA256 f4bd4fd1bd8beb1ba88b9658f0fb5df5f82638f89c35fe973d8dadc6325322c2
SHA512 11b4b5c1e43bb1b8d16b4fd9455d4886ff5c2a2c0cf1fe089c5368804489e8268c563f0c7da616d371f7fe8f8e4cf61bec0d505660d6d89b907d279129152d0e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\datareporting\glean\pending_pings\30176b77-480b-4d08-9454-3e5b65ed414c

MD5 38fa15434a832b2e63d3a861a4f2b3e6
SHA1 827ebd59717de72deb928661cbf39c6f1f9359a3
SHA256 24ef97b50005907bc231af496bc8a993dac11cd12cbfe5dd9b563d82a3535c3e
SHA512 b80c9345ff378b01e6a1b652f133dbc7a400ac65bb7218cc452fc0481f239657a0a1db1d4271d18ff5a126eed2c0496b8b3179f879bf45438a614fa287297823

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\prefs-1.js

MD5 5b402eab419aa4385f35ca2374218e8a
SHA1 47f4d8f460d98f92d65cb03897d63bf096484eea
SHA256 571fe0e240f3441d8abe46f22ad369d8b274def0ec2544c3babbb3d20ac4f279
SHA512 29939566ada706ba89c56e7134e1cc9a1b180793f524a102f751b6b9cfd1d9ff991f5e69fb9ecbffcdf385a114e1067bc50036b22b2ff06a9601ffb65dd45510

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\activity-stream.discovery_stream.json.tmp

MD5 c7eabd036b0047576049f905ef9df4ab
SHA1 283b5128e9451f39c25691738eb52b5700ec84ef
SHA256 8f5072a0338e4928e1a9c0f741e3837d56bdd0b024e206e09f800440d40e72fd
SHA512 0080e9e1e13187310a14c3f4c149f9c48f76ddd9f77d241d860ca74f54a5b005be73ef37e56e20e5c085dd3e9f56b8377b5b6fcdb8fd94f337c0b9e2df8458ca

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\activity-stream.discovery_stream.json.tmp

MD5 a76f1e44608dcbcd1bf554ad68892e28
SHA1 e984ef13e0954308817fc89341a298e6b798bbf6
SHA256 a31b1a541bf14cc3040ddeec2e0a88690c3ec083e53548e9f09bb66cb19fe131
SHA512 82d667719854e94a44bb2e2860d0b9604418a640401ad5509c85fd279632d5bccc13175960ba358eefa4ee0ad6c35dfcaa6353a34609b6c5afc2be6587c61300

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\prefs-1.js

MD5 dd6f1011998679095b1ae0cc3218905b
SHA1 f9188e194cedb17d4b61a77a75f2bdc628bed122
SHA256 fb6630e3ce1dc0710b397029b6ce9ed41454100098692c9d0cd4a6c6697927ba
SHA512 dc69e9e3168af46be810a8f5e5bbf557b5ca8e9625072d498b416e79090461779a4ccf96e9f172b08bae965b26fa4041ac5fa12aa72ac00bdaa21ed558322283

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\sessionstore-backups\recovery.jsonlz4

MD5 0ff20c8feb342258d174ccd2dcf50a87
SHA1 5c4001aa7d83e9efae98ae6a27c1e2e919aa8e3e
SHA256 5ae6a4ac71413fbade68b95cd88d461e035dfe027c44dd7e7dcc9ebcf8250193
SHA512 b052d3661a45c4d24e97062b449025b0a7298c24e1af3aee291b67adbbb87b5036312657f596428651e8f55fee09fc7466a1faf94f70a02abab0c88471e90bc8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\0A73C6E23F02820E5C7F05AD9890531BF91D87DB

MD5 7c12271f2e46a3e56b6a11670c5f3dc0
SHA1 538e9523bcaa22b26d637e54c404f7d4508f06bf
SHA256 3170a59490fa0359464930acc4e4a2e74a49bc8b22998b9f0f861b90f476df60
SHA512 22d7427c327b282bb852013e21546ec712a646515ead1619a6056e9b24badcf540752cc800d691c8e22a5b5793f97f2214215c59235210434f4c3b273db905ec

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\98AF737DD946CA3B37F8CD63EC1E1756F57F2E19

MD5 6aab7ff7f15a6f771296eed3fefa77ce
SHA1 9051cb9c0143ea40e73a44f956c8b6f4fd3c68d4
SHA256 e22b884ac5bffc183a0af2def2cf2ff9480005833f60bf363108d1af4aad00fc
SHA512 2ed178e63ad95e846c075bf35aeebd345b9b2c9514150de81ea7d0853effc0fc9c624d515b4dc1cd574e8eab2a3bea68736d6cc40dfae9681db2851fc581f392

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\E560318F02F0E2FD35176F9FC365E72D99E1B64E

MD5 009e4256045d95985266b5542b6d08a4
SHA1 108a730c7b24e3a2df5db4e876f5cb1d7033000e
SHA256 df46ef1382c0e0fbd31b367f1387196a5b996c6d6673960ebe0a55550aac3f86
SHA512 d9176593c51d9cddd6f40d10492cb840a4c3645c4fa51479ae2bcdf384c13e51dab12d42fe8d37d2b7e25f4a90496146e9fc69e49959286b715ea61c1609db22

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\46C625DB4964C00323A8EF4C60828B52A454EBB4

MD5 b265fd90e09b27a2a0aa38b566d83458
SHA1 5cfc3d19a5ddbf05b18c154040ae192ed250587c
SHA256 94f94e56a85b9c97d36f657ab5e4d2ced79b54a266dfaf58ff63179d5c750c07
SHA512 891281ddc37c8c33251db273426aabc0b431ba3f9a9ebc879353f28218de775472e6334b29c7e8efda46e36c841d234ba1a41a73035eaecaaac57eebbe0b4194

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\971254C7341460E85C93D0821B91E9985A0B32D6

MD5 e910b54ee163de202b416329e62991fe
SHA1 202dbbda42fe04e41870c5a062e3d310c67399f6
SHA256 4db547d3d6e3d7d3cfef622b40a8cf30519edd801f51a7f3ac76ebf1118f7972
SHA512 39f1842a41ffbc7c51d8a00e14be2585bcb0624be29c8781eb038da62b2442a041a89a5080094aa484328c4236c8be90be7b22b98cd448d474ae94af0ec08bcd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\doomed\25293

MD5 5878fba9ab599ebcd0bfd142cf14bcf9
SHA1 80cb165185bb8f8f77adba6fdaae71a02a8812f3
SHA256 edc8f91f5accf2933827673a1968ebf33aa7a122ee7a256b85b553ae7465f0aa
SHA512 c3284d9e445b9016cecbb20f73ba0aae5521b187ddfa22badade011db74200ef1d38768a17810d26ac9065595487df476e59fdac06583e2645f9eaaef43b13bc

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\4C7B6F2CAD8B3C17C2BFE488FBEA72FE061AE34B

MD5 d8e8511dc107104f917c6655caa58b4a
SHA1 a3e5a37050e2d92be987f2d3e7f027208787409d
SHA256 4f2e4ac2f179e72a04e898b3d7de030079ebd9884fb3efcd255fcda75ce9f886
SHA512 e5db574326efeeb596ff612c6a1d7338799f9919331221e5d627d7182fbf28a3804613945ebf63164603b42ada88915403f7db14afb88c7e679c55c799153f8f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\doomed\11789

MD5 dd810be472110a0cb135103e4741c68e
SHA1 30e292167d03e03f6cd99d4127fa44795e03e57f
SHA256 6bbd8de6a41a3115001fba172a02215c44de8c6c5b41954189cf90913e6d4f72
SHA512 14851d80b4763a576ec96a75534bcd7b8f209e1504c738fd743bd9aadf05fc3abd68156675df011d57195c07e465f73770819e8559ec24a5c13ff8aeee791412

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\43AF6A0B96B65E9C285379BBE64C9DF77572921F

MD5 22b43d39216eb887642b3df71c27eaa8
SHA1 dc804027585450ad54c22e4a90432c2e8a69c4e3
SHA256 f8fb167dcf26276beb73ee52c91129f8693607aad722224a01ff1c57d049ac82
SHA512 d3609dd6be22a60cf6ba9048bac22312329b9c18fbefe060c904ec4cf4b5370eb2977396aa1964ac0bdd42490d635566f33671ae7f49630025bf6117818e4316

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\5F9C4CEAD18D2FA475DD203ED78FE0E48BA31D43

MD5 9aa015f35d1b3932d41bb87789d05acf
SHA1 7daf7fb8bd93fd911dbd6e5a925e8478f6e9c6a2
SHA256 6f7eebeaf83e82b08a7d4c4123cf1a68f3404b44ca612703902b9fea4a90d8de
SHA512 21edd0db1260199b09efff3ee99813262f8f1158bf69aac4900cb3f090561d065cf5d3eb6bd8ff171a7f4b0803947e6692dccc83f6182fde0fef8bee84c3579f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\C27B2D9AC49F68580850B0BF636591824BB8662D

MD5 6aa515540bfd3f26350cfd9253d9a17f
SHA1 35156ed3968a2d413046b41806de49abe6111238
SHA256 2f86727c27b2cf4755244b67c4f50f930efdb99b9e54f8096d702c52ef1ae583
SHA512 beaa4074c3a82adb2fb8cd42967b0efa9d66f316f015532ffa1c969a9864405b481f99acc29d134f684e0f87ee74497f595c9208c02a84ec14f0d6adaa7e6f9b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\61F9A63CB31614394E1C39B46B1F031053EB773F

MD5 92fd49c403642cad7f06fe94660f9a55
SHA1 ee526997460dd62454af2a38b28f2c36812e4d1c
SHA256 2e33d131efe1395afcd5562dfb0a2eb573a534fb6f4a75ad41721773aa616115
SHA512 29eedb6166775a96777c861812d4438d7e30c0e9d2cee3ace30879af6f55d206ac9d449a8f0e7c3447627d8188e8177ca4dfac5056f17c10a1e4d49c94cc495c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\64734067DA3FCAD3A190A95377C1AC95EC2B62AF

MD5 3473b4b5bc3a34379b9176ee9fdd6d61
SHA1 1151d4dbf9cc4e9b5046b3013e6df4ef66ec9e2d
SHA256 3324e9fe8ef5d768c128c311eeaacda58f760b6e35c2d6d9b3598713e4228b57
SHA512 d15bd6b729ab35ec2284affd59b1349a391f69dc75b36398bb9af383b5b0f0df910ecef0442123efc091c8021a3a8a68ec72d555d461f609f6558377dc5668ad

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\073A53A6BF006365842652FDC45660D1C05132D2

MD5 ba2c5c25227366dc4939e4fa6754d605
SHA1 c02f66c2e32d2ee9cfd729d3d2f2d8dda6ed5456
SHA256 fa6af6a4d9137627690ca2a1133002b24c266ce62ca177f841c3802dba5886a3
SHA512 2912ef4fae1e9a568ddb739b8f39cabb764d7e91d2e6df8697da579cfba3c74bfeea8a12976ab30a5a1e81f032b049a4443654dca1e2cb47a95c6fe5d476477b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\6718705F52A6665651669F64F054BCC011C4766A

MD5 2756b3f9f47b794d4fb966d870833a4e
SHA1 25ddc63ec817b21d4809ad6bf3e607bfe27b58b3
SHA256 b3d924a0988021286a9a2341794a3d237a73bb5ea6d4e198c702def1d9830383
SHA512 1fb9f4633062a167dd6263857ec697853cb81d469d6702d026133214c6bf43e659b8edcc1abb96e42d38adb3d2458b2c7cb58969e1392f38e5cda427e5487156

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\791F03BE7FAE2607B86B8ED490E92C02343E210C

MD5 11decaea30879c06c4b893a6de2fe914
SHA1 8a17bf07bd9d448c1a06a5fb96c617e315ee6e98
SHA256 19f479d262d8072d7325b1ae6d3b84291e90a2551e4813275751c1353a339549
SHA512 e39b5255e547faa7d065e475f9d508efe822c2a33a0ded638dc0ed0db96ebe8b2ee2611aee0b54a60b35bbb6c560f59d068fe1039954a16540e765c858da8405

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\483C26C5EB9CBA8F8DC58D68D0146414CBD8B1DF

MD5 ea73e8dab63975e3e8e80a24653db958
SHA1 63c7b3d2f6d824379a1a762aadba17fa01cc628f
SHA256 d1f0b5334b1a79114f5b11a6c47e84f65dd484816da11896324d2b742a7f8231
SHA512 46a8ac5c70c1a1c52bdccd782ad68b3a4d06ec39bed1f25acba83d23d97bfacf4b4589fa28b4749737a064e1bc57f7417326f9e0709006ec90550d6275e50a25

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\EF88F186453B218E97E245EF3597B8B0558C6F64

MD5 39c908c87ebfbb3b0a1fce5de4d1b2a1
SHA1 9efac077e1b620a73f30ddebc12ee8b43acae1a0
SHA256 2ba37687c6f3939d27736e5986ecc329dbe85e116fabdd26af95ebd5a3ecd639
SHA512 1e8f117427a2731e23d8cecdfaba841dd4a9f8f2183cd7547445f84eb1a736969a42c2343efea4a1fce701fd0ac9e45321855d27940251f56613b401c9d35220

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\doomed\24909

MD5 7d5b7299804dbc92312ea82b5751a6a0
SHA1 ed401a2e5d2ac4be5921ac277bd1d4a007b02a9c
SHA256 191adc6a8cee5b5fbd5f4bc3eed80f71fd205093292298dcbc4215a4606f03b5
SHA512 5f64e6be88c02569d4a157af27a3b023fc4933b06843327bd91a793739f75a968e1743afda8332dee60a3c0cba61062483b1af2087e3fe4d6e5fd619883c96e9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\doomed\10725

MD5 5f1b1d8babde5eb2278724694940ce59
SHA1 e113925380e37b61d7b24e43238b68790de90627
SHA256 b949fdee11a2a10072e896f47e5324b37e6974809d9ae0c9965cc3f11df60704
SHA512 56f2402f4a58cdf5ccb3b57b83b18180c4dd5f96597015c4bd4b2ce401ab9afceba331a94332265c02b1e2f7fb1899dbab6e3cda16978e6c117443129cd382a2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\sessionstore-backups\recovery.jsonlz4

MD5 5d2e8195ade8414a30d39fc210b709ac
SHA1 a178a0e549164ab1cc67d82d94abf718e024c400
SHA256 22a43d5543aac9082b755af686f22b21109b84006a626149a43930416f81de8e
SHA512 0ec4385466d3af4d3b4148abf4612062937312c2ab1aaa02dd70b4f71ba7b31b33aa6638aac0fa61dfe1539ebfcdc7ef0489c081275d086df70c40d46bbdc6b2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\F38F913EE1194CC3622201D7D030BF55EE9BC9C3

MD5 d90fd8e2cdfafe1b29832a842c391a0b
SHA1 b84268ece6ce01a6277d1599a10dade0154b0072
SHA256 d06cfdb191be1fe2e6cd8b436127c7e76fc7b749244fd73dda4431c760bf52f7
SHA512 39d55ea599ca15275d51b97090f0acfa939029054f7e061adfcfed4f3be4a50b9d9dc862b4c40a87342e2ecc8a3b14402fbf354bae4311454ceaea398f990def

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\doomed\3042

MD5 4bc558b606ff3d94be45124a60dc4a45
SHA1 3c6484960a2b2fc42c6cd7c3afb9a09a5fbb6f78
SHA256 abba06f7aed4a550dc22629a4c15f17620f30477fd1fc3791b205153b772b5ce
SHA512 fa8be219ccdb79215cf592dd83525162e48d9df0bf9cf105cad88cc7adcb7f467c8fab5b2ad33d981cd4a8110e30e6d37c9f40a087bdb855f2cde028f37d6a2e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\doomed\26272

MD5 fbf8b136172386e3b0ed172e9472b1a9
SHA1 c26bae878328d24b518aa28a3c7bf9608614d9ec
SHA256 99bb737610b11323d2cb1ea3a7c7ed7346f80a14b43c7756f9b7bf910a9540b7
SHA512 5d724f84c59682443148b8a5c3c00bd86618473f62204e7f81ff8694656e712044cda73c8c9f8ecef03d83016419f77dd21465004247490c6f7cf30be10c7a54

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\sessionstore-backups\recovery.jsonlz4

MD5 80ea7adc3a5d05cbc0992458e2e3e883
SHA1 16aa6d26d32409f95a997634fd9683f88bacee96
SHA256 97ca19362ec44fa8a478312280c61bc2794d5edc04cff71d7e1b562eaaf13c77
SHA512 d72398e6263203f2756e2bb3b524649091ac5aff2bd94c801f81871452f2717c576b44d69d921712703e735340f0854c7342d9de354aba8d3d15a077ab919606

C:\Users\Admin\Downloads\DCRat.WhHrwfz5.rar.part

MD5 d84892658a18ef2019f768c68177947e
SHA1 b43c3064987dcb9d9e58f836cc8dd3d26d6a256b
SHA256 679074f18f3943aea36d569e9c7f30b480da32002cf9ee3b1e187ce5cc04672b
SHA512 0a87ab7bf726f608236d796bbb9fb789a524c2cda83087c51c56055f1c3ec275264d0d0cf721a57e6daeb10b99003f7eb00a94b27172665702548340980df884

memory/2808-1578-0x0000000003CC0000-0x0000000003CD0000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\sessionstore-backups\recovery.jsonlz4

MD5 416148a12e2fcba8c1c2c0ce0266cb67
SHA1 a0db55a88fb20ee7ae7e2a4c5dd1d986184bb26e
SHA256 7f756a02fe6ed79649e59ea55dba84458e369daf9b4aa840e4876d992b12a36b
SHA512 32b54f6b02f4d5414f7a2ec6480a9991ab0f49d23b26ccd48feb9688361dbfe70138f4b5f16af54fcfa17f2f349810067c0bfe2058e2871b09e7d92fb20ad170

C:\Users\Admin\Downloads\DCRat.rar

MD5 c2ace8ac6e4acba9a5a4bf20b11f5c1a
SHA1 57b90e157ef47c3f9bc637e388859d0136f22c1f
SHA256 b6d61b7a6991292dc41fe5e9797f54b3397a2663a154183e9adfeb1999db66b7
SHA512 a0c3fbbc5bc9e2c075181031772550fb062b5e2876ad10d61edd279c74762758f3571ef00996c76f883ef5ac1db325260fa9a96fb21731459489cbaa3955f596

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\doomed\9448

MD5 d806a5b59a68c7f2e4dc3c456d1e5070
SHA1 13c51fd4144bbee053e40b405e40e756c7ae87b4
SHA256 cf1ecf40be0d2e46cc28e615622a920458009605a1e5634411ba3c2334472b81
SHA512 6e75323d147bdc837745e77b3f431b17ddc1dd90c290bcfd4c410aaeb39788585d36b232c8ae00b33e8305ebbfca069e8b817358a60bda9a251abff5ea693cc2

C:\Users\Admin\Desktop\DCRat\dcrat_updservice.exe

MD5 2ebba84c4bbe13fdc53c9082918d5969
SHA1 fc95a94f45468593d1d85544e1928401484256cf
SHA256 1a232abb03338036811688110b5a6d85b4a7c3fbf83a059db8aa8ed7d6d57e70
SHA512 29b248bf1b88e0798669fa9aa3bfbe37479a7d5f63c0c70a5d732cf20490c9ab69b811a56a802e223ff769f419f8accb01d7e50b728913e171efd8ea7fcc69b6

C:\Users\Admin\Desktop\DCRat\Bypass_license.bat

MD5 09b6a88df7acf3abf502d14080b19cbe
SHA1 aa4f2abafeed57902c79567d01b0ec1a2de61838
SHA256 3b5a5f8cbbab77312ce55d1dd8599b24ea660fcec42c4af8760987ae1ecddfe5
SHA512 fe17f417b7c727b0bf16d4eed3a47229dd01961948ef11322669f64f8c43fb35601752269bbad961de8e29fd2b9f6134ba7f1ddf3e4262b9320f56805ef6a692

C:\Users\Admin\Desktop\DCRat\DCRat.exe

MD5 7044c6ebff03d70a3caf0d07b66a6fd0
SHA1 5ba520de22cc71b4d260c63724ec9786005a2c75
SHA256 181fdc378c5f5af1b1741e92d27a596bbca97cc99c08d0c4b17dfdb0067e0787
SHA512 fa8856f7d4a34271ff82b268404310dc23ae84db09e178210fc08e5927a413d1fa0c31cbe3b9a3c2fe69413f8299ac06d56979f183edbb69af7eea9700033b0c

C:\Users\Admin\Desktop\DCRat\updatelauncher.bat

MD5 1a6fbac1fe1c64769c3023fcf63ec7c0
SHA1 7de57187d96221c83af29b50bb5cfed7ff8aca4a
SHA256 f80ea6a1125249adc6307291c4a1488e40da39ec9cc0b657abb3d1b7b1e8a02b
SHA512 4287ec23984c198c19b07ff250f237ed15e204c2d77cc025e04fde61e4771f038a4c40f01d944c59d512e60fe17b00df86fd0d36a7a8a4ad70d26fd16648d970

memory/236-1709-0x0000000000400000-0x0000000000E1F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\dcratk.exe

MD5 b194d8696148674161725b46de461f43
SHA1 02a575606ac11d8a201486159ba64960385c2601
SHA256 e54295f759ab4df75c9e17eec0749a9e7b443104988d6381f45d2ef44089aeee
SHA512 348604efefc95d09a3dac8659ddeb35f305c373b81ef50219d95e7b75e035da05d265059f21e3f22a8de40cf0b284ca7efb8d72caf548842a837e450f4e10ec9

\Users\Admin\AppData\Local\Temp\DCRat.exe

MD5 7a05ec5a3a37e362ade5f9a4a7fec0e5
SHA1 1d6efe18d1b9cdbf0e4c3199552f5d9d73b062e1
SHA256 815a3656197b6e9641634aad2ff5dc74502b0bdd63316404712490ef6f2219cc
SHA512 9df7be9b9eb3c99cdb09009e653237e823bef7af79b8bff1c6dafa09c6d9d71718eb109bf02b8f06867e5e69c101cc970b9f6b4e0da464202fae37c4e895a7c6

memory/1048-1728-0x0000000000A80000-0x0000000001128000-memory.dmp

\Users\Admin\AppData\Local\Temp\ChromeHandler.exe

MD5 6c9bd47fa6acff188089ce73c6abc620
SHA1 8f382e81452d0da280d71800494dbc152a8e0e13
SHA256 6c6455986d89db0472b0fc6362389baa40c91cc77194af1ab834edd094ccc787
SHA512 bd417614c9826858c9f8ec403bd6c7ca6e1549642e3e76a206f9da1acfdd80fbc4a5ab977a7af5b3e3a8643f42c4cec9bb5239651c6039c01264b73317f7ee29

memory/3508-1742-0x0000000001250000-0x0000000001472000-memory.dmp

memory/3508-1743-0x00000000002C0000-0x00000000002CE000-memory.dmp

memory/3524-1744-0x0000000000400000-0x000000000041F000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\2DN2P4IR\www.java[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6XUZ2JLF\favicon[1].ico

MD5 8e39f067cc4f41898ef342843171d58a
SHA1 ab19e81ce8ccb35b81bf2600d85c659e78e5c880
SHA256 872bad18b566b0833d6b496477daab46763cf8bdec342d34ac310c3ac045cefd
SHA512 47cd7f4ce8fcf0fc56b6ffe50450c8c5f71e3c379ecfcfd488d904d85ed90b4a8dafa335d0e9ca92e85b02b7111c9d75205d12073253eed681868e2a46c64890

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\ivwlua0\imagestore.dat

MD5 01136e081d24bd4d14b083437289a2c1
SHA1 8aebaac36f2baaef1e143589722347ab35320556
SHA256 f1f1544609c3e14dfcce2081f2f83a77dd9a86e54c1d659ef274e82f1da9521d
SHA512 54bdcbba42323f2b503b9b3058f46a44917c345055514fc54292b271d25c3259f3a87d287a7d7f34136518091ab27ec7ba8ab1b233c3d8f5a66342bc68e323f3

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\2DN2P4IR\www.java[1].xml

MD5 274d92756f2478b024104d091f82280c
SHA1 2ae0af262104779b0499fcb6e692d93091600f91
SHA256 5c9b4cf878fa9ab2e1b266bb973b66ed6dde18d0f82c62d110de7a64fa2d7031
SHA512 c24ca2981f3dc32c2847fda55b8a439f383374f303e1f3e635bcf6f734cdf1cef7cef6b54aaa1825cb4412b80d474dc9a3728ee093cfc4588968bb981f92fca1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7015a05fb53f71a228a79059ff26b998
SHA1 d4b048c083683016c71305fa502a3833423e10f3
SHA256 8b5d67baa45b8ea29e447dadd21ec523cd50c96f8841d24dda3a70227a435c99
SHA512 750e39b3d4e6cfb243b6e246414200508568836d5e77855f48676985f28631d602f3e2517eca27dff86425b1e8cfef2d5affff2e3827940da0e03951573847a7

C:\Users\Admin\AppData\Local\Temp\Cab658.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar65B.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a59335b5d6e066ce4785b8e21ad30fa6
SHA1 00ac1bbad1ed8a89badc7aff72d414a34bfa267e
SHA256 a71d870c7d34d0886347aa4c7b1431f8beaf4994c305246049c80c7200133785
SHA512 1d20a2354b2133b2b8b49d7d80dbafb7ad43ffbb6b010c3b59526a01e13485c6645ddc5450f5d712b080479cbc0dd4abec94184aa50d624148dcc945a78d455b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b0cf9863f8166a23cbd393d2036cff9e
SHA1 2bd3582bbb44df90728db763063cf85bd452d566
SHA256 47c5baa96e579274ecddbda4f1981da35fb2f11136dd2d67707368bf84b1aba7
SHA512 1d850e5bac1869030ef5ccf1be0383a90f202b27d347a33033a9952aa9cae1a9de9a8399c43bc8b3f799a0e2789ca0ce74398aa2f063506d74527523486e88a1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0a6e3ec61dc4476cb2b50a04bc8ea69c
SHA1 a7545a6d1634f834502c3e481a1bfdfffdef1124
SHA256 b8edb29ae17f711a3c967eb3b0264dae818095d36f9acf707e39f4aa7f8be41a
SHA512 08ef57976087c3f1b477238e709a0f1fe653de7ec3f296fce72ff9611acc30a674768da5985ce0909616c068d28898d1e63902861b36cf208ae8df41241337aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7b2b75640ce161ab538b3e1d9f328e33
SHA1 ccb97e8582719af95c321903c2723cc6717485e7
SHA256 b3b5c8896765ed7c3b0b0cd09f6102d05e0e9915f04b1e03c21177fa39cedf63
SHA512 851743dd62845ca70eb1e2d0cd28bc8980d8c3e6b2ee903045f9905609bebc1c69c0f51a9a3e6b6f847103f8820b4f2c0c81ef769523bf3b865eeefc05b6e85d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9150b54e80be3c3640334ea82f079698
SHA1 5f7d379841a5015f4cf55d3f11aaa7d70adcea1e
SHA256 976c2bc61bdc7cd241c45f0281990728d7356653a3493265f910706c55e3c46e
SHA512 a2c762f4ba90a666f2e90e93ea134196f4b7114b654bdc7d32522af0edb6c17bb6980e87cf4ed56728d24489d7c7e4785d97152e79032cd3ed9e4fdf56e5d1da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c8183423116023d062fed694c3a0a641
SHA1 04042e7ed0234e95f7b5eed230ee86534ef9b3a9
SHA256 ff9e5dbdaaa195dfce9b4134ca8d90afd2df4c3c6e6478ec95d2cdc196b6a244
SHA512 66062fe6e7a80b30eebc86afe6fa834221022853b4715c6d39bbd89921fd888b95d9fca13cc2c34a4b0d7096c6b0d1fa86b3222f7bf775861f2a78b4498a29b9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 79be1c815949fb357935593e3c25e091
SHA1 a25adf1120f65ef51d1fa1c61f5dea8a32080472
SHA256 ce2ab8624ca83b84d6efb376716300a8dfcbf6893e029e82229d237d43f59893
SHA512 fe61532ab3db07d4e53644a0e49eef0c99018b6c67ed4363a46d9ee73d3a60effc6c8e5e4a0aa3e8d2d139eed1ca5e1e66c1022c1167afcf614ff42ca052baf7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d97d2b29c6c2d27f9333ffd62b50658f
SHA1 ae3441090780e8084d40fe185b3a49519622df15
SHA256 483372d0037ce2ec7c9ffc5f828c7be4c92d26dd6171a608189558cd510d8d7d
SHA512 a8cedc61b0a9fc86b3b97052d32deb9d898ab2cd7c907b4f57f0e15f955009ee878bd98c51a3d3b9c4d93e74dfcd09ba97402befd7c7a57d1ee86e0543f66018

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c53228b4ca5ed1052299b3695e81bcd0
SHA1 303d38d2a480c0675c704d3ba2bb884e082a971a
SHA256 51256f63b0fe7f374fbe3d5edd028c659bedb222942c0bd9e9c68330f895f21d
SHA512 4ccc7df8f0582a865f36a1604b74974d8114398c5385d5988ac006845664a830c244837826d31f2a816b627eba339108c023d3cd05daeca2dc867d2030d9e96b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\doomed\27840

MD5 ff3a6a12d50102b7457a5f0f3f3b1184
SHA1 d79fc34f58a7ff84127b0ebe1673d2aca5256814
SHA256 adc26aaed3f221096efb3fe3105b01f1975a47966c6d30bec06757edfc8cf75b
SHA512 87d940215a805aa38a92e29fc15f39288af3a38e4e48f8d5121e95ae83ad1d5b99753e6bc00a5b92ffa0ff3621e9c5fb01d58d6262fa26d44ada17ff1fb3000e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\ECD272A5F52757D5E1AD97BC2FE8337A1F515650

MD5 e7e5a0174c8cd14c6bc9dfcb7cdd9789
SHA1 4c79b215c7ef39b8621781bcab7115f1ec4c26f2
SHA256 6deb3d89b7247561866d3c94c5624b055bd9ba208a8d1e02f30289f8002ae15c
SHA512 6f8072f74ec5a51a13851e842d475739d9298915fb9701074822be02af174e82845ce2726f80628fdd412cdccbac119c58eaa8534f1b88d9be73a38c091d3d6b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\doomed\10537

MD5 4b43ceb18d8a531237b56ad94a7abb6a
SHA1 1938030c52bd4971b1a7cf2a3994e6dcb2e85ceb
SHA256 f484a00a9d78b21199962b2c53dbe45cbe0b6f16dc0a44bfb0c09642f1685489
SHA512 f5a7143de5777bb51db11a028fc5bdc47f24b8e9ba8e715463193b3fb585168378f912a629acdb8b6c810b50bfbe4c6695bfdff20c3d2f564cb252f9ea2123b3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\B9323F3A53BF13F264456FCE1F8120373FAB7F15

MD5 5fe0433f177ba39717fceb0a61607ffd
SHA1 8ffd9ed835a73659b93259abdc7a0d80c64cfd56
SHA256 55f6f760026f7fcdd6c46b4b0e9a6d475f3a477447d11070179c964b7fe5aa1e
SHA512 470ff5a9c86286b426133847b1c7072eea070faffcd2f4f3111224cb189c2937a8bc10c8d99cfc982141821b908318786a52f6e091b70a418df6023c9e0ae94b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\DC9D9F0C28D6EBD1ADC348DC29248B1D4BA307F3

MD5 07f81e0e9945b1177ba178a2d506b673
SHA1 8cc6f41e9e54fafebf4b14aeeedca968de6c25f5
SHA256 b1e6a7158de5f1a0e490e88bffd509614e71056a3009552cfbee0c495df31e81
SHA512 b44d2eae1b299ec12aa774eff4f0df9808f18afc5027b48e5ca5489918a5ea1a78ef3c988f566bd85ca1be68631f4676b09b1841a9569efae4d436bb48976cac

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\B8953C9CE846AEF79A17A09C295C86EA92208F3D

MD5 e30743520a09a66a299323efca008b69
SHA1 ec3ae2da7dd4c71887f189eed2295ad7cbc45c38
SHA256 e6faa9442a53589880424eb7c606a56d78cc7d5d75efb6ef9d61954a3407b658
SHA512 ac54e5a270a0193b31bd6cd21298c56131b6f753b45afd4eda60080edfa7c6b4629aec4714f72deeeaa78a684eb2f38b2ba4b4b6a30052bc5a0acf309d6aa9a0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\3AE8A7630FA301F782F91C341869CFEB9C2E9519

MD5 af5cb85561d3e6470062b35f155d89b3
SHA1 a0899101fb289e775aef4720e059885bcd9a8e0b
SHA256 75d8226a64e04b1814a7a016d2272c810d1650027a654d8483dbb445836005aa
SHA512 c333f46f6e2b5aa90ac3b548f682b896434b49a3bee518e20a0de8f235975398b26d66fa0902d5371fd77b389715141681b0910416c9492c055cdf3877a94a4b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\5524427E76785200FACC0DF8A5808E07217D7E24

MD5 001e295adc0984db5bb350b8007a480b
SHA1 58adf6a0b0b01b8587b0d9f8519cde867aa83347
SHA256 5bf6887c3e8d8bbf1f24f60d48ec7c9147c6c4504e190f97c307bf8492c88c6f
SHA512 74baba6f215c3603cc5b9f2dc0e0f797528918f6e371f8fb0c70df548d64a0fa0f38fb0a67d059d974c3a5c1277323e4a058c8ee95f880260efb035963e0fba7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\6171C3DCD3501947A8FD700724EF6121B8CDBFBC

MD5 bbff1671ad9827454ba2beaa700a04c9
SHA1 0a17d676f411a476906def11f21d30f958b43684
SHA256 34e2a96fda1f75207335189f54b9562546a6333f9cdde40bb468abf5df51d421
SHA512 b10a891812832f711c1ca9f4e4591dd56037bf4586ca92292f10e518e58fbdbcd331bc895b5aedaa205fc27692f058b7d60f6a5bcb6b6814b5439cec61024747

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\2A2858AF962DFDD41C4223B7B9B1890D806D7FFB

MD5 04df7d8bd7c96425b033616c7960e76a
SHA1 e406cce85fe92e71e48ac4c03958ffd3ad3a1d91
SHA256 345ed02d3943dcddc05ab1b9abf7c5acc9605730ee06cb5545987aefde738571
SHA512 6e812c8c969fc625748647102966e76cb54cd8c7be204590f50576dcd3718d5b03ec57c35c4c1e900958cd84b4bd8628a21247989a87c7fb3dddffde27b6325b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\doomed\6071

MD5 d3568d1381445a35c821cc3ba38e8376
SHA1 e496643ffa94c614f8bca72a3e9c907cd50c899f
SHA256 6a5af7343d65a2d498d75c355e99d604f30278ffafc51ed1648bd9d27bb809b6
SHA512 37281d0e84d57723ffd5861e5accb1deb00d320c606d04167bb87e098183ac63ab134a514ed18ed0401401270bcf523db3be9879d63e253aaa51b6570dc13d06

C:\Users\Admin\AppData\Local\Temp\~DFA6BFE3D62D48E49D.TMP

MD5 4ffff93e3591bdbdeea4136bfe0a55fd
SHA1 288b7adee5988bc1fa9a0da2273279841ef9b516
SHA256 985744b0beddcb6cc93cd55db19cb8d041db74a0831b2da8026f95997f310a95
SHA512 55f8d2e805414df36012efe87d2c6cc1522321066e1eb8101cd881018bcc84f2058256c46d5fdded6444dc4a0ffafa92cf772cb798b89ebc2a0fab2fc8295a5a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\sessionstore-backups\recovery.jsonlz4

MD5 73d6476b11c83f2d4fafebae78fa8386
SHA1 ac67e4710fc73e27d766e0dbe597e19c470201a0
SHA256 0972ae3ad6b437c8827d99276100f9b357dd6471aa0978b30e987ac88539cd25
SHA512 a6df218156a1253994e0bc4946895c365a6742185f60080a680c435ff91c4f2651712d2ae274aca6eb5641fc6f564b6b6996e97a4fb5892b0938a8030c4dd947

C:\Users\Admin\Downloads\JavaSetup8u411.roSpW3Vr.exe.part

MD5 545578bd641292e52232d924d4c0668e
SHA1 9a6450494574cbd0220cd8d4520840b9bde1827b
SHA256 caddd9cf1c9178fe75567c2e0895cccdcf6d6e1c2e239d01ac26f2df6d5d47f9
SHA512 8407e0a80d9f7c12e7765913ff9e4ef5747784cdd4d1e6d94fc025352bcd1a76a49dafd3226d7a3cc144bd1f1be0c51a1d56dd2c44ad0a3765a8c7688a7b4b4e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d05bdb4dffa5904d3ccd9d9e70211447
SHA1 e503846172866884e50678c063032e09bcbc6d6d
SHA256 db14cb797ce2f80aebb987f4b54b133737fcdf7c0a1acf6191f4e2c21f38a64b
SHA512 1f61ef956d6ffa34f66f23292ce5a009785dbe2995ce96325ff754717860ec226bd26dcb23ba7dcdda17ee4f464581095d7f9c7fc99848dbc6f1d8bb52d67c60

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 770d34a92fad3ab2ae306782de978b3e
SHA1 149221a8a984888650ce0b803082cdea16e14c55
SHA256 564806f20914ef51af8c4b25848620c0927f1ec5c8ecdd792f718e9ffaf8dd4a
SHA512 a05cc8b568c2d43fcd8c9729f07e01061af35bb63de86ff86f8d84a6ed71172f35f255f5163e064eabc627da09826696202f370e5ec9436742d8098bbe1f9958

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\sessionstore.jsonlz4

MD5 42be6cb62a4d87e3038889093dbed87e
SHA1 013f894baea39475e8d20c872a796c8b0704e585
SHA256 9ca75f061fc10badef0d899886ee0477e12132713d202109ba7d8adfad007b21
SHA512 02307cba920221b3e3aa6a40e381d235842dfb1d94ce437f33ffe37055571681577fb623a518ae59d9c1023b28870acda93babbf39f4090fdec225ad9bc829f0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\prefs-1.js

MD5 ba14e14d90b850a166f969a6d9ff3f7b
SHA1 8730019c88b3f54506dc81cd393611ca82b9907d
SHA256 305b5687233198e631f7844256041377d39d1ed6d9b324daf21c99f47fc0645f
SHA512 c88706bf98b0441c73dac1aeca9a4085570c34a9f28752ebff3119ef4b5e8189e21fa7fa260a4800d6c22aadf180325908cf1cd3fd05b4c491c21a790c458db7

C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_411\au.msi

MD5 647fa109799f37acab9cce273c1d9c56
SHA1 a0eea46f8887798af81bbeea114202fac086018b
SHA256 22a29c36524ad403e0af94b39920ac93b75576bf95fc741f66ea03ce4830612b
SHA512 89cee892d5c6e1d2a9d24f94910de88949c5a886223566b727e30b4668cc59bcca79e7cf77fc6a18065cf5add6b4e04a9543ea0f8f892cd96e54bcfed7c0ce75

C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_411\LZMA_EXE

MD5 3842c46f2fbc7522ef625f1833530804
SHA1 3615c072ad5bdadba5e5e22e75eefaf7def92312
SHA256 17cb7cf185355b60d6ed5138a86c78b9fd5a7d6d3c0dd90f2224246e823166e7
SHA512 9adbeb491f18c3009c51fbc9c140d4287cafe53b2fe9e8280513a5dc7bb8bbbfb5aeed00b2c0f7901a6f9f4d5a7b1ad3bbd81e87d202c7094036d5f6c4b53c3e

memory/3048-3270-0x0000000000D70000-0x0000000001418000-memory.dmp

C:\Windows\Installer\MSIB9B2.tmp

MD5 b51fc101d2cfd384f0d06622cd88553d
SHA1 8c8682a814c031fe2b461fd1261b880a69c8668c
SHA256 31d5021494e6aa08b186967a8ba872ba020010fca04ce0b84ac7c271cba9c6ef
SHA512 5c73fdd24eec7e419a98308ff02ff4ee327b0bed7c95ae52958a449284cd57a979947529a8aaff4def9e336385823c174bddf00c91d7c5ca4621f6147df31621

memory/2192-3805-0x0000000000110000-0x0000000000111000-memory.dmp

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Reference Documentation.lnk

MD5 b5e1de7d05841796c6d96dfe5b8b338c
SHA1 c7c64e5b35d0cca1a5c98a1c68e1e5d4c8b72547
SHA256 062cb9dec2b2ce02c633fc442d1a23e910e602548a54a54c8310b0dde9ae074d
SHA512 963a89b04f34bc00fea5b8e0f9648596c428beac2db30d8b0932974b15c0eb90b7c801ba6fa1082ea9d133258f393ae27e61f27fd3b3951f5c2e4b8c6a212c2d

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url

MD5 64a340bbad2f9ce90f8ab2fdb2ef62fa
SHA1 4681841549531121667fba84f2bf59d59f4803bc
SHA256 8238413052fc85c62f25bfb01e14a18b43d93dc1dd269c95538e209c22fb795d
SHA512 1c5a1e101287569db207dcfbfd5a0d479aba7fc7e0c03647fcc80249480972340cbf0c059ccdf889d2c1402117639a1b265bd1650d3228fdd96c963739510e89

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url

MD5 7906fe48961da49fcba105fa5c784894
SHA1 3e5c382735677e85955d81f667c5cba7f89d726a
SHA256 83c24435b0692eaf88b9a9fec945638e58609ca3073ef818c39047126c431f97
SHA512 d2bacf246f64619820fc233cd67c984f73901fedc5912a79c9c20cbd3556f05df8e9af7faeef995617302270bfb9bfcaa107e5655ad9041e60d5f0618b16e325

memory/3504-4017-0x0000000000400000-0x000000000041F000-memory.dmp

memory/3424-4036-0x0000000000180000-0x0000000000181000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\2DN2P4IR\www.java[1].xml

MD5 de20ebb8cb7762c88d65cff389876283
SHA1 832d926ba1cd888f72c0a72a232a092a5a6204e4
SHA256 dc287b44e6dda95a4640147dd61151d80d015b085911587040a3263a40e92b75
SHA512 f60de997a357ddbd2ccfd3f82096f71264a7845a403bdcc0b6ff71746bc59708b595004dd7ab2d381f3d6f66357bf3fa3b71f5479ec4ee88c7094c2b8668103b

memory/3424-4068-0x0000000000180000-0x0000000000181000-memory.dmp

memory/3424-4099-0x0000000000180000-0x0000000000181000-memory.dmp

memory/1648-4141-0x00000000002A0000-0x00000000002A1000-memory.dmp

memory/1648-4145-0x00000000002A0000-0x00000000002A1000-memory.dmp

memory/1648-4156-0x00000000002A0000-0x00000000002A1000-memory.dmp

memory/1648-4162-0x00000000002A0000-0x00000000002A1000-memory.dmp

C:\Config.Msi\f7db733.rbs

MD5 1147e43ae57ddbf1ef4be24dc66063fe
SHA1 0323e3fe438c8ae7d14396ff31c55da92cb58643
SHA256 75a084eda87b3efd4c2e803b2b9cdf251f9e2ad6801e3a8b88f748e6fbc27f0e
SHA512 895945e1c41a552415fe8b0126f55b7b05f45f071c65b8164d5a624229d75e8b4a6e84670088e663a96c15a9060cb80a7ed0e7826ef05b2d17b24769dc7d158c

C:\Config.Msi\f7db739.rbs

MD5 ddc10a68e4ce9a9f1ba9d9dbfbde9770
SHA1 de1acd115bc6316bb932dbce2f132c39a7fdd8ed
SHA256 d869f9a1c2111b0ab0c8b63c7131e1159437f34c763e372c673da19972996b0d
SHA512 fc4e6dc15250f48b5752bd0cb7e89b254ec7370cfd85e753fd74f86f50730735423f75b61a61ae03afe8ec78993a12f0bd0aab39a13e041de598e2fe30249664

C:\Windows\Installer\f7db735.msi

MD5 8f385443f919d2358b4015fb3ade1759
SHA1 f54fcb93739adb1ec932c3eca678f251ca184542
SHA256 119763ee9dcb7c6787b0b8196d888896ac2ee27a0d6a3a91eef86b67da2525c7
SHA512 ee9c48c88682c71ac9e40015594b0872800e92fd3c35a94ffa1e2d93d16d9ade44cae188fc98b1668234444eb4f6a9b302a7099659b6c107e44d68395a7185d3

memory/2008-4235-0x0000000001160000-0x0000000001382000-memory.dmp

C:\Windows\Installer\MSI4767.tmp

MD5 16cae7c3dce97c9ab1c1519383109141
SHA1 10e29384e2df609caea7a3ce9f63724b1c248479
SHA256 8acd0117c92da6b67baf5c1ae8a81adf47e5db4c2f58d3e197850a81a555d2c2
SHA512 5b8b803ddabbb46a8ae5f012f3b5adbbd8eb7d7edbd324095011e385e1e94b2c5e20a28f6c0b8dd89b8789106c02d41916e70e090fbc63edd845d75c6f210e69

C:\Users\Admin\AppData\Local\Temp\java_install_reg.log

MD5 515c45d9da4c615f7aa931fe67941121
SHA1 71582470022487dc37cbcae8395bf9614ee8b365
SHA256 251c6dcbaff7129aba535ab84bba4e4828f2eacee8172d6b07acb4db2714c6c9
SHA512 587c416a401848ee7306a26c8a3100f778e71ccf1cbccdb04be9b405f85201120c2a1aac7551d6d119153d52b464eace7bf78fd4b0a81b8952700d30cb44f06f

C:\Config.Msi\f7db73e.rbs

MD5 351c0e98ba647c8d347498ef9728ca92
SHA1 699506c26975a8e3f3400244be4e2c220a0302e7
SHA256 7232c54cf46b41398504658584d103382fb80a26205fdabcb025e1ce0285d4e7
SHA512 3abf61f62cb8b57c9a5bd004a03f4a4786558eaee1289916fe99624e13b0cc1d67902bf1516bc612b5ca793b9ae96daa092918c213f708c70b5d16798996f361

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0E1IWGZ4\rtutils[1]

MD5 c0a4cebb2c15be8262bf11de37606e07
SHA1 cafc2ccb797df31eecd3ae7abd396567de8e736d
SHA256 7da9aa32aa10b69f34b9d3602a3b8a15eb7c03957512714392f12458726ac5f1
SHA512 cc68f4bc22601430a77258c1d7e18d6366b6bf8f707d31933698b2008092ba5348c33fa8b03e18c4c707abf20ce3cbcb755226dc6489d2b19833809c98a11c74

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WHDSWW5V\layout[1]

MD5 cc86b13a186fa96dfc6480a8024d2275
SHA1 d892a7f06dc12a0f2996cc094e0730fe14caf51a
SHA256 fab91ced243da62ec1d938503fa989462374df470be38707fbf59f73715af058
SHA512 0e3e4c9755aa8377e00fc9998faab0cd839dfa9f88ce4f4a46d8b5aaf7a33e59e26dbf55e9e7d1f8ef325d43302c68c44216adb565913d30818c159a182120fc

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6XUZ2JLF\l10n[1]

MD5 1fd5111b757493a27e697d57b351bb56
SHA1 9ca81a74fa5c960f4e8b3ad8a0e1ec9f55237711
SHA256 85bbec802e8624e7081abeae4f30bd98d9a9df6574bd01fe5251047e8fdaf59f
SHA512 80f532e4671d685fa8360ef47a09efcb3342bcfcf929170275465f9800bfbfffc35728a1ba496d4c04a1fdefb2776af02262c3774f83fea289585a5296d560b0

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WHDSWW5V\host[1]

MD5 a752a4469ac0d91dd2cb1b766ba157de
SHA1 724ae6b6d6063306cc53b6ad07be6f88eaffbab3
SHA256 1e67043252582aea0e042f5a7be4a849b7cd01b133a489c3b2e67c10ade086f3
SHA512 abc2899705a23f15862acf3d407b700bb91c545722c02c7429745ab7f722507285c62614dcb87ea846f88fc0779345cb2e22dc3ad5f8113f6907821505be2c02

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YW15VCHK\runtime[1]

MD5 6e6e469c5ed4affb81a100ee020b1fa2
SHA1 49f4a21107de2ae473e2f618af0276ffa695ab77
SHA256 2c35fb17c7c962bdc159a12ad43ed39c73a2562cc46dc9f00e22f7f333b75226
SHA512 960d7a8f7687a72d2fc075620a373b3ac3622d7ddcfe6641e03cfc88d2bdc3a1d09e1ab6b3ad0bbbb7f4756fbc4c5a879eee8e2cfcaac6b23d4ca402519cd604

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YW15VCHK\common[1]

MD5 f5bb484d82e7842a602337e34d11a8f6
SHA1 09ea1dee4b7c969771e97991c8f5826de637716f
SHA256 219108bfef63f97562c4532681b03675c9e698c5ae495205853dbcbfd93faf1a
SHA512 a23cc05b94842e1f3a53c2ea8a0b78061649e0a97fcd51c8673b2bcb6de80162c841e9fdde212d3dfd453933df2362dcb237fe629f802bafaa144e33ca78b978

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6XUZ2JLF\masthead_fill[1]

MD5 91a7b390315635f033459904671c196d
SHA1 b996e96492a01e1b26eb62c17212e19f22b865f3
SHA256 155d2a08198237a22ed23dbb6babbd87a0d4f96ffdc73e0119ab14e5dd3b7e00
SHA512 b3c8b6f86ecf45408ac6b6387ee2c1545115ba79771714c4dd4bbe98f41f7034eae0257ec43c880c2ee88c44e8fc48c775c5bb4fd48666a9a27a8f8ac6bcfdcb

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WHDSWW5V\masthead_left[1]

MD5 b663555027df2f807752987f002e52e7
SHA1 aef83d89f9c712a1cbf6f1cd98869822b73d08a6
SHA256 0ce32c034dfb7a635a7f6e8152666def16d860b6c631369013a0f34af9d17879
SHA512 b104ed3327fed172501c5aa990357b44e3b31bb75373fb8a4ea6470ee6a72e345c9dc4bcf46a1983c81adb567979e6e8e6517d943eb204c3f7fac559cd17c451

memory/2500-4416-0x000007FEF5740000-0x000007FEF5774000-memory.dmp

memory/2500-4415-0x000000013F410000-0x000000013F508000-memory.dmp

memory/2500-4417-0x000007FEF4530000-0x000007FEF47E6000-memory.dmp

memory/2500-4418-0x000007FEF3350000-0x000007FEF4400000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\JavaDeployReg.log

MD5 5d417f841991b24aee1edf6a5930dcbf
SHA1 d21efbde725da8ff857731d676342b0913e91e64
SHA256 7e06671b94d0850d351bf0282b22f7c411b6e620dcf0e2c7e2d74d23d7d18486
SHA512 fb2534b1d5d129737e66ed8b97b578c61131f0d50708a00c7cdf362021cb3fe0c48ed03a79dd861abdf9995608b4db58df96738c229090b663d89c8a167cb34a

memory/2184-4544-0x00000000002E0000-0x0000000000988000-memory.dmp

memory/2560-4546-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2368-4575-0x0000000000200000-0x0000000000201000-memory.dmp

memory/3704-4581-0x0000000000100000-0x0000000000322000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\sessionCheckpoints.json.tmp

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\sessionCheckpoints.json.tmp

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\datareporting\glean\pending_pings\22e32aad-ea69-4bb4-9a65-dcaf78a301ec

MD5 1fc0404557588db22fd31f74d4aab3c1
SHA1 6c08ecf21fbe735da8f10a7c11dd1059f8c3162e
SHA256 aaa8e9957a51dcbea60d24f432b21ef15951b2c8a12d272ba0d432cd08f60715
SHA512 e62a96c26840ba41a2ef3c6c71c373ed3f67454869b10c29975930482c9175620b4c4ba4e06a3066014cdca4e5f25e62e80deec5ca3ccc8fc3f2585ad940fe80

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\datareporting\glean\db\data.safe.bin

MD5 8e704031de9557fb7224805fb698dc52
SHA1 718838638c57ba48a57149d63b193fd104951cd3
SHA256 d8db82217453bf9f18f7d64dc287e2f5a07f664f590a782df0f8c7afa49e1bfc
SHA512 254a826bbd1c19683a6c8052f0b12677b80af4fc55fc89ddb41f68b4bfdd27441cb2e0241633f043c5e6b10ed32e5fc7f909a3ad5fcd7c634a42e813f8fc1dcd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\datareporting\glean\db\data.safe.bin

MD5 55fe40b99c80dd7790d8f7d46dbec22b
SHA1 fe6d88647ec8598f402029042d4d727a0967b0cc
SHA256 364a7d92a4f79893947236044fc4cdaa48a90abbb40d41dd7a91a92769abec5b
SHA512 3f647391bca217f13228b4901f47be5db221722ab2480cf5aaf1b250620e970c406cfb4d8a9ecc8a8b4f60440a4a509d63d41c670a98605b458d7497819d8914

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\datareporting\glean\pending_pings\e136a878-029a-4444-b1be-f536c96ba5fb

MD5 5a8e6112b7a1b3439b83666070fa460f
SHA1 25561dd0cbb9ce967ab0f60a6044a97a55230dda
SHA256 4c22af494fb73f1e13e2d990e539d537c70d52b156da3f7422a0c3693fa7c0eb
SHA512 564291ac2c392a32ede967e74706a698a37d7ba9784333d8e20f7cfdddf9b04543863b22c5859fc79f8e54f649328050f739020fb80ccc502bb727e37ebbde55

memory/2620-4671-0x0000000000C20000-0x00000000012C8000-memory.dmp

memory/3740-4672-0x0000000000400000-0x000000000041F000-memory.dmp

memory/712-4702-0x00000000001D0000-0x00000000001D1000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\sessionstore-backups\recovery.jsonlz4

MD5 9bb5fbdf6cb33d8de3262a0987754510
SHA1 24abf478508d375693b67f4fb971ae856d3af1c5
SHA256 fd3687a92f988c59501a7cf5717c424b49ca1a3b9ad7edfb5746f665088953de
SHA512 ca2f7169c519b960136b559671402d467a20bf3a446de025b54eaf80fdbcf67716f7b4506cefbb5af52c04d697e6e2af6a9f304339e4c7b395174328c7324dbf

memory/3668-4720-0x0000000000400000-0x000000000041F000-memory.dmp

memory/3560-4749-0x00000000001D0000-0x00000000001D1000-memory.dmp

memory/2604-4750-0x0000000000400000-0x0000000000423000-memory.dmp

memory/1432-4781-0x0000000000210000-0x0000000000211000-memory.dmp

memory/1432-4815-0x0000000000440000-0x000000000044A000-memory.dmp

memory/1432-4814-0x0000000000440000-0x000000000044A000-memory.dmp

memory/1432-4819-0x0000000000210000-0x0000000000211000-memory.dmp

memory/1432-4823-0x0000000000210000-0x0000000000211000-memory.dmp

memory/1432-4828-0x0000000000210000-0x0000000000211000-memory.dmp

memory/1432-4836-0x0000000000210000-0x0000000000211000-memory.dmp

memory/1432-4851-0x0000000000210000-0x0000000000211000-memory.dmp

memory/1432-4854-0x0000000000210000-0x0000000000211000-memory.dmp

memory/1432-4860-0x0000000000210000-0x0000000000211000-memory.dmp

memory/3648-4886-0x0000000000CF0000-0x0000000000F12000-memory.dmp

memory/1432-4907-0x0000000000440000-0x000000000044A000-memory.dmp

memory/1432-4910-0x0000000000440000-0x000000000044A000-memory.dmp

memory/1432-4926-0x0000000000440000-0x000000000044A000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\sessionstore-backups\recovery.jsonlz4

MD5 2663ad7747faac59eca3ecd2a6bb5d58
SHA1 1c1a0d2acde59ab8aad9ec2220ed00ac882e2c7f
SHA256 b3c43cbf27f2854492bb5379a1cd9696de9c877dded8039e9338856571ab3c0e
SHA512 984134b54d3a8c81cd4b52ab0f6382c9be47a5a8c345a61810defa24b0e2c90d937ec42c5817a6b310d1c37a8fc86dafe0a0558a308b56aba4572ae843f16767

memory/1284-5101-0x0000000000220000-0x000000000022A000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\crashes\store.json.mozlz4.tmp

MD5 a6338865eb252d0ef8fcf11fa9af3f0d
SHA1 cecdd4c4dcae10c2ffc8eb938121b6231de48cd3
SHA256 078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965
SHA512 d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\sessionstore-backups\recovery.jsonlz4

MD5 e11accadc5bf83cc685941b312b6678a
SHA1 d58973182ffca9a84740c1d72ca0b6e7e97fa8f8
SHA256 e94017decd40069ac36fc619dc45782567a42ecbae36e213fbb2793ed87bffda
SHA512 405b52e015412e6d26b3ede6c2b1d000cc2bd5139438e437029975f3e17e1196b806c3dac3d4743707aedfbfdbc07d31f424f0d01263293a90be31e4845f499e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\3AEF63760941D4C5432F9D74F731D3F2BCF863EF

MD5 7027c9217f1f5cab84a6afd9e0263acd
SHA1 2f0ba15660f21acc7dcdfa0b1141ea715b217772
SHA256 380a055343870e4c4442078c267ffc76f3a4e96db4c8ab4ba3812dd5fd9abde4
SHA512 968ec52e1ef24c24b579828ed35b9a73e12ced422efe0c7ae8a2738aa2c3962c2585cd211f05fa52c199999f42b5f3edf797663988d926c619d361d655706553

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\5E002E42214F04ED6628B23285C90B6543D116A5

MD5 790e631cc9c90f368669ca64c1219fd5
SHA1 aea4fa19d7688230588e4509c118c5ff2056662c
SHA256 a106d0d1a065edd73ee23b50427ba540a7db53cb8fe373e511d25e734a1f3c92
SHA512 97f47cbc8029971e1b9f12ed6eac801c4318e0db340a7a48ffd52535d417fa53a1a620f1412466d8501ac273bcfc248ffaf70fe42292f0f9a5e8fdc649d07d39

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\doomed\1642

MD5 b8ffb4d28665f8bcb437dbbef9016c6f
SHA1 05e7384b6fc32b5fca12c01957f224493e6c74cd
SHA256 adee359483b4e702a8d71ddd5517824167c46ed30351a9d799b18329c660641a
SHA512 e512466e9651259bcb8fe57a8544c645019f36872c637a947a8ab1ed43c735f95d977b51e61777f38ba2e5eef1d7b127d361da32579f5fe7341daf8711be400a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\EBEA533A58093D9FBBA4FAA26034659A47E7857F

MD5 242b272b0edf029d42dd02ff21070aa1
SHA1 3b6efe7372383af48555712901b37589d778ae38
SHA256 c6e80b3a68755083c009e8b3120056f3d3557b8248c5bc2a27fccc2a9fef54ee
SHA512 74b00404a8017a99852923134f55486f5846d5f5028d8100b69f929e3ca8f859e4cbbfbca40ce49170e4032a6fa42a6e779d27d2e377d4564c6f9c143b5a20f0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\1378DC10E5A7261D469798D7A63DE338C9153052

MD5 a1dac517f1275d85c0feffc0f2fd80cb
SHA1 ea713c751ee75a86086994d59fcc9319aed87786
SHA256 7963a4d66f345bbe70e040ec9b96a95726b6125909390e36bdf14f6f72c956d0
SHA512 288e4eb9b3b0b1876564184bbe98f96740da3e42de4ec6975fafe20095ea9af337653111e5007cfdec38a5c1fc1aa73bf9a30ca07c56ab123d1cde75bc8bb0d9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\A0E66EAFF8F66C8816DAD2B46D750D4570C81E75

MD5 75f2e901cf446227d85cba1e423d1f37
SHA1 13011457d4724ada978c5d7e791ca6c6e0c08643
SHA256 bf3ac72d48499aebb999e7ded9ea15dd0855267f6e5b14546df6263c161d01e6
SHA512 52a63792f853475b1b4f29ace69306afcd4e9a0c22705ebf67d731232b11af0afbf8576312828a3bf06e2805fc6a34d840a69cde5282b999b45f0c546290a612

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\1D00739FB9712C012B07C9CB793D0856EB4F382F

MD5 915c3f800f8f61e36bf1910168eb2382
SHA1 67e95fcae1c2e501ab0e0d3126c3f579d1414bfd
SHA256 c6333e5c1191735434d72d2e74ab01bac4b1a2bd2733ab4a878b58446ebc73a2
SHA512 d7debb5b2a3a92d813961cad664d86a91a3c06f8148f3fea4bfa59c6a2f85a5f986264bdc0777118e9ab6ad98c0df7912089af3d3a5a657e979747866e89f07f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\4C205A95923EDA92FD2CCAB54838CCB47370BFED

MD5 158a88dba6be863755cc61bc3bebfdf1
SHA1 e504d30801abc2ca8958c5c9e1dfae15d7ea3504
SHA256 1ec977911169cf253cd56d29257f626f5e15df744215ceb6483d719f55267dcf
SHA512 78f34b817e05d0ca4c7016112d09bd4214e332b4367321ae96a30ee546d78847a6b99ef47153f18d4e06acbeee2ec8442f8f79d8b73cd811c9abc7e84ad744c4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\11814592C0A60C76C45A4D3152808CF58A936E1B

MD5 8f3c6ddf689c4ea8dafc18f9b15f2988
SHA1 b328e1a4a18c8fe780c6d7d595ed80f2d0193187
SHA256 a78108fff7e85c120730d4c32e14efd3c958d25e1a5e7dd1f02795e93fa1f50c
SHA512 7bcb33c2dcced7deda31d9fa753c5bc3fa1471e0d82e8dd5a27842c024a6c7a989d845e185594759a2f2d0f6f4c2243ae5c2f4c428cba63bb888a78e1d4103f6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\914C32E3A583E48AC9A8A42F871B51B54F4A3BFF

MD5 f0c82950f13d4d077b7493c5fe755334
SHA1 d4848ce785866b9f982d0a5af2c9b16dea9ce7ed
SHA256 07d13bf27977906103dbaedf6280caf28ef27f0c9865d8450c73a5fede9876d0
SHA512 6e8ffb641a6c2938cf359a63ae24681d0cea08ef28428a2b28c1b104d09a369e0da2dc77ae16dc3a68e8110b37bb6489310a5315973e6fc8eb67076cdbaa2976

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\1E7D938C1684D821B554028265178E3E57DFB94E

MD5 96eedea93ad8df6b9bcb886604c21965
SHA1 d4d5ab6075cae086cb663dad0351694a4b56daab
SHA256 86fb47c139b70c1ec0cef4614f8abe97bbd11c3a77749a3df020cfb3cd0f1dbb
SHA512 d088ba1c90c23a01ea05fca7660dc1dada9f453867dafc24575913697c77d37f1b3af24f5aaa966efa4877eeb11606055a71de4208e8ccc300cbebcf5028e854

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\27DDDF6837E5DF9EBAF30F6B6883B51DFA77C9E4

MD5 0ae42aa971c05729f53952c3a53ff617
SHA1 dfc9fdee42e75cb49b507bc56b713142425858fb
SHA256 22a58f72eba6df45e7862b355f2bb047bdbe33d699a1e44d7093db7f28b513e3
SHA512 76ad79909640f8c8c86eb56e027076d3618f2a9ab88fb67e6ff3710e6488f2777f9d90de1f29bc2fc92f7c7a97cc0514b02b47257f26fc60061507068ea6cd69

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\17744E8738AFAA54929A7DA3911CE1311A7ECE25

MD5 ab791088570e0823e3c48fea73c93b46
SHA1 336e1116223b6ce6b7aecad414640e28a069f7ea
SHA256 ac12b2172dd877b5ea00e5abc0fea30fbe526a8b00be22080f9177d58e20a63b
SHA512 48c1a07f7891d1c832d1f81d0d3297d930c28980696f799e94ead99a74d9a64f811dbb887b48f9e5b62d1f3a0efafcf0fd3015d26a019ff478448b94d48f31a4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\5F0C742AE8A57C7CE41AEDF2A20D59AB7F578F36

MD5 0063d46fd399e1eee0df6b44a9b32eb4
SHA1 0ef75d018cfb1462d44abe8cdb703779a93e4ca1
SHA256 51548ec0a17e13d4c35374f33e97208b09f1093dd53dede15d078c1c3d70b883
SHA512 8e7fd19dacb4b39e820ba0d8829911a75dd850c749756f3b8b0cc11e5561ac868e8c3e0405785816aa2a1c59ddf445425cb11938c02697ffa4d16520876ffcc9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\0B7878168B49C74D53612BEB61B446AC030C5F5D

MD5 e7607408250b89062fdff870e1eb952a
SHA1 c1eba054a73c485b12241876d850c7356aad3807
SHA256 1e46e5f61ec324d5ecab8799398729d9c549f25178f3e9c6a85de51a1fef2087
SHA512 4ce70fc1261f54ae90d47c57eccf5d5b366cc15333ab14d7fab53aece092677b810daad97ffe02b5823081f9aa89db649e0d8dbe2d64b1dffed354828dd788e1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\232C0EC2EC5692542F5AE7D26FA95FC3EC24538B

MD5 f2ca47601602ed50f2030ce5b0200904
SHA1 d867151be64458d863bdcf67139be087273c69a4
SHA256 28af96da815f081dcff03de1601df444208f7515f98e56c85fe34106d28817c9
SHA512 3bf572ec27cd3e81002b98195cfe5ccba39fc23ae7bfceb58fd65be00292d36a06f877448faf81a01ec929c9c7e5736f2491444f23ae24740af060889830a072

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\9D994EF872E4AFFC913666DDFA5B18CE111C574C

MD5 c5f1b2e7df7dcc04c53bbf4fa093a7c8
SHA1 0d36cb71bc7009f87acf962cf22418499d229056
SHA256 0865e045c7e35d80cc8aa27b17de4436b03a540a114909eaff33a19938991d4e
SHA512 90caa7d77f1fc99ed1dcc88d773b1f453752873dfca31d940a18262ed73b63e13c191bb0f418ee12b1402036d874a01bb637e0872443e64a6ce445bc3c893e76

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\DFAE86F306DBC5934107B5EC3697F9EB95DD81F5

MD5 845141658db3dcce9a665258d6f01f51
SHA1 30203108dc201508f947f4816ea3fecb860a4916
SHA256 1f6a86a59882e66d530f8c418b0bd8c1a02cfcf7a2873ac84b35ac8468c2c038
SHA512 1c0532f045c54fc81700bd62afdb119dfeeba7b0ca3081e4e299cb21fb3440e0da220aa34600f07abb9c7ac39f694eee54e10df663f125be55744e1d52424f4e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\41C374248326BD3CCB40FDA569C45FFC5E385F34

MD5 11614268a630072dd1ad6287eaa46911
SHA1 570707822881c977c95f9744f8dbcb429aa1239e
SHA256 94a7f6827eb63a61df2a4641a8b06dde25d886730870fdb28ce87838cd882f7b
SHA512 7e27e2a53054600a4943c1f6ab604d20c38dbc50bfc14c3c2f9fc127e47184ccbe5372e1c9a311c9ee346657577a1da465d83fed559bebfd85c576c3f2211850

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\02C8F2FEBC7936DEEE15E99D47C5FFF5EE314A81

MD5 87885c9016dcc8085225fe708c62f5db
SHA1 2cbcd528e60ba1fdda7a5b9b7c051c45ba219aca
SHA256 e091d0f7a8184ce5a79c191563fe717b363474f595151624464d2e4d2763ab09
SHA512 a45b104777c04c7bbeb28dcc645b2761d52715dfcf8c6b8bf48e70e814aba68f59cbf7420af34f4fc338a9f2b472ddcb3b8933eebeec7d3664a60311dd812137

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\74ACB6FBAB1D2B46F7172938FB8353163922FEFD

MD5 2ba7a1b953dbef9741156521b18f4fa0
SHA1 817e03371bd9c50466a02e53dd6379e189a93e6d
SHA256 adf10f2a0a52ad3245f49ad92579e4fa709fa713528364608ba1ed48667d7ed5
SHA512 997013c9acfc109840a8ded3c313e771739908e8afaecc078d8477e48e6c84a65a2601f376012c15adeb76d23b735cb7e2e09c8c72712da686ce68bbc64ea315

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\ECBC0BF78AB9FA590BAA42054DF93951C008A2D2

MD5 d1716e3070b1fe67803a14573d3238a3
SHA1 837f318ffeeb1eed5c4eef296ec098ee665299e5
SHA256 69fabdc50e71aa5bc081f5fe6a6f0c18ddbce4016499312e648069a5f6f89302
SHA512 bee8de1e33442756f0d5518adf9e15f5927d2445467816c98f1fb568710ebe6d88489c02f909295f93ae5f5ff3f0acda98d5a814a80ae8d4df64cd9c91afbc69

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\CCDF696C4D34679D94013BD8D628D7146E0E5C15

MD5 add90977212dac5276c8285b54fc2db3
SHA1 bb42045fe0ef23bda7c4c70e9116434aa4ebaafc
SHA256 75ac48619bceda94dbb6b5c708ac5de739f28240c2535d2b77529a63408ed535
SHA512 cef5de770c4600ba42babb421d26059c413230c1974e329708f8c1a8c40ee9bd3bd8fa601f097882b2d244f14dbc32ede22b66aa459e0b77d5e6745c2bd3559b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\C879559685469AFE1401737D2EA8CC305A643C80

MD5 df4c14d82da016450347a570df3eafd6
SHA1 2bf60d57b57d67767a1b6e75aad94440c8e34d90
SHA256 4f86f9cb7b25ec24486828f0f1a0d9e35c915b2493f47919187ed4a4400cee58
SHA512 fd1c133873a096727736cab2763fdc00e741ac6dbe1564359f4b909944c26b744b4b5d212ae3441516e65c21894bcd88f1e5caf4e9d0a41df891abe8eaf53d56

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\8B0F4FCBA9A8EC08A0B2AD17547C844CC6BFF7CB

MD5 96310b4d743a09688e337ce0164aa099
SHA1 e9d88edb0f5899fa5003c9ca27db2040cd595bbb
SHA256 cd94a6fda430e4cde27c4c807d8019e09fbb3da2484f5c60b4cd2ec19e3e4584
SHA512 33f2dab56b852b1ef89105579710fdc865a75eb87b9a6006db43a17aa42bcee2dc8fd1a7fec0a128e92cd5a3de680db241a895f45ed1a7c139eb32c01d0e3f83

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\ED2EED055161171AC36796BDF8E9622BA84EE1EC

MD5 cd290ba4210378cef576c5cc1245a639
SHA1 499ed11da5a4e9bd5f8bf7cff68fc77e648dfb1d
SHA256 071953ecd3778cf23f5422a7753a3d30979e5e221bcbe27bc353133137016249
SHA512 6970bab015a1a08d286f459d9534913cdbf9f3bf655f42fd02ea757b26a9b37882b8c130b6492b6e397876f18a2a19a6f33e522011a2ba08c69b588cb3b09c97

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\8BEDEA9D51609B0EF5FAE4B7E34EE86D752D295D

MD5 1c2777d3b73fb86a85d291262eb53ac3
SHA1 9d2624b7a2789325ecf80f0bff6ebfbc8d5612ff
SHA256 b95f2fcfb3cef87a5cc0181d23ed03e4431650e918811d1d2fc178c363f3cc1c
SHA512 7f3aa210cb2a8f32ad98b3781550d5daa470c0629a47d6832be658a8ba8e1169fc287b01e4a55af505bcfaf916be49078b095fde52f2f72798f88f546c63407a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\doomed\26921

MD5 3febd8a5bd3478a1f6de58821dbb7d66
SHA1 c4cd61651ac991ccff1511a296f0ba7ad7e7b1aa
SHA256 8a6cc4a5ab2fb7bf8c332e3ab10159de6cfb7e7bc5a83d559a91b5fd89179297
SHA512 58127efb70852244212c303e740f5aa80b4912591754e5e724c6573914f1328e680ad14372f210a7b8543c28537fd62eb7593ebdd060e90edad3720590d0a9ea

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\A7CF3ED5C01DEE0C144A5D0CA5CF0BA94AA917AA

MD5 6530770047f079a80e5fff248210333a
SHA1 2f19a66b6d28f7eaca698919efe879119a950f59
SHA256 3629243375767710971d29f237279d8db011f54ca60a1d97753cafc7164e3dae
SHA512 d2a2096b2c3297516ec1b3816c1f26d6d74108c4fb7ad48250afd486ab893f9f9acf6ead887792384b47471243bce3a46cfce58f90019abf2d793628fec1be99

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\52E1A5F5904D864BC54C4678FE8113AA3A212996

MD5 9c3c0a6b15e2955faadc95034f8b5162
SHA1 5f25351fa7eaacc6a3cb263ea3212730066e7d08
SHA256 0598cc9f46f2b10bd0fc4b3563003e9cc1c26493b218599d8841ce0d2e9dd8a2
SHA512 e7e8b1ac8eb4284715dc4dec1658168eb92f026ea03cce1c9df069d0ab23c5337b21e676c29207db887cc51a06a4066589d0817867cca9c147beb7f16e76390f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\AB16811DE46B2D265276A15A24BED28684A3B7A4

MD5 e0169b1cd1a9327640fcb7cc8f8a2ea0
SHA1 7c2ffb2403c82ad82dd8dbee6f79cbb1676e35cf
SHA256 f12ea6a839be0ccc4beeb86c08942789943e6fbf3ae8b9728eef5a4c1d6a1fd5
SHA512 d8b1a77e36807b8f199f9206d3e75d120983215e9c216e095186b4174e085469e05c4223392930a2a5a8b60dc2a0827951062d1c5a7d9e7d84a125b9ba447dd1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\0FB803544750BD4675E5B1262FADD3FF7AD93D38

MD5 dc984000ab95eede3536509994b505f1
SHA1 b054273fab91ae7a7c5df951deee0fde1fc87584
SHA256 5d565a028d14277232b512f3209a01a9683b152a533323719becbed87b34b94e
SHA512 e13fe9cc270335d072135dbbb9bb7f4ff655fd21edd01c1fde8c9c1840b027afd30a22c0f24023fa24ca87e09416518ef688d3082d6b80fd5364452b79a99d94

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\sessionstore-backups\recovery.jsonlz4

MD5 80820c0e97eff7002991667c7d7e8bc7
SHA1 8b7941e519630e9373e0a9f34fdd35373dff32b5
SHA256 b3f6113c2913a5ffc1eeda99c161659d01470b7de060a8301b68270af2002a6d
SHA512 4557dc044a91f8120247bcc91c34a501010aa0124dcabbfbf919437c5934add8f01b963aa320a4a3655462aa3571ceeafe9d2d7d4d5b9aaec8811c135415cf5e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\sessionstore-backups\recovery.jsonlz4

MD5 1f2f85f3a0386deba3bd0a4c773fe953
SHA1 b4083e1c204fee739f2473a5197acd8b187bfbf5
SHA256 71fe9369eff1f3fd6c1bad403a113861ad76af2828aeab261a668db15a9755fc
SHA512 d7e6f99f84c8069e37569884d7964339eee8e5887d4cb79f7fb67e7fc9ece4e8e77c92b3fc16db94e9f42546a2e63051539b89594070e3251fd73c9ee98ef27c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\97B10BC4D7847C8AE893CE9BC8685F05EBFA5B05

MD5 4ac1d2a280e7b779e49dcf496f8c0d38
SHA1 728fde071996abcb875fef5e7c3ec48ea8d65b74
SHA256 0506d3af58d321feb060043df5980e29e424154c410fcbd527a440d01c19bd93
SHA512 7f02b9baa1a0c5c4ced799dc55a114607a4d44d17a40a1af6b7252f1c6237bbb21278d2d924904fcdd290023b86ffd746bbff42f68c72f6c6fcc511448659a96

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\92B7809CBCCEC32F8AA6B585CB23104E10E55D53

MD5 d4b79951c8af1b246fe0fb331984245e
SHA1 f21d2f9d2912b086cb38d7f9a9a93332d0fab6f2
SHA256 0396bb791d162fe184b9077c99c824627d837d4862acb556834051c30640748f
SHA512 47f3c8e868b29bd4bc30be37e9a0b4194da49cbdb47be90616ba64601e95634497489ce30d4823b07b1da6736a1a51742a3634856c410a6563297fb640399556

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\462E5FADCC82A134C10A828C114C5F747964CF3D

MD5 905ad2e17d48837e6e601884f45c73de
SHA1 08d25fa5229eaf0498a7ba0e76ea83c1860fee96
SHA256 85c980a74ecb73041672085d449878f5e216e698645035170579a027bfc97279
SHA512 16cfac1810a3c55e4216d034f04932a0cb8a58de5ec9e8b6db9134f74ca764d33c4cee6b72661d2beb77bd0df77ea76b8955bcee952054c8862ed20fc3397001

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\4D3373C611DE638ED6CA0F7AB92AED0C904A3795

MD5 fd69888975517ca6344494b7407217ee
SHA1 d356bb313dc64f3d9112b54d3edf2d0f4161ebf2
SHA256 5cce7c09972fcabe1dbc19166d528f6b0b1d7e31ab46cf451f3f417932aed534
SHA512 97b70e01c0b4a17718c25f8128bfd78fd42421bbcc399f6cf80fe66d4f533dce91c3451f909b0c74c6ea7d943f88834c35fc8c552febe888bfc9ecdb1f898fc8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\21235C60DB68B39BE5D5AAFD7CFDA8EB241CAC6D

MD5 f7bc591b37c5aa004f554afc8e3be748
SHA1 8617fe1168a711d8f4396020250e7532c6dbde0f
SHA256 ed8686c92d4b95cd659ea35b4143e16d8c290a6293ca24c9b1129eb0ba865168
SHA512 4d26eaa55f857cd58312a833ef8563fcd49dcc6706bdfa13b15f95f2a0b73374a3f6e1c21f450c491ea82e59121ea7a390eb631696f7ef76a9e0cb7148a08e3a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\88D2DD145122466A8C6F39785D5A392BF5E86A0D

MD5 8f5c4b2073c3455e597ebf15aff9d5a6
SHA1 e53152bbd653bddce46ca43290e004b1bccbac31
SHA256 00611e5756009ba4c5c43bb662d5dd2d028c17c7d5a7754ef64571029e029ab7
SHA512 4bc8d88302a4a280f6e99327a301b5db8f403eb898f05a0a863ef9a66c1dddb391ca69b842dd5e686b11acfa4ded83d6b926bb7d1772c24f326c7d12f2aa00a7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\22F2BE6046DE71FCC15A701DE0FCDEC5259AE136

MD5 89257cdfc39b12dbe1e488c76fdd86f5
SHA1 75e4f8896ba712b6ad7d9b51d8802a4e54d9fc20
SHA256 80a1e3fe5456ad00214868b6691eaf3d04ffbe893957a4dc3103c225428ecb2b
SHA512 da79caf6df4d80788e4e3c313a5ffc5690f14183f562da2129d08c3dca1185fc4a67fd6ad68f60104e4587c82cc19fa472dda6d3618fe624a3a3a669cd7640ba

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\4E40360E9E0A9B7093B2CBE976EB074AD6A1A2EF

MD5 208f41dfad7df649f9398c99cfbc5447
SHA1 f4ff9c72022c52c7ebf87a79d60d57743005047e
SHA256 0e9d2d3f200671b501ceb939ec70f6905bd5c45f256629450654ac99e490f07a
SHA512 62b9c25e21d600a0b27e708815094fc8f05a8efd7e78fbaeebebfe65f0ba908de3387252d47631f789250be7c9f602d74966c3304ab1b772c006dd1783fd9c75

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\sessionstore-backups\recovery.jsonlz4

MD5 adb46b395a8b5118935775de4a1242f8
SHA1 391f10449fa3164a388ab2abf10ff7440aa09dfa
SHA256 07d5a62c612654047414cedeb7e0cdec003657d79c0d6de61070d70789dcbfc4
SHA512 d526dce0640ac7058480bb43c68bd214a0a14291c5f4ed5850827adbbc6973b9c0fbb55e2c8f11ef49d08b9e1111d17700f7210d8e8505d881588d96beb1a166

C:\Users\Admin\Downloads\DcRat.Ac1RktiI.zip.part

MD5 0e3f67de61aedfeb7e8866a541120b1a
SHA1 9939329fdf59ad5ede2a4f0d785e5ec105b5e902
SHA256 5f56389148939635f7013cd8cf37f344bf6e5b73e7812ec55d8b7695a8408ed1
SHA512 76d215aff70f14274b9ed59b5351afb2cd337580be7c896d1cdaa9c5826da7623fa5223d474fdfc263444399dadf902e1e413febbbf9581665b9020272394cf5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\sessionCheckpoints.json.tmp

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\sessionCheckpoints.json.tmp

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\places.sqlite

MD5 06f54abc78af2a6ab8fa45688c8f963c
SHA1 da8dbc5ffb102d080470dfa946b591632b654ced
SHA256 b53cafa3c958f91c53943671adc7116d9ef9831fb2471d64db0dd5839594cf47
SHA512 741faea9f30d8d4990fcac3d0e6dd155c84f568c33b6ef13827f9b3dd38ad22bd5478c00181e150f97c3da1920006c825ce1a3b4db4ffe98ce10236f39e0f58b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\sessionstore.jsonlz4

MD5 c99c0655de8283c5822943fbf7d049ee
SHA1 668f9fd615d146c62bd24d7aecb85dfd4e244307
SHA256 7e96b4455b4f70ad0a9182f177a17566ca56da98d149ebfced8bd98969763233
SHA512 4f54b0117e79796c315fbc05869e276170a9653a048f91b54ecc27962f4bec8087ffd25a9ea70701b04437f307466d39ef049cba3a8dc795b6be6783af025e79

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\sessionCheckpoints.json.tmp

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\prefs-1.js

MD5 1bacdce0704502160fae255829709627
SHA1 aa510ec755fd617932827633fe00944ce7f696a1
SHA256 7af1e641a3d1cac82619d91f64a8c47e8d6075eb9de1f041d13e04b3ce31e6cd
SHA512 619066fb30efda767ca29d2c0f8089c0fa195a8792a18237a0cac8066cbd083722357717c073c71323bc87bbfe2c330dd54342135e63bbf5002f154bf19463e8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\xulstore.json.tmp

MD5 6851314e9cf0d9b77f5da4bcf73f84d3
SHA1 636f0b3f2b4ecedb446c0a14fa24822bb7500639
SHA256 007252a38c31f50beab94dffe6cb4f8d446ae7303149e909c0c397cccbc63b00
SHA512 397fd404bffe3b21e40e97fc6abef90152bcdc0f6f5eb56f671c15049770053f665ba8ed0ded704a1a53812f4dd4caedc99deca2ff8c1b8069bbc142a1e4edb0

memory/2900-6113-0x0000000001230000-0x00000000027CE000-memory.dmp

C:\Users\Admin\Desktop\3udj3\ServerCertificate.p12

MD5 0acd68f0d12928ee46af1413cb4a0e79
SHA1 9a2dbfda5318230f25d1d4409af1bee5a76604d9
SHA256 78fe46fc08d843166cc989d68d60829edaaad50027df31615152385d859b48c9
SHA512 7c6f3b7557f8af0aa7a866cd7a30ab3b3ec8109d811d4cd66ed7aed91de90544fdcb3369e0ef020d3ed65f04ad4472d93a01830f0ed07907729a34b9a6027a37

C:\Users\Admin\AppData\Local\Server\DcRat.exe_Url_e2jmpyjwwdcv3apjxjsemsf1n350pvpb\1.0.7.0\user.config

MD5 0c6e4f57ebaba0cc4acfc8bb65c589f8
SHA1 8c021c2371b87f2570d226b419c64c3102b8d434
SHA256 a9539ba4eae9035b2ff715f0e755aa772b499d72ccab23af2bf5a2dc2bcfa41c
SHA512 c6b877ff887d029e29bf35f53006b8c84704f73b74c616bf97696d06c6ef237dff85269bdf8dfb432457b031dd52410e2b883fd86c3f54b09f0a072a689a08c0

C:\Users\Admin\AppData\Local\Server\DcRat.exe_Url_e2jmpyjwwdcv3apjxjsemsf1n350pvpb\1.0.7.0\user.config

MD5 acb6df8bd0fe9236ea87ea6e3c28173f
SHA1 8b1d88bd749b58905c6db258e7224a67d1179938
SHA256 ec2b3fc4d011e9b8a04188d8f2ff280de854dde7d6ebf8e871e0642f789dfa5b
SHA512 a4222c0f5aeba58679c21361dcb6ab2c7ed1d9cae41d2839089fdb7bbaac3b8735afff8b302557f85389daa977b826cee77b944ba598e3fa6c2a16781453a832

memory/3728-6152-0x00000000010D0000-0x00000000010E6000-memory.dmp

memory/3728-6169-0x00000000003C0000-0x00000000003D0000-memory.dmp

memory/3728-6189-0x0000000000E80000-0x0000000000EE6000-memory.dmp

memory/3728-6230-0x0000000000560000-0x000000000057E000-memory.dmp

C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl

MD5 c4d33585ab0dfc1e324ee44c7d35f0a1
SHA1 fe4459f15123947054fcbcd8cd2b1780002337b1
SHA256 db7b97dd6ffe5bce97943e7723a1bbc6cac631632ad61d1e60fcc0d0ce48e959
SHA512 b4850f59cea3cc38b8da38340a5f8162ead30341a3794c459578521f0dc55bfa58b9fc0fba0450683d6a14a8a74ea5f6f544f31f76bbc72096371e30ed7c83ab

C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\msvcr100.dll

MD5 1314ffc215a9af9226c58a3a9dbf0e91
SHA1 84549bdde145602cc349050c61d087e03582f7ac
SHA256 89a8720797c8bcb59464f07ca482cf298adb0b75af4d0932ed0cfcc4df7bca6b
SHA512 09aac9b0dc173c3521811d893a4ca87e82d17900e366765659307596ab1898889c6a23c93ff5017e0326e489544d0c61ed9da9b9668cca4c2e25eeabf2c6a947

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

MD5 8938ef4ec14bbef34e988fd7a544fe8b
SHA1 879ee94376e854129589d5326af027a42dcf817f
SHA256 569d52c986a57b8748a9f22a9d21a88c20b81ed366ee2abe96d361894e2e830e
SHA512 5ba934583644c71c5efa9450b41f25eb1f2f60eee4344c584e9c2f65133b7f6424368bbd3ff2722e7b58df0eaefccd29ace7c7f56ff7ce2aa860a2b08c795629

C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UCT

MD5 6df5b9fd38c3f2ffe83e504409475ab4
SHA1 e73f3838ef072ed9987b2e67461f8a9fd5915f17
SHA256 ea4070ddd18c3e4ba1d7e8c8194dc83b38022efbd1216835b2fdd499b451bbfe
SHA512 62b27ee9ec227cf472bb8b7ff40285373d0afb3fb559254741b0b05cfed5a771253ab88a65be46113f1e9b4d347755bf50232438f99c929374cf1ecbdc429c83

C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5

MD5 7c799d5cbbc2c909131b160e4e1060ff
SHA1 af08a515f02dc7a4cce04bd7c1065d702d6fa9b0
SHA256 90283c34f75db602b37afa287a3914dca4966a6597c47527f679b97d9495cab8
SHA512 c8555ac259acb4f13dd4afeefe0175d2e5b97c9b202390c17513a66695610e6fc86af45ee3aa526b0d5869198b551bd5adeb5034c16e31047034ee271091bc0d

C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\HST10

MD5 43b5f29aaefc57f904a35ca496f4036a
SHA1 0ca1d2ba8e0a91f5e1871b5185f52de6bc0fc27c
SHA256 8a30f9b788be048344cc0d12410b69f3d60cbc07243a4c12b2344d2bcbe4c855
SHA512 61618a8e88d13f103149a20af9db97ae41bf04b03590578eb507c3ab72f125fa6bc60856bb3b77f745f8f95b3c7bd387e6f8950a98954e8a85c8942ead2fdaf3

C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7

MD5 103743373d3d0b9a11809a1838b7a290
SHA1 03c22b4e8a6f662308360f1dd65c0d52ed97279d
SHA256 73ee4317bb9d5f6c56d73d651ae078ea7049ae413423b29fc2d9c9cd795a0e83
SHA512 3263a3fe5c213c57874dd977915b0c09a7b051e75e04808aebd0d0fc76a0c0abbdbbd9a9bfc993253146bf8f8756d20483a5c6dc796727c8358257ea623cca95

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 01c24fd2362d018146a3aa1426f32ce6
SHA1 6ce4c20f973b54c35d37ae6726cbd558462b907c
SHA256 c3222a6bbe3b4434d7b71228ebf615d63892ca588c9406844674d24e2b4f58a1
SHA512 73d69b0988417c4f7abcbfa49a2f7df8eb88626ecb3189bc0e40d57dfdd483d7098fbe62ae543535fbe07f1112a3922b2c092c90ad3ada55fcb91d0c284faacc

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 51c172035ccaadae970d519c69daaa9d
SHA1 0a42dd5e1f44840837561110985c08bac4222117
SHA256 b455a7d8f5654dee46db475c297ddc3ffff26fcb6df424145d7296eb4e73e3cf
SHA512 f085162967d051b456007b71d5ca968b2d7b0e5f3c28656c7dac171986c5fb37c1984a077de202b8c5fe57b8aeadb1c9f6331baae692d2bef6734648dd5bd23e

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\asl-v20.txt

MD5 3950ae9f25287292d3e58cbd7f6c32ba
SHA1 04399b481e5f1b6b08150a54a7b51e7dbe308461
SHA256 4febb2880ae771f07eb965658403ef2e2ab6784ace30e4194b7f5d540c69772f
SHA512 e9064e2503b47a867c4bd86906d9a6ae5a0e5ed651ec15c3a6696306b2b5705659e1935563e7f829829127a70d749928e538ac1e9cc42d6e738dfffaa4f404c3

C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\vlc.mo

MD5 b7e7b4c83fad9c4e3540b020b7cc441b
SHA1 6e9f645335a443afaa5220a2350fb2aa144291bf
SHA256 575d07d1ebde2eb31762af3bd44f18728e3ff58c28fb83066d365172006fe0a8
SHA512 0b6a7149712813b25f0ffbde5b92c347ef547503d63c3863ded7c4c064c76aa3fa26e73b616f9b7d96fb4b3d3eaeee56361bcde4fc043075a25439c44d0a528f

C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML

MD5 6f7895d4d6df237a62b5b401be5d9060
SHA1 f549c3b3ace3646c2d9b0aeae3ebeef33c808dd4
SHA256 95e21b22bd074d13e7817be1e98e9fc3b013fd108fe672120c5399cd11e46f9d
SHA512 62c365d012f9d8023378d7dce0913d420ea4760d664ad820c6f1a6f6554b1b8d5723df7d577ed71ca7210ca2e0a2db5766ad449753d1223979d577b2920f0700

memory/3728-13558-0x00000000003B0000-0x00000000003BE000-memory.dmp

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 0ae6879aa5b8192f75e7a22a54544328
SHA1 f133a43bb15f7c27a38f20614d42762d22ee54cb
SHA256 e661e2ba8c24058edfecf2fb56a400fb8438df028d4131873b25c691f409c41f
SHA512 8275f738695b37b66506078296318c47d52d19390a8af17f0bc65512749b49d30bcfa8e5532d01ce1b5be6f265791567cc4797bd510ec7302c0873d80040761f

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 856eb9186acc6f4a9f1bdb1de1542ee4
SHA1 150cafa309196120b494c602d69aaf2988d2a2e6
SHA256 35f82fdf752432ae76dcf6c74891ab8a32a53256d1aa0e6c4d66fb5af2393219
SHA512 9ebad3a5a81886189872a0d41224a5508da00e02447a3b616492886a463e0f403f000739676ea346c98014103ce2f25b2dc9cb6fb1a985d1e954d7b3ff05bf5a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 328136af0769f6b1e2c03dd51887997e
SHA1 57467f8aeaa90c74fbaf02ce4fc6495ecece973f
SHA256 132abd1b2b9709ffc0e365f1362ecb8289a618421b869433bdb719a62bf528f6
SHA512 0a14b7085b3a1ad4112b97e46a8d25387cda3e27efa9a2a77bf96b0ae2b540bea3e152ac665ef367b65b1b4feef0a2084ef6eb4f9e2092224d98f196e59ec901

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif.DcRat

MD5 5c0f19b2c087b2272fde7cfdbaee90b0
SHA1 9f610602561065c912ea1ebffb017dcf5692863d
SHA256 b15477cbddba581cad6fcc5f0f2a4163107cbf5e946969b0e1932490af512e3b
SHA512 7727bf7aee6d4ec65bed02de322e53281277a4770e2d493c12e307d13fee004081a81375c9770767d0dd54917a0721344d6c5614beb6fabd86ee8a1c744688f3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 16e3ccfe770e74ddce88961f4a724c3d
SHA1 a7b783cc895acc62a37835935cf0bea1d54abc9f
SHA256 ab9bfda7ccbee557e2f026d8cb5c5429656486c754af649adf0978f083d8abb8
SHA512 6662e14a24dc5c6597655406d05a1dcc52055813c1a512d7bb28c62c607bbb1a0ec7197457643b6c5c7211b8fec2333133f1bf4df105d27dffdda6e7a947710e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 99a05aaf37a66ed4e6fd9f62172be537
SHA1 a6b66dcd47d3b7ef5abe2ab323a5a4e259bc3893
SHA256 c8e83c4d3f310e7a800976fa1fd50072d505bf8c828342bfe17a8fafe057be9a
SHA512 891ac7e18f5d5078a93888a34190168522423c7202251b1290a14771ae74d332032442da3246abc75252cabc672ffbc0417dd8df823d88044af5da91046eae3b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 19c9e9329bead4a6647903bc885fe55b
SHA1 b3d3381e81f4e08d31e910c962b31df6fba1979d
SHA256 8f565af29b5f2893ab28d00826f59f699745929a4b2f89388c4a4e852dc47f28
SHA512 89c9d437865dfad645be95bd404ebf2fd39f06c5fb0f6d1aff450b42734049b3b2243cacbdce54d337d04a7ebb08afaf33f6c15e2043475dac46cd1aea93ce41

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 42cc7a5e7abff489f0c40b3cdd16c6d1
SHA1 d79cf9d746f7b29601bd5db539bb99a8dfb41d90
SHA256 e9eb7649c3bc03a56498e17042f76f63401e0d20940104e619624b09358f621d
SHA512 4f46070b5857362a6cc4727d54af7e4f96d4b270d9a05c75d244d326104dc79765985da37ff50844c0ceb9cc3e9ccc14eafd306ab0722ac409537408c56a358b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 666e243ad338b896a3cac5824361293d
SHA1 f7b5b8d4e18751a8b51fe769453c2ab69fc57581
SHA256 1559b032a97c93807a180a9767e8356fa5193fc252cc1e118c0c8acfbb697a1a
SHA512 0e69af44742e6a48344339dd45cd09dd057b7a8e9a2d991dda456f960542ae9fcd0df89b44830c51507b3646eaa2a5a710ba0e4534683e3a7df0a90640eb6d87

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 bda64e3852c4ce59ad3cb4e9ca574d88
SHA1 787c87ae6789adaff1bd2671f0a37761c15d2dfe
SHA256 a26218ba8092f87b1afb367a6f4f068d5d9e15f61159e09334402bfd0cf9ddff
SHA512 8e9232dec6e03cbd2df36942de58e814e016f1351fc6bc9a46f22d4f4142a43dde409a779a15c30a0c29f30f247a029cd0156ee2d0c2db8f3afe03f725ed98b9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 8213591c5f5814894758abf94633b3da
SHA1 1152b0ab25d91c8e038a86cd3e236851c2601b98
SHA256 e8234ce8093ff0638765a456db5de07ecc72ddfc83d0cf714802a3cc056654e1
SHA512 30eea4cb30ae611cf56bdec414b8d5da4817fd2968b37fcd326766773d833025bfb9aa5e0c68a7f6d634a499074c26c0fb917318429a8e40727ace2ff9cf822b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 b7c6881984dbbdc0fc6c42e8a8fd2958
SHA1 2aa562be0069c6e585b51173bf898a5595d552da
SHA256 bb98f376ad335a93a4bcfda83b5165e06bd8d66ea0564d26483248f92c3b8ebc
SHA512 a4cc963f2037404862e9b82d1fb5925c5451a4dafb22596a146ed5b253d3221eb1c321d82a572df3e25e505b596fb13438619024ca7837d2cb4cdf6397ea5b5c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 ef18fdc4e543f8688ebd743737a502a3
SHA1 8e7ae5ff0b1136350cfdfeb7dea5e8700706c077
SHA256 116d9052bcbd38028b62efada584495d742813c9087a491bf8645a0e5898f743
SHA512 c99a8daa24d15b8fd84f207899b52a33430e6c3c5da4a8c0843062f4fd40f3be814d54a085d170cb2ccf48cb359557fe249684750a9e317b13a48a48c9927ac4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 09474891783c839ebd945b62088edeb6
SHA1 eb339ef49dd34bf9339c03ab865a19cb9ab7e8cf
SHA256 f82dc8711aecf83609076939b3d4ec6c66bc4df0b32ea75d94859e360c0886bd
SHA512 ca9645b7d57fcf340612318d010f7a866c512f52b2ad05ec9e7d176afacb6d6378f5006a9d4449ff22bb6ec37a55ea66523477119d429afea0c9eb24c7947a57

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 7b6af0486f30a65a710b61760ecbe43a
SHA1 4ef7fdf02ed407c71609cb50fc556b8bdf0af298
SHA256 b43b7e01c5055c0c813d6311be2fdd98eabc173b5d72f7a0facc79f11d57bc79
SHA512 4aee7ed4a30434f878bbb15c1c06b85193e7121f3ca419ca392a52f1cba542fcdd784359684362890fb485eb45836329c1a873ad07a8716574d054f660199763

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 3975b77a5d994b4360f1f685a9415f60
SHA1 72cb7e7d5ac936826b7f634b74fb13f019402c9d
SHA256 afbd3733f2107c18051457b19b9f60510bd52001d59a511d26688f23250d4865
SHA512 5b9ef9a310cae387d259a79f77fe400928febe153db27c947112a719986e2cea22b826a2616a2297262dd16ac9959eba3962f2e3ecb38c41ac321ec0aa0c1802

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 cf28533ab8e25d1d34af4966226d8c72
SHA1 c6b0709d4f17b8268757cac80a06bebd26df0ac3
SHA256 78a7874ec07918101925b264d8e9f1bb9f3aab0a5a8cb2ddde32d3b0c63ac9f7
SHA512 12d2f99934faaa0ef7692ffac41cd8333e8555679d94c9d4f229af556464daaa729d6d837526d0a3c880f4b27a1da6f06f273d868819c91a456bdbe02fadfe35

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 59d7445c15121135050b3a55ac4e35ee
SHA1 44ca9dc2d9274568c8cb49ea7d7720124adbefce
SHA256 c7ff916bb030d0f1e0cf2e59b7458710cbe27bcd67ef826e4ee123c1ca2da148
SHA512 29c51a5409c23dca3b67e5798cd8a5417341d9f637887c2e7c4d44ae75312185773e82e50618dacfad595e2c6ba8aa2d34434b071d7ff3a740e0efc7f044b5c3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp.DcRat

MD5 3d1652050510bb78c358193fe3b082f6
SHA1 d0248ba45c531e330a0ed29198f030e04d8ba0bb
SHA256 7902ac9f705dfc13c871f743e872e05859a8b1bb741bc3350c65d29056e3d200
SHA512 9bd4945d56bfe310075f8df23697d20efa0624e36f9afece199b72a6eb6a9a668f177f2e81d913fd59a90b689c2857df7f8016016e65a093d9354155073f6a08

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 e79c568b039c0d94649bf072fa5d42b1
SHA1 77e1a39c3be6e41d68dc18f72aed8bfea335714c
SHA256 ea472844743e36317704614a4d7334f9aae5c6305ede290081400be38cbd6cb2
SHA512 a984ed5bd77d43c912e5bfe4a5ebae12687dd9433dc9d74887f26eb374fd37ac79c0f00333f1ec69037e94f1fe17962cf6547b51be96542f604007211cc4ba2e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 b33daf3a06f40996a066b6fe3bcf3610
SHA1 297e8a65aaa300ce16d420053c5766904743906e
SHA256 82b0e7ff64b139fffee887b4e88b769db69fc0e97a1e1bfe7c16383d702d239d
SHA512 a7b6e47cac63db877753e83920da732b37cfcdf6fffb5b37e8c9673b7136e658b9d1abbf3faf50b9d394d23399ee6549f9052a05a4f052e0d7069a5bde3529de

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FORM.ICO

MD5 c0228aa11f8a215483da968f2dd8373b
SHA1 82c48cab668c0f947e82d66d8d684c2f80858514
SHA256 91756cb3416a756af081fa6b183f4772900e46ab5710928e3696b0a9ad4e8253
SHA512 1817fa2970ab113a1a0577049584807d811623d09c6a676e67f40c079cba36a56467d15069f862377ae0c1d159ed34254e1c6dcdeef67a4e69bcfff31516f750

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 c0bc45b4068efbef95cc0872e9eae5bd
SHA1 5ff2556a9526b27a2cf414e87eca1dfe13a122bb
SHA256 242ee4b5b72cfaa042cef7d9d168c0a53acb9787bc466dd2f567718c9d70eced
SHA512 c6e5dffdf7869135cf1b0104396f7633891234e47f558a90cc1837a273a43d269bdda622c4e4b0a6f2ed8d77053dbadae2319ba673f034cc77cf561e866065be

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 13ac0d05131d21528cf703b46d660d69
SHA1 33e902ba64beeab54fdd898f0b2ea558754a0809
SHA256 d8941c95030976aaa59d340eeaf49439ec3ec7b4f25151c17ca97d1be375087a
SHA512 2ff4d020c6376ab60e2671bc7b6d7006fc79b353664ca28478e65e4d55bb811663a29ebb005d1ccf7c4f64a2be27ea0f1a59a7dd196287332335b9cb4daf293c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 2d4b9af193fe2a6ee580d4c910007446
SHA1 45ac3eacc468d590e4c48973b4e31e1128fc815d
SHA256 a309f9b183d82e2905285687077065feedd4a297e0dbeabde894636e33923113
SHA512 50594c25f2456cb9884933ea580ee42ca781697c4a3f58ecef8f2c4a7417fa72a4f857f4c7ffb5681f8354cf1c5286e4dd82c1d108fe794c6089b0c706b608bc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 455a17eec24e9a0bdfd238dc52358fda
SHA1 6cb7468184ceeadb21e856ad323caf4c2e7f5cee
SHA256 6b8e4a18db1eb1cf883ae0f12779f96d37b6843f8bd333a6eb891be59f943b50
SHA512 64a540fc3093556840ddc98c0a3b822d6bd4d2d74d714d2478da458be74c5e6a0fc0f33cd4644225ebdda66de43ead63dc0f8d5aacf3364098b809ac02ddcf79

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 73b1a1d2e4807d4350bcfafb13f8142a
SHA1 b90d01c61409ca4f9c9aefa64898cca0e27245cc
SHA256 1d4412df2452ce9c2a76496947771a9afca02fc068a4556928b602910b707f4e
SHA512 23c74c96a85447f50097b5a072b6456e51993cdb3a9e73271d82107302d585372ba8945ce3446ef68d33bf918b73e86941c42d65732a8f960c950b7f6c818277

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\VIEW.ICO

MD5 3fc6425f9562c29fb40300006ba31a30
SHA1 c4e15cc0f1ae6259f485995beeb6960888031c97
SHA256 78cef6e36f9d4c57111a31f3aecae83c0feaa92dc2007ea55d0687521461bdd9
SHA512 30454deb686cf3319fd9c5b0f7c20517198e53fb4b31acff41ecefe06f36a9845735a25649b84de55cf97fe690c3dd93e8c5dedf37c10376145f72a52e3330cf

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 59e802fe7150940bca63fa4657687787
SHA1 0db4154657aaec1be4d9b4d70f861cebf6a91af3
SHA256 5ffc36ad9299ef7df57f0a2e5875cc77935e03aa4cfdae2578cf470660598a3f
SHA512 de048abe2e6c5f2780f575d3070451956f7e0bc9eec835a5ba6612fe3f172c3e40c5fe3f88d401942f91d06a5b11e75db49f0beb5de0c6c0dea518f035f6d8ac

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 e2bdab01927ed36d80e6f8e04f3181ad
SHA1 0f807cd9d00a84032b38e892e903ab0d6b21f2b4
SHA256 aa02c9827f2b0e0ed9827707e3831c05782676a0203d6357ffb6bc405cf9539a
SHA512 c1f829bec94b3fda74c4514e95cc9e9b2ae9b318af4af66f3aeeb986b22f6bfb902a985f727dc944728e9f4eae962407857cdd2868b67bcc8c6e9bd8d74b6a4c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 cba643f498e1d7b9d7473e690243fe3a
SHA1 6a4291cf23e2a8cd5377739e64125844d2f47871
SHA256 34a64faaf8c1b8d3e4fa0398664938e56872d84f20ea76e83576017f22fbe3a5
SHA512 4414789a37abb894b00f8d0a8a32f7b7c72ca9f2b05d30679e2b1a71430df380481393e466b1537b077ac6fc66b4c46f9ec716d4ed2982b9687893502dff8522

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 8e019f3f84b56952d8bc0d234ac287a6
SHA1 0eff4eb0708f1a11d288175d8b020d8815a3a38f
SHA256 7a9ba6ce50aa2f14f42734959b2b341e99c766ba1d21f292670f23f2c05c9898
SHA512 f8e61d08f115edb1a191a83bc691b2a98060b02304ded8c8659893886769f948b83fd83777148e2eac07ccb20e3916b04569b5f8d71dd9733443ae4723e34358

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 dadbef73404d1e96847e8cba5fff23cb
SHA1 47b88839262fbb5577b0e078e073b55396a51541
SHA256 e4d715916e98ea6b096d9024c0734d9760c1fa9e9e637ab48be8da99e3f53886
SHA512 a9bdacd4486d5fc49ed9b1115de44a23474de866506cbd93f177a1768a572d21b2436528d2e82851e75709a78b87d88688eb277f3ea25f189e7aa43ca17f7228

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 2ac68c972f1e65ce898ac817c8117c53
SHA1 83b496f8bac904cc1af44811218fce77c261a6a0
SHA256 3f8ea85baad62602a75fb8fbfd2a95cd4e593a989c3a140ad4ddd326fd2ffad4
SHA512 aba70b650bf87270b1bc2882b7e7623b8d1400a9373e2b05364a81cbb789cd63ea21c6a6e3cba3d1d6e764cc0d3fec1753ffea3982ff2c24b14bb25a68c10b0e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 87617d257eea973658981a076f9e3bb1
SHA1 ba96c4a70d89d62701e4f485a816ea7c19107788
SHA256 2c707c40d8caccf9c296089e6b5d9e40727c9aed29221e4200ccd8b86633a230
SHA512 5ac48d7e049db1f2c26ceba6a714d6f4ae2433857c9343733827bc9dd2ed20d2a48b2e2f0df6183d6cbad5fb0c08d2cd0303c140104c2b3db430556f071dec81

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 b6bdc5b5e61e6d953064fff8504ea4a2
SHA1 ecc270d278ffef70badacfcab17afcc894763579
SHA256 e73168fd8dab526d8f0af2d02eade40e3028eb3299f2533ded286fae3340ef0c
SHA512 b09593c9d2305b0ba3d9c36f3ee3878936b24c971023083d7ddf5784201618bd03f2f0180334bfec57c0d23626ed83cd51826043f6631f42d42be963a49b2575

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 ca10db186aa1cc7a01418f61467dacbf
SHA1 6ffbd19db997ead604cba851c7d1edce0c28989d
SHA256 2316a0f8f332edaf5ae3969a8924239a521e4baa35000e77ee3bd189be499b5e
SHA512 2982b84906043ccaeb42a40226197a52f8d6cf628b14319c47b1d13a208d99646052945810999d177f34b139cb79a62f869483028cdea5b5bc62eae91e5ebc2f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 4be770d73dad7e9c3bbf63ccb5289e3f
SHA1 2df52f234407e066187c0e995abcc6df7b395572
SHA256 6ba345b8a3c10420f7f68b39c5d7d5f7b013d07ec81107c5927f7f5786791a9c
SHA512 4743d8c14ca4de00a86a809684501e855079e9e6104308afe4f2b24deba0182e984f56dee76c753c596f832264d0d502ce8bb859b27d49e826208a0e926ca465

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 ae867fbb38e6c4ed5c12614f750d3cae
SHA1 cfcddbc73e37f3587ed67152e59364c231339bec
SHA256 c50c59b88c0d29349d05b526dfe21c343ab3f043aeae32463fe0abedcb3629fb
SHA512 265f72a4d846c8d68cacb0ac2104907056d7dcd0233eb73541b5cbb8a94a82252cb5d7b3aacc0a9deb086bfcc31ef4da6445b2a5b4b052e18f826304e4273117

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 743e6b5ff2fd0bf8a8c5c3e8abf35668
SHA1 d1323f710051c7bafe2a302ba34313e216836b85
SHA256 bd2b8d310210c85b27a207c50e1068d803047e5e0a507450a38e99cfaf11d337
SHA512 f24c533c0f9af5f6788de3807d8d1252ed1306986fd0c74f90f7926c06660b822cd1bcf3a80df70d500d317e99bb5751a8ab0af201c08cab55695186c5dd2777

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 402080fbbe4c52ec7376fad04c7f85d1
SHA1 56113aec59fbcbd050f8d2af25b8b8fabfc21751
SHA256 8de5e2fef603098802e0f88c685ce3461ae9f3785f7d3ad557d11ea19a86918d
SHA512 52d6588354dd45808db05a1fec6231bd64233da5314e3e77cceb789af6b363b5c7cc7e5404c3eacdd4b226d31f109ce7139ca38322bb158cf7545f4b172837f3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 2c0775f5412ecda2c540e57ae587959e
SHA1 0d2c8340de9e6ec2908bcf9057cc6879aa62a378
SHA256 e492eabbb9161f9e64e3a114faf91b73a9453461a4fe4b6f927fe8941a5514a3
SHA512 633d824adef62db34910f90ab6692514f5bf6f9272c93024152b23e65432ed808212c12ba9f958bd90c50587b8373ff8de58a776a317e5baa2e469ec782fbdba

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\HEADER.GIF

MD5 81bc2c951b927b6a9ab4d9f5cea3d8ea
SHA1 7641131d79a612285dd12ce544276eb2c6b85a2c
SHA256 f520a082f770bfa1d283ef114fd59f7328889c68f52846068dd686694b808bdd
SHA512 223351cf2271c66034f6a5678db61a4b665654ac52806568cca5ae5d41a9b7110b794c360328e500be420db569a26b8ebbcde727e37b1da49bf33b53c3e832d7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_OFF.GIF

MD5 a6a992458d987d85a63402bba89ba390
SHA1 b6db91cf8b1e5ac6632b2532059c982593964c5d
SHA256 a20c65cc9560f0f321055025d6eeb7b8effd7a804a4b658c8123ff7cfe463cfa
SHA512 70a73adc147c1e57c19e8460fed99598dc28c37b0672ab947cd876e7079c0a68cb58170b9b5d10590ae4df2df909740df476a3780484df4c79adfac06eb46e29

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_ON.GIF

MD5 bc607b5580ee0c15f9b6699ba8284f8e
SHA1 2c673889356f90a3f1df41e8fac7b54254c12433
SHA256 284b5470299e753e667718381822a6fae12a84c693f558047342684e06f13945
SHA512 5a889e6a451319b99774b9758ae735589a64b48155925085003d2ee5868955a70f8051e77cf51531f4279c3327e72b3874982abcc6e2e9d777467958405aed03

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 080688d8efb1f07f39713e59ea9bf28f
SHA1 733554f9a5e29bc1ac4cc5ab33c65df8b2fb4a07
SHA256 2130d95cf21b91394153740d372e00b6e2a205b4165da193b1b980870418f0aa
SHA512 b478865b6fbe8c2652abbf4b8309b4c76dfb7cdb681c89d8b67b51af684215181a20bb6b92c02720f3b7e37cc663b34d1d0ad22586bcbff19dda8efac8af1c5e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\HEADER.GIF

MD5 442ff0211d4e51951ae5359b695e305a
SHA1 3c0ba3c4bff3f594d9d99cf2f2d39466ac5343c3
SHA256 b5c2ba9f1215694d3bbbec6137aad3b52a7e50521d91effa87cc8285737f7a55
SHA512 c888acb229417ad2e7d352a4fbdd700857e37c3a5ca064a1f5151f9e5826df3481616e000c0cef1343d8e5be9c1073852c33e098d3c793eae5de8854b590f3ad

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF.DcRat

MD5 db15a5b2dbd0daf60fe5c4bba47a8d07
SHA1 1c1dbca4e4816e9c96568520d90a91305e2ea4eb
SHA256 ed2f4251fa1dd28e9010f4ea0fa0da46d3a8cf1f48ac1c5c85c14d2493bf6611
SHA512 13bb00a5e389f7a5a533f7fd8be2f3ed5dc6d2b7df6472dfb98d94b8f9518bb4c326f9693f2cb59ef834dfce0f02d7d44fbc463ce9edc54c4d092f6b5706c53a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 97ca899cc2f1ccb8d589dcd4db41b190
SHA1 efe1b8685d621b1d0617d3f2f2a4e08eb1cf7ced
SHA256 59316f3d8cedeed76c619b4491976cbcbd6b806d419607b8bc47b5e82822b423
SHA512 dd868d8edfe8b0bbfa4db8c65cd76eb613f2cb1c1efa0fbcdd37d63ecf628dad0c18e0416b7a73f3bd0f70fc0cf63fab2e7bf9c3cf3174bf44f8b41ba06f1982

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 e445301949d610df986cd551a0b2c1b9
SHA1 25108b59f7d34f2ae2a7c61dc8a9f3f375261e51
SHA256 aee4a4be1bff0c4bc79aef897e12c6897db061841c1b17acd56e1a08f071a1d8
SHA512 53033f6da7adc2e22fd85399d24117b4bc2cc8323aebad7c5fb6db93fa97f3196a9a7b7dd426cf5b1071b41decb0e71a3867f301bc343a347d05847c5e046003

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 702bea4f41df1df04a4a99d46310ef09
SHA1 0e577faea27cd4d64d4cf42b8fe95710bebc9b7f
SHA256 8867726e6c8d842b063bb67b01d61f1ec4bf79244d810221ffa55349ced57ded
SHA512 cc92681dd9950ef68617f1651cf3709a465bde49240085268fc1b09c2cc37997341f5fba6ce6c51775e56d56365d1b5bb6a9487a6aaddf683e48806c3ffeabee

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 c7670b194e04118ff742d23b5599805d
SHA1 b5e472a2967c29b1076fac3cb5aaa4665f312013
SHA256 1d3449fa249215ca7b430569efb8a572a0d1f24fa1b4832dad15f60da7727272
SHA512 d15015658d74ef74eb23249f13356e05a5cfdd0dbc521ab2e364a2f8f564457c503cce2efabb8266cc46445994c552cad0a98733acfd0ef776875b7061c83120

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 06805a48f375323f4a04a589598eadad
SHA1 d6eee310611091c9e1e9ed6c126a85e124874f23
SHA256 b77e85cc786a7e5653ce4a108b26697ca3957641c28e09ec42214cb61b8491bf
SHA512 f12647f133e886e958900dd1cad9e612f19553b4174dc1c8e3dad03358c951cf5c5ab5bf9b147ac2025cace48fd5b9adeb2b59c6028372bf3ef0daf82488b352

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 36de9c8402ce17479e95a3bccfe1f9e6
SHA1 75b2f15dc8f950b25d5ea0250782fd67199e5344
SHA256 72c32f98d4230030663767c174e7fb6d5a4ed5aeb9556ece41eeb4566f635f94
SHA512 9fbc18de910b693f9748d615d6a177de291c6ffb86c144eda2928eba1e28891e8b8c55a7373e18a28f01989633fbada26492585cbe2f4d316cc8e639c1f7dc18

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 96ccdc4f3ab8bff1a14dd351db713a66
SHA1 d70282a1e553fb2be0a7f45c29e85f3c0e0286bf
SHA256 09a37230c7e903fdd298ebef30d9e53ce1ad1ed88d7abffed87f37a58ef8da31
SHA512 d2f4d9d7aa39e9883679b1056bd32bdd1267801826fc313bcbf68eb5e111c3bcdabc71c8df0ec043b83693d7e25bc59ccbe0ca00ce02605770f97d5a2af90372

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 b30b0f6ec2cc20603801b19dea2dee20
SHA1 c97fac8525a1f113d2f23542401b5c4267785c6f
SHA256 f3875e4c670c8a64bf6a7c6b396286493da77186b9112f68291078c181b4a519
SHA512 3ebf31dc5a9c5cb555cc791d234ce9455330ecc1ab95f820be2786553c1c2e10c0654f383e1496216f69d4404efae297d866828a03a6c577ec2b87f58b3488fd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 27cd5d93dbaefc559ea264b9c4493a3a
SHA1 31324a5b0e1ccbf5444d8f19933514f2c41d78f0
SHA256 c317b81d204d9ab0f546683479d7cde838490fda15f2d13db762eeeda4ce2d0a
SHA512 a175453cae5d8ee7b027b3c65270f67a88c731f9c0725e4ef5d8eaa3c1c931add3a7a4921d45dafaee8ecc8bd5b0097fff0a4003635b0b91812f256ef8e748d1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 0bf54bc46517dfba97e7530e6cea14c1
SHA1 c3f623f4018ac9455a3f6eb9837b33d7995293ea
SHA256 29d7f1cadcc8333e3082e5122778d2f64db6dacb6f6c72b043d4344847961354
SHA512 13dd5ee4bbd60e29ee16dc324b3993ed977d6cefac7a61d7412d52efb67b20ca27daa0221f591bd831ad80a1b4fc0d229f426c95f73f7111dd9acb539071c678

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 5a8c8663cb24e8c3f1783b55efa7dfbe
SHA1 eada791d3e9ba1d308a9fd4f2bba25d445c340d8
SHA256 f308b1cfb9b3a0f1200f59f5af61814a1431d4d565f9331bed80db62f2df3f94
SHA512 a495b7a1e4c7e3228e65ed8bfd8546f6349de6fda817c77b036640f4c17edf667a7317164c5514b48d458f10c03db22d0859c9641a161513ff0acb337bb312f1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 678eb3b8c573b8a3740f9c1880367dff
SHA1 b55864dfe5b943eee5f3ae41c0e4e99819442d7f
SHA256 5a9fa4a7965c6ad80f06ec591ec95bc7fab31b382bbafeaafa876c9224ceae67
SHA512 5bc1f4f633f641457765361faaa4f5bb56a1bd53b202978789435f45de9d23e0d9cd85dcc02eb972b3f33418e22d118a07757983f90adcd80f01e13d29b235df

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 4d2256cf4f109a08a7098a9c2051e4fa
SHA1 583392407494af0d777f8fd1d3e2c9e1bb596f30
SHA256 e9bc0917e7b77b95e660aac76075a1fabba79aa0c1c026c9566cbd50382589e1
SHA512 a4f0aecc88d5d07cb9a972f361c39b76009face4f16e4e66a6ccbd0dc42d3ac27dfe11a5d6dafe397e1afc3b33921f14252873da24a683f9b6f374b1982f06da

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 33b2a1cdafb1fc0cd9f9ac647ea2cf1c
SHA1 c6823854f11c020776b0ceb1ad64f5297df7d255
SHA256 1cb5c84300195113a614937549ca20773856594a263be26a54409298f1cb6d51
SHA512 f8041ab1b6d53f84b1ce5325934debcaa890f06ab768c172cf7eb684e6ca9c15fa6196b63f956648bdbc14413710fe5409e45a90a8e8a180bf969cae369fcf6d

C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\InfoPathOMFormServices\InfoPathOMFormServicesV12\Microsoft.Office.InfoPath.xml

MD5 dfbaa66b9574335f0d1ae01b88f7d0ec
SHA1 74d4b80a282029401324b748b69cce8b2e9960ae
SHA256 3557aae5445d50fb68aef86eae87871b5e61b1ac37f9623f8ac940c8d1f3af1e
SHA512 efba882dcd92f832b6b9c1517cb28de47dfd1b32be893e1b1d4675e4965f137cad0ad04f3650882aa1990a06f38a7b7c85cbd04b991ecb42c7a77cd96e62c26f

C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\TALK21.COM.XML

MD5 2de66a29c77c69600b513ef2cb38d6aa
SHA1 e63d540ffaa9c1b2b7f16996789db250aeb96b18
SHA256 be6aa85963e796bc1bca3eaf3eff9af7b5590107597d49166f2c3ef2db812192
SHA512 37593b95dd65b7566c73ed784699e7edd2d0ae0d25c906466f97a70a7443b60e75fda3b74c49570e0b4a28f8a98da2cc0bf83bc86a8d2dd107e6c406c6168771

C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.COM.XML

MD5 09d3054ed8e30d45df5349bbcda52353
SHA1 d7af41f46f45a9ce480c5110c948ff6e6ab0620f
SHA256 bb3f97009f17ab516c1f0ec662aa6dfbcab9d4f58e3108d3c2a9b96315986184
SHA512 8abc8e93dd9d660d33d1e37932d33aff8257def5f2049dfb04c38a38cd79d6b902616b5c51027e619ef1fd085e411543374ed99f404de907931026c52b8639b1

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0002.001

MD5 0c811492b7fa704a7ade6af0739a8140
SHA1 183ae10abc371e8892c3a62b6e2f424a2af1caf1
SHA256 594057a3ea86cac81e199eb9427bf64c8a7ee0bba9226663166008d540c41a5a
SHA512 2369e28809e408c24b8c8a3300887f7000e3b98fb82698e4505b636833f63cc2d4559818e00f1c523dc7b06a4fc51c5667bd0c3e97afc658dae38646456a3193

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\CURRENT

MD5 5b3423960888a11b0b912c5de1edbe55
SHA1 ef3ce3830a8aaee2f35eac80bf863bd2f45d1bb5
SHA256 9e2bbc56db49ab9f6680138c8dc6cf9875b8859314f8f5d75ec4f9a2fee38634
SHA512 d0195b82891d5a0173aa76003a360367b0d0f25e2ba0462086f602074ff526f846b6a30afc93661becd5507d2738730faccf335f2f5c472234205976f9b513f9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

MD5 c9cd0b6ffbc2ccc0c9195cdbce49ee81
SHA1 bf556507bbc6092e148f1b3166fa9d9f758ba4ce
SHA256 fc414bedfb9fec532f1124144c11bd49c0185826c300dab2fc1c1c28d1410cba
SHA512 4c04968671a8d914a52107878e43a10646f715a8325fb8af971dc63ce3f7cb1521827fe6ff469af654e7d5cc7e17bdb418745297bf9d1b16832df4d800fefab7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

MD5 e5161394f7190cc0dc3558bd1cacb5e0
SHA1 9e706dfe6ada44eb866c8932fd735472cd0b398d
SHA256 9a09afe937c037761a6795899b8628e22928f8c97e972440ba31e3be5ac1527a
SHA512 8999c1da33a95ce27c969cb5bc4c462d60c67519e17ab06537d899c54eda8f0c8e5c39e56362213348a127e5bbd8c17f8d3912be9732809ac73624af3fa8d50d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_2

MD5 c4a918612023b5b95207e42e706e7fd3
SHA1 fbe637c4681c68bad1bf53b4d35a9f66762f0f55
SHA256 d882548b6eeb04eaed703d234dcb6c6dbe80648902102826c0a001a492d9c833
SHA512 ab4801599e3feb5c028a9a7e33f2c8e654014ed86c02174692dedbe0b2e776fcc967ff0b776eadf1e87ee9f5faacda5f9323fc6d795667dffa864dcc57cc5800

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

MD5 65e4383f9f9dc0d3946476bc7fc8913c
SHA1 7cba6c9f2f4ecab3c4c5195333478a55950a2ec5
SHA256 847fd042136a02f31ce2ed47246ba4adc03631e074d420d129cf3d749e8e5656
SHA512 6baa88641bb38113b2cf4a9779824a920604ecf4e7f79f98c624c523538b48f46b990b7930875e6a609d0af8a9ce3ca327d9aeba04cb733c362a0d1595d57266

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\A472CB60B2DA008D38E2B5911FF39B91F8E24F7A

MD5 2ef550f799f1a0bebf08f5d788aa8a3e
SHA1 9cc825a94ee09da2c18e4e5c8fbc8563502f7089
SHA256 2710fc788d3316fc86e4a23b47a7ccb7d742622c9f91d8efcca92ac929edbdf5
SHA512 ead50ee9649ea8a6a7e0e0bca87f26ffacc04c51d096505005ecc324e4ca5d4a9f5431b3442ec82bce46b076483145a82c024cba3cc6c0ae091f54820fcc183e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\E7ACAF0FBDD178A88C6DA8636DB31506434F3546

MD5 dc56c6d27ebbdf93c21a2c4134cab83a
SHA1 3cd401df4c113caf2c6d5b909de3ecf4c8cf243d
SHA256 a58298cbf9f4fa71730f55a913e17b0885b115acf0a519b7574e6048b2061365
SHA512 efe12b487d89fb1d99985192b0ef61c9fbc673a1f6114ac17ec116d13691550e663ab4b039c52480bda7fcc37b1917e2db913e6f39f1f50ab9f968f99f6f93a3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\jumpListCache\RHwdgZUyRw9CdIO1wq0ypg==.ico

MD5 fad998a19c9814eb71498e7655990833
SHA1 b53cd20c5c626f767f27200650b144a55137fbea
SHA256 aaebf3142dee8714905d2dcf104bd6026a9d883e102deb63cbbe970fea86a9d6
SHA512 ad1eafe2696e4f8f285fd0230afb6d837b4c9f3924e08d289ffa5206afc25fe6ab735a011e9c935f6e20e889bd2154d0c988a4d49f786c49c8c61ee2fe8c161a

C:\Users\Admin\AppData\Local\Temp\Microsoft .NET Framework 4.7.2 Setup_20240708_130625828.html

MD5 7ea2e9bba55f91df8092c6a4afbef454
SHA1 800c50566233213b24c0c0dd91f53aac8ccd0a6c
SHA256 9a277b3b30863c87ede983cb961f606de8c028a92c1a8d4de5a3584d986e40e3
SHA512 f1842f5108c0c1e042d6f415693d2f5f1072fe56ff0135bcbb853fa69bc53a4ded47f9a91a86c8851aae08849c51c6b3fbed34b95bc3cbcca1f664409f41cf06