General Info

File name

NanoCore 1.2.2.0.zip

Full analysis
https://app.any.run/tasks/dcc31dce-2005-4c19-90ad-48fcf484f1bc
Verdict
Malicious activity
Analysis date
12/6/2018, 07:54:56
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
application/zip
File info:
Zip archive data, at least v1.0 to extract
MD5

5d5f5be6cd646e13f2396c898faa9bce

SHA1

f89558fbb24d21030b25c1dc693ef61cb41f0d43

SHA256

cd9b3888cb65067d32581e84ca37f0cc205e4414dee66ef9f6d10a15933d72cf

SSDEEP

196608:QKXT4Mv59c0eUeCjAWkzT3nYLekAyzyu9:zTt80nzI06kAyzyw

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • PluginCompiler.exe (PID: 2312)
  • NanoCore.exe (PID: 2196)
Loads dropped or rewritten executable
  • NanoCore.exe (PID: 2196)
  • SearchProtocolHost.exe (PID: 1596)
Creates files in the user directory
  • NanoCore.exe (PID: 2196)
Reads Internet Cache Settings
  • NanoCore.exe (PID: 2196)
Executable content was dropped or overwritten
  • WinRAR.exe (PID: 3104)
Creates files in the user directory
  • WINWORD.EXE (PID: 4024)
  • opera.exe (PID: 2996)
Reads Microsoft Office registry keys
  • WINWORD.EXE (PID: 4024)
Application launched itself
  • chrome.exe (PID: 3496)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.zip
|   ZIP compressed archive (100%)
EXIF
ZIP
ZipRequiredVersion:
10
ZipBitFlag:
null
ZipCompression:
None
ZipModifyDate:
2018:11:17 21:20:26
ZipCRC:
0x00000000
ZipCompressedSize:
null
ZipUncompressedSize:
null
ZipFileName:
NanoCore 1.2.2.0/

Screenshots

Processes

Total processes
58
Monitored processes
17
Malicious processes
2
Suspicious processes
0

Behavior graph

+
start winrar.exe nanocore.exe searchprotocolhost.exe no specs plugincompiler.exe opera.exe chrome.exe chrome.exe no specs chrome.exe no specs wmplayer.exe no specs chrome.exe no specs setup_wm.exe no specs chrome.exe no specs chrome.exe no specs winword.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
1596
CMD
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
Path
C:\Windows\System32\SearchProtocolHost.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Microsoft Windows Search Protocol Host
Version
7.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\tquery.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msshooks.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\msidle.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\mssph.dll
c:\windows\system32\mapi32.dll
c:\windows\system32\authz.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shell32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\propsys.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\windows\system32\msxml3r.dll
c:\windows\system32\version.dll
c:\users\admin\desktop\nanocore 1.2.2.0\x86\sqlite.interop.dll
c:\users\admin\desktop\nanocore 1.2.2.0\plugincompiler.exe
c:\users\admin\desktop\nanocore 1.2.2.0\nanocore.exe
c:\windows\system32\notepad.exe

PID
3104
CMD
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\NanoCore 1.2.2.0.zip"
Path
C:\Program Files\WinRAR\WinRAR.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Alexander Roshal
Description
WinRAR archiver
Version
5.60.0
Modules
Image
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\uxtheme.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\riched20.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\winmm.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\wmasf.dll
c:\windows\system32\ehstorapi.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll

PID
2196
CMD
"C:\Users\admin\Desktop\NanoCore 1.2.2.0\NanoCore.exe"
Path
C:\Users\admin\Desktop\NanoCore 1.2.2.0\NanoCore.exe
Indicators
Parent process
––
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
NanoCore
Version
1.2.2.0
Modules
Image
c:\users\admin\desktop\nanocore 1.2.2.0\nanocore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\9e0a3b9b9f457233a335d7fba8f95419\system.ni.dll
c:\windows\system32\psapi.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.visualbas#\08d608378aa405adc844f3cf36974b8c\microsoft.visualbasic.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.drawing\dbfe8642a8ed7b2b103ad28e0c96418a\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.windows.forms\3afcd5168c7a6cb02eab99d7fd71e102\system.windows.forms.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.runtime.remo#\5cae93d923c8378370758489e5535820\system.runtime.remoting.ni.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.configuration\bc09ad2d49d8535371845cd7532f9271\system.configuration.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.xml\461d3b6b3f43e6fbe6c897d5936e17e4\system.xml.ni.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\uxtheme.dll
c:\windows\assembly\gac_msil\system.windows.forms\2.0.0.0__b77a5c561934e089\system.windows.forms.dll
c:\users\admin\desktop\nanocore 1.2.2.0\serverplugin.dll
c:\windows\system32\bcrypt.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\windowscodecs.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\riched20.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\microsoft.net\framework\v2.0.50727\culture.dll
c:\users\admin\desktop\nanocore 1.2.2.0\system.data.sqlite.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.data\1e85062785e286cd9eae9c26d2c61f73\system.data.ni.dll
c:\windows\assembly\gac_32\system.data\2.0.0.0__b77a5c561934e089\system.data.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.transactions\ad18f93fc713db2c4b29b25116c13bd8\system.transactions.ni.dll
c:\windows\assembly\gac_32\system.transactions\2.0.0.0__b77a5c561934e089\system.transactions.dll
c:\users\admin\desktop\nanocore 1.2.2.0\x86\sqlite.interop.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.enterprisese#\887ef2648686aad19feff405eddbffd2\system.enterpriseservices.ni.dll
c:\windows\microsoft.net\framework\v2.0.50727\diasymreader.dll
c:\users\admin\desktop\nanocore 1.2.2.0\clientplugin.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll

PID
2312
CMD
"C:\Users\admin\Desktop\NanoCore 1.2.2.0\PluginCompiler.exe"
Path
C:\Users\admin\Desktop\NanoCore 1.2.2.0\PluginCompiler.exe
Indicators
Parent process
––
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
1.2.0.0
Modules
Image
c:\users\admin\desktop\nanocore 1.2.2.0\plugincompiler.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
c:\windows\system32\cryptbase.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\9e0a3b9b9f457233a335d7fba8f95419\system.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.visualbas#\08d608378aa405adc844f3cf36974b8c\microsoft.visualbasic.ni.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.drawing\dbfe8642a8ed7b2b103ad28e0c96418a\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.windows.forms\3afcd5168c7a6cb02eab99d7fd71e102\system.windows.forms.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.runtime.remo#\5cae93d923c8378370758489e5535820\system.runtime.remoting.ni.dll
c:\windows\system32\uxtheme.dll
c:\windows\assembly\gac_msil\system.windows.forms\2.0.0.0__b77a5c561934e089\system.windows.forms.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\microsoft.net\framework\v2.0.50727\culture.dll
c:\windows\system32\windowscodecs.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll

PID
2996
CMD
"C:\Program Files\Opera\opera.exe"
Path
C:\Program Files\Opera\opera.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Opera Software
Description
Opera Internet Browser
Version
1748
Modules
Image
c:\program files\opera\opera.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\program files\opera\opera.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\version.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\profapi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\devenum.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\avicap32.dll
c:\windows\system32\msvfw32.dll
c:\windows\system32\quartz.dll
c:\program files\adobe\acrobat reader dc\reader\browser\nppdf32.dll
c:\windows\system32\macromed\flash\npswf32_26_0_0_131.dll
c:\program files\java\jre1.8.0_92\bin\dtplugin\npdeployjava1.dll
c:\program files\java\jre1.8.0_92\bin\plugin2\npjp2.dll
c:\progra~1\micros~1\office14\npauthz.dll
c:\progra~1\micros~1\office14\npspwrap.dll
c:\program files\google\update\1.3.33.17\npgoogleupdate3.dll
c:\program files\videolan\vlc\npvlc.dll
c:\program files\adobe\acrobat reader dc\reader\air\nppdf32.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\userenv.dll

PID
3496
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe"
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
3221225547
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\hid.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\credui.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winusb.dll
c:\windows\system32\msi.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\mscms.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\audioses.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wpc.dll
c:\windows\system32\samlib.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\winsta.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\imagehlp.dll

PID
2204
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=68.0.3440.106 --initial-client-data=0x78,0x7c,0x80,0x74,0x84,0x6bac00b0,0x6bac00c0,0x6bac00cc
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\msctf.dll
c:\windows\system32\imm32.dll
c:\windows\system32\cryptbase.dll

PID
2180
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=3308 --on-initialized-event-handle=304 --parent-handle=308 /prefetch:6
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_watcher.dll

PID
2612
CMD
"C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:1
Path
C:\Program Files\Windows Media Player\wmplayer.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Media Player
Version
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\windows media player\wmplayer.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\nsi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\propsys.dll
c:\windows\system32\oleaut32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll
c:\program files\windows media player\setup_wm.exe

PID
360
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=892,11979275594380805880,3727513952695735873,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=7CF0F13B866206B3C8B92897851EE9AF --mojo-platform-channel-handle=912 --ignored=" --type=renderer " /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\program files\google\chrome\application\68.0.3440.106\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\68.0.3440.106\swiftshader\libegl.dll

PID
288
CMD
"C:\Program Files\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:1
Path
C:\Program Files\Windows Media Player\setup_wm.exe
Indicators
No indicators
Parent process
wmplayer.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft Windows Media Configuration Utility
Version
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\windows media player\setup_wm.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\atl.dll
c:\windows\system32\pdh.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\version.dll
c:\windows\system32\mpr.dll
c:\windows\system32\mf.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\wmploc.dll
c:\windows\system32\propsys.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\quartz.dll
c:\windows\system32\winmm.dll
c:\windows\system32\devenum.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\npmproxy.dll
c:\windows\system32\wmp.dll
c:\windows\system32\dwmapi.dll

PID
1316
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=892,11979275594380805880,3727513952695735873,131072 --enable-features=PasswordImport --service-pipe-token=2A4E5A10AA6D4B557DA90545CD92CA99 --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=2A4E5A10AA6D4B557DA90545CD92CA99 --renderer-client-id=5 --mojo-platform-channel-handle=1900 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2136
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=892,11979275594380805880,3727513952695735873,131072 --enable-features=PasswordImport --service-pipe-token=7330E48CAFC457C7D870E76A8E904DEE --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=7330E48CAFC457C7D870E76A8E904DEE --renderer-client-id=3 --mojo-platform-channel-handle=2060 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
4024
CMD
"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\Desktop\sectionfunctions.rtf"
Path
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft Word
Version
14.0.6024.1000
Modules
Image
c:\program files\microsoft office\office14\winword.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\microsoft office\office14\wwlib.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\program files\microsoft office\office14\gfx.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\msimg32.dll
c:\program files\microsoft office\office14\oart.dll
c:\program files\common files\microsoft shared\office14\mso.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\program files\common files\microsoft shared\office14\cultures\office.odf
c:\program files\microsoft office\office14\1033\wwintl.dll
c:\program files\common files\microsoft shared\office14\1033\msointl.dll
c:\program files\common files\microsoft shared\office14\msores.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dwmapi.dll
c:\program files\common files\microsoft shared\office14\msptls.dll
c:\windows\system32\uxtheme.dll
c:\program files\common files\microsoft shared\office14\riched20.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppc.dll
c:\windows\system32\winspool.drv
c:\windows\system32\shell32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\msxml6.dll
c:\windows\system32\profapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\spool\drivers\w32x86\3\unidrvui.dll
c:\windows\system32\spool\drivers\w32x86\3\sendtoonenoteui.dll
c:\windows\system32\spool\drivers\w32x86\3\mxdwdrv.dll
c:\windows\system32\fontsub.dll
c:\windows\system32\prntvpt.dll
c:\program files\common files\microsoft shared\office14\usp10.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\program files\microsoft office\office14\gkword.dll
c:\windows\system32\oleacc.dll
c:\program files\common files\system\ado\msadox.dll
c:\windows\system32\netutils.dll

PID
2656
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=892,11979275594380805880,3727513952695735873,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=FE157C255EAEF2121A53ACA83E96449B --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=FE157C255EAEF2121A53ACA83E96449B --renderer-client-id=6 --mojo-platform-channel-handle=3556 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2416
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=892,11979275594380805880,3727513952695735873,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=ADAE4F6DAAAA8F337915C26E1B6ED505 --mojo-platform-channel-handle=3740 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2320
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=892,11979275594380805880,3727513952695735873,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=EEFA3BCDBBC2B717DBAACE5228B90F84 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=EEFA3BCDBBC2B717DBAACE5228B90F84 --renderer-client-id=8 --mojo-platform-channel-handle=3900 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
68.0.3440.106
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\68.0.3440.106\chrome_child.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

Registry activity

Total events
1840
Read events
1614
Write events
221
Delete events
5

Modification events

PID
Process
Operation
Key
Name
Value
1596
SearchProtocolHost.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
1596
SearchProtocolHost.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\5F\52C64B7E
@C:\Windows\System32\msxml3r.dll,-1
XML Document
1596
SearchProtocolHost.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\5F\52C64B7E
@C:\Windows\system32\notepad.exe,-469
Text Document
3104
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtBMP
3104
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtIcon
3104
WinRAR.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3104
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
0
C:\Users\admin\AppData\Local\Temp\NanoCore 1.2.2.0.zip
3104
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
name
120
3104
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
size
80
3104
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
type
120
3104
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
mtime
100
3104
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin
Placement
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF42000000420000000204000037020000
3104
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General
LastFolder
C:\Users\admin\AppData\Local\Temp
3104
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
name
120
3104
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
size
80
3104
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
psize
80
3104
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
type
120
3104
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
mtime
100
3104
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
crc
70
3104
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General\Toolbar\Layout
Band56_0
38000000730100000402000000000000D4D0C800000000000000000000000000300101000000000039000000B40200000000000001000000
3104
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General\Toolbar\Layout
Band56_1
38000000730100000500000000000000D4D0C8000000000000000000000000003201010000000000160000002A0000000000000002000000
3104
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General\Toolbar\Layout
Band56_2
38000000730100000400000000000000D4D0C800000000000000000000000000160102000000000016000000640000000000000003000000
2196
NanoCore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\NanoCore_RASAPI32
EnableFileTracing
0
2196
NanoCore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\NanoCore_RASAPI32
EnableConsoleTracing
0
2196
NanoCore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\NanoCore_RASAPI32
FileTracingMask
4294901760
2196
NanoCore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\NanoCore_RASAPI32
ConsoleTracingMask
4294901760
2196
NanoCore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\NanoCore_RASAPI32
MaxFileSize
1048576
2196
NanoCore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\NanoCore_RASAPI32
FileDirectory
%windir%\tracing
2196
NanoCore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\NanoCore_RASMANCS
EnableFileTracing
0
2196
NanoCore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\NanoCore_RASMANCS
EnableConsoleTracing
0
2196
NanoCore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\NanoCore_RASMANCS
FileTracingMask
4294901760
2196
NanoCore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\NanoCore_RASMANCS
ConsoleTracingMask
4294901760
2196
NanoCore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\NanoCore_RASMANCS
MaxFileSize
1048576
2196
NanoCore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\NanoCore_RASMANCS
FileDirectory
%windir%\tracing
2996
opera.exe
write
HKEY_CURRENT_USER\Software\Opera Software
Last CommandLine v2
C:\Program Files\Opera\opera.exe
2996
opera.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3496
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
3496
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
failed_count
0
3496
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
2
3496
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
1
3496
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
1
3496
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome
UsageStatsInSample
0
3496
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
usagestats
0
3496
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid
3496
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_installdate
0
3496
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_enableddate
0
3496
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
aggregate
sum()
3496
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
S-1-5-21-1302019708-1500728564-335382590-1000
1
3496
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
aggregate
sum()
3496
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
S-1-5-21-1302019708-1500728564-335382590-1000
0
3496
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
0
3496
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
13188553040172023
3496
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3496
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
1
2180
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
3496-13188553038687648
259
2180
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
3496-13188553038687648
0
2612
wmplayer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2612
wmplayer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
288
setup_wm.exe
write
HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Setup\UserOptions
DesktopShortcut
no
4024
WINWORD.EXE
delete key
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
4024
WINWORD.EXE
delete key
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\159FE4
4024
WINWORD.EXE
delete key
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery
4024
WINWORD.EXE
delete key
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency
4024
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
b>?
623E3F00B80F0000010000000000000000000000
4024
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
Off
4024
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages
1033
On
4024
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
WORDFiles
1300627480
4024
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
ProductFiles
1300627600
4024
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
ProductFiles
1300627601
4024
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word
MTTT
B80F00007F18BFEE308DD40100000000
4024
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
"!?
22213F00B80F000004000000000000008C00000001000000840000003E0043003A005C00550073006500720073005C00610064006D0069006E005C0041007000700044006100740061005C0052006F0061006D0069006E0067005C004D006900630072006F0073006F00660074005C00540065006D0070006C0061007400650073005C004E006F0072006D0061006C002E0064006F0074006D00000000000000
4024
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
4024
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
4024
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
:"?
3A223F00B80F000006000000010000006800000002000000580000000400000063003A005C00750073006500720073005C00610064006D0069006E005C006400650073006B0074006F0070005C00730065006300740069006F006E00660075006E006300740069006F006E0073002E00720074006600000000000000
4024
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\ReviewCycle
ReviewToken
{080ABB6D-20D9-4BF7-BA0E-BE4C65112142}
4024
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Place MRU
Max Display
25
4024
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Place MRU
Item 1
[F00000000][T01D48D30F02992B0][O00000000]*C:\Users\admin\Desktop\
4024
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\File MRU
Max Display
25
4024
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\File MRU
Item 1
[F00000000][T01D48D30F02ACB30][O00000000]*C:\Users\admin\Desktop\sectionfunctions.rtf
4024
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\DocumentRecovery\159FE4
159FE4
04000000B80F00002B00000043003A005C00550073006500720073005C00610064006D0069006E005C004400650073006B0074006F0070005C00730065006300740069006F006E00660075006E006300740069006F006E0073002E0072007400660014000000730065006300740069006F006E00660075006E006300740069006F006E0073002E00720074006600000000000100000000000000807932188F52D301E49F1500E49F150000000000DB040000000000000000000000000000000000000000000000000000FFFFFFFF0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF
4024
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Licensing
019C826E445A4649A5B00BF08FCC4EEE
01000000270000007B39303134303030302D303033442D303030302D303030302D3030303030303046463143457D005A0000004F00660066006900630065002000310034002C0020004F0066006600690063006500500072006F00660065007300730069006F006E0061006C002D00520065007400610069006C002000650064006900740069006F006E000000
4024
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Toolbars\Settings
Microsoft Word
0101000000000000000006000000
4024
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Data
Settings
C00010033001000034010000040000001E0000001E0000001E0000001E0000001E0000001E000000220000001E0000001E0000001E000000060000000600000006000000060000000600000000000000060000000600000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000C00000002000000020000000200000002000000000000000000000000000000480000000600000006000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000DC000000E25024A1100A00633090060007000A002D001600000016000000C0030000F501000004060300000000000000000000000000040087010C000600C80009000180FFFF000006000000040000000C0100000502000000000000A004020000001200000000603090000064000000000000FF0000FF000000000000FF01000000010000005C08E0100000000000010000E40400001D000100000000000000020050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000D000000000000000000000000D4944600D49446010000002F91010000080A000600000003333296040000000A050C0C0302040600000300000101010606060000000000000000000000000000000000000063631900000001000000000000000000000000000000030000002000640000006363190000008C0A00000000E01000004B0000004B0000002000640000006363190000008C0A00000000E01000004B0000004B0000002100190000006363190000008C0A00000000E01000004B0000004B0000002000640000006363190000008C0A00000000E01000004B0000004B0000002000640000006301190000008C0A00000000E01000004B0000004B0000002000640000006301190000008C0A00000000B01300004B0000004B000000640000002000640000006363190000008C0A00000000E01000004B0000004B0000002000640000006363190000008C0A00000000E01000004B0000004B0000002000640000006363190000008C0A00000000E01000004B0000004B0000009002000002000001010101010101000101010101010001010100010001000101010101010101000100020003010301030103000301020003010301030103010000230101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101020101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010301010101010101010101010101FFFFCFFFFFFF00008602FFFF00008602FFFF00000C00FFFF00000100FFFF00000100FFFF0000010061000000610064006D0069006E000000000000000000000087FFFF0300003E00020200000600090034000000000090009000000000000F000000FFFFFF000000000000001400140000000000000002637800C80000000000140000000000900090008000FFFF00000800FFFF00000800FFFF0B00040001002000018014000B0043006F007500720069006500720020004E0065007700018014000B0043006F007500720069006500720020004E0065007700018014000B0043006F007500720069006500720020004E00650077000180140001002000018014000B0043006F007500720069006500720020004E00650077000180140009004D005300200047006F0074006800690063000180150007004D0069006E0067004C0069005500018018000600530069006D00530075006E0001801500050044006F00740075006D00018014000100200001801C0000000000
4024
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Options
BackgroundOpen
0
4024
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
ProductFiles
1300627602
4024
WINWORD.EXE
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D30000000000000000F01FEC\Usage
ProductFiles
1300627603
4024
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word
MTTF
85
4024
WINWORD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word
MTTA
85

Files activity

Executable files
8
Suspicious files
112
Text files
421
Unknown types
42

Dropped files

PID
Process
Filename
Type
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\ClientPlugin.dll
executable
MD5: bdc8945f1d799c845408522e372d1dbd
SHA256: 61e9d5c0727665e9ef3f328141397be47c65ed11ab621c644b5bbf1d67138403
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\x64\SQLite.Interop.dll
executable
MD5: 382398711315e2fa8e93d305b4873908
SHA256: 270d61d183cff3dafad0db3dbe7942374552044baea1e28411c3a143cb620c02
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\ServerPlugin.dll
executable
MD5: 952c62ec830c63380beb72ad923d35dc
SHA256: 2e5fbfb7932b117a2f6093dc346cdee4a5702e39739d9c40d27bfd1580f6f0d7
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\System.Data.SQLite.dll
executable
MD5: dd3d6f00b1aba3f1d9338d9727ab5f17
SHA256: f0d4beab24e94e61f219df451d90dbba3d0f48539f9b6a448f91e0c94b4e80c4
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\NanoCore.exe
executable
MD5: 1728acc244115cbafd3b810277d2e321
SHA256: ec359f50ca15395f273899c0ff7c0cd87ab5c2e23fdcfc6c72fedc0097161d4b
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\PluginCompiler.exe
executable
MD5: e2d1c5df11f9573f6c5d0a7ad1a79fbf
SHA256: 0b41b2fcd0f1a4e913d3efe293f713849d59efebb27bac060ab31bed51ac2f6b
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\client.bin
executable
MD5: 906a949e34472f99ba683eff21907231
SHA256: 9d3ea5af7dc261bf93c76f55d702a315aa22fb241e4207dc86cd834c262245c8
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\x86\SQLite.Interop.dll
executable
MD5: 9b19dcee960dc215e64b1d82348707a9
SHA256: 3515f704b0012c01fc8be5b717905c0587b29255fc9eb7ad3f2b66a130691d38
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State~RF15b6e6.TMP
text
MD5: c812e42ef969c13d71a4204222d7050e
SHA256: 9cb7ef855d35dc2759e79b3b690cd6f95342b166e5d13c66f6529ea59bf410d5
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: f2377264559bd50594d6d30d79b40b33
SHA256: 7e2bdb4f00981231ed88dfc12ff15360f24924a89facd03d8a257886676cd750
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
binary
MD5: d932a31a0fb91833edb0325c6b434b34
SHA256: 8049465356163740d6e4c0bb56b9dcaa90149631646fa6bb56d01de223bd1f8e
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF15b6e6.TMP
text
MD5: f2377264559bd50594d6d30d79b40b33
SHA256: 7e2bdb4f00981231ed88dfc12ff15360f24924a89facd03d8a257886676cd750
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF15b6e6.TMP
text
MD5: a98ca0486f9007812808e602d93d0c46
SHA256: 0dbe309b50bedecc943fe8db36c34b69f26aea7e964cdac76b0f1d1a1531e212
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\2c510743-55ad-4cfb-90b9-d061a39ba314.tmp
––
MD5:  ––
SHA256:  ––
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\3b2553e1-2cc4-49c5-b151-196253283cd4\index-dir\the-real-index
binary
MD5: 253d5ad688dbbe53df6813d113e3532c
SHA256: 392f456e18c0f5954906456f3a5d2e665a4a28134593c9258b5c8a6e809df683
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\fd830f47-8650-4175-b0c6-c10659166346.tmp
––
MD5:  ––
SHA256:  ––
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\2c788161-a5f4-4f06-937c-2b338debf212.tmp
––
MD5:  ––
SHA256:  ––
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\3b2553e1-2cc4-49c5-b151-196253283cd4\index-dir\the-real-index~RF15b6d6.TMP
binary
MD5: 253d5ad688dbbe53df6813d113e3532c
SHA256: 392f456e18c0f5954906456f3a5d2e665a4a28134593c9258b5c8a6e809df683
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
binary
MD5: 6f95f6966d006f4a32c0ea273f8d4c5f
SHA256: a34ba96d8a1320242d92d1b959c0808c568118dab4df7ec06b2190f574fc173c
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
binary
MD5: ed3d1c71e33729de7febf8fe5e6ec916
SHA256: 69c86a85adc870f4b414d529894f622580db21bbefb5e2c4da4ba14141c7b1fc
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF15b6c6.TMP
binary
MD5: 6f95f6966d006f4a32c0ea273f8d4c5f
SHA256: a34ba96d8a1320242d92d1b959c0808c568118dab4df7ec06b2190f574fc173c
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF15b6c6.TMP
text
MD5: 11eeb4e7a221ee8c1c8a9c88b0b97dc6
SHA256: 2a4baf9c6911c224253afb0da31641e442a1b4a0f3f24b1b69a375cd79ebed24
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\QuotaManager
sqlite
MD5: 763228cb6b3358367256236324d4e0f7
SHA256: 37db68a8d1ddfee76805fc79e7e1e838938720a50f31feabba66ff3f3c213225
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\QuotaManager-journal
––
MD5:  ––
SHA256:  ––
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3
––
MD5:  ––
SHA256:  ––
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2
binary
MD5: 071e89dba50517197f4bb02367160a32
SHA256: a891795fd17427800ed060150e43bd12ce4f20a901c9fb3db27ccda7d7270c32
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\3b2553e1-2cc4-49c5-b151-196253283cd4\index-dir\temp-index
––
MD5:  ––
SHA256:  ––
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1
binary
MD5: 8a721e18ec38f5a7255a03e9de42b267
SHA256: 388cc948d26699b3a0bbbed463b7f41a78ded83a19df6bb7f30e9587a3324c49
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
––
MD5:  ––
SHA256:  ––
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG
text
MD5: 8f88edb63c73c6718004f904a8bd02ba
SHA256: 1cddfc3ce971e1e1a22a6eb77925f6eedcb13af8283cc0a9a09433e14b555dd8
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0
binary
MD5: d0f880d3ff13d89679c1c2bd9ec9a37f
SHA256: b99a1e2f68481d4e5aebbc7947a870fb7d4532391bb1adc89bb5492c01a1016f
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 11eeb4e7a221ee8c1c8a9c88b0b97dc6
SHA256: 2a4baf9c6911c224253afb0da31641e442a1b4a0f3f24b1b69a375cd79ebed24
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000003.log
binary
MD5: aee7c615bedc871ea2f68c332cf02869
SHA256: 7bfb7900424e673f126fbd45722c6feec135cb3fe9bfdc7133631429550682f3
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
text
MD5: b8675e858d15aec39227eed2ffcaf579
SHA256: 849272d6bf7e38ddf0261f638143973f9b7105448263e763f3e8776563e381ab
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
binary
MD5: d6b2670422ef3635f6dc880fabf353f3
SHA256: d3dc4f59fc389abc3c4ba488768b94a7c9c3f24b207fcb99cbb7323e0465f334
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\72a1cec7-8dbb-4de6-8d51-e09e038cabb0.tmp
––
MD5:  ––
SHA256:  ––
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: a98ca0486f9007812808e602d93d0c46
SHA256: 0dbe309b50bedecc943fe8db36c34b69f26aea7e964cdac76b0f1d1a1531e212
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF15b6a7.TMP
text
MD5: a98ca0486f9007812808e602d93d0c46
SHA256: 0dbe309b50bedecc943fe8db36c34b69f26aea7e964cdac76b0f1d1a1531e212
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Last Tabs
binary
MD5: 9409bab446b7204c6235dfddd6066e89
SHA256: 68c1cb50ec24ac5a1dbdc7d9c845e94a1e9d60f312cf92a694f0791cd7ea105e
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
text
MD5: c14ff34b5cc14fb9bafdaa3a947039e2
SHA256: b1027e0b4807963e8625b79397a5cdb166b34023a531a50d4500f25eb841a3f8
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG
text
MD5: 39ed07a3114806b71ad4f1cf6076cabf
SHA256: 978a90e4964db24bf771e260b88203e87f7224be2bd4d1293ca4a84a9f9b6999
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG
text
MD5: 81bd380f686aa5757f50637f5576fff2
SHA256: fbf2769977a88e58d39996911dc1ce98942b5f0b0df1849104d0f4fe8f896edb
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
text
MD5: 01c6deaa87b0c783fb4850f1c11c36ec
SHA256: 0ddcdb97122978f4ed684e08eb6bcc12b5c34b85793c2858bf100bc2d3df0983
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG
text
MD5: ef8cdd0dc49f660bb21edec8d0ecc4f0
SHA256: 5623f7f38fc57380f8d6739c3508d989bbf9dd548478d7af112a26a30951ff7f
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000016
binary
MD5: cf286cb4fd0f3dcc234806e1b865987b
SHA256: 21dc23520bba7268b53957a39981c9a85d3658edc4f5455e98cac3378a440d76
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\MANIFEST-000016
binary
MD5: cf286cb4fd0f3dcc234806e1b865987b
SHA256: 21dc23520bba7268b53957a39981c9a85d3658edc4f5455e98cac3378a440d76
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Thumbnails\LOG
text
MD5: a9b4527e53217284c04f80757b7c2512
SHA256: d4a4b8a9fced8eac7222a1b2ae8edecc5336791e9877d5a4cb152c4a88877ffb
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\befef2c6-3aac-4003-9b41-3d421b0aa137.tmp
––
MD5:  ––
SHA256:  ––
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data
sqlite
MD5: cb4b32641962849effc0f50d385a0b64
SHA256: c12a64bdaf1a163a6eeb01ec08429a0fed5899805feb7d6de0417f447166f02f
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal
––
MD5:  ––
SHA256:  ––
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Favicons
sqlite
MD5: 6a9917f65d3c6034234d656ae322eb43
SHA256: 45163d81f3dc6687432aab97f91939e4bd8a128bfd7223eb8057add7e4fb3d0c
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal
––
MD5:  ––
SHA256:  ––
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Login Data
sqlite
MD5: 54ad1e10b6b57bc9b9eed994e581dd5f
SHA256: 24d2a7516de320c3e91b1513cad94ce5ce2b964bbb8a3d1f66e8083b3205b19c
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
binary
MD5: a9851aa4c3c8af2d1bd8834201b2ba51
SHA256: e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal
––
MD5:  ––
SHA256:  ––
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Current Session
binary
MD5: 052e69d037d17ed2a50994b5bbb659ab
SHA256: ccda0d4c5b0bd2cdf8e7da035a3e7e543bc519f9f7a85da7e3a3e88aece25c9a
2996
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\oprand.dat
binary
MD5: f0cf290ab690775440909c0b6f53d82d
SHA256: 500f318784d69f17ec3701de405386145e1e7070a3abdeb182ab096d68fec17d
2996
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\application_cache\mcache\dcache4.url
binary
MD5: 269abfcdb8eb1886306172aad82c919b
SHA256: 6e5005153bf4250978bd0f260f94b47abfa8b8676b36d7e8b8b1703c36c47f59
2996
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\application_cache\mcache\vlink4.dat
binary
MD5: 9b7e1769f56deedd364f9c444e75f7d8
SHA256: 90c916114e174bfceeb6bd5066b6d0810b53c55870284d290599e127c4c907a1
2996
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\revocation\vlink4.dat
binary
MD5: 9b7e1769f56deedd364f9c444e75f7d8
SHA256: 90c916114e174bfceeb6bd5066b6d0810b53c55870284d290599e127c4c907a1
2996
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\opcache\dcache4.url
binary
MD5: 14c7763fe1db0054a13f650b509ac543
SHA256: e807a2e726d3a021b9936e56c22e5631b3c1aeba38afecfd76a753cf8f13ac94
2996
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\revocation\dcache4.url
binary
MD5: 50d802051a6508df2b6feb1f6dba6c7a
SHA256: 77855a6d98eadd23abc68a6edc93eccbc40f5e3a4979275ef82a4a4b78547811
2996
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\vlink4.dat
binary
MD5: 9b7e1769f56deedd364f9c444e75f7d8
SHA256: 90c916114e174bfceeb6bd5066b6d0810b53c55870284d290599e127c4c907a1
2996
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\dcache4.url
binary
MD5: 84aec064a2842b0857c638b1337bf5c5
SHA256: f7aa4a6de80a2cf60bfa840e173fd67ac474e24d8c98f547dd9faff41888128b
2996
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\application_cache\mcache\oprB4EA.tmp
––
MD5:  ––
SHA256:  ––
2996
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\revocation\oprB4E9.tmp
––
MD5:  ––
SHA256:  ––
2996
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\oprB4E8.tmp
––
MD5:  ––
SHA256:  ––
2996
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\cookies4.dat
binary
MD5: 551d771d2ca2ef3befa7509edbbb6418
SHA256: 0783c2659f886e43e7b694fa108095d36908e002bd8c899bfc3f20c215181fcd
2996
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\oprB4E7.tmp
––
MD5:  ––
SHA256:  ––
2996
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\download.dat
binary
MD5: 9b7e1769f56deedd364f9c444e75f7d8
SHA256: 90c916114e174bfceeb6bd5066b6d0810b53c55870284d290599e127c4c907a1
2996
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\application_cache\cache_groups.xml
xml
MD5: 0c3d13ca7a1b93960f71a49613f4aa5c
SHA256: eb9eaf372a1df1d4d3f389bb09f05b0cd8a1dbd838ae1247f34b36fa7566bb5a
2996
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\global_history.dat
text
MD5: 47f8554a9afe589c397ab7a341795b13
SHA256: ce531480d2d0820a38633c0809c14d2b060cfa387fe3c40cc0b682b044d8b860
2996
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\typed_history.xml
xml
MD5: 9f6a36e846bc2a7bded83531b10b83d2
SHA256: 5dcefd4872bafe4f1cb01d9ac47a3883cfaa78552dbfa1fb1e4c193b568411a5
2996
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\webserver\users.xml
xml
MD5: 8f9bc25082526679d20832e134280689
SHA256: 0fede19a884e68af700217770d350b22bfe9cee4cf87ba9438d50f2341a85b2c
2996
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\mail\omailbase.dat
abr
MD5: f52d18b1988d60b85f3df3b422e67906
SHA256: e8c7c39ae1a30e455ceea25c20267ef6d3035cc2dbbaa80c62650ae6610710f8
2996
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tips.ini
text
MD5: 378946a66814bed3e90d8b14e9d94180
SHA256: e3fabf8e0007a8a229c143f8ea11af31a52ee9a51297a692d8c3cb5217f76d85
2996
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\oprB4C7.tmp
––
MD5:  ––
SHA256:  ––
2996
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\operaprefs.ini
text
MD5: 2a8485e873496254ba3d4d0f105d108d
SHA256: ec73116c7b1fbedba55b0b2cfe4585df62888611dd39f568dd3092f826de418d
2996
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\oprB4C6.tmp
––
MD5:  ––
SHA256:  ––
2996
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\autosave.win.bak
text
MD5: c6bb9f4ecb7995e1c8bf8d4b2b5e0369
SHA256: aff3ccae88267386aece32d6c93f89e91b9705b3852c4dbd057eacf2bf0c9292
2996
opera.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\16ec093b8f51508f.customDestinations-ms~RF15b4b3.TMP
binary
MD5: 86e185deca505cc26e3cd6c9c96d619c
SHA256: d4f5beab5d738897f606485b31d89f773c7b0a59dd85f56bf243de406fa8cf1d
2996
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\autosave.win
text
MD5: c6bb9f4ecb7995e1c8bf8d4b2b5e0369
SHA256: aff3ccae88267386aece32d6c93f89e91b9705b3852c4dbd057eacf2bf0c9292
2996
opera.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\B7M33EPMDCSTFXPWL7TZ.temp
––
MD5:  ––
SHA256:  ––
2996
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\oprB4B5.tmp
––
MD5:  ––
SHA256:  ––
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt
binary
MD5: 8aa09bbd0c6574228cb53deb94a8ce70
SHA256: 86cd0173cddf6f457c5ec5d4cc55e91d925833b33f43606d95e96b8f85fa7b40
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt~RF15b2cf.TMP
binary
MD5: 8aa09bbd0c6574228cb53deb94a8ce70
SHA256: 86cd0173cddf6f457c5ec5d4cc55e91d925833b33f43606d95e96b8f85fa7b40
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\index-dir\the-real-index
––
MD5:  ––
SHA256:  ––
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\index-dir\temp-index
––
MD5:  ––
SHA256:  ––
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\index-dir\the-real-index~RF15b2cf.TMP
––
MD5:  ––
SHA256:  ––
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt.tmp
––
MD5:  ––
SHA256:  ––
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\3b2553e1-2cc4-49c5-b151-196253283cd4\5028ae0655361d5b_1
binary
MD5: 16b713beede3e03647fbe7b9f3bd5473
SHA256: 3a99a5774120aef0a722ba20b40026bbaefb1aa4fd4cc645d3d269cd757f404b
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\3b2553e1-2cc4-49c5-b151-196253283cd4\5028ae0655361d5b_0
binary
MD5: 1c3b2d108e4041d03c62e18cb27f975d
SHA256: 6e0bfc7694288d076e616e9b8559efa94422b7e009180caf82e5a59da1ddd882
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\3b2553e1-2cc4-49c5-b151-196253283cd4\fdf2cfeb8ad0eeac_0
binary
MD5: 8fc92c0d26551715cc1266b63b588fcc
SHA256: 339269eeac82b511cc346017a6b9215ed3a13608becdd35e97d0e02caef7ea90
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\3b2553e1-2cc4-49c5-b151-196253283cd4\index-dir\the-real-index
binary
MD5: 100ad146a2360d413a303f28d6a41619
SHA256: fa8c6d6f79cbbbea04dfaba5e001451d4d0a0558dbfcaefa0799a2b510111c19
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt
binary
MD5: 295be601520d0bf9f37d46b4881337ea
SHA256: 25b0c472506d34bdc1723faadaad3f8abf7c761a4e7012e9bddfe2664f3d0127
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt~RF15b1e4.TMP
binary
MD5: 295be601520d0bf9f37d46b4881337ea
SHA256: 25b0c472506d34bdc1723faadaad3f8abf7c761a4e7012e9bddfe2664f3d0127
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\3b2553e1-2cc4-49c5-b151-196253283cd4\index
text
MD5: 4f67aba5cb5b04976834ad6da18d2017
SHA256: 4476d281b3d119577eb8f19fd90e042e5a456cba30d0bb16d05654acc91aec5b
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\ba23d8ecda68de77_1
binary
MD5: f69670c226e716b4a7e82dd3f1f019ac
SHA256: b0405f10d5c8c697f910da47c651793ba5efbab83743350993882202dc467bdb
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\ba23d8ecda68de77_0
binary
MD5: 382b2dd3c598bb15e537afe2edd70ba0
SHA256: 0680eff1a6569f1b33c302eb08675786ea0636316fd9420e7d5482484959e6fa
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.de_0.indexeddb.leveldb\000003.log
binary
MD5: 991641dbcc63a7eacba784846f16492f
SHA256: d402a1e89776f26565012ebd063638b57e09e58efc77105415906eebafc0fdd0
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.de_0.indexeddb.leveldb\LOG
text
MD5: 460272d15ff46ca5c02ea0470f271f34
SHA256: 62eedcdabf6237049ad1665b93b6e458f28f1a40c55c294027447e4b517e750d
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\index.txt~RF15b167.TMP
binary
MD5: 295be601520d0bf9f37d46b4881337ea
SHA256: 25b0c472506d34bdc1723faadaad3f8abf7c761a4e7012e9bddfe2664f3d0127
288
setup_wm.exe
C:\Users\admin\AppData\Local\Temp\wmsetup.log
text
MD5: 7121ace17a1e71ab601e637f55cf27d6
SHA256: 761a05e82020965b6402bf7a0b5ad9b9293e95f7643929215bda2fd10ff68622
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000012
compressed
MD5: 98c084eaf38062c9836b72fa1a0ffd62
SHA256: 170699aabf7e6c73aac09fa8807d144efc6edc86fd0917802e3c260bf4e8259a
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000011
binary
MD5: 4355844361f2f0ac93c90098500cc3d1
SHA256: f649f9b6b6afe49bef1e0a71727baab12e7b60f14efcc29e861656678963cd30
2996
opera.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\16ec093b8f51508f.customDestinations-ms
binary
MD5: 86e185deca505cc26e3cd6c9c96d619c
SHA256: d4f5beab5d738897f606485b31d89f773c7b0a59dd85f56bf243de406fa8cf1d
2996
opera.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\16ec093b8f51508f.customDestinations-ms~RF15a9e6.TMP
binary
MD5: 86e185deca505cc26e3cd6c9c96d619c
SHA256: d4f5beab5d738897f606485b31d89f773c7b0a59dd85f56bf243de406fa8cf1d
2996
opera.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ENMJ276SCUN14QMBVQJK.temp
––
MD5:  ––
SHA256:  ––
4024
WINWORD.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{3CBD8BF0-08F9-4A30-AE78-7403A3BE6440}.tmp
––
MD5:  ––
SHA256:  ––
4024
WINWORD.EXE
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{4F6F597B-B182-424F-8779-768545702FED}.tmp
––
MD5:  ––
SHA256:  ––
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000010
compressed
MD5: 53eea982d7ad1ad35b35fc3edd48e8a7
SHA256: 949ad5b24488206810f318d1a973ef081b6296b8ec0b89e86102dd18b9b7f092
4024
WINWORD.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
text
MD5: a38ecb7d1366c4b1713ab77b90da94c7
SHA256: 78631595a7349adc7b9c8773410c498e69b865658f5af249a94c4ea2ad73890f
4024
WINWORD.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\sectionfunctions.rtf.LNK
lnk
MD5: 8fc8e1b9fd35b96bfbd8d749709511db
SHA256: a4000a089fcdf0b396c5728bf46ca745a8bf4e7ea5a3af00924ab50f19b64649
4024
WINWORD.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
text
MD5: 1c18bcb6eb01e525c8851f5d173a659a
SHA256: 05ed407dce08df5eeec6c9c6f528940e5626012295aeb9e263eaa0739675af80
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000f
compressed
MD5: 803c47a4038529f7b4e3cc70d8ef6544
SHA256: 0fbc2e50ba015d0a918f19802bbda6249318ee0c37883048da343fc52e236252
2996
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\optrust.dat
binary
MD5: 1aa8644c9261dc10f7247f6a145c1dd2
SHA256: 58a8933f65361633c6ab194000d312dc9d566f717b1a16814a0dbee24a60ebe3
2996
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcacrt6.dat
binary
MD5: 7f5dcbf9f067f258078d5071195d5c51
SHA256: fec0be3946fe4780375cee50eb647bea4fb130af228e473fe442b39ff19d0492
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000e
image
MD5: 0515236318ac3251ff39eb8372a0c129
SHA256: 228cb9c602929e1a2fb17408fe812af3599ab9f734d0b7c499ab79e15c5b8dd4
2996
opera.exe
C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0000V.tmp
––
MD5:  ––
SHA256:  ––
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old
text
MD5: 80b8c44b60f8bd20d1cf8277ec794bb1
SHA256: 6371157cf7270dd227625ddf799da6c38c60b3e2110fe540b8bc9df48aef09a6
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old~RF159eba.TMP
text
MD5: 80b8c44b60f8bd20d1cf8277ec794bb1
SHA256: 6371157cf7270dd227625ddf799da6c38c60b3e2110fe540b8bc9df48aef09a6
4024
WINWORD.EXE
C:\Users\admin\Desktop\~$ctionfunctions.rtf
pgc
MD5: 5f8c69af8c28d4f068a7b86959c076f5
SHA256: 57d09a112aaa027d78f466f3b6b07006a32e9c8bcde3b3a0eeadf83ed8e823b4
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000d
binary
MD5: 5d71c5db2d00fb274535d3494634114f
SHA256: ec782a8f5db1ada1830eb5daf045efc74ee3a7f39d711f0260fe42ce4a714825
4024
WINWORD.EXE
C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
pgc
MD5: c133b96baa8d7065577e01271f06a277
SHA256: 3739395791be2dd68e10a69ee431ec6fde94c6803e3b11d2e4d1adc779231952
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\3a6b9ec495cd6726_0
binary
MD5: 0bb339782b601350e98f26604d431ca3
SHA256: 2f54d42e381e0bc27b728ab069660c0be20ed9e48f49df9fc158e34555ca2b62
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\40bba07c05914591_0
binary
MD5: 999f5dc6ecd6e73b34d98d2f51a22b38
SHA256: 17a79731823baa9b028aa49166cebe2b8ecf18a3227d56ee51f788446d9645f0
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.de_0.indexeddb.leveldb\LOG.old
text
MD5: 65e3a899ee20811d157b572ffa34a607
SHA256: fdbc070214092df54b10dc06b2a40f0cc30ad00d410ba67de9f98a3d53f08a75
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Last Session
binary
MD5: 02536c23edc1e418a6fea313d20b2a39
SHA256: 8e8de8689482b477d0beebe0a4ac24b9cabcbfa84848f66b4c0f55cd96dc0fe9
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old
text
MD5: 7282c871a31b4aae7e61cdbb39a13331
SHA256: af615c556e2a22e87135a967c01e869216f65268a88bd218fd6ab70467bdf733
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old~RF159d62.TMP
text
MD5: 7282c871a31b4aae7e61cdbb39a13331
SHA256: af615c556e2a22e87135a967c01e869216f65268a88bd218fd6ab70467bdf733
2996
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opuntrust.dat
binary
MD5: 1aa8644c9261dc10f7247f6a145c1dd2
SHA256: 58a8933f65361633c6ab194000d312dc9d566f717b1a16814a0dbee24a60ebe3
2996
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcacrt6.dat
binary
MD5: 59761e989f564f76a3a4b778db7abcf1
SHA256: af879942d234d85c0ce75921dbdda50e2f6d135bd961f259106131751359052b
2996
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opicacrt6.dat
binary
MD5: 82f1a2b1176a5ecc457d32301e2ad833
SHA256: a783052804dd4c232be2ed3dc00c430cb67a20370890e235562ed2b27b5a602e
2996
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opcert6.dat
binary
MD5: 1aa8644c9261dc10f7247f6a145c1dd2
SHA256: 58a8933f65361633c6ab194000d312dc9d566f717b1a16814a0dbee24a60ebe3
2996
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opssl6.dat
binary
MD5: fc9dd80ebaa32cf1ff520d809dcc82ec
SHA256: 4e4e21434e45b8099aa900f0dc4c72c96655b2841c4d1e72311f2e657cbc704b
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\5028ae0655361d5b_0
binary
MD5: 7d4eaf0eab3fc6f8d73156cc387fe617
SHA256: 83cd42aa9e794eda0f236ff34bdc25eba43dc2d86ef59112e1dcbe32249b324f
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000c
compressed
MD5: 39bde5873b085dd43c1d8d806fd3475c
SHA256: 2f4e8222a3e55ee88d672cd3e0ee643114dcfb304686254b22d30928eaf74db0
2996
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\tasks.xml
xml
MD5: 9cd2d360dc4305122442d642e8d28463
SHA256: b235f00a9502b6178ae9ac06418d849a039e8ab8d89693cbb00d7ff1d6da0c16
2996
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opr9C5A.tmp
––
MD5:  ––
SHA256:  ––
2996
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\operaprefs.ini
text
MD5: c4abc4a254a8c5d0a4bbe9e05f814b42
SHA256: de1334a1493d97425cdb9644602c653d13291ffcec441df6e07bb149bc9b0c96
2996
opera.exe
C:\Users\admin\AppData\Roaming\Opera\Opera\opr9C2A.tmp
––
MD5:  ––
SHA256:  ––
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\1157fee2e2dc1968_0
binary
MD5: a998275095d7c51bd6e89ecf381ba727
SHA256: 811e42aa37b092d81bf4055b679a43be0f58faf537fda7b6e9e7af8c66590c47
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Translate Ranker Model
binary
MD5: 5640a273c1a1524b5d7465d49e1c23b6
SHA256: 801ded0f13cb7cce4bd90ccce5c790b995f268902d03b6c24c27ecc9a7da9d7c
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Translate Ranker Model~RF159b30.TMP
binary
MD5: 5640a273c1a1524b5d7465d49e1c23b6
SHA256: 801ded0f13cb7cce4bd90ccce5c790b995f268902d03b6c24c27ecc9a7da9d7c
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\82713908-3e80-490b-bfd9-4f823e86d3b7.tmp
––
MD5:  ––
SHA256:  ––
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old
text
MD5: ea6d75c35eb812fdc5762d84963de026
SHA256: a4e911f2978a45872ede6742468623884a33bca6e015dfb35dd4d55034d9ab74
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old~RF159b11.TMP
text
MD5: ea6d75c35eb812fdc5762d84963de026
SHA256: a4e911f2978a45872ede6742468623884a33bca6e015dfb35dd4d55034d9ab74
4024
WINWORD.EXE
C:\Users\admin\AppData\Local\Temp\CVR9AE2.tmp.cvr
––
MD5:  ––
SHA256:  ––
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\50da1ec5d44a313d_0
binary
MD5: e9c2c1cf5db82572eb2f649e60c4c2bc
SHA256: 5156dd7d8f8992b670c624df12f470177f7cf21983cd9fe2922cb38a029c4460
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\3a41e250d088c297_0
binary
MD5: e540c79dec985fcc941f14bf224192bb
SHA256: 36dd55d2cbf08ad9f05982c9408fa9125b3df084fb5990a8c8d3095c753e9d4a
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old
text
MD5: 84042895723ac99f9599edfc7500051c
SHA256: ac49bbf4b490c77bddf11de45ef4965c72b16b00cb2519fdb627363f760c6219
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old~RF159a65.TMP
text
MD5: 84042895723ac99f9599edfc7500051c
SHA256: ac49bbf4b490c77bddf11de45ef4965c72b16b00cb2519fdb627363f760c6219
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\index-dir\the-real-index
binary
MD5: 7310bf883e828ae9b8e6bd793d45e139
SHA256: 6a17c6592725f64037ee1e3ce5a71ebc0535c92c7ca7ecdca4f055dee0ca6fac
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\e6622492fa163609ddd4212f54512baa07929ed3\caecb3bd-7969-4305-84d6-3a376453ec73\index-dir\the-real-index~RF1599f7.TMP
binary
MD5: 7310bf883e828ae9b8e6bd793d45e139
SHA256: 6a17c6592725f64037ee1e3ce5a71ebc0535c92c7ca7ecdca4f055dee0ca6fac
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1
binary
MD5: ed7be26381a58947e064aa31d9a4df32
SHA256: 577325ceb89288152a7eaae3c36abfc1cba6d2521a176de9bac3667c78b56d3a
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Thumbnails\LOG.old
text
MD5: f727dd25cda7b2cc574098cee1f5764a
SHA256: 5f7bd6926940e400ee7faa6d620192ca299f7b5aaa92d672f8173a767b3fbbff
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Thumbnails\LOG.old~RF159564.TMP
text
MD5: f727dd25cda7b2cc574098cee1f5764a
SHA256: 5f7bd6926940e400ee7faa6d620192ca299f7b5aaa92d672f8173a767b3fbbff
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT~RF1594d7.TMP
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000016.dbtmp
––
MD5:  ––
SHA256:  ––
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\CURRENT~RF1594c7.TMP
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\CURRENT
text
MD5: edd71dd3bade6cd69ff623e1ccf7012d
SHA256: befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\000016.dbtmp
––
MD5:  ––
SHA256:  ––
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.old
text
MD5: 1aa66efdb743fb0a8dcc1cd79b0b6542
SHA256: 28d56532cced7375a2a1c7731e57c1a1c2ec1ac9827f3e5beee7f8069a5f87dd
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old
text
MD5: 197882774a7ecec9046bc48f63189b66
SHA256: 27377b0d5f989997c2c3f74acf163eed44b60631ddaa768f6655d7be555742b2
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.old~RF15945a.TMP
text
MD5: 1aa66efdb743fb0a8dcc1cd79b0b6542
SHA256: 28d56532cced7375a2a1c7731e57c1a1c2ec1ac9827f3e5beee7f8069a5f87dd
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\db3f3865-6588-49e9-af4c-0a01eb35bcc3.tmp
––
MD5:  ––
SHA256:  ––
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF15944a.TMP
text
MD5: 197882774a7ecec9046bc48f63189b66
SHA256: 27377b0d5f989997c2c3f74acf163eed44b60631ddaa768f6655d7be555742b2
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RF15942b.TMP
text
MD5: 92be6b127e72365885ad4c3fb6534ee2
SHA256: 54302a2573acc775720e7db0ad85873276713302b4f72596a8dcc44b01c70e51
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old
text
MD5: 92be6b127e72365885ad4c3fb6534ee2
SHA256: 54302a2573acc775720e7db0ad85873276713302b4f72596a8dcc44b01c70e51
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG.old
text
MD5: 8ca4ba2b95d7089861a48ed69fde6561
SHA256: aa64c14d0c68b62bbab62a6d6fa4662ff89e1fbc7b337c926ac213c191d6406c
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOG.old~RF1593ed.TMP
text
MD5: 8ca4ba2b95d7089861a48ed69fde6561
SHA256: aa64c14d0c68b62bbab62a6d6fa4662ff89e1fbc7b337c926ac213c191d6406c
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Version
text
MD5: c10ebd4db49249efc8d112b2920d5f73
SHA256: 90a1b994cafe902f22a88a22c0b6cc9cb5b974bf20f8964406dd7d6c9b8867d1
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
binary
MD5: 9c016064a1f864c8140915d77cf3389a
SHA256: 0e7265d4a8c16223538edd8cd620b8820611c74538e420a88e333be7f62ac787
2204
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma
binary
MD5: b59113c2dcd2d346f31a64f231162ada
SHA256: 1d97c69aea85d3b06787458ea47576b192ce5c5db9940e5eaa514ff977ce2dc2
2196
NanoCore.exe
C:\Users\admin\Desktop\NanoCore 1.2.2.0\server.log
text
MD5: 666367c4bbcf6460d2250cc163ec46bc
SHA256: 103c522154afd2731c85809386a3ab3965b7b2efe4d4ced8cd601b33649a42be
2196
NanoCore.exe
C:\Users\admin\Desktop\NanoCore 1.2.2.0\settings.bin
binary
MD5: dc5c829e3a3b10166fb052d1b8a8601f
SHA256: 8cd9c4c7945cacdf1c5578682975af259d6e581af2f7c71d629c5f406fbb1813
2196
NanoCore.exe
C:\Users\admin\Desktop\NanoCore 1.2.2.0\settings.bak
––
MD5:  ––
SHA256:  ––
2196
NanoCore.exe
C:\Users\admin\Desktop\NanoCore 1.2.2.0\Databases\main.sqlite
sqlite
MD5: 737b0047a4ee0666bbe611456d5a088f
SHA256: 405aa835216bc8264d98f76354aec0a20abd11d526cbfc80faf4a8595ba31521
2196
NanoCore.exe
C:\Users\admin\Desktop\NanoCore 1.2.2.0\Databases\main.sqlite-journal
––
MD5:  ––
SHA256:  ––
2196
NanoCore.exe
C:\Users\admin\Desktop\NanoCore 1.2.2.0\Databases\main.sqlite
sqlite
MD5: f081b75cd4418a24c4bfcb33378e2b95
SHA256: d0603c315a39b5b3b3d8dffd96e30c6a4b52583700e3d0f0cbfbeccafe50d552
2196
NanoCore.exe
C:\Users\admin\Desktop\NanoCore 1.2.2.0\Databases\main.sqlite-journal
binary
MD5: 219b8f34ae31364e9d76a9fb46d95b7b
SHA256: 2d150b5e46a37cc5465b9b5452479b2d2a0420d684c454ee953e1e19fbc2cbbb
2196
NanoCore.exe
C:\Users\admin\Desktop\NanoCore 1.2.2.0\plugins.bin
binary
MD5: 5e709fc806e8ba3385487699004f6d29
SHA256: 9ecbf989dedf1403db953fb4e5955c9f63415cbe1f6492c3246bac405a4d036f
2196
NanoCore.exe
C:\Users\admin\AppData\Roaming\DucPlugin\Settings.xml
text
MD5: dd109482fbe20d070cb8a083bda8976d
SHA256: 045e7f4b7e919109d62425f539c59f47a219de1d74ad614438785109437b134f
2196
NanoCore.exe
C:\Users\admin\Desktop\NanoCore 1.2.2.0\Databases\main.sqlite
sqlite
MD5: 7ba90c0ced3ae21bc9895705b04fc7f0
SHA256: 333b2d6de830cef3f6187f80900a4eb9696b0cb354dc2437664e18d5084fc00e
2196
NanoCore.exe
C:\Users\admin\Desktop\NanoCore 1.2.2.0\public.bin
text
MD5: 602d0cc4e7246f8a3b8a5ee9c7fabe30
SHA256: 6de29ee3e660fd3ab419f568fcf65f8418484eb43d5bfcdbfac5d456fd8488f2
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG
text
MD5: 81e93b53d4e8b9821da8a9b29ce75493
SHA256: 757c53aa7bfcd721074146b7d71b25740799ad9d76b18a7b1b36b527cd491018
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
text
MD5: 9e0b3305a1902a6dfcb97f9abb9bf5a0
SHA256: 586bf1ce98fbab465be02c827ed222b27b59dfecf3b9039733871a0b8a21e72e
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\Themes\Firefly.xml
xml
MD5: b84cfc71eb55e42464e9c8868401af4a
SHA256: b7f01db02fdb9c586c89c5fae3301af28365928cf9c5fb74084082c9afc95227
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\Themes\Terminus.xml
xml
MD5: 0e74131700fda404d96eaf7eceb279f4
SHA256: 32f80f9434a1d137cfeb2ed9850c4a900165abbfed2269533c0fc8ce5481d7ca
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\Themes\Ember.xml
xml
MD5: 5db56c0fb5a2bd0b51e4a16d62fd22d4
SHA256: f4f2410031fe6c41fb7dc01e1ae46cffbf226e839722c6ecb8991c485193b6c6
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\Themes\Venom.xml
xml
MD5: 9895caa6689f649aa4c16ea00c010aa6
SHA256: f8701d3c100e6da867c66d58eec2d20519d9383dcd0cb3b3f14176cef54e69cf
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\ServerPlugin.xml
xml
MD5: 8245e02b3a884c86e66791879fb79a28
SHA256: 3cf9cc86656b3719555e76b9f86d1765bc700c6a9a8228539f0521af96e81cda
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Origin Bound Certs
sqlite
MD5: e4b4024e7af85049271fbad69ed7387f
SHA256: 1f2ec2fb49c943b223e57cbf548ef71bd779711186cbaa241fb0fc5cd41e7421
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\settings.bin
binary
MD5: 529efef62b33bffe59851241e0f41b69
SHA256: 4042218ce6e9c452e8d7e1d2e1ddb82ba9bc08f030072cd6b589289fc59186c1
3496
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Origin Bound Certs-journal
––
MD5:  ––
SHA256:  ––
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\server.log
text
MD5: 37f7d3579867605c8b41fd3ae99bed49
SHA256: 49144a989766da5eb98204f1399505e8a8e1dddf11a8962af178d7b5348f332c
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\Themes\Default.xml
xml
MD5: 66bed75987dff3835a4ab05e61e619ef
SHA256: 193da22d8e0f6431ca6ccd4490c122be113dbbaacdb973b4f1c8572a461a8047
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\Themes\Classic.xml
xml
MD5: 769e96dfde51ff03a4a1b6f1b7a6f0d9
SHA256: f35ccb8a314f11ee46668d08528f6f21f02bc7e8d5716c838623c9f0ecc557e9
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\TerminusTheme\TabIcons\system.png
image
MD5: c3311766b9dbf19630e91f7d62414266
SHA256: ca926a91450494dd08d184edef95813c7e2fac8b054cea3bd4f3deb0e0bf4779
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\TerminusTheme\tile.png
image
MD5: 67a777cd364ea1a25b6dd892d350971b
SHA256: 98e6125c107eab751549ac072d7ad986799f73b12b8d21e02ba820c73d2c2474
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\TerminusTheme\TabIcons\clients.png
image
MD5: 128d8ba93abaa0972ab2f672fc84b073
SHA256: 51ea6610a7cabe6213aa4727c76e949c6debf9c1f46634bdcec219729aebb794
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\TerminusTheme\selectedTile.png
image
MD5: a9df336b1e36b1f21478beb27df32b1a
SHA256: 4f9cabb219b866ad34ab4d9db177960b0d09e16ec3560b6ed1a81ffb71121070
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\TabIcons\system.png
image
MD5: 9993c66f33d16d11e701abbabf5a5db8
SHA256: 24c4edf86254f9e2359508909ba52dd683e1f6af0d8c1a52f875c472fc73bd40
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\TerminusTheme\TabIcons\network.png
image
MD5: bc5da7be825bcadb874ee3e8e5b8cf0a
SHA256: f5ab6f83be47b475214b1315df15218f391ef9daba7c6786e056c1e93acad75f
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\TabIcons\stress.png
image
MD5: 11de4fe4879b18c9558c9bd6c38601e5
SHA256: 0bc95219a1825cf0a6d2462b7f7158271121babb371d423341fb8f82073e38aa
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\TerminusTheme\startCap.png
image
MD5: 0fab24ac5a6eac8af0d28db47012ff26
SHA256: 3935e36fb90dfe25609b42228d692fbcd90ab0becac90d992ffb959a60ced577
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\TerminusTheme\TabIcons\builder.png
image
MD5: c3beaed95883226523685ff3c2256795
SHA256: 8cacd9a4a310ed66e276a696773972d59001f5421c715bd0ef2e89ba853653b1
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\TerminusTheme\endCap.png
image
MD5: 642b3ac81df63efe32b8bd89ad31e4a5
SHA256: 5dd81c4cab98e09c75a6aba80380bf0be03759a788aca43a5e3cbee9b6df2eef
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\TerminusTheme\TabIcons\home.png
image
MD5: 133b98206dc007b8363582187463fce6
SHA256: 35b1a665a39ccd3817c76a4bd11843b6c1e4513fe41584a5af5cb5d714531665
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\NotifyIcons\warning.png
image
MD5: 47c77bedc7dfe2a5a9c1feb295953d58
SHA256: 7bbbf2d0dcde53073faf908a77a40686b18b1a417970cfffc456df940e62ea07
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\TabIcons\clients.png
image
MD5: 0331dbac2291c05d567461b58654d350
SHA256: 8d1339e002540de132326aeb1d17c66a9a60b0af7e3daca9bc40df17e9c96542
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\TabIcons\builder.png
image
MD5: d2d498dc06990b948ef42c479c4c1f94
SHA256: ce8e344d1975972fa3f1b54383ab01cf522217e83b4e01f5c5b8563641bf6550
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\NotifyIcons\exception.png
image
MD5: f8f21937a06141ebdc480290ee2f149c
SHA256: 166c2f2172bb7e2e320d9553ae9e836cb85b641bfa87f27b207bfc873e05c850
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\TabIcons\home.png
image
MD5: 0a482ce7f891fe7a64118bbb34a34b9c
SHA256: 76d3e6c51702b37227b73a4f84771e44d7c1a8551b4c1fdd90e341f03a805346
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\TabIcons\network.png
image
MD5: 48780574121d519661c2e0bc51b25b68
SHA256: 28f4c682d85fb4ef531a71b7fed8f0d7ef548f1126da378aaf60349219a681d6
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\NotifyIcons\trial.png
image
MD5: 92dab867e3d9312b14d7566ba3918dd7
SHA256: 7a95d8e8b33f10625ce65dfe0b2658f9f4fd2a47b5828f1f46e2cdee8604d567
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\TabIcons\plugins.png
image
MD5: 3191ca0269497a9566299585d427bc15
SHA256: e60d5bbd1aaa36e731ef53f09dd4b010a041dd7c346c4f3ae0b824f63c37959f
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\NotifyIcons\news.png
image
MD5: c8a7867e218174512b5b2928726324c3
SHA256: ca55b173af7b4a0352b3e1a6f07186d2a52e5762cdbccde252f92cbc981e5605
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\NotifyIcons\disconnection.png
image
MD5: a7cbd049a7b8a5113712289135018ecd
SHA256: 46c533b788569fc814bcf0bd06e969e6687c89f7a62dca771ff6016ad48396f5
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\ping_none.png
image
MD5: eafc398bff31e2745ffb098dcb097baf
SHA256: eb3b1265f2055ac131f139aca6ac280e5c68f011587131b7caee7f6fe234db1d
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\plugins.png
image
MD5: 3191ca0269497a9566299585d427bc15
SHA256: e60d5bbd1aaa36e731ef53f09dd4b010a041dd7c346c4f3ae0b824f63c37959f
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\NotifyIcons\connection.png
image
MD5: 34530c8c50f438967fc6105a60711f91
SHA256: b04104141d282816ed13646f7e546f32cdd086a45467424f85af9e491b8a4bcd
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\ping_d.png
image
MD5: 18f2725bbd54a4781b05f6992e18af45
SHA256: c9ebf01bbaa15fe947d48be06892287eda514f8196ccca06cc9b54ce92b94891
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\ping_a.png
image
MD5: 7fa438da247a3788fb6651092c8310de
SHA256: 14181acada9f9817335727872c0daf4ecb1f787e4cab9558005dfe75467f7595
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_zw.png
image
MD5: 024fc7349ac7d03e25429add3c9884de
SHA256: a5f6ed6f5134ab4c1e3bf0d32bec707f8b6f83bcaa2115e1ad0f797e31ada9c5
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_zm.png
image
MD5: 6c9b3f591f246c20f61ff83a1fbd5948
SHA256: acce772d131cbca6b02152bce30f25c7e1162e5cd5471e56564bd7b3609493ad
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\ping_c.png
image
MD5: 4637ac9c0e8f307a19f7e37385eea884
SHA256: 66b114ee7e3dadbb5c080b9a377a6f3bba794cc198b618547c1ae2faf4d33375
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\ping_f.png
image
MD5: 4758d72072193088d2e520245eb31870
SHA256: 015612a4455be0b7ca9e8e496585e6b94fd2b71b2708144067fa92216a8a49ef
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_yu.png
image
MD5: 1911e2e900f851e46306d394c71a5582
SHA256: d236c64a60a65a0c99fb6fbffeed52f5293fca6b4315e966c3c2a02c7e04905a
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_za.png
image
MD5: 57c524513c35d37f3d0fb93b99ba8694
SHA256: 162bbb35fef0d1d5cbf87d81ed492bf5d6aac097efc70c2aa1d1c865358a1668
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\ping_b.png
image
MD5: 526be803e5747732c5ac602cf1502264
SHA256: e6f4a50933682bb477c885a3bc4358160d2a7e63c19aa315c7c54ed8e843ec82
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_vu.png
image
MD5: 4eeee71f7d5fe3040ce53e16b47c145f
SHA256: 0ab8d94faa72987d354d28da64e84d3cda4c668c3d1a46502b70128edfbfbb95
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_vi.png
image
MD5: 02cfd9e6861c70e92812f9a708b7d320
SHA256: 41d2e93e1d6a307024ddc3caacc921f0cb846b4fba9e70d149ce999feb2c83df
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_us.png
image
MD5: 2ac7dd173de2c303010070f63aab9ddc
SHA256: 8abd7edb104a0c23afb62f4e8e88823694062688d55005692ab604713cada0ab
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_va.png
image
MD5: bb607ff52cc87c2f523378ecf0f745fc
SHA256: ec9593ceec2832de490f627cac0c332b7d4acc8347771f2b3da44eb94f296ae8
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_uz.png
image
MD5: f1e9de8d2c7f37a11d209226c2710635
SHA256: ef4fc44bb1035d7c2c4c992254d6dcf0c3a8ffad17b5ac2b03febafbdac452d5
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_uy.png
image
MD5: e5e6bdc82b7f1cc28cfc75afc2346132
SHA256: 38c88010d90fd49b45c6610c0ac67612338e0582001520fa8cc8a727327fba5e
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_vc.png
image
MD5: 30a5a7df3e212c6c9a91759b8f760674
SHA256: 737593717dee213dda6c882e1567919619a7307f5fb64529fea4c6cd51d691b4
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_ws.png
image
MD5: dd3fa0b681af74e42cc2a07ee92475f0
SHA256: 8f374184e0cbb5d3275874378e60679306c02c123646fe40ccfbe44339afffbe
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_yt.png
image
MD5: 5ac0d15234533136bf6ec230686a4aa5
SHA256: 5cceb033c0262b5905f88d5905777471e9f1b0b0d9cb857f2361e88ada73610d
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_vn.png
image
MD5: 18b1b14f8adf822a8bac7b676c1c5ed7
SHA256: a9f9d8a72f5ae8542b33540d667a8ab73cfcb470b529830bf8dfe44a99662cd7
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_wf.png
image
MD5: 7a9c73e7d27c433007866cc3c625a67b
SHA256: c32bca7edff2534dd2df76ad65571258ecd140af90f78b808b0c614d58d341cc
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_vg.png
image
MD5: a7333923c8179f8d0e5ed745c11c8bf5
SHA256: 657c756df7a442213107325177736d4590c33af1e178e50406409304f1fe9002
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_ye.png
image
MD5: a8c54a9fbe2b750ad30cc395fd831821
SHA256: c50bec4a092321859fea207bb103a962d5671036d47d064af07a5ed325411773
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_ve.png
image
MD5: 858162e11a674ea3392a9d2c888d6f84
SHA256: 1fa9b6b9f81b028de60c7201a973e422f9b790675a655586a9c77ff55c6e8311
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_th.png
image
MD5: 2a0984726361debbcdbe9697b972b90b
SHA256: 02e1cfcf8e1b73aa84ba3cd7c43ab7073482c5c613a7b373d47b70882a6f1a04
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_tk.png
image
MD5: 522755a2f4275cd5d5f858d879a9ca05
SHA256: ad76983c860e3f7645ba50b60660ef3b1020a874546f0c8a0d3911a72b842949
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_td.png
image
MD5: 0f4f625107407a478b13d87531888264
SHA256: eaca3e1de6cdfc9491c32ab3e9acbc05218eeea4b14ab7e7e128f58ec021c3cf
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_ua.png
image
MD5: ab29ab178b145d53ab1b5497801d7745
SHA256: 482f57daf4b405476b3c14c7d41f019ec65e3a2371c4b0c28d273a7ead7b2e09
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_tn.png
image
MD5: 0e5917571012b1c6f280991c7dce251b
SHA256: 7b6f40902c3912884f719edbfcd6c72dbc003f9f1c1fc79a90854708718b0246
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_tr.png
image
MD5: f57efad016a1c76841c7bc50b7082aab
SHA256: f6934189e94cb5e03a7eabdf9848b2415c2ab1391d117c5255955e83a58886c1
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_tg.png
image
MD5: 46c4d03c720d6a555e6b4c43e0f3227e
SHA256: 12436c27443ef1351d19d6d97068c51bb9dc1aaa7ca69bb7f07537cb519909ae
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_tz.png
image
MD5: a08cb47190de4290b655e7e33964d6b0
SHA256: b6b3d5ec1add29fe84db79dbfe720111e641f0bb563a17263c8291c283a4a90a
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_to.png
image
MD5: 279900354a9b487dc589f2d7c6369d28
SHA256: 4058a1dc6bc8b93654173749bb9ba04913bd68a4d151cdc7d2069ec6e96af79a
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_tl.png
image
MD5: 49a83784fec37f24426c262a6b8f0cb0
SHA256: 218b03713a30e52eefe52737c7c806a2a397fb9eb58a6187fc50e26fe5e75b5f
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_tv.png
image
MD5: 3ed0be1794bc6fa6255e3ffc5ee02cd2
SHA256: 58abb07fb6bedd3d20596497f6c821a80c49ce5bbe09705583f2c28b21100081
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_tm.png
image
MD5: 185ceea76084d0418a3dc08dc95e1206
SHA256: b6c6fb8f0e2c6b5086b916ef2db8298529224181cbbf0a720cb98d7331433865
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_tt.png
image
MD5: 37431b3b0c313ee1be21626b951c9c98
SHA256: 4e010ec8a43032b0c20ec979a2cd842dbfefe6e71c04f9ebe823ae33f32ebbd1
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_ug.png
image
MD5: 7396e115019054841858f150020272b1
SHA256: 4540cd0bfdcfc7a7d009573e7264b55defc7a5ce35796efe24084f80c2b2c23c
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_tf.png
image
MD5: 5ac0d15234533136bf6ec230686a4aa5
SHA256: 5cceb033c0262b5905f88d5905777471e9f1b0b0d9cb857f2361e88ada73610d
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_uk.png
image
MD5: 92b872d4efdd1fe08f47c838a8165edd
SHA256: bf64f32f6e668e8eb7da29be60d2ecb5dfd08cb572c9ec044049f30b462542d7
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_tj.png
image
MD5: f76595b9051731aebd8217b5d8e942a0
SHA256: 4b57995db1a9644e6018a03db3b875f07168b92130960addd3436bd055fc7e68
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_tw.png
image
MD5: 70e81466ad792ebd91a4bb200a3a3b94
SHA256: 962338007e161ffc504e8494ce1fc90741a4ae7bb848363265299c4783071f36
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_sk.png
image
MD5: 4014aeefdbf20765b97e2d33db91b67c
SHA256: 863163402e730f7bff5061fcedeced08882bd6ea948cd932f17812876ed89d73
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_so.png
image
MD5: 7b9c74d4123b4146feeb306840f96fef
SHA256: 899b514b9daae80cf3a9a3f37d68236d0937afe007f55694f3467ff9769f9c93
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_sv.png
image
MD5: 30bbcff01c9b2e6cda5c3db28765ecc8
SHA256: 51f77c930193a9cf9e8b3d2add782781820e64dc34273ad9ae49e9d3c5b034c6
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_sl.png
image
MD5: 41f509817f487c90983298a1ea403631
SHA256: 72ea0ad7b4096745eb2e130977e8ff9b4a4136a68156a83d8bde9ddc425fadd2
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_sr.png
image
MD5: b085010c702ecca5e2a798097caaaa09
SHA256: c573b83d4c1d073ade0130a19a6c7dcaa093b424fb20015bb2238b8359ab69e9
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_sz.png
image
MD5: 26f60a7c82f97b033cd5dc0be4c04eea
SHA256: 8241378df1caec10921c1d3547f1af61e00bdc23222031f408289a6357f76832
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_sm.png
image
MD5: edc24d847eb0b76b245d8bdefced62d9
SHA256: 2b1bf0a2f7dfad19d985c125babfe5dcf3fa5f52b0e3dada87be912d1a5288a2
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_tc.png
image
MD5: 94532bf48f8a91a1c520c72e6f40eca7
SHA256: 00c7126873248b107b62a6d4500ed9d5e2b6171617283d430284cd2a6bb85ffc
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_sn.png
image
MD5: dfe5467ef43860d751fd1d5379cbee88
SHA256: ccdd76d641b45faf86b05ccbaf886d798f96a9cf698696140031db3a5f766527
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_sj.png
image
MD5: 4f82c2e83eab05d2bd9baaeff6c81a96
SHA256: 15493361692068154ac1b1baf8878c179b353996dcda4d63e0322ea37f998f9b
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_sy.png
image
MD5: 34024e6b1ac097e1cbf69baeb852e678
SHA256: 8f7469b742246ef455f300f1bc5d6df86ee4c542f4a21954df339854150dc1d7
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_st.png
image
MD5: 557c92dd5efd29d760b506d2e85a54d7
SHA256: a4a83b9c17051c941b68d81104c87141b5e95b8e11e8ba738a8d572222bebb9f
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_rs.png
image
MD5: f9adeab23c1293c354e1b01d75dee3f7
SHA256: 627d7a5097f4161e59886d50505f81aa5264b7ba22c4771dfbbe1b55578e14e4
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_sh.png
image
MD5: dbc060b1c662f3e5bf028088d045ba8a
SHA256: a75bbff9ba631c3f6b01c39758861eefdd18f893c5ab3189c75010cfe41aac60
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_re.png
image
MD5: 5ac0d15234533136bf6ec230686a4aa5
SHA256: 5cceb033c0262b5905f88d5905777471e9f1b0b0d9cb857f2361e88ada73610d
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_rw.png
image
MD5: 0e759746e6248541939a830f44713266
SHA256: 0662155a9ea696b0d3c3a6d3af4d67cbea0ae48c8c097c25261f4b7447d3f716
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_si.png
image
MD5: 16bd7a5dabea44450ec2e5e939340425
SHA256: ff9622c567547d8da4c6721b38aff5703eb7c0ebbbf40b130f904a83edded5cf
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_ru.png
image
MD5: 1143452fbb0d9d628a98ba4ea53325de
SHA256: e22b7c24be3543aca1e74e40cfae03dd055103a1d6b63a1334a9a4af8c3ae1ed
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_py.png
image
MD5: ff530f9d7d91cdf52eca398c407776fa
SHA256: 897f8254fba1f92733f408721c991387b1a751383787d66bf691f100b348da40
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_se.png
image
MD5: 649aa825f3e12952c9e7872d07651543
SHA256: c9be7042a9a48f9f0fcff019bffe2bc875791d5a5f46d66c3ab7fadfdbe34471
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_sb.png
image
MD5: 9a9a7a9081bb79744b06af793ba307f8
SHA256: 84c7425802f8f5fb68487545ff47477cf60c415c444868995e0da8c0a06a72a9
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_sg.png
image
MD5: d1ef4e9bb0af7944effffcfaf8561ac7
SHA256: 301dd7b4a5522a89a93f5d6fd949f3fd2dd7103c56a7cde598d7b1b186f56e1c
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_ro.png
image
MD5: a8ee8ac88db9071928d53fa1a006dfc4
SHA256: 84d841f971853eb6b04c22b995f23c4bfe258a4d5aa869f50b5fa17ecd6de290
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_sd.png
image
MD5: 84947804f65b25f376b2fba9517b5a29
SHA256: 31bc546c0c709d6689f5863155cefb9d62c09ca20fcb83707133399535d19cbc
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_sc.png
image
MD5: 482ec80fb37c6247e6d6182b2296cdbb
SHA256: 7bd06e2b6a2d65c22c68103384330471b5f11340fe1b144050acda5eac08d99b
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_qa.png
image
MD5: 1cea284ae7fed472499f236ea37fae45
SHA256: 331b9b47c68a52e3d19cc9db1543f301de92bd38c20f3eb55ae5f4aeb6698ab7
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_pw.png
image
MD5: 68d355d4ad3bb85de7100918a8191af4
SHA256: ab45478f4ebaabea4df0d431117d968b285b9db48216f0c83d1f8f318048b043
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_sa.png
image
MD5: b96f2be01171b8df69f01aba9f19a509
SHA256: 7051c439cc676b6108281a50f7b3efceaf8574742a7154351a5c01e9305eaa03
3104
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Resources\ListIcons\flag_om.png
image