General Info

URL

https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.TeslaCrypt/Ransomware.TeslaCrypt.zip?raw=true

Full analysis
https://app.any.run/tasks/59f42db2-d0d5-4997-a740-38f7b4cd17df
Verdict
Malicious activity
Analysis date
14/01/2022, 21:25:04
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

trojan

ransomware

teslacrypt

evasion

Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 11.0.9600.19596 KB4534251
  • Adobe Acrobat Reader DC (20.013.20064)
  • Adobe Flash Player 32 ActiveX (32.0.0.453)
  • Adobe Flash Player 32 NPAPI (32.0.0.453)
  • Adobe Flash Player 32 PPAPI (32.0.0.453)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.74)
  • FileZilla Client 3.51.0 (3.51.0)
  • Google Chrome (86.0.4240.198)
  • Google Update Helper (1.3.36.31)
  • Java 8 Update 271 (8.0.2710.9)
  • Java Auto Updater (2.8.271.9)
  • Microsoft .NET Framework 4.5.2 (4.5.51209)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
  • Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 83.0 (x86 en-US) (83.0)
  • Mozilla Maintenance Service (83.0.0.7621)
  • Notepad++ (32-bit x86) (7.9.1)
  • Opera 12.15 (12.15.1748)
  • QGA (2.14.33)
  • Skype version 8.29 (8.29)
  • VLC media player (3.0.11)
  • WinRAR 5.91 (32-bit) (5.91.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Hyphenation Parent Package English
  • IE Spelling Parent Package English
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • InternetExplorer Package TopLevel
  • KB2479943
  • KB2491683
  • KB2506212
  • KB2506928
  • KB2532531
  • KB2533552
  • KB2533623
  • KB2534111
  • KB2545698
  • KB2547666
  • KB2552343
  • KB2560656
  • KB2564958
  • KB2574819
  • KB2579686
  • KB2585542
  • KB2604115
  • KB2620704
  • KB2621440
  • KB2631813
  • KB2639308
  • KB2640148
  • KB2653956
  • KB2654428
  • KB2656356
  • KB2660075
  • KB2667402
  • KB2676562
  • KB2685811
  • KB2685813
  • KB2685939
  • KB2690533
  • KB2698365
  • KB2705219
  • KB2719857
  • KB2726535
  • KB2727528
  • KB2729094
  • KB2729452
  • KB2731771
  • KB2732059
  • KB2736422
  • KB2742599
  • KB2750841
  • KB2758857
  • KB2761217
  • KB2770660
  • KB2773072
  • KB2786081
  • KB2789645
  • KB2799926
  • KB2800095
  • KB2807986
  • KB2808679
  • KB2813347
  • KB2813430
  • KB2820331
  • KB2834140
  • KB2836942
  • KB2836943
  • KB2840631
  • KB2843630
  • KB2847927
  • KB2852386
  • KB2853952
  • KB2857650
  • KB2861698
  • KB2862152
  • KB2862330
  • KB2862335
  • KB2864202
  • KB2868038
  • KB2871997
  • KB2872035
  • KB2884256
  • KB2891804
  • KB2893294
  • KB2893519
  • KB2894844
  • KB2900986
  • KB2908783
  • KB2911501
  • KB2912390
  • KB2918077
  • KB2919469
  • KB2923545
  • KB2931356
  • KB2937610
  • KB2943357
  • KB2952664
  • KB2968294
  • KB2970228
  • KB2972100
  • KB2972211
  • KB2973112
  • KB2973201
  • KB2977292
  • KB2978120
  • KB2978742
  • KB2984972
  • KB2984976
  • KB2984976 SP1
  • KB2985461
  • KB2991963
  • KB2992611
  • KB2999226
  • KB3004375
  • KB3006121
  • KB3006137
  • KB3010788
  • KB3011780
  • KB3013531
  • KB3019978
  • KB3020370
  • KB3020388
  • KB3021674
  • KB3021917
  • KB3022777
  • KB3023215
  • KB3030377
  • KB3031432
  • KB3035126
  • KB3037574
  • KB3042058
  • KB3045685
  • KB3046017
  • KB3046269
  • KB3054476
  • KB3055642
  • KB3059317
  • KB3060716
  • KB3061518
  • KB3067903
  • KB3068708
  • KB3071756
  • KB3072305
  • KB3074543
  • KB3075226
  • KB3078667
  • KB3080149
  • KB3086255
  • KB3092601
  • KB3093513
  • KB3097989
  • KB3101722
  • KB3102429
  • KB3102810
  • KB3107998
  • KB3108371
  • KB3108664
  • KB3109103
  • KB3109560
  • KB3110329
  • KB3115858
  • KB3118401
  • KB3122648
  • KB3123479
  • KB3126587
  • KB3127220
  • KB3133977
  • KB3137061
  • KB3138378
  • KB3138612
  • KB3138910
  • KB3139398
  • KB3139914
  • KB3140245
  • KB3147071
  • KB3150220
  • KB3150513
  • KB3155178
  • KB3156016
  • KB3159398
  • KB3161102
  • KB3161949
  • KB3170735
  • KB3172605
  • KB3179573
  • KB3184143
  • KB3185319
  • KB4019990
  • KB4040980
  • KB4474419
  • KB4490628
  • KB4524752
  • KB4532945
  • KB4536952
  • KB4567409
  • KB958488
  • KB976902
  • KB982018
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • Package 21 for KB2984976
  • Package 38 for KB2984976
  • Package 45 for KB2984976
  • Package 59 for KB2984976
  • Package 7 for KB2984976
  • Package 76 for KB2984976
  • PlatformUpdate Win7 SRV08R2 Package TopLevel
  • ProfessionalEdition
  • RDP BlueIP Package TopLevel
  • RDP WinIP Package TopLevel
  • RollupFix
  • UltimateEdition
  • WUClient SelfUpdate ActiveX
  • WUClient SelfUpdate Aux TopLevel
  • WUClient SelfUpdate Core TopLevel
  • WinMan WinIP Package TopLevel

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • virus.exe (PID: 2436)
  • nrglpxi.exe (PID: 2600)
  • virus (2).exe (PID: 2972)
  • virus (2).exe (PID: 3144)
  • nwmtlyc.exe (PID: 2828)
  • nwmtlyc.exe (PID: 3864)
Drops executable file immediately after starts
  • virus.exe (PID: 2436)
  • virus (2).exe (PID: 2972)
Deletes shadow copies
  • nrglpxi.exe (PID: 2600)
  • nwmtlyc.exe (PID: 2828)
Changes the autorun value in the registry
  • nrglpxi.exe (PID: 2600)
  • nwmtlyc.exe (PID: 2828)
Renames files like Ransomware
  • nwmtlyc.exe (PID: 2828)
Reads the computer name
  • WinRAR.exe (PID: 2748)
  • virus.exe (PID: 2436)
  • nrglpxi.exe (PID: 2600)
  • virus (2).exe (PID: 2972)
  • nwmtlyc.exe (PID: 2828)
Executable content was dropped or overwritten
  • WinRAR.exe (PID: 2748)
  • virus.exe (PID: 2436)
  • virus (2).exe (PID: 2972)
Checks supported languages
  • WinRAR.exe (PID: 2748)
  • virus.exe (PID: 2436)
  • nrglpxi.exe (PID: 2600)
  • cmd.exe (PID: 2968)
  • virus (2).exe (PID: 2972)
  • virus (2).exe (PID: 3144)
  • nwmtlyc.exe (PID: 3864)
  • nwmtlyc.exe (PID: 2828)
  • cmd.exe (PID: 576)
Drops a file with too old compile date
  • WinRAR.exe (PID: 2748)
  • virus (2).exe (PID: 2972)
Starts itself from another location
  • virus.exe (PID: 2436)
  • virus (2).exe (PID: 2972)
Starts CMD.EXE for commands execution
  • virus.exe (PID: 2436)
  • virus (2).exe (PID: 2972)
Creates files in the user directory
  • virus.exe (PID: 2436)
  • nrglpxi.exe (PID: 2600)
  • virus (2).exe (PID: 2972)
  • nwmtlyc.exe (PID: 2828)
Application launched itself
  • virus (2).exe (PID: 3144)
  • nwmtlyc.exe (PID: 3864)
Drops a file with a compile date too recent
  • nrglpxi.exe (PID: 2600)
Creates files in the program directory
  • nwmtlyc.exe (PID: 2828)
Creates files like Ransomware instruction
  • nwmtlyc.exe (PID: 2828)
Checks for external IP
  • nwmtlyc.exe (PID: 2828)
Executed as Windows Service
  • vssvc.exe (PID: 3180)
Starts Internet Explorer
  • nwmtlyc.exe (PID: 2828)
Reads Microsoft Outlook installation path
  • iexplore.exe (PID: 3416)
Checks supported languages
  • firefox.exe (PID: 3600)
  • firefox.exe (PID: 2204)
  • firefox.exe (PID: 528)
  • firefox.exe (PID: 2184)
  • firefox.exe (PID: 2492)
  • firefox.exe (PID: 968)
  • firefox.exe (PID: 3776)
  • rundll32.exe (PID: 2968)
  • vssadmin.exe (PID: 2508)
  • vssadmin.exe (PID: 2428)
  • vssvc.exe (PID: 3180)
  • iexplore.exe (PID: 3416)
  • iexplore.exe (PID: 2216)
  • firefox.exe (PID: 3324)
  • firefox.exe (PID: 2068)
Reads CPU info
  • firefox.exe (PID: 3600)
  • firefox.exe (PID: 2068)
Application launched itself
  • firefox.exe (PID: 2204)
  • firefox.exe (PID: 3600)
  • iexplore.exe (PID: 2216)
  • firefox.exe (PID: 3324)
Reads the computer name
  • firefox.exe (PID: 3600)
  • firefox.exe (PID: 968)
  • firefox.exe (PID: 528)
  • firefox.exe (PID: 3776)
  • firefox.exe (PID: 2184)
  • firefox.exe (PID: 2492)
  • rundll32.exe (PID: 2968)
  • vssadmin.exe (PID: 2508)
  • vssadmin.exe (PID: 2428)
  • vssvc.exe (PID: 3180)
  • iexplore.exe (PID: 2216)
  • iexplore.exe (PID: 3416)
  • firefox.exe (PID: 2068)
Checks Windows Trust Settings
  • firefox.exe (PID: 3600)
  • iexplore.exe (PID: 2216)
Reads the date of Windows installation
  • firefox.exe (PID: 3600)
  • iexplore.exe (PID: 2216)
Creates files in the program directory
  • firefox.exe (PID: 3600)
Manual execution by user
  • WinRAR.exe (PID: 2748)
  • rundll32.exe (PID: 2968)
  • virus.exe (PID: 2436)
  • virus (2).exe (PID: 3144)
  • firefox.exe (PID: 3324)
Creates files in the user directory
  • firefox.exe (PID: 3600)
Dropped object may contain TOR URL's
  • WinRAR.exe (PID: 2748)
  • virus.exe (PID: 2436)
  • nwmtlyc.exe (PID: 2828)
Dropped object may contain Bitcoin addresses
  • nrglpxi.exe (PID: 2600)
  • nwmtlyc.exe (PID: 2828)
Reads settings of System Certificates
  • iexplore.exe (PID: 2216)
Reads internet explorer settings
  • iexplore.exe (PID: 3416)
Changes internet zones settings
  • iexplore.exe (PID: 2216)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
74
Monitored processes
24
Malicious processes
4
Suspicious processes
2

Behavior graph

+
start drop and start drop and start firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs winrar.exe rundll32.exe no specs virus.exe nrglpxi.exe cmd.exe no specs vssadmin.exe no specs virus (2).exe no specs virus (2).exe nwmtlyc.exe no specs cmd.exe no specs nwmtlyc.exe vssadmin.exe vssvc.exe no specs iexplore.exe iexplore.exe no specs firefox.exe no specs firefox.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2204
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" "https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.TeslaCrypt/Ransomware.TeslaCrypt.zip?raw=true"
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Mozilla Corporation
Description
Firefox
Version
83.0
Modules
Image
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\user32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\windows\system32\dbghelp.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\system32\msvcrt.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\program files\mozilla firefox\mozglue.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\windows\system32\usp10.dll
c:\windows\system32\lpk.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\windows\system32\cryptbase.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\windows\system32\imm32.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\windows\system32\apphelp.dll

PID
3600
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.TeslaCrypt/Ransomware.TeslaCrypt.zip?raw=true
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
Parent process
firefox.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Mozilla Corporation
Description
Firefox
Version
83.0
Modules
Image
c:\windows\system32\shlwapi.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\avrt.dll
c:\windows\system32\wtsapi32.dll
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\user32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\psapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\uxtheme.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\advapi32.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\system32\profapi.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\system32\msctf.dll
c:\windows\system32\dnsapi.dll
c:\program files\mozilla firefox\mozglue.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\devobj.dll
c:\windows\system32\rpcrt4.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\windows\system32\wsock32.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\kernel32.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\windows\system32\lpk.dll
c:\windows\system32\nsi.dll
c:\program files\mozilla firefox\d3dcompiler_47.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imm32.dll
c:\windows\system32\crypt32.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\windows\system32\wldap32.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\wbemcomn2.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wship6.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\winsta.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\npmproxy.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\mscms.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\netutils.dll
c:\windows\system32\samlib.dll
c:\windows\system32\wpc.dll
c:\windows\system32\samcli.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\audioses.dll
c:\windows\system32\propsys.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\d2d1.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\nssckbi.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\program files\mozilla firefox\freebl3.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\wininet.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\secur32.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\webio.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\actxprxy.dll
c:\program files\winrar\winrar.exe
c:\windows\system32\imageres.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\windowspowershell\v1.0\pwrshsip.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\slc.dll
c:\windows\system32\msisip.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wshext.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\sxs.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\linkinfo.dll

PID
968
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3600.0.1456457962\1037867663" -parentBuildID 20201112153044 -prefsHandle 1112 -prefMapHandle 1104 -prefsLen 1 -prefMapSize 238726 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3600 "\\.\pipe\gecko-crash-server-pipe.3600" 1196 gpu
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
No indicators
Parent process
firefox.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Mozilla Corporation
Description
Firefox
Version
83.0
Modules
Image
c:\windows\system32\atl.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\wship6.dll
c:\windows\system32\mf.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\dxva2.dll
c:\windows\system32\evr.dll
c:\windows\system32\user32.dll
c:\program files\mozilla firefox\mozglue.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\version.dll
c:\windows\system32\dbghelp.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\xul.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\windows\system32\usp10.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\crypt32.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\iphlpapi.dll
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\msasn1.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\winmm.dll
c:\windows\system32\profapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\windows\system32\avrt.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ole32.dll
c:\program files\mozilla firefox\d3dcompiler_47.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\oleaut32.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\nss3.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\windows\system32\imm32.dll

PID
2492
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3600.6.796398814\1877326896" -childID 1 -isForBrowser -prefsHandle 2236 -prefMapHandle 2232 -prefsLen 245 -prefMapSize 238726 -parentBuildID 20201112153044 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3600 "\\.\pipe\gecko-crash-server-pipe.3600" 2248 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
No indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Version:
Company
Mozilla Corporation
Description
Firefox
Version
83.0
Modules
Image
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\windows\system32\winmm.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\windows\system32\wship6.dll
c:\windows\system32\samlib.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\msctf.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\wevtapi.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\netutils.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\mswsock.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\windows\system32\avrt.dll
c:\windows\system32\devobj.dll
c:\windows\system32\samcli.dll
c:\program files\mozilla firefox\mozglue.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\d3dcompiler_47.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dbghelp.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\ole32.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\wpc.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\sechost.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\advapi32.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\windows\system32\imm32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\sspicli.dll
c:\program files\mozilla firefox\firefox.exe
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\ntdll.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\ws2_32.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\lpk.dll
c:\windows\system32\clbcatq.dll

PID
3776
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3600.13.856972663\2020650511" -childID 2 -isForBrowser -prefsHandle 3064 -prefMapHandle 3072 -prefsLen 6644 -prefMapSize 238726 -parentBuildID 20201112153044 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3600 "\\.\pipe\gecko-crash-server-pipe.3600" 3088 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
No indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Version:
Company
Mozilla Corporation
Description
Firefox
Version
83.0
Modules
Image
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\windows\system32\nsi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\ntdll.dll
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\d3d11.dll
c:\windows\system32\msvcrt.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\program files\mozilla firefox\nss3.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\lpk.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\mswsock.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\cryptbase.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\windows\system32\pnrpnsp.dll
c:\program files\mozilla firefox\mozglue.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\windows\system32\ws2_32.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\version.dll
c:\windows\system32\usp10.dll
c:\windows\system32\user32.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\shlwapi.dll
c:\program files\mozilla firefox\d3dcompiler_47.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\dnsapi.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\winmm.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\wldap32.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\avrt.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\iphlpapi.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\winrnr.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\system32\userenv.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wship6.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\samcli.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wevtapi.dll
c:\program files\mozilla firefox\freebl3.dll
c:\program files\mozilla firefox\softokn3.dll

PID
528
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3600.20.100487020\364565955" -childID 3 -isForBrowser -prefsHandle 3592 -prefMapHandle 3588 -prefsLen 7399 -prefMapSize 238726 -parentBuildID 20201112153044 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3600 "\\.\pipe\gecko-crash-server-pipe.3600" 3604 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
No indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Version:
Company
Mozilla Corporation
Description
Firefox
Version
83.0
Modules
Image
c:\windows\system32\sechost.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\kernel32.dll
c:\program files\mozilla firefox\firefox.exe
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\advapi32.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\windows\system32\iphlpapi.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\winnsi.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\devobj.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\windows\system32\shell32.dll
c:\program files\mozilla firefox\d3dcompiler_47.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\wsock32.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\cryptbase.dll
c:\program files\mozilla firefox\xul.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\windows\system32\imm32.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\userenv.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\windows\system32\lpk.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\wshtcpip.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\windows\system32\winmm.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\ntmarta.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\avrt.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ws2_32.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wpc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\samcli.dll
c:\program files\mozilla firefox\softokn3.dll
c:\program files\mozilla firefox\freebl3.dll

PID
2184
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3600.27.282170398\488014667" -childID 4 -isForBrowser -prefsHandle 3812 -prefMapHandle 3808 -prefsLen 7470 -prefMapSize 238726 -parentBuildID 20201112153044 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3600 "\\.\pipe\gecko-crash-server-pipe.3600" 3824 tab
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
No indicators
Parent process
firefox.exe
User
admin
Integrity Level
LOW
Version:
Company
Mozilla Corporation
Description
Firefox
Version
83.0
Modules
Image
c:\windows\system32\dbghelp.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\cryptbase.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\dxgi.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\windows\system32\usp10.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\kernel32.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\windows\system32\winmm.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\wintrust.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\avrt.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\shell32.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\windows\system32\lpk.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\gdi32.dll
c:\program files\mozilla firefox\d3dcompiler_47.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\crypt32.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\nsi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\rpcrt4.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\version.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\winrnr.dll

PID
2748
CMD
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Ransomware.TeslaCrypt.zip"
Path
C:\Program Files\WinRAR\WinRAR.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Alexander Roshal
Description
WinRAR archiver
Version
5.91.0
Modules
Image
c:\windows\system32\ole32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\devobj.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24542_none_5c0717c7a00ddc6d\gdiplus.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\propsys.dll
c:\windows\system32\sechost.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msvcrt.dll
c:\program files\winrar\winrar.exe
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\lpk.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\user32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\winsta.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\drprov.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\winmm.dll
c:\windows\system32\slc.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\riched20.dll
c:\windows\system32\imageres.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\wmasf.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\netutils.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\samlib.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\secur32.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\mpr.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\ehstorapi.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\dui70.dll
c:\windows\system32\duser.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptsp.dll

PID
2968
CMD
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\admin\Desktop\virus
Path
C:\Windows\system32\rundll32.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows host process (Rundll32)
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\rundll32.exe
c:\windows\system32\lpk.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\imageres.dll
c:\windows\system32\sechost.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\usp10.dll
c:\windows\system32\user32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\clbcatq.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\ole32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\propsys.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\slc.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\profapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\notepad.exe
c:\program files\adobe\acrobat reader dc\reader\acrord32.exe
c:\program files\opera\opera.exe
c:\windows\system32\mspaint.exe
c:\program files\windows media player\wmplayer.exe
c:\windows\ehome\ehshell.exe
c:\program files\microsoft office\office14\ois.exe
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\wldap32.dll
c:\program files\microsoft office\office14\winword.exe
c:\windows\system32\wmploc.dll
c:\program files\windows photo viewer\photoviewer.dll
c:\program files\videolan\vlc\vlc.exe
c:\program files\windows nt\accessories\wordpad.exe
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\version.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\netutils.dll

PID
2436
CMD
"C:\Users\admin\Desktop\virus.exe"
Path
C:\Users\admin\Desktop\virus.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Description
calc
Version
1, 0, 0, 1
Modules
Image
c:\windows\system32\kernel32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\profapi.dll
c:\users\admin\desktop\virus.exe
c:\windows\system32\lpk.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\userenv.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\version.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\imm32.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\shell32.dll
c:\users\admin\appdata\roaming\nrglpxi.exe
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\devobj.dll
c:\windows\system32\secur32.dll
c:\windows\system32\setupapi.dll

PID
2600
CMD
C:\Users\admin\AppData\Roaming\nrglpxi.exe
Path
C:\Users\admin\AppData\Roaming\nrglpxi.exe
Indicators
Parent process
virus.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Description
calc
Version
1, 0, 0, 1
Modules
Image
c:\windows\system32\lpk.dll
c:\windows\system32\ole32.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\usp10.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\wininet.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\psapi.dll
c:\windows\system32\rpcrt4.dll
c:\users\admin\appdata\roaming\nrglpxi.exe
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\userenv.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\secur32.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\vssadmin.exe
c:\windows\system32\apphelp.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\webio.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\npmproxy.dll
c:\windows\system32\wship6.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\dnsapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll

PID
2968
CMD
"C:\Windows\system32\cmd.exe" /c del C:\Users\admin\Desktop\virus.exe >> NUL
Path
C:\Windows\system32\cmd.exe
Indicators
No indicators
Parent process
virus.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\usp10.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cmd.exe
c:\windows\system32\lpk.dll

PID
2508
CMD
vssadmin delete shadows /all
Path
C:\Windows\system32\vssadmin.exe
Indicators
No indicators
Parent process
nrglpxi.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
Microsoft Corporation
Description
Command Line Interface for Microsoft� Volume Shadow Copy Service
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\atl.dll
c:\windows\system32\user32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\lpk.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\vssadmin.exe
c:\windows\system32\gdi32.dll
c:\windows\system32\ole32.dll

PID
3144
CMD
"C:\Users\admin\Desktop\virus (2).exe"
Path
C:\Users\admin\Desktop\virus (2).exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
12
Version:
Company
Description
Version
Modules
Image
c:\windows\system32\imm32.dll
c:\users\admin\desktop\virus (2).exe
c:\windows\system32\ole32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\sechost.dll
c:\windows\system32\usp10.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\quartz.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msctf.dll

PID
2972
CMD
"C:\Users\admin\Desktop\virus (2).exe"
Path
C:\Users\admin\Desktop\virus (2).exe
Indicators
Parent process
virus (2).exe
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Description
Version
Modules
Image
c:\windows\system32\usp10.dll
c:\windows\system32\kernel32.dll
c:\users\admin\desktop\virus (2).exe
c:\windows\system32\ntdll.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imm32.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\profapi.dll
c:\windows\system32\msctf.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\user32.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\userenv.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\sechost.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\psapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\winmm.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\quartz.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\setupapi.dll
c:\users\admin\appdata\roaming\nwmtlyc.exe
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\devobj.dll

PID
3864
CMD
C:\Users\admin\AppData\Roaming\nwmtlyc.exe
Path
C:\Users\admin\AppData\Roaming\nwmtlyc.exe
Indicators
No indicators
Parent process
virus (2).exe
User
admin
Integrity Level
MEDIUM
Exit code
12
Version:
Company
Description
Version
Modules
Image
c:\windows\system32\shell32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\usp10.dll
c:\windows\system32\quartz.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msctf.dll
c:\windows\system32\oleaut32.dll
c:\users\admin\appdata\roaming\nwmtlyc.exe
c:\windows\system32\kernelbase.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\lpk.dll
c:\windows\system32\ole32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll

PID
576
CMD
"C:\Windows\system32\cmd.exe" /c del C:\Users\admin\Desktop\VIRUS(~1.EXE >> NUL
Path
C:\Windows\system32\cmd.exe
Indicators
No indicators
Parent process
virus (2).exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Command Processor
Version
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Image
c:\windows\system32\kernelbase.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cmd.exe
c:\windows\system32\imm32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\usp10.dll

PID
2828
CMD
C:\Users\admin\AppData\Roaming\nwmtlyc.exe
Path
C:\Users\admin\AppData\Roaming\nwmtlyc.exe
Indicators
Parent process
nwmtlyc.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Description
Version
Modules
Image
c:\windows\system32\wininet.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\quartz.dll
c:\windows\system32\msctf.dll
c:\users\admin\appdata\roaming\nwmtlyc.exe
c:\windows\system32\sechost.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\lpk.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\version.dll
c:\windows\system32\userenv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\mpr.dll
c:\windows\system32\webio.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\devobj.dll
c:\windows\system32\netutils.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\iconcodecservice.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\npmproxy.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\wship6.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\nsi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\program files\internet explorer\ieproxy.dll
c:\program files\internet explorer\iexplore.exe

PID
2428
CMD
"C:\Windows\System32\vssadmin.exe" delete shadows /all /Quiet
Path
C:\Windows\System32\vssadmin.exe
Indicators
Parent process
nwmtlyc.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Command Line Interface for Microsoft� Volume Shadow Copy Service
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\vssadmin.exe
c:\windows\system32\user32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\atl.dll
c:\windows\system32\ole32.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\msctf.dll
c:\windows\system32\imm32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\vss_ps.dll

PID
3180
CMD
C:\Windows\system32\vssvc.exe
Path
C:\Windows\system32\vssvc.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Microsoft� Volume Shadow Copy Service
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\propsys.dll
c:\windows\system32\sechost.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\user32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\lpk.dll
c:\windows\system32\catsrvut.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\fltlib.dll
c:\windows\system32\msctf.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\vssvc.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\atl.dll
c:\windows\system32\netutils.dll
c:\windows\system32\authz.dll
c:\windows\system32\xolehlp.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\vss_ps.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\samlib.dll
c:\windows\system32\mfcsubs.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\clusapi.dll
c:\windows\system32\resutils.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\version.dll
c:\windows\system32\virtdisk.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\es.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\samcli.dll
c:\windows\system32\cryptbase.dll

PID
2216
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Roaming\log.html
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
nwmtlyc.exe
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wininet.dll
c:\windows\system32\usp10.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\iertutil.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\sechost.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\userenv.dll
c:\windows\system32\cryptsp.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msctf.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\version.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\webio.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\ole32.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\lpk.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\nsi.dll
c:\windows\system32\credssp.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\wship6.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\propsys.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\secur32.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\ieui.dll
c:\windows\system32\dui70.dll
c:\windows\system32\duser.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\macromed\flash\flash32_32_0_0_453.ocx
c:\windows\system32\url.dll
c:\windows\system32\mlang.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\schannel.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\npmproxy.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\xmllite.dll

PID
3416
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2216 CREDAT:144385 /prefetch:2
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
No indicators
Parent process
iexplore.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\lpk.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\ieui.dll
c:\windows\system32\d2d1.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\wininet.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\nsi.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\ole32.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\shell32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\version.dll
c:\windows\system32\profapi.dll
c:\windows\system32\devobj.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\imm32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\user32.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\userenv.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\webio.dll
c:\windows\system32\wship6.dll
c:\windows\system32\usp10.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\iertutil.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\propsys.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\jscript9.dll
c:\windows\system32\d3d10warp.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\sxs.dll

PID
3324
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe"
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Mozilla Corporation
Description
Firefox
Version
83.0
Modules
Image
c:\windows\system32\sechost.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\windows\system32\cryptbase.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\windows\system32\imm32.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msctf.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\wintrust.dll
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\dbghelp.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\gdi32.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\crypt32.dll
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\system32\version.dll
c:\windows\system32\lpk.dll

PID
2068
CMD
"C:\Program Files\Mozilla Firefox\firefox.exe"
Path
C:\Program Files\Mozilla Firefox\firefox.exe
Indicators
No indicators
Parent process
firefox.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Mozilla Corporation
Description
Firefox
Version
83.0
Modules
Image
c:\program files\mozilla firefox\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-localization-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l1-2-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-multibyte-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\ntmarta.dll
c:\program files\mozilla firefox\ucrtbase.dll
c:\program files\mozilla firefox\api-ms-win-crt-filesystem-l1-1-0.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\dbghelp.dll
c:\program files\mozilla firefox\api-ms-win-crt-math-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\mozilla firefox\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\mozilla firefox\nss3.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\crypt32.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\api-ms-win-crt-string-l1-1-0.dll
c:\program files\mozilla firefox\xul.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\version.dll
c:\program files\mozilla firefox\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\mozilla firefox\lgpllibs.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\setupapi.dll
c:\program files\mozilla firefox\d3dcompiler_47.dll
c:\windows\system32\msvcrt.dll
c:\program files\mozilla firefox\api-ms-win-crt-heap-l1-1-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\lpk.dll
c:\windows\system32\avrt.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ntdll.dll
c:\program files\mozilla firefox\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\wldap32.dll
c:\program files\mozilla firefox\api-ms-win-core-file-l2-1-0.dll
c:\windows\system32\profapi.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\program files\mozilla firefox\api-ms-win-crt-stdio-l1-1-0.dll
c:\windows\system32\ole32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\psapi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\devobj.dll
c:\program files\mozilla firefox\api-ms-win-crt-time-l1-1-0.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\dhcpcsvc.dll
c:\program files\mozilla firefox\firefox.exe
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\shlwapi.dll
c:\program files\mozilla firefox\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\sechost.dll
c:\program files\mozilla firefox\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\mozilla firefox\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shell32.dll
c:\windows\system32\dwmapi.dll

Registry activity

Total events
20812
Read events
0
Write events
310
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
2204
firefox.exe
write
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher
C:\Program Files\Mozilla Firefox\firefox.exe|Launcher
CC45F9D760000000
3600
firefox.exe
write
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher
C:\Program Files\Mozilla Firefox\firefox.exe|Browser
764CF9D760000000
3600
firefox.exe
write
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Default Browser Agent
C:\Program Files\Mozilla Firefox|ServicesSettingsServer
https://firefox.settings.services.mozilla.com/v1
3600
firefox.exe
write
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher
C:\Program Files\Mozilla Firefox\firefox.exe|Telemetry
0
3600
firefox.exe
write
HKEY_CURRENT_USER\Software\Mozilla\Firefox\DllPrefetchExperiment
C:\Program Files\Mozilla Firefox\firefox.exe
0
3600
firefox.exe
write
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Default Browser Agent
C:\Program Files\Mozilla Firefox|DisableTelemetry
1
3600
firefox.exe
write
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Default Browser Agent
C:\Program Files\Mozilla Firefox|DisableDefaultBrowserAgent
0
3600
firefox.exe
write
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Default Browser Agent
C:\Program Files\Mozilla Firefox|SecurityContentSignatureRootHash
97:E8:BA:9C:F1:2F:B3:DE:53:CC:42:A4:E6:57:7E:D6:4D:F4:93:C2:47:B4:14:FE:A0:36:81:8D:38:23:56:0E
3600
firefox.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
LanguageList
en-US
3600
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3600
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000003B010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A80164000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
3600
firefox.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files\WinRAR\WinRAR.exe
WinRAR archiver
3600
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyBypass
1
3600
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
1
3600
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
0
3600
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
IntranetName
1
3600
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionTime
2580813A8D09D801
3600
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionReason
1
3600
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecision
0
3600
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecision
0
3600
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecisionReason
1
3600
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecisionTime
2580813A8D09D801
3600
firefox.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadNetworkName
Network 4
2748
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtIcon
2748
WinRAR.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
LanguageList
en-US
2748
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtBMP
2748
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
1
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
2748
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
size
80
2748
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
type
120
2748
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
2
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
2748
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
name
120
2748
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
mtime
100
2748
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
0
C:\Users\admin\AppData\Local\Temp\Ransomware.TeslaCrypt.zip
2748
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface
ShowPassword
0
2748
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
size
80
2748
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin
Placement
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF220000007C000000E203000071020000
2748
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
name
120
2748
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General
LastFolder
C:\Users\admin\AppData\Local\Temp
2748
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
psize
80
2748
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General\Toolbar\Layout
Band56_1
38000000730100000500000000000000D4D0C8000000000000000000000000008A01010000000000160000002A0000000000000002000000
2748
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
type
120
2748
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General\Toolbar\Layout
Band56_0
38000000730100000402000000000000D4D0C800000000000000000000000000880101000000000039000000B40200000000000001000000
2748
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General\Toolbar\Layout
Band56_2
38000000730100000400000000000000D4D0C800000000000000000000000000740101000000000016000000640000000000000003000000
2748
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
mtime
100
2748
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
crc
70
2968
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Windows\system32\NOTEPAD.EXE
Notepad
2968
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Windows\system32\mspaint.exe
Paint
2968
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
WordPad
2968
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Windows\eHome\ehshell.exe
Windows Media Center
2968
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
@wmploc.dll,-102
Windows Media Player
2968
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Microsoft Word
2968
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\PROGRA~1\MICROS~1\Office14\OIS.EXE
Microsoft Office 2010
2968
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files\VideoLAN\VLC\vlc.exe
VLC media player
2968
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
LanguageList
en-US
2968
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files\Opera\Opera.exe
Opera Internet Browser
2968
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files\Windows Media Player\wmplayer.exe
Windows Media Player
2968
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files\Windows Photo Viewer\PhotoViewer.dll
Windows Photo Viewer
2968
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files\Mozilla Firefox\firefox.exe
Firefox
2436
virus.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
0
2436
virus.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyBypass
1
2436
virus.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
1
2436
virus.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
IntranetName
1
2600
nrglpxi.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
crypto13
C:\Users\admin\AppData\Roaming\nrglpxi.exe
2600
nrglpxi.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
CachePrefix
2600
nrglpxi.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
0
2600
nrglpxi.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000003C010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A864C4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
2600
nrglpxi.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecisionReason
1
2600
nrglpxi.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
1
2600
nrglpxi.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDetectedUrl
2600
nrglpxi.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionReason
1
2600
nrglpxi.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
CachePrefix
Cookie:
2600
nrglpxi.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyBypass
1
2600
nrglpxi.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
IntranetName
1
2600
nrglpxi.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionTime
2580813A8D09D801
2600
nrglpxi.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecisionTime
433C84558D09D801
2600
nrglpxi.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecision
0
2600
nrglpxi.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecision
0
2600
nrglpxi.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadNetworkName
Network 4
2600
nrglpxi.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2600
nrglpxi.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionTime
433C84558D09D801
2600
nrglpxi.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
CachePrefix
Visited:
2600
nrglpxi.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionTime
2A5F265C8D09D801
2600
nrglpxi.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecisionTime
76893E698D09D801
2600
nrglpxi.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionTime
76893E698D09D801
2600
nrglpxi.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionTime
C428C36A8D09D801
2972
virus (2).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
IntranetName
1
2972
virus (2).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
0
2972
virus (2).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyBypass
1
2972
virus (2).exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
1
2828
nwmtlyc.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
1
2828
nwmtlyc.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
0
2828
nwmtlyc.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyBypass
1
2828
nwmtlyc.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
msconfig
C:\Users\admin\AppData\Roaming\nwmtlyc.exe
2828
nwmtlyc.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
IntranetName
1
2828
nwmtlyc.exe
write
HKEY_CURRENT_USER\Control Panel\Desktop
TileWallpaper
0
2828
nwmtlyc.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecisionReason
1
2828
nwmtlyc.exe
write
HKEY_CURRENT_USER\Control Panel\Desktop
WallpaperStyle
0
2828
nwmtlyc.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecision
0
2828
nwmtlyc.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
CachePrefix
2828
nwmtlyc.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadNetworkName
Network 4
2828
nwmtlyc.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
CachePrefix
Cookie:
2828
nwmtlyc.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionReason
1
2828
nwmtlyc.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionTime
8A39005C8D09D801
2828
nwmtlyc.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2828
nwmtlyc.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionTime
433C84558D09D801
2828
nwmtlyc.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
CachePrefix
Visited:
2828
nwmtlyc.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecision
0
2828
nwmtlyc.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000003D010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A864C4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
2828
nwmtlyc.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDetectedUrl
2828
nwmtlyc.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecisionTime
8A39005C8D09D801
2828
nwmtlyc.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionTime
2A5F265C8D09D801
2828
nwmtlyc.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecisionTime
2A5F265C8D09D801
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
NextCheckForUpdateLowDateTime
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPLastLaunchLowDateTime
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPDaysSinceLastAutoMigration
1
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPLastLaunchHighDateTime
30935437
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
NextCheckForUpdateHighDateTime
30935437
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyBypass
1
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
1
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{A52F9FED-7580-11EC-BB61-12A9866C77DE}
0
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
F04D9D678D09D801
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
0
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
4AB09F678D09D801
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
CachePrefix
Visited:
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
IntranetName
1
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
CachePrefix
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
CachePrefix
Cookie:
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000003E010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A864C4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Type
10
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
25
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
25
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Count
25
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Blocked
25
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E607010005000E0015001A002200DF00
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Time
E607010005000E0015001A002200DF00
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E607010005000E0015001A002200DF00
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Blocked
25
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Blocked
25
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E607010005000E0015001A002200DF00
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
25
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Blocked
25
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery
Active
0
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021493-0000-0000-C000-000000000046}\Enum
Implementing
1C00000001000000E607010005000E0015001A002500560201000000644EA2EF78B0D01189E400C04FC9E26E
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021494-0000-0000-C000-000000000046}\Enum
Implementing
1C00000001000000E607010005000E0015001A002600040000000000
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP
BackupDefaultSearchScope
00000000A6070000F4B3952CE7520E5A0A02B6B870ADBA34F9502BD1D18B0E017027DB7D4371684F3C3F8A800FD1B848962799AF7500ED75B0E26443ACF6AB124D87ECFD6271C3ECE6DFCF9E59107A16300AA0A606788AF8A719C1FA4A72E7BF2BB425BA920994B5E2B4BF663CB063F2A6C9FE99D1598A1C501553DFE39E714879CECB09A0DBA0632DDFBF76AA51B9A419865C4F0F443F342CF68E0A491CF9277FF50B22FD8623621A7E0665EA9379D9825FA57697D7B524D8DB2AED118BB6A56949EB60C8AAB1F5AFB28850D316EC753F76F89805B45F97ACE6F4C1CA8A847B6FEAD76299E706F1249B6EB9ED7A090994E8B2DA19790CB30436225249BBDA8245F809EFF5DD4CFD1A5A79B04E60084229DADC8ABAC75B7055EB070C6ABDBD7B1F932AAE432CB26E0F0DB1503766D37DA7670E84243FB97179256865B82F88DC1FDB4CB1277434ADACD55190122D5B5E33B2505ED47F1078A503069019B321B7E7F05BCC0055842860D3E257F155A97693D9376B7629D05DEDA704817EE891A7F2F246BE4C6FFFE1202521F2FA7E4A0707FEF68C43DB24A539307841EC6D6CDBF601192965627D7DBAEC25C98048BBC49E3F8BCF88365C9948BEDF935EE4781EF33D8B5BCFCDF4ED8B4851705F54D9B517BEEBE121DBE7F99570A3EB78EC2E02C1C662E8B452E4A8425A56015A402A1B619A424CC5689F3ACB6848AED6249B0FD9BC7E0DA6909A6C1D4071CA09AD0E6CEBF2FF897E7F11530CC5BAC87D2EED06FD3FD4EFE027A899F51BBD48DC3B835F26E806E3A7BE1F1C23A7C99456A930338B6F83A195B7E813040C5277B78AE507EA9A0F2299C6A53D272EF70CDC3487CFB56C7AFC1FE03BBE2231216AF13A33FA492A1B117E381BADB579B74F21710D76A256D1461442FA7EEFABD13862ECEC8EDCB620CBD1B2BFBEFDAA757796FE54A4AF4D7CB03E7D4BD5BF9A943D663EA5241B60C3DC4ED6E0C032E0D2B9D07DCD4BB6713197133164026B1F23A21AD1B982F7467D34DD42D02A183BD5E16D8DEF7781E28DA248FEB8BC5D58333B7F45CD3B468A21E3F197465D84DABD1083CDFAFCC5C05EAA7284BA7AC366F0B2C53A862EA04A85AE7776ABEFD7DF2AD3B4DF903C972BD06F9F62F64494694B09BE50D90D2DA82E6EA47DA78EF2691E862B6260F99F431E25B83AAD1D39828D5E8427F8F9BDC2373E604E266A6598690C8EF5A034702997C8D5AB76FBE3CF250F3960942B29BAC67EDC872035598CC6CFC03A52273AFB5F4A8355D948B771E421129917B2DFAE8AA5F9C924B2D864B0193BD02E3E66DA2685FDD86A0033894F021873B33801C0E1DE03B551D4CE42AAB3CD56323275E682085AD4B0500135C88FE58EE6E3960E047BB8E9576B134529E1EE6EDE26503F85B035E9CAD3C9962F77D28A643AFBBAD13242072F64538DB69E7AB7D1DD0705F80D20B7635486CCF8E28F07E22161E36C35BFAD2796B739BB3796D085F97B58429D63DE47256FF8277229A618E7F5A80808547D4A22F16B1F2E835B63513A5838D215FE1208F038068C4705655B312B3E3B1E15B65FFF42E06A49F796502C2528F0D3B687A4A3AD67F770C5E7FAC38A93E4A316765E38DE56C4A243DB6C31DF83AE80A8E08C66784EC6EF86EB294BE74AF654211DF0655F7CD308E1D3A431A6ABB68473C3D371B7EF97CAE8D97FC460B458C9D4304D8FE4531605704815159A7FE7F8B79636ED8B4B20998BAA1F6A1787E02FD1FD3DCB8F23669E8FAE9A53DBC6709D14BBD1EC143F07FF0F5A25B22AB90C01B657D95F7F89BB12E02C85038929BDE72AA7655A73F1110915FA1B21BB0396F624F4D84BD486427702445813C4BB251D99283043C64DA43A3BF88BA4E885D27CBCF16F73AE2FC0A2940C9F19AC1F7F01019B50B62EEB890422319478D3A3E3C81C8BBEA32CB6441F38D7CFF961C9705C02CDC06BCCF911FE6AB095839AB2B637E6E3D1F170B132648D093BEE03C39A4D3CADD72FBEB77DA2B32EEC035F9FD601B8992A31994192CF321112EFB243927F4F7564EB2596BD8A9D94B89140860C953342E55BC77AB506C91577E88E51A882DA51518121887B70C947BF0A5F3BCF6FF859628D19172C7FF10A9FCDB74C81957F0EDC45D3167857D5184C3BDB3A83D8A5C5858AB1290CD6493A07DE4DAE7EAADD015D3C596B380E627D34E6D35B8D64DC54873EAEC08009737AB48F707CF8E894C59BE8D45BFFDC10E4D966699030BC3B2D5005303EB1330E8A86AC404A421944A7B447651D1EEB7FC44BEDBBE6429B6338695457E8F6CFB9AD9CABDD5888218DEE933C2A548F9B4FBB6C52EB0AA60DF58678BF42815E3216C3C586676F74120F49F7D94444E16421E030C11738A2D68FFF52EC13EE81B2C36203A6FE9AA63F6A2207B9D310750F9397E34E6124FD4DD3F29512E9A1A4D162A91B89C20702473E387D4DF8030B32462A88E2E7CEF09E5F82DAFAE49A3023921C3F96D3D9BF272B385943D1CC9D10DA293F2BCBFCE892D447729F239B749CF2AFB69E51045966D14828D97F6C8EC1EF14C2A22BF11337D301B497C82BBDD72408A89C5CE642A4CF40DCC1222E23FF2524F16E296CC4F7FA31DEECF2DDB42DC7BEE98F143171B2C7D33079DBEE529B1C0E68B0E308A15CEB967F2FC1551C967AE5E2719A20B5DC5826A3E9C82DE06475AE2E057B66A6FD446C7D7C5591CCE5DF747F660C70E1832233F8BB0A37C833CE056E8F0F2CF28DA63399A3CD5C0E5495F231668BD7C2ECC52F5268C24DFE6FC8010000000E000000385835324E41646D516B412533640200000000000000
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecisionReason
1
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionTime
6AC6C06A8D09D801
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadNetworkName
Network 4
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecision
0
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP
ChangeNotice
0
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionTime
76893E698D09D801
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionTime
C428C36A8D09D801
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDetectedUrl
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecisionTime
6AC6C06A8D09D801
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecision
0
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionReason
1
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000F852C81D6D9D094D9DF343D515B2EC280000000002000000000010660000000100002000000044910842058AA022D9C7B6343A859EBCEE1E84B5FE3254483F019786E76C1077000000000E8000000002000020000000D12B65EAA71C4E72C03E838B7E581DAF2FE11F9B42E811073E8F9D967FF9899710000000912B7388D5E3CEAE41D79FF90A1282D740000000D4A77BC6F05B99A738F6697B7BDCC2FFC0D802695386B1F2BC96DFF8C5422340A1D8C26E8C139831E2DD101DFF5F5E0858370CF90F6711B5A5096D1E380FCC0C
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecisionTime
C428C36A8D09D801
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000F852C81D6D9D094D9DF343D515B2EC2800000000020000000000106600000001000020000000FBEC5BEF65CCBFB4ADA1C5CD7EF80970068676D66656E774FB3F100C49B805CB000000000E8000000002000020000000443DDC51125FC428209E5FC4834107A594237F5BE84D8A5DFF30FC28F741847F500000004664F6647948016F63DA04BFBBA1EA4C1B557B362FD94D5DD982C1A9C5EB7563AA8E7785D02342DBBE0F6D8EDBEAD511857C94D9509D3B2C2A7897426E1633DF08B88794FD5792416A8E8887FB18D919400000002BA72CA1FE21B9874E60F15D2AD31554D380E3C8C8DB379BB79325EC8C6BFC9AAA9F478A2A18C173DD8CD5037DE417BD84AE8D1D2FFAD8B2D18D79E14B24FED7
2216
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
LanguageList
en-US
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MINIE
TabBandWidth
500
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
HashFileVersionHighPart
0
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastCheckForUpdateLowDateTime
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastUpdateLowDateTime
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
HashFileVersionLowPart
2
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastUpdateHighDateTime
30935437
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastCheckForUpdateHighDateTime
30935437
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
NextCheckForUpdateHighDateTime
30935487
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastTTLHighDateTime
50
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastTTLLowDateTime
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
DecayDateQueue
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000F852C81D6D9D094D9DF343D515B2EC2800000000020000000000106600000001000020000000FC081A8E8BA3418E78350D69C4F7794461BAEFAD96E9336AD7FBEE73BF1F5791000000000E80000000020000200000003E966459F759FE2CCC1E76DF2F0A159CEECACB37349361D7203917A0773F244B200000002ED8972806BBF4C507BFAFCDA6FDC8438245148C894DB03EA134FF120E8AEBCB400000005DA0D5C4B246F2D9DBA47A10B06D798A6C9BCA66CD3C922D130AA8CF3D33909B15D6E162885DB4FFDE46FC1AA4898E82DE9AE6EC0DF0580B3425317B5A2B4B46
2216
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
LastProcessed
D05FC2798D09D801
3416
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
0
3416
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
IntranetName
1
3416
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
1
3416
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
CachePrefix
3416
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
CachePrefix
Cookie:
3416
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyBypass
1
3416
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
CachePrefix
Visited:
3324
firefox.exe
write
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher
C:\Program Files\Mozilla Firefox\firefox.exe|Launcher
69AB81D860000000
2068
firefox.exe
write
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher
C:\Program Files\Mozilla Firefox\firefox.exe|Browser
18B281D860000000

Files activity

Executable files
5
Suspicious files
1968
Text files
501
Unknown types
90

Dropped files

PID
Process
Filename
Type
2972
virus (2).exe
C:\Users\admin\AppData\Roaming\nwmtlyc.exe
executable
MD5: 6e080aa085293bb9fbdcc9015337d309
SHA256: 9b462800f1bef019d7ec00098682d3ea7fc60e6721555f616399228e4e3ad122
2436
virus.exe
C:\Users\admin\AppData\Roaming\nrglpxi.exe
executable
MD5: 209a288c68207d57e0ce6e60ebf60729
SHA256: 3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370
2748
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb2748.18171\3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370
executable
MD5: 209a288c68207d57e0ce6e60ebf60729
SHA256: 3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370
2748
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb2748.18171\E906FA3D51E86A61741B3499145A114E9BFB7C56
executable
MD5: 6d3d62a4cff19b4f2cc7ce9027c33be8
SHA256: afaba2400552c7032a5c4c6e6151df374d0e98dc67204066281e30e6699dbd18
2748
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRb2748.18171\51B4EF5DC9D26B7A26E214CEE90598631E2EAA67
executable
MD5: 6e080aa085293bb9fbdcc9015337d309
SHA256: 9b462800f1bef019d7ec00098682d3ea7fc60e6721555f616399228e4e3ad122
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_da_135x40.svg
binary
MD5: 8e9d908ff53833682c096c217d74da2a
SHA256: 7ba4d974e186bb6a61685398e4d1ccb76a0b759113c837fa565669d86241bceb
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_en_135x40.svg
binary
MD5: e0c26aab97be4531b8887cb694d9bdb1
SHA256: d4d5a91de54148ec27f48429bbcc633939a7b8bc2cefeca5c506bf2bb4e8ad7b
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_de_135x40.svg.ecc
binary
MD5: ce4fc4f348abbd6794121f61d41271f8
SHA256: aede9e620144903b4eaa038b061221dac6327fa06d6be387c76f1a64b40fe3f3
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_da_135x40.svg.ecc
binary
MD5: 8e9d908ff53833682c096c217d74da2a
SHA256: 7ba4d974e186bb6a61685398e4d1ccb76a0b759113c837fa565669d86241bceb
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_de_135x40.svg
binary
MD5: ce4fc4f348abbd6794121f61d41271f8
SHA256: aede9e620144903b4eaa038b061221dac6327fa06d6be387c76f1a64b40fe3f3
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_cs_135x40.svg.ecc
binary
MD5: cd398ba83551d81e0a53e2d1c6baf248
SHA256: 8205b2408ef98e3081732767995a4d769da5322689c86e588871bdcd8a36b693
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_cs_135x40.svg
binary
MD5: cd398ba83551d81e0a53e2d1c6baf248
SHA256: 8205b2408ef98e3081732767995a4d769da5322689c86e588871bdcd8a36b693
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_en_135x40.svg.ecc
binary
MD5: e0c26aab97be4531b8887cb694d9bdb1
SHA256: d4d5a91de54148ec27f48429bbcc633939a7b8bc2cefeca5c506bf2bb4e8ad7b
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\css\main-selector.css
binary
MD5: 6ed14c2bc5fc49915f9d4d250e8569f4
SHA256: 4505b756f24fc9f69c824bebf551da3a90cc1d2269df725d577b57762d2411f8
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\css\main.css.ecc
binary
MD5: da460fe5a501518f45b82f0d928ef487
SHA256: 648e4d428f248c6bb4d9848c0ce1a22487687378257ca20172bb6d64c8e00d76
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Complex Machine.pdf
binary
MD5: bcfbeba09d35fe4c41fc956aaf76e715
SHA256: 4c2a6ccc0de79e53bd05553c3b40fa7bb3039138c888dc66ea023c51733d0443
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Complex Machine.pdf.ecc
binary
MD5: bcfbeba09d35fe4c41fc956aaf76e715
SHA256: 4c2a6ccc0de79e53bd05553c3b40fa7bb3039138c888dc66ea023c51733d0443
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\css\main-selector.css.ecc
binary
MD5: 04d1fafb5cecceb9e0fee63205271ecd
SHA256: a7301f8e16a4585533d4ccad13884e0d11e5133590e340d27b0f246512c10857
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\css\main.css
binary
MD5: da460fe5a501518f45b82f0d928ef487
SHA256: 648e4d428f248c6bb4d9848c0ce1a22487687378257ca20172bb6d64c8e00d76
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Bus Schedule.pdf.ecc
binary
MD5: d1f8d2bd36af484918bf047af5c3c907
SHA256: 6067fede68af7b71b9c97a7c615d56bfb1b228011472f95d6e5363ff55c44dfd
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\css\main-selector.css.ecc
binary
MD5: 6ed14c2bc5fc49915f9d4d250e8569f4
SHA256: 4505b756f24fc9f69c824bebf551da3a90cc1d2269df725d577b57762d2411f8
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\css\main.css.ecc
binary
MD5: 34fcb9c418ade7fccbed2e5f684185ba
SHA256: 82865381c460b08281276ed1071357d91719019aa91cc61d779327906cde98f2
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\css\main-selector.css
binary
MD5: 04d1fafb5cecceb9e0fee63205271ecd
SHA256: a7301f8e16a4585533d4ccad13884e0d11e5133590e340d27b0f246512c10857
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Bus Schedule.pdf
binary
MD5: d1f8d2bd36af484918bf047af5c3c907
SHA256: 6067fede68af7b71b9c97a7c615d56bfb1b228011472f95d6e5363ff55c44dfd
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\css\main.css
binary
MD5: 34fcb9c418ade7fccbed2e5f684185ba
SHA256: 82865381c460b08281276ed1071357d91719019aa91cc61d779327906cde98f2
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Adobe Sign White Paper.pdf.ecc
binary
MD5: 8359b131b08d2ef86a71b47648552d63
SHA256: edc2c6e927fac70f2f6154969eb6c5bfa3169807cc040fa36b42322a80900753
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Adobe Sign White Paper.pdf
binary
MD5: 8359b131b08d2ef86a71b47648552d63
SHA256: edc2c6e927fac70f2f6154969eb6c5bfa3169807cc040fa36b42322a80900753
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\s_thumbnailview_18.svg.ecc
binary
MD5: ca618155a7cf1133960fe515d6ff2f79
SHA256: a90291a43b662c65fe997eca4383b5f31c80d3a04c2f3235e795b136bc87db5c
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Adobe Cloud Services.pdf
binary
MD5: c440d271170585d07e20fea9febfa7bc
SHA256: 4deaf46f50a143ebf2d7b80ac7ed7e15b8c6f9ba0aeb0d1e9a06019be7a04344
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\sat_logo_2x.png.ecc
binary
MD5: 44894d664716d3869bc59bffe2ca259a
SHA256: 6588c8f727fe1ddd30a1be6b12f8c3d6152daba08dbf027e0e7d86c0d6d0514f
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Adobe Cloud Services.pdf.ecc
binary
MD5: c440d271170585d07e20fea9febfa7bc
SHA256: 4deaf46f50a143ebf2d7b80ac7ed7e15b8c6f9ba0aeb0d1e9a06019be7a04344
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Adobe Acrobat Pro DC.pdf
binary
MD5: d33d0ad0e31d62c43c8d41ddf4b417ce
SHA256: b8eb56d7da47287fa192c5b0ad96b539c729f88a7cf9244a707bb254f9cfad57
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\share_icons.png.ecc
binary
MD5: 251530efb4c2754d7f5e596fbe158b8e
SHA256: eb3d897b514a22796bda747b3f5bfea52a30e8bbd3a40bd3544cd8dfd9a4bf22
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\nub.png.ecc
binary
MD5: abb51ea03794a74de6022c5aeedaf5ae
SHA256: 53939708affe9106e476042d1a42b1a11b7e028aeecc5bb523ddec4c01f7f0fb
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\share_icons.png
binary
MD5: 251530efb4c2754d7f5e596fbe158b8e
SHA256: eb3d897b514a22796bda747b3f5bfea52a30e8bbd3a40bd3544cd8dfd9a4bf22
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\share_icons2x.png
binary
MD5: 12ee69ae9055e321dc526ce132eda9c3
SHA256: a8017891c536eea96414bad6f6bf311278408baa1c3fc155bcbd8ce9d10cb5b1
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\sat_logo_2x.png
binary
MD5: 44894d664716d3869bc59bffe2ca259a
SHA256: 6588c8f727fe1ddd30a1be6b12f8c3d6152daba08dbf027e0e7d86c0d6d0514f
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\s_listview_18.svg
binary
MD5: 638a86d2a922670cc25874fd22d901f9
SHA256: 1327ab27fa73e877b5b83bdd7730886555e981c46a99b92ce76c65b969f946b2
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\nub.png
binary
MD5: abb51ea03794a74de6022c5aeedaf5ae
SHA256: 53939708affe9106e476042d1a42b1a11b7e028aeecc5bb523ddec4c01f7f0fb
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\sat_logo.png
binary
MD5: 46cde28297a0c7ac3aaad0fbfdcb9482
SHA256: 6c31361f765bba3f74951a36f7fb79d6cddbc878939631de6bcc878730381f21
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\sat_logo.png.ecc
binary
MD5: 46cde28297a0c7ac3aaad0fbfdcb9482
SHA256: 6c31361f765bba3f74951a36f7fb79d6cddbc878939631de6bcc878730381f21
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Adobe Acrobat Pro DC.pdf.ecc
binary
MD5: d33d0ad0e31d62c43c8d41ddf4b417ce
SHA256: b8eb56d7da47287fa192c5b0ad96b539c729f88a7cf9244a707bb254f9cfad57
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\s_thumbnailview_18.svg
binary
MD5: ca618155a7cf1133960fe515d6ff2f79
SHA256: a90291a43b662c65fe997eca4383b5f31c80d3a04c2f3235e795b136bc87db5c
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\s_listview_18.svg.ecc
binary
MD5: 638a86d2a922670cc25874fd22d901f9
SHA256: 1327ab27fa73e877b5b83bdd7730886555e981c46a99b92ce76c65b969f946b2
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\share_icons2x.png.ecc
binary
MD5: 12ee69ae9055e321dc526ce132eda9c3
SHA256: a8017891c536eea96414bad6f6bf311278408baa1c3fc155bcbd8ce9d10cb5b1
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\dd_arrow_small2x.png.ecc
binary
MD5: 3e389c64f4f99a4aa1809b4bd2a57eb3
SHA256: d737b4aac88c0eb08dfce7d755a19fce78a91f830fc8efe67bfe80b8cd4ae76e
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\cstm_brand_preview.png
binary
MD5: e59ff85b7c8dca790ea975b49b2a1e38
SHA256: f84b92bdd30266f8d7c0dd7af780973113750010ddcaafa1567b1f4e2b1be14d
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\cstm_brand_preview2x.png
flc
MD5: 8d09202080fb94c0c8a196fe15d4a415
SHA256: abb4ba3243a700f0d4af8239f43a0e4fcae6f8e68068e2c2cb35c084ce55da3d
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\cstm_brand_preview2x.png.ecc
flc
MD5: 8d09202080fb94c0c8a196fe15d4a415
SHA256: abb4ba3243a700f0d4af8239f43a0e4fcae6f8e68068e2c2cb35c084ce55da3d
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\dd_arrow_small.png
binary
MD5: 16c56f78c99ec7c67d48181fb58ed75a
SHA256: 0982f441e7d04d75d6dc53b4c5cb5592b7d7499289402d567ddd80c91541bc72
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\cstm_brand_preview.png.ecc
binary
MD5: e59ff85b7c8dca790ea975b49b2a1e38
SHA256: f84b92bdd30266f8d7c0dd7af780973113750010ddcaafa1567b1f4e2b1be14d
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\dd_arrow_small2x.png
binary
MD5: 3e389c64f4f99a4aa1809b4bd2a57eb3
SHA256: d737b4aac88c0eb08dfce7d755a19fce78a91f830fc8efe67bfe80b8cd4ae76e
3600
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js
text
MD5: 3c7b431a11db8bc13607c5cbd5dc9af2
SHA256: fa265ea754e7eaf11e1c444123c28ef691cd96e9060838c87ed011e3d96fa7ce
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\dd_arrow_small.png.ecc
binary
MD5: 16c56f78c99ec7c67d48181fb58ed75a
SHA256: 0982f441e7d04d75d6dc53b4c5cb5592b7d7499289402d567ddd80c91541bc72
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\bun.png
binary
MD5: a625e587ef3a49910a01c9f06d9f5da9
SHA256: b1443d5377b0c80c593a61727bfc8b521e1ecf0adb9bca56ec1c28cae3370d1c
3600
firefox.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs-1.js
text
MD5: 3c7b431a11db8bc13607c5cbd5dc9af2
SHA256: fa265ea754e7eaf11e1c444123c28ef691cd96e9060838c87ed011e3d96fa7ce
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\s_listview_18.svg.ecc
binary
MD5: 3032b3e1c086848a4ff93d2b3b1a0707
SHA256: 9a15724cd26c3d71e050f0ede474aeb331fe20ec22a0c867b08bf79e40d09594
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\share_icons2x.png.ecc
binary
MD5: 1e26e19b7bda2f1d65f948fd313d395e
SHA256: 491c5192154c88e0972fcf1ca10185bfe600ca93462d4d62e38f1a851fe80635
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\share_icons2x.png
binary
MD5: 1e26e19b7bda2f1d65f948fd313d395e
SHA256: 491c5192154c88e0972fcf1ca10185bfe600ca93462d4d62e38f1a851fe80635
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\s_listview_18.svg
binary
MD5: 3032b3e1c086848a4ff93d2b3b1a0707
SHA256: 9a15724cd26c3d71e050f0ede474aeb331fe20ec22a0c867b08bf79e40d09594
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\s_thumbnailview_18.svg
binary
MD5: b6266bfb1a7543d12300196847493c98
SHA256: 3a3413999e3cf28ffc00174dcff8e784ab94cee9fd16a874a466b88a18593b62
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\share_icons.png
binary
MD5: 6a847c97c607ea40cb76ad68ea5dc6dd
SHA256: 538dfa25519d7c3c53d309ba70243c788abd35964f0fc373ee75d6edd19b4f36
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\s_thumbnailview_18.svg.ecc
binary
MD5: b6266bfb1a7543d12300196847493c98
SHA256: 3a3413999e3cf28ffc00174dcff8e784ab94cee9fd16a874a466b88a18593b62
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\bun.png.ecc
binary
MD5: a625e587ef3a49910a01c9f06d9f5da9
SHA256: b1443d5377b0c80c593a61727bfc8b521e1ecf0adb9bca56ec1c28cae3370d1c
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\share_icons.png.ecc
binary
MD5: 6a847c97c607ea40cb76ad68ea5dc6dd
SHA256: 538dfa25519d7c3c53d309ba70243c788abd35964f0fc373ee75d6edd19b4f36
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\sat_logo.png
binary
MD5: a387b9ddfbd2481550366c5172bf92f6
SHA256: f9909efbb0a3d3b9b31e68b6c19c2c0a0f91e0ef3554d5cb727e39e44386cc90
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\sat_logo_2x.png
binary
MD5: b731c4505465c3c72f3a9edf8171a6ad
SHA256: 548b2b755bce3c51f6e1b8a0ec2cded7d3036e7a905749f7ef45d6a92f243411
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\nub.png.ecc
binary
MD5: bee440389b2a1200b248a00a904be64f
SHA256: f0e202d385e46f7f841e14d8dcbce692b28e35e815a15499deb781ab78c54142
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\sat_logo.png.ecc
binary
MD5: a387b9ddfbd2481550366c5172bf92f6
SHA256: f9909efbb0a3d3b9b31e68b6c19c2c0a0f91e0ef3554d5cb727e39e44386cc90
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\nub.png
binary
MD5: bee440389b2a1200b248a00a904be64f
SHA256: f0e202d385e46f7f841e14d8dcbce692b28e35e815a15499deb781ab78c54142
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\sat_logo_2x.png.ecc
binary
MD5: b731c4505465c3c72f3a9edf8171a6ad
SHA256: 548b2b755bce3c51f6e1b8a0ec2cded7d3036e7a905749f7ef45d6a92f243411
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\dd_arrow_small2x.png.ecc
binary
MD5: 6bb860cae920478939297dac70773a20
SHA256: 7a70a583fd8c191a105d66ec2a01e8770f8f1b32e539b7f34075d64b670eb58e
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\dd_arrow_small2x.png
binary
MD5: 6bb860cae920478939297dac70773a20
SHA256: 7a70a583fd8c191a105d66ec2a01e8770f8f1b32e539b7f34075d64b670eb58e
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\cstm_brand_preview.png.ecc
binary
MD5: df358d8098cd0c7b1678e275f548ab65
SHA256: 757b60bd5fa18d5a85c53b78026d14a93a0872cf8d27b9046402c91ad7ffec82
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\cstm_brand_preview2x.png.ecc
fli
MD5: cbcaa31fed065e96be3aabfcfbfc6d0b
SHA256: 3b72105c6959e2e1d0860ba2c6b766c3c1affb6ece17ff1669cd179127909e6c
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\dd_arrow_small.png
binary
MD5: c5f0a1bfca1faf65bd0f17c21c1fd883
SHA256: 5348e27aee165508d603234f262eff4cf112f653082d8af374c4c0eb32196cf0
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\dd_arrow_small.png.ecc
binary
MD5: c5f0a1bfca1faf65bd0f17c21c1fd883
SHA256: 5348e27aee165508d603234f262eff4cf112f653082d8af374c4c0eb32196cf0
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\cstm_brand_preview.png
binary
MD5: df358d8098cd0c7b1678e275f548ab65
SHA256: 757b60bd5fa18d5a85c53b78026d14a93a0872cf8d27b9046402c91ad7ffec82
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\cstm_brand_preview2x.png
fli
MD5: cbcaa31fed065e96be3aabfcfbfc6d0b
SHA256: 3b72105c6959e2e1d0860ba2c6b766c3c1affb6ece17ff1669cd179127909e6c
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\bun.png.ecc
binary
MD5: 6bd94ca9f5d52fbac406e49af52ca538
SHA256: 55c2f7d02ece5ae00ea71140e02f78cbb174a96d7412fedaffaaf1f3f74d8122
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\themes\dark\rhp_world_icon_hover_2x.png.ecc
binary
MD5: 8ac74a8bd62c0ab9a8b606d7b773786f
SHA256: 393389aeb80a71db393f8689ba8d9955efbdd1d0144ef098988fb3336e4bfe1f
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\css\main.css.ecc
binary
MD5: 7cddcc0c4d04d447341f8188041dd228
SHA256: fd9a579d3a783aa827d97078908881dfeeed1e1850ed4a90541c57608ab6ab1b
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\bun.png
binary
MD5: 6bd94ca9f5d52fbac406e49af52ca538
SHA256: 55c2f7d02ece5ae00ea71140e02f78cbb174a96d7412fedaffaaf1f3f74d8122
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\themes\dark\rhp_world_icon_hover.png
binary
MD5: a47199be6979c0829e5b6089c85e6133
SHA256: 0d70755f6795adbab6f1d12b31fe0f5d380fd08f6901a978b6da2a19735506c2
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\themes\dark\rhp_world_icon_hover.png.ecc
binary
MD5: a47199be6979c0829e5b6089c85e6133
SHA256: 0d70755f6795adbab6f1d12b31fe0f5d380fd08f6901a978b6da2a19735506c2
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\themes\dark\rhp_world_icon_hover_2x.png
binary
MD5: 8ac74a8bd62c0ab9a8b606d7b773786f
SHA256: 393389aeb80a71db393f8689ba8d9955efbdd1d0144ef098988fb3336e4bfe1f
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\themes\dark\rhp_world_icon.png.ecc
binary
MD5: 4a6c298adc313522748c7b9bc197a22a
SHA256: ce7ce2a13ea814dedaedc14d4ad913ca00222e19163120288b69a6532b2e1fea
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\css\main.css
binary
MD5: 7cddcc0c4d04d447341f8188041dd228
SHA256: fd9a579d3a783aa827d97078908881dfeeed1e1850ed4a90541c57608ab6ab1b
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\themes\dark\rhp_world_icon_2x.png.ecc
binary
MD5: e8a778528e180d0916b997c04594a558
SHA256: ab708741c0b53a15e8f358c6c64b11f2b6cb5feaaf2d7b673e4535380fc5b995
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\themes\dark\rhp_world_icon_2x.png
binary
MD5: e8a778528e180d0916b997c04594a558
SHA256: ab708741c0b53a15e8f358c6c64b11f2b6cb5feaaf2d7b673e4535380fc5b995
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\themes\dark\example_icons2x.png.ecc
binary
MD5: 9a2630d6635192f2545429248b8141d5
SHA256: 33ddda9f1163f9a6a68d9ec5c8e41222e8564fc66fc376e927376978f9039426
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\themes\dark\rhp_world_icon.png
binary
MD5: 4a6c298adc313522748c7b9bc197a22a
SHA256: ce7ce2a13ea814dedaedc14d4ad913ca00222e19163120288b69a6532b2e1fea
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\themes\dark\example_icons2x.png
binary
MD5: 9a2630d6635192f2545429248b8141d5
SHA256: 33ddda9f1163f9a6a68d9ec5c8e41222e8564fc66fc376e927376978f9039426
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\themes\dark\example_icons.png
binary
MD5: f067f6ff784d68cd52fc13f81502ba95
SHA256: 14a24ab6fe12b2a8109cbdaa4fc7bce531390d22b3c46d189acccdae9d2ef353
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\rhp_world_icon_2x.png.ecc
binary
MD5: 5f3b014f715d7a9b0ae3d4dc02665682
SHA256: 35fd554fd41dc768ac4603807b1d2dc9f6bec929cae645daebe795cc24269d4e
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\rhp_world_icon_hover_2x.png
binary
MD5: fcf2b665b0650e51522f8721f9b68091
SHA256: d4aa9ce5b695aab02ad6cc7b15ff4c6590b9881a6cb7a90c03b8eb0eafdf1364
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\themes\dark\example_icons.png.ecc
binary
MD5: f067f6ff784d68cd52fc13f81502ba95
SHA256: 14a24ab6fe12b2a8109cbdaa4fc7bce531390d22b3c46d189acccdae9d2ef353
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\rhp_world_icon_hover_2x.png.ecc
binary
MD5: fcf2b665b0650e51522f8721f9b68091
SHA256: d4aa9ce5b695aab02ad6cc7b15ff4c6590b9881a6cb7a90c03b8eb0eafdf1364
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\rhp_world_icon_hover.png
binary
MD5: 03d6990a3ecfcf254991c840fdf398ff
SHA256: b4f92b5b249ee3d5a34ab5b7a5cc16ce47c6819447f8e6be815082ac271dfa02
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\rhp_world_icon_hover.png.ecc
binary
MD5: 03d6990a3ecfcf254991c840fdf398ff
SHA256: b4f92b5b249ee3d5a34ab5b7a5cc16ce47c6819447f8e6be815082ac271dfa02
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\rhp_world_icon.png.ecc
binary
MD5: 1a6400d5f6a00859e52454fbbc681932
SHA256: dcbe92d45afbf77164ff0f74ec22acbd4b1629c8fb82efc0b8802415971f9cd1
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\example_icons2x.png.ecc
binary
MD5: f70f6dde736301702d6ad91c8de05363
SHA256: 3522a5f7df5745118ee55745c3aab938e87a8dc271d7f1f3ad873504b4756d5a
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\rhp_world_icon.png
binary
MD5: 1a6400d5f6a00859e52454fbbc681932
SHA256: dcbe92d45afbf77164ff0f74ec22acbd4b1629c8fb82efc0b8802415971f9cd1
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\example_icons2x.png
binary
MD5: f70f6dde736301702d6ad91c8de05363
SHA256: 3522a5f7df5745118ee55745c3aab938e87a8dc271d7f1f3ad873504b4756d5a
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\rhp_world_icon_2x.png
binary
MD5: 5f3b014f715d7a9b0ae3d4dc02665682
SHA256: 35fd554fd41dc768ac4603807b1d2dc9f6bec929cae645daebe795cc24269d4e
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\example_icons.png.ecc
binary
MD5: 4716e37bdb6457eb5690140ab1e8b4c6
SHA256: e41a527cb9cfb842742b3b61c571240636096f7e2fc326d71629c4ae40ac5817
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\css\main-selector.css
binary
MD5: 9bbc1453343e06fad7d374b88d90b93b
SHA256: 5ba634a341c827ab62ca127de957ae88335d44199e951276a358f5798c9fecfc
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\example_icons.png
binary
MD5: 4716e37bdb6457eb5690140ab1e8b4c6
SHA256: e41a527cb9cfb842742b3b61c571240636096f7e2fc326d71629c4ae40ac5817
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\css\main.css
binary
MD5: 1fdfae1dab0444fa3867263de254f94c
SHA256: 6cca18dc6d5a63b473e5cbbb1fc6b3ab88acf8877fac8b50a7b40450287859b7
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\css\main.css.ecc
binary
MD5: 1fdfae1dab0444fa3867263de254f94c
SHA256: 6cca18dc6d5a63b473e5cbbb1fc6b3ab88acf8877fac8b50a7b40450287859b7
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\WelcomeCardPro-2x.png.ecc
binary
MD5: c9fc3c47ffed8e027126a8fe849c7f8c
SHA256: 51afef9d422ab255abf9a19dc51f14ed31411af592c56a2d63c74d264beeed13
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\WelcomeCardPro-2x.png
binary
MD5: c9fc3c47ffed8e027126a8fe849c7f8c
SHA256: 51afef9d422ab255abf9a19dc51f14ed31411af592c56a2d63c74d264beeed13
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\WelcomeCardAcro-2x.png.ecc
binary
MD5: d7dedcbc653ce1d7c105303d7512039d
SHA256: f4072e0268d04a556c0b7a681110048980db01b73cb2a38987b4b53b80c78a9a
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\WelcomeCardAcro-2x.png
binary
MD5: d7dedcbc653ce1d7c105303d7512039d
SHA256: f4072e0268d04a556c0b7a681110048980db01b73cb2a38987b4b53b80c78a9a
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\css\main-selector.css.ecc
binary
MD5: 9bbc1453343e06fad7d374b88d90b93b
SHA256: 5ba634a341c827ab62ca127de957ae88335d44199e951276a358f5798c9fecfc
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\WelcomeCardRdr.png.ecc
binary
MD5: 685e1f52830b936a21cde3fa67b2face
SHA256: b417a6cea6bac9ca649babd2ae12441599b663bb5370d18192f4579eea0b9222
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\WelcomeCardRdr.png
binary
MD5: 685e1f52830b936a21cde3fa67b2face
SHA256: b417a6cea6bac9ca649babd2ae12441599b663bb5370d18192f4579eea0b9222
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themes\dark\WelcomeCardRdr.png.ecc
binary
MD5: ccf5a9ff7ab9e2433b25f0e92a3579a4
SHA256: a4626967471fcd13ef966f38fc96506b17f7febc8226c78046fdeca95a00e888
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\WelcomeCardPro.png.ecc
binary
MD5: 2510a5110b258c838acf8b2b40329d74
SHA256: 769c037b7ccba4c6b91d025382980c38aa53c5c76000f3e11b2e9391f9b03ef1
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\WelcomeCardAcro.png
binary
MD5: 1354e7910275e95e3e3ae576a3070c9b
SHA256: 50750c4a36db989431ecc69381d6f2c5a8e69dabea30dbc957eb6352adde5fc2
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\WelcomeCardAcro.png.ecc
binary
MD5: 1354e7910275e95e3e3ae576a3070c9b
SHA256: 50750c4a36db989431ecc69381d6f2c5a8e69dabea30dbc957eb6352adde5fc2
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themes\dark\WelcomeCardRdr-2x.png.ecc
binary
MD5: 348dc38e7e7e3548cc62a574988d9e87
SHA256: 3c9216a1ac80134896c3b14b886694983b33036fb3c1cb9e2f7b49d76dc77871
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themes\dark\WelcomeCardRdr.png
binary
MD5: ccf5a9ff7ab9e2433b25f0e92a3579a4
SHA256: a4626967471fcd13ef966f38fc96506b17f7febc8226c78046fdeca95a00e888
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\WelcomeCardPro.png
binary
MD5: 2510a5110b258c838acf8b2b40329d74
SHA256: 769c037b7ccba4c6b91d025382980c38aa53c5c76000f3e11b2e9391f9b03ef1
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\WelcomeCardRdr-2x.png.ecc
binary
MD5: 2620ecd974430c52fd618188b55a0a64
SHA256: ba971ac41dc5d3868f8a005e513f0cd8eb0513700662783d0879d810e9021c76
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\WelcomeCardRdr-2x.png
binary
MD5: 2620ecd974430c52fd618188b55a0a64
SHA256: ba971ac41dc5d3868f8a005e513f0cd8eb0513700662783d0879d810e9021c76
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themes\dark\WelcomeCardRdr-2x.png
binary
MD5: 348dc38e7e7e3548cc62a574988d9e87
SHA256: 3c9216a1ac80134896c3b14b886694983b33036fb3c1cb9e2f7b49d76dc77871
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themes\dark\WelcomeCardPro.png.ecc
binary
MD5: 9b119c26ccbb2c1f20311a7289c0f047
SHA256: 97fb2b975b6db200f9ff707f350497f85eea0df2fd311575f65946723d1fdb49
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themes\dark\WelcomeCardPro-2x.png.ecc
binary
MD5: 559f28d8fb2467d0bc648533e76e1ae2
SHA256: 6104343ded7bcc5d8397ba5f7b33f59f7882500eed16c04becdf5847bd7bb30b
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themes\dark\WelcomeCardPro.png
binary
MD5: 9b119c26ccbb2c1f20311a7289c0f047
SHA256: 97fb2b975b6db200f9ff707f350497f85eea0df2fd311575f65946723d1fdb49
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themes\dark\WelcomeCardAcro.png
binary
MD5: ada1b35a2d068f0891fbbb38e6ca1027
SHA256: 2c26286ee239d27e8e28f99f2429b8bcbec940e7639487732c36d3f00b63bd16
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\zh-tw_get.svg
binary
MD5: 6799d7c65d53a2af4f380d7ec19a36ce
SHA256: 0473acb481a2d4146956422c4a3332542029a963fbc6ea6a23736ccef172f288
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\zh-tw_get.svg.ecc
binary
MD5: 6799d7c65d53a2af4f380d7ec19a36ce
SHA256: 0473acb481a2d4146956422c4a3332542029a963fbc6ea6a23736ccef172f288
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themes\dark\WelcomeCardAcro-2x.png
binary
MD5: 08905943af11f25e32dda47fdae28bef
SHA256: cbb5ae3067a24b0607109a50d85a48248a39886f7cd949d61db282dd27d8906e
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themes\dark\WelcomeCardAcro.png.ecc
binary
MD5: ada1b35a2d068f0891fbbb38e6ca1027
SHA256: 2c26286ee239d27e8e28f99f2429b8bcbec940e7639487732c36d3f00b63bd16
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themes\dark\WelcomeCardAcro-2x.png.ecc
binary
MD5: 08905943af11f25e32dda47fdae28bef
SHA256: cbb5ae3067a24b0607109a50d85a48248a39886f7cd949d61db282dd27d8906e
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themes\dark\WelcomeCardPro-2x.png
binary
MD5: 559f28d8fb2467d0bc648533e76e1ae2
SHA256: 6104343ded7bcc5d8397ba5f7b33f59f7882500eed16c04becdf5847bd7bb30b
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\zh-cn_get.svg
binary
MD5: ee3aed46420db76508ad49bfd283e140
SHA256: 15caf56e1a45e12c4aacbe30a501080f81c07d4a7a8a7ade612980594195326d
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\zh-hk_get.svg.ecc
binary
MD5: 439614798c8608c21430dec1467bf99d
SHA256: 9d9fcba7972c384b9f719aab407fb8805d48ac3626c3ef6fbbfe3ede4f65e7c5
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\zh-hk_get.svg
binary
MD5: 439614798c8608c21430dec1467bf99d
SHA256: 9d9fcba7972c384b9f719aab407fb8805d48ac3626c3ef6fbbfe3ede4f65e7c5
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\welcome-2x.png.ecc
binary
MD5: 8b21cf73bb6f661806848a20d3fd52a9
SHA256: dfca0dfadc1dd4f12467a496c1414c5ec376b976210dd447415d760c5538c236
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\zh-cn_get.svg.ecc
binary
MD5: ee3aed46420db76508ad49bfd283e140
SHA256: 15caf56e1a45e12c4aacbe30a501080f81c07d4a7a8a7ade612980594195326d
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\welcome.png
binary
MD5: 8f81188c2dd058f986a83ac03e5827b4
SHA256: 93b2d80e25edbd43988369debb4528da99606bffa84374ac3e6e3e15d4d0e90b
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\welcome.png.ecc
binary
MD5: 8f81188c2dd058f986a83ac03e5827b4
SHA256: 93b2d80e25edbd43988369debb4528da99606bffa84374ac3e6e3e15d4d0e90b
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\welcome-2x.png
binary
MD5: 8b21cf73bb6f661806848a20d3fd52a9
SHA256: dfca0dfadc1dd4f12467a496c1414c5ec376b976210dd447415d760c5538c236
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\vi_get.svg.ecc
binary
MD5: ae1d8f0d4e7b42f79f3be6af843b7857
SHA256: 7da6faa74d8b4238fa10e378fcbab9a9a0d5acd07074b1d0404a699828f10d6a
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\upsell.png
bs
MD5: 855f8e957851927d92e65c7cdfe957a2
SHA256: 08013f66f8758cc89d01a4ba77e242dbe4bb1d3ebe2bc0943a90a17f3b3bba7c
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\vi_get.svg
binary
MD5: ae1d8f0d4e7b42f79f3be6af843b7857
SHA256: 7da6faa74d8b4238fa10e378fcbab9a9a0d5acd07074b1d0404a699828f10d6a
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\upsell.png.ecc
bs
MD5: 855f8e957851927d92e65c7cdfe957a2
SHA256: 08013f66f8758cc89d01a4ba77e242dbe4bb1d3ebe2bc0943a90a17f3b3bba7c
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\tool-search-2x.png
binary
MD5: de6c1d9653ca0ce61339f8a0f8dead7b
SHA256: 4bbddc616612eb30ef1df53a979fa23ff82836352a2bea85eef93a7b7c0e9330
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\upsell-2x.png.ecc
binary
MD5: 9a9fb727cea1a0d8f9aea36dea5664ea
SHA256: b082fa20eb3d715bac0f71ede61f7e23b9819025941e7dd6dabfa680fb87bda3
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\tr_get.svg.ecc
binary
MD5: c0e3c70c56eac7a1e4fc54547db3c095
SHA256: 9bbb2a16608e442bcd1f5f90af5e840304a8863bcce0fa24c87bb5f960cf94c2
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\tr_get.svg
binary
MD5: c0e3c70c56eac7a1e4fc54547db3c095
SHA256: 9bbb2a16608e442bcd1f5f90af5e840304a8863bcce0fa24c87bb5f960cf94c2
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\tool-search-2x.png.ecc
binary
MD5: de6c1d9653ca0ce61339f8a0f8dead7b
SHA256: 4bbddc616612eb30ef1df53a979fa23ff82836352a2bea85eef93a7b7c0e9330
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\tool-search.png
binary
MD5: 5769bcfc76ce7d14fb19a9c576219882
SHA256: 8e05fcb8d7a7d68a9fea07043a96e78b24421125aefb51733d006fad6082baa3
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\tool-search.png.ecc
binary
MD5: 5769bcfc76ce7d14fb19a9c576219882
SHA256: 8e05fcb8d7a7d68a9fea07043a96e78b24421125aefb51733d006fad6082baa3
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\upsell-2x.png
binary
MD5: 9a9fb727cea1a0d8f9aea36dea5664ea
SHA256: b082fa20eb3d715bac0f71ede61f7e23b9819025941e7dd6dabfa680fb87bda3
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\th_get.svg.ecc
binary
MD5: 283f70e93b7efe88b4db647716886352
SHA256: 855eefdc3c9fa7088356d514c5460a55df6bf8c6296856aebf6278e973062edb
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\th_get.svg
binary
MD5: 283f70e93b7efe88b4db647716886352
SHA256: 855eefdc3c9fa7088356d514c5460a55df6bf8c6296856aebf6278e973062edb
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\theme.png
binary
MD5: e55aaf149449024595b022db1734d2c2
SHA256: b4d75c8512ea27f539468bcf70e4964a485c9bb60f78ec3466b790e92d9f8a8f
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\theme-2x.png.ecc
binary
MD5: 20d4f047e9e87eb7add54cf143aeffa8
SHA256: 679c3ded3024acc9b249700f4f2798abf42fc06f0eba3ab3cd951a2e4289c09d
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\theme-2x.png
binary
MD5: 20d4f047e9e87eb7add54cf143aeffa8
SHA256: 679c3ded3024acc9b249700f4f2798abf42fc06f0eba3ab3cd951a2e4289c09d
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\S_GoogleColoured_18_N.svg.ecc
binary
MD5: 86c79384265ba2f3e2ebf5fbbbe55049
SHA256: 79a19de1baec70e05ad295882e0bbcc2eff16c34ab79e4a90963005c1731e980
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\theme.png.ecc
binary
MD5: e55aaf149449024595b022db1734d2c2
SHA256: b4d75c8512ea27f539468bcf70e4964a485c9bb60f78ec3466b790e92d9f8a8f
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\S_GoogleColoured_18_N.svg
binary
MD5: 86c79384265ba2f3e2ebf5fbbbe55049
SHA256: 79a19de1baec70e05ad295882e0bbcc2eff16c34ab79e4a90963005c1731e980
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\S_Apple_18_N.svg.ecc
binary
MD5: 6eecba3f15e1431cef30803e579d5951
SHA256: d3615fff05f8d23f3302fa67166ee8ba4159a15835d67cea8fb9574b9cc1fffa
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\SuccessMedium_white_18.svg.ecc
binary
MD5: baeaad3858d9104a5a93b0fbb2991edc
SHA256: 2cd61eca845f4fa3038b69bbad4fb50567c2ea3764230c7676657fe8ca312d87
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\S_Apple_18_N.svg
binary
MD5: 6eecba3f15e1431cef30803e579d5951
SHA256: d3615fff05f8d23f3302fa67166ee8ba4159a15835d67cea8fb9574b9cc1fffa
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\sl_get.svg.ecc
binary
MD5: 14d380ee5b7e7fc7a8f10b22c003a473
SHA256: cdc07d45bcac4371cd23b073fb25e48c3ec89c43d9f878ca45ed65ab9dd0f6a2
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\S_AdobeLogo_18_N.svg.ecc
binary
MD5: 063fc3ff9a5681b7e5173c6a5bf53ef4
SHA256: e837583fe7ae677a589e5310b7d25ae6abee314f192285a0e330e90711eb27ce
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\sl_get.svg
binary
MD5: 14d380ee5b7e7fc7a8f10b22c003a473
SHA256: cdc07d45bcac4371cd23b073fb25e48c3ec89c43d9f878ca45ed65ab9dd0f6a2
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\SuccessMedium_white_18.svg
binary
MD5: baeaad3858d9104a5a93b0fbb2991edc
SHA256: 2cd61eca845f4fa3038b69bbad4fb50567c2ea3764230c7676657fe8ca312d87
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\sk_get.svg
binary
MD5: 67db18dc540f664d254419d4f055c88f
SHA256: ca58e6bc0eb1445784c69a9b2ab3e78b9da6cb82803ca1711cbf93484ddb0c4c
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Scan_visual.svg.ecc
binary
MD5: 429159d547715b5d7708e9466bbcdf9f
SHA256: 48aa1ca7d7fc9b82e234b24de6d1143247bf37a505972177ba86538720bccab3
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\sv_get.svg
binary
MD5: 2d22d5c35075e8bd44a205120d4280bd
SHA256: 34d5fe10c4e43eb01a1945cdf94416329827fac175d936ffdc59efaa3ef9fea2
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\sv_get.svg.ecc
binary
MD5: 2d22d5c35075e8bd44a205120d4280bd
SHA256: 34d5fe10c4e43eb01a1945cdf94416329827fac175d936ffdc59efaa3ef9fea2
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\sign-in-2x.png
binary
MD5: 13f580a3331eabf3444095522c46d863
SHA256: c79085f47b26655ba68dd49e957b4b5e4c776de55def55e61e1e1e0f641f3072
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\S_AdobeLogo_18_N.svg
binary
MD5: 063fc3ff9a5681b7e5173c6a5bf53ef4
SHA256: e837583fe7ae677a589e5310b7d25ae6abee314f192285a0e330e90711eb27ce
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\sign-in-2x.png.ecc
binary
MD5: 13f580a3331eabf3444095522c46d863
SHA256: c79085f47b26655ba68dd49e957b4b5e4c776de55def55e61e1e1e0f641f3072
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\sign-in.png
binary
MD5: 0df841fe8ffe94029cb3b4932f313c32
SHA256: c53936475ecd3407a47bc2259cf314f0e91891c4e71388d2629add95a1674e04
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\sign-in.png.ecc
binary
MD5: 0df841fe8ffe94029cb3b4932f313c32
SHA256: c53936475ecd3407a47bc2259cf314f0e91891c4e71388d2629add95a1674e04
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\sk_get.svg.ecc
binary
MD5: 67db18dc540f664d254419d4f055c88f
SHA256: ca58e6bc0eb1445784c69a9b2ab3e78b9da6cb82803ca1711cbf93484ddb0c4c
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Scan_visual.svg
binary
MD5: 429159d547715b5d7708e9466bbcdf9f
SHA256: 48aa1ca7d7fc9b82e234b24de6d1143247bf37a505972177ba86538720bccab3
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\scan.png
binary
MD5: 28e4a7e0f84cc32e9413048b3b78ed30
SHA256: a207d87f09ce511e5a697e041e746f2afa8dc89f83d004a0541d73d0e997f52b
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\scan.png.ecc
binary
MD5: 28e4a7e0f84cc32e9413048b3b78ed30
SHA256: a207d87f09ce511e5a697e041e746f2afa8dc89f83d004a0541d73d0e997f52b
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\scan-2x.png
binary
MD5: 0f8a3d1e8ae73c1c704bd07d7ea6a90e
SHA256: 9382261ab8aa738b2f21a0e52d37ad92f8537b099d5e56cfdfda444b53ff5d72
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\ro_get.svg.ecc
binary
MD5: 95466d706c60b85562f74c1df58b2c8c
SHA256: 9c998e127d259c88656e06752793981ae33cc0396e6c76e24c6638952aa1fa0f
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\scan-2x.png.ecc
binary
MD5: 0f8a3d1e8ae73c1c704bd07d7ea6a90e
SHA256: 9382261ab8aa738b2f21a0e52d37ad92f8537b099d5e56cfdfda444b53ff5d72
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\reduced_mode-2x.png.ecc
binary
MD5: bdf08a37eaf9eb843fff51b2638cd6f4
SHA256: 9961e6d5e1bf34b85949372c45b07b9bba22aafa0551ebfbf00f902615c008ea
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\ro_get.svg
binary
MD5: 95466d706c60b85562f74c1df58b2c8c
SHA256: 9c998e127d259c88656e06752793981ae33cc0396e6c76e24c6638952aa1fa0f
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\reduced_mode.png
binary
MD5: fd7efd68dfe0b93fa1d3966828c54294
SHA256: 23eca0cf57e11af8d4df2d57f9a00139781545b086f6e3f32dc69cadf031595a
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\ru_get.svg.ecc
binary
MD5: f442858890627d356eaad46618801e86
SHA256: 942983752558f9a1cbcc9142f28284ab6f91276a511859e52a1863e73f74b026
2600
nrglpxi.exe
C:\Program Files\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\reduced_mode.png.ecc
binary
MD5: fd7efd68dfe0b93fa1d3966828c54294
SHA256: 23eca0cf57e11af8d4df2d57f9a00139781545b086f6e3f32dc69cadf031595a
2600
nrglpxi.exe
C:\Progr