Overview

overview

10

Static

static

1

acdseeultimate.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    1119s
  • max time network
    1133s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-09-2023 18:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    acdseeultimate.exe

  • Size

    1.3MB

  • MD5

    ce92ed20863f16a94866b0315767984f

  • SHA1

    88e60b3ff14e165ff99e18bd2b611ff5010584db

  • SHA256

    61f340e8c0df2eaa3d886b5b226964f6425039017676c1e10cff661797377334

  • SHA512

    10dc81d0ab0747c8dc8b7ddfe999a0bbe72793613ce367c7f6bf5b0ed92aa0c3b454329b65e0e687ec29198c578dd1536b83fae3fd92a903703f3803554d68bf

  • SSDEEP

    24576:JNlONzIQYvGLwkFYxkaLA5ptz7orG9D1XnLx16WgzJv:3lwaczFR/xorG9pt13yv

Score
10/10
discoveryevasionpersistence

Malware Config

Signatures

  • Modifies firewall policy service 2 TTPs 1 IoCs
    evasion
  • Blocklisted process makes network request 5 IoCs
  • Downloads MZ/PE file
  • Sets file execution options in registry 2 TTPs 4 IoCs
    persistence
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Checks computer location settings 2 TTPs 3 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops file in System32 directory 14 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks system information in the registry 2 TTPs 20 IoCs

    System information is often read in order to detect sandboxing environments.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Executes dropped EXE 38 IoCs
  • Loads dropped DLL 64 IoCs
  • Registers COM server for autorun 1 TTPs 64 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 5 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 21 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\acdseeultimate.exe
    "C:\Users\Admin\AppData\Local\Temp\acdseeultimate.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2224
    • C:\Users\Admin\AppData\Local\Temp\ACDWIClient.exe
      C:\Users\Admin\AppData\Local\Temp\ACDWIClient.exe
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1816
      • C:\Users\Admin\AppData\Local\Temp\ACDSee Photo Studio Ultimate 2023.exe
        "C:\Users\Admin\AppData\Local\Temp\ACDSee Photo Studio Ultimate 2023.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:1728
        • C:\Users\Admin\AppData\Local\Temp\{B1F43802-02B5-40EA-80DB-F6AEBCF25F35}\ACDSee Photo Studio Ultimate 2023.exe
          "C:\Users\Admin\AppData\Local\Temp\{B1F43802-02B5-40EA-80DB-F6AEBCF25F35}\ACDSee Photo Studio Ultimate 2023.exe" /q"C:\Users\Admin\AppData\Local\Temp\ACDSee Photo Studio Ultimate 2023.exe" /tempdisk1folder"C:\Users\Admin\AppData\Local\Temp\{B1F43802-02B5-40EA-80DB-F6AEBCF25F35}" /IS_temp
          4⤵
          • Adds Run key to start application
          • Checks computer location settings
          • Executes dropped EXE
          • Suspicious use of WriteProcessMemory
          PID:4316
          • C:\Users\Admin\AppData\Local\Temp\{B1F43802-02B5-40EA-80DB-F6AEBCF25F35}\{FBF70175-BB86-496A-900A-C5B9CEBCB13C}\VC_redist.x64.exe
            "C:\Users\Admin\AppData\Local\Temp\{B1F43802-02B5-40EA-80DB-F6AEBCF25F35}\{FBF70175-BB86-496A-900A-C5B9CEBCB13C}\VC_redist.x64.exe" /install /quiet /norestart /log rdlog.txt
            5⤵
            • Executes dropped EXE
            • Suspicious use of WriteProcessMemory
            PID:4380
            • C:\Windows\Temp\{6036D7C7-A06D-4208-BDFD-7A70ADB3E170}\.cr\VC_redist.x64.exe
              "C:\Windows\Temp\{6036D7C7-A06D-4208-BDFD-7A70ADB3E170}\.cr\VC_redist.x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\{B1F43802-02B5-40EA-80DB-F6AEBCF25F35}\{FBF70175-BB86-496A-900A-C5B9CEBCB13C}\VC_redist.x64.exe" -burn.filehandle.attached=540 -burn.filehandle.self=548 /install /quiet /norestart /log rdlog.txt
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              PID:60
          • C:\Users\Admin\AppData\Local\Temp\{B1F43802-02B5-40EA-80DB-F6AEBCF25F35}\{54A5B87A-F914-46F7-91D1-DBECD426E415}\MicrosoftEdgeWebView2RuntimeInstallerX64.exe
            "C:\Users\Admin\AppData\Local\Temp\{B1F43802-02B5-40EA-80DB-F6AEBCF25F35}\{54A5B87A-F914-46F7-91D1-DBECD426E415}\MicrosoftEdgeWebView2RuntimeInstallerX64.exe" /silent /install
            5⤵
            • Drops file in Program Files directory
            • Executes dropped EXE
            • Suspicious use of WriteProcessMemory
            PID:4828
            • C:\Program Files (x86)\Microsoft\Temp\EU96AF.tmp\MicrosoftEdgeUpdate.exe
              "C:\Program Files (x86)\Microsoft\Temp\EU96AF.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20WebView2%20Runtime&needsadmin=Prefers"
              6⤵
              • Sets file execution options in registry
              • Checks computer location settings
              • Checks system information in the registry
              • Executes dropped EXE
              • Loads dropped DLL
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:3116
              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
                7⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • Modifies registry class
                PID:3032
              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
                7⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • Modifies registry class
                • Suspicious use of WriteProcessMemory
                PID:4892
                • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.155.77\MicrosoftEdgeUpdateComRegisterShell64.exe
                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.155.77\MicrosoftEdgeUpdateComRegisterShell64.exe"
                  8⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  • Registers COM server for autorun
                  • Modifies registry class
                  PID:5052
                • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.155.77\MicrosoftEdgeUpdateComRegisterShell64.exe
                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.155.77\MicrosoftEdgeUpdateComRegisterShell64.exe"
                  8⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  • Registers COM server for autorun
                  • Modifies registry class
                  PID:1944
                • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.155.77\MicrosoftEdgeUpdateComRegisterShell64.exe
                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.155.77\MicrosoftEdgeUpdateComRegisterShell64.exe"
                  8⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  • Registers COM server for autorun
                  PID:4676
              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNTUuNzciIHNoZWxsX3ZlcnNpb249IjEuMy4xNTUuNzciIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NTI5QTNFQTAtOTgzRi00MzEzLThBRTEtMUY2RTc0Q0FDMTA2fSIgdXNlcmlkPSJ7MDRFNTA2QTAtOTMzMS00REI5LTgwQUYtNkYwMDQ3NjlDMDc2fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntCOTZCREJFOC1DODZCLTRFNEEtQTc3MS01MjBCQUY5RDY2NTZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IkRBRFkiIHByb2R1Y3RfbmFtZT0iU3RhbmRhcmQgUEMgKFEzNSArIElDSDksIDIwMDkpIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTQ3LjM3IiBuZXh0dmVyc2lvbj0iMS4zLjE1NS43NyIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSIxNjU2Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
                7⤵
                • Checks system information in the registry
                • Executes dropped EXE
                • Loads dropped DLL
                PID:5088
              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20WebView2%20Runtime&needsadmin=Prefers" /installsource offline /sessionid "{529A3EA0-983F-4313-8AE1-1F6E74CAC106}" /silent /offlinedir "{F18B49EF-1530-4084-8BCC-9375873766E4}"
                7⤵
                • Executes dropped EXE
                • Loads dropped DLL
                PID:2628
          • C:\Windows\SysWOW64\msiexec.exe
            "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\{B1F43802-02B5-40EA-80DB-F6AEBCF25F35}\{6E3610B2-430D-4EB0-81E3-2B57E8B9DF9E}\Bonjour64.msi" /quiet
            5⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:2524
          • C:\Windows\system32\MSIEXEC.EXE
            "C:\Windows\system32\MSIEXEC.EXE" /i "C:\Users\Admin\AppData\Local\Downloaded Installations\{195ACEC3-2ED7-4517-ACBF-2C0A281B1337}\{C7C10794-4A16-4A6F-9132-543194639D17}\ACDSee Photo Studio Ultimate 2023.msi" SETUPEXEDIR="C:\Users\Admin\AppData\Local\Temp" SETUPEXENAME="ACDSee Photo Studio Ultimate 2023.exe"
            5⤵
            • Blocklisted process makes network request
            • Enumerates connected drives
            • Loads dropped DLL
            • Suspicious use of FindShellTrayWindow
            PID:840
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:2476
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:4720
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:3420
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:1668
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4708
  • C:\Windows\system32\werfault.exe
    werfault.exe /hc /shared Global\1babad1f10364a649e69a21477286a59 /t 4440 /p 4708
    1⤵
      PID:2684
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3592
    • C:\Windows\system32\werfault.exe
      werfault.exe /hc /shared Global\076e90bfd1b6427f85308f128dece88b /t 4328 /p 3592
      1⤵
        PID:780
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1160
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1272
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2868
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:3008
      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
        1⤵
        • Checks system information in the registry
        • Executes dropped EXE
        • Loads dropped DLL
        • Modifies data under HKEY_USERS
        • Suspicious use of WriteProcessMemory
        PID:3824
        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNTUuNzciIHNoZWxsX3ZlcnNpb249IjEuMy4xNTUuNzciIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NTI5QTNFQTAtOTgzRi00MzEzLThBRTEtMUY2RTc0Q0FDMTA2fSIgdXNlcmlkPSJ7MDRFNTA2QTAtOTMzMS00REI5LTgwQUYtNkYwMDQ3NjlDMDc2fSIgaW5zdGFsbHNvdXJjZT0ib2ZmbGluZSIgcmVxdWVzdGlkPSJ7MDkyMzg4N0EtRkY3NC00OURELUIyNDYtRkE4MDRGN0FFNUJCfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSJEQURZIiBwcm9kdWN0X25hbWU9IlN0YW5kYXJkIFBDIChRMzUgKyBJQ0g5LCAyMDA5KSIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTA2LjAuNTI0OS4xMTkiIG5leHR2ZXJzaW9uPSIxMDYuMC41MjQ5LjExOSIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iNiIgaW5zdGFsbGRhdGU9Ii00IiBpbnN0YWxsZGF0ZXRpbWU9IjE2OTQ3NTk0NzMiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSI1Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
          2⤵
          • Checks system information in the registry
          • Executes dropped EXE
          • Loads dropped DLL
          PID:2176
        • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{59B8ED9F-0F70-440F-83B9-28C22DD96762}\MicrosoftEdgeWebview_X64_98.0.1108.43.exe
          "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{59B8ED9F-0F70-440F-83B9-28C22DD96762}\MicrosoftEdgeWebview_X64_98.0.1108.43.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
          2⤵
          • Executes dropped EXE
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:4624
          • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{59B8ED9F-0F70-440F-83B9-28C22DD96762}\EDGEMITMP_D951B.tmp\setup.exe
            "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{59B8ED9F-0F70-440F-83B9-28C22DD96762}\EDGEMITMP_D951B.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{59B8ED9F-0F70-440F-83B9-28C22DD96762}\EDGEMITMP_D951B.tmp\MSEDGE.PACKED.7Z" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
            3⤵
            • Drops file in Program Files directory
            • Executes dropped EXE
            PID:4264
        • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
          "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNTUuNzciIHNoZWxsX3ZlcnNpb249IjEuMy4xNTUuNzciIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NTI5QTNFQTAtOTgzRi00MzEzLThBRTEtMUY2RTc0Q0FDMTA2fSIgdXNlcmlkPSJ7MDRFNTA2QTAtOTMzMS00REI5LTgwQUYtNkYwMDQ3NjlDMDc2fSIgaW5zdGFsbHNvdXJjZT0ib2ZmbGluZSIgcmVxdWVzdGlkPSJ7RkQ0MDcxNUQtRDNERC00RThELTk0NjYtNDI0NDNERDIyMEQ3fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSJEQURZIiBwcm9kdWN0X25hbWU9IlN0YW5kYXJkIFBDIChRMzUgKyBJQ0g5LCAyMDA5KSIvPjxleHAgZXRhZz0iJnF1b3Q7VlBRb1AxRitmcTE1d1J6aDFrUEw0UE1wV2g4T1JNQjVpenZyT0MvY2hqUT0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iOTguMC4xMTA4LjQzIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NjA5IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVkPSIxMTcyNzgxMTIiIHRvdGFsPSIxMTcyNzgxMTIiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIxIiBpbnN0YWxsX3RpbWVfbXM9IjI2NTEzIi8-PC9hcHA-PC9yZXF1ZXN0Pg
          2⤵
          • Checks system information in the registry
          • Executes dropped EXE
          • Loads dropped DLL
          PID:1688
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:4240
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:4380
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:740
      • C:\Windows\system32\msiexec.exe
        C:\Windows\system32\msiexec.exe /V
        1⤵
        • Blocklisted process makes network request
        • Adds Run key to start application
        • Enumerates connected drives
        • Drops file in System32 directory
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • Registers COM server for autorun
        • Modifies Internet Explorer settings
        • Modifies data under HKEY_USERS
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2800
        • C:\Windows\System32\MsiExec.exe
          C:\Windows\System32\MsiExec.exe -Embedding D7B9C67AFB191F4795B4E14D5F1BF947
          2⤵
          • Loads dropped DLL
          PID:3680
        • C:\Windows\syswow64\MsiExec.exe
          C:\Windows\syswow64\MsiExec.exe -Embedding 4D044F2155C436C4C26380DA9C41282D
          2⤵
          • Loads dropped DLL
          PID:2748
        • C:\Windows\syswow64\MsiExec.exe
          C:\Windows\syswow64\MsiExec.exe -Embedding BAD5936AFDFDB7A19B80A0E865B10B87 E Global\MSI0000
          2⤵
          • Loads dropped DLL
          PID:3008
        • C:\Windows\System32\MsiExec.exe
          "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files\Bonjour\mdnsNSP.dll"
          2⤵
          • Loads dropped DLL
          PID:2184
        • C:\Windows\syswow64\MsiExec.exe
          "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Bonjour\mdnsNSP.dll"
          2⤵
          • Loads dropped DLL
          PID:440
        • C:\Windows\System32\MsiExec.exe
          C:\Windows\System32\MsiExec.exe -Embedding 83E9E0E1340D0884E1CEA818285B50A8 C
          2⤵
          • Loads dropped DLL
          • Suspicious behavior: EnumeratesProcesses
          PID:2172
          • C:\Windows\system32\cmd.exe
            "C:\Windows\system32\cmd.exe" /c "ver"
            3⤵
              PID:2300
          • C:\Windows\system32\srtasks.exe
            C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
            2⤵
              PID:1860
            • C:\Windows\System32\MsiExec.exe
              C:\Windows\System32\MsiExec.exe -Embedding 639068947347CCAB146C79CCDEE2328E
              2⤵
              • Blocklisted process makes network request
              • Adds Run key to start application
              • Loads dropped DLL
              • Suspicious behavior: EnumeratesProcesses
              PID:4856
              • C:\Windows\system32\cmd.exe
                "C:\Windows\system32\cmd.exe" /c "ver"
                3⤵
                  PID:4484
              • C:\Windows\system32\regsvr32.exe
                regsvr32 /s "C:\Program Files\Common Files\ACD Systems\AdminTasks.dll"
                2⤵
                • Loads dropped DLL
                • Registers COM server for autorun
                • Modifies registry class
                PID:4216
              • C:\Program Files\Common Files\ACD Systems\PicaView\ACDSeePicaView.exe
                "C:\Program Files\Common Files\ACD Systems\PicaView\ACDSeePicaView.exe" /RegServer
                2⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • Registers COM server for autorun
                • Modifies data under HKEY_USERS
                • Modifies registry class
                PID:3864
              • C:\Windows\system32\regsvr32.exe
                regsvr32 /s "C:\Program Files\Common Files\ACD Systems\PicaView\ACDSeePV.dll"
                2⤵
                • Registers COM server for autorun
                PID:3956
              • C:\Windows\system32\regsvr32.exe
                regsvr32 /s "C:\Program Files\Common Files\ACD Systems\PicaView\ACDSeePVPS.dll"
                2⤵
                • Registers COM server for autorun
                PID:2476
              • C:\Program Files\ACD Systems\ACDSee Ultimate\16.0\DirectX9\DXSETUP.exe
                "C:\Program Files\ACD Systems\ACDSee Ultimate\16.0\DirectX9\DXSETUP.exe" /silent
                2⤵
                • Drops file in System32 directory
                • Executes dropped EXE
                • Modifies data under HKEY_USERS
                PID:1256
                • C:\Users\Admin\AppData\Local\Temp\DX175E.tmp\infinst.exe
                  C:\Users\Admin\AppData\Local\Temp\DX175E.tmp\infinst.exe d3dx9_27_x64.inf
                  3⤵
                  • Drops file in System32 directory
                  • Drops file in Windows directory
                  • Executes dropped EXE
                  PID:3232
              • C:\Windows\System32\MsiExec.exe
                C:\Windows\System32\MsiExec.exe -Embedding 00F9B3E747AD359883D96F5D3DBD9D40 E Global\MSI0000
                2⤵
                • Adds Run key to start application
                • Drops file in Windows directory
                • Modifies data under HKEY_USERS
                • Modifies registry class
                • Suspicious behavior: EnumeratesProcesses
                PID:4972
              • C:\Windows\Installer\MSI1FE8.tmp
                "C:\Windows\Installer\MSI1FE8.tmp" "C:\Program Files\ACD Systems\ACDSee Ultimate\16.0\ACDSeeCommanderUltimate16.exe"
                2⤵
                • Executes dropped EXE
                PID:2812
              • C:\Windows\syswow64\MsiExec.exe
                C:\Windows\syswow64\MsiExec.exe -Embedding 51F9E7E552058A72DB1E2C29CAF986F2 E Global\MSI0000
                2⤵
                  PID:556
                • C:\Program Files\ACD Systems\ACDSee Ultimate\16.0\ACDSeeToastScheduler.exe
                  "C:\Program Files\ACD Systems\ACDSee Ultimate\16.0\ACDSeeToastScheduler.exe" "-property|INSTALL_DIR|C:\Program Files\ACD Systems\ACDSee Ultimate\16.0\|-appID|ACDSystems.ACDSee.Ultimate.16|-add|C:\Program Files\ACD Systems\ACDSee Ultimate\16.0\content0.xml|15|-add|C:\Program Files\ACD Systems\ACDSee Ultimate\16.0\content1.xml|1440|-add|C:\Program Files\ACD Systems\ACDSee Ultimate\16.0\content3.xml|4320|-add|C:\Program Files\ACD Systems\ACDSee Ultimate\16.0\content7.xml|10080|-add|C:\Program Files\ACD Systems\ACDSee Ultimate\16.0\content14.xml|20160||"
                  2⤵
                  • Executes dropped EXE
                  PID:760
              • C:\Program Files\Bonjour\mDNSResponder.exe
                "C:\Program Files\Bonjour\mDNSResponder.exe"
                1⤵
                • Modifies firewall policy service
                • Executes dropped EXE
                PID:944
              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
                1⤵
                • Checks system information in the registry
                • Executes dropped EXE
                • Loads dropped DLL
                PID:3980
              • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
                1⤵
                • Checks system information in the registry
                • Executes dropped EXE
                • Loads dropped DLL
                • Modifies data under HKEY_USERS
                • Suspicious behavior: EnumeratesProcesses
                PID:1312
                • C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D14961AE-E23A-4F9C-95C1-24E32087D06D}\MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{D14961AE-E23A-4F9C-95C1-24E32087D06D}\MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe" /update /sessionid "{3BDDFE76-4427-4E01-B178-FF505D482177}"
                  2⤵
                  • Drops file in Program Files directory
                  • Executes dropped EXE
                  PID:3760
                  • C:\Program Files (x86)\Microsoft\Temp\EUFEAA.tmp\MicrosoftEdgeUpdate.exe
                    "C:\Program Files (x86)\Microsoft\Temp\EUFEAA.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{3BDDFE76-4427-4E01-B178-FF505D482177}"
                    3⤵
                    • Sets file execution options in registry
                    • Checks system information in the registry
                    • Executes dropped EXE
                    • Loads dropped DLL
                    • Suspicious behavior: EnumeratesProcesses
                    PID:4104
                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
                      4⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • Modifies registry class
                      PID:3280
                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
                      4⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • Modifies registry class
                      PID:3200
                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.177.11\MicrosoftEdgeUpdateComRegisterShell64.exe
                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.177.11\MicrosoftEdgeUpdateComRegisterShell64.exe"
                        5⤵
                        • Executes dropped EXE
                        • Loads dropped DLL
                        • Registers COM server for autorun
                        PID:4712
                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.177.11\MicrosoftEdgeUpdateComRegisterShell64.exe
                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.177.11\MicrosoftEdgeUpdateComRegisterShell64.exe"
                        5⤵
                        • Executes dropped EXE
                        • Loads dropped DLL
                        • Registers COM server for autorun
                        • Modifies registry class
                        PID:316
                      • C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.177.11\MicrosoftEdgeUpdateComRegisterShell64.exe
                        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.177.11\MicrosoftEdgeUpdateComRegisterShell64.exe"
                        5⤵
                        • Executes dropped EXE
                        • Loads dropped DLL
                        • Registers COM server for autorun
                        • Modifies registry class
                        PID:2512
                    • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzcuMTEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNTUuNzciIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7M0JEREZFNzYtNDQyNy00RTAxLUIxNzgtRkY1MDVENDgyMTc3fSIgdXNlcmlkPSJ7MDRFNTA2QTAtOTMzMS00REI5LTgwQUYtNkYwMDQ3NjlDMDc2fSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7NENBNzZEOEItODhGNC00Nzc3LUIxMEUtQ0M2QzRFMzUzQjQ3fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIG9zX3JlZ2lvbl9uYW1lPSJVUyIgb3NfcmVnaW9uX25hdGlvbj0iMjQ0IiBvc19yZWdpb25fZG1hPSIwIiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSJEQURZIiBwcm9kdWN0X25hbWU9IlN0YW5kYXJkIFBDIChRMzUgKyBJQ0g5LCAyMDA5KSIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE1NS43NyIgbmV4dHZlcnNpb249IjEuMy4xNzcuMTEiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZXRpbWU9IjE2OTUzMjI5MTMiPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE0ODk5NDI5NDg0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
                      4⤵
                      • Checks system information in the registry
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • Modifies data under HKEY_USERS
                      PID:3140
                • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNTUuNzciIHNoZWxsX3ZlcnNpb249IjEuMy4xNTUuNzciIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7M0JEREZFNzYtNDQyNy00RTAxLUIxNzgtRkY1MDVENDgyMTc3fSIgdXNlcmlkPSJ7MDRFNTA2QTAtOTMzMS00REI5LTgwQUYtNkYwMDQ3NjlDMDc2fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntGOUE0RkNFOC1CREUzLTREQTYtQjQxNi0zNTNBODk3N0FBNTN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IkRBRFkiIHByb2R1Y3RfbmFtZT0iU3RhbmRhcmQgUEMgKFEzNSArIElDSDksIDIwMDkpIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTU1Ljc3IiBuZXh0dmVyc2lvbj0iMS4zLjE3Ny4xMSIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy9lOWI0MjZiOS0wN2Y4LTRiMjktOTM1Yy1kOTFhNTliYjc4YmE_UDE9MTY5NTkyODA1OCZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1DU1B4dG9mbnEybFhDbVg0allCb2NDUXhURVlybXNlUmZCR1glMmY1Y0dUUE5qeFpROWZmQVBrTEdGZWpQZjklMmJ1SEtGUzQ1VlpGbUtWcktWVm5IN29vS3clM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGRvd25sb2FkZWQ9IjE1OTg5NDQiIHRvdGFsPSIxNTk4OTQ0IiBkb3dubG9hZF90aW1lX21zPSIyNjQ1NzgiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc291cmNlX3VybF9pbmRleD0iMCIvPjxldmVudCBldmVudHR5cGU9IjE1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PHBpbmcgcj0iNiIgcmQ9IjYxMDEiIHBpbmdfZnJlc2huZXNzPSJ7NUEzMjBCOTAtODI5Ri00M0NBLTkwMjUtQTg0MkMxOUVCMjg1fSIvPjwvYXBwPjxhcHAgYXBwaWQ9Ins1NkVCMThGOC1CMDA4LTRDQkQtQjZEMi04Qzk3RkU3RTkwNjJ9IiB2ZXJzaW9uPSI5Mi4wLjkwMi42NyIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBsYXN0X2xhdW5jaF90aW1lPSIxMzMzOTIzNTg1ODIwMTM4NCI-PHVwZGF0ZWNoZWNrLz48cGluZyBhY3RpdmU9IjEiIGE9Ii0xIiByPSI2IiBhZD0iLTEiIHJkPSI2MTAxIiBwaW5nX2ZyZXNobmVzcz0iezc1QzdFNDdCLUE0NjAtNEY3NC1CQzA3LTBFOTgwNjRFNjEyN30iLz48L2FwcD48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iOTguMC4xMTA4LjQzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMCI-PHVwZGF0ZWNoZWNrLz48cGluZyByPSItMSIgcmQ9Ii0xIiBwaW5nX2ZyZXNobmVzcz0ie0MwN0ZENzJELTVDRDAtNDRCQi1CQjQzLTQ2MTJDNTYxNDU5OH0iLz48L2FwcD48L3JlcXVlc3Q-
                  2⤵
                  • Checks system information in the registry
                  • Executes dropped EXE
                  • Loads dropped DLL
                  PID:1500
              • C:\Windows\system32\vssvc.exe
                C:\Windows\system32\vssvc.exe
                1⤵
                • Checks SCSI registry key(s)
                PID:2104
              • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                1⤵
                  PID:1940
                • C:\Program Files\ACD Systems\ACDSee Ultimate\16.0\ACDSeeCommanderUltimate16.exe
                  "C:\Program Files\ACD Systems\ACDSee Ultimate\16.0\ACDSeeCommanderUltimate16.exe"
                  1⤵
                  • Executes dropped EXE
                  • Suspicious use of FindShellTrayWindow
                  • Suspicious use of SendNotifyMessage
                  • Suspicious use of SetWindowsHookEx
                  PID:1980
                • C:\Windows\system32\svchost.exe
                  C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
                  1⤵
                    PID:1100

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Config.Msi\e5e25b9.rbs
                    Filesize

                    126KB

                    MD5

                    3363e835488714ca77d88d09907624d8

                    SHA1

                    419dc8b9555faedd41222c42a8e50bdcdde64b30

                    SHA256

                    c44d0ff5b7c96ad4191b7e74260136d70c038c4dd6f5539612e35fae1476601a

                    SHA512

                    9fcf3730e6f45b550ee1e5d3e3fb90e49087a1e3fb36d2af2517bc22cbf58925e8053e229a3253c4b6afe1d4a26c1da66fb2bef033536853d51ee603b44ee1f4

                    Download Submit

                  • C:\Config.Msi\e5e25bd.rbs
                    Filesize

                    226KB

                    MD5

                    8211a77e44b7f6600da63e8bca2e9ac4

                    SHA1

                    9f0e326174ece6bb64064b85705639e4abcd3e83

                    SHA256

                    2ccc399dfb11d73883d8f0e9e582def341300d157fc756bee8430d1ecfb1d10f

                    SHA512

                    1c15bcd070bf5901f83fee104e7fecf58fa0fc5cd080480cff8d5a1559ff44f3e347460e3a87f9854a39ba05602cc0bac142358195da61c0ba05268813f7dbff

                    Download Submit

                  • C:\Program Files (x86)\Microsoft\EdgeCore\98.0.1108.43\Installer\setup.exe
                    Filesize

                    3.0MB

                    MD5

                    c0af69fc8e601eb1d3123889fc3bc613

                    SHA1

                    57a863ac53499034e287c0697a8a35b828e724b2

                    SHA256

                    93da62653499196cb002fc418d93944cd2ee9468532a43775337b502b7d78c80

                    SHA512

                    2b68d697980260eceff105ab41f6a10d35df2c3f7ded7e0dd9bd3aabe9237715dd3688b3495a2f1c3b629b7d2fb8692e0002ba558df952282169d74f683e1d54

                    Download Submit

                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.177.11\MicrosoftEdgeUpdateSetup_X86_1.3.177.11.exe
                    Filesize

                    1.5MB

                    MD5

                    71b072f0a3d4b9e580a8bcd523403d43

                    SHA1

                    06bac910ad59cfa7ef323096d2c6728496b5e995

                    SHA256

                    a86d9f7c545953074b8b9c18474e953db73a9ba8e9ca50cbb3e5d97a7347fe4d

                    SHA512

                    8e668cb63d2b2092c81c8ef8e5eeacc01a34cc8b1eb7959bdd6104337a9a491650e41412dedbc5dca620320223694902d99d4213c95fed90799b262799a6a554

                    Download Submit

                  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
                    Filesize

                    209KB

                    MD5

                    0032498af2ebc50357cb31f1024c87fb

                    SHA1

                    9818522c47ec379ff7bddf92ea72cd831691d094

                    SHA256

                    c6bdf041b02561700c71c6275df4704a52d1fed4ba6a1bec98a602c6c325d6e7

                    SHA512

                    f83fc43ca54e87a67d949666ca8c30721f372312042be978b01dcdccd530ce5db4d3d9d6ddc934a92c079825b91fd988f362cd481dd87fa09ddf2cfac85c05c3

                    Download Submit

                  • C:\Program Files (x86)\Microsoft\Temp\EU96AF.tmp\EdgeUpdate.dat
                    Filesize

                    12KB

                    MD5

                    369bbc37cff290adb8963dc5e518b9b8

                    SHA1

                    de0ef569f7ef55032e4b18d3a03542cc2bbac191

                    SHA256

                    3d7ec761bef1b1af418b909f1c81ce577c769722957713fdafbc8131b0a0c7d3

                    SHA512

                    4f8ec1fd4de8d373a4973513aa95e646dfc5b1069549fafe0d125614116c902bfc04b0e6afd12554cc13ca6c53e1f258a3b14e54ac811f6b06ed50c9ac9890b1

                    Download Submit

                  • C:\Program Files (x86)\Microsoft\Temp\EU96AF.tmp\MicrosoftEdgeComRegisterShellARM64.exe
                    Filesize

                    160KB

                    MD5

                    cf9a26b458293978a908536927ec327d

                    SHA1

                    e8b293e3799f352921c7f430648c21f79e47b052

                    SHA256

                    4faa7cd71e234433f684c3d70efbfb1ada8d4172fc55caf78c0705e5646b0ba9

                    SHA512

                    54447d830595fd5e4cb8ff60e78916b676f983033397932fc0ff402cc310771d9e448cebdb1bcae6e0dd3d90c8968df01171ac52a1e14a36eda950f67909e714

                    Download Submit

                  • C:\Program Files (x86)\Microsoft\Temp\EU96AF.tmp\MicrosoftEdgeUpdate.exe
                    Filesize

                    209KB

                    MD5

                    0032498af2ebc50357cb31f1024c87fb

                    SHA1

                    9818522c47ec379ff7bddf92ea72cd831691d094

                    SHA256

                    c6bdf041b02561700c71c6275df4704a52d1fed4ba6a1bec98a602c6c325d6e7

                    SHA512

                    f83fc43ca54e87a67d949666ca8c30721f372312042be978b01dcdccd530ce5db4d3d9d6ddc934a92c079825b91fd988f362cd481dd87fa09ddf2cfac85c05c3

                    Download Submit

                  • C:\Program Files (x86)\Microsoft\Temp\EU96AF.tmp\MicrosoftEdgeUpdate.exe
                    Filesize

                    209KB

                    MD5

                    0032498af2ebc50357cb31f1024c87fb

                    SHA1

                    9818522c47ec379ff7bddf92ea72cd831691d094

                    SHA256

                    c6bdf041b02561700c71c6275df4704a52d1fed4ba6a1bec98a602c6c325d6e7

                    SHA512

                    f83fc43ca54e87a67d949666ca8c30721f372312042be978b01dcdccd530ce5db4d3d9d6ddc934a92c079825b91fd988f362cd481dd87fa09ddf2cfac85c05c3

                    Download Submit

                  • C:\Program Files (x86)\Microsoft\Temp\EU96AF.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe
                    Filesize

                    204KB

                    MD5

                    cbb1acbff5a8ce79804e687be8e3e75e

                    SHA1

                    0bb50f813e08ff13d637a8f4ee66e4c0f1fb01ca

                    SHA256

                    6d483505a0c9fd508ef48323099e2c64fce025e4b018df1d80d60aa00d8fb004

                    SHA512

                    7f4a8df19f94c74b1898109804f4ec596abe32ff59d35279e58b139cf3210f6faa2697eca422435a193f4f2f90535187fcd233a018a54a0cfc426ced25de5ce8

                    Download Submit

                  • C:\Program Files (x86)\Microsoft\Temp\EU96AF.tmp\MicrosoftEdgeUpdateCore.exe
                    Filesize

                    241KB

                    MD5

                    f70b0fc2f46f5e7082817a11c39e3c54

                    SHA1

                    9939591b236bdd16ea02e79eb11a2d6fefe2af44

                    SHA256

                    f6e636cfe7c53c120d834756f52ab407f1c5dc97c27a14e557f24c176e86d87f

                    SHA512

                    b8bde38507eb84725aad9b7ffa33eae462fe6c7779f7ba650453b10bc9b52128198c4e29a568b0ba865fe266c19af81efc3f62a7ffd68e38e9d403d71b1afd79

                    Download Submit

                  • C:\Program Files (x86)\Microsoft\Temp\EU96AF.tmp\NOTICE.TXT
                    Filesize

                    4KB

                    MD5

                    6dd5bf0743f2366a0bdd37e302783bcd

                    SHA1

                    e5ff6e044c40c02b1fc78304804fe1f993fed2e6

                    SHA256

                    91d3fc490565ded7621ff5198960e501b6db857d5dd45af2fe7c3ecd141145f5

                    SHA512

                    f546c1dff8902a3353c0b7c10ca9f69bb77ebd276e4d5217da9e0823a0d8d506a5267773f789343d8c56b41a0ee6a97d4470a44bbd81ceaa8529e5e818f4951e

                    Download Submit

                  • C:\Program Files (x86)\Microsoft\Temp\EU96AF.tmp\msedgeupdate.dll
                    Filesize

                    2.5MB

                    MD5

                    00670be258aacf4ca0c01ca980e96354

                    SHA1

                    4ed09d74b4eb0cb5b95ab37e341025fb7081287c

                    SHA256

                    0cb9d6c4fd45a3ba0f8e8c450e90beeee40e57b092906b841805fd3a24da4402

                    SHA512

                    79a8e1c944d7e38087668db4052f604b4aabd605f7628e2b2fab8526a8001152b2b9e2e6d15f41e701df24e2e44077b0561b88f64de01ac5366a4d9e696cede1

                    Download Submit

                  • C:\Program Files (x86)\Microsoft\Temp\EU96AF.tmp\msedgeupdate.dll
                    Filesize

                    2.5MB

                    MD5

                    00670be258aacf4ca0c01ca980e96354

                    SHA1

                    4ed09d74b4eb0cb5b95ab37e341025fb7081287c

                    SHA256

                    0cb9d6c4fd45a3ba0f8e8c450e90beeee40e57b092906b841805fd3a24da4402

                    SHA512

                    79a8e1c944d7e38087668db4052f604b4aabd605f7628e2b2fab8526a8001152b2b9e2e6d15f41e701df24e2e44077b0561b88f64de01ac5366a4d9e696cede1

                    Download Submit

                  • C:\Program Files (x86)\Microsoft\Temp\EU96AF.tmp\msedgeupdateres_af.dll
                    Filesize

                    27KB

                    MD5

                    0d8ca15cd08112472d8f725b9d26f400

                    SHA1

                    6082361001436a4d2c45babb755601a19bc58a10

                    SHA256

                    a36ec679129d8fa6e3f56b37c88e7d3406bb4d6d74e559e5a272ac8f34a812f4

                    SHA512

                    8ec03222c8a023fba580a309a487e4d9535cded212ce47aaf3d7f4cda250c99ce25417330e0508b0a306e0ba14f9451cda0a31c550fdf0ec92c192792af1e23b

                    Download Submit

                  • C:\Program Files (x86)\Microsoft\Temp\EU96AF.tmp\msedgeupdateres_am.dll
                    Filesize

                    23KB

                    MD5

                    5b981b86b65935bae5fe5805660c7302

                    SHA1

                    1107f5a6b8bb4ed1e95f621fbb7b236d6a57e11c

                    SHA256

                    bd380d64f5b9dd6bd979a78e912f1a3d2a7c08eda3418abc85d67c43c8477264

                    SHA512

                    d00f6d92f0efa0c89ee042abcb8b583097cd173d80b8009fc9dcda98a25c73edab970d607b4993831577812335db49dd3d76dba64a4cd6adc7b57494f0f78766

                    Download Submit

                  • C:\Program Files (x86)\Microsoft\Temp\EU96AF.tmp\msedgeupdateres_ar.dll
                    Filesize

                    25KB

                    MD5

                    5e9ba26ad6068d5b12ee2ebd74d66c03

                    SHA1

                    2081cb86bbc6e20965b147f4178990f4c9ba52e7

                    SHA256

                    6fc47a7fefb2ea88371b5e1ea84b24faaff6d4ccb503e6d9903b8301d16715e6

                    SHA512

                    ab2eb6ae054cc107b83d877fc44dd62380c4098fbb805033c1d1f87d7172384c4cb7482d1f8931ad5f5b7dd181f6239748497e4b5866c2f406c310c6837028c4

                    Download Submit

                  • C:\Program Files (x86)\Microsoft\Temp\EU96AF.tmp\msedgeupdateres_as.dll
                    Filesize

                    27KB

                    MD5

                    30a0dfc5374347d838199254ef2b27e1

                    SHA1

                    739c8197c111eededbdfb8e1940e63188bd8c5be

                    SHA256

                    92cc3b354e786d428ab3bb43c77119b81a2960b00bd9d99550639a8b5c0428b6

                    SHA512

                    b8611af4595eea99fb45653f6419235368075664721c467753cedd3b71507a28e0d6c5fb2c4b3e01db56d4842c043b14e20ac1ae7c225e7d678c77befdfccd1d

                    Download Submit

                  • C:\Program Files (x86)\Microsoft\Temp\EU96AF.tmp\msedgeupdateres_az.dll
                    Filesize

                    28KB

                    MD5

                    da1dd46046721726b57bab405c7b7c49

                    SHA1

                    f42267672f7112d772feee601d2add8346a0a89d

                    SHA256

                    d699ca97e2bc94f0ecc95b2ccefed201786535e7ada3fd6ccb543f42cfc273b8

                    SHA512

                    b71909c7df499a702b199b87a96d7f25fcc82a0dcbe1138e900b3f386a6204d1b95e37941f32f61a0a558ce2b514f938b0029c55da0e4955229863d8b4b40061

                    Download Submit

                  • C:\Program Files (x86)\Microsoft\Temp\EU96AF.tmp\msedgeupdateres_bg.dll
                    Filesize

                    28KB

                    MD5

                    9fbe7d6ef07bd3af76a9fc97dfd90e95

                    SHA1

                    300ea110b9ec0ef6c754950ff4dd59dbfc9f2b23

                    SHA256

                    fef5f9a3ac4626f756b28f6304dc5e5e50bff553930ff35d6b8429ee494b4313

                    SHA512

                    0df3f0af13d5ed4291ba179846a741149807e073c767b90ab5fd50449879429de6dd2b43954b3a52d3cc77ef4c98dc9efcd594c17784b48c97bf5bdccc90cc97

                    Download Submit

                  • C:\Program Files (x86)\Microsoft\Temp\EU96AF.tmp\msedgeupdateres_bn-IN.dll
                    Filesize

                    28KB

                    MD5

                    583c93b26e5dcd4bab07f7d303ebf5c3

                    SHA1

                    439e6d4762c2a3593512ff103a8ff32110fd0da3

                    SHA256

                    c0bb2e9167995db0d8f1f69a202ba00529e2ead8daeb29fcb99d42b0613efb2f

                    SHA512

                    aafbc518e596969d20327a2b860b63013b1d5bb7c89faacff0ba95a9f6bb160dffd5a0058475ec1ba2c5d07cfd8cd4a0cffe4bb89bd4bb74b3e5981d6beec414

                    Download Submit

                  • C:\Program Files (x86)\Microsoft\Temp\EU96AF.tmp\msedgeupdateres_bn.dll
                    Filesize

                    28KB

                    MD5

                    fef17d66629715ae8ce4ab00464152ca

                    SHA1

                    f62db519180eaaec0d62f56bf1dabcf353583aa6

                    SHA256

                    2ee6f8216f4953f3101de9578b392e2de94d59a79d08cbdd327b3d433f2b70ee

                    SHA512

                    98b2647b3bbb2476371fbf9329fad70934bcc7e1f958e925bbfca17a7083e47a5561db986d260025c339b051f7f00bcaaff938ff351032b95075bcc589b7255c

                    Download Submit

                  • C:\Program Files (x86)\Microsoft\Temp\EU96AF.tmp\msedgeupdateres_bs.dll
                    Filesize

                    27KB

                    MD5

                    c359759bc31042b62167a40c7c0203b0

                    SHA1

                    21140ceadd92ab23835c0e7a8f2e2fb95d0ccbdf

                    SHA256

                    43fe0258ad799cae8bb20f23c20d74fbbb4b650b97b1b5b737d1d1728556d897

                    SHA512

                    1d5837ef553223ac09e93df362da460002fb4f9eccc19120c4fb8c29cd453139a3cef54e9514217ac2d862a423d7a82f3e3d9b09f00c611cb16f19dfbe90979f

                    Download Submit

                  • C:\Program Files (x86)\Microsoft\Temp\EU96AF.tmp\msedgeupdateres_ca-Es-VALENCIA.dll
                    Filesize

                    28KB

                    MD5

                    5928df4290e3b6e8676a5aac6ddbbc31

                    SHA1

                    d83b71bc4b37c3b228b113239506f89761a55f7b

                    SHA256

                    ac5f350f4dc790f61135186c113bb2b8a78f26dab322ddb86b0e3403ab960721

                    SHA512

                    90113cfe50355d6df04382ee69db6ddad1651e771d0182e28d0d3de3d1d5a2f10d22d5de2b54e12bff1fa5d478513c881e9cfceb2b471746fa870516aa3d0e69

                    Download Submit

                  • C:\Program Files (x86)\Microsoft\Temp\EU96AF.tmp\msedgeupdateres_ca.dll
                    Filesize

                    28KB

                    MD5

                    c2cc0764c763cd30ab629173ad2c9fdd

                    SHA1

                    0e681669c04e102a4b031378b38c2645dd42bb3e

                    SHA256

                    f3b266910a5bc6f738c154cb6a754cb55df05ad7f01cd6d61cd6e0cc8927455e

                    SHA512

                    f54ac389ea62f4c4af5cfd727be094d43976c53a84a1df4313fa5c81bdd9f7038ec9b13832abda95d6f496956383708b3828f41e4b746ebf645dbc343f6568e6

                    Download Submit

                  • C:\Program Files (x86)\Microsoft\Temp\EU96AF.tmp\msedgeupdateres_cs.dll
                    Filesize

                    27KB

                    MD5

                    ebe48b47180b491688ec519a8d9bef73

                    SHA1

                    bd98b11dbaef493968d999c22e2e35fdadcc51b2

                    SHA256

                    02aae7715ad305977f316b9c80989ec63371c4c3e813b64252fe5f92143201d3

                    SHA512

                    7b2b7204505d73ce66ad070bd31a7790dc56ef071bd233b7be3eb1ecf82a9cc30a605c0524c707d10a9828849de69a7169f8af5b7ea1c4da797deba89bcafc20

                    Download Submit

                  • C:\Program Files (x86)\Microsoft\Temp\EU96AF.tmp\msedgeupdateres_cy.dll
                    Filesize

                    27KB

                    MD5

                    909c5c6afa14ee9756a4291077f2359b

                    SHA1

                    819e5e4f3197a6f45b5ce461ebda5b8dcf5a9a8f

                    SHA256

                    7b0b45ab3f199a316d33be841867e0e5219db63174efb5e6d9866816a3faf770

                    SHA512

                    a7b75854111e769dbfc0fef86e6561aff12b883c34cd91d15a2f209c68d76412670e9ca732ca159bab42176a4c3f1d9707f8e9db5e21143c15d13eafa1381d54

                    Download Submit

                  • C:\Program Files (x86)\Microsoft\Temp\EU96AF.tmp\msedgeupdateres_da.dll
                    Filesize

                    27KB

                    MD5

                    764d47b36dc060e15414e850c974b983

                    SHA1

                    4cd0ef1c6a951c50844e441a3673de505aa38004

                    SHA256

                    3fa89372d50cee57a316e279bb092287fad67ec1f47cc8f75178a985f43b5cd8

                    SHA512

                    9017d3ddc85a919fd1ad5ae182c2e4f1194eeadea98f185a158b5c424b7730f30f10b18ca902cbbbc83d6567033d79327c7b1efa89d36b55b9066a8785530984

                    Download Submit

                  • C:\Program Files (x86)\Microsoft\Temp\EU96AF.tmp\msedgeupdateres_de.dll
                    Filesize

                    29KB

                    MD5

                    24068ddcee174136374b56b4148678af

                    SHA1

                    604ed94670081d22a50436076d813f3f09d71e10

                    SHA256

                    8480fd2d3c59530bcb1fa9a07de57f354d4222155d928d1784cad51dce9e30e2

                    SHA512

                    f8969cd5d3d34c2b1b1be9cc62d5e33cd7798ceced2ecb173c4c01fea3fdf72eac91bb533a7b2ccee6fcae5ae00c56c5f945de70c003ff30838c62a211a837fc

                    Download Submit

                  • C:\Program Files (x86)\Microsoft\Temp\EU96AF.tmp\msedgeupdateres_el.dll
                    Filesize

                    29KB

                    MD5

                    62a99787a2c037f72588c10af0a4f97b

                    SHA1

                    376981b7ab0da3a63dd324fb679046c1e2fa2542

                    SHA256

                    b2b41c07abdc47d8670ae0f0c109450de99e95888cc2a1589bb526ab5c6204dd

                    SHA512

                    23c9eae2398adc8ebd15ae8067d528650612d2ed7afc3378bf7bf86453139ae1ec77283f15c1872f553e9461cfef4a5b0b4e7111b86124f628f19ab1e4cf6251

                    Download Submit

                  • C:\Program Files (x86)\Microsoft\Temp\EU96AF.tmp\msedgeupdateres_en-GB.dll
                    Filesize

                    26KB

                    MD5

                    8816264aa944a8f17e3080af13badfe5

                    SHA1

                    a200bdac7ddd6e52dff02530bdb6bcaa7c0ec271

                    SHA256

                    6d059098bdc372b4cf14b3bde4832ff2c68e4012fe5bf6bfdc08a39c5f746178

                    SHA512

                    89eb5ce3df70977d257f8524df8fa3f3f45432e7d9000db371f228f0d574b7dd844682eda7cd8a511d44bcfc4731dfad053db86ad5570abbb6d9a7db103e9bfa

                    Download Submit

                  • C:\Program Files (x86)\Microsoft\Temp\EU96AF.tmp\msedgeupdateres_en.dll
                    Filesize

                    26KB

                    MD5

                    c4e594d01bdcefcb1b71f06697e13c89

                    SHA1

                    26a90b0912332fde26451e2efbbed6bd8c4bd02c

                    SHA256

                    a1be434cb4d92a01fa3b43c1967f254be29dcaa25ceeb6cb13fed711f90b81ff

                    SHA512

                    1d0a1cfc7c8e10bc6b2cc9dcf6db0e204877439fa4cde26e6b1464cedb35676e67416956ca1b2873a10f0ab00a6049d000097c254ede77b06b1f329c34f17d0c

                    Download Submit

                  • C:\Program Files (x86)\Microsoft\Temp\EU96AF.tmp\msedgeupdateres_es-419.dll
                    Filesize

                    27KB

                    MD5

                    a3a5c7c28cdbe9ff4df338f6f9718944

                    SHA1

                    4c73b46b2076a16f8b21257865ce8b3d9ca94263

                    SHA256

                    c2eda53aad3225b73496c9eec5f933d902dc9a3e7c90530f77b5bbfa269ae09a

                    SHA512

                    1db7979e99b207f7c31a5db1cdcb76f6738c622c9c9146ae07a232c40f3dd2232f031c295d802bd3472006cd384ae7739ad6afd47fc31984b2101c6a2a0ecf8e

                    Download Submit

                  • C:\Program Files (x86)\Microsoft\Temp\EU96AF.tmp\msedgeupdateres_es.dll
                    Filesize

                    27KB

                    MD5

                    0444405f398facffb9ac93c90bd61a80

                    SHA1

                    1fe865393a4a9967966ed4310f342280b6c9487c

                    SHA256

                    83a11402bb26ef3a58c1bdf550a34faf76758a8a84b423a6f0a94a9692fb584b

                    SHA512

                    a5df3e52a4169acb1c89b060e09fe5e6c18fdbd0c597c8b55e843895dc8433f5804613dfd2f4a16d656593effe62a8821742b6226abaffe9c2480b9b9da0de25

                    Download Submit

                  • C:\Program Files (x86)\Microsoft\Temp\EU96AF.tmp\msedgeupdateres_et.dll
                    Filesize

                    26KB

                    MD5

                    657c0184668515f256a8011c162f0bc1

                    SHA1

                    ef56129d4edaffd59342ac2e94be2c570f44d23b

                    SHA256

                    453597b38cb5e06b4596d8ad3763b08cbcd806fbcab0228179b40c065a7523fa

                    SHA512

                    9340c5eebab4376b7fafd32985ce625f808311ab58d028c246095804c8022bf6e7e7dbc366974e5b80bb4117558ec566c1d40839ae451277d97cf8626693b223

                    Download Submit

                  • C:\Program Files\ACD Systems\ACDSee Ultimate\16.0\ACDSeeSR Themes\wood\Options.png
                    Filesize

                    2KB

                    MD5

                    e1989261ba7e4b6374fa401dc6660d60

                    SHA1

                    7e7b6874689a4752b4d15045cab541991b8f9c57

                    SHA256

                    4ebf531f950f798e3400fb18a3a08cc6b0f261ec3b772e42d77c82c8b1d3104b

                    SHA512

                    dbd5ebfa88dd951d04aa6409852754eac7aa2695a93e90c794d1ea2283464721da59fe6670237498ad1e74124bf64f9ac9d5f21f4e737498008df28ef432bdf3

                    Download Submit

                  • C:\Program Files\ACD Systems\ACDSee Ultimate\16.0\ACDSeeSR Themes\wood\OptionsD.png
                    Filesize

                    2KB

                    MD5

                    62ecd75afafa161b52655f953f623f96

                    SHA1

                    5a2d442860dfa8098029bfa7050bc2cbf5ca35da

                    SHA256

                    cd53877f29cb772b9d5eaba83931997ede1507b10f27944cf33cbfe9355946d1

                    SHA512

                    8234542a3895bc844ea2a99424ab8b0eea5a6d89ee2b28325ebcf17640f22c784add14f251577d5cce5587e6f2568d53be947a26b940d030cd900d67fc71613e

                    Download Submit

                  • C:\Program Files\ACD Systems\ACDSee Ultimate\16.0\ACDSeeSR Themes\wood\OptionsH.png
                    Filesize

                    2KB

                    MD5

                    302d82772b7a8506685c4b4e0e443f8b

                    SHA1

                    37f206b14b4283eaf38973b7f2305a532f960655

                    SHA256

                    bb7d278bc75cfbe187b8bd308e212cd071ac78099975a6b55f16b896b17fd4dc

                    SHA512

                    de23df719e617e1a670bb0f4048609d4dd9a716763d5932fee4e161a5791c3fe4cbec7c54ee5a22d87cc54cfe70486db3b6b3b64810ea8b46a56c851cb58d483

                    Download Submit

                  • C:\Program Files\ACD Systems\ACDSee Ultimate\16.0\ACDSeeSR Themes\wood\Random.png
                    Filesize

                    2KB

                    MD5

                    6f7de60eb25c3a0cde4bd275513f90bf

                    SHA1

                    59d8914a8867d9c9e37eb939c74ebaf47bef8885

                    SHA256

                    5b62443a01a2e33543d0bf3d8662f78ab4cff10139d093829f8436093fef4da9

                    SHA512

                    4eff7af0a10a1be85600ebd85d3a9c2d102b62791f756161b4a9d9dd69860433d4d8437efb6009571de73a7845e30151d71585af735fe37b480e0164d9b95749

                    Download Submit

                  • C:\Program Files\ACD Systems\ACDSee Ultimate\16.0\ACDSeeSR Themes\wood\RandomD.png
                    Filesize

                    2KB

                    MD5

                    8185b8fa95fc3100462054cda8420b16

                    SHA1

                    c6da689560a0701fb0837a19e802a55b43ff8d1d

                    SHA256

                    db45cfeb0b07be5000ae7212c1dcdb5f1fbc8df350bc4227b3db53ad77dbce37

                    SHA512

                    f2a64a30dceefe91be5f2b065e889fd019cdd65b14582520d1e8a63499a4ee7d631a1ef78785b786744cf7f4155f85a9da5ca566753313975a223dc18a8fcc5d

                    Download Submit

                  • C:\Program Files\ACD Systems\ACDSee Ultimate\16.0\ACDSeeSR Themes\wood\RandomH.png
                    Filesize

                    2KB

                    MD5

                    0d005f15130fd55d1310b55f1c13d9d7

                    SHA1

                    15490f41d1f19fb84570ed37c5d3bace8f59f370

                    SHA256

                    64fa3fbfbf087e7939e78521833fb447587426f3614fbf1b93e9a80de5222fb2

                    SHA512

                    b4ed56b54cf31e5d0c23c661031d66fa1bfa51f559d446469c5f212ff563eff6b6503c41ae82b96fefd11b4c1b305aaa0bf2211578112df68bc7a98408d3ef93

                    Download Submit

                  • C:\Program Files\ACD Systems\ACDSee Ultimate\16.0\ACDSeeSR Themes\wood\Sequence.png
                    Filesize

                    2KB

                    MD5

                    c6b866cda4b38009789e9d9852cab9ad

                    SHA1

                    6f89dd8eada9772c2e6cf5c30f1d8ca0aba0a136

                    SHA256

                    941be27c05519994d62902177554fb3e820c164533b1f332e5f72674ba4fb1e7

                    SHA512

                    906a2d42474123c3994e9b72c88494636119f0a317b8573c692a4ca7d0a178dc562fcf2e5accd82c381a68aa3c0eafef59d48eea3a46584fae9594f2edc65386

                    Download Submit

                  • C:\Program Files\ACD Systems\ACDSee Ultimate\16.0\ACDSeeSR Themes\wood\SequenceD.png
                    Filesize

                    2KB

                    MD5

                    c6ab9da999064b1cf21545486933e865

                    SHA1

                    99e85edabb3b10ea1b439ae36fd89960ee11c587

                    SHA256

                    75690a13d9cbfe4b30bacc99d5ef86f0fdefa223507718163710f550c08b6790

                    SHA512

                    fa552af7e67d945ffdabd726d3977543ee03d8f1f52d88ba8c69611e86447dce7409c3eda5ee793918e868328d8d74b495f2b36b336b800e75874fd520492d3c

                    Download Submit

                  • C:\Program Files\ACD Systems\ACDSee Ultimate\16.0\ACDSeeSR Themes\wood\SequenceH.png
                    Filesize

                    2KB

                    MD5

                    3c6d909cd898450219f88c6316a49e88

                    SHA1

                    0300e4260a32fe6f1a898ceb827c561d23ae0c01

                    SHA256

                    c9e4caadd25e7b5cb04c152ff9e5eb6e02f89f0b324e36c985876661493e4dff

                    SHA512

                    faa6bb0a4d1f41058357c0ca4a03533c41813d3ae15837a02d112f00cff25178df55a7f002f1bd6b8e1ff67780fad4399271aca27bb8bf5b1c250fee9ea58d51

                    Download Submit

                  • C:\Program Files\ACD Systems\ACDSee Ultimate\16.0\ACDSeeUltimate2023.exe
                    Filesize

                    52.2MB

                    MD5

                    97c1728f6852aa2e53f84ca0d14ac034

                    SHA1

                    9ab6e4e9c2f5085034281bfa569c48bbf0896761

                    SHA256

                    afdf0595199950341ca79a9599ef81647f782d5ecb57b4acf0bb1c7afef5ecba

                    SHA512

                    85e41b1ff8d18cd5c5c2606d2f3839fecb8c59bf13c8cb5d4c3833b5dc043195f059c962d0c86f5d2a1f576781e673945161785f87429825221928b36458d2f5

                    Download Submit

                  • C:\Program Files\ACD Systems\ACDSee Ultimate\16.0\AlbumGenerator\Styles\Style6\resources\graf_star_five.gif
                    Filesize

                    452B

                    MD5

                    525937f9c5229062d0d316497a645326

                    SHA1

                    df8f35c66bf58f5af4736218a000409960d2357b

                    SHA256

                    2b27b2c7386d74431308e2d8a0fd951da65c98e1c014c6b5bf2b78c8d23aafbc

                    SHA512

                    47f3da7a70f566b6e67824058aa7d383b892dfd6666b8b556d9447f1e308ebac97874fb67848cd4127014a51c837467f1d77e7418f4793b37848662a76085546

                    Download Submit

                  • C:\Program Files\ACD Systems\ACDSee Ultimate\16.0\AlbumGenerator\Styles\Style6\resources\graf_star_four.gif
                    Filesize

                    487B

                    MD5

                    867833cbce8d42a91d508c526366be5c

                    SHA1

                    939d72506850e020ddf8de40d4f68f1731977749

                    SHA256

                    caf7f4d94bf3ff696cea910781ac909502b9430e524b1d4e868e86d70e511937

                    SHA512

                    bb66a1ce8ec992dec0d2ec250afadf16f3161f02c10c70177d4b71203c3323f6d84ac391169b2524264c52efd465c9c33249a66fc22e68ac26d6e31277d7ddae

                    Download Submit

                  • C:\Program Files\ACD Systems\ACDSee Ultimate\16.0\AlbumGenerator\Styles\Style6\resources\graf_star_one.gif
                    Filesize

                    478B

                    MD5

                    218cad895c33624ae381a064f3a55abf

                    SHA1

                    3dcc6b2a6968012993e2424dd3d295b54ef8bc71

                    SHA256

                    ae130aa89a9b92a333e7bb8fa2e64764bd6902a9b44caf087fb3472f3ce7184f

                    SHA512

                    a9493dc467f3cc1c5b38472008c18e564cf8f0de52696b6a8969546736edc36d238272cbaeb886ecca8c917d203d19cd4675928c11fb12e5f29ac56a599d6643

                    Download Submit

                  • C:\Program Files\ACD Systems\ACDSee Ultimate\16.0\AlbumGenerator\Styles\Style6\resources\graf_star_three.gif
                    Filesize

                    490B

                    MD5

                    72487cc17384a0576705dec30e4b0a1c

                    SHA1

                    54f701d8d0845a1505044b2e9c22506de6b5455f

                    SHA256

                    2227fdbb9d656a7ac2db20b4cdbde55d8f79a32e2af938d74f41c76d1881cea9

                    SHA512

                    5977cbdc91e3c17748ee6357561a726c3470c58607d02b3a75cfd4d89adb90393377bdc9cd87036c2f57cb0dd5f4e5143077ba4780d78220db5714c3f96cdb27

                    Download Submit

                  • C:\Program Files\ACD Systems\ACDSee Ultimate\16.0\AlbumGenerator\Styles\Style6\resources\graf_star_two.gif
                    Filesize

                    491B

                    MD5

                    c578255942219f4e9b7504768d8fbaef

                    SHA1

                    19d4caf818de810725cf06ac0e2d47bf5d73bb81

                    SHA256

                    8b4895820329fb62b78ad2ab33a20d32c942607debed5a8bd2fa5e942c7b365e

                    SHA512

                    0c77f8678ad092117213bfdd362457b97baa0a06df983cf1de0850a53fc2d10374a91e82a2b0e70b2f886c617d2512065725bd9c24e5b66b294ced27d7ac8dbf

                    Download Submit

                  • C:\Program Files\ACD Systems\ACDSee Ultimate\16.0\AlbumGenerator\Styles\Style6\resources\graf_star_zero.gif
                    Filesize

                    453B

                    MD5

                    38987b076c321e6e1f29dae729c3ebee

                    SHA1

                    a91e77a2ba367abff4a5c6ed4beca03e74366e86

                    SHA256

                    4eda6b2f3540db094b864e6584431df05999281f8c82df34dd967e78e8e45adc

                    SHA512

                    9fd97a139ab1848007773a5b589ccf8325472dc8d4676d0f9a773a7beff7da775696f19ca018796a7216054c22fd3ec5426bd3fe32f738c5595dc8c240082981

                    Download Submit

                  • C:\Program Files\ACD Systems\ACDSee Ultimate\16.0\AlbumGenerator\Styles\Style9\resources\graf_star_on.gif
                    Filesize

                    302B

                    MD5

                    90dc6559e17ade278f07bd973b16f290

                    SHA1

                    a91cd00c0d4b153730e73005390d4eec646bf6fb

                    SHA256

                    6f961337e4a9c5b3521b5e7f31cb7f66501e8ba4fd36c36165811ceb21ae5439

                    SHA512

                    0bccd4ea185d431b1d7a001e87c55acf3d4f016cf6ef48f9fe7436b4771a7e3b025624711dc49c5c34e55ea617991d7eba6cc57c4f777ddaebbd2301e5ddc24d

                    Download Submit

                  • C:\Program Files\Java\jre1.8.0_66\lib\ext\dns_sd.jar
                    Filesize

                    16KB

                    MD5

                    ca086bb31b598febd7e8d44daf14714a

                    SHA1

                    4838808e80df811cfb2bf7faf361b3cbc16f9f81

                    SHA256

                    3818abdee5b1d3d77ae4a5ace25a638b2d7d624605f8e8ce14dd6d4c6639c00c

                    SHA512

                    54188bf433a0da1b6b8f6f881af6d681a6bb629693191c7ee46f852953529cb94dfa894aca574e1cd7355985ea8d6187e7694c8144ea1db880922676f0dfe0c5

                    Download Submit

                  • C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
                    Filesize

                    71KB

                    MD5

                    5b56b4c8acde942643869b3adc99fbb6

                    SHA1

                    9ada9e0f7254ad23185578df0001a0530abe102c

                    SHA256

                    829c138670dea47ebf949808c9dc4a5c7210dbbf31226c38168d22822c593097

                    SHA512

                    8eeaeada89fc124a081b30c7268b2c14015649ad4f31c87972e1ee045fe687993acabb7284bb2a175c394c2ae4e40c44192920ba90869d52a873a29aecd81dfe

                    Download Submit

                  • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACD Systems\ACDSee Photo Studio Ultimate 2023.lnk
                    Filesize

                    2KB

                    MD5

                    0b71e9679b62eee1ff02f36cdd17ee67

                    SHA1

                    4444faf5cf0921870b0392bf99d3b5a9c8f03195

                    SHA256

                    8eae3e0ca7b96501b2e511c8a7c19b4b2409149405b09f4aaf05b194fb47e004

                    SHA512

                    e623ac35f8af26aef0399b25a03161e42654ab957946b27923968b41bcf2f93c39149bca3faf848a829158a0c8022c8c35c4bdaefd9497b0896e1053342af163

                    Download Submit

                  • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACD Systems\ACDSee Photo Studio Ultimate 2023.lnk~RFe67f4c2.TMP
                    Filesize

                    2KB

                    MD5

                    1938bdd7230ae483dc87d2ef1aa65745

                    SHA1

                    b538e2dac391cf8ec44ad9c776b2830c20120730

                    SHA256

                    6e610a5529983b9f5d38ea086f4b5a253b6efdccb0eb6a2727972c809a167bac

                    SHA512

                    9b4371487cf9703c29c5c5721b592721549404a0d3259569419bbfe7042c01d8cdeed840748f0e6df09824a5f75b4d2723d656f0e6c78bb36a3ec0ba6f0c87e0

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Downloaded Installations\{195ACEC3-2ED7-4517-ACBF-2C0A281B1337}\{C7C10794-4A16-4A6F-9132-543194639D17}\ACDSee Photo Studio Ultimate 2023.msi
                    Filesize

                    659.7MB

                    MD5

                    193ce4128afb9789293dd062ac5e6907

                    SHA1

                    2fcb97b3a7d916549b638bab3c59a3aaf7f3cd07

                    SHA256

                    6c2381485b098f41d1fa8cb41740ce14ba3d8f83d0f39b680a0cca97194f6d2a

                    SHA512

                    f6128fbf31cb58db15f4e603c47a4c8bdcddd4002176d9b91207378f7112e7ebcdb23f6d073d47bf171023be28439911636446149c44dfb02b428a6f3be8d39b

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PR67AA1Y\microsoft.windows[1].xml
                    Filesize

                    97B

                    MD5

                    82b066a0c26e9c3c026d421e012a093e

                    SHA1

                    2e4493ff239034dd93befa48a286616fa1222526

                    SHA256

                    a4c381833e51949fd261b3e7bf72873bddc61d6eaf01a83a89beda5877338d64

                    SHA512

                    4fb425137bcab122288af0df6dd2774fb9179f9c178c8c7b738e6e293d8dbe0aff97a879f42670d07c5bbc69935104b8bdcef8fd7efaee48949dd354af626feb

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133397971984832099.txt
                    Filesize

                    76KB

                    MD5

                    3ab444ad944154a6614720e1b3baf2cd

                    SHA1

                    0ce68042fc9eb8de522d7e044a391bb7bba59f35

                    SHA256

                    c5387ea26f3bc902037cd2925859fad766642229223ba86781d7dc82669d1229

                    SHA512

                    d8f74b5d97dbb090f0fc3fc650a6949caf015688ada669ff9cb604d36265b94063f27078dcf16ceaeabb935ef27c3e56911afacc6aa116bcf7afdf755034dd57

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PR67AA1Y\microsoft.windows[1].xml
                    Filesize

                    97B

                    MD5

                    82b066a0c26e9c3c026d421e012a093e

                    SHA1

                    2e4493ff239034dd93befa48a286616fa1222526

                    SHA256

                    a4c381833e51949fd261b3e7bf72873bddc61d6eaf01a83a89beda5877338d64

                    SHA512

                    4fb425137bcab122288af0df6dd2774fb9179f9c178c8c7b738e6e293d8dbe0aff97a879f42670d07c5bbc69935104b8bdcef8fd7efaee48949dd354af626feb

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PR67AA1Y\microsoft.windows[1].xml
                    Filesize

                    97B

                    MD5

                    82b066a0c26e9c3c026d421e012a093e

                    SHA1

                    2e4493ff239034dd93befa48a286616fa1222526

                    SHA256

                    a4c381833e51949fd261b3e7bf72873bddc61d6eaf01a83a89beda5877338d64

                    SHA512

                    4fb425137bcab122288af0df6dd2774fb9179f9c178c8c7b738e6e293d8dbe0aff97a879f42670d07c5bbc69935104b8bdcef8fd7efaee48949dd354af626feb

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PR67AA1Y\microsoft.windows[1].xml
                    Filesize

                    97B

                    MD5

                    82b066a0c26e9c3c026d421e012a093e

                    SHA1

                    2e4493ff239034dd93befa48a286616fa1222526

                    SHA256

                    a4c381833e51949fd261b3e7bf72873bddc61d6eaf01a83a89beda5877338d64

                    SHA512

                    4fb425137bcab122288af0df6dd2774fb9179f9c178c8c7b738e6e293d8dbe0aff97a879f42670d07c5bbc69935104b8bdcef8fd7efaee48949dd354af626feb

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PR67AA1Y\microsoft.windows[1].xml
                    Filesize

                    97B

                    MD5

                    82b066a0c26e9c3c026d421e012a093e

                    SHA1

                    2e4493ff239034dd93befa48a286616fa1222526

                    SHA256

                    a4c381833e51949fd261b3e7bf72873bddc61d6eaf01a83a89beda5877338d64

                    SHA512

                    4fb425137bcab122288af0df6dd2774fb9179f9c178c8c7b738e6e293d8dbe0aff97a879f42670d07c5bbc69935104b8bdcef8fd7efaee48949dd354af626feb

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PR67AA1Y\microsoft.windows[1].xml
                    Filesize

                    97B

                    MD5

                    82b066a0c26e9c3c026d421e012a093e

                    SHA1

                    2e4493ff239034dd93befa48a286616fa1222526

                    SHA256

                    a4c381833e51949fd261b3e7bf72873bddc61d6eaf01a83a89beda5877338d64

                    SHA512

                    4fb425137bcab122288af0df6dd2774fb9179f9c178c8c7b738e6e293d8dbe0aff97a879f42670d07c5bbc69935104b8bdcef8fd7efaee48949dd354af626feb

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PR67AA1Y\microsoft.windows[1].xml
                    Filesize

                    97B

                    MD5

                    82b066a0c26e9c3c026d421e012a093e

                    SHA1

                    2e4493ff239034dd93befa48a286616fa1222526

                    SHA256

                    a4c381833e51949fd261b3e7bf72873bddc61d6eaf01a83a89beda5877338d64

                    SHA512

                    4fb425137bcab122288af0df6dd2774fb9179f9c178c8c7b738e6e293d8dbe0aff97a879f42670d07c5bbc69935104b8bdcef8fd7efaee48949dd354af626feb

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PR67AA1Y\microsoft.windows[1].xml
                    Filesize

                    97B

                    MD5

                    82b066a0c26e9c3c026d421e012a093e

                    SHA1

                    2e4493ff239034dd93befa48a286616fa1222526

                    SHA256

                    a4c381833e51949fd261b3e7bf72873bddc61d6eaf01a83a89beda5877338d64

                    SHA512

                    4fb425137bcab122288af0df6dd2774fb9179f9c178c8c7b738e6e293d8dbe0aff97a879f42670d07c5bbc69935104b8bdcef8fd7efaee48949dd354af626feb

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\PR67AA1Y\microsoft.windows[1].xml
                    Filesize

                    97B

                    MD5

                    82b066a0c26e9c3c026d421e012a093e

                    SHA1

                    2e4493ff239034dd93befa48a286616fa1222526

                    SHA256

                    a4c381833e51949fd261b3e7bf72873bddc61d6eaf01a83a89beda5877338d64

                    SHA512

                    4fb425137bcab122288af0df6dd2774fb9179f9c178c8c7b738e6e293d8dbe0aff97a879f42670d07c5bbc69935104b8bdcef8fd7efaee48949dd354af626feb

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\ACDSee Photo Studio Ultimate 2023.exe
                    Filesize

                    784.6MB

                    MD5

                    d325282bbb151e33361b9b596e0d59fd

                    SHA1

                    d867a7e020bd675aa8c953e768c50852fa4f319f

                    SHA256

                    d08141ca0e4e8196cb213576cf8354d7d7d38fb4b4f53768734473584d5e13d2

                    SHA512

                    41c63d9d24f0c96874922e7a703d293cc33847a6dadbcd338e12631663c85857d8e7c0b803b60ce455a1925f02aba4138a0b77fde18c4deb7e3bd8fff88dd653

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\ACDSee Photo Studio Ultimate 2023.exe
                    Filesize

                    784.6MB

                    MD5

                    d325282bbb151e33361b9b596e0d59fd

                    SHA1

                    d867a7e020bd675aa8c953e768c50852fa4f319f

                    SHA256

                    d08141ca0e4e8196cb213576cf8354d7d7d38fb4b4f53768734473584d5e13d2

                    SHA512

                    41c63d9d24f0c96874922e7a703d293cc33847a6dadbcd338e12631663c85857d8e7c0b803b60ce455a1925f02aba4138a0b77fde18c4deb7e3bd8fff88dd653

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\ACDSee Photo Studio Ultimate 2023.exe
                    Filesize

                    784.6MB

                    MD5

                    d325282bbb151e33361b9b596e0d59fd

                    SHA1

                    d867a7e020bd675aa8c953e768c50852fa4f319f

                    SHA256

                    d08141ca0e4e8196cb213576cf8354d7d7d38fb4b4f53768734473584d5e13d2

                    SHA512

                    41c63d9d24f0c96874922e7a703d293cc33847a6dadbcd338e12631663c85857d8e7c0b803b60ce455a1925f02aba4138a0b77fde18c4deb7e3bd8fff88dd653

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\ACDWIClient.exe
                    Filesize

                    2.3MB

                    MD5

                    2deacb81f30ac6b8b0587d82caa55ca9

                    SHA1

                    1ca1e18c6c3ae1c7fbc4b59a7d4b819403199ed0

                    SHA256

                    5b3910e9b6c9316df89e3f66ecf6914808fca5894e2c7d7941670bcddab0acef

                    SHA512

                    8ccac4cea4438572adc63b59b2175f403c2877f602b044cf5129c453f94b484c81bca987efb8f2d2d187ca5aee84c3b899d8274f21afdc018e8a69f2586c4a41

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\ACDWIClient.exe
                    Filesize

                    2.3MB

                    MD5

                    2deacb81f30ac6b8b0587d82caa55ca9

                    SHA1

                    1ca1e18c6c3ae1c7fbc4b59a7d4b819403199ed0

                    SHA256

                    5b3910e9b6c9316df89e3f66ecf6914808fca5894e2c7d7941670bcddab0acef

                    SHA512

                    8ccac4cea4438572adc63b59b2175f403c2877f602b044cf5129c453f94b484c81bca987efb8f2d2d187ca5aee84c3b899d8274f21afdc018e8a69f2586c4a41

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\ACDWebInstaller.xml
                    Filesize

                    2KB

                    MD5

                    691a2755b1c0be28b596323fd808cb45

                    SHA1

                    1dec67d996d2179e72f2586987b69ebfd5b244b2

                    SHA256

                    8515af4e6f4f5cc9ba05f01978321dbc7d629e9a45739ab974da23c5d5bd0449

                    SHA512

                    ee664902c095e0639b387c90e0a92aa3c58046ec777e5114d915eee2997d61de826fa76d1516e1a8d6494ae0307428fc89260b6fa4ec72a0b3f6e3917ecd7e70

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\ACDWebInstallerString.ini
                    Filesize

                    2KB

                    MD5

                    29a6c55a6942dc77db212acf5adfa558

                    SHA1

                    ffffb6baa6b4968c800abc4451bb6f8d6449b21e

                    SHA256

                    e95d4a6844106fa345af0af6a2442c69e7d63536028c354715c6753e04e25956

                    SHA512

                    625b7dc7ac07311fb206bdeeb919bee9740842b58c6b1a1ab01b0104dcdbf8f9c6b61bca537c03d005f98493d22a3e257ad0f429c4c5c79db724a5ccbf1f1b05

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\Cancel_D.jpg
                    Filesize

                    1KB

                    MD5

                    5ba37131ef857b73b5c96974f48b19b6

                    SHA1

                    144b6773ca268ef3c4b244e6869378e89d92d1e6

                    SHA256

                    603fc391e5d1ab42cd5f90f97387c5f826884b4ae172d2440211ce9cb97bed86

                    SHA512

                    2abcf072f63755ee1ae0e45d44a1d210ca6e03d6fab9127dc3ac89a349f579a322e20dd1173fe4c24d9a7000215248b8021a393f7075aba6b74904cd68eb2dd4

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\Cancel_H.jpg
                    Filesize

                    1KB

                    MD5

                    435e6ac835b79a7605a41170b6edb4fe

                    SHA1

                    0b9c06cc9cb6dcbdb81f74a8fdb8e45a942f6590

                    SHA256

                    50cb841c6b29c908b918e776cf06f958fd3786c4d0263a75a3d88f367a415ed0

                    SHA512

                    2ed313d0dc2f3ac14e41049c096e43e79ead41ff4bd5e5b3d6e8855db9ccc754fe5c9981f0322849cffa8fc1a320ed3e527ee68632aaafe692038c2a5f7ad83b

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\Cancel_N.jpg
                    Filesize

                    1KB

                    MD5

                    edaab1e4e632fec8ec1c5ca10ee2999b

                    SHA1

                    5d5ae7d2ea7050e1e59dd0e4c8cb8354f8e111c9

                    SHA256

                    1a29fa4258e422ec0bcd61f717f576fcbfa0ed8aa8da68ae3e5e858e2b74f915

                    SHA512

                    4b2c7a4df4ddaa3256b8217839ec17acb031772ccb87cb5163689a6c5be63ea08ed40f950ba53a9dadc09346ac861164a5bb1685f79978d5ddd4dc1e8025bfbe

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\CheckD.jpg
                    Filesize

                    3KB

                    MD5

                    0a6d9bb7a0ca4f4b9ff2fde49d2c1950

                    SHA1

                    70e29d5d93edd3d0ef8ae8a6cb9eacd4a60852da

                    SHA256

                    48b865c504bea10a285d28aa1ac2d6adc66ef8b0ce719a182a83c1db70639e56

                    SHA512

                    ef5378a73d7dd9c122276efded1b9833d8ddf186854377cd964b35547b639f229fa4a4bfa1c2664f1b4e53f14ed1d41423e30525c5e6653e04f7f7645c26fcd2

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\Close_H.jpg
                    Filesize

                    969B

                    MD5

                    bfe21fe40e26676e101c4452df80aa4e

                    SHA1

                    3a3c8a9050ad940dfb3aa8029371ef5196397d2e

                    SHA256

                    262620de5619ab5000bb248c47001ae6daa117d5d26d3bd0743d35798bcf6f16

                    SHA512

                    dad4ec8f89b1936b4c9c4c16eef527ead061fcf653cb3eaa88a2e6fc240872e1f95b66491aa1c967f3e1406f39b5c321d9fd4ab5c7dd0bba3468b41a58c721cf

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\Close_N.jpg
                    Filesize

                    965B

                    MD5

                    3108beb9806d74cae4f0f43f9539beee

                    SHA1

                    24f31ba6779e1bdfdaf80413dd77d6122a10a838

                    SHA256

                    68b82c4d13aa96c19342fe36c118fa2c94a813a49b8d5915fb4253230afa082d

                    SHA512

                    9358f752fd53dd5d2b5970defd43d3c36f238dce1f79388e69d9fb37bff7c3b00bff538aef9dbb5e72171592da0831048787cb25e138b3a95eaa28e688f4b337

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\DX175E.tmp\aug2005_d3dx9_27_x64.inf
                    Filesize

                    806B

                    MD5

                    7cfa60cdb7e697b40a268eb8814446e5

                    SHA1

                    e8e77082361d5a5ebf6163cf880f9700cff5741b

                    SHA256

                    0a8ffec8d7ef3a0aa005f604a045dcf80cf5b6473b4f26e30c58eee23e253fae

                    SHA512

                    77aaea559ef94d405194351b52643512a71990833dac22a331d5b78d569263db11bf969e26224ba8a362bf538782010ca074286ea605490d40c10f7d2d53d255

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\DX175E.tmp\aug2005_d3dx9_27_x86.inf
                    Filesize

                    1KB

                    MD5

                    e45a175750a672cbb2553087a8c5cf8a

                    SHA1

                    70d487f99e101bf39650594c27674313181a8ff6

                    SHA256

                    d02232a6587c460c026601517178318bab2ac29c59d269c6e3d1a3a993a9a1c4

                    SHA512

                    199882ada178e41be14af82001829d009379445028d3803d2a86eef899c01600cf2aa86123311b728e888498674379a35d40ed0964c2f88da24758fe3c7093d2

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\DX175E.tmp\d3dx9_27.dll
                    Filesize

                    2.2MB

                    MD5

                    852edc778a7a50077694f84d8e601234

                    SHA1

                    14705b638e1af81ddda5dc52f68c61ebfce5e9e3

                    SHA256

                    a70d571cd675c97c9eeb4a234dba1d667ffb54ec3bb14defb36b3e2f605ae257

                    SHA512

                    51c4031d98bfe3251a81ea9f4434ce38f077645a40d0ca413e31b6951c384a1635cb040c24ccf1baeef3d5a47d0d18d8b47fef3bcb28570d6e936fcea6f912c2

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\DX175E.tmp\dxupdate.dll
                    Filesize

                    134KB

                    MD5

                    65eb82ec5f8da3d372659daf218b8ff7

                    SHA1

                    88ee65202124316e6d09dde9e54c20ef9312f7b2

                    SHA256

                    eede815b3936114260f7a5a27cd004e92ee39678b547c4ebf47102d38cd0d9da

                    SHA512

                    c2d26d1e07c1645ae8f47b8c21bec1ece6bf1bca2e619d388fd4ec166dac341a78a012ddd36e3eef0d1e090525d16564c91ad216c3bcc2e285de7a0e26586296

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\DX175E.tmp\dxupdate.inf
                    Filesize

                    6KB

                    MD5

                    60e13b1f674e225f0d78cbffa5934b30

                    SHA1

                    bd1ef39f71b46c9644956dd0fabc379102e26150

                    SHA256

                    28b834425431a5caebfa3c3047f7f9b0f882b529c6a3b1c72d07cb1d37786587

                    SHA512

                    92928b0c6f8f9f3731984246052dd24d42ca0c84dc13e28a4bac0c07d5d5d5281a6881eca2c37f7346a38b3c136ae3af87adc0d1563b63e1ae15da8df83fccc7

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\MainWndBkg.jpg
                    Filesize

                    28KB

                    MD5

                    ee974c69d2072454c435bb7fe634014b

                    SHA1

                    e9a6d266614ed7a4081dc1509a32b758dcbe785a

                    SHA256

                    afbb3bcfb5862002c675f661101882c9a994f72f6bc4fe3e5df05a597c06b661

                    SHA512

                    136844eb58f3711e38f0b2c3c4232d0b4765c7594692356b4a3ebe588e2cfae683827cae4be6ebd3d03f785cc51a0e1c4358306fa4af9c00ec3a4baeef1ef7b9

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\Min_H.jpg
                    Filesize

                    843B

                    MD5

                    841f5cc38c501878915b873f6f6eb1af

                    SHA1

                    8735867741a300d037c8360bd02e3fd338a619d8

                    SHA256

                    8641fbe5c60480bf22541c7478f483b89ee655bcc2190f5c270fcc436fa9606b

                    SHA512

                    c90c13cb61105b90a7f5e932907a7563b8e649e9362a71541bc9dd887ee553a03cea188f20a593def6ef49602f7cf936d6c20e1ddb69a0cdaba087b231936b8a

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\Min_N.jpg
                    Filesize

                    747B

                    MD5

                    38ad1e24897436fedaebdcb25c2b5bb8

                    SHA1

                    ea87f8bf916ca84953eb16ae3d5898212faba367

                    SHA256

                    1067c0de3d7e44141ff69e4d5d362276e198bb1f6f6abb8a01421c37b5c2fb08

                    SHA512

                    4a691a8838b007500b017278dfedb44b900c93cf9bbd80fe92711919199d4805340a36e11498118fcf8562249d75ab68fa5a27faaab7a7fb0ac62d4958a55623

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\StatusBkg.jpg
                    Filesize

                    927B

                    MD5

                    69e3cb39a1b5a98e147a194d90d9528a

                    SHA1

                    063f8b25df00742d5a924dcf6c71f77ddb4ca210

                    SHA256

                    d1c9186e366992e4c586621848a0f4656be2957cf7baff31bfe791e2865308b9

                    SHA512

                    4cac1a7e18338836fb62ec85219396331a8a7c882fdd8e838a223e606119f59dd16998579449a38fe68640fd660746a6c3dbb183582c1b3ef2ed338c385bffb8

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_05ipfi3p.fbt.ps1
                    Filesize

                    60B

                    MD5

                    d17fe0a3f47be24a6453e9ef58c94641

                    SHA1

                    6ab83620379fc69f80c0242105ddffd7d98d5d9d

                    SHA256

                    96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                    SHA512

                    5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\{B1F43802-02B5-40EA-80DB-F6AEBCF25F35}\0x0407.ini
                    Filesize

                    25KB

                    MD5

                    ac20509373836978506de9562f946fc1

                    SHA1

                    0991afacd2133750cf6029dd033b36cfe38a97ec

                    SHA256

                    e12ab3866c7dab7482e1d571d611549d4485a5d7dd808590d7717b028b9db38b

                    SHA512

                    73643f22fb0db6ca1f495b1b199bb78828463d1b525d7d5881e42a5bbdf858d16828890fe48b597795166387b0300b2c72cd562ca4c978dbaafceb1d19324aec

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\{B1F43802-02B5-40EA-80DB-F6AEBCF25F35}\ACDSee Photo Studio Ultimate 2023.exe
                    Filesize

                    784.6MB

                    MD5

                    d325282bbb151e33361b9b596e0d59fd

                    SHA1

                    d867a7e020bd675aa8c953e768c50852fa4f319f

                    SHA256

                    d08141ca0e4e8196cb213576cf8354d7d7d38fb4b4f53768734473584d5e13d2

                    SHA512

                    41c63d9d24f0c96874922e7a703d293cc33847a6dadbcd338e12631663c85857d8e7c0b803b60ce455a1925f02aba4138a0b77fde18c4deb7e3bd8fff88dd653

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\{B1F43802-02B5-40EA-80DB-F6AEBCF25F35}\ACDSee Photo Studio Ultimate 2023.exe
                    Filesize

                    784.6MB

                    MD5

                    d325282bbb151e33361b9b596e0d59fd

                    SHA1

                    d867a7e020bd675aa8c953e768c50852fa4f319f

                    SHA256

                    d08141ca0e4e8196cb213576cf8354d7d7d38fb4b4f53768734473584d5e13d2

                    SHA512

                    41c63d9d24f0c96874922e7a703d293cc33847a6dadbcd338e12631663c85857d8e7c0b803b60ce455a1925f02aba4138a0b77fde18c4deb7e3bd8fff88dd653

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\{B1F43802-02B5-40EA-80DB-F6AEBCF25F35}\_ISMSIDEL.INI
                    Filesize

                    896B

                    MD5

                    3f63834d65b735624ed64f393235a768

                    SHA1

                    547460192c07ff2811946c158529775fb2fc70c9

                    SHA256

                    845a4517fcddb338a308a8260a45655756fa5670074f1e4c2774497b278cd8b5

                    SHA512

                    a8f56e2d50e55a1c1ed8aaae24c57287291ca76fac4d7fc2c3b934525a7645889770979b7c19bb574d3871b58eb6c2d4110ca24a88eec509318428a0af16e5bd

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\{B1F43802-02B5-40EA-80DB-F6AEBCF25F35}\_ISMSIDEL.INI
                    Filesize

                    704B

                    MD5

                    96c0339ed72d4c4f2522bae62b4babfb

                    SHA1

                    53e8894c4bd321ed6c1bb4c7a068d1be0b82c148

                    SHA256

                    11977540b25a00f0106a866a1fd5c0e58cdc17db089cd3a260c70a4700caf465

                    SHA512

                    d5b00b786da816c9f9790548a7769fff19531dfab4b0af20766ddebfef836b3dab95f25159d18266c106a10c7719bcb379983d9ac0586efae09a402bb883d9a4

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\{B1F43802-02B5-40EA-80DB-F6AEBCF25F35}\{54A5B87A-F914-46F7-91D1-DBECD426E415}\MicrosoftEdgeWebView2RuntimeInstallerX64.exe
                    Filesize

                    116.7MB

                    MD5

                    9eb3d6612f840bc508c55b715c5bd4ff

                    SHA1

                    40182a36d003d636d33ace168d6b62e29412ac3a

                    SHA256

                    f7a3fc30ee3bc14fa4bf60c216832da5ddd46852638b117d9937d310c8abe22c

                    SHA512

                    847c3825187304ee37924a14faea52c7ce423835f5d9fc72d8874e55068b12fbd416ac154ebb376225c10c1c398f5318aca78e44db7ea4c84705fbc905407477

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\{B1F43802-02B5-40EA-80DB-F6AEBCF25F35}\{54A5B87A-F914-46F7-91D1-DBECD426E415}\MicrosoftEdgeWebView2RuntimeInstallerX64.exe
                    Filesize

                    116.7MB

                    MD5

                    9eb3d6612f840bc508c55b715c5bd4ff

                    SHA1

                    40182a36d003d636d33ace168d6b62e29412ac3a

                    SHA256

                    f7a3fc30ee3bc14fa4bf60c216832da5ddd46852638b117d9937d310c8abe22c

                    SHA512

                    847c3825187304ee37924a14faea52c7ce423835f5d9fc72d8874e55068b12fbd416ac154ebb376225c10c1c398f5318aca78e44db7ea4c84705fbc905407477

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\{B1F43802-02B5-40EA-80DB-F6AEBCF25F35}\{54A5B87A-F914-46F7-91D1-DBECD426E415}\MicrosoftEdgeWebView2RuntimeInstallerX64.exe
                    Filesize

                    116.7MB

                    MD5

                    9eb3d6612f840bc508c55b715c5bd4ff

                    SHA1

                    40182a36d003d636d33ace168d6b62e29412ac3a

                    SHA256

                    f7a3fc30ee3bc14fa4bf60c216832da5ddd46852638b117d9937d310c8abe22c

                    SHA512

                    847c3825187304ee37924a14faea52c7ce423835f5d9fc72d8874e55068b12fbd416ac154ebb376225c10c1c398f5318aca78e44db7ea4c84705fbc905407477

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\{B1F43802-02B5-40EA-80DB-F6AEBCF25F35}\{FBF70175-BB86-496A-900A-C5B9CEBCB13C}\VC_redist.x64.exe
                    Filesize

                    14.4MB

                    MD5

                    be433764fa9bbe0f2f9c654f6512c9e0

                    SHA1

                    b87c38d093872d7be7e191f01107b39c87888a5a

                    SHA256

                    40ea2955391c9eae3e35619c4c24b5aaf3d17aeaa6d09424ee9672aa9372aeed

                    SHA512

                    8a050ebd392654ce5981af3d0bf99107bfa576529bce8325a7ccc46f92917515744026a2d0ea49afb72bbc4e4278638a0677c6596ad96b7019e47c250e438191

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\{B1F43802-02B5-40EA-80DB-F6AEBCF25F35}\{FBF70175-BB86-496A-900A-C5B9CEBCB13C}\VC_redist.x64.exe
                    Filesize

                    14.4MB

                    MD5

                    be433764fa9bbe0f2f9c654f6512c9e0

                    SHA1

                    b87c38d093872d7be7e191f01107b39c87888a5a

                    SHA256

                    40ea2955391c9eae3e35619c4c24b5aaf3d17aeaa6d09424ee9672aa9372aeed

                    SHA512

                    8a050ebd392654ce5981af3d0bf99107bfa576529bce8325a7ccc46f92917515744026a2d0ea49afb72bbc4e4278638a0677c6596ad96b7019e47c250e438191

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\{B1F43802-02B5-40EA-80DB-F6AEBCF25F35}\{FBF70175-BB86-496A-900A-C5B9CEBCB13C}\VC_redist.x64.exe
                    Filesize

                    14.4MB

                    MD5

                    be433764fa9bbe0f2f9c654f6512c9e0

                    SHA1

                    b87c38d093872d7be7e191f01107b39c87888a5a

                    SHA256

                    40ea2955391c9eae3e35619c4c24b5aaf3d17aeaa6d09424ee9672aa9372aeed

                    SHA512

                    8a050ebd392654ce5981af3d0bf99107bfa576529bce8325a7ccc46f92917515744026a2d0ea49afb72bbc4e4278638a0677c6596ad96b7019e47c250e438191

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\~4039.tmp
                    Filesize

                    5KB

                    MD5

                    ee8b3e0c81956cdb3ab3495f7135d35d

                    SHA1

                    636c751936f84657720b9ba339c3947564896809

                    SHA256

                    2dc361411f8cbd865860dd9a6fbcf371dc3f69cb455d2a902d3c301fd89c636e

                    SHA512

                    93d613462fd00cedb9e654b165935c6c893642a35100f0670849e28833882bcb207797f8e4ec30208032909fb392023b72eaa926d7153ca4fc6c922a4456c769

                    Download Submit

                  • C:\Users\Public\Desktop\ACDSee Photo Studio Ultimate 2023.lnk~RFe67f4f1.TMP
                    Filesize

                    2KB

                    MD5

                    075952129d67b40e6ba18baaa63a8080

                    SHA1

                    c53b7fcd1395c7982811e05f9c6508377c060a6c

                    SHA256

                    952584a292bb8b2366ba1f8473d4278d555da14b52e04632b07935cc73b1de3c

                    SHA512

                    f2adafbfb575bf6a82007c705a3f04225f4d4af021d05ce37f08a454d007702b8370f252ca9d311544c48126e8d93e4f2896530342ada24b16bccc98d1bcc350

                    Download Submit

                  • C:\Users\Public\Desktop\~CDSee Photo Studio Ultimate 2023.tmp
                    Filesize

                    2KB

                    MD5

                    7184fd46433ef1d561723d688560ba5e

                    SHA1

                    6cefedcc6475fcef08038b277121bf04c2021975

                    SHA256

                    134c8fad1dfd404193aeb1aa409fb9abde4d9b8bafdb1a11a819052aacdded03

                    SHA512

                    d2b5765bcd18149bf2e54792478fe4edc616ba6e8f7b658d210e81eedc176f8d7ed86a3ce7c976b3772981eaa3a21fc0b5658b1c6d68d23b858564fbe9cf7468

                    Download Submit

                  • C:\Windows\DirectX.log
                    Filesize

                    3KB

                    MD5

                    0041eef923765200d6a3410813f00263

                    SHA1

                    3f38795149841aea550a014e149e5c6c6c8e6f44

                    SHA256

                    565c4d823bc89b9796b41e22d58d7577187fdc1ae656ec6f0c73a2ddc49956a7

                    SHA512

                    7d9247df398ccd2b167dacfc643b2e9fd57cf8e8cfe44d1845ea7c63a0ae989bef3ebb3a9274633211fa33f0d08f3a1247727518262ea4f7b481cb195f1b977d

                    Download Submit

                  • C:\Windows\DirectX.log
                    Filesize

                    3KB

                    MD5

                    0041eef923765200d6a3410813f00263

                    SHA1

                    3f38795149841aea550a014e149e5c6c6c8e6f44

                    SHA256

                    565c4d823bc89b9796b41e22d58d7577187fdc1ae656ec6f0c73a2ddc49956a7

                    SHA512

                    7d9247df398ccd2b167dacfc643b2e9fd57cf8e8cfe44d1845ea7c63a0ae989bef3ebb3a9274633211fa33f0d08f3a1247727518262ea4f7b481cb195f1b977d

                    Download Submit

                  • C:\Windows\DirectX.log
                    Filesize

                    4KB

                    MD5

                    fb8b4f379b1afdb133d0e484de9db881

                    SHA1

                    3ec65deda9c44c357d1d43345d4a27ec3dfdf982

                    SHA256

                    85013962348e4759bd1ed2e431e506153af246213dded0dd8d8bfee9e3b4941b

                    SHA512

                    fbfa91a82a15b9a5dc60cb53fed5fac3c68a65f0626fc4f8566094a1af8e8357f61406ce2f20cc1735f3ae6e582d53f6d6c0b0bd8f478d84bdc46dd5894c902b

                    Download Submit

                  • C:\Windows\Installer\MSI1E61.tmp
                    Filesize

                    5.3MB

                    MD5

                    75b4fa8f91fe33fb3f6dd458191c5041

                    SHA1

                    c70b6f92d3b95ff473adc3283282645077655ccf

                    SHA256

                    7aa1c52887ea83d7f43f0ef39f28587ffe4267a73db310882397293dd8059d80

                    SHA512

                    1c38c9dc4ceaea348b28ee559bd01c57ec5d620aa106e1c72e8d196c901ac2222f768475bae9065b571e9271b38e7d87da6bfe7be17f280f0394a0b1e55f64cc

                    Download Submit

                  • C:\Windows\Installer\MSI3615.tmp
                    Filesize

                    75KB

                    MD5

                    08c031fa82a09aae1079378669678fe6

                    SHA1

                    b109251d2fef08bd446be0c92369e6f11eb67093

                    SHA256

                    8764d060558a9d4ef24adb43201d5178033171a649ad497f79ce3b6cc8eda98a

                    SHA512

                    d133a7c02ee8e6e4a971ed4a6537c11cb58516a5ac0501672169805f7b97591d7cffd3a72133bd1df4b8d8a4f4965ddf324a83cd9be0d8af15e646a121e2ea4c

                    Download Submit

                  • C:\Windows\Installer\MSI4857.tmp
                    Filesize

                    75KB

                    MD5

                    6f8e3e4f72620bddc633f0175f47161e

                    SHA1

                    53ed75a208cc84f1a065e9e4ece356371cac0341

                    SHA256

                    2adf199f6baf245f0b07d31a3a1401d4262c3e6c98b8f10df923ceb2c937291e

                    SHA512

                    80187277e78f59b7ea71ed3caa55452e730d93b8c296d5820d470776a428cbb7e7fead87240e811436f85e4d89df2b9f31d6d16658d21abf59395cab7074a869

                    Download Submit

                  • C:\Windows\Installer\MSI9084.tmp
                    Filesize

                    329KB

                    MD5

                    5f44ff30dd2c5577f05e89939bb40ebd

                    SHA1

                    9851feab19bc568229b0f9d73f8fa0f847e5e012

                    SHA256

                    e06577c391e5478cc3582f125de19b9a0444a256a5dbe2ef19d36251bd8f9a27

                    SHA512

                    8e0722bf43f7dee4beb9dc72304a62cc567d358548ffa7c88c3f83581373ba2d6ccc02aae7038e5768565c9c5c7ab625954a6af0dc8bf7c78688de2a1099c5c7

                    Download Submit

                  • C:\Windows\Installer\e5e25b6.msi
                    Filesize

                    2.6MB

                    MD5

                    8dcf5c9eaacdaf4568220d103f393dea

                    SHA1

                    27f68596398b68ba048f95752b4eeb4aa013c23f

                    SHA256

                    53be81cc6e2dc95a1041e8f3d8f500fad4259ab20a1aac151b5fc7a64d354a93

                    SHA512

                    10f8ffb6fa5e7163f0a83190ddf211479f12e16635389b49ac041eceafd7f04c040d830065adc89b1003f38d8381851c09150a5bc8edced6ecae8ee5ae801088

                    Download Submit

                  • C:\Windows\Temp\{6036D7C7-A06D-4208-BDFD-7A70ADB3E170}\.cr\VC_redist.x64.exe
                    Filesize

                    632KB

                    MD5

                    94970fc3a8ed7b9de44f4117419ce829

                    SHA1

                    aa1292f049c4173e2ab60b59b62f267fd884d21a

                    SHA256

                    de1acbb1df68a39a5b966303ac1b609dde2688b28ebf3eba8d2adeeb3d90bf5e

                    SHA512

                    b17bd215b83bfa46512b73c3d9f430806ca3bea13bebde971e8edd972614e54a7ba3d6fc3439078cdfdaa7eeb1f3f9054bf03ed5c45b622b691b968d4ec0566f

                    Download Submit

                  • C:\Windows\Temp\{6036D7C7-A06D-4208-BDFD-7A70ADB3E170}\.cr\VC_redist.x64.exe
                    Filesize

                    632KB

                    MD5

                    94970fc3a8ed7b9de44f4117419ce829

                    SHA1

                    aa1292f049c4173e2ab60b59b62f267fd884d21a

                    SHA256

                    de1acbb1df68a39a5b966303ac1b609dde2688b28ebf3eba8d2adeeb3d90bf5e

                    SHA512

                    b17bd215b83bfa46512b73c3d9f430806ca3bea13bebde971e8edd972614e54a7ba3d6fc3439078cdfdaa7eeb1f3f9054bf03ed5c45b622b691b968d4ec0566f

                    Download Submit

                  • C:\Windows\Temp\{E930D76D-C0A3-45E4-B16D-265AC6A1CAD2}\.ba\logo.png
                    Filesize

                    1KB

                    MD5

                    d6bd210f227442b3362493d046cea233

                    SHA1

                    ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

                    SHA256

                    335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

                    SHA512

                    464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

                    Download Submit

                  • C:\Windows\Temp\{E930D76D-C0A3-45E4-B16D-265AC6A1CAD2}\.ba\wixstdba.dll
                    Filesize

                    191KB

                    MD5

                    eab9caf4277829abdf6223ec1efa0edd

                    SHA1

                    74862ecf349a9bedd32699f2a7a4e00b4727543d

                    SHA256

                    a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041

                    SHA512

                    45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

                    Download Submit

                  • memory/740-664-0x000002078F400000-0x000002078F420000-memory.dmp

                    Filesize

                    128KB

                    Download

                  • memory/740-662-0x000002078EF50000-0x000002078EF70000-memory.dmp

                    Filesize

                    128KB

                    Download

                  • memory/740-660-0x000002078EF90000-0x000002078EFB0000-memory.dmp

                    Filesize

                    128KB

                    Download

                  • memory/760-2656-0x00000000008F0000-0x00000000008F8000-memory.dmp

                    Filesize

                    32KB

                    Download

                  • memory/760-2659-0x0000000005250000-0x000000000525A000-memory.dmp

                    Filesize

                    40KB

                    Download

                  • memory/760-2657-0x0000000072690000-0x0000000072E40000-memory.dmp

                    Filesize

                    7.7MB

                    Download

                  • memory/760-2662-0x0000000072690000-0x0000000072E40000-memory.dmp

                    Filesize

                    7.7MB

                    Download

                  • memory/760-2658-0x00000000057F0000-0x0000000005D94000-memory.dmp

                    Filesize

                    5.6MB

                    Download

                  • memory/760-2660-0x0000000005260000-0x0000000005268000-memory.dmp

                    Filesize

                    32KB

                    Download

                  • memory/1160-362-0x000001DB88E60000-0x000001DB88E80000-memory.dmp

                    Filesize

                    128KB

                    Download

                  • memory/1160-364-0x000001DB88E20000-0x000001DB88E40000-memory.dmp

                    Filesize

                    128KB

                    Download

                  • memory/1160-365-0x000001DB88E40000-0x000001DB88E60000-memory.dmp

                    Filesize

                    128KB

                    Download

                  • memory/1160-368-0x000001DB891B0000-0x000001DB891D0000-memory.dmp

                    Filesize

                    128KB

                    Download

                  • memory/1256-2352-0x0000000000BE0000-0x0000000000C07000-memory.dmp

                    Filesize

                    156KB

                    Download

                  • memory/1256-2334-0x00000000006A0000-0x00000000006B5000-memory.dmp

                    Filesize

                    84KB

                    Download

                  • memory/1256-2336-0x0000000002490000-0x00000000026B7000-memory.dmp

                    Filesize

                    2.2MB

                    Download

                  • memory/1272-384-0x00000221C7790000-0x00000221C77B0000-memory.dmp

                    Filesize

                    128KB

                    Download

                  • memory/1272-388-0x00000221C8160000-0x00000221C8180000-memory.dmp

                    Filesize

                    128KB

                    Download

                  • memory/1272-386-0x00000221C7750000-0x00000221C7770000-memory.dmp

                    Filesize

                    128KB

                    Download

                  • memory/1668-286-0x000001514B8A0000-0x000001514B8C0000-memory.dmp

                    Filesize

                    128KB

                    Download

                  • memory/1668-290-0x000001514BA90000-0x000001514BAB0000-memory.dmp

                    Filesize

                    128KB

                    Download

                  • memory/1668-288-0x000001514B860000-0x000001514B880000-memory.dmp

                    Filesize

                    128KB

                    Download

                  • memory/2172-838-0x000001A8C41D0000-0x000001A8C41E0000-memory.dmp

                    Filesize

                    64KB

                    Download

                  • memory/2172-856-0x000001A8C41D0000-0x000001A8C41E0000-memory.dmp

                    Filesize

                    64KB

                    Download

                  • memory/2172-836-0x00007FFA77360000-0x00007FFA77E21000-memory.dmp

                    Filesize

                    10.8MB

                    Download

                  • memory/2172-859-0x00007FFA77360000-0x00007FFA77E21000-memory.dmp

                    Filesize

                    10.8MB

                    Download

                  • memory/2172-861-0x000001A8C41D0000-0x000001A8C41E0000-memory.dmp

                    Filesize

                    64KB

                    Download

                  • memory/2172-855-0x000001A8C4260000-0x000001A8C426A000-memory.dmp

                    Filesize

                    40KB

                    Download

                  • memory/2172-853-0x000001A8DD380000-0x000001A8DD3A2000-memory.dmp

                    Filesize

                    136KB

                    Download

                  • memory/2172-852-0x000001A8C41D0000-0x000001A8C41E0000-memory.dmp

                    Filesize

                    64KB

                    Download

                  • memory/2172-842-0x000001A8C4210000-0x000001A8C4218000-memory.dmp

                    Filesize

                    32KB

                    Download

                  • memory/2172-840-0x000001A8C41D0000-0x000001A8C41E0000-memory.dmp

                    Filesize

                    64KB

                    Download

                  • memory/2172-839-0x000001A8C41D0000-0x000001A8C41E0000-memory.dmp

                    Filesize

                    64KB

                    Download

                  • memory/2172-862-0x000001A8C41D0000-0x000001A8C41E0000-memory.dmp

                    Filesize

                    64KB

                    Download

                  • memory/2172-863-0x000001A8C41D0000-0x000001A8C41E0000-memory.dmp

                    Filesize

                    64KB

                    Download

                  • memory/2172-835-0x000001A8C41C0000-0x000001A8C41CC000-memory.dmp

                    Filesize

                    48KB

                    Download

                  • memory/2172-860-0x000001A8C41D0000-0x000001A8C41E0000-memory.dmp

                    Filesize

                    64KB

                    Download

                  • memory/2172-864-0x000001A8C41D0000-0x000001A8C41E0000-memory.dmp

                    Filesize

                    64KB

                    Download

                  • memory/2172-837-0x000001A8C41D0000-0x000001A8C41E0000-memory.dmp

                    Filesize

                    64KB

                    Download

                  • memory/2476-76-0x000001D2FB090000-0x000001D2FB0B0000-memory.dmp

                    Filesize

                    128KB

                    Download

                  • memory/2476-72-0x000001D2F9D70000-0x000001D2F9D90000-memory.dmp

                    Filesize

                    128KB

                    Download

                  • memory/2476-74-0x000001D2F9D30000-0x000001D2F9D50000-memory.dmp

                    Filesize

                    128KB

                    Download

                  • memory/2868-415-0x0000014A92680000-0x0000014A926A0000-memory.dmp

                    Filesize

                    128KB

                    Download

                  • memory/2868-411-0x0000014A92270000-0x0000014A92290000-memory.dmp

                    Filesize

                    128KB

                    Download

                  • memory/2868-409-0x0000014A922B0000-0x0000014A922D0000-memory.dmp

                    Filesize

                    128KB

                    Download

                  • memory/3008-574-0x000001F3BBE40000-0x000001F3BBE60000-memory.dmp

                    Filesize

                    128KB

                    Download

                  • memory/3008-576-0x000001FBBD450000-0x000001FBBD470000-memory.dmp

                    Filesize

                    128KB

                    Download

                  • memory/3008-572-0x000001F3BBE80000-0x000001F3BBEA0000-memory.dmp

                    Filesize

                    128KB

                    Download

                  • memory/3420-116-0x00000129D53C0000-0x00000129D53E0000-memory.dmp

                    Filesize

                    128KB

                    Download

                  • memory/3420-118-0x00000129D53A0000-0x00000129D53C0000-memory.dmp

                    Filesize

                    128KB

                    Download

                  • memory/3420-120-0x00000129D5320000-0x00000129D5340000-memory.dmp

                    Filesize

                    128KB

                    Download

                  • memory/3592-344-0x000001BE73B60000-0x000001BE73B80000-memory.dmp

                    Filesize

                    128KB

                    Download

                  • memory/3592-340-0x000001BE73B80000-0x000001BE73BA0000-memory.dmp

                    Filesize

                    128KB

                    Download

                  • memory/3592-342-0x000001BE73B40000-0x000001BE73B60000-memory.dmp

                    Filesize

                    128KB

                    Download

                  • memory/3592-346-0x000001BE73ED0000-0x000001BE73EF0000-memory.dmp

                    Filesize

                    128KB

                    Download

                  • memory/3864-2331-0x000002310F4B0000-0x000002310F4B1000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/4240-612-0x0000023197AD0000-0x0000023197AF0000-memory.dmp

                    Filesize

                    128KB

                    Download

                  • memory/4240-614-0x0000023197A90000-0x0000023197AB0000-memory.dmp

                    Filesize

                    128KB

                    Download

                  • memory/4240-616-0x00000231980A0000-0x00000231980C0000-memory.dmp

                    Filesize

                    128KB

                    Download

                  • memory/4380-632-0x000001357D0A0000-0x000001357D0C0000-memory.dmp

                    Filesize

                    128KB

                    Download

                  • memory/4380-634-0x000001357D060000-0x000001357D080000-memory.dmp

                    Filesize

                    128KB

                    Download

                  • memory/4380-638-0x000001357D680000-0x000001357D6A0000-memory.dmp

                    Filesize

                    128KB

                    Download

                  • memory/4708-321-0x000001D3C9E30000-0x000001D3C9E50000-memory.dmp

                    Filesize

                    128KB

                    Download

                  • memory/4708-323-0x000001D3CA240000-0x000001D3CA260000-memory.dmp

                    Filesize

                    128KB

                    Download

                  • memory/4708-319-0x000001D3C9E70000-0x000001D3C9E90000-memory.dmp

                    Filesize

                    128KB

                    Download

                  • memory/4720-95-0x000001D2FCA00000-0x000001D2FCA20000-memory.dmp

                    Filesize

                    128KB

                    Download

                  • memory/4720-97-0x000001D2FC9C0000-0x000001D2FC9E0000-memory.dmp

                    Filesize

                    128KB

                    Download

                  • memory/4720-98-0x000001D2FCDD0000-0x000001D2FCDF0000-memory.dmp

                    Filesize

                    128KB

                    Download

                  • memory/4856-1014-0x000001BB2A2C0000-0x000001BB2A2D0000-memory.dmp

                    Filesize

                    64KB

                    Download

                  • memory/4856-1011-0x00007FFA77360000-0x00007FFA77E21000-memory.dmp

                    Filesize

                    10.8MB

                    Download

                  • memory/4856-1035-0x000001BB2A2C0000-0x000001BB2A2D0000-memory.dmp

                    Filesize

                    64KB

                    Download

                  • memory/4856-1034-0x000001BB2A2C0000-0x000001BB2A2D0000-memory.dmp

                    Filesize

                    64KB

                    Download

                  • memory/4856-1033-0x000001BB2A2C0000-0x000001BB2A2D0000-memory.dmp

                    Filesize

                    64KB

                    Download

                  • memory/4856-1032-0x00007FFA77360000-0x00007FFA77E21000-memory.dmp

                    Filesize

                    10.8MB

                    Download

                  • memory/4856-1016-0x000001BB2A2C0000-0x000001BB2A2D0000-memory.dmp

                    Filesize

                    64KB

                    Download

                  • memory/4856-2329-0x00007FFA6B3D0000-0x00007FFA6BD37000-memory.dmp

                    Filesize

                    9.4MB

                    Download

                  • memory/4856-1012-0x000001BB2A2C0000-0x000001BB2A2D0000-memory.dmp

                    Filesize

                    64KB

                    Download

                  • memory/4856-2669-0x00007FFA77360000-0x00007FFA77E21000-memory.dmp

                    Filesize

                    10.8MB

                    Download

                  • memory/4856-1823-0x000001BB2A2C0000-0x000001BB2A2D0000-memory.dmp

                    Filesize

                    64KB

                    Download

                  • memory/4856-2644-0x00007FFA6B3D0000-0x00007FFA6BD37000-memory.dmp

                    Filesize

                    9.4MB

                    Download

                  • memory/4856-1013-0x000001BB2A2C0000-0x000001BB2A2D0000-memory.dmp

                    Filesize

                    64KB

                    Download

                  • memory/4856-1036-0x000001BB2A2C0000-0x000001BB2A2D0000-memory.dmp

                    Filesize

                    64KB

                    Download

                  • memory/4856-1038-0x000001BB2A2C0000-0x000001BB2A2D0000-memory.dmp

                    Filesize

                    64KB

                    Download

                  • memory/4856-1039-0x000001BB2AEB0000-0x000001BB2AEBE000-memory.dmp

                    Filesize

                    56KB

                    Download

                  • memory/4856-1040-0x000001BB2B290000-0x000001BB2B2AA000-memory.dmp

                    Filesize

                    104KB

                    Download

                  • memory/4856-1041-0x000001BB2A2C0000-0x000001BB2A2D0000-memory.dmp

                    Filesize

                    64KB

                    Download

                  • memory/4972-2604-0x000001A745B60000-0x000001A745C1F000-memory.dmp

                    Filesize

                    764KB

                    Download

                  • memory/4972-2592-0x000001A746350000-0x000001A7464F3000-memory.dmp

                    Filesize

                    1.6MB

                    Download