Malware Analysis Report

2024-10-19 06:53

Sample ID 240102-m4wrlaeehm
Target test.exe
SHA256 fe404c8344b09746442737bcc3ea63ec8bb38a6d96d3d549aafbcb5428efae7b
Tags
rat default asyncrat stealerium collection evasion ransomware spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

fe404c8344b09746442737bcc3ea63ec8bb38a6d96d3d549aafbcb5428efae7b

Threat Level: Known bad

The file test.exe was found to be: Known bad.

Malicious Activity Summary

rat default asyncrat stealerium collection evasion ransomware spyware stealer trojan

Modifies Windows Defender Real-time Protection settings

Async RAT payload

AsyncRat

Stealerium

Asyncrat family

Renames multiple (3150) files with added filename extension

Grants admin privileges

Async RAT payload

Executes dropped EXE

Reads user/profile data of web browsers

Windows security modification

Looks up external IP address via web service

Looks up geolocation information via web service

Accesses Microsoft Outlook profiles

Sets desktop wallpaper using registry

Launches sc.exe

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

Suspicious behavior: AddClipboardFormatListener

Suspicious use of SendNotifyMessage

Gathers system information

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Enumerates processes with tasklist

Modifies registry class

Suspicious use of FindShellTrayWindow

outlook_office_path

Delays execution with timeout.exe

Creates scheduled task(s)

Checks processor information in registry

Gathers network information

Uses Volume Shadow Copy service COM API

outlook_win_path

Suspicious use of AdjustPrivilegeToken

Runs net.exe

Uses Task Scheduler COM API

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-01-02 11:01

Signatures

Async RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A

Asyncrat family

asyncrat

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-01-02 11:01

Reported

2024-01-02 11:37

Platform

win11-20231215-en

Max time kernel

2125s

Max time network

2139s

Command Line

"C:\Users\Admin\AppData\Local\Temp\test.exe"

Signatures

AsyncRat

rat asyncrat

Modifies Windows Defender Real-time Protection settings

evasion trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection C:\Users\Admin\AppData\Roaming\kokot.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1" C:\Users\Admin\AppData\Roaming\kokot.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1" C:\Users\Admin\AppData\Roaming\kokot.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1" C:\Users\Admin\AppData\Roaming\kokot.exe N/A

Stealerium

stealer stealerium

Async RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Grants admin privileges

Renames multiple (3150) files with added filename extension

ransomware

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\kokot.exe N/A
N/A N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A

Reads user/profile data of web browsers

spyware stealer

Windows security modification

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender\Features\TamperProtection = "0" C:\Users\Admin\AppData\Roaming\kokot.exe N/A

Accesses Microsoft Outlook profiles

collection
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3213149797-706813642-929964373-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Roaming\kokot.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3213149797-706813642-929964373-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Roaming\kokot.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3213149797-706813642-929964373-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Roaming\kokot.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A icanhazip.com N/A N/A

Looks up geolocation information via web service

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3213149797-706813642-929964373-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oVcBLd9.png" C:\Users\Admin\AppData\Roaming\kokot.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2020.503.58.0_x64__8wekyb3d8bbwe\Assets\CameraAppList.targetsize-24_altform-unplated.png C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\[email protected] C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_f6f6f6_1x400.png C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.21012.10511.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-20_altform-lightunplated_contrast-white.png C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_1.0.22.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxBlockMap.xml C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2020.503.58.0_neutral_split.scale-200_8wekyb3d8bbwe\AppxBlockMap.xml C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.People_10.1909.12456.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\PeopleBadgeLogo.scale-125.png C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Advanced-Light.scale-200.png C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailBadge.scale-200.png C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\contrast-white\OutlookMailWideTile.scale-125.png C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\include\jawt.h C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.BingNews_1.0.6.0_x64__8wekyb3d8bbwe\Assets\AppTiles\NewsAppList.targetsize-40_altform-lightunplated.png C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2020.503.58.0_x64__8wekyb3d8bbwe\Assets\CameraAppList.targetsize-36.png C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_10.2102.13.0_x64__8wekyb3d8bbwe\Assets\contrast-black\NotepadStoreLogo.scale-100.png C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageStoreLogo.scale-200_contrast-white.png C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_1.0.36.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-32_contrast-white.png C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2012.21.0_x64__8wekyb3d8bbwe\Assets\Programmer.targetsize-24_contrast-black.png C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\hscroll-thumb.png C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\share_icons2x.png C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\equalizer_window.html C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.BingWeather_1.0.6.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherAppList.targetsize-24.png C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2104.12721.0_neutral_split.scale-125_8wekyb3d8bbwe\Images\splashscreen.scale-125_altform-colorful_theme-dark.png C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_12008.1001.1.0_x64__8wekyb3d8bbwe\Assets\AppTiles\StoreSplashScreen.scale-200_altform-colorful_theme-light.png C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Getstarted_10.2.41172.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\TipsMedTile.scale-125_contrast-black.png C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.PowerAutomateDesktop_1.0.65.0_x64__8wekyb3d8bbwe\Images\contrast-white\PowerAutomateWide310x150Logo.scale-125.png C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Windows.Photos_21.21030.25003.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-30_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailSplashLogo.scale-200.png C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_10.2102.13.0_x64__8wekyb3d8bbwe\Assets\contrast-black\NotepadAppList.targetsize-256_altform-lightunplated.png C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\ca\LC_MESSAGES\vlc.mo C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.bmp C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.40831.0_x64__8wekyb3d8bbwe\Assets\WideTile.scale-200.png C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\Images\Square44x44Logo.scale-150_contrast-black.png C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\pdf-ownership-no-text_2x.gif C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.BingWeather_1.0.6.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\WeatherAppList.targetsize-32_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\Theme_Illustration_Seasons_Summer_Thumbnail.jpg C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_1.0.22.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-30_altform-lightunplated_contrast-white.png C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_10.2102.13.0_x64__8wekyb3d8bbwe\Assets\ps1file.targetsize-24.png C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\OutlookMailLargeTile.scale-125.png C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\contrast-white\LinkedInboxBadge.scale-150.png C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\Images\Square150x150Logo.scale-150_contrast-black.png C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\master_preferences C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\deploy\[email protected] C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-140.png C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Paint_10.2104.17.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PaintAppList.targetsize-16_altform-lightunplated.png C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.ScreenSketch_11.2104.2.0_x64__8wekyb3d8bbwe\Assets\FileAssociation\FileAssociation.targetsize-16.png C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Getstarted_10.2.41172.0_x64__8wekyb3d8bbwe\Assets\TipsAppList.targetsize-36_altform-unplated.png C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.40978.0_x64__8wekyb3d8bbwe\AppxManifest.xml C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.ScreenSketch_11.2104.2.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SnipSketchAppList.targetsize-48.png C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Georgia.xml C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\pt_BR\LC_MESSAGES\vlc.mo C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\index.html C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.BingNews_1.0.6.0_x64__8wekyb3d8bbwe\Assets\AppTiles\NewsSmallTile.scale-200.png C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Getstarted_10.2.41172.0_x64__8wekyb3d8bbwe\Assets\TipsAppList.targetsize-30_altform-unplated.png C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\HxAccountsLargeTile.scale-100.png C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Yahoo-Dark.scale-250.png C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailAppList.targetsize-32.png C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN095.XML C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2104.12721.0_neutral_split.scale-100_8wekyb3d8bbwe\AppxBlockMap.xml C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\bg1a_thumb.png C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\EmptyCalendarSearch-Dark.scale-150.png C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\mosaic_window.html C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.BingNews_1.0.6.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\NewsAppList.targetsize-64_contrast-black.png C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.GamingApp_2105.900.24.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Xbox_MedTile.scale-100.png C:\Users\Admin\AppData\Roaming\kokot.exe N/A
File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\FetchingMail.scale-150.png C:\Users\Admin\AppData\Roaming\kokot.exe N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\system32\sc.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0 C:\Users\Admin\AppData\Roaming\kokot.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier C:\Users\Admin\AppData\Roaming\kokot.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\system32\schtasks.exe N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\timeout.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\system32\tasklist.exe N/A

Gathers network information

Description Indicator Process Target
N/A N/A C:\Windows\system32\ipconfig.exe N/A
N/A N/A C:\Windows\system32\NETSTAT.EXE N/A
N/A N/A C:\Windows\system32\ipconfig.exe N/A

Gathers system information

Description Indicator Process Target
N/A N/A C:\Windows\system32\systeminfo.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3213149797-706813642-929964373-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Runs net.exe

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\kokot.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\kokot.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\kokot.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\kokot.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\kokot.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\kokot.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\kokot.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\kokot.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\kokot.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\kokot.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\kokot.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\kokot.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\kokot.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\kokot.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\kokot.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\kokot.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\kokot.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\kokot.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\kokot.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\kokot.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\kokot.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\kokot.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\kokot.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\kokot.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\kokot.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\kokot.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\kokot.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\kokot.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\kokot.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\kokot.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\kokot.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\kokot.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\kokot.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\kokot.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\kokot.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\kokot.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\kokot.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\kokot.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\kokot.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\kokot.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\kokot.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\NETSTAT.EXE N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\DECRYPT.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\kokot.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1488 wrote to memory of 1388 N/A C:\Users\Admin\AppData\Local\Temp\test.exe C:\Windows\System32\cmd.exe
PID 1488 wrote to memory of 1388 N/A C:\Users\Admin\AppData\Local\Temp\test.exe C:\Windows\System32\cmd.exe
PID 1488 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\test.exe C:\Windows\system32\cmd.exe
PID 1488 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\test.exe C:\Windows\system32\cmd.exe
PID 1816 wrote to memory of 920 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe
PID 1816 wrote to memory of 920 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\timeout.exe
PID 1388 wrote to memory of 1836 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\schtasks.exe
PID 1388 wrote to memory of 1836 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\schtasks.exe
PID 1816 wrote to memory of 2060 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Roaming\kokot.exe
PID 1816 wrote to memory of 2060 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Roaming\kokot.exe
PID 2060 wrote to memory of 4364 N/A C:\Users\Admin\AppData\Roaming\kokot.exe C:\Windows\SYSTEM32\cmd.exe
PID 2060 wrote to memory of 4364 N/A C:\Users\Admin\AppData\Roaming\kokot.exe C:\Windows\SYSTEM32\cmd.exe
PID 4364 wrote to memory of 3504 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\systeminfo.exe
PID 4364 wrote to memory of 3504 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\systeminfo.exe
PID 2060 wrote to memory of 3432 N/A C:\Users\Admin\AppData\Roaming\kokot.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2060 wrote to memory of 3432 N/A C:\Users\Admin\AppData\Roaming\kokot.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2060 wrote to memory of 3480 N/A C:\Users\Admin\AppData\Roaming\kokot.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2060 wrote to memory of 3480 N/A C:\Users\Admin\AppData\Roaming\kokot.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 4364 wrote to memory of 1380 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\HOSTNAME.EXE
PID 4364 wrote to memory of 1380 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\HOSTNAME.EXE
PID 4364 wrote to memory of 4624 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\net.exe
PID 4364 wrote to memory of 4624 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\net.exe
PID 4624 wrote to memory of 1260 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 4624 wrote to memory of 1260 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 4364 wrote to memory of 5072 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\net.exe
PID 4364 wrote to memory of 5072 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\net.exe
PID 5072 wrote to memory of 4596 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 5072 wrote to memory of 4596 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 4364 wrote to memory of 1404 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\net.exe
PID 4364 wrote to memory of 1404 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\net.exe
PID 1404 wrote to memory of 1504 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 1404 wrote to memory of 1504 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 4364 wrote to memory of 2124 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\net.exe
PID 4364 wrote to memory of 2124 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\net.exe
PID 2124 wrote to memory of 5044 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 2124 wrote to memory of 5044 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 4364 wrote to memory of 3056 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\net.exe
PID 4364 wrote to memory of 3056 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\net.exe
PID 3056 wrote to memory of 1712 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 3056 wrote to memory of 1712 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 4364 wrote to memory of 1700 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\tasklist.exe
PID 4364 wrote to memory of 1700 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\tasklist.exe
PID 4364 wrote to memory of 1548 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\ipconfig.exe
PID 4364 wrote to memory of 1548 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\ipconfig.exe
PID 4364 wrote to memory of 2684 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\ROUTE.EXE
PID 4364 wrote to memory of 2684 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\ROUTE.EXE
PID 4364 wrote to memory of 2200 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\ARP.EXE
PID 4364 wrote to memory of 2200 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\ARP.EXE
PID 4364 wrote to memory of 2000 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\NETSTAT.EXE
PID 4364 wrote to memory of 2000 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\NETSTAT.EXE
PID 4364 wrote to memory of 4492 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\ipconfig.exe
PID 4364 wrote to memory of 4492 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\ipconfig.exe
PID 4364 wrote to memory of 4440 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\sc.exe
PID 4364 wrote to memory of 4440 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\sc.exe
PID 752 wrote to memory of 3924 N/A C:\Windows\system32\findstr.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 752 wrote to memory of 3924 N/A C:\Windows\system32\findstr.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 752 wrote to memory of 3924 N/A C:\Windows\system32\findstr.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 752 wrote to memory of 3924 N/A C:\Windows\system32\findstr.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 752 wrote to memory of 3924 N/A C:\Windows\system32\findstr.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 752 wrote to memory of 3924 N/A C:\Windows\system32\findstr.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 752 wrote to memory of 3924 N/A C:\Windows\system32\findstr.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 752 wrote to memory of 3924 N/A C:\Windows\system32\findstr.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 752 wrote to memory of 3924 N/A C:\Windows\system32\findstr.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 752 wrote to memory of 3924 N/A C:\Windows\system32\findstr.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy service COM API

ransomware

outlook_office_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3213149797-706813642-929964373-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Roaming\kokot.exe N/A

outlook_win_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3213149797-706813642-929964373-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Roaming\kokot.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\test.exe

"C:\Users\Admin\AppData\Local\Temp\test.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmpFA0F.tmp.bat""

C:\Windows\system32\schtasks.exe

schtasks /create /f /sc onlogon /rl highest /tn "kokot" /tr '"C:\Users\Admin\AppData\Roaming\kokot.exe"'

C:\Windows\system32\timeout.exe

timeout 3

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "kokot" /tr '"C:\Users\Admin\AppData\Roaming\kokot.exe"' & exit

C:\Users\Admin\AppData\Roaming\kokot.exe

"C:\Users\Admin\AppData\Roaming\kokot.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\SYSTEM32\cmd.exe

"cmd.exe"

C:\Windows\system32\systeminfo.exe

systeminfo

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"powershell" Get-MpPreference -verbose

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add - MpPreference - ExclusionExtension ".exe"

C:\Windows\system32\HOSTNAME.EXE

hostname

C:\Windows\system32\net.exe

net user

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 user

C:\Windows\system32\net.exe

net localgroup

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 localgroup

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 localgroup administrators

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 user guest

C:\Windows\system32\net.exe

net user guest

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 user administrator

C:\Windows\system32\tasklist.exe

tasklist /svc

C:\Windows\system32\net.exe

net user administrator

C:\Windows\system32\ipconfig.exe

ipconfig /all

C:\Windows\system32\net.exe

net localgroup administrators

C:\Windows\system32\ROUTE.EXE

route print

C:\Windows\system32\ARP.EXE

arp -a

C:\Windows\system32\NETSTAT.EXE

netstat -an

C:\Windows\system32\sc.exe

sc query type= service state= all

C:\Windows\system32\ipconfig.exe

ipconfig /displaydns

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3924.0.1715293837\1891697107" -parentBuildID 20221007134813 -prefsHandle 1772 -prefMapHandle 1792 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bfc40c47-ecf2-4970-8f55-83af53edef50} 3924 "\\.\pipe\gecko-crash-server-pipe.3924" 1900 1e9713fba58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3924.1.700307597\654403217" -parentBuildID 20221007134813 -prefsHandle 2264 -prefMapHandle 2260 -prefsLen 20783 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0176bd43-eda5-4a4a-b7e4-122529bcb779} 3924 "\\.\pipe\gecko-crash-server-pipe.3924" 2276 1e964fe5458 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3924.2.1818330719\1200695605" -childID 1 -isForBrowser -prefsHandle 3164 -prefMapHandle 3076 -prefsLen 20886 -prefMapSize 233444 -jsInitHandle 1060 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {50b86135-11f4-4729-b17b-ffeb04ac7867} 3924 "\\.\pipe\gecko-crash-server-pipe.3924" 3188 1e971362558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3924.4.365158455\2045775373" -childID 3 -isForBrowser -prefsHandle 3660 -prefMapHandle 3656 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1060 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fdc3f6ad-314c-4f14-8eb2-857a69089d7f} 3924 "\\.\pipe\gecko-crash-server-pipe.3924" 3668 1e964f64458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3924.3.438297247\677495125" -childID 2 -isForBrowser -prefsHandle 988 -prefMapHandle 1596 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1060 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {303dc0c7-8407-4407-8230-83cd064b9e42} 3924 "\\.\pipe\gecko-crash-server-pipe.3924" 2664 1e964f6ca58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3924.7.797998680\1445835959" -childID 6 -isForBrowser -prefsHandle 5340 -prefMapHandle 2720 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1060 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1d9f7a3-08d2-4c9e-8b03-d9a17aafa87b} 3924 "\\.\pipe\gecko-crash-server-pipe.3924" 5376 1e978016f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3924.6.9046013\426847000" -childID 5 -isForBrowser -prefsHandle 5176 -prefMapHandle 5320 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1060 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9c19704-e8e4-4b07-b593-4e3e3c60f5fd} 3924 "\\.\pipe\gecko-crash-server-pipe.3924" 5292 1e975e76e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3924.5.1747401357\556505879" -childID 4 -isForBrowser -prefsHandle 5208 -prefMapHandle 5204 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1060 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2da633e7-511e-4e01-9ebe-002f55646b3c} 3924 "\\.\pipe\gecko-crash-server-pipe.3924" 5068 1e97886d258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3924.8.677387252\2018454071" -childID 7 -isForBrowser -prefsHandle 2840 -prefMapHandle 2836 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1060 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {230e064b-8f38-419e-90e5-5de382551f6d} 3924 "\\.\pipe\gecko-crash-server-pipe.3924" 3216 1e9794fd358 tab

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\netsh.exe

netsh wlan show profile

C:\Windows\SYSTEM32\cmd.exe

"cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All

C:\Windows\system32\findstr.exe

findstr All

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\netsh.exe

netsh wlan show networks mode=bssid

C:\Windows\SYSTEM32\cmd.exe

"cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3924.9.1241737574\168311940" -childID 8 -isForBrowser -prefsHandle 3528 -prefMapHandle 3448 -prefsLen 27335 -prefMapSize 233444 -jsInitHandle 1060 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dcf51ff1-8885-44cc-a00b-05bba6549aad} 3924 "\\.\pipe\gecko-crash-server-pipe.3924" 3520 1e9735a0858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3924.12.1877553508\991033660" -childID 11 -isForBrowser -prefsHandle 9968 -prefMapHandle 9964 -prefsLen 27335 -prefMapSize 233444 -jsInitHandle 1060 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc2b7d94-d359-4ea7-a83d-cff96312327e} 3924 "\\.\pipe\gecko-crash-server-pipe.3924" 9976 1e979582458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3924.11.1045263135\922201443" -childID 10 -isForBrowser -prefsHandle 3880 -prefMapHandle 984 -prefsLen 27335 -prefMapSize 233444 -jsInitHandle 1060 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {01393203-3edf-4c9b-a815-7d97bb61b483} 3924 "\\.\pipe\gecko-crash-server-pipe.3924" 3464 1e979581e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3924.10.70617624\1705468543" -childID 9 -isForBrowser -prefsHandle 6004 -prefMapHandle 10276 -prefsLen 27335 -prefMapSize 233444 -jsInitHandle 1060 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {05eccc0f-2d9e-4b57-b586-f7ad335feeb4} 3924 "\\.\pipe\gecko-crash-server-pipe.3924" 4696 1e97360be58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3924.13.630101143\1526030983" -childID 12 -isForBrowser -prefsHandle 2692 -prefMapHandle 4920 -prefsLen 27335 -prefMapSize 233444 -jsInitHandle 1060 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {493d3356-ca80-4053-958c-981b2503f42d} 3924 "\\.\pipe\gecko-crash-server-pipe.3924" 10260 1e97360c758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3924.14.316398948\794989204" -childID 13 -isForBrowser -prefsHandle 9612 -prefMapHandle 9592 -prefsLen 27335 -prefMapSize 233444 -jsInitHandle 1060 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c2111f9-b902-4626-9534-9cc83a6bc0fa} 3924 "\\.\pipe\gecko-crash-server-pipe.3924" 9624 1e9735a3b58 tab

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Users\Admin\Desktop\DECRYPT.exe

"C:\Users\Admin\Desktop\DECRYPT.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 146.177.190.20.in-addr.arpa udp
CZ 146.70.129.19:38371 tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 19.129.70.146.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
GB 142.250.200.4:443 tcp
GB 142.250.200.4:443 udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 4.200.250.142.in-addr.arpa udp
CZ 146.70.129.19:38371 tcp
US 151.101.2.219:443 tcp
US 151.101.2.219:443 tcp
US 151.101.2.219:443 tcp
US 151.101.2.219:443 tcp
US 151.101.2.219:443 tcp
US 151.101.2.219:443 tcp
US 151.101.2.219:443 tcp
US 34.149.100.209:443 tcp
US 2.16.153.162:443 cdn.ziffstatic.com tcp
US 8.8.8.8:53 162.153.16.2.in-addr.arpa udp
US 34.160.144.191:443 tcp
DE 108.156.255.65:443 d1ykf07e75w7ss.cloudfront.net tcp
GB 142.250.178.2:443 www.googletagservices.com tcp
US 2.16.153.162:443 udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 65.255.156.108.in-addr.arpa udp
GB 142.250.178.2:443 www.googletagservices.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
AT 92.123.26.89:443 e96286.g.akamaiedge.net tcp
US 104.18.131.236:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 172.64.155.119:443 geolocation.onetrust.com tcp
US 8.8.8.8:53 119.155.64.172.in-addr.arpa udp
DE 108.156.255.65:443 d1ykf07e75w7ss.cloudfront.net tcp
IE 52.208.0.100:443 zdbb.net tcp
US 52.207.0.52:443 gurgle.speedtest.net tcp
DE 108.156.255.65:443 d1ykf07e75w7ss.cloudfront.net tcp
GB 142.250.187.194:443 securepubads.g.doubleclick.net tcp
GB 96.16.109.9:443 ads.pubmatic.com tcp
US 52.207.0.52:443 gurgle.speedtest.net tcp
GB 142.250.187.194:443 securepubads.g.doubleclick.net udp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.244.181.201:443 aus5.mozilla.org tcp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
GB 142.250.180.14:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.180.14:443 redirector.gvt1.com tcp
US 8.8.8.8:53 209.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 icanhazip.com udp
US 104.18.115.97:80 icanhazip.com tcp
DE 74.125.162.134:443 tcp
US 34.117.237.239:443 tcp
US 8.8.8.8:53 jogger.zdbb.net udp
US 8.8.8.8:53 cdn.static.zdbb.net udp
US 8.8.8.8:53 tags.bkrtx.com udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
DE 108.157.4.57:443 config.aps.amazon-adsystem.com tcp
US 8.8.8.8:53 b.cdnst.net udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 104.18.202.232:443 tcp
US 8.8.8.8:53 e96286.g.akamaiedge.net udp
DE 108.157.4.57:443 config.aps.amazon-adsystem.com tcp
US 8.8.8.8:53 dualstack.zd.map.fastly.net udp
US 8.8.8.8:53 dualstack.zd.map.fastly.net udp
US 8.8.8.8:53 cdn.krxd.net udp
FR 52.222.192.64:443 aax.amazon-adsystem.com tcp
US 151.101.2.133:443 cdn.krxd.net tcp
US 8.8.8.8:53 cdn.hadronid.net udp
US 8.8.8.8:53 ib.adnxs-simple.com udp
US 8.8.8.8:53 htlb.casalemedia.com udp
DE 108.157.4.70:443 tags.crwdcntrl.net tcp
NL 213.19.162.91:443 fastlane.rubiconproject.com tcp
NL 213.19.162.91:443 fastlane.rubiconproject.com tcp
NL 213.19.162.91:443 fastlane.rubiconproject.com tcp
NL 213.19.162.91:443 fastlane.rubiconproject.com tcp
NL 213.19.162.91:443 fastlane.rubiconproject.com tcp
DE 108.157.4.70:443 tags.crwdcntrl.net tcp
FR 178.250.1.8:443 bidder.criteo.com tcp
US 8.8.8.8:53 c2shb.pubgw.yahoo.com udp
DE 35.157.246.167:443 ssp-ats-prod-eu-central-1.one-mobile-prod.aws.oath.cloud tcp
DE 35.157.246.167:443 ssp-ats-prod-eu-central-1.one-mobile-prod.aws.oath.cloud tcp
DE 35.157.246.167:443 ssp-ats-prod-eu-central-1.one-mobile-prod.aws.oath.cloud tcp
DE 35.157.246.167:443 ssp-ats-prod-eu-central-1.one-mobile-prod.aws.oath.cloud tcp
DE 35.157.246.167:443 ssp-ats-prod-eu-central-1.one-mobile-prod.aws.oath.cloud tcp
US 8.8.8.8:53 api.mylnikov.org udp
US 8.8.8.8:53 rtb.openx.net udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 104.21.44.66:443 api.mylnikov.org tcp
US 8.8.8.8:53 64.192.222.52.in-addr.arpa udp
US 8.8.8.8:53 133.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 91.162.19.213.in-addr.arpa udp
US 8.8.8.8:53 70.4.157.108.in-addr.arpa udp
US 8.8.8.8:53 167.246.157.35.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 8.1.250.178.in-addr.arpa udp
GB 185.64.190.77:443 hbopenbid-lhrc.pubmnet.com tcp
GB 23.207.215.130:443 e5529.g.akamaiedge.net tcp
US 3.94.42.93:443 jogger.zdbb.net tcp
DE 18.153.57.22:443 btlr.sharethrough.com tcp
DE 18.153.57.22:443 btlr.sharethrough.com tcp
DE 18.153.57.22:443 btlr.sharethrough.com tcp
DE 18.153.57.22:443 btlr.sharethrough.com tcp
DE 18.153.57.22:443 btlr.sharethrough.com tcp
US 35.227.252.103:443 rtb.openx.net tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
GB 185.64.190.77:443 hbopenbid-lhrc.pubmnet.com tcp
GB 23.207.215.130:443 e5529.g.akamaiedge.net tcp
US 3.94.42.93:443 jogger.zdbb.net tcp
DE 18.153.57.22:443 btlr.sharethrough.com tcp
DE 18.153.57.22:443 btlr.sharethrough.com tcp
DE 18.153.57.22:443 btlr.sharethrough.com tcp
DE 18.153.57.22:443 btlr.sharethrough.com tcp
DE 18.153.57.22:443 btlr.sharethrough.com tcp
US 35.227.252.103:443 rtb.openx.net tcp
US 172.67.38.106:443 cdn.id5-sync.com tcp
NL 185.64.189.226:443 t.pubmatic.com tcp
GB 93.113.26.250:8080 speedtest.thn.lon.network.as201838.net.prod.hosts.ooklaserver.net tcp
GB 45.92.46.45:8080 speedtest-1.london.network.youfibre.com.prod.hosts.ooklaserver.net tcp
GB 95.87.111.214:8080 lon.host.speedtest.net.prod.hosts.ooklaserver.net tcp
GB 31.22.12.17:8080 speedtest.swishfibre.com.prod.hosts.ooklaserver.net tcp
US 104.22.53.173:443 cdn.hadronid.net tcp
DE 37.252.171.52:443 ib.adnxs-simple.com tcp
GB 188.94.45.252:8080 speedtest.noone.co.uk.prod.hosts.ooklaserver.net tcp
AO 185.148.112.227:8080 londres.speedtest.angolacables.co.ao.prod.hosts.ooklaserver.net tcp
GB 94.101.144.102:8080 speedtestlon.orbital.net.prod.hosts.ooklaserver.net tcp
US 8.8.8.8:53 t.pubmatic.com udp
GB 185.131.10.12:8080 speedtest.as203416.net.prod.hosts.ooklaserver.net tcp
US 216.239.32.36:443 region1.google-analytics.com udp
US 172.67.38.106:443 cdn.id5-sync.com tcp
US 104.22.53.173:443 cdn.hadronid.net tcp
DE 37.252.171.52:443 ib.adnxs-simple.com tcp
US 8.8.8.8:53 66.44.21.104.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 103.252.227.35.in-addr.arpa udp
US 8.8.8.8:53 22.57.153.18.in-addr.arpa udp
US 8.8.8.8:53 130.215.207.23.in-addr.arpa udp
GB 93.113.26.250:8080 speedtest.thn.lon.network.as201838.net.prod.hosts.ooklaserver.net tcp
US 8.8.8.8:53 lon.host.speedtest.net.prod.hosts.ooklaserver.net udp
NL 185.64.189.226:443 t.pubmatic.com tcp
US 8.8.8.8:53 speedtest.swishfibre.com.prod.hosts.ooklaserver.net udp
GB 45.92.46.45:8080 speedtest-1.london.network.youfibre.com tcp
GB 31.22.12.17:8080 speedtest.swishfibre.com.prod.hosts.ooklaserver.net tcp
US 8.8.8.8:53 londres.speedtest.angolacables.co.ao.prod.hosts.ooklaserver.net udp
GB 95.87.111.214:8080 lon.host.speedtest.net.prod.hosts.ooklaserver.net tcp
GB 188.94.45.252:8080 speedtest.noone.co.uk.prod.hosts.ooklaserver.net tcp
GB 94.101.144.102:8080 speedtestlon.orbital.net.prod.hosts.ooklaserver.net tcp
AO 185.148.112.227:8080 londres.speedtest.angolacables.co.ao.prod.hosts.ooklaserver.net tcp
US 8.8.8.8:53 static.criteo.net udp
GB 185.131.10.12:8080 speedtest.as203416.net.prod.hosts.ooklaserver.net tcp
FR 178.250.7.2:443 static.criteo.net tcp
US 8.8.8.8:53 speedtest.thn.lon.network.as201838.net udp
GB 173.222.13.68:443 stags.bluekai.com tcp
FR 178.250.7.2:443 static.criteo.net tcp
IE 54.246.43.192:443 bcp.crwdcntrl.net tcp
GB 173.222.13.68:443 stags.bluekai.com tcp
US 8.8.8.8:53 106.38.67.172.in-addr.arpa udp
US 8.8.8.8:53 173.53.22.104.in-addr.arpa udp
US 8.8.8.8:53 52.171.252.37.in-addr.arpa udp
US 8.8.8.8:53 250.26.113.93.in-addr.arpa udp
US 8.8.8.8:53 17.12.22.31.in-addr.arpa udp
US 8.8.8.8:53 93.42.94.3.in-addr.arpa udp
US 8.8.8.8:53 252.45.94.188.in-addr.arpa udp
US 8.8.8.8:53 102.144.101.94.in-addr.arpa udp
US 8.8.8.8:53 12.10.131.185.in-addr.arpa udp
US 8.8.8.8:53 227.112.148.185.in-addr.arpa udp
US 8.8.8.8:53 2.7.250.178.in-addr.arpa udp
US 8.8.8.8:53 192.43.246.54.in-addr.arpa udp
US 8.8.8.8:53 speedtest.swishfibre.com udp
US 8.8.8.8:53 id.hadron.ad.gt udp
US 104.22.4.69:443 id.hadron.ad.gt tcp
US 104.22.4.69:443 id.hadron.ad.gt tcp
US 8.8.8.8:53 45.46.92.45.in-addr.arpa udp
GB 51.148.82.21:8080 speedtest02a.web.zen.net.uk.prod.hosts.ooklaserver.net tcp
GB 50.7.152.4:8080 lg-lon.fdcservers.net tcp
GB 51.148.82.21:8080 speedtest02a.web.zen.net.uk.prod.hosts.ooklaserver.net tcp
GB 50.7.152.4:8080 lg-lon.fdcservers.net tcp
US 8.8.8.8:53 a.ad.gt udp
US 8.8.8.8:53 speedtestlon.orbital.net udp
US 8.8.8.8:53 69.4.22.104.in-addr.arpa udp
US 8.8.8.8:53 21.82.148.51.in-addr.arpa udp
US 8.8.8.8:53 214.111.87.95.in-addr.arpa udp
US 8.8.8.8:53 4.152.7.50.in-addr.arpa udp
US 8.8.8.8:53 u.openx.net udp
US 35.244.159.8:443 u.openx.net tcp
US 92.123.242.2:443 eus.rubiconproject.com tcp
US 8.8.8.8:53 8.159.244.35.in-addr.arpa udp
US 8.8.8.8:53 2.242.123.92.in-addr.arpa udp
US 8.8.8.8:53 static.fr3.vip.prod.criteo.net udp
US 35.244.159.8:443 u.openx.net udp
US 104.18.38.76:443 js-sec.indexww.com tcp
US 8.8.8.8:53 js-sec.indexww.com udp
US 8.8.8.8:53 234.23.67.172.in-addr.arpa udp
US 8.8.8.8:53 a.ad.gt.cdn.cloudflare.net udp
FR 178.250.7.2:443 static.fr3.vip.prod.criteo.net tcp
FR 178.250.1.11:443 gum.criteo.com tcp
FR 178.250.1.11:443 gum.criteo.com tcp
NL 213.19.162.80:443 tcp
US 208.95.112.1:80 tcp
N/A 127.0.0.1:50055 tcp
N/A 127.0.0.1:50061 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 34.160.144.191:443 tcp
N/A 52.13.8.30:443 tcp
US 34.117.237.239:443 tcp
N/A 52.13.8.30:443 tcp
US 34.149.100.209:443 tcp
US 172.67.23.234:443 id.hadron.ad.gt.cdn.cloudflare.net tcp
US 8.8.8.8:53 udp
N/A 151.101.194.219:80 tcp
N/A 151.101.194.219:80 tcp
US 34.149.100.209:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
GB 142.250.180.14:443 udp
US 8.8.8.8:53 udp
DE 74.125.162.134:443 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
US 34.117.237.239:443 contile.services.mozilla.com tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
US 8.8.8.8:53 i.imgur.com udp
US 199.232.168.193:443 i.imgur.com tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
US 44.237.196.225:443 locprod2-elb-us-west-2.prod.mozaws.net tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
US 8.8.8.8:53 58.99.105.20.in-addr.arpa udp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp
CZ 146.70.129.19:38371 tcp

Files

memory/1488-0-0x00000000009B0000-0x00000000009C6000-memory.dmp

memory/1488-1-0x00007FF931F60000-0x00007FF932A22000-memory.dmp

memory/1488-2-0x000000001B7B0000-0x000000001B7C0000-memory.dmp

memory/1488-3-0x00007FF952D20000-0x00007FF952F29000-memory.dmp

memory/1488-8-0x00007FF931F60000-0x00007FF932A22000-memory.dmp

memory/1488-10-0x00007FF952D20000-0x00007FF952F29000-memory.dmp

memory/2060-14-0x00007FF931B90000-0x00007FF932652000-memory.dmp

memory/2060-15-0x000000001AF70000-0x000000001AF80000-memory.dmp

memory/2060-16-0x00007FF952D20000-0x00007FF952F29000-memory.dmp

memory/2060-19-0x00007FF931B90000-0x00007FF932652000-memory.dmp

memory/2060-20-0x000000001AF70000-0x000000001AF80000-memory.dmp

memory/2060-21-0x00007FF952D20000-0x00007FF952F29000-memory.dmp

memory/2060-23-0x00000000024B0000-0x00000000024E4000-memory.dmp

memory/2060-22-0x000000001C2D0000-0x000000001C346000-memory.dmp

memory/2060-24-0x000000001AEE0000-0x000000001AEFE000-memory.dmp

memory/2060-25-0x000000001D600000-0x000000001DACC000-memory.dmp

memory/2060-26-0x00000000009F0000-0x0000000000A22000-memory.dmp

memory/2060-27-0x0000000000A70000-0x0000000000AA0000-memory.dmp

memory/2060-28-0x0000000000AA0000-0x0000000000ABC000-memory.dmp

memory/2060-29-0x000000001C3C0000-0x000000001C3F4000-memory.dmp

memory/3432-39-0x00007FF931B90000-0x00007FF932652000-memory.dmp

memory/3432-41-0x0000020E39610000-0x0000020E39620000-memory.dmp

memory/3432-40-0x0000020E39610000-0x0000020E39620000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_rjsqlynp.sju.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/2060-44-0x0000000000AC0000-0x0000000000AE4000-memory.dmp

memory/3432-30-0x0000020E51D60000-0x0000020E51D82000-memory.dmp

memory/3432-65-0x0000020E39610000-0x0000020E39620000-memory.dmp

memory/3432-116-0x00007FF931B90000-0x00007FF932652000-memory.dmp

memory/3480-169-0x000001E06D710000-0x000001E06D720000-memory.dmp

memory/3480-166-0x00007FF931B90000-0x00007FF932652000-memory.dmp

memory/3480-209-0x000001E06D710000-0x000001E06D720000-memory.dmp

memory/3480-275-0x00007FF931B90000-0x00007FF932652000-memory.dmp

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

MD5 442fe3b9a020543cf19eeb5677b000f5
SHA1 1ba0111e8e48940262fc7eebf9b4bd814ca18b83
SHA256 5bea1051069d65fb7c386b4716abbab8faed8e66c75a19a2d3cd5b5cfec1d2bc
SHA512 56e5b47fcbecf1f2b1b7ce57999ef8b9c8938f302d84bcef08b53985e3d209add4b8ae49656b6069dd89dc62b66457743a0eadcac47a43ec2c09a2bf112a2484

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 d6ffc674bd3d2e2ea51e8b94889171b7
SHA1 2589a3b7a0e1b4fc3a3679a5af96a011c857c1aa
SHA256 cdec340c460601e9724366086bfa87f7774fcca12764215036b4e261c2543f82
SHA512 17b01aa3147df37d5a045099c0a01bf287d1dd6af01b6c92b707a103b1d7761f88c39f7630eab76120f2d28add716f9ed20545b45f61f0421532547142c10eb3

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 6527a85489d32a1b9a5500161818a74e
SHA1 449ebf2a3e959fe3fe7ac9b6570b68d19006f94c
SHA256 abfb07ff25aced8b4157bdf696f3dcd12a422ecc1c3ee894408fbf4894e51c55
SHA512 98d0e8d53a13c6763b86db319ce441161d0324aa2b8247ae7dcb5be83707ef13c5643e9cd64475ee66ea3de9cb3e4b3121db4a897d074b7fb7a3ca2939d7d5d1

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 45c02b753ff1595582e7100d4d9ad506
SHA1 d6aedcd299a3406cf8aba8c240b573a8cd381086
SHA256 eca14dc83bd7b80358a806b8a9e52e3e4c1989507049234f988eb3fc196fc30a
SHA512 6ed07cbe41edeeca47e0aa41575e55fa125e2e69e7fc560570e48d7f9ee04b996629b141a9143cbe7f5fcd37c45ae1b4c417a5d73ee2c9f9757fa3c60b854226

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 0c75993da4beb5348706157cac9e3e89
SHA1 95afb28b1916f2a2eab272e063c6fc845c2d0678
SHA256 8102e33e122bedf6fe51d79d1a12c1c02300d95eab8c38b0a11a45819c6c8f64
SHA512 eea1b7e19281bb0bea207d958446b43c89123d57540691dff8fcb0cc95e2832f3a07b53df8a4a1b697f3b83a3d29c13d1a6ef854a1cf74962f7a83bc13c933ab

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 0e11eee4386806ac40b9212fb6d16fab
SHA1 c5146210ae929914c021034a1b11a17f58f431ed
SHA256 ce257ea64026b7466ed436ad4c11bc239e6e90c654ad0fedebc82dcdb569c470
SHA512 db7703b6c0fe74c9e3598dfed8cef9fe08f85abe2798cf7223adcc29075bd53d5db31ca0f494e7f859149e9954ee7d99ef01685692c94275afeaad831d946f89

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 3706abd75ccbe9d7308f0bb7e6d22e0b
SHA1 56fc59af6451f8145e8229a10b86a734ff17b82d
SHA256 9f7bf4749b8935cc02d6ab0cf6667b6b67411104eb6b39c588c29966717f5fa4
SHA512 7badfba203cdfed7f772e98557f39b59a97b911fb20bd9ddec18814f0a01f717cc89eeab67c246512a47dcb827d7bf1e8436871e1b33f1466d9ee6b53e22f0d2

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 a00e076630316bbd84225293bca46c46
SHA1 6b4a0900b969120c6fab4b027f50b9044c7caa42
SHA256 ad866fc101c6e8ab649bf3c14823c4461b5b4a810def015a24dd64b32266bada
SHA512 742d6d9372bb907c1b88eace7b0086b3ed44ea30cf631f4958d2e0efcbcc748de12cd9d93d6efdcb0f116b2190e29d5d34e9bb2d943e50042144b35a28a83788

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 f128531bdd96eb41f5e9a53663f5ee41
SHA1 5e80dcaa12f62e6d315d658a0b2daf036c212e82
SHA256 25b2dc3f750bcd88d85ebaca56db70bea5887b8684b25c2548ad08035c02b7a4
SHA512 2e8b0c60c20feeae39e92c2fec1a8777d33f5055f627e16412464a04117f39cc6237da77861e5f80b31d5069eb2f337f975a035ad8b6894ba04096d7909bf825

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 ae3cf7121c9bee0b9678cbf7f6c13a4a
SHA1 d764387b6107995143698af5048cb076f09fb0f9
SHA256 0df8115f47c7a5d2bbf29558a595cb6936ca06b72a69db493901bf366c3f4371
SHA512 604de703288f2989d80b1a3d2d7e587317687c4932cee31bf0a9c8b400da38bba8b4f3db6213a6653f7f632f9ade579cc5507e34730156ba1a3e06c69e185b9f

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 2814ff68315e243f651869b6554bc96c
SHA1 872356088e46ddb59f362a887bc1cd84a2779844
SHA256 2cec6f700720bb3525547cc6069c07fd7da3dd483c6d82ca4ff79b4833519ba7
SHA512 e2676ea3dd58877afdcc3585aa22fcfcec0286bfb1d6e14868256d0b4124178ad67b99fee8be02cafb84df5e4dfaa54cbb992dd533383dfc8306311b0b6e9e82

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 b51a39214b0f36f86c3d0732b303f08e
SHA1 8de7fed9e2b629d701b718ef5c5a98962a403a8a
SHA256 514bbe681cbf713788b0f0cb4e9b6fb32da5725747ecac646b0ad1e017c96c59
SHA512 f382b4e6c39a406f79ded0b892cf3762c5ebbc35dd79a11683d444dea36f0cfbe29cbfe5cae7f00d8aa65ff142c4398649ba98c1a8f21d5039658101fa07f9bc

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 c46ce89bc795c2f84e8c5204bb1e97ad
SHA1 6a62dfdf7f393150863b31cd26df6bc8bb05ca30
SHA256 681fbcd18b91271cd4541cd273dc9e3989be915d7428f9240c393a7a8deacf7c
SHA512 9708b69403327837b0093c25b0c2ea8e309ab35aaf123400e2e3ce0f5e6ba8f342bbb836877f8e107ee79883ff9c0cde6126c11e28f28054e0a367eb0c9f867e

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 c5b53843bc7352a789a01f247f1366fb
SHA1 71e0d48d0e3ff99ab02d4b12d8fda37a4d79db87
SHA256 5f641789346702aee5baacd6865e06ea2df6ec0660366cc5ec05a35ee80a6b0b
SHA512 2b260228ecca5bf1b89cacc740ee3444aa0df46d764d7d834a9ebdeb0d25a84ead26b2d4f6e8288a51344f00e05bf359b03ad3c7de8038e8f1dae33a8d08241e

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 63fe9f72a84172bc1c5e0510f49c2f57
SHA1 a4eca984e90657bebf45c29e47ec545dc5ac9774
SHA256 e4078e8685704f82a0320284277dbe62ee61a8d7bb10938a935789641dfdadab
SHA512 c2691691201ec095a7502380c76f1deec123bb2ac48a442dc4a833869862407ca7fce039413a707c49ee2f96e8259caa9f7ee7ba4019746acaf13f9e38d6fd61

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 5e0d4cfb52f0a445f933c4a9ceabb4cb
SHA1 a99ab3cb2103cf97c3aa766c13d8dbe5d863f553
SHA256 7fa6167b83e3714e50f1337a7d322477ad1b5640265d53de046505d7277f8281
SHA512 004f4f8b6611b16d4ce912d566b83d7f3a1de063796bc3b85c9160d3e5188198a1d1be98336b94ef630a18921023d2f810c4e47719a91eddc5b29ee3bbbb83e9

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 bafee089c0db6f51ae914d4677e3c5dd
SHA1 4f98a993329368d66274758077a7dd9a729e0e73
SHA256 90952116387af724761a76410ab0f7c8df813e197d43b1f030c8209aca229d5f
SHA512 0bfdc0a9abec6dd2f1e80f7a960cc266f0065e92d78eb4d3c4464c1e93eaf1c10dea2099596b087dc39644117552dc1832cf67ac7129e43c0a50d85faebf9470

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 b38822f28927085289f256253bb29c3d
SHA1 339f68f04b899b81bfebb0bae1023933cf4271e7
SHA256 c1839b37113c7801364df922e3570ffdc302879b4871dd654c2ce136180248f7
SHA512 7dad96667da85ca8e8df95d51a468070041129873d7709705ea96583b4c61a14378c7840e29bce0b6657443cc32344585352aa921b0faeb7c9b0fe86aa81e8e4

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 bad480ca41f9303b2bba2073299702a5
SHA1 2632d4a30a2154339a24790b35962822babf267d
SHA256 6187cfc29e74cfde767e727ea126319de77a6e34912ab53980725182cba84283
SHA512 d57fc799b43b5b4c8887ddabfd83f0876c2fa558c880c4b700e70ec41d06b4fe7457b3d6f3c39d83e5a7c056332c2c5c52733fe108c5556eecb32697c9b07707

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 d6de5e0d80b8334c11b2fe7ea46088b3
SHA1 9292c5a1a27360afb35e8daf258104b874c43c79
SHA256 d1737e02ccaa41d1210c525789ee257708b1089a11b60fa7aff7d5f98d559fd2
SHA512 b684aaa713ae902ad9f061b462a9b6b4883c0b29551df81e08f3177a458642ff61e15a497d0648b2cff6e637748c70e419568de6046bfe531525bb653b3cb544

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 07ff2b8dd9350ee9f8586e249d23e165
SHA1 5d4bebe099956ba515fa57e970859281e381f8c7
SHA256 3ac1f355524d7b77c2fe0ca892064d163133d79c5c41ba9ab83c82b52bf59802
SHA512 10b4397bfbc0370a8b7308f2664a9abe1940b04229a4a67f70cce19aa39fbb726d6ee138b5a97f2c33794d8aee982841a57de9ad42e68d14b4d9765ff657d290

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 1521bd37d5af968f3ce04af1877ebf50
SHA1 afc86eac2eacc3314d62e5bb4019929ae4ab86a4
SHA256 eab25fe4ce6ed0da737a778b44682c0160185712b8a54546226edbdf5504b639
SHA512 14d2a08b87beceeedc88c66ec6ab1de68467ad4306ec4538a1fc9d41db126d29f10713a898a7417446635af67fda6405e1499bd5a6019a4be977dba4d8797929

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 e8b92edb2ceffd1ba3e8a56dee2fc7da
SHA1 706110aedce282dca04a1556e42608c080289165
SHA256 a12dcc58202fd06132adc4a292a02225babec6b0ab4e969c2eaea30c0104a691
SHA512 e278328b97db15bc069a09eebba3de6976cb97b5eb6ef9b58caa8bf1e9dcff2b1e9ec3dc40dd43a80af8bcda6750a7662e215cc953306b4986c064433f8ff627

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 d0cd81a43959066a53b04351bfaffd05
SHA1 95d49ad51139cb42fc553d7fb647c00013597483
SHA256 b08be3421075b4173163f46b85a710280cece664815a308413c4b2c7f3606b34
SHA512 b87bd468a05ceed96f678d4cc3fab6adae8b7353aeb431e15de03aeb876f8a68abe945b111f944576266d78b9d8e3a65ad5051c7064b90af14ef62bc1dc8ebd9

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 c888e36f59c5d829d03b2c008fc3205a
SHA1 d8d39d8dde6e5c2fb1e8c9ed9994cf457ebf525b
SHA256 ae9614c45abfd715e2ef4f3c83d2c57707cfc114eb6713026bc5b4f438d7418c
SHA512 306abc191fc3a308d38f87bea3927897e8bfa5f74ac31db08da5976f6b64e03b05b7485eab951f178eabe8859015dede53b6834f3a05b79a7d1c6cefb81460f6

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 db31b3d7804ef679f4c015fc14f2827a
SHA1 171bb8e591899ff2039751c5dc8054c7a3e584ad
SHA256 2b0b3e2528190cad3afb41e35f3f1f34ecb391b6503773a5d2d68ec1b445fd12
SHA512 e4a6c6f84121353833718ad5b2f04c3b32922b35ad9444d1c14b52e4f9774305e3a90a78cc1947e372f36f9ed8e3c52d29d37b9bb74f6e9acb6a7c2d373c2a65

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 dff8ba07b16c2892762d5d437a808dad
SHA1 8e8125e5bd7468f75921151e94035b9498b374ac
SHA256 efef2c66e04c47d3c8e81f64cf356ece680aea99808a9b099e49528c22164f57
SHA512 d6f55beb9ac2c23840530a53b24a490b33b0cbb00cd48c4394534e09ef8a859f070c059b00daf71e7936e86e1715fa7879986b409067c4cafdb43dadbbb28833

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 b3f5278b2c68dc349784346a7f64f696
SHA1 558b33b2ab0b906894a45664349d1e45e3c1ff7c
SHA256 050b38faf1abd6f47a893c3d27e1e43dc50268c9de2f8c328c136abab892cdb4
SHA512 cbd234e105f57d1797d257ed60693b30c95f6727a1d794e87ff79885e985f162a4ded5e642251973936e76da49738ace067bf630a9b6e48da6ce53a923570c5d

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 99fe9073a6f0ae7c328baa96404c3cd6
SHA1 6841baff2ad26163860842af0879383079c2d43f
SHA256 6a34f2b61e03fa3cbcb6395dc607b9e25822ed6d29b8b3f50734bf64128e5b1e
SHA512 925aa1c92104b1911536f9701b1c96df5ce4675451c171bb47a7db63befe002aab1ea73639165d78dee3bc8bfe4d533c8652b2abcd9d33af9996fa0594f53d1a

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 307a556d094fc0ae8319bfc921d6c98d
SHA1 27387583e4aa222d206bc6d00a75904b506a8b44
SHA256 3cffc95102dbdfc08da82b1175c3ab8b27c218337a10512743d2d3d86965b8e9
SHA512 16ea8082a107d1afb5384a904ac01cef7da82ce5c98f95bbfc997d2bc637535a5f642aa285ada4b5f27faddbcdd89dadb77947ed33eeed450f417c9e6ff7cc47

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 4c87238001f612ebf17d20ed6b7b8441
SHA1 2f23c6223cc80b870e4eaa30e44bba275f969b90
SHA256 e126f105f93b861b7d69acb3af4784a705c37979844d76bbd87451cecad9ee83
SHA512 73dee423a044e6f427c53295f69ea135e02b3d159dd59d61c300d4d1c1f88e6915d6fb8671cc3b540c3d885fc0b94dd17472b98e0d0221c18f4857329573c441

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 b1622ae04c0ec883352575ae81b002a1
SHA1 a80dccd2aaf773a9131058abe016fbd549dc26ab
SHA256 7774909cc67b4b3234d8491ab45602038c39345fd35fed45b31d8dda94b9b21f
SHA512 100951faafe888d04638dc4166dbbfa6a1195bce0d12486594154abbc205a6835b90852ddaf447cd06c5679c1367742fdafaa46335628b363ad510ec20c00f2a

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 2e360a03f4debd472cb450a4c9e08129
SHA1 52bb8ebe562fdf525ce022f285d6a32edc078c9d
SHA256 dc444ab962ad9f9dd75dc303c2ae31259f1fae871f25b5362cdd2c46c856b9e5
SHA512 b3d2c9bf1f26946fc9cad93171aea0888c16fc3886ab1d1e475e4f9920ac268029771b36a24f9b17025c72ebfb39781c745306735bb6dc818550e99f192f29d8

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 290f23b2345a1a58bb093a1e2ce24147
SHA1 c9574b80521db7570f89cb3d905a446b0108c8c0
SHA256 6b36d1267f99aee8f9ce56010bdaecf6b33fbb1934c9c7f81de7dd8642a4d311
SHA512 55be92c6ba6fc208cf6c8a2d0e9b6687d296c1a503dbccd5ea95ce26552442f7c10c83a2da95e840b8be1d4eb8a945d5668ee1d57fb1535d0f8ba30a7b8bb6fd

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 0200ed03273cdbdd4b80706b5713a909
SHA1 f4a377dd47b674d897a730bf464afd786ba26e95
SHA256 78bb1dca9ec9d633280c2e9dae0c226bceaac2c08f3c50468f5ff2c1cee8ce48
SHA512 ab603119fccc2a2c0b8bb54d6469a569418a663b3cbdb65a6b40f1fcc4201a4a3b7037d96cf19b1ae373de1ddcc97bc8e664d2cc1a6fcc53664f711628119880

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 ab1fcf2cb2ce0f0a7845d5d29d510ddb
SHA1 b628d2670d04264c1ac6b63a0122d77864f930a8
SHA256 72886fd3ca854532ccc8af685d3e9d2b0ba82cf0ac6acd1e79eed0417eb14a36
SHA512 64501e873dc5775c1bae80176fd8584114ed0ead124cf613f19ac44449ed4902318b2e3ae3c23127243c440dce5830e9d26142e9bdc0b0fb1a15d95fc7ad585c

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 7d368defc30acb6943c8e64a85813f9a
SHA1 b62e009419db7455c24adf404df330dbd1564dca
SHA256 662a8a723681f1615067287eaf780548067924cc4271694c8c32cb250915ee99
SHA512 75076fbe13621b27638fb420159650cf262b938b5d8cb8e5004d2ceb7dd5ecc5a73232592c927251dcd3b9d688061515d5cec0a65eca9fa9c56b1041f345767c

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 91d4c3d738d115d8cfcf9af0ebe069ba
SHA1 6b88479dba07fd2c695721ae814f56cdf1686cb9
SHA256 9a29928a16f78d0520daa679e2c118798c321edab50c1a34b0267af57a125bee
SHA512 2d1eacea6e1e10826b0766e71d63d9177e758cf278d046d352c2032de18f898f313b3fe55920573f8e7185c08392ab5ae3e7af1ef7d36f314428c9ba325e015f

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 b1ff9a97cbf548370e92fc7de1128f8b
SHA1 0732e506771bb17571c0def6aa4f2b6657f49fb6
SHA256 a8beeab500dbe76d3fcace7ac657ee6661807a85c84545b1917cc5c288c7e75f
SHA512 bad49a17244e690b2bf418ba1cd16e8565fd6189862dc68768f34ed5de8c3c18732059e575c75f44645df03db7770c3853e65b64caab501217c4a5d3baf79294

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 b0f70887e85ef13bb3c5593ce6f563c0
SHA1 797d7ed19175fa851bf34d97170ca4f71161f8c8
SHA256 e2180366410828448ad8db1a2cb1ccede787bed41212cdd3db30ab0d395ab700
SHA512 8e4bfc1466032eb01eb456f35b1ad8fcdd11b671852082df001a041443906599a1ba2cc3da4273056ab5e886755d423e7cccef9ae8a082d39c8bf4120f96de88

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 aa72028cdf7c2fb6a64380a33c8d01dc
SHA1 2ca6425f4b696194a465d410e83a810aafd0ade7
SHA256 ab0a13a97a1b41e51ba06824157cb21cfe641def13e16fe98996e23af6860311
SHA512 ff167b753ddf0103d1172388b91f972a92ed862d21211f4b172662707935e25368bc26510c676885c53c9723a92d5afbeb8e6091ec24438733b34d3a2faaa952

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 eb7839ec54533568410a8be63e8e8be3
SHA1 7ce61fa91b61beb23a0442e24ed46df3e098f15f
SHA256 87e307400e84af5d58c25477e70f1a9662b22356d732c31d48bdf6aefa063cbb
SHA512 0fcbe26b6cfde9cec216fca3cf4de2c30b456531d034df1447a4c7dc981abc90f8f5ad82d8a15af4ac7201bbca131f02bbf539a86436104e2139dadd6b377d59

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 7afb47e2714019d61c6860e7a56c4327
SHA1 2c905dac6471b15b6af0e8dce90a563abf9bcd9b
SHA256 a051b0dc459793ca41ecfb5cdb0a0362b90cf4affe6d0dc90e2948517c8677f7
SHA512 34def2d71317feb1d01f0ac7ca7e78b1331400abab89bb8a8fb3349f0ec361f2f731dcc9dea0ddb8b2528395ea68a9c82d67be13d84c4812e9ce0e4d3cbb0d1f

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 366dc26ec9308b867fdecbd9c54fe53e
SHA1 c7861bb336dc2140d8e41342cfab540b03bff735
SHA256 276dbd6ca3bc35cb9c9c9afeb68e59ba8cc23b26ea9fb090be852bbb5dfd10ba
SHA512 1656c6c3b27e1268b7f38ce41a77b9318a1847eabe868354ab9e8c0b4c7c94c009b60935211e300ac66f36631bec618132d65d904920a12e059682f262d27028

memory/2060-917-0x000000001BCD0000-0x000000001BE58000-memory.dmp

memory/2060-922-0x000000001A810000-0x000000001A81A000-memory.dmp

memory/2060-1290-0x000000001AF70000-0x000000001AF80000-memory.dmp

memory/2060-1281-0x000000001AF70000-0x000000001AF80000-memory.dmp

memory/2060-1796-0x000000001B480000-0x000000001B4FA000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9flscadp.default-release\sessionstore-backups\recovery.jsonlz4

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/2060-1820-0x000000001AF70000-0x000000001AF80000-memory.dmp

memory/2060-1819-0x000000001AF70000-0x000000001AF80000-memory.dmp

memory/2060-1818-0x000000001AF70000-0x000000001AF80000-memory.dmp

C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\vlc.mo

MD5 5977880cd6addf4888c6a1145f541485
SHA1 e744e9a8f702ad8e766a6091b1b48c03743c6c6d
SHA256 1fb32f9f09a90b953a9bef998ddb019827e91e12e049c25938d094ed1c0317fa
SHA512 0e6dd984f5edfbab57b2ae8b3a715cdead3ae943a2efe598dee1b0bd479cd15acc07d0b70d6d99885425a6acb837987d0e5bf25529c2b4d1516af4153e8fba02

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9flscadp.default-release\sessionstore-backups\recovery.jsonlz4

MD5 653a5a3fa31a7f30e10390dc5a05cf79
SHA1 51967cd6be14c0b46e01383155cb49744b5f2fbf
SHA256 379f226c922fc111e7df28a0b1cdbfee5af7d92a55b7c7618de4aec19f98a07b
SHA512 244912c5f664691e18a7108724f8b4fd28230456c60f7268b0e040625af773a830c9e99f8355e05e3eb9bc6e7f5130cf3c4cea02b039de6c885de72ad61dedf0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9flscadp.default-release\sessionstore-backups\recovery.jsonlz4

MD5 707608e7079f85671af180f990fe2cd5
SHA1 635be1838399411d80a4f2271ea8adea517b8d7c
SHA256 d944087e3f92f1607f3bfb8e1a235fef215dee293534e4eaa1b5a4c50718096d
SHA512 75617cd8c2900309f7ea992520ff8b87057710311d20f50c01018cd863c770384ce24dc67f6649dc86fef228bdb4b11a7e04061dbe300c8c1fe04e27cb260372

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9flscadp.default-release\sessionstore-backups\recovery.jsonlz4

MD5 8afd920f91cc8feb5956e5c0570c2661
SHA1 cc4a25ee93811798f37a6bbc11b0baec8ed69da1
SHA256 9716c7e49fd546c86b9119bc2674978cae433c89b27f47beb801b6bbf3c645c0
SHA512 6057ce1c5eddf32552354ea4a43d9a043918e3336232371aa7453b8bcddb1f32b837cdeccec6fda8aba58ac402301b4a465f95e46705fdad3c1c2a72f7237341

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 203e7b0b23316a8e57754d73d76201aa
SHA1 fbe7fa1f7bcd0abd77f6e76ffd3080b382a0848d
SHA256 d311ee3ba7d0d8ee4a7f2c8296949803a06cbdb7bc591c8ef075eefbb7792d92
SHA512 854890609f30e78a65977515a37d382a53e2b66161e2d34464e63b56e0f0f7480c25e596ca8af5be3b223412603955f94db677670cfb5b5472cb6f21609ec262

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 6dd80ead9a26b1465ef5aa724d9ed022
SHA1 da2291d2232fbc16b28af4f42840a074ea113712
SHA256 e40df9e36d6a4162e3afcda2d82ed7b20abcd52edcd677fbe828dc60f10eb0b7
SHA512 c94ede726400231acd3c9d2ed2582eabba00d040a5216bf62ca8db9f61d39b8e2194c85fdd297a6784d1129e4e1dd7010b3186d536cc833ac2c91f1ddec2d003

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\selection-actions.png

MD5 6fa0bce25b338ebc8fe10d03c084bcd4
SHA1 65eebf22b63cc6c9acc56fb4b3e130574b8ee9d2
SHA256 f4f74333867e7f193ba36408540744d18e8bbec78a19234be6e795fd330e23f7
SHA512 180ec3acfc263726631f6c6eedcbe820f76e76b1d91c2c1d6666f8c12c554a21b788068856b8d1adbdebea2ed8037e8f74fee8ababa84bf58bbabeb7c5fbe920

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\selection-actions2x.png

MD5 8094ef25646a7da208223c21ad5a9047
SHA1 35eca44a3a1e7ac9890cb3e1251515258bb78873
SHA256 2ba1b1f241ea2feef5649d23438dd64c336a226cf6140ad90351dc4c6c494836
SHA512 c1407c77484433f5c7e6587d55a540eb948ec98424d1a49731b77a83f86812b179c970684b3ec1f3d7f33b320124cf70fffe77122edcc83b51e5ca74cc2d9df0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 d35e590d134b72f220a9b097280ed193
SHA1 d6e0c85ccd7019dce5432db0f304902250c101c5
SHA256 496e49ac1ab1c98eeb6625c0724071cacb7e774d021e9da0903b59ea8c19a5d8
SHA512 045b02d0bf70c6e815e6bb9a7ffa8830af526e207fb2829f22206465ef913b2e51135c4e66d6edce31ff5a54a4e74a388e339d25b589a0935ee0ed9b43dbd76d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 686a51e99da76a6b330601b616b05c99
SHA1 2b2b4d4aa61ab1b690613fdf12a9d04cd6dac7da
SHA256 9d227643faa44f377e1551a10a56734de83dfd2c89ecc842308bed2490d1d3dd
SHA512 723e22e44adbb3f7ef75c2c357e7a3abf6161b824cfa81ea0414e496fb495e8f75ec72099889b1f6aa003d60201db5390bb6095cceec7c3bd7b01090d454b941

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 32bd190961160243aad7f71d21053aab
SHA1 3d7458f65c428385ca5dccf00c3280556dfbedbd
SHA256 46bfa5fbf1aa1070448c94a14fb54570c915794e023154e8944edd0426f72e01
SHA512 c874ea443a84d6b5f0dcdad58942782090e723a031dafca51a2e223c0be96064458b8384788a8a86c194ad88b4145a5bb3d735740d352f7d3e5282efa6d8d60b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 9924543f157aa6730244ffe88bffa5cd
SHA1 b4a2db38e15043c6e710b98b41b2e0f282a76fa3
SHA256 325f9aad8d8cce2ec2f2ffa22040d87592c7b3501944abd20a5de0ae7216bcc4
SHA512 503757cb4f02b89537c5e3ede281c8b474ceeaff071fa71522a9ce6a9ac4eddce441e95280eb3812507f5cb89e3bbd0befb4ab804d6dd473e41dca92991c72f3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 8aedb077e4ec64e4fab31afba8ecbdb5
SHA1 d06c4e73ccad1e109e5c55fedd8984fb79d58d8c
SHA256 c6baf5177f65dbde9689ce8ec147136c819ea36a1407d956d25220f2e3ac5fde
SHA512 f8fcebb68ab234a6f15a2192055000d82edc0c9335e7265e9a284c625a483d8b6814e557ce80e9fa8d0e148aae9951d214fb54fae2b3493096bea248b118d586

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 a0e55e6effb5382419e2ffee05fa9945
SHA1 c734c45190ff4cb0a553b13946d651eef021596d
SHA256 5b660ffcd7ac4080e851787b03375d2f5c2237b53b3cb372022375621d41d7f6
SHA512 aa9dabac17efdd89e9fe58a8725320448df0c208e7c2052420a620c06dd92359ee3cfe370b570c8916cf84f98042fa4faa19de04587b09b6cc62f9809faf90eb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 20e81b1ca96f583ca12f33b64c94b0ab
SHA1 fab945ffe6b3e37fa46ee2be52d2af559a75aa67
SHA256 23c7b59d0051af0fe957d2e12194f56243f257d463b5d65af2f75ef596f55d8a
SHA512 6b348570d75503f2ce3775a420d8200eb98f1e21f8e225ca5de8b272c2c46113e67db89d80bf42d861922de23b6ab278f67f294ae0afc4d17bc3be2bfdb8cc17

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 f73da790411f95c172f0998c90a1a112
SHA1 474621c1ae33390a6260901f42a9cf4dfefcecc9
SHA256 61ccb6c4ed845d93d2ae9593511c478f3d9bd69185e2b6595720e6532ec886f9
SHA512 610ea57a0536daeaa583524952be160b3f28f3dc720ec54261dc34741de13867854719411c51d72be4e406d6ddd81092f52fd53953f1cdd3f49d69e2a33c37d2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 87ead01ec07f82c2bf76ba6f909cc464
SHA1 7bcb376f5a9719bb520db17b04717fe3a5169806
SHA256 d9e153b336ff1652b0d953028715c9bfc559da665ead210f0880d14c41108693
SHA512 b0b306167f8c2b84faeb01f27143580e5b1f43edb5ca989b12fadb795d542b5762ef50a7d71d4676725d44b90c21f4992a84f25bc73aa20f209e6a28ee84817b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 171d9065c354b7b382dc1e2b89be0fee
SHA1 ea3a6256363bb09da6386d05f4d5f153a75c48e6
SHA256 f415ea34dd0de8fef72fcc728793023d51a0d02bda4d4b24fecae18aa3970f14
SHA512 b05aaa1e6d34e4a1766223ed5493810512f5f979b91eb23092b765d706bbfff1d5cc88010b3d20c1ea0c5c49ad72ae653a9b748853d0ce90dcfab9e0cc00e8b5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

MD5 28218ea88bf4ef15974171fcf6ff12e6
SHA1 81ee09a45b77252301d6ab61aa046e9f244b530e
SHA256 14765a73998f2df10de061c433d31f42b1a2bea81a0e6db809796533237e8121
SHA512 28538139e203edf25deeff25b37827cf3fa6bb8309b50cdb97c5fae6061b859c67f256c908a1b12757fe5855d22c0bc02022b24a063804c2e0ec9e1771ca5f95

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

MD5 222aba5d9b5f1c1cd3a2d333b4afb85d
SHA1 bf7a0ba006b73909b0c664fb52c224b9bde05445
SHA256 c381c63401270088c27c2fa0f655a40b0b567532dbbf8170750b1a1fc6be70d0
SHA512 a6b0625613d99f0e9ca77d91542b5e96c3cea649275cad495ce2bfca00e427724bfeea82cfdaac39856a8d85bf78be797adc305247a55952f79c74e24281cbc6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 14c6bf32db6db70e2fbea9260f162c93
SHA1 b0d9b10e586f71a899379c327c25d33b77231e31
SHA256 6ccb13e541c1bfe658fa6b7482cd5ca4cc85449c9945336fd538122e8229f39d
SHA512 8211697b53a942d0ea94ace977f86fc7db17306cb45eee1270031b97e41fac6fb42bc1a5f6c3722c82475d565c8d5381dc0b2cacb2705d9756297112eb050c7b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 b5016b227c4d15be20be0cdfd72b161b
SHA1 1e64535428bf723b7eb04b985f8c82c8e4372a45
SHA256 97863a3f202d6be208a66cea01156cc8571d151dfeeb3c3779fa9c9c392a48c2
SHA512 8b7a7b2dd4a998f2ea38bd2d673340414c08c65bb47a938ef9c3d8b21d3168cf594bc05e34552f374bf437bbdb4ce82e360ce3fcf760bb0cb08c39ce62135974

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

MD5 6c2a3b9c23cbc93889ac653298de647c
SHA1 39903a846b6736add53ff1c8dc4c5a2569caabd4
SHA256 723bde2f6ea23de9194969b6f27d8143d267cc17773fc878514509a8a0d52f3f
SHA512 1d5c03b59e5e5c3033c35ee85965db31d9844c747064c3ca38fba79a51649c3c4cca8b1fd8daaf24da14846b3a81e329dc8920c00d2181e1eac0a8fe217ded53

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

MD5 92cf6247b42c8044395b874e044bce76
SHA1 9e6da83ec216913caae3e8e377e168eaa634bbad
SHA256 ac396deb6c9bb2b54b1fd2500b66be2c13b2ec77ff7e423f023ab0007a30c1bc
SHA512 5d7d906a5c75eff736d6ffabdf92013f18523bae84d9d973cdc60ea21cbc2dceb7b761d937a894342e338fa7b25404cf4c599c4a295736bda1a2716f77868d3e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 3156934e5041e1cb2d15b873721b0fbb
SHA1 12ae4927b92b87bd353a1381db7fecb50f2032b2
SHA256 a5b8e88309078d5fc806575b69a82ef01ccab578637df15abc896935f6c6d475
SHA512 253ffc1df6b3d7e183b7a8466cb5cbbf66961dc2323b953f1f4ed485a67aad6d4242edfbad8b95731a19169ec703ad775e1b3961d35ddefd062240c0a95c7e88

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

MD5 587f9898603411c67aeeb95b362add7f
SHA1 33e81f53161c3034d3b0239cf1881b3fbd25cd09
SHA256 5edc9cdd9aad315b334d7f46b03747e1222c2c970f88b2d692ce15d019e7e841
SHA512 9bb1e9583c422e81198dd63c743775d5e1d032f5440d5d7adca7bc7080fb2664e5b73689d7d0ecbb8b6ee03e72ebcf5f2c5abadca06dff62f65c83ffa178fa5f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 35827ccc123d79eb4c37de342e6b2e6a
SHA1 d3adeee71e93f417a5d1b1f96d85ada33a104e9c
SHA256 5a454bff78560fb27c4b80d73fcba55764bbc2aa57136ccb2a820842627a766f
SHA512 57ac63a2ff4a25d82bcf763d770a149269338ce4145c15c39436a928e2dfc9bf38a3817b3dd6674063ede985a7a4eb496e74fb494accd41bbfe6ebdfac47edc3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\progress.gif

MD5 d43e6386ae5d5a24798e5a0375ebe72e
SHA1 a99d9bfbe22c62f47df9e67c7c2ec6b4c568864d
SHA256 97a85e24c4d1bdd376112549a7d52ac4a33f31f132983540835a4a47365bb1e0
SHA512 a205ad1cd8343ba8103bb0401362ce0b64cb1228ed481e914f6a48e2e445bd652fa0d5ec76b94abfbdb77efde214f5faa39ed79b9ea8e45f0de0ce2cca1dd21e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 93e6e53349df2d8c78c353f2ed8c3650
SHA1 dab4b59d46edea14fa9256c0f44771c47f24da10
SHA256 930451ff519124e10dc1e41d4f3318f5b519fda43b2c674490a492c0114717ae
SHA512 59cff61a347e777870f5d2f18a5ef5cc74841a138959606aaa5c46a13fe1b87f8a27846d6c635ed7752fa5678ab44f4b721632288a6788f026042fb834d6fe3d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

MD5 8e213efd7069d43babb86a0d8fd4303e
SHA1 b27567247028aeddcadef5363e890416374e64ed
SHA256 a1ac5e4d88c9132858b1978081a843903e514022fd69b8fc89010570968777a3
SHA512 df044a292f9dfbac66f07d2b60cf31e6bafc9e63d1268acd0675541cb528c863817d94e1e43a6a2e309096453c70d3da340749c8691f6a0dd10f2522acda4925

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 8c28fb0429b92594be88e314655ab176
SHA1 2e51d94fe8a4f08f39b9431f751c7066058395cc
SHA256 d28324659a75194779c8d1e2108b4693b0d9c84906e84fda1bd66c6d5e79584c
SHA512 b13d4d5f99e48362c83c556b1391bc6eef76505b087a0adc5781d92aced31f20a9195adf470da08662e889f9fabd372c55d6ea22e63f0ed77bacc3477d6f60d2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

MD5 0b61fb081cbf752b1da66d58ae03ee8b
SHA1 965fc9985c4288e0b7deb96314263041f4eaf39a
SHA256 dc4959f41343492f51d5cd59512c9e3bd16416e350b0464b6646d6bdbe9a1fab
SHA512 2b2089b4c683af764bd56bdfea4fc3a1e583ba952f2880d62160656c068cf290cc2c5298b0206a10a95daf1aacc99958437772806520a56e4867fd5eaad8aab5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

MD5 f89252379224b0ce88be34d466b0802d
SHA1 bd96a06dae0efc40fb2e6543ff3dec975fe019e9
SHA256 f7514a8cc3afea805e7eda6402c4cd07661501d51dd851b9546aaffb7de7fcf1
SHA512 ecca2dc1251414235e81670b2249c7b9287b49db3ce38f2518e00374a31c3e51850750d563ded483e39738aceed11dd432bc1f945d607309e622db001e4b2e78

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

MD5 c23dcbf3e9e43832660d7890f2fd39a1
SHA1 c4980375a817d874424f7acbb7186121398393c3
SHA256 383e5133fdab525a1de2a232131581e61d0391e09250ad4e8d0f0f6598a12fe6
SHA512 ef4fb42d584ed185e59d56f0ed61c632690856a4035acc82eac23495efcee9473d18a9677fa00e4461314dbcf6d429c0d7c5ddd162379cbfc44193523d412d98

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

MD5 8ef75f9baf182c58edaffa517b6c3fd2
SHA1 61254b7eb31525da47e777d8406ea0754a1540d1
SHA256 a7190013f327878eb4f8672e16cdf683388ff03dbd6e85cd0f87c73816aa7a27
SHA512 b90cb98f701a89f2cf252b12006baad69f31e2b71c652968c3ceebfc34c6a60640fa72fe18ca30d59b2aa08bfc79200ce714b9c4dce2505bc6bb68b448df944e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

MD5 617c2793024025889ee1dfb2c136e070
SHA1 f9205f23a3a1acf1d6fb88228d2656fac5dd3314
SHA256 492c525c192a1ad8f06fd81982ce7a313d82e329837c696b39b663efe76cd43f
SHA512 33c8883787f3cff2e62f9477b4ba94ecac997cb64368df7b66351c040deadab8969c17dfe1c151ac96d02de62d9efd482c7f96f55f08e669b184e1e5b8f12adf

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

MD5 e91aaa59008c8f49f6c46de1ec17d70d
SHA1 a5558aad418bd097198b2f1f02ee36a75c95bc01
SHA256 a65b58eab944a62026057ece5b08e1231bbbe216fc9f15f539c805e5231abe58
SHA512 f220143466d394e3b163543f011c868c26d0e06a6efe25eb2f7df7b749f43ca90b447c19467559469b9bd0f731b8c8f55d7a84d6c76093cc29f345c440de714c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

MD5 adb5315a381e0bcfed9d253d8e5ff83a
SHA1 42fd7a35d9acb8949300ded54d739e0cd0f8aa81
SHA256 adaae3169931e6685decd4b7d9f3d43c7ca1e53bc914199f07461c9ec9dc1eb2
SHA512 9cd5dc16bb21e8ae270d09180a372920110bb8708237a1a67f9cc58709d3128decbd51ff130baa9ebaefde6d8d7dd114d0a61037ffacb15d2b439e498981eb32

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

MD5 30da37ebbe27f09247b2ed6d00a4f1df
SHA1 81723f7f40fe6ee168632c19304dbb8bc9703103
SHA256 50278c1d0aea3814c98af9155711487e3541a6190df9cccadf4a304a2ddcc018
SHA512 939bf075b3354f4eafa77ac590629d8d3503ba1e71a7b38e69fa2d0ad7d04bb2be892577b56f290664493cf00168d9fcd206833274b34dfccbb16e39425d8d89

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 e1e13dca604c1e110667caa68293a72a
SHA1 36be7294d064dd9557c037247cc8040be88c505b
SHA256 ba8271c1c795c76511c762adadb5842037a995daf478f777a73df5a57e8aba8c
SHA512 4859265ad25be64e8935ea0f943e2f1ddb87abbe4238924b6c2fd0c15f366a7f793fafdf3cc42a1df72b67fd41a02fe2af5b931a28d6613541227807dcc7cbc4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

MD5 7a44f0f724ed258e95a157ac4e4e1a99
SHA1 6fdb35c9e335ec6267acce4eb2ec0e1d5db5f49f
SHA256 1c085dc2f0763fe66e842dd5d6958694c11933a3e59d39b03c6c4189986bab6f
SHA512 3eaffcc4de4195ecc14e14860e5809073a7acc1a34324181076ff38e2b22b092a1c921d6682046554dc93a9d9e941a6fa5828a79147971eb198604fd60b3b80a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

MD5 ab724cf21067818dd977155b5c46ea12
SHA1 95fe55dbb34cf62d63e0012812d73da3ed297188
SHA256 fa4dd8269995d815bb48bfd807965d661e383b7c43f025af4204033f0b5027dd
SHA512 c38ea51bb2d2b4ba03058fdd27b1c8180dacbc283baf277c1bf597393e47b026a87cece837df0b807df85aebe09f28c245c07c02298c6fd56ff0afe131cfff43

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 dac7327c82fe77921bc0068f4c3dd0aa
SHA1 e33e509302df04a3df95b56c5d37565867cfdf49
SHA256 199e3ef9781aa71445656f9cc69020c18fe40e6c6d8afbce028ef541a899f9bc
SHA512 3f8672d62886c1773270fb0807f848833a776a8c6c548e1f77df24404558d3b446b0080ccb0a961dac73bad65f2fc0d9df0767499d0bda3a8b8acb829c714301

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 3a6d80c2c3f5a35c4b8ccdb68d4d5e02
SHA1 8ff658b216c3a4ee3eaba5d2c63114aaab74c2cd
SHA256 652a23d3b811f4be7f42e41e792122306002573be6d00a06e6a392ae7084b950
SHA512 06f2b358abc3746757fe502f0d5e06cb922b734be48f597c4519f701198599e3807a442a71b4999ae174fd8eb1b22c08ed8d550fb568e47c327c4dcc04981194

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Trust Protection Lists\Mu\Other

MD5 4ddef67f7b9e4a0d0ba951c7a436bb2b
SHA1 56e84c61c616b10930001a27245440f8b9e5800f
SHA256 548ff1e51b330ab053d8ba8d5dd116206fc29f5486c4282f0f858651ef54b4bb
SHA512 4dc1496d8c21b9c497841cbf46ae18e8a9aebe9a0169484ae8579f73a4eea2ab62d5c849396690b2c2269bc2bf024c116ca9db9911c1c1d15016725e06e7c636

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\Trust Protection Lists\Mu\Other

MD5 9ba4c66dae0ff115965a5a8dca5aab0d
SHA1 02464f37914ca35250bf283676af4809b336b11f
SHA256 4453ddf4f108919660a56e2a3740e315caaee2d102d7cf04740d53c0cf10ab8c
SHA512 325d2cbe04fda670a66ab9a798794fd611c7c3d7c5a88d188d0cd7b01ac464e7a02e143b7c49f88f2f6384056cfe41f797eb39d8bd501c6cacd6b6fd23d21028

C:\ProgramData\Microsoft\Diagnosis\parse.dat

MD5 54dcf49a4d736478c04d45eebf533f2a
SHA1 357ab19e7526dd39b4b39cf360344a59dab09235
SHA256 b71002c127c13761d3311f29aead0655cd85458e431a476f899d09589a82fdc9
SHA512 5e0b3a83939fd5400a8c8c4aada976da52b8cf3ecf4125c68c98627fb0dcd8fd039eff2f128dd43f6f8ef589840e1ba98aa08baf895c55a5c1c7cba0d8dae9a2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9flscadp.default-release\prefs-1.js

MD5 c8acc5360883fe02530c7c78f1820aba
SHA1 db86efad36e32ca6367fd79c326e178fc8352a77
SHA256 65754b603c23914f7157c9d264c09b3488f41dfd416f50e24d36a32039125286
SHA512 be4dc926e90a8c7366031bc38b206c2c9dcc2dcad44413df344c0e716142b72044f71cbb0ce2d0991e198dcd1dab20eaacf2b2b9f4d034c23381f387bb33f37e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9flscadp.default-release\targeting.snapshot.json

MD5 e9a05fdef2d5c676ba055b0c978052c2
SHA1 d55633ef7ba65c118a8457a746f986dc86dd94bb
SHA256 b8a7d323e6ef811da0f01fa616ce600fc07e49095d387abc9e0a8c876069a1d1
SHA512 d7ddfaef7c32175176ad595a4be6d21da9a79708f38a875381dca8b776e37ff58cd274989c1a634b6b2fdb8d31d4af9bf44261a967efc998fce8dddb4adff516

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9flscadp.default-release\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9flscadp.default-release\broadcast-listeners.json

MD5 72c95709e1a3b27919e13d28bbe8e8a2
SHA1 00892decbee63d627057730bfc0c6a4f13099ee4
SHA256 9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa
SHA512 613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9flscadp.default-release\addonStartup.json.lz4

MD5 0608ae940e346d41306a0d6c7e974b00
SHA1 c4da4d29d707940ef2eb52014e3d72f622b325f4
SHA256 a1a3f4ec31e5672ebe4fc0493f24b208874b6b7e445fd145f5c85471d18f9263
SHA512 2c41d6dbc74f57302ba40e235a09e5ec0e2ade06d93d1157fec5b61332fc24a5450afae0feede8c82034753b8bf919ec171eb7a32f5acedcd6960e0ea916cf98

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 3bb8718b2de0358804d658ab30e44318
SHA1 eebaf14a94906306d825c5fed201fe1714d3b5db
SHA256 1b643ae7ba4279d41189b3dee4b332b86c0387e239447dcd14bf74dac0dcbdc9
SHA512 7d452cfba63a16ef033bbd49bf5da72ef4dd87cfbd66f643fa46b18454abbed7f35c77389bf559c043c961977d4097a0de0ca72ed6586a126fac196fd9bcc731

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9flscadp.default-release\cache2\entries\037778A55E1B7E9BED3390289866D09402D6C913

MD5 856c1c84f6457a459b8c0f0ffaa65cab
SHA1 753005381c001b0f38009bb6e233f5cfc0813b3b
SHA256 0a779a8a0dbb06151910cdfb4f3df2a253611dbf801e001415066e2cdf9f3d72
SHA512 7ce3038e4949b81564ef2304272d7922ca22062d9afb51f5472a36e3a1f2e729c22c58f29558823a03901f6ac1f0634223b24ed6f3587c42d717dcf86fd21d8e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9flscadp.default-release\cache2\entries\0ECDEA583267DE3CACD9A288B2847AFBD77DD69D

MD5 a9c0ef139f83f90b4a8b595a181ca21e
SHA1 783be1fad14d10675d0d7946c4fcb104a5cb7780
SHA256 158b43bdc40850be2804be13f040c9aec00dd1b39cabdac0ccddb2f770200bfe
SHA512 7157c0de437a664ff74a299c16e3b534c08e1178d4ca70d4e7463df8fd2cf46f799b97cf7317fbc5d63352e02940d3320edb0dc388ae7de218a4a9c9ae361342

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9flscadp.default-release\cache2\entries\10B916BF868C0C56A90C2D9EE26832DE641DEBCA

MD5 7edba48b316c0e502f8d64746a10bfd6
SHA1 d2c7b892c63e30146b98b086cb0cc1ce484540a0
SHA256 64faec0dea180c1734cbb715614247a6e830d99aa20c1e0d36bf27e93384eadf
SHA512 5a41c9b171ebec10ba0d8578671d7ee7eae5a0653fb29fa3cb023bf7c1ff36fc7e29dc6868b34a9582d26c19c848cfc5bc82e3d1ff5021f29612fae49a005cfb

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9flscadp.default-release\cache2\entries\1E3866B584D906DD8CB8840AB2070142E2DEA38A

MD5 d1bf912eac2e12f4b19417bd2b015d7a
SHA1 35825969792df285f06f63d9ee5503ca201eb594
SHA256 be0340309100c9d80ce94aaa9ae020a88c273ce1ed3d0258f9eea2d4d392aa19
SHA512 2f50b938453d1d84eed31375a9221f45c3334b58fe79967916efb7756a575537a5fc588c22d353d9a1ccf62b98252a7a0526bcdbe4b0db961ab3eb2caaf1bc54

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9flscadp.default-release\cache2\entries\1D907F35C0180DA44F647662C95A1B2B30469D34

MD5 7c28efc0be35a190f541067a21bef6da
SHA1 36f74d355d5f015a83a14959b7f369a2be33ece6
SHA256 c12bb4b5fa094404f383bc22d6766fac9604569304da5c517bca63a415338fa8
SHA512 ef4a4ab95a5cc44c5facfa9a744df3a5a469df51798263c3175d0b67e746c8f946edd404d3ea70f79ca6d53e9e2bf57edd8ae006ba53ffe4832671868dfd5fa4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9flscadp.default-release\cache2\entries\1A5BA865BCFE3E61E2C3650054A9660461DE7C47

MD5 69fc2765bb04dc65df1e47fe6f2061e6
SHA1 1c18f0d232ce187287bf10a3b4e1d56aaaeaf55a
SHA256 f1484f5ea72f8aa5dc7410b6e410644007f1f61a4ae4cd34aafffa791f14d146
SHA512 30715c99de6c83891fabc69136be334df46dcb2a6d8810b7f34680a17fdb2c29d611937aaa1e9d5d85f04ffb3c5579fd05bd30eeb5274961c7210797bcb39a87

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9flscadp.default-release\cache2\entries\189251203534EB9819BBCC70B69D7B9D94565BF8

MD5 c92fc5238b73380cbfedf286412a1e75
SHA1 5dedb6e3368d52a4208c2751f9425b78309a1259
SHA256 617532a318d0c25e04b1e644b7ea2e52bba8cc2b10414bae782d1a217d206fd8
SHA512 ab558b77305b61d042df7d3d1a41ef8af3f4806ffc7d86fe8073ec69bbb0d65091a1f80e1ad7a36b98baf0ff60d1187f95435191b30ea62692499f191c94468f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9flscadp.default-release\cache2\entries\17AE96D37487AD4EA63427692522E01F478675B4

MD5 68b5b7856a6c562a66aef142369481f8
SHA1 a70f958d55dc8dd8e56aa9ce91e6dac560829562
SHA256 9b37864b38b29d10cdd45fc136b07a6f5eb39929c248423671c241065f12ffd3
SHA512 10bb615d0210c047c297fefcf08eff0bd6ee97e8f6bf4930ebe2c0eac692a81ae0b75ed56ae86e870f076522d04fd525a0d8c725b6e951caa08cccec154b41c3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9flscadp.default-release\cache2\entries\10577F00143105F661EFDCEF375A04B337237F20

MD5 0e8e7c42f5638b94e01e6594171c373a
SHA1 073c7a69f14784ef33335d389be34a7b39162bc8
SHA256 0bf6fff00e667fe15e4f6778519c2cd8fd7a1bbb8108a2c0007587c7adc67316
SHA512 a6da3837627275e21a42955af7957b8754b3459936e3fda93efca8da2453e2ab4919be6b4b5eadb58d85d21b228c0597e784ab80197f4456ed0da1073ff9afc5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9flscadp.default-release\cache2\entries\0F42407F7C1C713D55507F62F49BFB95951C248A

MD5 2338b2b57dfd24a2111ffc9cd7d672ab
SHA1 f360f94cab9bdd57ed294c45872f1856dba27024
SHA256 7252fac8f4c90b0c06efd27757e654e46a3a1c39e4eed6658a6307471e0d0ac5
SHA512 2e03e7ca2e4cc4e874f1b2b1be6c5bb1d95f781d0311eb0f1ae5625d23855a6ed5c17cb50d2dc753aee22c5e78593096767de2c41260bc74995430427df751aa

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9flscadp.default-release\cache2\entries\03EE73796B2CBE3C522A6910D85AC400ACF1900D

MD5 4322503d221c728b2fcc0147e881fc20
SHA1 e4c68b515b75ccaa6c1a796b12d97d68472db18e
SHA256 6082efbe46f861cd30e8f6c6d8869173d3442728bfbada40c213ce62172ae8c3
SHA512 4d2f1144a60222d8e0f1ad53452b58eb7c62eed709b85527c8f7dac8818b5b5bea5540e3205425fdfee890f7008ff1d7b910cd60c90cc79ddec748c2644a79fd

memory/1736-7204-0x00007FF931B90000-0x00007FF932652000-memory.dmp

memory/1736-7205-0x0000000000470000-0x0000000000932000-memory.dmp

memory/1736-7206-0x000000001B4F0000-0x000000001B500000-memory.dmp

memory/1736-7208-0x00007FF931B90000-0x00007FF932652000-memory.dmp

memory/1736-7209-0x000000001B4F0000-0x000000001B500000-memory.dmp

memory/1736-7210-0x000000001B4F0000-0x000000001B500000-memory.dmp