Malware Analysis Report

2024-08-06 12:55

Sample ID 240626-1qah4aydnj
Target Infecte1d.exe
SHA256 ad389ab5db5dce4937ac59ab16712eebfdfb7aa1510e02e252adeb311c2fe429
Tags
rat default asyncrat stealerium collection persistence privilege_escalation ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

ad389ab5db5dce4937ac59ab16712eebfdfb7aa1510e02e252adeb311c2fe429

Threat Level: Known bad

The file Infecte1d.exe was found to be: Known bad.

Malicious Activity Summary

rat default asyncrat stealerium collection persistence privilege_escalation ransomware spyware stealer

Stealerium

AsyncRat

Async RAT payload

Asyncrat family

Renames multiple (1272) files with added filename extension

Reads user/profile data of web browsers

Looks up geolocation information via web service

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Legitimate hosting services abused for malware hosting/C2

Drops file in Program Files directory

Unsigned PE

Event Triggered Execution: Netsh Helper DLL

outlook_office_path

Checks processor information in registry

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

outlook_win_path

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Persistence
TA0003
Event Triggered Execution
T1546
Netsh Helper DLL
T1546.007
Privilege Escalation
TA0004
Event Triggered Execution
T1546
Netsh Helper DLL
T1546.007
Defense Evasion
TA0005
Credential Access
TA0006
Unsecured Credentials
T1552
Credentials In Files
T1552.001
Discovery
TA0007
Query Registry
T1012
System Information Discovery
T1082
Lateral Movement
TA0008
Collection
TA0009
Data from Local System
T1005
Email Collection
T1114
Exfiltration
TA0010
Command and Control
TA0011
Web Service
T1102
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-06-26 21:50

Signatures

Async RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A

Asyncrat family

asyncrat

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-26 21:50

Reported

2024-06-26 21:53

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe"

Signatures

AsyncRat

rat asyncrat

Stealerium

stealer stealerium

Renames multiple (1272) files with added filename extension

ransomware

Reads user/profile data of web browsers

spyware stealer

Accesses Microsoft Outlook profiles

collection
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A 2.tcp.eu.ngrok.io N/A N/A
N/A 2.tcp.eu.ngrok.io N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A icanhazip.com N/A N/A
N/A ip-api.com N/A N/A

Looks up geolocation information via web service

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionWideTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-24_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\rsod\osmuxmui.msi.16.en-us.boot.tree.dat C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-black_scale-200.png C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\SmallTile.scale-200_contrast-black.png C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-40_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\LockScreenLogo.scale-100.png C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteMediumTile.scale-400.png C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-64_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\AppxBlockMap.xml C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL109.XML C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\pstn\PSTN_cluster.png C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\es_MX\LC_MESSAGES\vlc.mo C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\ko\LC_MESSAGES\vlc.mo C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\StoreMedTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageStoreLogo.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GetStartedSplash.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL102.XML C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\manifest.xml C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedLargeTile.scale-100_contrast-white.png C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Square310x310Logo.scale-125.png C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppList.scale-125.png C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PIXEL\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-30_altform-lightunplated.png C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppPackageSplashScreen.scale-100.png C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-96_altform-unplated_contrast-white.png C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-256.png C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\fr-FR\View3d\3DViewerProductDescription-universal.xml C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\BadgeLogo.scale-100.png C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Tw Cen MT-Rockwell.xml C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL089.XML C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\images\Back-48.png C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\SplashScreen.scale-150.png C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteNotebookMedTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00.UWPDesktop_14.0.27629.0_x64__8wekyb3d8bbwe\logo.png C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\SplashScreen.scale-200.png C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-180.png C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ast\LC_MESSAGES\vlc.mo C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\lv\LC_MESSAGES\vlc.mo C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\uk-UA\View3d\3DViewerProductDescription-universal.xml C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Preview.scale-100_layoutdir-RTL.png C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\DSMESSAGES.XML C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL119.XML C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CANYON\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\contrast-white\SmallTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\cs-CZ\View3d\3DViewerProductDescription-universal.xml C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\SplashScreen.scale-125.png C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\LICENSE C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\NETWORK\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageBadgeLogo.scale-200_contrast-white.png C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\nashorn.jar C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\GamesXboxHubMedTile.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\210x173\28.jpg C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_Planet.png C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-40_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A

Event Triggered Execution: Netsh Helper DLL

persistence privilege_escalation
Description Indicator Process Target
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3240 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe C:\Windows\SYSTEM32\cmd.exe
PID 3240 wrote to memory of 2464 N/A C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe C:\Windows\SYSTEM32\cmd.exe
PID 2464 wrote to memory of 4860 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\chcp.com
PID 2464 wrote to memory of 4860 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\chcp.com
PID 2464 wrote to memory of 4548 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\netsh.exe
PID 2464 wrote to memory of 4548 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\netsh.exe
PID 2464 wrote to memory of 5060 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\findstr.exe
PID 2464 wrote to memory of 5060 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\findstr.exe
PID 3240 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe C:\Windows\SYSTEM32\cmd.exe
PID 3240 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe C:\Windows\SYSTEM32\cmd.exe
PID 2824 wrote to memory of 1260 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\chcp.com
PID 2824 wrote to memory of 1260 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\chcp.com
PID 2824 wrote to memory of 1396 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\netsh.exe
PID 2824 wrote to memory of 1396 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\netsh.exe

outlook_office_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A

outlook_win_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe

"C:\Users\Admin\AppData\Local\Temp\Infecte1d.exe"

C:\Windows\SYSTEM32\cmd.exe

"cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\netsh.exe

netsh wlan show profile

C:\Windows\system32\findstr.exe

findstr All

C:\Windows\SYSTEM32\cmd.exe

"cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\netsh.exe

netsh wlan show networks mode=bssid

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
NL 23.62.61.155:443 www.bing.com tcp
US 8.8.8.8:53 2.tcp.eu.ngrok.io udp
DE 18.197.239.5:18753 2.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 155.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 5.239.197.18.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
DE 18.197.239.5:18753 2.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
DE 18.197.239.5:18753 2.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 57.15.31.184.in-addr.arpa udp
DE 18.197.239.5:18753 2.tcp.eu.ngrok.io tcp
DE 18.197.239.5:18753 2.tcp.eu.ngrok.io tcp
DE 18.197.239.5:18753 2.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 36.56.20.217.in-addr.arpa udp
DE 18.197.239.5:18753 2.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 icanhazip.com udp
US 104.16.184.241:80 icanhazip.com tcp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 241.184.16.104.in-addr.arpa udp
US 8.8.8.8:53 1.112.95.208.in-addr.arpa udp
US 8.8.8.8:53 api.mylnikov.org udp
US 104.21.44.66:443 api.mylnikov.org tcp
US 8.8.8.8:53 66.44.21.104.in-addr.arpa udp
US 8.8.8.8:53 2.tcp.eu.ngrok.io udp
DE 3.126.37.18:18753 2.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 18.37.126.3.in-addr.arpa udp
DE 3.126.37.18:18753 2.tcp.eu.ngrok.io tcp
DE 3.126.37.18:18753 2.tcp.eu.ngrok.io tcp
DE 3.126.37.18:18753 2.tcp.eu.ngrok.io tcp
DE 3.126.37.18:18753 2.tcp.eu.ngrok.io tcp
DE 3.126.37.18:18753 2.tcp.eu.ngrok.io tcp
DE 3.126.37.18:18753 2.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 170.117.168.52.in-addr.arpa udp

Files

memory/3240-0-0x00007FF96FDE3000-0x00007FF96FDE5000-memory.dmp

memory/3240-1-0x00000000005D0000-0x00000000005E6000-memory.dmp

memory/3240-2-0x00007FF96FDE0000-0x00007FF9708A1000-memory.dmp

memory/3240-3-0x00007FF96FDE0000-0x00007FF9708A1000-memory.dmp

memory/3240-6-0x000000001C350000-0x000000001C3C6000-memory.dmp

memory/3240-7-0x000000001C2D0000-0x000000001C304000-memory.dmp

memory/3240-8-0x000000001C320000-0x000000001C33E000-memory.dmp

memory/3240-9-0x00007FF96FDE3000-0x00007FF96FDE5000-memory.dmp

memory/3240-10-0x00007FF96FDE0000-0x00007FF9708A1000-memory.dmp

memory/3240-11-0x00007FF96FDE0000-0x00007FF9708A1000-memory.dmp

memory/3240-12-0x000000001C850000-0x000000001CD1C000-memory.dmp

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

MD5 1bb6a71ee9505173598d7f602c91ac6b
SHA1 af9befc704ff2011bd1438c8dedc6e42bd85d07d
SHA256 b68cfc1e7ccbbcddb854a7b7b1e377ed65d021c2c4954bd188024caa69e2c86a
SHA512 44c54d4232923ab0a51c8087317f85c661328e82fd477043fc4d604ee6fa9370b5f0b311c6053eaa0013ed1c548fada8e23dd9ef8230d977541b66d9f93ea3cf

C:\Program Files\Java\jre-1.8\LICENSE

MD5 5220a06048c5f79c83199e5c99d1f610
SHA1 93d3fd1ef0ae686848699f080659efcc02ca8932
SHA256 5cf9a10722ad505434378d9d06f298246b7d8809ecebfcbb6e4b8437809cd19c
SHA512 81dcf61e8ff1df2ad9c6e1652ea5c8ea4da155f4d090a89fe0ac040b6bfad189b375c22c9bc298c008741981c6fd899ffe0f28508654c4f275ce3d2564239d1f

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 6f1f446f2b781a590a9bc5f6d2a41acf
SHA1 9abd70b57eb5739bbe639e01051e3c93e316db42
SHA256 bab17d9b6f70ada14807e4a623b8133cd80198ea6d34c1fb83a8153e05e1b579
SHA512 97f1fb9210fdc6d7f7ee743ba041c3eff20488c0207e00b13da7def9030e06dc391f0112f1dcfc652540fb535e026ea9a4d746c23d51c7dea3d839da18aabb29

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 a9e9c7835c558d1a4b17279792a65953
SHA1 ae18ae9c1b82294985fab4dd8e7cda5da130bfc0
SHA256 787a34aa996c24aa613a58ff869781243b23b3b1bcb23377579f741297c1b6a5
SHA512 451538fb29e40c81aab66ae57d1a2ecf0cd98e51a50df61ae371b164aa24948eab118305bd0e353da1280e028b8a451c263f3eb20a250282ce37e7c33b0c6a15

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 6440ed1d84ec7a3ea761d431698dcbe2
SHA1 2dca39eed64f8a642b508083be6b5d3ad5509834
SHA256 24b1e303f4d56c88f431c2d273470f01c976126ffbfc8875d148747d9577d283
SHA512 19d041e4dbf98a40262028809660394fdd42cbdc91a36dcbcb6fe490ec151e7dbd96536b606136c007f876b339098f6451d3517f275de8b54e61381dd0711b69

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 58489bcc745a826671cc53dd4b87e2a3
SHA1 cc6e9caf12a1f644c86e827e055daa53e3b41447
SHA256 5287efd2f74a3666267fe3461b6f3fdee9b0d6f746b8457fb4fca3dd24ba96dc
SHA512 ce57d2089200c6828e58c326cab61cdd87a5373883d0cf6ffb3015cf4e4379e02295cee5a45d11b43e101dacad3d04e6a30fab79c8553ad2ae6628e634cfe04a

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 5166eb0012bea8421392d80c6b09bda5
SHA1 7953da808ba22e3f5464a1e61590e5ab8a7bc3e9
SHA256 5a88dfee6a43671e3111d159846998a5dd3c64a11837ee65cefa881c3b95c01b
SHA512 1427055499716607e5830ebe66f23864b2c177e5dd11f6c2a8439540cd1e2cf22a76bc2c6bd671faec9af6362232e4f4927a8a2a66bc3a741714879d4e833e84

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 5963b5415b2f55e404ec7c9ab58da1fb
SHA1 f5c8a685b40d990400e27280cf2eccd398e874b2
SHA256 8b8f0c5b4e77a31a321d9279ec95536639342accffe32cf0cb43f6844d18103b
SHA512 79173ca33fcc6a17bbb9b11d8e8d073752f3686ac42302ab9fbbf23a2ff298a1287bb83b4f01eae5df86f1205260502045e16bcd192d2921fdb300eb94d1bda8

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 349115c0a0631b47754c113d3e87afcb
SHA1 ff9c2974212592ab0c39c59524939bc4e0119c69
SHA256 72ca04698da3920c3aeae426355f42cbe3959e7aa0130d2932505c1b7a8975ce
SHA512 f26eb49ccad2f18b912154ab989ae22cfc45d6857c00bd6ecaf8797effa85498ac00e40cbb158d86593bdd85c63ef625bace4892b21fe1a44433048e3fa86353

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 0f351d22b2f4f00476204670d840d450
SHA1 a0de5477ca55db90f637925233e92965282cb7de
SHA256 f869c80419227df41c966ab91f33364b8ab75f1e7de9e1e6ebe307e381a843ee
SHA512 b24967b3cbead4c6941a3bc2ea06b31bb6d68f6c8bc28ead1419f78766f5bb0643158b3ae1cef41da67c168ee2c5303d03f865156147ab5da065eb698c6e045f

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 acc74d4278b568627b154441c8176176
SHA1 dc61fdb76ee68c46b16e4da1884d8775a6c3d1d3
SHA256 fe5da73b414b4a8c17eaa916ba95497703fe8fc6e1a134cfc3f9898737b2a966
SHA512 cfcf5d78e6f9a212c2dd7a8a7ae932bd110e73569e52e7ce4c81410515d45af070064c9f84cbe0f905c1534b7c889700dd10461ed90feeaa58b6fb3451c665ab

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 c478beed22f78d025fe1d6afdd50c0dd
SHA1 0993e14ba8ada822bb687ad1bb458ca28a9aca94
SHA256 64d7c4026c63ffb329b0a472d4eac2b2fe3497d827951a537ef99e1bb4a81e89
SHA512 b7427e081715ec2b87511efa7f59ab85683623b259c825451e3ea97901cdbaaeb1872fdf79fec55f6b6645220bf5a8034a8e0932952954a3e8b3eec9edf677fd

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 24dbdfcb1c33950ef4fc2c9af9153d17
SHA1 c7ba97510e9ab1cdb8f03b4933e711b2f4a2ac67
SHA256 4a6ff2eadfc423e3d6859731ce1db874089cc55b5d144bef76dccf13d28468f6
SHA512 99243e4aad138f5428b3580e0ee78f6cded1e914c7f9685840b7de37e6e873c572a29f85606e19ebd0669db5d2d7079832d65d1c522af1d036f75f296762e8b7

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 111cf36cabb27cf53dc8d6060761873f
SHA1 1d5f1dacb314e2712d51829cc0f1509088d2a032
SHA256 e55e3bd9afa1299ebec5cce2be9c50ad954815249e7409d05f89fb295e8abf96
SHA512 7a47bafcce7e95cbe275b50675c50305730b0fd1542b4bb1171b37efec9821d103e8408c50cc0931b040824661da8684c00a1605f72b01da159a15a9285f3e40

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 12794d8710a8e81910456d3de8b20f09
SHA1 84726f9b3619a933ff979645ab73803774bd6f75
SHA256 61cdaa9739b2d703b86605c1ee1c1a6520e2276172e6455c881a644647bfec6b
SHA512 05eeb6febb01a76a23ea840d6a8426a5d8cc3ac0ceaea6425747f12d9c0c357935e9f33c5c6cd560583f001141d38b44e7e754c7271c87153c5b198fbdae7cb5

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 48af6dcf613294dd4850a28032b0145b
SHA1 88a88301fa504390aa499a7246ad8d0d145ce722
SHA256 9ab1a0431270743bf184c0b8c93f72a233623b5d94bb273bccdd0633a3b7f9a3
SHA512 f4ada9bb99cb48dbc51827887cf0ebc8f04a4cb44cb9f06751ab9363a4d155332c7ab0325c3ae7872b13c3fdd05a0fc8d84cef0f0467750d4974a4e739376b57

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 e77a70a5f4fdabfa392eefb3ec3b5691
SHA1 2bcaa330b11c5784ca219b8ffa5db2a81d773923
SHA256 45e125cb12527a7b08b77f6888f540efac84a08ef81956516641f7015ff6a9ed
SHA512 ad510bc2f3d3f5d58405d67232f647233a153295c2fb945b55c5b567dc16868b10896a2622e8f676a4217b38e569ee40f15572b52fd640312f4685b6fde56898

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 2ce6f70f6c4800da1eda18a1a36580b8
SHA1 469650ba51d87864fb14b03ff0585088f96766ff
SHA256 338e6214f131f7601f25d9771e434a7f0561f031046634ba0368c194ea4f000a
SHA512 47974d49c89dea94bf239b66546ecae26d4a0448b037ac76e55be51139d28f982c3b01eeccc1ce15887c1e2472fad4c39f28830be68bbdf3e16936d58c2eafd1

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 c111fe00d9947beb515aeeb34bc87588
SHA1 adcd2559a79c8da765d68f80ed0ca0ee362209b8
SHA256 b994c236e0568d97544c63b31755f12b95c571dbadadc6b3cfbad4046d73a403
SHA512 1b54648dc7c684735a818dde77627c25d6c3c66e9ef9ae31cb8a242ff78e1c8c6b30eeaf5929898657c9b24b0d1e9706c5aa9883cd6b749882283a8becfc24f5

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 c354d6aa07a70f6b6f6df30f0f6ef79f
SHA1 d8705897f43a026f6fdb5823d4db5f4ca5f8ae4f
SHA256 7299a60ddfc389073655dc9f0c8585f6d10770e13e5016d6d846bdc2e4270e29
SHA512 61f35b5e2b926d1ebdb4e33739f6dd8a983dbf17d0e4fcf2a69d698c866840c8966ce76735a8c175360a2d0bbf15b8461ceaf21790592bfe3505ad952d31266d

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 fc4cc4acc356fd460290e450a5d8f1fd
SHA1 10b96317f5e7a879aca9bedb89d03282a4ec228c
SHA256 02dd600f89953e2994dd2c3edef54f13e4db2fc884fa4ad8f56a5101bff46ee4
SHA512 03980c414789cc12f4afb86d454bb8316222eaec730560977193153397f139a6d677be54d2c65ce65a6a32e9cac91f7e2c18285b7ff66ed9d8104e6228393eff

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 3d2fd8e590d5b016948706faebd00a31
SHA1 8a04663efa77e24c8c9be8a564dbc0d96fc613e2
SHA256 658d5e4d27f006ced3f60f188a600c5ffe54c23978081dd07968a89bd0bc278e
SHA512 e2e1681a2974acc79ad8cc08563d30c729ada64da5d5093d0526e992fd3fea8b1d54347cf1f9f4e3fd97b4a72c5e839784e4a11864429905e36bafc8d0bc75bf

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 1038e317f03b9470cc2fd73dc1937fff
SHA1 08da41c59fa8163d1af6ee21c63ccd4a0e115017
SHA256 e1fb754664a05b9b77f22920231d6e3c077deb1f624defe09381b9b3a17ba055
SHA512 8640fc55be8dd8666f5cf4165e47fc7a443496af983a564118ec2cc6829b337e99e07911c2e64637f893b85c83c5a5ac377fb882040e0955083d17e918f1363f

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 9dff2e879bd4fefa8c1cebd9249b7c9e
SHA1 67c11257ea716fec27008391616a01a17e7708fe
SHA256 5b4b433bd791e807c4253b0cba88639d5fd4f4fc60e731364bd0264d7913907a
SHA512 bb71498a8e005cfd87018b7ddcab84923c4be9b85d14652ad620eed7102d21c8d9904f775de4a18a7895b428a681bb4ab4245e275ac6f2e75cb6329e50d0536e

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 84d340f86b16988a76d5c36aadf2d0af
SHA1 a6bfeec197f6a911a13564d031be3700f904fe47
SHA256 69e7c70acf36508642b130d6a8de6382c3a91ec28234a91ed4e1da23b27cf5f2
SHA512 0fb1095713ecefbfbbf86d08cd32e55f5445f460bf0f991f6e27364addc856aaa09fd01b1bfcdc48d44a5131b530105d79c9cf236fcfa6b6122e9570d32ceae0

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 2d19fc6b65b49bf1ab3b883b3826859c
SHA1 414e4ac9b4e221e8d1ffeb16eb4a3cf8f239caa0
SHA256 7a54d54d415eaeb6133539157f5279caeb092e1d953c0a5757d9b0ee731909b6
SHA512 c6aaebfa9378d7fce9a42cd4a5f2f264df28108c491b497d178a682e03b98edc96298bb89d6236bb70fa0bb88abafe6a61ad872a4646eb9e02308ac48abe67f3

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 5bd6335fd03e0a3a0b9d3609bc4c9503
SHA1 6c9f608f6aefbb4c518a9456ccb07479c1001ec9
SHA256 54416ec04db78a8588237506a7193ffda8c87311973fed1c8b94bbbe0d80bd19
SHA512 ac3eb59a18bec0e1f27232f4f3e4381239ca743c5e9a6165d4457ea488715b14044add6bb4696e935bc6b0fa2133ca1abd6f73797b4bfc199909e42cbd11246d

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 3b8513a45206498cb4d854af1ca8e995
SHA1 9959ebc3dfed1c698f571123d5603964745168c4
SHA256 399b67cda28c854f74c1644ecb5e2aeea9b42d72dac2e2f96d3a23fd0c3144ca
SHA512 dcbfdfd56cb73fd1deafd8832819188d2d82f0ab1646599ee34f99fed28cd18b27702329a23c1308318ee3c54fde557f847ecf830f0c442a4a5630a68707aea8

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 41b0ce969b8c06c7e65704c7cda5e7cc
SHA1 eb6e45ee6984ff9e709d0df616c95840eadf7964
SHA256 e201ccb2a596b983482e979e9a4b41800d79a0a3e52475ba19fae868fcf4b87c
SHA512 75ee4c497bb15a5ca95298e845248ba220dedd90e15c1355266ecd7abfe1e9c93fb2b21ea0964537f1f5ca89072fc08771eb76f4694097518bd9616d6818a28e

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 37f877b56685931b201264f5852d03ce
SHA1 a313d5ffc64238716dcf21604c3abc06f03e3cbb
SHA256 c38464e63a5dd63d3df3fed5cf6e516057efffd828c7ed74896a5d495505743e
SHA512 0b5356629aef78da147fbc2b37e55e026842bc7a2723dc0d1c207234ca12f1612d5ef8086e3a4cc2871c859eab55b952cb3efd3566cad159f70992b1792f6ee2

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 c02a0c293c0c99ee75a91a08c93d6d05
SHA1 f0709a62e80cf1adeec7ef4095929abf0fc21398
SHA256 f943432e0652d73a9450686c73dd5b3c8596060f17f538d72d160c7a27ae752f
SHA512 9cefd60d6c70ebfd1128492a7d5bf124da9df9745efe172a7d795d98cbb3e64486fdf99e0f179bc94ce8ad5c06adc6113e71d262390f7d11d45fac05dbe5214d

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 078102b63fe4dba7de6ec96a499e0a8f
SHA1 a3bd1787ce86f1d5fe99a6fe4a2f4f8bcde034c5
SHA256 cd8216a77f0d132eb39338dcf6d25c0d17e3ce66fa3ea39334cfef7b1c961167
SHA512 07e710e23ddf60346645e7432a2b6a2959d2e511f68ad5f53da057ed34be9375bb904ab5fd73e564434090b2839970e8c00e9e4268308f7dd050447afac0f9eb

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 0d305660ca056093fcfc06c2074df0cc
SHA1 37c24e1e0895306d25e40ba9ade4580ace9606c5
SHA256 8f340b8346f98803b3561daae8d976e46b93c403af3d97614250dd046e27c8b5
SHA512 a08b83cad5401c7fb3659361850d9dd0e0a5d9fafcc9423129b444e7229824ba0fc6023018e080838f125935be5602de2335cefe37961fe4cda0f410decd51fb

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 0655d69fdd9bbdf2089ad9250dd25761
SHA1 2d6632862a2561d73fc84df8236a2673baf7dd48
SHA256 3ea9cb447e5704485094d2e5c7cb2c8869d1c495a1ff7e8a495abba81147e239
SHA512 9ebeec3cde37170ce404e83d0f37a9dbe29cb36ca0810c3c4ebd5dadfb3e6cd9a91c2f50446d9e12a9f5bbb924cfd0a8410381f4ec2a82a0fd89a0a36446b391

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 da6c8aec90c882d36137d27ef6a7f352
SHA1 d788e804c3d714dd7bc5868a1dd06c447f223da6
SHA256 abb6b7bfea412812299ed8d6f589890ebdb90d0a404afbb2b4d059f7eb9fdb48
SHA512 a4e0848cb0f8a336605147365523e856eb75900ae50d77a1f4466446e2c63dee4cd26a3d1053a4d3330281221e14f045d0d85826a1e65bedcadebc010ba96a7a

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 415e416bd1fee9bff408ecba89b3855a
SHA1 d89ffa6dea3fde8510e9c243ee6501825065194b
SHA256 14c1efce65569aaaf63d84d826911871d1bb3c6ec29a4f64c37db6cbd35f7014
SHA512 e64592d0ab5509455dc1384b49ff9ae9c76c36d6f8d61cafd700532efbb298c35dd8deeaecadf9610d073857f5f40ba36011b42927b696587425f7adcd076726

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 6990b4ca5effdeebcac4867a8aad20d9
SHA1 3d139b01481e0317f14ab383b0ece5c490a471d1
SHA256 ed6f4c2889977b8f6e4e5053d8510faba4c90ef0a4a3310170254a9454ec1cf4
SHA512 8a6bba2d741db13eaa5eb8e3cd5226eb1087e31d87e98c4ddd4f8f12ae6119aac450ac1b7a73891a14ed1265583e28b83843dc45f7a5fff8b041fda3467d7e71

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 563d882f42b3bd85ed6380b06daf1d94
SHA1 e635ceb867e5132966a605e16e1f025418ccacfd
SHA256 1d98d15518e7af9a2706168d4a30c44a24d850df6093e5ec5018f59ede6c007a
SHA512 04ae61f8409b15dc26f3fc33103c32eb36e535ec8d3eedb012dda2483537e418c56e0c86c91e22b9f046d6e6574fd1ef9943d3b8216760af7d03d70d814fef18

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 78f3abc445ed2aa47c55039f24068853
SHA1 01b79fe62bb31bd63929b2eb38dad36efe8f11f3
SHA256 5bd5a0fece52ad551c27f6a19ed5502d15c5218c5c39a3ba0b35ffdc1c9fe73a
SHA512 6d2d85d5f8a7966b0262ca34cd352485ec4c0d3d0f39871798c5279faab3182f5a37f440f8dbcebed40c6fcf98d59afbfcc4f5010c5c249228a1232fc4e2cec0

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 3eef55a020f1f9680c3b965fcc651d80
SHA1 f03dd7982c4a8191bb52c2d6c8dec9f09b6826af
SHA256 44686373931c7346d9578ae78f5f276aafbfd5295e7f7370cb0971f0b2735d8e
SHA512 683014387a88f862e355b726727fab0ed8958e30c4290109ef287eeaf3b6355f7f5b07b8e883e83a0a9440d191ca3dd0709d23a711daf5f8a116b9977f5b984e

memory/3240-729-0x000000003D300000-0x000000003D708000-memory.dmp

C:\Program Files\Java\jre-1.8\lib\deploy\splash.gif.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 1f3109ce0853d7c54ea2ff8a02a322b5
SHA1 6b8ede6e89d3fac54d116a6eee117208cc800a2c
SHA256 697887c36f6d7da45d7503c9154fdfb89e98f48e01c7d90f4846fe35d655bffb
SHA512 505d77bbb762dcc2878ae3e2703279d25587e116fd5cdc721d82d47728a620a97d7b8b8630ed5752ef8c92ed4f96f1f72697b48992d0e4f218df67dc28dcd17c

C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_LinkNoDrop32x32.gif

MD5 5313976a24a2bd17790eafbff7adda3e
SHA1 05342a32553aa968d37740c03b3b5b130ed29493
SHA256 dc3396cd46d412236b0c78abb92de62a82283a92354f41ebddedceda4b7e3826
SHA512 96f15de53dfe1d875dddeff912bda0aabdc69247ef96e66119c46959aa953e9f2bc5fb8da62e75a67f6bc624c70a375a37f03f00d29ffac62c6a9c959470d218

C:\Program Files\Java\jre-1.8\lib\jvm.hprof.txt

MD5 633f4f67a6e04be52a34aefadfabf4fe
SHA1 6474982634e781300f223ee30d14b687094d81da
SHA256 1a28b44cf3052d8e1647e6083abe9e977edada946a66d849da5a2ac7fd369d89
SHA512 2275d504ff70b7c31f3335792f00257de85f99abeb5b352c6aeb1c188a26eabd866674e1b4cc5ce9c36594c8f0a5bb2f265a39f042eb8b7addaf1937fe6b78d4

C:\Program Files\Java\jre-1.8\lib\psfont.properties.ja

MD5 99443d5addcf1e101276fca2a354d3a5
SHA1 fbd67feab600adf2569e315565b66d373aef6f13
SHA256 5fb318311f36c88cc21186f05075d738d3960688ef462720ac6c1c301b23c3e8
SHA512 1fd3c950a5d7655e258e79e2d4f5b76e02facd08d7ca1c78566bea5392a552afc8248a674dccc1c94919d49a4801c318a170ed6997f70f97372779d0123371c5

C:\Program Files\Java\jre-1.8\lib\tzdb.dat

MD5 b7bda908d5d6ee40910445817c8e14e2
SHA1 9e3eb0fdf389b6d2c8ba541481fabc9d8097555e
SHA256 b050798eb5fa8e46bb8fb5a5ec4adb4472098d14f02b655a96362d1fbc4f761f
SHA512 b61756592e1046819b5cf52902da5903fde722ef334cba7341cb709d3f3fcb683b5ca0e78c5f2764b34b23ce47c155ea9e1221e11f18dbaa12ea41055e8aede1

C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_CopyNoDrop32x32.gif

MD5 0ef6b648ebb067407e43b4b48d368f00
SHA1 32223e41a2e236807712be25d6c0e9697cef9de5
SHA256 4d6ab9769f14fe59de8edd386aa9deb0fc7d7ff0660838550980abe3e4c0171a
SHA512 3562c481f35bd663a5e4fc9ac101622945040fa1c2a14cd9ea1b537ff01e64899768d53d3878b62140842edd1df69f6405d3096170d446e5e7a0c558a87e98a1

C:\Program Files\Java\jre-1.8\lib\security\blacklist

MD5 e719692302effb8fffdfa7bf66d031d2
SHA1 a5c0715cd60d62d8268ca1e8e564d8f6f3f07bda
SHA256 b1254641f6ae309fa80d3a669c2096fd029fabe0b6b2f67e922dfd2c53d71211
SHA512 1f56d9f548697497e258910d9198bdb28c7de1cec2ee74b5621ef284e34ea5c63c1905cc171a6d41f61f98a0a033fe634590075ffcda921b1b0bc3e383f13c14

C:\Program Files\Java\jre-1.8\lib\security\policy\limited\US_export_policy.jar

MD5 b43f05dc5e47dcb756642f1dc464a734
SHA1 b8cd3bf18a45dd5f03e8028361a4cbf14c7e7bc4
SHA256 d22a1fce739ed88efa89d595015fdc854565d0aff9f99151744cbbb069211274
SHA512 f8c10f25f9f6c7b400530afb086ca5678a0972a1a11412073205509eeb85f41099645d3f55634bb007ef7acf62c826ae23cc171ee19022c1d6f4ada3b439cf16

C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

MD5 37e60f2cb33d8b6e1bda215f843d0f70
SHA1 8e623434d134105ecc3ffcdbc84e11d21e187bd6
SHA256 0e84f9904c533698490ff6ec6eaacb08800850f13a6c2e2d10c0211384995fdc
SHA512 75086d024e6cfdc63ddc238e08cfb2e33c9392fd44707c5ae258f5c296cd5ad2aa14c24bedfec9e4cbbbc0530c8a5e5f853eeecbf1504aba51d41fa7886db549

C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_CopyNoDrop32x32.gif

MD5 6736cd7b382353a7ce72d48a95328bb4
SHA1 637726dee33d2ea5c889c28c8d017987a3d44b80
SHA256 d0fc8e6f7f5ac780243f45ff2059aa61d9e916471392be34871f1a7ef19ba241
SHA512 84668d6879a47f75f689812512828b0e5345952b60f2c4a4bdea729e7f5a912efbd2a0eea8785e34891cc15cd5c92b5c9a72139f0ad760f1cf8fb26701a642f2

C:\Program Files\Microsoft Office\root\Office16\1033\WacLangPack2019Eula.txt

MD5 7ff01a6e26305e05b2af6234207a7915
SHA1 399c77b46c567aeeba62218ecba72a814a1d16dc
SHA256 ea2561ff020a79572f9e5f58cca30c3b6c00290ccd67011265438adc681a7a4e
SHA512 e484b8f0a3bffa74ee574a2f44128b416ab126c80d8b7578e58881676e6fae7e564b1d1af30f66862531cb2eeb6cb92dd4e4e45b2c69c53464dad1e362e3a831

C:\Program Files\Java\jre-1.8\lib\security\policy\limited\US_export_policy.jar

MD5 14ad608b359ab8d70f9d143f61f67cf9
SHA1 21d2742d41bffb9b884a8f48379509e7798c00e6
SHA256 e52d4e234b0fcdc4a85eba54e6271a3900ab2b74b9abaa5000146888a20caa48
SHA512 a3bfe0d7f39ed315e1fbd9a77b85b24d59e3d9164854e25dbb7b5e8a5c5aa621f93119dd5f371ade1ef2b0ccaa0dd2d0ba0255b8799023e6fa42f5eaf19b3424

C:\Program Files\Microsoft Office\PackageManifests\AppXManifestLoc.16.en-us.xml

MD5 3ed0014fab780f2dda7030caa0445cb1
SHA1 69a08525a5c4b22351a40219629f165d4266ff57
SHA256 0f4c1082141c555cb195276770d2d9fcbe928b96161d7ac6f7e841da75d77e67
SHA512 bf3dc437983d8fe91728e6e749882df58fbc6fc1090c05b12c7fc867628e6437ad0576f0d6a589d6c8de4c621937200bfdea0ebb74cacf16e1026fadcf085e52

C:\Program Files\Microsoft Office\root\loc\AppXManifestLoc.16.en-us.xml

MD5 bbcfcddeaf4cf5f27fa52fd7581010ec
SHA1 2f86655ccdbaae6b8d624e4ca5cb5f435b42b53b
SHA256 b14f763b046cd1fb82240a4dbeada65dbdd9c0eecc58623354fb0517025ccbdc
SHA512 72a96ee1091dca4c4623d1028e0a85d3c85f897d5767c7bcdf0b51b0bb4fd38a0f16a5fba70de49955ef07e779173eb4e01f82ac18eec7e8552b3378deb1521f

C:\Program Files\Microsoft Office\root\Office16\1033\ClientARMRefer2019_eula.txt

MD5 4e332f1c9064b4902cef7d4abedbd83e
SHA1 6bb71035fe38c8a75f16add715e20301e3c466b2
SHA256 454d89c09ecd03a6281135b315c9bd0885f7c380fd318543b17562df6ef4604f
SHA512 e42fc894bd2ac6b15370c0bb128a7b3380fa88033d7b050b074808c412c794d8560e9225ea944222ef13c20eace34ff551f87fb8062911fd700a47fc204f5ea6

C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\graph.ico.ا̘͜ل̬͓͖̘̜̀ͅف̹̙̖͈̣̀و̠͕͖̀ا̛̲ل̸̘̺ف̶̹و͚̖̗̙̝ض̨͇̮͓̠̠ͅى̹̗̯͡ض̢ى̳̬-aj219sj1Uain

MD5 c0422e3f8464cdeaabbd86d847de4c50
SHA1 f74246309f6b64a298658b9e7c29e12e0ac79983
SHA256 c10dfc60580d3474f7f32605e22753e6baa56ecfa708583910ecf1e0d5fb4696
SHA512 5a1fd2c5fe4504045fb9652389170396e0bf4b5734b8cb8b31a88a67ad830ae0de33c1b5997f2a5533f2a34fb1ec436299dbd37b2f633bbd2ee93e7b983faee3

C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\graph.ico

MD5 51b7b29c0c1cbc5cd998b2a6121c0e64
SHA1 d1275f00d8211f1098c3d78271fed256a5ba15dc
SHA256 502ed549c6ff8a5c9559b6e4cfbc77d38f6552d501aa29bec1f39d7f29a07079
SHA512 9fc4961b4f18b7c1b723c94f06a5174a16f284a005a198089902ee523b449e3e369138eaf8a4d64c8308a855313faa4109bfbe5ac7beafcf59e8f9dc25e86cb0

C:\Program Files\VideoLAN\VLC\locale\am_ET\LC_MESSAGES\vlc.mo

MD5 336cd0a3b21bafebfcd26f00609e8152
SHA1 e65604e96f080ccce9c06fba33403a1ad1449672
SHA256 da70ca6b6c5ed300d80db02848695eaaf6ea0bb1fe240c0f06787f16947adc37
SHA512 976cc4cc92b75b64434b0a0cfeae573a875392f29f5f26a3f2984e0eab9b9c336518dc9a277f724cf16fc1711e4887ce1d22d224c19a526516f33cc9a3f219a6

C:\Program Files\VideoLAN\VLC\locale\cs\LC_MESSAGES\vlc.mo

MD5 f688211b95008996de4d3eff2335770c
SHA1 76d11258f5f0bbd18804b60a944dd26a04bacfba
SHA256 29c0cb0a157f9acf3c56284d5319e92a93165cceb53484f1a1fab5ea46dec9a8
SHA512 a523e8505c1510dc6df85dcf43f31bbdd55be19f62fab236ef5aef7efb7a63063650db5acf8170685febda9d10b0866abe2460d8aa27b4942d55a202519f3e5c

C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\vlc.mo

MD5 79746e9db60e76d5a08d8ddac63a82b9
SHA1 e26aa8e8315b1e61c23c0e9f7dd1c119b4b38d09
SHA256 17eba45271ba4c2f947da22bf0b1be373b3add1cb006219ef5b9983877d4c362
SHA512 f364a3a0e3c0d8ce490740c9034816723533b6a06e25d75a069648730572dcf19734d2883aaf22322e871093eec1e652e4d49fdba2e307f8c69ab8550dda98ba

C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\vlc.mo

MD5 63d0b8b17da63d860365d58d1c0311ac
SHA1 a10caee122b9cccdca5bdb75fce6434f10a4e7b8
SHA256 07fcd11158e75513f5dec7753941284b9f294e6fc052f72e6d34d77f497925eb
SHA512 e166e8aeac5b0b4363b355f41c08ae9ed74e565ba1c2a0f5105bbab703baaebdaeb49acb7d3dca7a411672da6fe1f3500d5ce13b5cfe3c4bb08becd2a7040122

C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\vlc.mo

MD5 c2849eeb938b82c83711585a359c61a5
SHA1 3bf08c3d0cb21f72e22db9b316cadbe38caddf42
SHA256 8e88030cf7a75fe87bcf5f4e38a4cfd27c811855ec063e848384bcf3502094c0
SHA512 5bea08122c7f45848fb7cfe72f7f3768ae5e6b83d9174a3f3fd91032d1aacf855c348c085ea5baa60586d1fb32956eb6b31226fd401b648d5d7d308b2fc51638

C:\Program Files\VideoLAN\VLC\locale\ko\LC_MESSAGES\vlc.mo

MD5 1c2948096249e2d89afd5605b3bb7512
SHA1 d1bc542f7047ae73223b9b5c09787756169afef6
SHA256 e046fc341eb9039f44e68186f3e460c22b2c631090e012d13eb05802345866e3
SHA512 7cda9bcfc854e74c922ef4336b0253ad5a97490bc497bce896dcff8ff0a224eaccf2fc1d56c612ba32f7fa8ab021295947a9ec8134184f0a5c5e6616f7002227

C:\Program Files\VideoLAN\VLC\locale\mai\LC_MESSAGES\vlc.mo

MD5 fa1c21174f87ead0e8775c56fd6583d8
SHA1 1e1566e390c80c07705908f271812015445219b3
SHA256 8038b28a594180b0506809144662f4524e4df22eb1670c1b2efc3a76f1d0b797
SHA512 b106c5d4ea7365ab47d9501ada9b843c0897b95ee0cba57d8294adafccdf5a72dc834eede322d2cf3fdc1e430299116ca4d7ac36dcee57500c8661b4c3de9539

C:\Program Files\VideoLAN\VLC\locale\lv\LC_MESSAGES\vlc.mo

MD5 2e1577e493f9c63cd221b27a4ebf56b7
SHA1 076a357c3b2e33aab77fdade919833a2c1c7a198
SHA256 efdfb7a90b449cb53fde7f49689b3ea898056984c427781490a4d0c4442ef8e5
SHA512 9dd9dfc22061f9652dc59f9e00966e433c12ca1c7b4ed578f9401d2104dae28def1934612faa3255f1b7df16851a47f1bd06456302a402c98646d6b3f56e1caa

C:\Program Files\VideoLAN\VLC\locale\pl\LC_MESSAGES\vlc.mo

MD5 4e163e75755980e4f105291f3d961d82
SHA1 2dcf1b0c1cfba6e5567194ae74734f1b6dfb62b8
SHA256 40aa5e2af19c8a7b6fdbc08f5855297c8b7c6fd54512b7719b35cd616d21f9eb
SHA512 bfc6e2f61552f58e5b816f960188eeeafd234d2523fd642084c0a0794a7eab90057238ba20d9950656e21f57da9bbade91f0319279b673a743be3966cbc4fe09

C:\Program Files\VideoLAN\VLC\locale\tr\LC_MESSAGES\vlc.mo

MD5 61cf0e2e876f8e8d40812f92777037d6
SHA1 8469a477f0200f5c8a37a6717696350d767a97b0
SHA256 35d346a93041806d98e562822b27bab6bcbf5f0e9e8539bf6a5350316a7ba4cf
SHA512 4bb0fd0bc7f233dea9ff71d0a3a54c7f9e8c67851d5b8a8b92a4b620ba3df825b0343b8b201510decd01d2a86faa413f82956b0facdfa449a54dbf83db390515

C:\Program Files\VideoLAN\VLC\locale\uz\LC_MESSAGES\vlc.mo

MD5 8572b0bf6c3b2404b6ff8445d622dd12
SHA1 5663d906a3a6ebe2d7ace7614defd1a371d31620
SHA256 17706f4cb608ec10299888888751d5a2cad9d96b60e3549877398e3f4ca3a63f
SHA512 1ab75c0a8ff5e7e01985cf2a653dae0859093527ad5e5f8c4907e2e99caa46bb20db63cdba793e7852ca829d8c74b6649d04e375e53ed2dd1f39ac18a738f70f

memory/3240-7402-0x000000001D300000-0x000000001D488000-memory.dmp

memory/3240-7471-0x000000001AB20000-0x000000001AB2A000-memory.dmp

C:\Users\Admin\AppData\Local\5a1b4c9541ff31fe4f5386bd86fe2357\Admin@TMUACBLB_en-US\System\Process.txt

MD5 60cb4fc471cf42efd7ff85adcab8e18b
SHA1 48f142f579cb2fbf8533812803f2b6a073bee12a
SHA256 d20f03eb4a86bdb140a2bfd2d8f272adbf927792fd9cd9089b0fcb019a5ed4ba
SHA512 1df8d05c5cda2da04b19cd630fc152d4c5e385529573c71efd4d516306293b1e6833acd48c46edc33538c46baba83411e58af0202373115fb050dcb9bbd6cc4e

C:\Users\Admin\AppData\Local\5a1b4c9541ff31fe4f5386bd86fe2357\Admin@TMUACBLB_en-US\System\Process.txt

MD5 cbf3102a1687ee07cbbbb21733ddd04c
SHA1 23df7a134b98afdcbc28539e0c5e538d2772bdb1
SHA256 bfd0cd2ddf6edb1f0f04ac8283424d9819502a9493ffb32bec71c1d2433bafbf
SHA512 9b4534e05e62e0c4570623c4c5609069a717e0cde0a15327ce30af2e5eb658e4161e0957589b83ec0f1738eba786a2881a2254aecc836a485b0f675eb3b17fed

C:\Users\Admin\AppData\Local\5a1b4c9541ff31fe4f5386bd86fe2357\Admin@TMUACBLB_en-US\System\Process.txt

MD5 1c104da7bb49dd7aab313325e94cf28f
SHA1 8b48ecd1ee0d39a4887d9c59d8c7fc3ca740071d
SHA256 56240a1841842c3122d758efaa16ab068cad8d3dea601472f5be15a023e4b2be
SHA512 4df668302a74be8442fe71ebe04accf05d49753d7c150fd435c33dacdf431922937394cf8c4711b8c3551058786bae4210566db8cf9521d8157e06a0f10827de

C:\Users\Admin\AppData\Local\5a1b4c9541ff31fe4f5386bd86fe2357\Admin@TMUACBLB_en-US\System\Process.txt

MD5 d9d5736febc06c05d03eb6486713660a
SHA1 e721ed5f4fbb3fc35a7cb2e6a73619935a91b308
SHA256 b2200531c52ff16706b1186138bd35d3b2bc5450366b30eb7e6d691200e3af18
SHA512 1831de0461549a64ac28b595b70fe2b54720b39c574af7f172c5c63d9da22d315bbc27df2cacc70bc6c60f33b1eef3485cc08d89d958c177154685bbd9a7d6e1

memory/3240-7879-0x00007FF96FDE0000-0x00007FF9708A1000-memory.dmp

memory/3240-7880-0x00007FF96FDE0000-0x00007FF9708A1000-memory.dmp

memory/3240-7893-0x0000000000D90000-0x0000000000E0A000-memory.dmp

C:\Users\Admin\AppData\Local\5a1b4c9541ff31fe4f5386bd86fe2357\Admin@TMUACBLB_en-US\Browsers\Mozilla\Firefox\Bookmarks.txt

MD5 2e9d094dda5cdc3ce6519f75943a4ff4
SHA1 5d989b4ac8b699781681fe75ed9ef98191a5096c
SHA256 c84c98bbf5e0ef9c8d0708b5d60c5bb656b7d6be5135d7f7a8d25557e08cf142
SHA512 d1f7eed00959e902bdb2125b91721460d3ff99f3bdfc1f2a343d4f58e8d4e5e5a06c0c6cdc0379211c94510f7c00d7a8b34fa7d0ca0c3d54cbbe878f1e9812b7

memory/3240-7928-0x00007FF96FDE0000-0x00007FF9708A1000-memory.dmp

memory/3240-7929-0x00007FF96FDE0000-0x00007FF9708A1000-memory.dmp