buran | 9c49b8cd781dbb67a14859e7024f137537780a599beb1ce710e6880c8221aa0f

Analysis

max time kernel
171s
max time network
166s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
18-07-2024 17:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
Size

214KB
MD5

2f1ecf99dd8a2648dd013c5fe6ecb6f5
SHA1

121c377693b96eef8e84861f091ef47e6fb6cae5
SHA256

442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024
SHA512

793eb6a3f3d0323b0749a35e372c9fcde15a912f32d74fc5fa0fc104c32d8348f431347fefd1c34e3d51d9b20432f8e66b9ae3b9523b4b4b21e76b6fd2ae8219
SSDEEP

6144:eyJE1brNNDw7AE9kgH16LGv2J4DQFu/U3buRKlemZ9DnGAeDMK3ITyw+c:eUqNNDwpRV6LqM4DQFu/U3buRKlemZ9W

Score

10^/10

buran zeppelin defense_evasion execution impact ransomware

Malware Config

Extracted

Path

C:\Program Files\Crashpad\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT

Family

buran

Ransom Note

!!! ALL YOUR FILES ARE ENCRYPTED !!! All your files, documents, photos, databases and other important files are encrypted. You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files. To be sure we have the decryptor and it works you can send an email: [email protected] and decrypt one file for free. But this file should be of not valuable! Do you really want to restore your files? Write to email: [email protected] Reserved email: [email protected] Your personal ID: 147-752-85E Attention! * Do not rename encrypted files. * Do not try to decrypt your data using third party software, it may cause permanent data loss. * Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

Emails

[email protected]

Signatures

Buran
Ransomware-as-a-service based on the VegaLocker family first identified in 2019.
ransomware buran

Detects Zeppelin payload 10 IoCs

resource	yara_rule
behavioral1/memory/3908-47-0x00000000007A0000-0x00000000008E1000-memory.dmp	family_zeppelin
behavioral1/memory/1076-54-0x00000000007A0000-0x00000000008E1000-memory.dmp	family_zeppelin
behavioral1/memory/3908-812-0x00000000007A0000-0x00000000008E1000-memory.dmp	family_zeppelin
behavioral1/memory/4972-5198-0x00000000007A0000-0x00000000008E1000-memory.dmp	family_zeppelin
behavioral1/memory/4972-9723-0x00000000007A0000-0x00000000008E1000-memory.dmp	family_zeppelin
behavioral1/memory/4972-13573-0x00000000007A0000-0x00000000008E1000-memory.dmp	family_zeppelin
behavioral1/memory/4972-16379-0x00000000007A0000-0x00000000008E1000-memory.dmp	family_zeppelin
behavioral1/memory/4972-21443-0x00000000007A0000-0x00000000008E1000-memory.dmp	family_zeppelin
behavioral1/memory/4972-25913-0x00000000007A0000-0x00000000008E1000-memory.dmp	family_zeppelin
behavioral1/memory/3908-25943-0x00000000007A0000-0x00000000008E1000-memory.dmp	family_zeppelin

Zeppelin Ransomware
Ransomware-as-a-service (RaaS) written in Delphi and first seen in 2019.
ransomware zeppelin
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware defense_evasion impact execution

File Deletion
T1070.004

Inhibit System Recovery
T1490

Windows Management Instrumentation
T1047
Renames multiple (6050) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Deletes itself 1 IoCs

pid	Process
1884	notepad.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\I:	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened (read-only)	\??\H:	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened (read-only)	\??\A:	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened (read-only)	\??\X:	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened (read-only)	\??\Q:	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened (read-only)	\??\N:	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened (read-only)	\??\L:	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened (read-only)	\??\W:	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened (read-only)	\??\V:	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened (read-only)	\??\M:	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened (read-only)	\??\G:	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened (read-only)	\??\E:	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened (read-only)	\??\B:	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened (read-only)	\??\Y:	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened (read-only)	\??\U:	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened (read-only)	\??\T:	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened (read-only)	\??\P:	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened (read-only)	\??\K:	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened (read-only)	\??\J:	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened (read-only)	\??\Z:	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened (read-only)	\??\S:	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened (read-only)	\??\R:	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened (read-only)	\??\O:	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
37	iplogger.org
39	iplogger.org

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
1	geoiptool.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_x64__8wekyb3d8bbwe\resources.pri	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-72_altform-unplated.png	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\fr-ma\ui-strings.js.147-752-85E	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\da-dk\PlayStore_icon.svg	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Templates\1033\ContemporaryPhotoAlbum.potx.147-752-85E	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxManifest.xml	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionSmallTile.scale-400.png	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxBlockMap.xml	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-200_8wekyb3d8bbwe\AppxBlockMap.xml	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-24.png	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\te-IN\View3d\3DViewerProductDescription-universal.xml	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-black\LargeTile.scale-100_contrast-black.png	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\ko-kr\ui-strings.js.147-752-85E	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\checkmark.png	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial3-ppd.xrm-ms.147-752-85E	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-96_altform-unplated.png	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\fr-fr\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ro-ro\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\uk-ua\ui-strings.js.147-752-85E	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\hr-hr\ui-strings.js	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.147-752-85E	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_COL.HXT	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MedTile.scale-100_contrast-white.png	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsAppList.scale-200.png	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\ca-es\ui-strings.js.147-752-85E	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\sl-si\ui-strings.js	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\css\main-selector.css.147-752-85E	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\illustrations.png.147-752-85E	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-pl.xrm-ms	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\trdtv2r41.xsl.147-752-85E	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\stopwords.ENU	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\plugin.js	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\OutlookMailBadge.scale-150.png	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_newfolder_18.svg.147-752-85E	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\deploy\messages_sv.properties.147-752-85E	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MSIPC\zh-TW\msipc.dll.mui.147-752-85E	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\js\common.js.147-752-85E	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\playlist\jamendo.luac.147-752-85E	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\ExploreButtonGradientLight.png	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\ReadOutLoud.api	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_folder-default_32.svg	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\es-es\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\fontconfig.bfc	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\view.html.147-752-85E	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\9.jpg	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteWideTile.scale-100.png	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\snapshot_blob.bin	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\illustrations_retina.png	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.147-752-85E	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\core_icons_retina.png	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-256_altform-fullcolor.png	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsymt.ttf	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\EmptyShare.scale-150.png	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-96_altform-lightunplated.png	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\he-il\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\sk-sk\ui-strings.js.147-752-85E	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\fi-fi\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightDemiBold.ttf	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-140.png	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\StoreLogo.scale-400_contrast-black.png	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl\Assets\OfflinePages\Scripts\Me\MeControl\offline\offlineUtilities.js	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\AppCS\Assets\FirstTimeUse.png	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-48_altform-lightunplated.png	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4940	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	920	taskmgr.exe
Token: SeSystemProfilePrivilege	920	taskmgr.exe
Token: SeCreateGlobalPrivilege	920	taskmgr.exe
Token: SeDebugPrivilege	4940	taskmgr.exe
Token: SeSystemProfilePrivilege	4940	taskmgr.exe
Token: SeCreateGlobalPrivilege	4940	taskmgr.exe
Token: 33	920	taskmgr.exe
Token: SeIncBasePriorityPrivilege	920	taskmgr.exe
Token: SeIncreaseQuotaPrivilege	832	WMIC.exe
Token: SeSecurityPrivilege	832	WMIC.exe
Token: SeTakeOwnershipPrivilege	832	WMIC.exe
Token: SeLoadDriverPrivilege	832	WMIC.exe
Token: SeSystemProfilePrivilege	832	WMIC.exe
Token: SeSystemtimePrivilege	832	WMIC.exe
Token: SeProfSingleProcessPrivilege	832	WMIC.exe
Token: SeIncBasePriorityPrivilege	832	WMIC.exe
Token: SeCreatePagefilePrivilege	832	WMIC.exe
Token: SeBackupPrivilege	832	WMIC.exe
Token: SeRestorePrivilege	832	WMIC.exe
Token: SeShutdownPrivilege	832	WMIC.exe
Token: SeDebugPrivilege	832	WMIC.exe
Token: SeSystemEnvironmentPrivilege	832	WMIC.exe
Token: SeRemoteShutdownPrivilege	832	WMIC.exe
Token: SeUndockPrivilege	832	WMIC.exe
Token: SeManageVolumePrivilege	832	WMIC.exe
Token: 33	832	WMIC.exe
Token: 34	832	WMIC.exe
Token: 35	832	WMIC.exe
Token: 36	832	WMIC.exe
Token: SeIncreaseQuotaPrivilege	5036	WMIC.exe
Token: SeSecurityPrivilege	5036	WMIC.exe
Token: SeTakeOwnershipPrivilege	5036	WMIC.exe
Token: SeLoadDriverPrivilege	5036	WMIC.exe
Token: SeSystemProfilePrivilege	5036	WMIC.exe
Token: SeSystemtimePrivilege	5036	WMIC.exe
Token: SeProfSingleProcessPrivilege	5036	WMIC.exe
Token: SeIncBasePriorityPrivilege	5036	WMIC.exe
Token: SeCreatePagefilePrivilege	5036	WMIC.exe
Token: SeBackupPrivilege	5036	WMIC.exe
Token: SeRestorePrivilege	5036	WMIC.exe
Token: SeShutdownPrivilege	5036	WMIC.exe
Token: SeDebugPrivilege	5036	WMIC.exe
Token: SeSystemEnvironmentPrivilege	5036	WMIC.exe
Token: SeRemoteShutdownPrivilege	5036	WMIC.exe
Token: SeUndockPrivilege	5036	WMIC.exe
Token: SeManageVolumePrivilege	5036	WMIC.exe
Token: 33	5036	WMIC.exe
Token: 34	5036	WMIC.exe
Token: 35	5036	WMIC.exe
Token: 36	5036	WMIC.exe
Token: SeIncreaseQuotaPrivilege	832	WMIC.exe
Token: SeSecurityPrivilege	832	WMIC.exe
Token: SeTakeOwnershipPrivilege	832	WMIC.exe
Token: SeLoadDriverPrivilege	832	WMIC.exe
Token: SeSystemProfilePrivilege	832	WMIC.exe
Token: SeSystemtimePrivilege	832	WMIC.exe
Token: SeProfSingleProcessPrivilege	832	WMIC.exe
Token: SeIncBasePriorityPrivilege	832	WMIC.exe
Token: SeCreatePagefilePrivilege	832	WMIC.exe
Token: SeBackupPrivilege	832	WMIC.exe
Token: SeRestorePrivilege	832	WMIC.exe
Token: SeShutdownPrivilege	832	WMIC.exe
Token: SeDebugPrivilege	832	WMIC.exe
Token: SeSystemEnvironmentPrivilege	832	WMIC.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
4940	taskmgr.exe
920	taskmgr.exe
4940	taskmgr.exe
920	taskmgr.exe
4940	taskmgr.exe
920	taskmgr.exe
4940	taskmgr.exe
920	taskmgr.exe
4940	taskmgr.exe
920	taskmgr.exe
4940	taskmgr.exe
920	taskmgr.exe
4940	taskmgr.exe
920	taskmgr.exe
4940	taskmgr.exe
920	taskmgr.exe
4940	taskmgr.exe
920	taskmgr.exe
4940	taskmgr.exe
920	taskmgr.exe
4940	taskmgr.exe
920	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
920	taskmgr.exe
4940	taskmgr.exe
920	taskmgr.exe
4940	taskmgr.exe
920	taskmgr.exe
4940	taskmgr.exe
920	taskmgr.exe
4940	taskmgr.exe
920	taskmgr.exe
4940	taskmgr.exe
920	taskmgr.exe
4940	taskmgr.exe
920	taskmgr.exe
4940	taskmgr.exe
920	taskmgr.exe
4940	taskmgr.exe
920	taskmgr.exe
4940	taskmgr.exe
920	taskmgr.exe
4940	taskmgr.exe
920	taskmgr.exe
4940	taskmgr.exe
920	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe
4940	taskmgr.exe

Suspicious use of WriteProcessMemory 38 IoCs

description	pid	Process	procid_target
PID 920 wrote to memory of 4940	920	taskmgr.exe	93
PID 920 wrote to memory of 4940	920	taskmgr.exe	93
PID 3908 wrote to memory of 2976	3908	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	97
PID 3908 wrote to memory of 2976	3908	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	97
PID 3908 wrote to memory of 2976	3908	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	97
PID 3908 wrote to memory of 2536	3908	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	98
PID 3908 wrote to memory of 2536	3908	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	98
PID 3908 wrote to memory of 2536	3908	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	98
PID 3908 wrote to memory of 2204	3908	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	99
PID 3908 wrote to memory of 2204	3908	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	99
PID 3908 wrote to memory of 2204	3908	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	99
PID 3908 wrote to memory of 2052	3908	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	100
PID 3908 wrote to memory of 2052	3908	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	100
PID 3908 wrote to memory of 2052	3908	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	100
PID 3908 wrote to memory of 1992	3908	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	101
PID 3908 wrote to memory of 1992	3908	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	101
PID 3908 wrote to memory of 1992	3908	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	101
PID 3908 wrote to memory of 4948	3908	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	103
PID 3908 wrote to memory of 4948	3908	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	103
PID 3908 wrote to memory of 4948	3908	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	103
PID 3908 wrote to memory of 4972	3908	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	104
PID 3908 wrote to memory of 4972	3908	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	104
PID 3908 wrote to memory of 4972	3908	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	104
PID 3908 wrote to memory of 1076	3908	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	106
PID 3908 wrote to memory of 1076	3908	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	106
PID 3908 wrote to memory of 1076	3908	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	106
PID 2976 wrote to memory of 832	2976	cmd.exe	111
PID 2976 wrote to memory of 832	2976	cmd.exe	111
PID 2976 wrote to memory of 832	2976	cmd.exe	111
PID 4948 wrote to memory of 5036	4948	cmd.exe	112
PID 4948 wrote to memory of 5036	4948	cmd.exe	112
PID 4948 wrote to memory of 5036	4948	cmd.exe	112
PID 3908 wrote to memory of 1884	3908	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	122
PID 3908 wrote to memory of 1884	3908	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	122
PID 3908 wrote to memory of 1884	3908	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	122
PID 3908 wrote to memory of 1884	3908	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	122
PID 3908 wrote to memory of 1884	3908	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	122
PID 3908 wrote to memory of 1884	3908	442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe	122

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
"C:\Users\Admin\AppData\Local\Temp\442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe"
1⤵
- Enumerates connected drives
- Suspicious use of WriteProcessMemory
PID:3908
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /C wmic shadowcopy delete
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2976
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic shadowcopy delete
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:832
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /C bcdedit /set {default} recoveryenabled no
  2⤵
  PID:2536
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /C bcdedit /set {default} bootstatuspolicy ignoreallfailures
  2⤵
  PID:2204
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /C wbadmin delete catalog -quiet
  2⤵
  PID:2052
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /C vssadmin delete shadows /all /quiet
  2⤵
  PID:1992
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\~temp001.bat
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4948
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic shadowcopy delete
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:5036
- C:\Users\Admin\AppData\Local\Temp\442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
  "C:\Users\Admin\AppData\Local\Temp\442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe" -agent 0
  2⤵
  - Drops file in Program Files directory
  PID:4972
- C:\Users\Admin\AppData\Local\Temp\442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe
  "C:\Users\Admin\AppData\Local\Temp\442bf867c8738c7231ff09db0715ec79d0ae15c050fbd46946c45b76a040d024.exe" -agent 1
  2⤵
  PID:1076
- C:\Windows\SysWOW64\notepad.exe
  notepad.exe
  2⤵
  - Deletes itself
  PID:1884

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:920
- C:\Windows\system32\taskmgr.exe
  "C:\Windows\system32\taskmgr.exe" /1
  2⤵
  - Checks SCSI registry key(s)
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:4940

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:4840

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT
1⤵
PID:3736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

T1047

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

T1070

File Deletion

T1070.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\aic_file_icons_retina_thumb.png

Filesize
65KB

MD5
4cbabd7fb3136490468309b601e7ea91

SHA1
6eb9d5a9293d4a456a184a9de107dbde693647d5

SHA256
366417880a824c9db9005029111f8c924e462ad45449db23cf4abd768f0eeb4d

SHA512
8c3751d2a5b320926baa62fab841633506b37acc99ead42f417280a615b4cfe660abc1fd3f5108f2747846bf2da0a17216c59280808e6c8bb121ff0d8e9b2320

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\hi_contrast\aic_file_icons_retina_thumb_highContrast_bow.png

Filesize
52KB

MD5
637ae2b5927fb547f05e9127692daf48

SHA1
78ef394c497e83389468a272a73e0fe927aca26b

SHA256
3c7831a29761d76ed6cde31acc70614ed801e3fd4daae411a36d3beeec8798b2

SHA512
8c17aecd602a032886efcf4403dbe4daf146be7c2ce5ca8224f38f10a96407c1d79b8ececf2ee7be06e74c312b69fb1dc1383f18e5eb8d36e039cdf76b13acd8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\hi_contrast\aic_file_icons_retina_thumb_highContrast_wob.png

Filesize
52KB

MD5
0d2095393eb5986bd6ed32a2332f18bd

SHA1
48964f24d21f14a31e4b1ab846bd4a98ad308940

SHA256
a9d007b4dfd34ca3637d4384d5c20a7628ec19a3a39ef041d72971d7b9df63d2

SHA512
ba7684165caaeff791937117c674aa61ce807825fd7c76085971e64ca7e52f3b98900623e4f4b151adad7b815538386084515d611b5c18d4d8102f60f86cfa06

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
52KB

MD5
87d43fa65dc0253cc6cfc95cee975299

SHA1
30c0eedfa29fc5febb781919733b4a869b82c1ea

SHA256
0f78befc0f12f7941d7d710fbecf25aaf8a571211d4ec76273a2d1e06c3b4573

SHA512
f9cb7f2e44c963104945fd6e9dc5c40ef5e465bda64b687ec238c11a880bdfd002a6594ec4f7881f8de2da5d6fa8850bfaa34f6c0dd60a2677bc33e972a7a3aa

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\fr-ma\ui-strings.js

Filesize
35KB

MD5
dd3405f35d5a42a282047190cf5a0253

SHA1
70e62c74f12d09cc91726bbc62e612a9d121f83f

SHA256
83606caef93a82ec6f436a841f871b4fb548f6d9f4caa398ace7ca17a458f84e

SHA512
70ce0fcb6bcc0dccb726a946160075a024b73d73d3eae0fb172f8278e5ef80164e1289f3fdb4e9f69d5e1cddf4c9307f4406988c78a1921e181c2036e887035e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\en-il\ui-strings.js

Filesize
10KB

MD5
40f9a13eff47c7ecde7d7e31737e61d7

SHA1
f2f358565504361ebb31b0652dac8ca3de0dd08d

SHA256
77c6079a51f8a3a001f977deda19201afff735d6d42efbe268ba0efe514b9623

SHA512
f2fe9137cb7c1dd0731a691506f90560d29a4d990e076e8af74fbca3acd3872e318e2ef57f53bc9bb3b2a9fe3b887a5c2c15ac42ef47da8ca36c5372ff1dbb0f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\fr-ma\ui-strings.js

Filesize
11KB

MD5
fc26b095c23e4036709210098d1a733c

SHA1
58e6792975e7fca716e3822c5442af7087054033

SHA256
e8110e049b9aabdac44ae3c3ad33324d5fdf3a6133bc07b55efda3ee47b1daf9

SHA512
a641fea684d902b76e7f07f1e652e997709f4a55db77acaa7a7e87215c4a5f82f1f0891666ecec679f30f69aa38a8225b4e2b667b00f10cf1dc026d3186b11d1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\en-il\ui-strings.js

Filesize
6KB

MD5
ae016f4ae3c06cb3b4393fcb5a80fb40

SHA1
eb1e3beac4b439cf6445afdc8318cd8ffeac2f49

SHA256
12c72ecc26ee08dc7cc4411bc9eb4b3636cd9137f3652755478d517e7f2dcdac

SHA512
49fb79388a18d9c9aca14eace90ecffab36ec8b8df5757d9dceb8e0469e77d0720b31723c9a107fae934e75d9be36a4a3ae80c6b7a3277da003baa8018227460

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fr-ma\ui-strings.js

Filesize
7KB

MD5
8849af818270eb6d27a42f02b8f72d42

SHA1
9242751b9fce84765c165f076612725c37136026

SHA256
b24affefc5ac6a060b2e1e58c42e1307ac5a4f3620f579fb9ce5c7d681164cbf

SHA512
8d84ead22ef75d9b67e055603279778da22f10da9545424a1b9beadc207f38721c4f07b0ffc7cd88f051087f005c64496e217c1dbe3643573fc669fe1fc635eb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons.png

Filesize
10KB

MD5
4c4abbc5ae4034c2de643d2548603dc6

SHA1
57ba9c9e3b20484977edca1bec2a13c0009b554f

SHA256
6db3b27135e7432d5d635a72adbaac8f7cef2c247a37fe91432b01c54b2622a5

SHA512
ea97e3321c7b64a532f65cecac2fe01b2642f4d974df6df87a82079cf81251ed4e302995bf4cad55e4c063c3d2215c97ab98c6e1ae84ec931838181fcc63b1c8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\rhp\convertpdf-rna-selector.js

Filesize
177KB

MD5
8f85bca2bea5023948d117876b452c98

SHA1
8d5e702b1ae765ae26e06e59d643eda41e105fe7

SHA256
668ef1d04dcff942f4fc4a4968d52af39721b20e08bf2bd6f73bf2cd84d1e529

SHA512
1c93aacc27e2f27c65ae5266c500dc498fc5400b125db9fafaf9415de5dfddd30e9e0d231b6390073870ff9121c13838e435f97bb241a2d3b8549653013a9e60

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\rhp\exportpdf-rna-tool-view.js

Filesize
388KB

MD5
2a7fbabf2984b2166b29fddea835dbd1

SHA1
b18329ff1bbad99f266edfc9401fd5d13f622787

SHA256
f92c0bf76cac7522e806832b8864373a54a03a56955dfe3b0691245f1d3dc6fc

SHA512
5503e3b5f19607b0ca5cb34ea2c378baf3a7d88a028935eadd037a4ab44aace28f2a951e85d7c9abf04796bdb032bb858f81fe19ced203f4a4979759a7cef2ab

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\fr-ma\ui-strings.js

Filesize
13KB

MD5
0b2264be165f4addd9f994a414c67105

SHA1
15f9ef3c3f63201121dbb3d195fac241482284d0

SHA256
f223b3a3ca0c585305b6d45a3144a71433f1d96e08b41dcd1bdd3179fc75e8eb

SHA512
247d555d56c8a2ecac692bbb8d7de0988a938a4b26a8f182ffdd5cd4ef8f10225bde214d01562d9fe84a11f112b1e5ff8f1203654a181219a51f33a5a70c90be

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\themes\dark\icons_ie8.gif

Filesize
10KB

MD5
40910a684645429b022bffe60608ccfd

SHA1
576cfcc86709bc2b3ae57ad181253e79a43ff0d3

SHA256
1549ea41114013c8a30b35a2c9c14da0b14677558f82c7b70196b1d34320315a

SHA512
c448f1fbcce8fe28a8fa7d731ead2cba279f1a933ddef44d503eeffff08af54ebb67f7a9281634fd69c3f7185fc2940d56f6891bcc64dee3e18000dac61f3251

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\themes\dark\icons_retina.png

Filesize
17KB

MD5
c24ff60419ae47624c2efb6dc8b0491e

SHA1
4b9c2635af18d71e41fc9ff16c6ca4a4bfe99e98

SHA256
bed1b999db6466251374e1f14867382e13df66097befd50b65bbd4e66729d2f9

SHA512
f68fb4f09efaf57046fed7a70fb5fe806aca751529aab653982fade28f624ce8ba5ff5d7d08962181d2d7d02f69769d93f0cf44bb62c5b9cc40d58504163ef33

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\themes\dark\new_icons.png

Filesize
10KB

MD5
8521a3c49f9bdcdca5a828aa90740699

SHA1
0b43303687e8aa1a0a5892bf234eea2996b56677

SHA256
3d1fa42750a46e99521fc23f38c4db572c86795af5a95e6654cfa57fe62828b9

SHA512
40dd76a0eaeb45aa45fd33b3a0f071645f214434103d562299548618adb2927b3444399111d42928503dbbb71875b29e5f22af72ab3a1c7536e3afe859c35500

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\themes\dark\icons.png

Filesize
10KB

MD5
2becba53e84227ef2bed48a01ff54f8f

SHA1
2e17bb885c910ae3c59744d0086845af7f5859be

SHA256
a7f6685c89a8b1633c9ada47b27650ce12001473cfc475516f9ba3bcf8bfe6da

SHA512
57b5f347a7ca20ef64f281eb4ae1b6a339bf1fbbe5aca0f01de21ba39513c826aebc6f233499f83ac4c9580c7cd4596bf0e093cfa96d2e562adb94f180be6f6b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-il\ui-strings.js

Filesize
6KB

MD5
44fea1171dc8dcb8de5fc5f4f1933bcd

SHA1
e96c44b0e8fa67164f8ee78dba47c84cb978ed05

SHA256
501ee82b254d02584088dbc13c2e2cf29c11c1ddc590ad4b768a7bcc6cc5fdd8

SHA512
954654c005bd30c95282b326e169fc9a80744b6a489b7051649fcf96a39b5a811ed7e9686e27a3b69abde6dcea2011fcedf44a46d57745beff3c4da794011756

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\fr-ma\ui-strings.js

Filesize
7KB

MD5
d968271b51a95b7c0fb49d8249a31ceb

SHA1
834b472a05c4048204b0636f57fc2045151d3ad8

SHA256
6b0bad13fd7dc3333d6da17403d6d107c7d95379e1062ffd675471d7fc6eb31b

SHA512
fd6f506072f742a2b759ef21dbba0b9ce46cbd25586819ecf7e621f7b9035e0996f97e0ebf12e878d062a6cf29f13cc05523d1d4fa9ffc2f36529fc04819006b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\en-us\AppStore_icon.svg

Filesize
15KB

MD5
1d9ee74184bbd4d16e401064191aa0a5

SHA1
ba3715fe06feffd956e7f1e730a4c7e2b90793ea

SHA256
089ae1adbc37cf2c15721c03467862691d946b059045374bfdc9cae2c565ea40

SHA512
76a8b35f4593070cd33469eaa9d6add1f67f87532fbdc66966fe0d538c8466ab6295651bd7078037285544cf013a40f75e95b701363039fb904e9863885f6e3f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\MobileAcrobatCard_Light.pdf

Filesize
382KB

MD5
e8289a7ca2319d75c6d4a5d7af3f2ce1

SHA1
2d2c53ccd68472fd922c567146ef16907ecdd31a

SHA256
36d0ec693d312a3d6d2a1517c5c5b527ee2365a795392eaf1b12e8ae282c69f2

SHA512
7e67cf1822ab7c0b2533c1e9c1e7774bb952992cb534821bab34895abc9f9cf549b6809e124ee9b8bdab01ab293b9b0c64d8f58bfbb4c1d15b483237e703c825

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\MobileScanCard_Light.pdf

Filesize
56KB

MD5
ab113b2fa980ea786cc95f0856cd6661

SHA1
49d66a60e1c1db3a7dee53e1143ccd5659347e38

SHA256
f43f66e259384579cfe4faabbaf6c568186d5a8a48926dffc13f6771174d48c7

SHA512
150f5605e93acf4cc1c7a6741f5131b20f80fda8f41a7b54f9929802ed88d387bba0896cd48c88fd82a54fe29de7bb1f12d7591f5d0cc83458d6d477565f87e9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\en-il\ui-strings.js

Filesize
15KB

MD5
04799689a6b5bf9eb47abe2b4708ddd7

SHA1
c1cba1948561bdcabe5db9e4a00d6141fdb08066

SHA256
7efcd0ac6ac99b63b2a83c6b8bf32d2545a84afc5f0c1ea255d81647fa6d1ad5

SHA512
5c85cd29038f0ddfa09eb7cec4a6c45e27274016b2074813c304deea228afe038cd31d8213dcfce2054c82c112b14653b9e0b38299a0c2de82edf1847852f131

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\fr-ma\ui-strings.js

Filesize
18KB

MD5
52f3438517f402ed5a35c3a9c142ca72

SHA1
ba8d592ac570d39c2e65ba8cb6d07ee14597a4c7

SHA256
6974b1aa6b5e9126a0874518495036e0da9bae7ff7bc19cf6fc518db4bf8e137

SHA512
e7b6397dfee92a21c12dec39caf55b9841b200a79a0fe9b0f7a890c3d14072ca9da795239f1abb84fb5d798a28c790dad74a3686402e023e45dfd526ff3b1182

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\en-il\ui-strings.js

Filesize
16KB

MD5
6adbb5a9a83b2673bd4d91f6a1865275

SHA1
7c4fa97964a2e62aa935837730f958b0ce7f945b

SHA256
d7487f905c2d7bb5ad4ac2480e50b9678774e76051314beda32ee7af4482106b

SHA512
765b66c5f657f51cd68c791fb700da3cb6f5a8e091fc41ff9699786a383e3dba2c967933897808805aefd5f56457ceeec36e7d7a700b0a21bfa4517df951447a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
8KB

MD5
00dd446eb3876026194a64bc1ea6255a

SHA1
0cdef240e96f8afe3b120979966620193ca08227

SHA256
80087d860b37bfb33163dbcad9b64e84dac87dcab7cc525bbb571ac8f85c315c

SHA512
659bfd5e9600bd0a072d97787af5407f70ebf33e2c11002f5f88cd93f95d1fa5bb9f9e2f83f5683a995aed6f568e978ef10ae3c31bef28b271a18240ca9de74e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\fr-ma\ui-strings.js

Filesize
12KB

MD5
5fb2fa9dc743431bf23ebd6ea14b3f12

SHA1
7aad124f3280d0f07fc27474903f9edd799fe351

SHA256
01b549ae1acb6f301a43e9b5a2e4eee87fccc12f8757aef7a3ba96e741bb8b55

SHA512
2aef848a25cab7739225fe464814678b9ecc270cca7d99bcfcc161c6bf049deacdade3dc5c674f7a1cc70bcbcf9e002f4535637c2420f7a6d434943208b8a202

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\fr-ma\ui-strings.js

Filesize
18KB

MD5
6423eb6eb9aea2bde70e6136aed89306

SHA1
47699353b8d954ab0d313c8b9810abd4214c212c

SHA256
9693206e8b9788b9ab738b8c550a47a9802ba122dc397623d1a0394d16411b8c

SHA512
9d163aa808b3bc77eefb87ff20eaff2231f50317e3bbceecb18802890e2c2eff5d7d40af5a5b210a5682240e5ef69b0087cd95c2d1f5a761870d2bb7232fa80f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\fr-ma\ui-strings.js

Filesize
18KB

MD5
ee1fba4affe1f53937eb2595d226cc10

SHA1
33ccdc136536c6411254150b6bab32b68ccb4ae4

SHA256
ea5253e6616e3fabf550d1af9ec3a538b669ad32142a7515ad55f8782250f7a7

SHA512
9e50143b34e776f177fb4e7e4196f293edcfe6c29f91b45a851c4de0a2a825c341314aa236c78e446165b77312bb1f45e28a0d3ac039d586b6479b588998de95

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\en-il\ui-strings.js

Filesize
20KB

MD5
cbae2c4562ef04d85906602d8df80945

SHA1
f4c0011c984b4319f718244e35141e0780e1aa0f

SHA256
704686598b2016176b9fbca887cb7380ba066002ab026685557651fb6a394aa4

SHA512
c1fde0450bfabda8a3657b3837a77b5b733a0a165bcbcc39bc7cd8916d6b2e73a4cf2d935aac1743bc531caabcff693c8deabca6356530b1cf7f96f775c01dcd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\fr-ma\ui-strings.js

Filesize
23KB

MD5
ad865d6b92a7eac1232ff8fa46ed38c8

SHA1
9a00a5c2c37d982ad3cae9f1ac21ef352fd89462

SHA256
59fb221b59baada44ff02d1bfcb6d17c986ee63b86b9a221ca3d693ed16f32fc

SHA512
8bbc8af2c4f7743e6ef2b8e171268a039b68ad2700f84b1fb1d46b8a6fb9141da6c245601ebb648c4a272e5d34b939e739da419a1e69fb200ce30678363a5a8a

Download Submit
C:\Program Files\Crashpad\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT

Filesize
917B

MD5
5be413552e4e9cc9452880bc5050ab7d

SHA1
f128f8ec5f206af3ef17f159ac40989a8c932154

SHA256
c8ae4668d9400021790a35d109461ed11f68c2280507c481b140e10bfb6dc4c1

SHA512
2f3e70fa692a1f7f7b85cde767be4d40d00c5c9f87d5f430792d492168f393d68d04645e892795b63b0a7457e64d2aad11107a47414afd5d530aa9fe727882b8

Download Submit
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe

Filesize
4.1MB

MD5
288a62987a1f0313fa4eb0f92aac612a

SHA1
947efb396284f30db93e858f286f9f4361ff4577

SHA256
01f5d71b9ec2ad9226372faa9691fcaae43abd50a954dbd48ae91e1ce8ad15ca

SHA512
4f222b677841dfa33fee2b24a4bd0616f17f1dde15a5710bb4947f01134bbfa252abc6a0a3742003874fae3ebfbfa4c448946706e801ffc1c6c3d346088aed5e

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\PREVIEWTEMPLATE2.POTX

Filesize
293KB

MD5
324c631b20d90d24a55355cfc6017259

SHA1
a6d5add03962498143462efb43b0b5ed383c5674

SHA256
537db67d3674aaf9e8abdd183ca09445a830c26324ae18f7c410ac7095791aef

SHA512
b9a27ef859b30141cb50ba4678cab35d2d285151bba2a400f35957ab5baedac87f6c1c677d10d1f492323e623c8e36911765adcaca4b9430043ac44e407a708a

Download Submit
C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\ISO690.XSL

Filesize
266KB

MD5
ef43e05ce38cbf412c53b52e076e4e3e

SHA1
66d53f58ffc06b7bea1af2b52869417e42762e3b

SHA256
d4d5648cfb484d95879e490378bb05c100c918c5d36fe99aa5ed85436bd41a6d

SHA512
82f9772203c97613fdd0b48616130c7534e3c8626b7dc8c7029e449b62704d38b44150ccae89763a600e0f978a9323c6ce18970f8b2d42f6b45a12e8180caa1c

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\osmdp64.msi

Filesize
2.4MB

MD5
fdb0139fc24b76e43c51620bd92280b2

SHA1
b8a84ab9d6a5ab1f07cc36e67052cc315b7d9003

SHA256
01fc2ba3f3e0ada6b301916b2d577d2b5645b6e60268c2beabf9a9140a4bf84f

SHA512
43e9d323b971940f424da6fa67c12575c65b48bf2be9f73ad1ad4c347e54892b5e80b73bc1445bad29cc027accdcb13671467ad5eb0fafcb4281ebcdd14e7b06

Download Submit
C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\osmclienticon.exe

Filesize
63KB

MD5
406230c3dda39b115354fbaec394d5fe

SHA1
8cee1a518c8cef6a4ac7ea3461967785ca0f424a

SHA256
fc2c6b6ead7609a43e40b4bdc44336d2816302c71321631b0ce700625a56b092

SHA512
4d802b4f3cdcf6b6eb2774d271a3b51637327886b862f1449b2651d0a5629e068df6f91b285465b6461c3ad5bcd3914799cd2d081656ebc41cbce17a79101429

Download Submit
C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-1000-0000000FF1CE}\misc.exe

Filesize
1016KB

MD5
117675921b5dc13daf75614c133f6b8e

SHA1
213e0ed994fb7601567f7a9420bfaee8fccc5c56

SHA256
f5b29de8e754e8e6c81414ed3bc11953fbc8336d2a4ac0437df0826a0cb39059

SHA512
9858129ea36dd8581a20962e8dcede8b3027ad4bef3425aadd8b560ec234dfdbee6766dc92d4d2b19802d2c3e55fc96e14cd078a9ac34ca892562e30c89733ac

Download Submit
C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\vlc.mo

Filesize
586KB

MD5
44c77e7f591aff0afc52c20797ef40c2

SHA1
4942c2014df86a0af5209bebbea27e9c31f1ecca

SHA256
76ef250f16a147c4e8c71411ad91944e7a2e35ae4296e750bda65ff7dd278357

SHA512
b02247f5eaa9aa5ed5680e633cce31b3d9fc513ff4904615d47c90c676582672de3f2551e55930c0e8e23004800fbb9091f82851cdb54635467d0fe8c0e64583

Download Submit
C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\vlc.mo

Filesize
617KB

MD5
e989067389e4b2ccc447a40903a96c65

SHA1
f71497e2368e14017b960262b2a3042ca74fd1f1

SHA256
665d59870610d9d9586843d49e9dbae27d46768b8dba7a7b3fa022eab4654a50

SHA512
9d964b85378a023d3ff9ec3ae2d65268030f5d95f65ad1a36d4495fbfb9d4a930dd38f5799a4f866f6f38d6d562236aa5c9060768a7d0e6ef17dd37d94039a90

Download Submit
C:\Program Files\VideoLAN\VLC\locale\ko\LC_MESSAGES\vlc.mo

Filesize
618KB

MD5
d4c60ce3a89b7701d829b4562f07381b

SHA1
dd8e94e14671fe2e6ea3cd6da18bf5a9858b3720

SHA256
7a16a43255c2eb9376c3dd3c8ae0bd6b5fdde40d824939baa9d20fb2366e0410

SHA512
31ac38d5fc851bd2be347bacbef3522942f9d80d994150a9126fe79f6ac289ec953734af713e21b7f4c981650460be32235d786e768084ab372567255556114a

Download Submit
C:\Program Files\VideoLAN\VLC\locale\ml\LC_MESSAGES\vlc.mo

Filesize
1.1MB

MD5
882128f9f413540d4048455091d1dbf5

SHA1
81faac0e23075897bbf09b768d7dc370b7c53485

SHA256
4311b8309e28976b469437ebdde62ce607ca7392202f525698872f8f4337266b

SHA512
5a5144a7f36034b8e277804d9677cfde95d32e65b90d8f733d5a5e2df52dc12573f68a48fd6dd43b328974bbc3cc88a755af99492dcf4de7974e6c0d18c4b9d3

Download Submit
C:\Program Files\VideoLAN\VLC\locale\pl\LC_MESSAGES\vlc.mo

Filesize
607KB

MD5
ec63cbedc93f6bc0b3761f010a152d9f

SHA1
d55e0159b8aabaf7a94c98172c34f3d80d070136

SHA256
c136d3028c11fe954d598490abc925ae07ef9c18a124a3c65a66e208b243ce6f

SHA512
b8bb3cdf36288121b86572d1c741acbe34b66010e824043da44141b5c189e5efe92b62ce243dfbd5582d50ac3cca94a98bafc98d8dcb29a7db511161207d83e1

Download Submit
C:\Program Files\VideoLAN\VLC\locale\sk\LC_MESSAGES\vlc.mo

Filesize
628KB

MD5
19d3148d21c8d6d30bc241f3f936d85b

SHA1
ebba97ce228eb5901c23d56071f701535f12460b

SHA256
00d43011984637040a5fc9c435e3396dd1cbdf9b0eeb61ea828b65ed43a29cea

SHA512
58c6e223a69b156aaf3eebe92dda43bd9bf978de602f923fd0158e1c55869303180a38af7d52aab2c4550ca51d09253792c6409e9e2bd104ad20ffa198e198f6

Download Submit
C:\Program Files\VideoLAN\VLC\locale\uk\LC_MESSAGES\vlc.mo

Filesize
781KB

MD5
594c3788fc71417ffebe0ede252d18b4

SHA1
55c0f41fdc8dd4e44a365d5703cc399cecf5c166

SHA256
c2455e73fcc18e76194bc6356189d335e8359df9c6ab76f8db294a7a0c39706a

SHA512
1fa31e047ff00ebb403f3844b701a0ad7423d65088da275d09d25dd199ebbc86df552ad163fd6be0fa4cdfcb6482a086f7dea6d41aceb380121b61e8cb758d25

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
d2fb266b97caff2086bf0fa74eddb6b2

SHA1
2f0061ce9c51b5b4fbab76b37fc6a540be7f805d

SHA256
b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a

SHA512
c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
944B

MD5
6bd369f7c74a28194c991ed1404da30f

SHA1
0f8e3f8ab822c9374409fe399b6bfe5d68cbd643

SHA256
878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d

SHA512
8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93

Download Submit
C:\Users\Admin\AppData\Local\Temp\~temp001.bat

Filesize
406B

MD5
ef572e2c7b1bbd57654b36e8dcfdc37a

SHA1
b84c4db6d0dfd415c289d0c8ae099aea4001e3b7

SHA256
e6e609db3f387f42bfd16dd9e5695ddc2b73d86ae12baf4f0dfc4edda4a96a64

SHA512
b8c014b242e8e8f42da37b75fe96c52cd25ebd366d0b5103bcba5ac041806d13142a62351edecdee583d494d2a120f9b330f6229b1b5fe820e1c7d98981089e9

Download Submit
C:\Users\Admin\Desktop\ApproveNew.cfg.147-752-85E

Filesize
660KB

MD5
93a62473b3f4c80e40ad93c7fadd576c

SHA1
990003b03e66316b89da6fe3733d3edbfa359117

SHA256
1b7bc0b406c36e21b8160cafdbd6ec02477a7b7f75cc3a34cb62959d5e869ff5

SHA512
70150bb47838ab6fd853ebf70672362c0a6722432ed398d9d82e5dc6c3af6e861a8233d019d3386fabee01a4595acd7652970eb891124dcc6ccf3bcda897a657

Download Submit
C:\Users\Admin\Desktop\CompareFormat.html.147-752-85E

Filesize
778KB

MD5
4a6a44a4ae95cf827f74b14cbf9373e6

SHA1
e893aee495362c5af75a4d644068230f69a9da04

SHA256
d05c600cc17d979706c155590fc575a3001f637b7f5b3c109cb365ef5141fa98

SHA512
ff800821b46dd16428e8ec001966ca2ad4fd552097d35d63b9e1a32baf1ba10b9e605983465b56fa25bbd68be25e164c2632938d1c03162a8ff28204bdf62a68

Download Submit
C:\Users\Admin\Desktop\CompareSave.htm.147-752-85E

Filesize
825KB

MD5
d946d14f9f39de19bf4dfc6a4b377e8b

SHA1
16d2266b983fc1e5c617dae7b33be6787b048bb4

SHA256
c1667dacd346f1b82529f6ba573ec22f9730b23c49f91e0dde7a984ee87b48f0

SHA512
a32ee1a3725f24c621f753d63f95a15a9634bbb163ffcccb90a794745ca37ccd193399109f9e1ec9cffce410ec031c0bbffb8bc7b0ad5c6d08cc6b6b224d7eb1

Download Submit
C:\Users\Admin\Desktop\ConfirmSplit.mpeg2.147-752-85E

Filesize
684KB

MD5
f97b2adbdafd176f7d1fc59397bf67e4

SHA1
c22804ba2943853dc5741b0f05c8a576faee00d5

SHA256
f36cafae5df478b17c12f1503a2a369e4910038387ac815c2f2b309315acac18

SHA512
5cea41d852dbcf311247d0cf8eec6a1c47816ffab60897155c871edfc851389029af05bdd5348b32cfcb4b10180c2e870c74f70df38b82f4ad698eac94f98ac6

Download Submit
C:\Users\Admin\Desktop\ConvertFromBlock.midi.147-752-85E

Filesize
919KB

MD5
bc03d35335fbdc5198c5a03f0f6d475a

SHA1
e33ac096ee089b8463ebfecda473d0f32f31083e

SHA256
5465ce5b19e2fa9c19be9459c12bc69fbc2ad68ddfa2f8985d37b6cad8b2066f

SHA512
daf912919074315be3e0585bf4d9a925f276c1a9c303de80b6a2b4778036e48eb2a3e1f55355ab87f5af7d2adbab216adfd4b54da88935a44c1584bc40cb1b80

Download Submit
C:\Users\Admin\Desktop\ConvertToBackup.ini.147-752-85E

Filesize
707KB

MD5
4da977a52ef55655ded713fbaf864954

SHA1
f6536124f7452981752b837b842a62d30698fbef

SHA256
9550839eff8ebcc811e66c79382767de3ce4f166be63b14fdb9c457b8e804b4b

SHA512
46cbee3f1ea5703192d5f5ddd4831870387a00cb050d578f01f78421e36f9188682886fe8189202587aea1dbf199b218b74c94de2417ea604dfbbb22fc03accb

Download Submit
C:\Users\Admin\Desktop\DenyMerge.wmf.147-752-85E

Filesize
519KB

MD5
b9e89907c1b032ef5fcb071fd33bf07c

SHA1
54aedeffae19a990e00a6efbe54e8ad1afa23b9a

SHA256
c2b5ae7f032a7a2bffaf26a58344e23cee92ddb3cc3cc4f2544ba48e8f56e3a5

SHA512
ae16720340fa2190a18db09d42c586682403069424615a5186280d072543b44f8a661f89428be34ccf7616acbbc20fd860d1d6e236fa750de8a4b9e6d258fe53

Download Submit
C:\Users\Admin\Desktop\DisconnectClear.php.147-752-85E

Filesize
378KB

MD5
26dac812137567c17a82da354d19fac5

SHA1
b806aaabc3eb0140326a19115d9166dd0049807b

SHA256
1350b290ca6f0716bdf41ddf952a28c463604f38c90e60d119a4f9f114ebaecf

SHA512
5be1087bac9ce0cb5398de6a95c59263f97d267857a335e0f90a21d91d94541fb25f6c69713b134d85fcbbff74beed83fd152794aee63c15ecf293b862892639

Download Submit
C:\Users\Admin\Desktop\EditNew.TTS.147-752-85E

Filesize
613KB

MD5
02029a8ccdf6b5eb2030bf0b1c422d73

SHA1
1da86b828789140f59bba86ad4d2ddc36b0ca3bf

SHA256
39102a536de71a3d54112edbf39c4bb3a1aaf5e17c0370ff802036efeae2f0a6

SHA512
4b4a962af7d1763eec1ae2d22aa0fb169a5f875e6e1308dcc264442b8749c2c46f3565253d9fa6d85c8793ce6ca549823867a34d3114371ba9a7c2d756e4a92e

Download Submit
C:\Users\Admin\Desktop\EditOut.mpeg2.147-752-85E

Filesize
848KB

MD5
d957676dbf0174aa18dd7ebb8ba05a46

SHA1
dadea58464f7710ca12a1e6c7c81ee9b7bb9cc8f

SHA256
098ef00529a78f39a73cbf4218d12464b44903552c2f6759f08556b90f3dc54a

SHA512
7de8915e1a635dc66b7ecb41ffff79f35544d87d3683a163a9ff1d9bb73c7b517ebbaa6beb8c28a7996a99a4491e82ef2c3b00f704a9fa607bad3bc87ee9e5db

Download Submit
C:\Users\Admin\Desktop\GroupUnprotect.au3.147-752-85E

Filesize
354KB

MD5
233a38c1a4190b2d2f4386d1a96f1f57

SHA1
1c511e9e983815aef8fafb268dea78f33e3ad9d3

SHA256
e94558923781747915869d969227051418395b704375eecc4ec695fa64921fe9

SHA512
6f52938a967652fbda26b1ecd30233b7b376bd0fe054deffcc17ca2690afd9ed7f40c545c303cd0c01e3023b8b057887470fce416bf79a6f406829d185bcb92d

Download Submit
C:\Users\Admin\Desktop\HideDisconnect.wmf.147-752-85E

Filesize
895KB

MD5
f0145bef527cde2a743abea7f3f22cf1

SHA1
a672e231ec0d5959e8bb852fa32b23cf161d5a6a

SHA256
53370343dc4c47ca58b0cabe7c535a38f6aa905c569045ae1353cf0724e8757d

SHA512
86e224498fb8070a44975dc2cf8a78661a99eb72c197bce927a66374a5c88fab39ca0d78da50549f72fc049c5ab5183c40ef51eaacb793493db8c15778540c8e

Download Submit
C:\Users\Admin\Desktop\MountWrite.emz.147-752-85E

Filesize
942KB

MD5
73b2475b88022d7a51517874cbfdcc17

SHA1
3bdd35bcfdcc306a7363f2cd34a972757331bac9

SHA256
32b636aff474bdceae2eac4a305db06179c92449f850946a9de9fc0188dbb33f

SHA512
e8b8b7788fd32ba5db8b13a38c3059e1740a00eddd34a4237bd53422681834d9554572ab7b1aff850a0600a4d3b6f8de4d99d091710aa82b9f96f04a3c86c423

Download Submit
C:\Users\Admin\Desktop\OpenMove.dxf.147-752-85E

Filesize
754KB

MD5
de901dd6654d9d5717d61d186007b75f

SHA1
40f7a192592c0f89532695b2f9b9d94c7f1bdef1

SHA256
a490d5a2b5763f149727fb313b197c6caf94ff6f39c34ad661ac163cb498e411

SHA512
52c3ea06977185d084b22dc63d2dcc7726d2883fd6d04ce1d14d58b688aed857ff6d9718605269950334de50f73c34a97eb6bf470fb0053d72003465abeef352

Download Submit
C:\Users\Admin\Desktop\OutOptimize.jpe.147-752-85E

Filesize
590KB

MD5
d05b385a5434f382342b63827d048a87

SHA1
109bdb67ee64490185874b8b712195a7bcc5a7d2

SHA256
90fad33a6b3d98f0f250c99172ca26fd39838ae31e5f0aa9c7d2ff0caffd1310

SHA512
90eb6ceaba325793ff77324c4e2b12df10a9a0e07854eea2f479e568a79d884826257ec412d7036c5ffffe25b21e4dea6e7fd5c50d57b5ab93dfaab5127e3d29

Download Submit
C:\Users\Admin\Desktop\RegisterLock.jtx.147-752-85E

Filesize
402KB

MD5
631574570ab545c5fdebb77e2dc1ac30

SHA1
83947d1135ff3ac214cde63cc707f29a232f1b20

SHA256
c363cbea7aab54e9e299e639a4ef108e8bb751a5e37c11fa2b22b2f477169d09

SHA512
7899f0c0316c9a86328bcd903c33b5edd1b06037fa4f02fa8a7f079c124500e76d182e0beac896aa75330551b3baa408ff271bf02c5eaa4633b213bd68750fff

Download Submit
C:\Users\Admin\Desktop\RevokeMerge.vbs.147-752-85E

Filesize
566KB

MD5
93fa2ab0ddd3cdd58ab582d6f7198fdb

SHA1
a3044aaed0e5341c0d94744bee568a60e3bd8a8c

SHA256
7e468f7908bef5cfc8ad468654497011064c5d4169f9f2f1962dea4e47c77777

SHA512
89b4c95899005cee44558d43b3a5e29a86857e289897575df7014f798bb81e9bcb4c4838610a9a77c0e6cb7cc36dd98a9d71ccf547992052e3eb82a4540cf6c5

Download Submit
C:\Users\Admin\Desktop\SendPing.3g2.147-752-85E

Filesize
472KB

MD5
f088d6ec60703981ba127f319472875e

SHA1
e7c0067f6e3ecfa4cb91962e4dd21444ded555a2

SHA256
16fd028dcfa79c92075fab3d7bfe960e86a1e1aee969a03d08d64ac63b8d6106

SHA512
d498722be2d88ad0a30813d3326bdc296ae889f1744dfc9154c76bdbc67680421df47157880ad0e0216763b777e598d25cee871c5ca36cbea2ec0462f21d7936

Download Submit
C:\Users\Admin\Desktop\ShowClose.mp4.147-752-85E

Filesize
872KB

MD5
f1430ad87b6272c842ee9d058420c4b1

SHA1
23d8f33feb7db53ca6ff167db298b1125d21851a

SHA256
6aedf01281b4a8f701bfcad4f6e6cc7643f59ab4886af36f623eb92a1a53ddae

SHA512
be8f1d5b5c545d99b32dbdf3c61cb746f05e7b1c79f87ce461b9114c0ccf9b9ce47a9509fb38df823b13544d4b9972bf4840e4a7ae2f0445282585dcdf4b86a5

Download Submit
C:\Users\Admin\Desktop\ShowUnlock.mpeg.147-752-85E

Filesize
731KB

MD5
5f96cde1b35a2917c22758706cf8937c

SHA1
7de0ca2b7c037cea7c326681a03994ec3d29befb

SHA256
4bbc2428726e20e9ea296a9e62506a6404761410159f448cfd8863eedec42536

SHA512
17679eed3b26920a80d271a5a0a60fca99301f74575a8518e10cf5725b94c4af62d7ffa3a4c0c2b77ab2cfb1a77416da710d6ea68412f9b8579e2608f532663f

Download Submit
C:\Users\Admin\Desktop\SkipUnregister.mp4v.147-752-85E

Filesize
331KB

MD5
ec06d3a511175c257b67ae2bd83e4469

SHA1
5f6300d8a67bfc5d592996c5881ad0eefa596fb9

SHA256
aac0e840ec9dce17a44ecb4fd082cf82d1995fdef88983acbf15234c2762d701

SHA512
7a8c820bb0a7a5f1fae6471b90117b2b405ebdab704aea48847ed3d5973eb1d580fa2a5e7dd9070d44ad8c55a33efa009337fa30e9a5f44fadf853af01bd9576

Download Submit
C:\Users\Admin\Desktop\SplitComplete.ttf.147-752-85E

Filesize
1.3MB

MD5
656dde94928c9f19da3efe91f907c1bf

SHA1
11aea40f35fe9c2c639b3f5be7ae67b99075f75c

SHA256
686d8f6deebbf185b949afde663b8b4730ce0b13382f9e4c20e0593af667435c

SHA512
a7296e24805ad7c7ddae87c4cd6ea3ba319c74431a25620703eddab3cedbeb2410bbc8b7e75cba0a5bdd35b934bddf47bce94ffbfcd6bbc9e25a8cb82c17a211

Download Submit
C:\Users\Admin\Desktop\SyncBlock.svg.147-752-85E

Filesize
449KB

MD5
8b6ed162cb1cbc0cae480cbd54beaaef

SHA1
0c83ab15967eded9366e514a2a2552e55f55e4e6

SHA256
209d9a3c0140b7b79d475a80825beeb74a4a1d544e8577aece1ea78d8071a8ed

SHA512
27ebb0091c651d086d34ee03f1753aa6d2ad6fad7c4f9448c4d7d43317032265d7219df17e9b04892e2d4db1282347b1fdb18da8486d0e5b2ab42d27a6fcf093

Download Submit
C:\Users\Admin\Desktop\TraceDisconnect.MOD.147-752-85E

Filesize
543KB

MD5
4288f900f029c8f3a6dd9cd6e6b7c9fe

SHA1
071da59a04172716c0c19154f9bdc6c0c7024306

SHA256
1ff45004dea6dba2cb869f305ee96213360a4ee4d99155477b206eee2c9ed730

SHA512
8a1bcaf1449dad859fe235a9c028c7332ec8ec370ecd6454302d658a4c7bfd66b059580c150b46a5b12f26b3ad4cd3b09755e4c1036c3c86d2a75707bfa4d16d

Download Submit
C:\Users\Admin\Desktop\UndoOut.raw.147-752-85E

Filesize
801KB

MD5
7460d904c2136a7d806e35530f70a0d3

SHA1
3a26bf1f8fda1966f380404737ec88ac94e7bada

SHA256
7f1d164e77298bc47d0b3dc8e726cba1960a39e44a1968425670f6747b2124ee

SHA512
ab8c093ed44bbbde9c173c577aae9303923579a3d30149fcef0135acc967dc43a88e9a5357706f067a1a80df5d521422264148d4312dcaec91d7e25a2573efbf

Download Submit
C:\Users\Admin\Desktop\UnlockGet.cab.147-752-85E

Filesize
425KB

MD5
fba55b5c4edcf68f9db1216c79feb717

SHA1
5d49e4db71cfb0db810535c96f164a94ed9def9b

SHA256
7080fec5ef3b19f29c00cf912eb63f3eb7fba0c1f7acd178514da5b84beee7e3

SHA512
d603298f5dfb2c7284d30640b37622329a5e53e657268ea7778e8761882b9f0da20109f676d4a9df786f9e78ac70de6a39f29190ed5e501976ffda325f19e2c4

Download Submit
C:\Users\Admin\Desktop\UnlockHide.mpa.147-752-85E

Filesize
637KB

MD5
942b12e4862bc1861f894c18b8a20885

SHA1
02b1eb2652649277f54ad7eebbe63e3a63853d9f

SHA256
cd41b391dc79d28d2e1bbb7a55cf115ff924eed2d0a9d0201fd2c5fafbbe536e

SHA512
adf02a4c1aa0198a03433b3e3c501007453ac524883765aa9d913da396ae807738dac47b2c76f7c75433fdc217b215aba4eb15b2d1176b574fcd3f570273c120

Download Submit
C:\Users\Admin\Desktop\UseSplit.js.147-752-85E

Filesize
496KB

MD5
3d9bb9d10c5e0f8fcb1a8b2d1fea7a87

SHA1
be6013439013e38c7db902138bf6079f36463f87

SHA256
9ee20a48b0bda513c043d22ead4181569dcdc8f938c593657534b29f47e241ad

SHA512
8cfd81f2919c09a49a09d66ab5004683366ba5176918ab42d82dfeac018d135a390723f0eb63e45d15db215808b31d8017adb88e45ed7d27d9cccf51573f9ce5

Download Submit
C:\vcredist2010_x86.log.html

Filesize
84KB

MD5
eb4bbcfb415e50ff1224aded55e4c84a

SHA1
4981bc9fb1b09297f375bf017a3c724d0e741e33

SHA256
7c4a384580e84c0973f4cfa939e82cc94b907be393e6bf83788af47215f9d158

SHA512
7934b91fa15e1248b063f273fe36599f52f66235dcd1d64318d05f04ab4f00fbd2a8908601d882b1d63e1ce63c8123b43b8097e48705ffc372a2fcbdab0f2469

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-1750093773-264148664-1320403265-1000\.zeppelin

Filesize
513B

MD5
697c72ffb7ec6735e26df49a79e5b5d0

SHA1
c4ed40267131787793a7e559fb57bbcecfa9edf4

SHA256
f9af0de53584a474e4d664c9e9463bcf42832e4498aff5f9c0ee3acd8db73862

SHA512
540fe00d5e09241ba6488cfdc7011e4a71afa2a1056b0b5b3cbd2f3c7afb6b0dc01acd6e73a5d352f5d9f94d802131a6d6f3d1ea664c5e4a0f8cb739d102f6d6

Download Submit
memory/920-19-0x00000207285F0000-0x00000207285F1000-memory.dmp

Filesize
4KB

Download
memory/920-24-0x00000207285F0000-0x00000207285F1000-memory.dmp

Filesize
4KB

Download
memory/920-14-0x00000207285F0000-0x00000207285F1000-memory.dmp

Filesize
4KB

Download
memory/920-25-0x00000207285F0000-0x00000207285F1000-memory.dmp

Filesize
4KB

Download
memory/920-13-0x00000207285F0000-0x00000207285F1000-memory.dmp

Filesize
4KB

Download
memory/920-23-0x00000207285F0000-0x00000207285F1000-memory.dmp

Filesize
4KB

Download
memory/920-22-0x00000207285F0000-0x00000207285F1000-memory.dmp

Filesize
4KB

Download
memory/920-21-0x00000207285F0000-0x00000207285F1000-memory.dmp

Filesize
4KB

Download
memory/920-20-0x00000207285F0000-0x00000207285F1000-memory.dmp

Filesize
4KB

Download
memory/920-15-0x00000207285F0000-0x00000207285F1000-memory.dmp

Filesize
4KB

Download
memory/1076-54-0x00000000007A0000-0x00000000008E1000-memory.dmp

Filesize
1.3MB

Download
memory/1884-25942-0x0000000000AD0000-0x0000000000AD1000-memory.dmp

Filesize
4KB

Download
memory/3908-47-0x00000000007A0000-0x00000000008E1000-memory.dmp

Filesize
1.3MB

Download
memory/3908-812-0x00000000007A0000-0x00000000008E1000-memory.dmp

Filesize
1.3MB

Download
memory/3908-25943-0x00000000007A0000-0x00000000008E1000-memory.dmp

Filesize
1.3MB

Download
memory/4972-25913-0x00000000007A0000-0x00000000008E1000-memory.dmp

Filesize
1.3MB

Download
memory/4972-5198-0x00000000007A0000-0x00000000008E1000-memory.dmp

Filesize
1.3MB

Download
memory/4972-9723-0x00000000007A0000-0x00000000008E1000-memory.dmp

Filesize
1.3MB

Download
memory/4972-21443-0x00000000007A0000-0x00000000008E1000-memory.dmp

Filesize
1.3MB

Download
memory/4972-13573-0x00000000007A0000-0x00000000008E1000-memory.dmp

Filesize
1.3MB

Download
memory/4972-16379-0x00000000007A0000-0x00000000008E1000-memory.dmp

Filesize
1.3MB

Download