76cf35ac4e8690cca9205b3b3b91460934139326101ac15a3a95adc3fe276e86

Analysis

max time kernel
141s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14-10-2024 15:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Passport_ID_jpg.jar
Size

147KB
MD5

44699ea6b454cd863c21fd8128e0fd0e
SHA1

34bd46468b48b25238d40f67a64ad8721f967e38
SHA256

eb51ad2218a1759fd60f956739cbb885eb2ed2422ff23659b97c2547f81cec7b
SHA512

42cf4c6e8dd0d06b21303fb786416889d489d3c2220942f986ccf657b2db667ed7734cd49c773a408ddf85a7f74d4fce34b156145eabb7752a59b63774bf815f
SSDEEP

384:UDxzrbA+xjbK4MhNDeDnxtpL3/380P7TnVHmWixZ7YyWxtZItYIQUmJeZ:KxAE6fhotpLv803nVGB98ERkk

Score

7^/10

discovery

Malware Config

Signatures

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\startup.jar	java.exe

Enumerates processes with tasklist 1 TTPs 1 IoCs

discovery

Process Discovery

T1057

pid	Process
1672	tasklist.exe

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings	java.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
2212	AcroRd32.exe
2212	AcroRd32.exe
2212	AcroRd32.exe
2212	AcroRd32.exe
2212	AcroRd32.exe
2212	AcroRd32.exe
2212	AcroRd32.exe
2212	AcroRd32.exe
2212	AcroRd32.exe
2212	AcroRd32.exe
2212	AcroRd32.exe
2212	AcroRd32.exe
2212	AcroRd32.exe
2212	AcroRd32.exe
2212	AcroRd32.exe
2212	AcroRd32.exe
2212	AcroRd32.exe
2212	AcroRd32.exe
2212	AcroRd32.exe
2212	AcroRd32.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1672	tasklist.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2212	AcroRd32.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
4672	java.exe
2212	AcroRd32.exe
2212	AcroRd32.exe
2212	AcroRd32.exe
2212	AcroRd32.exe
2212	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4672 wrote to memory of 1672	4672	java.exe	86
PID 4672 wrote to memory of 1672	4672	java.exe	86
PID 4672 wrote to memory of 2212	4672	java.exe	90
PID 4672 wrote to memory of 2212	4672	java.exe	90
PID 4672 wrote to memory of 2212	4672	java.exe	90
PID 2212 wrote to memory of 5080	2212	AcroRd32.exe	91
PID 2212 wrote to memory of 5080	2212	AcroRd32.exe	91
PID 2212 wrote to memory of 5080	2212	AcroRd32.exe	91
PID 5080 wrote to memory of 4380	5080	RdrCEF.exe	92
PID 5080 wrote to memory of 4380	5080	RdrCEF.exe	92
PID 5080 wrote to memory of 4380	5080	RdrCEF.exe	92
PID 5080 wrote to memory of 4380	5080	RdrCEF.exe	92
PID 5080 wrote to memory of 4380	5080	RdrCEF.exe	92
PID 5080 wrote to memory of 4380	5080	RdrCEF.exe	92
PID 5080 wrote to memory of 4380	5080	RdrCEF.exe	92
PID 5080 wrote to memory of 4380	5080	RdrCEF.exe	92
PID 5080 wrote to memory of 4380	5080	RdrCEF.exe	92
PID 5080 wrote to memory of 4380	5080	RdrCEF.exe	92
PID 5080 wrote to memory of 4380	5080	RdrCEF.exe	92
PID 5080 wrote to memory of 4380	5080	RdrCEF.exe	92
PID 5080 wrote to memory of 4380	5080	RdrCEF.exe	92
PID 5080 wrote to memory of 4380	5080	RdrCEF.exe	92
PID 5080 wrote to memory of 4380	5080	RdrCEF.exe	92
PID 5080 wrote to memory of 4380	5080	RdrCEF.exe	92
PID 5080 wrote to memory of 4380	5080	RdrCEF.exe	92
PID 5080 wrote to memory of 4380	5080	RdrCEF.exe	92
PID 5080 wrote to memory of 4380	5080	RdrCEF.exe	92
PID 5080 wrote to memory of 4380	5080	RdrCEF.exe	92
PID 5080 wrote to memory of 4380	5080	RdrCEF.exe	92
PID 5080 wrote to memory of 4380	5080	RdrCEF.exe	92
PID 5080 wrote to memory of 4380	5080	RdrCEF.exe	92
PID 5080 wrote to memory of 4380	5080	RdrCEF.exe	92
PID 5080 wrote to memory of 4380	5080	RdrCEF.exe	92
PID 5080 wrote to memory of 4380	5080	RdrCEF.exe	92
PID 5080 wrote to memory of 4380	5080	RdrCEF.exe	92
PID 5080 wrote to memory of 4380	5080	RdrCEF.exe	92
PID 5080 wrote to memory of 4380	5080	RdrCEF.exe	92
PID 5080 wrote to memory of 4380	5080	RdrCEF.exe	92
PID 5080 wrote to memory of 4380	5080	RdrCEF.exe	92
PID 5080 wrote to memory of 4380	5080	RdrCEF.exe	92
PID 5080 wrote to memory of 4380	5080	RdrCEF.exe	92
PID 5080 wrote to memory of 4380	5080	RdrCEF.exe	92
PID 5080 wrote to memory of 4380	5080	RdrCEF.exe	92
PID 5080 wrote to memory of 4380	5080	RdrCEF.exe	92
PID 5080 wrote to memory of 4380	5080	RdrCEF.exe	92
PID 5080 wrote to memory of 4380	5080	RdrCEF.exe	92
PID 5080 wrote to memory of 4380	5080	RdrCEF.exe	92
PID 5080 wrote to memory of 4380	5080	RdrCEF.exe	92
PID 5080 wrote to memory of 4380	5080	RdrCEF.exe	92
PID 5080 wrote to memory of 4696	5080	RdrCEF.exe	93
PID 5080 wrote to memory of 4696	5080	RdrCEF.exe	93
PID 5080 wrote to memory of 4696	5080	RdrCEF.exe	93
PID 5080 wrote to memory of 4696	5080	RdrCEF.exe	93
PID 5080 wrote to memory of 4696	5080	RdrCEF.exe	93
PID 5080 wrote to memory of 4696	5080	RdrCEF.exe	93
PID 5080 wrote to memory of 4696	5080	RdrCEF.exe	93
PID 5080 wrote to memory of 4696	5080	RdrCEF.exe	93
PID 5080 wrote to memory of 4696	5080	RdrCEF.exe	93
PID 5080 wrote to memory of 4696	5080	RdrCEF.exe	93
PID 5080 wrote to memory of 4696	5080	RdrCEF.exe	93
PID 5080 wrote to memory of 4696	5080	RdrCEF.exe	93
PID 5080 wrote to memory of 4696	5080	RdrCEF.exe	93
PID 5080 wrote to memory of 4696	5080	RdrCEF.exe	93
PID 5080 wrote to memory of 4696	5080	RdrCEF.exe	93

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\Passport_ID_jpg.jar
1⤵
- Drops startup file
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4672
- C:\Windows\SYSTEM32\tasklist.exe
  tasklist.exe
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:1672
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Documents\Passport_ID_jpg.pdf"
  2⤵
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Modifies Internet Explorer settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2212
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:5080
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A9A4E2705A12D39EA47B1CBE1085F63F --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:4380
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=7D585C80679F4FE1917162B2563E3D38 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=7D585C80679F4FE1917162B2563E3D38 --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:1
      4⤵
      System Location Discovery: System Language Discovery
      PID:4696
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=176B7B90F110B241F9F67C069107353B --mojo-platform-channel-handle=2352 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:4312
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B0A58CF6FE01D6CAB518C7E5A8EE6910 --mojo-platform-channel-handle=1852 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:876
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=5B4AB30E8D9B214AFF9FC9B370D7F3C8 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=5B4AB30E8D9B214AFF9FC9B370D7F3C8 --renderer-client-id=6 --mojo-platform-channel-handle=2444 --allow-no-sandbox-job /prefetch:1
      4⤵
      System Location Discovery: System Language Discovery
      PID:3116
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=39CCA50ABD8150BFE3F059E4E89EC4B1 --mojo-platform-channel-handle=2668 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:3680
- C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
  java -jar C:\Users\Admin\AppData\Roaming\Microsoft\Vault\res.jar
  2⤵
  PID:8

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
9e2ff383a7d40dc4f3a32a99f8c69d3e

SHA1
da088332742f261e398b72c3e5c3fa5ac5d1157c

SHA256
fff4b6efb4d3ab4595c0ac2c77a05e981830f49c77c4431b52c3fb98cd9374d1

SHA512
2f450ef60f32a66ee9bc55353106f35f7a40e3f666c3b13c26146a1af9e7a15f3bc2d1d6044c6b25cbb9a565a1de6b432f8f4ca8a610c0522d9b7e6d3809fa4e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
33bf554f4b926d15cdc0d61eaa4e1cbe

SHA1
b96c4ec43792dce6057b3b2bf206e0e5ef97de39

SHA256
152cfe794811bf7c0064a339cde543ee34e2eb9c5994dc6f192fa4fbd2603a1c

SHA512
a2d74ddcc897035969a69a4ea030287d181ad2d0b1e88768578e723485dba1d6c5debb1d912f13705ad9b6c2458b36c6260a2b4e4e54b0c66e774c54e87e7ba1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Vault\neft2.pdf

Filesize
30KB

MD5
1e8d4ed60fe27350c46fe9c5d7144acc

SHA1
c9800adf2571789fe009c345c15826c665f1050c

SHA256
d3a68a4364f62f8534639f81f0fbf4079a5abc12001c612ba9cec565ad102d9c

SHA512
65fb80dc255f384aea5cd889ba914dc7128bfab7873941b074185cecb3dda28a6d62ffc0e4ff44d24320a1df8d9a4a7e88a10d911e96dd5fe6c45222758e418d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Vault\res.jar

Filesize
141KB

MD5
468496a36ed5352a195b1fca48f8768e

SHA1
6f70fa19782768455d78ceb54ac31024557cf5b4

SHA256
3bf293a1919bc675d6f8e7a4714157b537eeee7d12a8d31b40f23f46c99cf078

SHA512
6c432d79512793c6996426522cfbc2ec812b2e181500c7f37992b167f191bc0152a613f6fcc7060f63b6f46d2447f14f002a82a6ef594448f13cb41bd9b12410

Download Submit
memory/8-329-0x00000206F29A0000-0x00000206F29A1000-memory.dmp

Filesize
4KB

Download
memory/2212-268-0x000000000A7D0000-0x000000000AA7B000-memory.dmp

Filesize
2.7MB

Download
memory/4672-104-0x000001D380410000-0x000001D380420000-memory.dmp

Filesize
64KB

Download
memory/4672-49-0x000001D3802B0000-0x000001D3802C0000-memory.dmp

Filesize
64KB

Download
memory/4672-22-0x000001D3802B0000-0x000001D3802C0000-memory.dmp

Filesize
64KB

Download
memory/4672-21-0x000001D3802A0000-0x000001D3802B0000-memory.dmp

Filesize
64KB

Download
memory/4672-24-0x000001D3802C0000-0x000001D3802D0000-memory.dmp

Filesize
64KB

Download
memory/4672-26-0x000001D3802D0000-0x000001D3802E0000-memory.dmp

Filesize
64KB

Download
memory/4672-28-0x000001D3802E0000-0x000001D3802F0000-memory.dmp

Filesize
64KB

Download
memory/4672-34-0x000001D380000000-0x000001D380270000-memory.dmp

Filesize
2.4MB

Download
memory/4672-38-0x000001D380320000-0x000001D380330000-memory.dmp

Filesize
64KB

Download
memory/4672-37-0x000001D380310000-0x000001D380320000-memory.dmp

Filesize
64KB

Download
memory/4672-40-0x000001D380330000-0x000001D380340000-memory.dmp

Filesize
64KB

Download
memory/4672-39-0x000001D380270000-0x000001D380280000-memory.dmp

Filesize
64KB

Download
memory/4672-46-0x000001D380290000-0x000001D3802A0000-memory.dmp

Filesize
64KB

Download
memory/4672-45-0x000001D380350000-0x000001D380360000-memory.dmp

Filesize
64KB

Download
memory/4672-44-0x000001D380340000-0x000001D380350000-memory.dmp

Filesize
64KB

Download
memory/4672-43-0x000001D380280000-0x000001D380290000-memory.dmp

Filesize
64KB

Download
memory/4672-36-0x000001D380300000-0x000001D380310000-memory.dmp

Filesize
64KB

Download
memory/4672-35-0x000001D3802F0000-0x000001D380300000-memory.dmp

Filesize
64KB

Download
memory/4672-50-0x000001D380360000-0x000001D380370000-memory.dmp

Filesize
64KB

Download
memory/4672-52-0x000001D380370000-0x000001D380380000-memory.dmp

Filesize
64KB

Download
memory/4672-114-0x000001D380390000-0x000001D3803A0000-memory.dmp

Filesize
64KB

Download
memory/4672-48-0x000001D3802A0000-0x000001D3802B0000-memory.dmp

Filesize
64KB

Download
memory/4672-56-0x000001D3802C0000-0x000001D3802D0000-memory.dmp

Filesize
64KB

Download
memory/4672-57-0x000001D380380000-0x000001D380390000-memory.dmp

Filesize
64KB

Download
memory/4672-60-0x000001D3802D0000-0x000001D3802E0000-memory.dmp

Filesize
64KB

Download
memory/4672-61-0x000001D380390000-0x000001D3803A0000-memory.dmp

Filesize
64KB

Download
memory/4672-66-0x000001D3802E0000-0x000001D3802F0000-memory.dmp

Filesize
64KB

Download
memory/4672-67-0x000001D3803A0000-0x000001D3803B0000-memory.dmp

Filesize
64KB

Download
memory/4672-71-0x000001D3803B0000-0x000001D3803C0000-memory.dmp

Filesize
64KB

Download
memory/4672-70-0x000001D380310000-0x000001D380320000-memory.dmp

Filesize
64KB

Download
memory/4672-111-0x000001D3F2230000-0x000001D3F2231000-memory.dmp

Filesize
4KB

Download
memory/4672-74-0x000001D380320000-0x000001D380330000-memory.dmp

Filesize
64KB

Download
memory/4672-75-0x000001D3803C0000-0x000001D3803D0000-memory.dmp

Filesize
64KB

Download
memory/4672-77-0x000001D3803D0000-0x000001D3803E0000-memory.dmp

Filesize
64KB

Download
memory/4672-76-0x000001D380330000-0x000001D380340000-memory.dmp

Filesize
64KB

Download
memory/4672-82-0x000001D3803E0000-0x000001D3803F0000-memory.dmp

Filesize
64KB

Download
memory/4672-81-0x000001D380350000-0x000001D380360000-memory.dmp

Filesize
64KB

Download
memory/4672-80-0x000001D380340000-0x000001D380350000-memory.dmp

Filesize
64KB

Download
memory/4672-83-0x000001D3803F0000-0x000001D380400000-memory.dmp

Filesize
64KB

Download
memory/4672-86-0x000001D380360000-0x000001D380370000-memory.dmp

Filesize
64KB

Download
memory/4672-88-0x000001D3F2230000-0x000001D3F2231000-memory.dmp

Filesize
4KB

Download
memory/4672-87-0x000001D380400000-0x000001D380410000-memory.dmp

Filesize
64KB

Download
memory/4672-16-0x000001D380280000-0x000001D380290000-memory.dmp

Filesize
64KB

Download
memory/4672-103-0x000001D380370000-0x000001D380380000-memory.dmp

Filesize
64KB

Download
memory/4672-107-0x000001D3F2230000-0x000001D3F2231000-memory.dmp

Filesize
4KB

Download
memory/4672-108-0x000001D380380000-0x000001D380390000-memory.dmp

Filesize
64KB

Download
memory/4672-69-0x000001D3802F0000-0x000001D380300000-memory.dmp

Filesize
64KB

Download
memory/4672-18-0x000001D380290000-0x000001D3802A0000-memory.dmp

Filesize
64KB

Download
memory/4672-148-0x000001D3F2230000-0x000001D3F2231000-memory.dmp

Filesize
4KB

Download
memory/4672-122-0x000001D3803A0000-0x000001D3803B0000-memory.dmp

Filesize
64KB

Download
memory/4672-131-0x000001D3803B0000-0x000001D3803C0000-memory.dmp

Filesize
64KB

Download
memory/4672-117-0x000001D3F2230000-0x000001D3F2231000-memory.dmp

Filesize
4KB

Download
memory/4672-149-0x000001D3803C0000-0x000001D3803D0000-memory.dmp

Filesize
64KB

Download
memory/4672-155-0x000001D3803D0000-0x000001D3803E0000-memory.dmp

Filesize
64KB

Download
memory/4672-158-0x000001D3803E0000-0x000001D3803F0000-memory.dmp

Filesize
64KB

Download
memory/4672-159-0x000001D3803F0000-0x000001D380400000-memory.dmp

Filesize
64KB

Download
memory/4672-160-0x000001D380400000-0x000001D380410000-memory.dmp

Filesize
64KB

Download
memory/4672-161-0x000001D380410000-0x000001D380420000-memory.dmp

Filesize
64KB

Download
memory/4672-271-0x000001D3F2230000-0x000001D3F2231000-memory.dmp

Filesize
4KB

Download
memory/4672-276-0x000001D3F2230000-0x000001D3F2231000-memory.dmp

Filesize
4KB

Download
memory/4672-277-0x000001D3F2230000-0x000001D3F2231000-memory.dmp

Filesize
4KB

Download
memory/4672-13-0x000001D380270000-0x000001D380280000-memory.dmp

Filesize
64KB

Download
memory/4672-291-0x000001D3F2230000-0x000001D3F2231000-memory.dmp

Filesize
4KB

Download
memory/4672-304-0x000001D380310000-0x000001D380320000-memory.dmp

Filesize
64KB

Download
memory/4672-303-0x000001D380300000-0x000001D380310000-memory.dmp

Filesize
64KB

Download
memory/4672-322-0x000001D380410000-0x000001D380420000-memory.dmp

Filesize
64KB

Download
memory/4672-321-0x000001D380400000-0x000001D380410000-memory.dmp

Filesize
64KB

Download
memory/4672-320-0x000001D3803F0000-0x000001D380400000-memory.dmp

Filesize
64KB

Download
memory/4672-319-0x000001D3803E0000-0x000001D3803F0000-memory.dmp

Filesize
64KB

Download
memory/4672-318-0x000001D3803D0000-0x000001D3803E0000-memory.dmp

Filesize
64KB

Download
memory/4672-317-0x000001D3803C0000-0x000001D3803D0000-memory.dmp

Filesize
64KB

Download
memory/4672-316-0x000001D3803B0000-0x000001D3803C0000-memory.dmp

Filesize
64KB

Download
memory/4672-315-0x000001D3803A0000-0x000001D3803B0000-memory.dmp

Filesize
64KB

Download
memory/4672-314-0x000001D380390000-0x000001D3803A0000-memory.dmp

Filesize
64KB

Download
memory/4672-313-0x000001D380380000-0x000001D380390000-memory.dmp

Filesize
64KB

Download
memory/4672-312-0x000001D380370000-0x000001D380380000-memory.dmp

Filesize
64KB

Download
memory/4672-311-0x000001D380360000-0x000001D380370000-memory.dmp

Filesize
64KB

Download
memory/4672-310-0x000001D380350000-0x000001D380360000-memory.dmp

Filesize
64KB

Download
memory/4672-309-0x000001D380340000-0x000001D380350000-memory.dmp

Filesize
64KB

Download
memory/4672-308-0x000001D380330000-0x000001D380340000-memory.dmp

Filesize
64KB

Download
memory/4672-307-0x000001D380000000-0x000001D380270000-memory.dmp

Filesize
2.4MB

Download
memory/4672-11-0x000001D3F2230000-0x000001D3F2231000-memory.dmp

Filesize
4KB

Download
memory/4672-302-0x000001D3802F0000-0x000001D380300000-memory.dmp

Filesize
64KB

Download
memory/4672-301-0x000001D3802E0000-0x000001D3802F0000-memory.dmp

Filesize
64KB

Download
memory/4672-300-0x000001D3802D0000-0x000001D3802E0000-memory.dmp

Filesize
64KB

Download
memory/4672-299-0x000001D3802C0000-0x000001D3802D0000-memory.dmp

Filesize
64KB

Download
memory/4672-298-0x000001D3802B0000-0x000001D3802C0000-memory.dmp

Filesize
64KB

Download
memory/4672-296-0x000001D3802A0000-0x000001D3802B0000-memory.dmp

Filesize
64KB

Download
memory/4672-295-0x000001D380290000-0x000001D3802A0000-memory.dmp

Filesize
64KB

Download
memory/4672-294-0x000001D380280000-0x000001D380290000-memory.dmp

Filesize
64KB

Download
memory/4672-293-0x000001D380270000-0x000001D380280000-memory.dmp

Filesize
64KB

Download
memory/4672-292-0x000001D380320000-0x000001D380330000-memory.dmp

Filesize
64KB

Download
memory/4672-2-0x000001D380000000-0x000001D380270000-memory.dmp

Filesize
2.4MB

Download